From bb6620ac985d53c72b4f5634e5c3373050f20989 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 27 Sep 2023 09:16:57 +0200
Subject: [PATCH 1/7] update hacl to ad60c9d98c9ce8f6a4fa13090511fa4b3a2c137b
 (#426)

---
 .github/workflows/rust.yml                    |   6 +-
 config/default_config.cmake                   |   8 +-
 include/EverCrypt_AEAD.h                      |   4 +
 include/EverCrypt_DRBG.h                      |   1 -
 include/Hacl_Frodo1344.h                      |   1 -
 include/Hacl_Frodo64.h                        |   1 -
 include/Hacl_Frodo640.h                       |   1 -
 include/Hacl_Frodo976.h                       |   1 -
 include/Hacl_Hash_Blake2.h                    |   1 -
 include/Hacl_Hash_Blake2b_256.h               |   1 -
 include/Hacl_Hash_Blake2s_128.h               |   1 -
 include/Hacl_Krmllib.h                        |   4 +-
 include/Lib_Memzero0.h                        |  45 -
 include/TestLib.h                             |   3 +-
 include/internal/Hacl_Bignum_Base.h           |   4 +
 include/internal/Hacl_Krmllib.h               |   8 +-
 include/lib_intrinsics.h                      |  60 +-
 include/lib_memzero0.h                        |   5 +
 include/msvc/EverCrypt_AEAD.h                 |   4 +
 include/msvc/EverCrypt_DRBG.h                 |   1 -
 include/msvc/Hacl_Frodo1344.h                 |   1 -
 include/msvc/Hacl_Frodo64.h                   |   1 -
 include/msvc/Hacl_Frodo640.h                  |   1 -
 include/msvc/Hacl_Frodo976.h                  |   1 -
 include/msvc/Hacl_Hash_Blake2.h               |   1 -
 include/msvc/Hacl_Hash_Blake2b_256.h          |   1 -
 include/msvc/Hacl_Hash_Blake2s_128.h          |   1 -
 include/msvc/Hacl_Krmllib.h                   |   4 +-
 include/msvc/Lib_Memzero0.h                   |  45 -
 include/msvc/TestLib.h                        |   3 +-
 include/msvc/internal/Hacl_Bignum_Base.h      |   4 +
 include/msvc/internal/Hacl_Krmllib.h          |   8 +-
 include/msvc/lib_intrinsics.h                 |  60 +-
 include/msvc/lib_memzero0.h                   |   5 +
 info.txt                                      |   6 +-
 karamel/include/krml/internal/target.h        | 186 +++--
 .../dist/minimal/FStar_UInt_8_16_32_64.h      |  48 +-
 ocaml/ctypes.depend                           |  10 +-
 rust/hacl-sys/Cargo.toml                      |   2 +-
 src/EverCrypt_AEAD.c                          | 452 +++++-----
 src/EverCrypt_Chacha20Poly1305.c              |  12 +-
 src/EverCrypt_Curve25519.c                    |  31 +-
 src/EverCrypt_DRBG.c                          | 769 +++++++++---------
 src/EverCrypt_HMAC.c                          |  60 +-
 src/EverCrypt_Hash.c                          |  40 +-
 src/EverCrypt_Poly1305.c                      |   8 +
 src/Hacl_Bignum.c                             |  16 +
 src/Hacl_Bignum256.c                          |  11 +
 src/Hacl_Bignum256_32.c                       |  11 +
 src/Hacl_Bignum32.c                           |   3 +
 src/Hacl_Bignum4096.c                         |   7 +
 src/Hacl_Bignum4096_32.c                      |   7 +
 src/Hacl_Bignum64.c                           |   3 +
 src/Hacl_Ed25519.c                            |  18 +-
 src/Hacl_Frodo1344.c                          |  49 +-
 src/Hacl_Frodo64.c                            |  49 +-
 src/Hacl_Frodo640.c                           |  49 +-
 src/Hacl_Frodo976.c                           |  49 +-
 src/Hacl_GenericField32.c                     |   1 +
 src/Hacl_GenericField64.c                     |   1 +
 src/Hacl_HMAC.c                               |  60 +-
 src/Hacl_HMAC_Blake2b_256.c                   |  10 +-
 src/Hacl_HMAC_Blake2s_128.c                   |  10 +-
 src/Hacl_HMAC_DRBG.c                          |  28 +-
 src/Hacl_Hash_Blake2.c                        |  21 +-
 src/Hacl_Hash_Blake2b_256.c                   |  11 +-
 src/Hacl_Hash_Blake2s_128.c                   |  11 +-
 src/Hacl_Hash_MD5.c                           |   1 +
 src/Hacl_Hash_SHA1.c                          |   1 +
 src/Hacl_Hash_SHA2.c                          |   4 +
 src/Hacl_Hash_SHA3.c                          |   2 +
 src/Hacl_K256_ECDSA.c                         |   4 +
 src/Hacl_P256.c                               |  16 +
 src/Hacl_Streaming_Blake2.c                   |   2 +
 src/Hacl_Streaming_Blake2b_256.c              |   1 +
 src/Hacl_Streaming_Blake2s_128.c              |   1 +
 src/Hacl_Streaming_Poly1305_128.c             |   1 +
 src/Hacl_Streaming_Poly1305_256.c             |   1 +
 src/Hacl_Streaming_Poly1305_32.c              |   1 +
 src/Lib_Memzero0.c                            |   5 +-
 src/msvc/EverCrypt_AEAD.c                     | 452 +++++-----
 src/msvc/EverCrypt_Chacha20Poly1305.c         |  12 +-
 src/msvc/EverCrypt_Curve25519.c               |  31 +-
 src/msvc/EverCrypt_DRBG.c                     | 769 +++++++++---------
 src/msvc/EverCrypt_HMAC.c                     |  60 +-
 src/msvc/EverCrypt_Hash.c                     |  40 +-
 src/msvc/EverCrypt_Poly1305.c                 |   8 +
 src/msvc/Hacl_Bignum.c                        |  16 +
 src/msvc/Hacl_Bignum256.c                     |  11 +
 src/msvc/Hacl_Bignum256_32.c                  |  11 +
 src/msvc/Hacl_Bignum32.c                      |   3 +
 src/msvc/Hacl_Bignum4096.c                    |   7 +
 src/msvc/Hacl_Bignum4096_32.c                 |   7 +
 src/msvc/Hacl_Bignum64.c                      |   3 +
 src/msvc/Hacl_Ed25519.c                       |  18 +-
 src/msvc/Hacl_Frodo1344.c                     |  49 +-
 src/msvc/Hacl_Frodo64.c                       |  49 +-
 src/msvc/Hacl_Frodo640.c                      |  49 +-
 src/msvc/Hacl_Frodo976.c                      |  49 +-
 src/msvc/Hacl_GenericField32.c                |   1 +
 src/msvc/Hacl_GenericField64.c                |   1 +
 src/msvc/Hacl_HMAC.c                          |  60 +-
 src/msvc/Hacl_HMAC_Blake2b_256.c              |  10 +-
 src/msvc/Hacl_HMAC_Blake2s_128.c              |  10 +-
 src/msvc/Hacl_HMAC_DRBG.c                     |  28 +-
 src/msvc/Hacl_Hash_Blake2.c                   |  21 +-
 src/msvc/Hacl_Hash_Blake2b_256.c              |  11 +-
 src/msvc/Hacl_Hash_Blake2s_128.c              |  11 +-
 src/msvc/Hacl_Hash_MD5.c                      |   1 +
 src/msvc/Hacl_Hash_SHA1.c                     |   1 +
 src/msvc/Hacl_Hash_SHA2.c                     |   4 +
 src/msvc/Hacl_Hash_SHA3.c                     |   2 +
 src/msvc/Hacl_K256_ECDSA.c                    |   4 +
 src/msvc/Hacl_P256.c                          |  16 +
 src/msvc/Hacl_Streaming_Blake2.c              |   2 +
 src/msvc/Hacl_Streaming_Blake2b_256.c         |   1 +
 src/msvc/Hacl_Streaming_Blake2s_128.c         |   1 +
 src/msvc/Hacl_Streaming_Poly1305_128.c        |   1 +
 src/msvc/Hacl_Streaming_Poly1305_256.c        |   1 +
 src/msvc/Hacl_Streaming_Poly1305_32.c         |   1 +
 src/msvc/Lib_Memzero0.c                       |   5 +-
 src/wasm/EverCrypt_Hash.wasm                  | Bin 49324 -> 49374 bytes
 src/wasm/Hacl_Bignum.wasm                     | Bin 78410 -> 78522 bytes
 src/wasm/Hacl_Bignum256.wasm                  | Bin 100177 -> 100214 bytes
 src/wasm/Hacl_Bignum256_32.wasm               | Bin 40987 -> 41067 bytes
 src/wasm/Hacl_Bignum32.wasm                   | Bin 15241 -> 15248 bytes
 src/wasm/Hacl_Bignum4096.wasm                 | Bin 63761 -> 63798 bytes
 src/wasm/Hacl_Bignum4096_32.wasm              | Bin 32269 -> 32319 bytes
 src/wasm/Hacl_Bignum_Base.wasm                | Bin 24678 -> 24692 bytes
 src/wasm/Hacl_Ed25519.wasm                    | Bin 78353 -> 77696 bytes
 src/wasm/Hacl_HMAC.wasm                       | Bin 29748 -> 29842 bytes
 src/wasm/Hacl_HMAC_Blake2b_256.wasm           | Bin 1478 -> 1491 bytes
 src/wasm/Hacl_HMAC_Blake2s_128.wasm           | Bin 1476 -> 1489 bytes
 src/wasm/Hacl_HMAC_DRBG.wasm                  | Bin 25433 -> 25403 bytes
 src/wasm/Hacl_Hash_SHA3.wasm                  | Bin 17623 -> 17639 bytes
 src/wasm/Hacl_K256_ECDSA.wasm                 | Bin 98177 -> 98203 bytes
 src/wasm/Hacl_Lib.wasm                        | Bin 0 -> 474 bytes
 src/wasm/Hacl_P256.wasm                       | Bin 83224 -> 83233 bytes
 src/wasm/INFO.txt                             |   4 +-
 src/wasm/main.html                            |   2 +-
 src/wasm/shell.js                             |   2 +-
 tools/configure.py                            |  17 +-
 142 files changed, 2244 insertions(+), 2003 deletions(-)
 delete mode 100644 include/Lib_Memzero0.h
 create mode 100644 include/lib_memzero0.h
 delete mode 100644 include/msvc/Lib_Memzero0.h
 create mode 100644 include/msvc/lib_memzero0.h
 create mode 100644 src/wasm/Hacl_Lib.wasm

diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index 898c6184..fc98c876 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -40,7 +40,7 @@ jobs:
       matrix:
         os:
           - macos-latest
-          - ubuntu-latest
+          # - ubuntu-latest Disabling Ubuntu for now as long as bindgen is broken
           - windows-latest
 
     runs-on: ${{ matrix.os }}
@@ -95,7 +95,7 @@ jobs:
         bits: [32, 64]
         os:
           - macos-latest
-          - ubuntu-latest
+          # - ubuntu-latest disable for now
           - windows-latest
         exclude:
           - bits: 32
@@ -122,7 +122,7 @@ jobs:
       - if: matrix.os == 'ubuntu-latest'
         run: |
           sudo apt-get update
-          sudo apt-get install ninja-build gcc-multilib g++-multilib
+          sudo apt-get install ninja-build gcc-multilib g++-multilib clang-15
           rustup target add i686-unknown-linux-gnu
 
       - name: Setup | Developer Command Prompt (x86)
diff --git a/config/default_config.cmake b/config/default_config.cmake
index ee7e66ab..a2fe0e07 100644
--- a/config/default_config.cmake
+++ b/config/default_config.cmake
@@ -7,10 +7,10 @@ set(SOURCES_std
 	${PROJECT_SOURCE_DIR}/src/Hacl_HMAC.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_SHA2.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2.c
-	${PROJECT_SOURCE_DIR}/src/Lib_Memzero0.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Ed25519.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_EC_Ed25519.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Base.c
+	${PROJECT_SOURCE_DIR}/src/Lib_Memzero0.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Blake2.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Bignum256_32.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Bignum.c
@@ -42,10 +42,10 @@ set(SOURCES_std
 	${PROJECT_SOURCE_DIR}/src/Hacl_Frodo64.c
 	${PROJECT_SOURCE_DIR}/src/EverCrypt_DRBG.c
 	${PROJECT_SOURCE_DIR}/src/Lib_RandomBuffer_System.c
-	${PROJECT_SOURCE_DIR}/src/Lib_Memzero0.c
 	${PROJECT_SOURCE_DIR}/src/EverCrypt_HMAC.c
 	${PROJECT_SOURCE_DIR}/src/EverCrypt_Hash.c
 	${PROJECT_SOURCE_DIR}/src/EverCrypt_AutoConfig2.c
+	${PROJECT_SOURCE_DIR}/src/Lib_Memzero0.c
 	${PROJECT_SOURCE_DIR}/src/EverCrypt_Ed25519.c
 	${PROJECT_SOURCE_DIR}/src/EverCrypt_Curve25519.c
 	${PROJECT_SOURCE_DIR}/src/EverCrypt_HKDF.c
@@ -124,7 +124,6 @@ set(INCLUDES
 	${PROJECT_SOURCE_DIR}/include/Hacl_HMAC.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_SHA2.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2.h
-	${PROJECT_SOURCE_DIR}/include/Lib_Memzero0.h
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Ed25519.h
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_SHA2.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_SHA2.h
@@ -143,6 +142,7 @@ set(INCLUDES
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_Blake2.h
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Impl_Blake2_Constants.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2.h
+	${PROJECT_SOURCE_DIR}/include/lib_memzero0.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_256.h
 	${PROJECT_SOURCE_DIR}/include/libintvector.h
@@ -265,7 +265,6 @@ set(PUBLIC_INCLUDES
 	${PROJECT_SOURCE_DIR}/include/Hacl_HMAC.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_SHA2.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2.h
-	${PROJECT_SOURCE_DIR}/include/Lib_Memzero0.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_SHA2.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Curve25519_51.h
 	${PROJECT_SOURCE_DIR}/include/lib_intrinsics.h
@@ -276,6 +275,7 @@ set(PUBLIC_INCLUDES
 	${PROJECT_SOURCE_DIR}/include/Hacl_EC_Ed25519.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Base.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2.h
+	${PROJECT_SOURCE_DIR}/include/lib_memzero0.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_256.h
 	${PROJECT_SOURCE_DIR}/include/libintvector.h
diff --git a/include/EverCrypt_AEAD.h b/include/EverCrypt_AEAD.h
index 4797df68..5d52493b 100644
--- a/include/EverCrypt_AEAD.h
+++ b/include/EverCrypt_AEAD.h
@@ -42,6 +42,10 @@ extern "C" {
 
 typedef struct EverCrypt_AEAD_state_s_s EverCrypt_AEAD_state_s;
 
+/**
+Both encryption and decryption require a state that holds the key.
+The state may be reused as many times as desired.
+*/
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee);
 
 /**
diff --git a/include/EverCrypt_DRBG.h b/include/EverCrypt_DRBG.h
index aee4e800..b3161bfe 100644
--- a/include/EverCrypt_DRBG.h
+++ b/include/EverCrypt_DRBG.h
@@ -36,7 +36,6 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Lib_RandomBuffer_System.h"
-#include "Lib_Memzero0.h"
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_HMAC_DRBG.h"
 
diff --git a/include/Hacl_Frodo1344.h b/include/Hacl_Frodo1344.h
index 85d29c9f..9fca4c82 100644
--- a/include/Hacl_Frodo1344.h
+++ b/include/Hacl_Frodo1344.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo1344_crypto_bytes;
diff --git a/include/Hacl_Frodo64.h b/include/Hacl_Frodo64.h
index eb17defe..05aecb59 100644
--- a/include/Hacl_Frodo64.h
+++ b/include/Hacl_Frodo64.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 /*
diff --git a/include/Hacl_Frodo640.h b/include/Hacl_Frodo640.h
index c4bf30d7..10c9bd47 100644
--- a/include/Hacl_Frodo640.h
+++ b/include/Hacl_Frodo640.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo640_crypto_bytes;
diff --git a/include/Hacl_Frodo976.h b/include/Hacl_Frodo976.h
index 458ebd2f..c2d5f84f 100644
--- a/include/Hacl_Frodo976.h
+++ b/include/Hacl_Frodo976.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo976_crypto_bytes;
diff --git a/include/Hacl_Hash_Blake2.h b/include/Hacl_Hash_Blake2.h
index aff1c7a9..3ee29015 100644
--- a/include/Hacl_Hash_Blake2.h
+++ b/include/Hacl_Hash_Blake2.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Krmllib.h"
 
 void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn);
diff --git a/include/Hacl_Hash_Blake2b_256.h b/include/Hacl_Hash_Blake2b_256.h
index 88bf9ab2..2379fd75 100644
--- a/include/Hacl_Hash_Blake2b_256.h
+++ b/include/Hacl_Hash_Blake2b_256.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Krmllib.h"
 #include "libintvector.h"
 
diff --git a/include/Hacl_Hash_Blake2s_128.h b/include/Hacl_Hash_Blake2s_128.h
index 0e424152..2af827cd 100644
--- a/include/Hacl_Hash_Blake2s_128.h
+++ b/include/Hacl_Hash_Blake2s_128.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "libintvector.h"
 
 void
diff --git a/include/Hacl_Krmllib.h b/include/Hacl_Krmllib.h
index 6916db3d..c0ea70bf 100644
--- a/include/Hacl_Krmllib.h
+++ b/include/Hacl_Krmllib.h
@@ -35,9 +35,9 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
+static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
 
-static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
+static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
 
 static inline FStar_UInt128_uint128
 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
diff --git a/include/Lib_Memzero0.h b/include/Lib_Memzero0.h
deleted file mode 100644
index 9a7c7ac5..00000000
--- a/include/Lib_Memzero0.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Lib_Memzero0_H
-#define __Lib_Memzero0_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-extern void Lib_Memzero0_memzero(void *x0, uint64_t x1);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Lib_Memzero0_H_DEFINED
-#endif
diff --git a/include/TestLib.h b/include/TestLib.h
index 3928a462..62399c0c 100644
--- a/include/TestLib.h
+++ b/include/TestLib.h
@@ -55,7 +55,8 @@ extern void TestLib_checku32(uint32_t uu___, uint32_t uu___1);
 
 extern void TestLib_checku64(uint64_t uu___, uint64_t uu___1);
 
-extern void TestLib_compare_and_print(C_String_t uu___, uint8_t *b1, uint8_t *b2, uint32_t l);
+extern void
+TestLib_compare_and_print(Prims_string uu___, uint8_t *b1, uint8_t *b2, uint32_t l);
 
 extern uint8_t *TestLib_unsafe_malloc(uint32_t l);
 
diff --git a/include/internal/Hacl_Bignum_Base.h b/include/internal/Hacl_Bignum_Base.h
index 06e1d373..2cfb0066 100644
--- a/include/internal/Hacl_Bignum_Base.h
+++ b/include/internal/Hacl_Bignum_Base.h
@@ -401,6 +401,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     res[i0 + i0] = r;
   }
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res);
+  KRML_HOST_IGNORE(c0);
   KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen);
   uint32_t tmp[aLen + aLen];
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t));
@@ -413,6 +414,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
   }
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void
@@ -450,6 +452,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     res[i0 + i0] = r;
   }
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res);
+  KRML_HOST_IGNORE(c0);
   KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen);
   uint64_t tmp[aLen + aLen];
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t));
@@ -462,6 +465,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
   }
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 #if defined(__cplusplus)
diff --git a/include/internal/Hacl_Krmllib.h b/include/internal/Hacl_Krmllib.h
index 278cb15b..70c84916 100644
--- a/include/internal/Hacl_Krmllib.h
+++ b/include/internal/Hacl_Krmllib.h
@@ -37,13 +37,13 @@ extern "C" {
 
 #include "../Hacl_Krmllib.h"
 
-static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
+static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
 
-static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
+static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
 
-static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
+static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
 
-static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
+static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
 
 static inline FStar_UInt128_uint128
 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
diff --git a/include/lib_intrinsics.h b/include/lib_intrinsics.h
index 0c35026e..8fa75b37 100644
--- a/include/lib_intrinsics.h
+++ b/include/lib_intrinsics.h
@@ -8,15 +8,20 @@
 #endif
 #endif
 
-#if defined(HACL_CAN_COMPILE_INTRINSICS)
-#if defined(_MSC_VER)
-#include <immintrin.h>
-#else
-#include <x86intrin.h>
-#endif
-#endif
+/*
+   GCC versions prior to 5.5 incorrectly optimize certain intrinsics.
+
+   See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81300
+
+   CLANG versions prior to 5 crash on certain intrinsics.
+
+   See https://bugs.llvm.org/show_bug.cgi?id=24943
+*/
 
-#if !defined(HACL_CAN_COMPILE_INTRINSICS)
+#if !defined(HACL_CAN_COMPILE_INTRINSICS) || \
+    (defined(__clang__) && (__clang_major__ < 5)) || \
+    (defined(__GNUC__) && !defined(__clang__) &&  \
+     (__GNUC__ < 5 || (__GNUC__ == 5 && (__GNUC_MINOR__ < 5))))
 
 #include "Hacl_IntTypes_Intrinsics.h"
 
@@ -25,35 +30,40 @@
 #include "Hacl_IntTypes_Intrinsics_128.h"
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4))
 
 #else
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4))
 
 #endif // defined(HACL_CAN_COMPILE_UINT128)
 
 #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4))
 
 #else // !defined(HACL_CAN_COMPILE_INTRINSICS)
 
+#if defined(_MSC_VER)
+#include <immintrin.h>
+#else
+#include <x86intrin.h>
+#endif
+
 #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \
-  (_addcarry_u32(x1, x2, x3, (unsigned int *) x4))
+    (_addcarry_u32(x1, x2, x3, (unsigned int *)x4))
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (_addcarry_u64(x1, x2, x3, (long long unsigned int *) x4))
-
+    (_addcarry_u64(x1, x2, x3, (long long unsigned int *)x4))
 
 /*
    GCC versions prior to 7.2 pass arguments to _subborrow_u{32,64}
@@ -61,22 +71,22 @@
 
    See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81294
 */
-#if defined(__GNUC__) && !defined (__clang__) && \
-  (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2)))
+#if defined(__GNUC__) && !defined(__clang__) && \
+    (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2)))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
-  (_subborrow_u32(x1, x3, x2, (unsigned int *) x4))
+    (_subborrow_u32(x1, x3, x2, (unsigned int *)x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (_subborrow_u64(x1, x3, x2, (long long unsigned int *) x4))
+    (_subborrow_u64(x1, x3, x2, (long long unsigned int *)x4))
 
 #else
 
-#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)  \
-  (_subborrow_u32(x1, x2, x3, (unsigned int *) x4))
+#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
+    (_subborrow_u32(x1, x2, x3, (unsigned int *)x4))
 
-#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)  \
-  (_subborrow_u64(x1, x2, x3, (long long unsigned int *) x4))
+#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
+    (_subborrow_u64(x1, x2, x3, (long long unsigned int *)x4))
 
 #endif // GCC < 7.2
 
diff --git a/include/lib_memzero0.h b/include/lib_memzero0.h
new file mode 100644
index 00000000..506dd50f
--- /dev/null
+++ b/include/lib_memzero0.h
@@ -0,0 +1,5 @@
+#include <inttypes.h>
+
+void Lib_Memzero0_memzero0(void *dst, uint64_t len);
+
+#define Lib_Memzero0_memzero(dst, len, t) Lib_Memzero0_memzero0(dst, len * sizeof(t))
diff --git a/include/msvc/EverCrypt_AEAD.h b/include/msvc/EverCrypt_AEAD.h
index 4797df68..5d52493b 100644
--- a/include/msvc/EverCrypt_AEAD.h
+++ b/include/msvc/EverCrypt_AEAD.h
@@ -42,6 +42,10 @@ extern "C" {
 
 typedef struct EverCrypt_AEAD_state_s_s EverCrypt_AEAD_state_s;
 
+/**
+Both encryption and decryption require a state that holds the key.
+The state may be reused as many times as desired.
+*/
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee);
 
 /**
diff --git a/include/msvc/EverCrypt_DRBG.h b/include/msvc/EverCrypt_DRBG.h
index aee4e800..b3161bfe 100644
--- a/include/msvc/EverCrypt_DRBG.h
+++ b/include/msvc/EverCrypt_DRBG.h
@@ -36,7 +36,6 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Lib_RandomBuffer_System.h"
-#include "Lib_Memzero0.h"
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_HMAC_DRBG.h"
 
diff --git a/include/msvc/Hacl_Frodo1344.h b/include/msvc/Hacl_Frodo1344.h
index 85d29c9f..9fca4c82 100644
--- a/include/msvc/Hacl_Frodo1344.h
+++ b/include/msvc/Hacl_Frodo1344.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo1344_crypto_bytes;
diff --git a/include/msvc/Hacl_Frodo64.h b/include/msvc/Hacl_Frodo64.h
index eb17defe..05aecb59 100644
--- a/include/msvc/Hacl_Frodo64.h
+++ b/include/msvc/Hacl_Frodo64.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 /*
diff --git a/include/msvc/Hacl_Frodo640.h b/include/msvc/Hacl_Frodo640.h
index c4bf30d7..10c9bd47 100644
--- a/include/msvc/Hacl_Frodo640.h
+++ b/include/msvc/Hacl_Frodo640.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo640_crypto_bytes;
diff --git a/include/msvc/Hacl_Frodo976.h b/include/msvc/Hacl_Frodo976.h
index 458ebd2f..c2d5f84f 100644
--- a/include/msvc/Hacl_Frodo976.h
+++ b/include/msvc/Hacl_Frodo976.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo976_crypto_bytes;
diff --git a/include/msvc/Hacl_Hash_Blake2.h b/include/msvc/Hacl_Hash_Blake2.h
index aff1c7a9..3ee29015 100644
--- a/include/msvc/Hacl_Hash_Blake2.h
+++ b/include/msvc/Hacl_Hash_Blake2.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Krmllib.h"
 
 void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn);
diff --git a/include/msvc/Hacl_Hash_Blake2b_256.h b/include/msvc/Hacl_Hash_Blake2b_256.h
index 88bf9ab2..2379fd75 100644
--- a/include/msvc/Hacl_Hash_Blake2b_256.h
+++ b/include/msvc/Hacl_Hash_Blake2b_256.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Krmllib.h"
 #include "libintvector.h"
 
diff --git a/include/msvc/Hacl_Hash_Blake2s_128.h b/include/msvc/Hacl_Hash_Blake2s_128.h
index 0e424152..2af827cd 100644
--- a/include/msvc/Hacl_Hash_Blake2s_128.h
+++ b/include/msvc/Hacl_Hash_Blake2s_128.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "libintvector.h"
 
 void
diff --git a/include/msvc/Hacl_Krmllib.h b/include/msvc/Hacl_Krmllib.h
index 6916db3d..c0ea70bf 100644
--- a/include/msvc/Hacl_Krmllib.h
+++ b/include/msvc/Hacl_Krmllib.h
@@ -35,9 +35,9 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
+static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
 
-static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
+static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
 
 static inline FStar_UInt128_uint128
 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
diff --git a/include/msvc/Lib_Memzero0.h b/include/msvc/Lib_Memzero0.h
deleted file mode 100644
index 9a7c7ac5..00000000
--- a/include/msvc/Lib_Memzero0.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Lib_Memzero0_H
-#define __Lib_Memzero0_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-extern void Lib_Memzero0_memzero(void *x0, uint64_t x1);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Lib_Memzero0_H_DEFINED
-#endif
diff --git a/include/msvc/TestLib.h b/include/msvc/TestLib.h
index 3928a462..62399c0c 100644
--- a/include/msvc/TestLib.h
+++ b/include/msvc/TestLib.h
@@ -55,7 +55,8 @@ extern void TestLib_checku32(uint32_t uu___, uint32_t uu___1);
 
 extern void TestLib_checku64(uint64_t uu___, uint64_t uu___1);
 
-extern void TestLib_compare_and_print(C_String_t uu___, uint8_t *b1, uint8_t *b2, uint32_t l);
+extern void
+TestLib_compare_and_print(Prims_string uu___, uint8_t *b1, uint8_t *b2, uint32_t l);
 
 extern uint8_t *TestLib_unsafe_malloc(uint32_t l);
 
diff --git a/include/msvc/internal/Hacl_Bignum_Base.h b/include/msvc/internal/Hacl_Bignum_Base.h
index 590fcbd0..e4d35fe9 100644
--- a/include/msvc/internal/Hacl_Bignum_Base.h
+++ b/include/msvc/internal/Hacl_Bignum_Base.h
@@ -401,6 +401,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     res[i0 + i0] = r;
   }
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res);
+  KRML_HOST_IGNORE(c0);
   KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen);
   uint32_t *tmp = (uint32_t *)alloca((aLen + aLen) * sizeof (uint32_t));
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t));
@@ -413,6 +414,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
   }
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void
@@ -450,6 +452,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     res[i0 + i0] = r;
   }
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res);
+  KRML_HOST_IGNORE(c0);
   KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen);
   uint64_t *tmp = (uint64_t *)alloca((aLen + aLen) * sizeof (uint64_t));
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t));
@@ -462,6 +465,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
   }
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 #if defined(__cplusplus)
diff --git a/include/msvc/internal/Hacl_Krmllib.h b/include/msvc/internal/Hacl_Krmllib.h
index 278cb15b..70c84916 100644
--- a/include/msvc/internal/Hacl_Krmllib.h
+++ b/include/msvc/internal/Hacl_Krmllib.h
@@ -37,13 +37,13 @@ extern "C" {
 
 #include "../Hacl_Krmllib.h"
 
-static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
+static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
 
-static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
+static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
 
-static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
+static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
 
-static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
+static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
 
 static inline FStar_UInt128_uint128
 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
diff --git a/include/msvc/lib_intrinsics.h b/include/msvc/lib_intrinsics.h
index 0c35026e..8fa75b37 100644
--- a/include/msvc/lib_intrinsics.h
+++ b/include/msvc/lib_intrinsics.h
@@ -8,15 +8,20 @@
 #endif
 #endif
 
-#if defined(HACL_CAN_COMPILE_INTRINSICS)
-#if defined(_MSC_VER)
-#include <immintrin.h>
-#else
-#include <x86intrin.h>
-#endif
-#endif
+/*
+   GCC versions prior to 5.5 incorrectly optimize certain intrinsics.
+
+   See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81300
+
+   CLANG versions prior to 5 crash on certain intrinsics.
+
+   See https://bugs.llvm.org/show_bug.cgi?id=24943
+*/
 
-#if !defined(HACL_CAN_COMPILE_INTRINSICS)
+#if !defined(HACL_CAN_COMPILE_INTRINSICS) || \
+    (defined(__clang__) && (__clang_major__ < 5)) || \
+    (defined(__GNUC__) && !defined(__clang__) &&  \
+     (__GNUC__ < 5 || (__GNUC__ == 5 && (__GNUC_MINOR__ < 5))))
 
 #include "Hacl_IntTypes_Intrinsics.h"
 
@@ -25,35 +30,40 @@
 #include "Hacl_IntTypes_Intrinsics_128.h"
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4))
 
 #else
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4))
 
 #endif // defined(HACL_CAN_COMPILE_UINT128)
 
 #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4))
 
 #else // !defined(HACL_CAN_COMPILE_INTRINSICS)
 
+#if defined(_MSC_VER)
+#include <immintrin.h>
+#else
+#include <x86intrin.h>
+#endif
+
 #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \
-  (_addcarry_u32(x1, x2, x3, (unsigned int *) x4))
+    (_addcarry_u32(x1, x2, x3, (unsigned int *)x4))
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (_addcarry_u64(x1, x2, x3, (long long unsigned int *) x4))
-
+    (_addcarry_u64(x1, x2, x3, (long long unsigned int *)x4))
 
 /*
    GCC versions prior to 7.2 pass arguments to _subborrow_u{32,64}
@@ -61,22 +71,22 @@
 
    See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81294
 */
-#if defined(__GNUC__) && !defined (__clang__) && \
-  (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2)))
+#if defined(__GNUC__) && !defined(__clang__) && \
+    (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2)))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
-  (_subborrow_u32(x1, x3, x2, (unsigned int *) x4))
+    (_subborrow_u32(x1, x3, x2, (unsigned int *)x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (_subborrow_u64(x1, x3, x2, (long long unsigned int *) x4))
+    (_subborrow_u64(x1, x3, x2, (long long unsigned int *)x4))
 
 #else
 
-#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)  \
-  (_subborrow_u32(x1, x2, x3, (unsigned int *) x4))
+#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
+    (_subborrow_u32(x1, x2, x3, (unsigned int *)x4))
 
-#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)  \
-  (_subborrow_u64(x1, x2, x3, (long long unsigned int *) x4))
+#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
+    (_subborrow_u64(x1, x2, x3, (long long unsigned int *)x4))
 
 #endif // GCC < 7.2
 
diff --git a/include/msvc/lib_memzero0.h b/include/msvc/lib_memzero0.h
new file mode 100644
index 00000000..506dd50f
--- /dev/null
+++ b/include/msvc/lib_memzero0.h
@@ -0,0 +1,5 @@
+#include <inttypes.h>
+
+void Lib_Memzero0_memzero0(void *dst, uint64_t len);
+
+#define Lib_Memzero0_memzero(dst, len, t) Lib_Memzero0_memzero0(dst, len * sizeof(t))
diff --git a/info.txt b/info.txt
index ac05510e..1a29e888 100644
--- a/info.txt
+++ b/info.txt
@@ -1,5 +1,5 @@
 The code was generated with the following toolchain.
-F* version: e617752a1b014a16892f7d8772d62e5c234f06c1
-KaRaMeL version: 2cf2974007f4103dba5619e4eb9e3eaeefad533b
-HACL* version: 86a0aed822bd80b03e4810e23518181f0edec5f6
+F* version: 155853a14336aa0713dba7db5408f4c8ab512a06
+KaRaMeL version: db63c1de17565be0ec4989f58532717a04e3ff40
+HACL* version: ad60c9d98c9ce8f6a4fa13090511fa4b3a2c137b
 Vale version: 0.3.19
diff --git a/karamel/include/krml/internal/target.h b/karamel/include/krml/internal/target.h
index 9eb260c6..634c20fc 100644
--- a/karamel/include/krml/internal/target.h
+++ b/karamel/include/krml/internal/target.h
@@ -4,13 +4,13 @@
 #ifndef __KRML_TARGET_H
 #define __KRML_TARGET_H
 
-#include <stdlib.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdbool.h>
+#include <assert.h>
 #include <inttypes.h>
 #include <limits.h>
-#include <assert.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
 
 /* Since KaRaMeL emits the inline keyword unconditionally, we follow the
  * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this
@@ -57,6 +57,19 @@
 #  define KRML_HOST_IGNORE(x) (void)(x)
 #endif
 
+#ifndef KRML_NOINLINE
+#  if defined(_MSC_VER)
+#    define KRML_NOINLINE __declspec(noinline)
+#  elif defined (__GNUC__)
+#    define KRML_NOINLINE __attribute__((noinline,unused))
+#  else
+#    define KRML_NOINLINE
+#    warning "The KRML_NOINLINE macro is not defined for this toolchain!"
+#    warning "The compiler may defeat side-channel resistance with optimizations."
+#    warning "Please locate target.h and try to fill it out with a suitable definition for this compiler."
+#  endif
+#endif
+
 #ifndef KRML_PRE_ALIGN
 #  ifdef _MSC_VER
 #    define KRML_PRE_ALIGN(X) __declspec(align(X))
@@ -80,7 +93,9 @@
 #  ifdef __MINGW32__
 #    include <_mingw.h>
 #  endif
-#  if (defined(_MSC_VER) || (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR)))
+#  if (                                                                        \
+      defined(_MSC_VER) ||                                                     \
+      (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR)))
 #    define KRML_ALIGNED_MALLOC(X, Y) _aligned_malloc(Y, X)
 #  else
 #    define KRML_ALIGNED_MALLOC(X, Y) aligned_alloc(X, Y)
@@ -95,7 +110,9 @@
 #  ifdef __MINGW32__
 #    include <_mingw.h>
 #  endif
-#  if (defined(_MSC_VER) || (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR)))
+#  if (                                                                        \
+      defined(_MSC_VER) ||                                                     \
+      (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR)))
 #    define KRML_ALIGNED_FREE(X) _aligned_free(X)
 #  else
 #    define KRML_ALIGNED_FREE(X) free(X)
@@ -151,14 +168,15 @@ inline static int32_t krml_time(void) {
   } while (0)
 
 #if defined(_MSC_VER) && _MSC_VER < 1900
-#  define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) _snprintf_s(buf, sz, _TRUNCATE, fmt, arg)
+#  define KRML_HOST_SNPRINTF(buf, sz, fmt, arg)                                \
+    _snprintf_s(buf, sz, _TRUNCATE, fmt, arg)
 #else
 #  define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg)
 #endif
 
 #if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4))
 #  define KRML_DEPRECATED(x) __attribute__((deprecated(x)))
-#elif  defined(__GNUC__)
+#elif defined(__GNUC__)
 /* deprecated attribute is not defined in GCC < 4.5. */
 #  define KRML_DEPRECATED(x)
 #elif defined(_MSC_VER)
@@ -169,184 +187,186 @@ inline static int32_t krml_time(void) {
 #define KRML_LOOP1(i, n, x) { \
   x \
   i += n; \
+  (void) i; \
 }
 
-#define KRML_LOOP2(i, n, x) \
-  KRML_LOOP1(i, n, x) \
+#define KRML_LOOP2(i, n, x)                                                    \
+  KRML_LOOP1(i, n, x)                                                          \
   KRML_LOOP1(i, n, x)
 
-#define KRML_LOOP3(i, n, x) \
-  KRML_LOOP2(i, n, x) \
+#define KRML_LOOP3(i, n, x)                                                    \
+  KRML_LOOP2(i, n, x)                                                          \
   KRML_LOOP1(i, n, x)
 
-#define KRML_LOOP4(i, n, x) \
-  KRML_LOOP2(i, n, x) \
+#define KRML_LOOP4(i, n, x)                                                    \
+  KRML_LOOP2(i, n, x)                                                          \
   KRML_LOOP2(i, n, x)
 
-#define KRML_LOOP5(i, n, x) \
-  KRML_LOOP4(i, n, x) \
+#define KRML_LOOP5(i, n, x)                                                    \
+  KRML_LOOP4(i, n, x)                                                          \
   KRML_LOOP1(i, n, x)
 
-#define KRML_LOOP6(i, n, x) \
-  KRML_LOOP4(i, n, x) \
+#define KRML_LOOP6(i, n, x)                                                    \
+  KRML_LOOP4(i, n, x)                                                          \
   KRML_LOOP2(i, n, x)
 
-#define KRML_LOOP7(i, n, x) \
-  KRML_LOOP4(i, n, x) \
+#define KRML_LOOP7(i, n, x)                                                    \
+  KRML_LOOP4(i, n, x)                                                          \
   KRML_LOOP3(i, n, x)
 
-#define KRML_LOOP8(i, n, x) \
-  KRML_LOOP4(i, n, x) \
+#define KRML_LOOP8(i, n, x)                                                    \
+  KRML_LOOP4(i, n, x)                                                          \
   KRML_LOOP4(i, n, x)
 
-#define KRML_LOOP9(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP9(i, n, x)                                                    \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP1(i, n, x)
 
-#define KRML_LOOP10(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP10(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP2(i, n, x)
 
-#define KRML_LOOP11(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP11(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP3(i, n, x)
 
-#define KRML_LOOP12(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP12(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP4(i, n, x)
 
-#define KRML_LOOP13(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP13(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP5(i, n, x)
 
-#define KRML_LOOP14(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP14(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP6(i, n, x)
 
-#define KRML_LOOP15(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP15(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP7(i, n, x)
 
-#define KRML_LOOP16(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP16(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP8(i, n, x)
 
-#define KRML_UNROLL_FOR(i, z, n, k, x) do { \
-  uint32_t i = z; \
-  KRML_LOOP##n(i, k, x) \
-} while (0)
+#define KRML_UNROLL_FOR(i, z, n, k, x)                                         \
+  do {                                                                         \
+    uint32_t i = z;                                                            \
+    KRML_LOOP##n(i, k, x)                                                      \
+  } while (0)
 
-#define KRML_ACTUAL_FOR(i, z, n, k, x) \
-  do { \
-    for (uint32_t i = z; i < n; i += k) { \
-      x \
-    } \
+#define KRML_ACTUAL_FOR(i, z, n, k, x)                                         \
+  do {                                                                         \
+    for (uint32_t i = z; i < n; i += k) {                                      \
+      x                                                                        \
+    }                                                                          \
   } while (0)
 
 #ifndef KRML_UNROLL_MAX
-#define KRML_UNROLL_MAX 16
+#  define KRML_UNROLL_MAX 16
 #endif
 
 /* 1 is the number of loop iterations, i.e. (n - z)/k as evaluated by krml */
 #if 0 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR0(i, z, n, k, x)
+#  define KRML_MAYBE_FOR0(i, z, n, k, x)
 #else
-#define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 1 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x)
+#  define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x)
 #else
-#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 2 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x)
+#  define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x)
 #else
-#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 3 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x)
+#  define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x)
 #else
-#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 4 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x)
+#  define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x)
 #else
-#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 5 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x)
+#  define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x)
 #else
-#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 6 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x)
+#  define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x)
 #else
-#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 7 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x)
+#  define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x)
 #else
-#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 8 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x)
+#  define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x)
 #else
-#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 9 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x)
+#  define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x)
 #else
-#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 10 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x)
+#  define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x)
 #else
-#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 11 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x)
+#  define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x)
 #else
-#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 12 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x)
+#  define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x)
 #else
-#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 13 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x)
+#  define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x)
 #else
-#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 14 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x)
+#  define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x)
 #else
-#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 15 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x)
+#  define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x)
 #else
-#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 16 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x)
+#  define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x)
 #else
-#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 #endif
diff --git a/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h b/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
index b0503a96..84356c61 100644
--- a/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
+++ b/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
@@ -14,15 +14,15 @@
 #include "krml/internal/types.h"
 #include "krml/internal/target.h"
 
-extern Prims_int FStar_UInt64_n;
+extern krml_checked_int_t FStar_UInt64_n;
 
 extern bool FStar_UInt64_uu___is_Mk(uint64_t projectee);
 
-extern Prims_int FStar_UInt64___proj__Mk__item__v(uint64_t projectee);
+extern krml_checked_int_t FStar_UInt64___proj__Mk__item__v(uint64_t projectee);
 
-extern Prims_int FStar_UInt64_v(uint64_t x);
+extern krml_checked_int_t FStar_UInt64_v(uint64_t x);
 
-extern uint64_t FStar_UInt64_uint_to_t(Prims_int x);
+extern uint64_t FStar_UInt64_uint_to_t(krml_checked_int_t x);
 
 extern uint64_t FStar_UInt64_zero;
 
@@ -32,7 +32,7 @@ extern uint64_t FStar_UInt64_minus(uint64_t a);
 
 extern uint32_t FStar_UInt64_n_minus_one;
 
-static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
+static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
 {
   uint64_t x = a ^ b;
   uint64_t minus_x = ~x + (uint64_t)1U;
@@ -41,7 +41,7 @@ static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
   return xnx - (uint64_t)1U;
 }
 
-static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
+static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
 {
   uint64_t x = a;
   uint64_t y = b;
@@ -62,15 +62,15 @@ extern Prims_string FStar_UInt64_to_string_hex_pad(uint64_t uu___);
 
 extern uint64_t FStar_UInt64_of_string(Prims_string uu___);
 
-extern Prims_int FStar_UInt32_n;
+extern krml_checked_int_t FStar_UInt32_n;
 
 extern bool FStar_UInt32_uu___is_Mk(uint32_t projectee);
 
-extern Prims_int FStar_UInt32___proj__Mk__item__v(uint32_t projectee);
+extern krml_checked_int_t FStar_UInt32___proj__Mk__item__v(uint32_t projectee);
 
-extern Prims_int FStar_UInt32_v(uint32_t x);
+extern krml_checked_int_t FStar_UInt32_v(uint32_t x);
 
-extern uint32_t FStar_UInt32_uint_to_t(Prims_int x);
+extern uint32_t FStar_UInt32_uint_to_t(krml_checked_int_t x);
 
 extern uint32_t FStar_UInt32_zero;
 
@@ -80,7 +80,7 @@ extern uint32_t FStar_UInt32_minus(uint32_t a);
 
 extern uint32_t FStar_UInt32_n_minus_one;
 
-static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
+static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
 {
   uint32_t x = a ^ b;
   uint32_t minus_x = ~x + (uint32_t)1U;
@@ -89,7 +89,7 @@ static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
   return xnx - (uint32_t)1U;
 }
 
-static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
+static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
 {
   uint32_t x = a;
   uint32_t y = b;
@@ -110,15 +110,15 @@ extern Prims_string FStar_UInt32_to_string_hex_pad(uint32_t uu___);
 
 extern uint32_t FStar_UInt32_of_string(Prims_string uu___);
 
-extern Prims_int FStar_UInt16_n;
+extern krml_checked_int_t FStar_UInt16_n;
 
 extern bool FStar_UInt16_uu___is_Mk(uint16_t projectee);
 
-extern Prims_int FStar_UInt16___proj__Mk__item__v(uint16_t projectee);
+extern krml_checked_int_t FStar_UInt16___proj__Mk__item__v(uint16_t projectee);
 
-extern Prims_int FStar_UInt16_v(uint16_t x);
+extern krml_checked_int_t FStar_UInt16_v(uint16_t x);
 
-extern uint16_t FStar_UInt16_uint_to_t(Prims_int x);
+extern uint16_t FStar_UInt16_uint_to_t(krml_checked_int_t x);
 
 extern uint16_t FStar_UInt16_zero;
 
@@ -128,7 +128,7 @@ extern uint16_t FStar_UInt16_minus(uint16_t a);
 
 extern uint32_t FStar_UInt16_n_minus_one;
 
-static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
+static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
 {
   uint16_t x = a ^ b;
   uint16_t minus_x = ~x + (uint16_t)1U;
@@ -137,7 +137,7 @@ static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
   return xnx - (uint16_t)1U;
 }
 
-static inline uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
+static KRML_NOINLINE uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
 {
   uint16_t x = a;
   uint16_t y = b;
@@ -158,15 +158,15 @@ extern Prims_string FStar_UInt16_to_string_hex_pad(uint16_t uu___);
 
 extern uint16_t FStar_UInt16_of_string(Prims_string uu___);
 
-extern Prims_int FStar_UInt8_n;
+extern krml_checked_int_t FStar_UInt8_n;
 
 extern bool FStar_UInt8_uu___is_Mk(uint8_t projectee);
 
-extern Prims_int FStar_UInt8___proj__Mk__item__v(uint8_t projectee);
+extern krml_checked_int_t FStar_UInt8___proj__Mk__item__v(uint8_t projectee);
 
-extern Prims_int FStar_UInt8_v(uint8_t x);
+extern krml_checked_int_t FStar_UInt8_v(uint8_t x);
 
-extern uint8_t FStar_UInt8_uint_to_t(Prims_int x);
+extern uint8_t FStar_UInt8_uint_to_t(krml_checked_int_t x);
 
 extern uint8_t FStar_UInt8_zero;
 
@@ -176,7 +176,7 @@ extern uint8_t FStar_UInt8_minus(uint8_t a);
 
 extern uint32_t FStar_UInt8_n_minus_one;
 
-static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
+static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
 {
   uint8_t x = a ^ b;
   uint8_t minus_x = ~x + (uint8_t)1U;
@@ -185,7 +185,7 @@ static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
   return xnx - (uint8_t)1U;
 }
 
-static inline uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
+static KRML_NOINLINE uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
 {
   uint8_t x = a;
   uint8_t y = b;
diff --git a/ocaml/ctypes.depend b/ocaml/ctypes.depend
index 31393b5e..86af86df 100644
--- a/ocaml/ctypes.depend
+++ b/ocaml/ctypes.depend
@@ -1,4 +1,4 @@
-CTYPES_DEPS=lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Blake2_stubs.cmx lib/Hacl_Hash_Blake2_bindings.cmx lib/Hacl_Hash_Blake2b_256_stubs.cmx lib/Hacl_Hash_Blake2b_256_bindings.cmx lib/Hacl_Hash_Blake2s_128_stubs.cmx lib/Hacl_Hash_Blake2s_128_bindings.cmx lib/Hacl_Hash_SHA3_stubs.cmx lib/Hacl_Hash_SHA3_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_Poly1305_32_stubs.cmx lib/Hacl_Poly1305_32_bindings.cmx lib/Hacl_Poly1305_128_stubs.cmx lib/Hacl_Poly1305_128_bindings.cmx lib/Hacl_Poly1305_256_stubs.cmx lib/Hacl_Poly1305_256_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_128_stubs.cmx lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_Chacha20Poly1305_256_stubs.cmx lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_32_stubs.cmx lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_Streaming_Poly1305_32_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_Streaming_Blake2_stubs.cmx lib/Hacl_Streaming_Blake2_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx 
+CTYPES_DEPS=lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Blake2_stubs.cmx lib/Hacl_Hash_Blake2_bindings.cmx lib/Hacl_Hash_Blake2b_256_stubs.cmx lib/Hacl_Hash_Blake2b_256_bindings.cmx lib/Hacl_Hash_Blake2s_128_stubs.cmx lib/Hacl_Hash_Blake2s_128_bindings.cmx lib/Hacl_Hash_SHA3_stubs.cmx lib/Hacl_Hash_SHA3_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_Poly1305_32_stubs.cmx lib/Hacl_Poly1305_32_bindings.cmx lib/Hacl_Poly1305_128_stubs.cmx lib/Hacl_Poly1305_128_bindings.cmx lib/Hacl_Poly1305_256_stubs.cmx lib/Hacl_Poly1305_256_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_128_stubs.cmx lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_Chacha20Poly1305_256_stubs.cmx lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_32_stubs.cmx lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/Hacl_Streaming_Poly1305_32_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_Streaming_Blake2_stubs.cmx lib/Hacl_Streaming_Blake2_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx 
 lib/Hacl_Streaming_Types_bindings.cmx: 
 lib/Hacl_Streaming_Types_bindings.cmo: 
 lib_gen/Hacl_Streaming_Types_gen.cmx: lib/Hacl_Streaming_Types_bindings.cmx
@@ -283,14 +283,14 @@ lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Imp
 lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo 
 lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.cmx: lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx
 lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.cmx 
-lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx 
-lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo 
-lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx: lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx
-lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx 
 lib/EverCrypt_Poly1305_bindings.cmx: 
 lib/EverCrypt_Poly1305_bindings.cmo: 
 lib_gen/EverCrypt_Poly1305_gen.cmx: lib/EverCrypt_Poly1305_bindings.cmx
 lib_gen/EverCrypt_Poly1305_gen.exe: lib/EverCrypt_Poly1305_bindings.cmx lib_gen/EverCrypt_Poly1305_gen.cmx 
+lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx 
+lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo 
+lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx: lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx
+lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx 
 lib/Hacl_Streaming_Poly1305_32_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
 lib/Hacl_Streaming_Poly1305_32_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
 lib_gen/Hacl_Streaming_Poly1305_32_gen.cmx: lib/Hacl_Streaming_Poly1305_32_bindings.cmx
diff --git a/rust/hacl-sys/Cargo.toml b/rust/hacl-sys/Cargo.toml
index 82da020e..ae909191 100644
--- a/rust/hacl-sys/Cargo.toml
+++ b/rust/hacl-sys/Cargo.toml
@@ -39,7 +39,7 @@ rust-version = "1.60"
 libc = "0.2.147"
 
 [target.'cfg(all(not(windows), not(nobindgen)))'.build-dependencies]
-bindgen = "0.65"
+bindgen = "0.68"
 
 [build-dependencies]
 fs_extra = "1.3.0"
diff --git a/src/EverCrypt_AEAD.c b/src/EverCrypt_AEAD.c
index a4b306b7..564dbc2e 100644
--- a/src/EverCrypt_AEAD.c
+++ b/src/EverCrypt_AEAD.c
@@ -40,6 +40,10 @@ typedef struct EverCrypt_AEAD_state_s_s
 }
 EverCrypt_AEAD_state_s;
 
+/**
+Both encryption and decryption require a state that holds the key.
+The state may be reused as many times as desired.
+*/
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee)
 {
   return true;
@@ -93,12 +97,12 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t));
@@ -112,19 +116,21 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
     *dst = p;
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 static EverCrypt_Error_error_code
 create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t));
@@ -138,8 +144,10 @@ create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
     *dst = p;
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 /**
@@ -797,12 +805,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   uint8_t *tag
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[480U] = { 0U };
@@ -919,8 +927,10 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
     }
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -936,12 +946,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   uint8_t *tag
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[544U] = { 0U };
@@ -1058,8 +1068,10 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
     }
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -1831,12 +1843,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   uint8_t *dst
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[480U] = { 0U };
@@ -1850,122 +1862,118 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     {
       return EverCrypt_Error_InvalidKey;
     }
-    else if (iv_len == (uint32_t)0U)
+    if (iv_len == (uint32_t)0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
+    EverCrypt_AEAD_state_s scrut1 = *s;
+    uint8_t *ek0 = scrut1.ek;
+    uint8_t *scratch_b = ek0 + (uint32_t)304U;
+    uint8_t *ek1 = ek0;
+    uint8_t *keys_b = ek1;
+    uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+    uint8_t tmp_iv[16U] = { 0U };
+    uint32_t len = iv_len / (uint32_t)16U;
+    uint32_t bytes_len = len * (uint32_t)16U;
+    uint8_t *iv_b = iv;
+    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t
+    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    uint8_t *inout_b = scratch_b;
+    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
+    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *cipher_b_ = cipher;
+    uint8_t *out_b_ = dst;
+    uint8_t *auth_b_ = ad;
+    memcpy(inout_b,
+      cipher + cipher_len_,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    memcpy(abytes_b,
+      ad + auth_len_,
+      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    uint64_t c;
+    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    {
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
+      uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t
+      scrut2 =
+        gcm128_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      uint64_t c0 = scrut2;
+      c = c0;
+    }
     else
     {
-      EverCrypt_AEAD_state_s scrut1 = *s;
-      uint8_t *ek0 = scrut1.ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)304U;
-      uint8_t *ek1 = ek0;
-      uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)176U;
-      uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
-      uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+      uint32_t len128x61 = (uint32_t)0U;
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + len128x61;
+      uint8_t *out128_b = out_b_ + len128x61;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
-      uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
-      uint8_t *cipher_b_ = cipher;
-      uint8_t *out_b_ = dst;
-      uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        cipher + cipher_len_,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
-      uint64_t c;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
-      {
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
-        uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm128_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      else
-      {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + len128x61;
-        uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm128_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
-        inout_b,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t r = c;
-      if (r == (uint64_t)0U)
-      {
-        return EverCrypt_Error_Success;
-      }
-      else
-      {
-        return EverCrypt_Error_AuthenticationFailure;
-      }
+      scrut2 =
+        gcm128_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      uint64_t c0 = scrut2;
+      c = c0;
     }
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+      inout_b,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t r = c;
+    if (r == (uint64_t)0U)
+    {
+      return EverCrypt_Error_Success;
+    }
+    return EverCrypt_Error_AuthenticationFailure;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -1981,12 +1989,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   uint8_t *dst
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[544U] = { 0U };
@@ -2000,122 +2008,118 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     {
       return EverCrypt_Error_InvalidKey;
     }
-    else if (iv_len == (uint32_t)0U)
+    if (iv_len == (uint32_t)0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
+    EverCrypt_AEAD_state_s scrut1 = *s;
+    uint8_t *ek0 = scrut1.ek;
+    uint8_t *scratch_b = ek0 + (uint32_t)368U;
+    uint8_t *ek1 = ek0;
+    uint8_t *keys_b = ek1;
+    uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+    uint8_t tmp_iv[16U] = { 0U };
+    uint32_t len = iv_len / (uint32_t)16U;
+    uint32_t bytes_len = len * (uint32_t)16U;
+    uint8_t *iv_b = iv;
+    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t
+    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    uint8_t *inout_b = scratch_b;
+    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
+    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *cipher_b_ = cipher;
+    uint8_t *out_b_ = dst;
+    uint8_t *auth_b_ = ad;
+    memcpy(inout_b,
+      cipher + cipher_len_,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    memcpy(abytes_b,
+      ad + auth_len_,
+      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    uint64_t c;
+    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    {
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
+      uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t
+      scrut2 =
+        gcm256_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      uint64_t c0 = scrut2;
+      c = c0;
+    }
     else
     {
-      EverCrypt_AEAD_state_s scrut1 = *s;
-      uint8_t *ek0 = scrut1.ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)368U;
-      uint8_t *ek1 = ek0;
-      uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)240U;
-      uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
-      uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+      uint32_t len128x61 = (uint32_t)0U;
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + len128x61;
+      uint8_t *out128_b = out_b_ + len128x61;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
-      uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
-      uint8_t *cipher_b_ = cipher;
-      uint8_t *out_b_ = dst;
-      uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        cipher + cipher_len_,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
-      uint64_t c;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
-      {
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
-        uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm256_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      else
-      {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + len128x61;
-        uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm256_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
-        inout_b,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t r = c;
-      if (r == (uint64_t)0U)
-      {
-        return EverCrypt_Error_Success;
-      }
-      else
-      {
-        return EverCrypt_Error_AuthenticationFailure;
-      }
+      scrut2 =
+        gcm256_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      uint64_t c0 = scrut2;
+      c = c0;
+    }
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+      inout_b,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t r = c;
+    if (r == (uint64_t)0U)
+    {
+      return EverCrypt_Error_Success;
     }
+    return EverCrypt_Error_AuthenticationFailure;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
diff --git a/src/EverCrypt_Chacha20Poly1305.c b/src/EverCrypt_Chacha20Poly1305.c
index b1ad5a74..9a110bbf 100644
--- a/src/EverCrypt_Chacha20Poly1305.c
+++ b/src/EverCrypt_Chacha20Poly1305.c
@@ -39,13 +39,12 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   uint8_t *tag
 )
 {
-  bool avx2 = EverCrypt_AutoConfig2_has_avx2();
-  bool avx = EverCrypt_AutoConfig2_has_avx();
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     Hacl_Chacha20Poly1305_256_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
     return;
   }
@@ -53,10 +52,13 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     Hacl_Chacha20Poly1305_128_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
     return;
   }
   #endif
+  KRML_HOST_IGNORE(vec128);
+  KRML_HOST_IGNORE(vec256);
   Hacl_Chacha20Poly1305_32_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
 }
 
@@ -72,22 +74,24 @@ EverCrypt_Chacha20Poly1305_aead_decrypt(
   uint8_t *tag
 )
 {
-  bool avx2 = EverCrypt_AutoConfig2_has_avx2();
-  bool avx = EverCrypt_AutoConfig2_has_avx();
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     return Hacl_Chacha20Poly1305_256_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     return Hacl_Chacha20Poly1305_128_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
   }
   #endif
+  KRML_HOST_IGNORE(vec128);
+  KRML_HOST_IGNORE(vec256);
   return Hacl_Chacha20Poly1305_32_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
 }
 
diff --git a/src/EverCrypt_Curve25519.c b/src/EverCrypt_Curve25519.c
index b97637b8..202f58c1 100644
--- a/src/EverCrypt_Curve25519.c
+++ b/src/EverCrypt_Curve25519.c
@@ -27,13 +27,6 @@
 
 #include "config.h"
 
-static inline bool has_adx_bmi2(void)
-{
-  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
-  bool has_adx = EverCrypt_AutoConfig2_has_adx();
-  return has_bmi2 && has_adx;
-}
-
 /**
 Calculate a public point from a secret/private key.
 
@@ -45,13 +38,17 @@ This computes a scalar multiplication of the secret/private key with the curve's
 void EverCrypt_Curve25519_secret_to_public(uint8_t *pub, uint8_t *priv)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     Hacl_Curve25519_64_secret_to_public(pub, priv);
     return;
   }
-  #endif
   Hacl_Curve25519_51_secret_to_public(pub, priv);
+  #else
+  Hacl_Curve25519_51_secret_to_public(pub, priv);
+  #endif
 }
 
 /**
@@ -64,13 +61,17 @@ Compute the scalar multiple of a point.
 void EverCrypt_Curve25519_scalarmult(uint8_t *shared, uint8_t *my_priv, uint8_t *their_pub)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     Hacl_Curve25519_64_scalarmult(shared, my_priv, their_pub);
     return;
   }
-  #endif
   Hacl_Curve25519_51_scalarmult(shared, my_priv, their_pub);
+  #else
+  Hacl_Curve25519_51_scalarmult(shared, my_priv, their_pub);
+  #endif
 }
 
 /**
@@ -83,11 +84,15 @@ Execute the diffie-hellmann key exchange.
 bool EverCrypt_Curve25519_ecdh(uint8_t *shared, uint8_t *my_priv, uint8_t *their_pub)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     return Hacl_Curve25519_64_ecdh(shared, my_priv, their_pub);
   }
-  #endif
   return Hacl_Curve25519_51_ecdh(shared, my_priv, their_pub);
+  #else
+  return Hacl_Curve25519_51_ecdh(shared, my_priv, their_pub);
+  #endif
 }
 
diff --git a/src/EverCrypt_DRBG.c b/src/EverCrypt_DRBG.c
index ac521460..f21313e9 100644
--- a/src/EverCrypt_DRBG.c
+++ b/src/EverCrypt_DRBG.c
@@ -26,6 +26,7 @@
 #include "EverCrypt_DRBG.h"
 
 #include "internal/EverCrypt_HMAC.h"
+#include "lib_memzero0.h"
 
 uint32_t EverCrypt_DRBG_reseed_interval = (uint32_t)1024U;
 
@@ -618,20 +619,18 @@ reseed_sha1(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA1_s)
   {
-    uu____0 = st_s.case_SHA1_s;
+    scrut = st_s.case_SHA1_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
@@ -699,20 +698,18 @@ reseed_sha2_256(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_256_s)
   {
-    uu____0 = st_s.case_SHA2_256_s;
+    scrut = st_s.case_SHA2_256_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
@@ -780,20 +777,18 @@ reseed_sha2_384(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_384_s)
   {
-    uu____0 = st_s.case_SHA2_384_s;
+    scrut = st_s.case_SHA2_384_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
@@ -861,20 +856,18 @@ reseed_sha2_512(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_512_s)
   {
-    uu____0 = st_s.case_SHA2_512_s;
+    scrut = st_s.case_SHA2_512_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
@@ -932,7 +925,6 @@ generate_sha1(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -940,11 +932,11 @@ generate_sha1(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t entropy_input[entropy_input_len1];
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t entropy_input[entropy_input_len];
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -953,56 +945,56 @@ generate_sha1(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
-      uint8_t seed_material[entropy_input_len1 + additional_input_len];
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
+      uint8_t seed_material[entropy_input_len + additional_input_len];
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA1_s)
       {
-        uu____0 = st_s.case_SHA1_s;
+        scrut = st_s.case_SHA1_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)21U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)21U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[20U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
       EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
       memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)21U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)21U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[20U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
@@ -1028,75 +1020,24 @@ generate_sha1(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA1_s)
+  {
+    scrut = st_s.case_SHA1_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA1_s)
-    {
-      scrut = st_s.case_SHA1_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)21U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t input0[input_len];
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[20U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-      EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)21U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t input[input_len0];
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[20U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-        EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)20U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)20U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)20U;
-      EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)21U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
@@ -1128,10 +1069,54 @@ generate_sha1(
       EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
       memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)20U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)20U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)20U;
+    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)21U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t input0[input_len];
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[20U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
+  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t input[input_len0];
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[20U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1153,7 +1138,6 @@ generate_sha2_256(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1161,11 +1145,11 @@ generate_sha2_256(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t entropy_input[entropy_input_len1];
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t entropy_input[entropy_input_len];
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1174,56 +1158,56 @@ generate_sha2_256(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
-      uint8_t seed_material[entropy_input_len1 + additional_input_len];
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
+      uint8_t seed_material[entropy_input_len + additional_input_len];
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_256_s)
       {
-        uu____0 = st_s.case_SHA2_256_s;
+        scrut = st_s.case_SHA2_256_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)33U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)33U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[32U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
       memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)33U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)33U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[32U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
@@ -1249,75 +1233,24 @@ generate_sha2_256(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_256_s)
+  {
+    scrut = st_s.case_SHA2_256_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_256_s)
-    {
-      scrut = st_s.case_SHA2_256_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)33U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t input0[input_len];
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[32U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)33U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t input[input_len0];
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[32U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)32U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)32U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)32U;
-      EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)33U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
@@ -1349,10 +1282,54 @@ generate_sha2_256(
       EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
       memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)32U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)32U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)32U;
+    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)33U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t input0[input_len];
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[32U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
+  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t input[input_len0];
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[32U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1374,7 +1351,6 @@ generate_sha2_384(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1382,11 +1358,11 @@ generate_sha2_384(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t entropy_input[entropy_input_len1];
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t entropy_input[entropy_input_len];
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1395,56 +1371,56 @@ generate_sha2_384(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
-      uint8_t seed_material[entropy_input_len1 + additional_input_len];
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
+      uint8_t seed_material[entropy_input_len + additional_input_len];
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_384_s)
       {
-        uu____0 = st_s.case_SHA2_384_s;
+        scrut = st_s.case_SHA2_384_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)49U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)49U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[48U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
       memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)49U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)49U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[48U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
@@ -1470,75 +1446,24 @@ generate_sha2_384(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_384_s)
+  {
+    scrut = st_s.case_SHA2_384_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_384_s)
-    {
-      scrut = st_s.case_SHA2_384_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)49U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t input0[input_len];
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[48U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)49U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t input[input_len0];
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[48U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)48U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)48U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)48U;
-      EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)49U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
@@ -1570,10 +1495,54 @@ generate_sha2_384(
       EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
       memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)48U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)48U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)48U;
+    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)49U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t input0[input_len];
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[48U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
+  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t input[input_len0];
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[48U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1595,7 +1564,6 @@ generate_sha2_512(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1603,11 +1571,11 @@ generate_sha2_512(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t entropy_input[entropy_input_len1];
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t entropy_input[entropy_input_len];
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1616,56 +1584,56 @@ generate_sha2_512(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
-      uint8_t seed_material[entropy_input_len1 + additional_input_len];
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
+      uint8_t seed_material[entropy_input_len + additional_input_len];
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_512_s)
       {
-        uu____0 = st_s.case_SHA2_512_s;
+        scrut = st_s.case_SHA2_512_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)65U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)65U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[64U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
       memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)65U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)65U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[64U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
@@ -1691,75 +1659,24 @@ generate_sha2_512(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_512_s)
+  {
+    scrut = st_s.case_SHA2_512_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_512_s)
-    {
-      scrut = st_s.case_SHA2_512_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)65U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t input0[input_len];
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[64U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)65U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t input[input_len0];
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[64U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)64U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)64U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)64U;
-      EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)65U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
@@ -1791,10 +1708,54 @@ generate_sha2_512(
       EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
       memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)64U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)64U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)64U;
+    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)65U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t input0[input_len];
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[64U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
+  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t input[input_len0];
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[64U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1813,8 +1774,8 @@ static void uninstantiate_sha1(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)20U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)20U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)20U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)20U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1837,8 +1798,8 @@ static void uninstantiate_sha2_256(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)32U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)32U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)32U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1861,8 +1822,8 @@ static void uninstantiate_sha2_384(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)48U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)48U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)48U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1885,8 +1846,8 @@ static void uninstantiate_sha2_512(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)64U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)64U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)64U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
diff --git a/src/EverCrypt_HMAC.c b/src/EverCrypt_HMAC.c
index 38407793..91440e61 100644
--- a/src/EverCrypt_HMAC.c
+++ b/src/EverCrypt_HMAC.c
@@ -83,16 +83,18 @@ EverCrypt_HMAC_compute_sha1(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)20U;
+    ite = (uint32_t)20U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -201,16 +203,18 @@ EverCrypt_HMAC_compute_sha2_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -329,16 +333,18 @@ EverCrypt_HMAC_compute_sha2_384(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)48U;
+    ite = (uint32_t)48U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -458,16 +464,18 @@ EverCrypt_HMAC_compute_sha2_512(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -587,16 +595,18 @@ EverCrypt_HMAC_compute_blake2s(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -723,16 +733,18 @@ EverCrypt_HMAC_compute_blake2b(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/src/EverCrypt_Hash.c b/src/EverCrypt_Hash.c
index b1004449..914a105f 100644
--- a/src/EverCrypt_Hash.c
+++ b/src/EverCrypt_Hash.c
@@ -206,8 +206,8 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         #if HACL_CAN_COMPILE_VEC128
+        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
           s =
@@ -231,8 +231,8 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         #if HACL_CAN_COMPILE_VEC256
+        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
           s =
@@ -342,6 +342,7 @@ static void init(EverCrypt_Hash_state_s *s)
     Hacl_Blake2s_128_blake2s_init(p1, (uint32_t)0U, (uint32_t)32U);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -358,6 +359,7 @@ static void init(EverCrypt_Hash_state_s *s)
     Hacl_Blake2b_256_blake2b_init(p1, (uint32_t)0U, (uint32_t)64U);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -391,17 +393,20 @@ k224_256[64U] =
 
 void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_shaext = EverCrypt_AutoConfig2_has_shaext();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
-  #if HACL_CAN_COMPILE_VALE
   if (has_shaext && has_sse)
   {
     uint64_t n1 = (uint64_t)n;
     uint64_t scrut = sha256_update(s, blocks, n1, k224_256);
     return;
   }
-  #endif
   Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  #else
+  KRML_HOST_IGNORE(k224_256);
+  Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  #endif
 }
 
 static void
@@ -495,6 +500,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
     Hacl_Blake2s_128_blake2s_update_multi(n * (uint32_t)64U, wv, p1, prevlen, blocks, n);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -525,6 +531,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
       n);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -622,6 +629,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
     Hacl_Blake2s_128_blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -650,6 +658,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
       last);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -736,6 +745,7 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
     Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, p1);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -752,6 +762,7 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
     Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, p1);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -1026,6 +1037,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2s_128_load_state128s_from_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1052,6 +1064,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2b_256_load_state256b_from_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1078,6 +1091,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2s_128_store_state128s_to_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1104,6 +1118,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2b_256_store_state256b_to_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1281,6 +1296,7 @@ void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s)
   uint8_t *buf = scrut.buf;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   Spec_Hash_Definitions_hash_alg i = alg_of_state(block_state);
+  KRML_HOST_IGNORE(i);
   init(block_state);
   EverCrypt_Hash_Incremental_hash_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -2038,9 +2054,9 @@ static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
     r = (uint32_t)(total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2S));
   }
   uint8_t *buf_1 = buf_;
-  bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   EverCrypt_Hash_state_s s;
   #if HACL_CAN_COMPILE_VEC128
+  bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 buf0[4U] KRML_POST_ALIGN(16) = { 0U };
   uint32_t buf[16U] = { 0U };
   if (vec128)
@@ -2097,9 +2113,9 @@ static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
     r = (uint32_t)(total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2B));
   }
   uint8_t *buf_1 = buf_;
-  bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   EverCrypt_Hash_state_s s;
   #if HACL_CAN_COMPILE_VEC256
+  bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 buf0[4U] KRML_POST_ALIGN(32) = { 0U };
   uint64_t buf[16U] = { 0U };
   if (vec256)
@@ -2384,28 +2400,32 @@ EverCrypt_Hash_Incremental_hash(
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         #if HACL_CAN_COMPILE_VEC128
+        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
           Hacl_Blake2s_128_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
           return;
         }
-        #endif
         Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        #else
+        Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        #endif
         break;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         #if HACL_CAN_COMPILE_VEC256
+        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
           Hacl_Blake2b_256_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
           return;
         }
-        #endif
         Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        #else
+        Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        #endif
         break;
       }
     default:
diff --git a/src/EverCrypt_Poly1305.c b/src/EverCrypt_Poly1305.c
index f05f8e85..717b9527 100644
--- a/src/EverCrypt_Poly1305.c
+++ b/src/EverCrypt_Poly1305.c
@@ -39,6 +39,7 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key
   if (n_extra == (uint32_t)0U)
   {
     uint64_t scrut = x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U);
+    KRML_HOST_IGNORE((void *)(uint8_t)0U);
   }
   else
   {
@@ -46,8 +47,10 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key
     uint8_t *src16 = src;
     memcpy(tmp, src + len16, n_extra * sizeof (uint8_t));
     uint64_t scrut = x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U);
+    KRML_HOST_IGNORE((void *)(uint8_t)0U);
     memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
     uint64_t scrut0 = x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U);
+    KRML_HOST_IGNORE((void *)(uint8_t)0U);
   }
   memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t));
   #endif
@@ -60,6 +63,7 @@ void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     Hacl_Poly1305_256_poly1305_mac(dst, len, src, key);
     return;
   }
@@ -67,13 +71,17 @@ void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     Hacl_Poly1305_128_poly1305_mac(dst, len, src, key);
     return;
   }
   #endif
+  KRML_HOST_IGNORE(vec256);
+  KRML_HOST_IGNORE(vec128);
   #if HACL_CAN_COMPILE_VALE
   poly1305_vale(dst, src, len, key);
   #else
+  KRML_HOST_IGNORE(poly1305_vale);
   Hacl_Poly1305_32_poly1305_mac(dst, len, src, key);
   #endif
 }
diff --git a/src/Hacl_Bignum.c b/src/Hacl_Bignum.c
index 6ad30a2e..fe73faa6 100644
--- a/src/Hacl_Bignum.c
+++ b/src/Hacl_Bignum.c
@@ -58,6 +58,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
     uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c10);
   uint32_t c00 = c0;
   uint32_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b0, b1, tmp_);
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b1, b0, t1);
@@ -67,6 +68,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
     uint32_t x = (((uint32_t)0U - c010) & t1[i]) | (~((uint32_t)0U - c010) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint32_t c11 = c010;
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
@@ -150,6 +152,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -182,6 +185,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
     uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c10);
   uint64_t c00 = c0;
   uint64_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b0, b1, tmp_);
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b1, b0, t1);
@@ -191,6 +195,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
     uint64_t x = (((uint64_t)0U - c010) & t1[i]) | (~((uint64_t)0U - c010) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint64_t c11 = c010;
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
@@ -274,6 +279,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -302,7 +308,9 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
     uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint32_t c00 = c0;
+  KRML_HOST_IGNORE(c00);
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len2, t0, tmp1, t23);
@@ -373,6 +381,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -401,7 +410,9 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
     uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint64_t c00 = c0;
+  KRML_HOST_IGNORE(c00);
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len2, t0, tmp1, t23);
@@ -472,6 +483,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -696,6 +708,7 @@ Hacl_Bignum_bn_sub_mod_n_u32(
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t2, res_i);
   }
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len1; i++)
   {
@@ -773,6 +786,7 @@ Hacl_Bignum_bn_sub_mod_n_u64(
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len1; i++)
   {
@@ -1266,6 +1280,7 @@ bn_almost_mont_reduction_u32(
   uint32_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -1362,6 +1377,7 @@ bn_almost_mont_reduction_u64(
   uint64_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
diff --git a/src/Hacl_Bignum256.c b/src/Hacl_Bignum256.c
index 7318984e..41aaadeb 100644
--- a/src/Hacl_Bignum256.c
+++ b/src/Hacl_Bignum256.c
@@ -229,6 +229,7 @@ void Hacl_Bignum256_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -314,6 +315,7 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -325,6 +327,7 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
@@ -441,6 +444,7 @@ static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -518,6 +522,7 @@ static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint6
     uint64_t r = c1;
     c[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, c, c);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -529,6 +534,7 @@ static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint6
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, tmp, c);
+  KRML_HOST_IGNORE(c1);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -569,6 +575,7 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -1154,6 +1161,7 @@ bool Hacl_Bignum256_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *re
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
   }
   else
@@ -1335,6 +1343,7 @@ Hacl_Bignum256_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
 }
 
@@ -1453,6 +1462,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -1469,6 +1479,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
diff --git a/src/Hacl_Bignum256_32.c b/src/Hacl_Bignum256_32.c
index a4f80671..ada15309 100644
--- a/src/Hacl_Bignum256_32.c
+++ b/src/Hacl_Bignum256_32.c
@@ -241,6 +241,7 @@ void Hacl_Bignum256_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *
     uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i););
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -328,6 +329,7 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     uint32_t r = c;
     res[i0 + i0] = r;);
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -339,6 +341,7 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
@@ -461,6 +464,7 @@ static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -540,6 +544,7 @@ static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint3
     uint32_t r = c1;
     c[i0 + i0] = r;);
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, c, c);
+  KRML_HOST_IGNORE(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -551,6 +556,7 @@ static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint3
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, tmp, c);
+  KRML_HOST_IGNORE(c1);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -593,6 +599,7 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -1188,6 +1195,7 @@ bool Hacl_Bignum256_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
       c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
   }
   else
@@ -1382,6 +1390,7 @@ Hacl_Bignum256_32_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
 }
 
@@ -1500,6 +1509,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
     (uint32_t)8U,
@@ -1516,6 +1526,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
     (uint32_t)8U,
diff --git a/src/Hacl_Bignum32.c b/src/Hacl_Bignum32.c
index 2bb4d126..a9bb4986 100644
--- a/src/Hacl_Bignum32.c
+++ b/src/Hacl_Bignum32.c
@@ -181,6 +181,7 @@ bn_slow_precomp(
   uint32_t tmp0[len];
   memset(tmp0, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, a_mod, n, tmp0);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -431,6 +432,7 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
     {
       c1 = c0;
     }
+    KRML_HOST_IGNORE(c1);
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len,
       nBits,
       n,
@@ -670,6 +672,7 @@ Hacl_Bignum32_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(len1,
     k1.n,
     k1.mu,
diff --git a/src/Hacl_Bignum4096.c b/src/Hacl_Bignum4096.c
index 80c62046..bf8fd6d2 100644
--- a/src/Hacl_Bignum4096.c
+++ b/src/Hacl_Bignum4096.c
@@ -243,6 +243,7 @@ void Hacl_Bignum4096_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *re
     uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i););
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -393,6 +394,7 @@ static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -457,6 +459,7 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -1047,6 +1050,7 @@ bool Hacl_Bignum4096_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *r
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
   }
   else
@@ -1244,6 +1248,7 @@ Hacl_Bignum4096_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
 }
 
@@ -1362,6 +1367,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
     store64_be(res + i * (uint32_t)8U, b[(uint32_t)64U - i - (uint32_t)1U]);
@@ -1377,6 +1383,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
     store64_le(res + i * (uint32_t)8U, b[i]);
diff --git a/src/Hacl_Bignum4096_32.c b/src/Hacl_Bignum4096_32.c
index 16ba485f..2f8d70f1 100644
--- a/src/Hacl_Bignum4096_32.c
+++ b/src/Hacl_Bignum4096_32.c
@@ -238,6 +238,7 @@ void Hacl_Bignum4096_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -385,6 +386,7 @@ static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -448,6 +450,7 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -1033,6 +1036,7 @@ bool Hacl_Bignum4096_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
       c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
   }
   else
@@ -1228,6 +1232,7 @@ Hacl_Bignum4096_32_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
 }
 
@@ -1346,6 +1351,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
     store32_be(res + i * (uint32_t)4U, b[(uint32_t)128U - i - (uint32_t)1U]);
@@ -1361,6 +1367,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
     store32_le(res + i * (uint32_t)4U, b[i]);
diff --git a/src/Hacl_Bignum64.c b/src/Hacl_Bignum64.c
index 9fd8c4c6..7300a993 100644
--- a/src/Hacl_Bignum64.c
+++ b/src/Hacl_Bignum64.c
@@ -180,6 +180,7 @@ bn_slow_precomp(
   uint64_t tmp0[len];
   memset(tmp0, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, a_mod, n, tmp0);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -430,6 +431,7 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
     {
       c1 = c0;
     }
+    KRML_HOST_IGNORE(c1);
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len,
       nBits,
       n,
@@ -669,6 +671,7 @@ Hacl_Bignum64_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(len1,
     k1.n,
     k1.mu,
diff --git a/src/Hacl_Ed25519.c b/src/Hacl_Ed25519.c
index 39d25998..9d7c3bd4 100644
--- a/src/Hacl_Ed25519.c
+++ b/src/Hacl_Ed25519.c
@@ -1483,6 +1483,9 @@ static inline void point_mul_g(uint64_t *out, uint8_t *scalar)
     uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp););
+  KRML_HOST_IGNORE(q2);
+  KRML_HOST_IGNORE(q3);
+  KRML_HOST_IGNORE(q4);
 }
 
 static inline void
@@ -1717,8 +1720,10 @@ static inline void sha512_pre_msg(uint8_t *hash, uint8_t *prefix, uint32_t len,
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
   Hacl_Streaming_Types_error_code
-  uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code uu____1 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
+  Hacl_Streaming_Types_error_code err1 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  KRML_HOST_IGNORE(err0);
+  KRML_HOST_IGNORE(err1);
   Hacl_Streaming_SHA2_finish_512(st, hash);
 }
 
@@ -1739,10 +1744,13 @@ sha512_pre_pre2_msg(
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
   Hacl_Streaming_Types_error_code
-  uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
+  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
   Hacl_Streaming_Types_error_code
-  uu____1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code uu____2 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  err1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
+  Hacl_Streaming_Types_error_code err2 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  KRML_HOST_IGNORE(err0);
+  KRML_HOST_IGNORE(err1);
+  KRML_HOST_IGNORE(err2);
   Hacl_Streaming_SHA2_finish_512(st, hash);
 }
 
diff --git a/src/Hacl_Frodo1344.c b/src/Hacl_Frodo1344.c
index 81bddfd9..0696f34c 100644
--- a/src/Hacl_Frodo1344.c
+++ b/src/Hacl_Frodo1344.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo1344_crypto_bytes = (uint32_t)32U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43008U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)1344U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U, uint16_t);
   uint32_t slen1 = (uint32_t)43056U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)32U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)32U, pk, (uint32_t)21520U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)21520U, pk, (uint32_t)32U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)80U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)80U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
     (uint32_t)1344U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)21664U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)21632U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)21632U, k, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)32U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)32U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)32U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[64U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
     (uint32_t)1344U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)1344U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -291,10 +292,10 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)21632U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)21632U, kp_s, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)32U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)32U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/src/Hacl_Frodo64.c b/src/Hacl_Frodo64.c
index 6c652c9b..575390e3 100644
--- a/src/Hacl_Frodo64.c
+++ b/src/Hacl_Frodo64.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 /*
  this variant is used only for testing purposes!
@@ -59,7 +60,7 @@ uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2048U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   Hacl_Impl_Matrix_matrix_add((uint32_t)64U, (uint32_t)8U, b_matrix, e_matrix);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b_matrix, b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)64U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U, uint16_t);
   uint32_t slen1 = (uint32_t)2016U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)976U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)976U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
     (uint32_t)64U,
@@ -155,12 +156,12 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)1096U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
@@ -168,9 +169,9 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)1080U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)1080U, k, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)16U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -199,8 +200,8 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -223,7 +224,7 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
     (uint32_t)64U,
@@ -264,12 +265,12 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)64U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -290,10 +291,10 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)1080U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)1080U, kp_s, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/src/Hacl_Frodo640.c b/src/Hacl_Frodo640.c
index 904865c2..54af36d8 100644
--- a/src/Hacl_Frodo640.c
+++ b/src/Hacl_Frodo640.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo640_crypto_bytes = (uint32_t)16U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20480U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)640U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U, uint16_t);
   uint32_t slen1 = (uint32_t)19872U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)9616U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)9616U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
     (uint32_t)640U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)9736U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)9720U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)9720U, k, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)16U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
     (uint32_t)640U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)640U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -292,10 +293,10 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)9720U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)9720U, kp_s, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/src/Hacl_Frodo976.c b/src/Hacl_Frodo976.c
index 2f796b32..2e6aa6f0 100644
--- a/src/Hacl_Frodo976.c
+++ b/src/Hacl_Frodo976.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo976_crypto_bytes = (uint32_t)24U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31232U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)976U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U, uint16_t);
   uint32_t slen1 = (uint32_t)31272U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)24U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)24U, pk, (uint32_t)15632U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)15632U, pk, (uint32_t)24U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)64U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)64U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
     (uint32_t)976U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)15768U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)15744U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)15744U, k, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)24U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)24U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)24U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[48U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)48U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
     (uint32_t)976U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)976U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -291,10 +292,10 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)15744U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)15744U, kp_s, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)24U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)24U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)24U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/src/Hacl_GenericField32.c b/src/Hacl_GenericField32.c
index e3802bc2..8bd08a00 100644
--- a/src/Hacl_GenericField32.c
+++ b/src/Hacl_GenericField32.c
@@ -614,6 +614,7 @@ Hacl_GenericField32_inverse(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_GenericField32_exp_vartime(k, aM, k1.len * (uint32_t)32U, n2, aInvM);
 }
 
diff --git a/src/Hacl_GenericField64.c b/src/Hacl_GenericField64.c
index 8ff2148e..7c11d3b7 100644
--- a/src/Hacl_GenericField64.c
+++ b/src/Hacl_GenericField64.c
@@ -613,6 +613,7 @@ Hacl_GenericField64_inverse(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_GenericField64_exp_vartime(k, aM, k1.len * (uint32_t)64U, n2, aInvM);
 }
 
diff --git a/src/Hacl_HMAC.c b/src/Hacl_HMAC.c
index 16c528c8..7b4b36f0 100644
--- a/src/Hacl_HMAC.c
+++ b/src/Hacl_HMAC.c
@@ -49,16 +49,18 @@ Hacl_HMAC_legacy_compute_sha1(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)20U;
+    ite = (uint32_t)20U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -173,16 +175,18 @@ Hacl_HMAC_compute_sha2_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -307,16 +311,18 @@ Hacl_HMAC_compute_sha2_384(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)48U;
+    ite = (uint32_t)48U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -442,16 +448,18 @@ Hacl_HMAC_compute_sha2_512(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -577,16 +585,18 @@ Hacl_HMAC_compute_blake2s_32(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -719,16 +729,18 @@ Hacl_HMAC_compute_blake2b_32(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/src/Hacl_HMAC_Blake2b_256.c b/src/Hacl_HMAC_Blake2b_256.c
index 7a34ac2c..71f75415 100644
--- a/src/Hacl_HMAC_Blake2b_256.c
+++ b/src/Hacl_HMAC_Blake2b_256.c
@@ -47,16 +47,18 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/src/Hacl_HMAC_Blake2s_128.c b/src/Hacl_HMAC_Blake2s_128.c
index 86a8c2eb..bce00309 100644
--- a/src/Hacl_HMAC_Blake2s_128.c
+++ b/src/Hacl_HMAC_Blake2s_128.c
@@ -46,16 +46,18 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/src/Hacl_HMAC_DRBG.c b/src/Hacl_HMAC_DRBG.c
index f0e01bd8..181a8ef4 100644
--- a/src/Hacl_HMAC_DRBG.c
+++ b/src/Hacl_HMAC_DRBG.c
@@ -455,10 +455,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____0 = st;
-        uint8_t *k = uu____0.k;
-        uint8_t *v = uu____0.v;
-        uint32_t *ctr = uu____0.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
@@ -508,10 +507,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____1 = st;
-        uint8_t *k = uu____1.k;
-        uint8_t *v = uu____1.v;
-        uint32_t *ctr = uu____1.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
@@ -561,10 +559,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____2 = st;
-        uint8_t *k = uu____2.k;
-        uint8_t *v = uu____2.v;
-        uint32_t *ctr = uu____2.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
@@ -614,10 +611,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____3 = st;
-        uint8_t *k = uu____3.k;
-        uint8_t *v = uu____3.v;
-        uint32_t *ctr = uu____3.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
diff --git a/src/Hacl_Hash_Blake2.c b/src/Hacl_Hash_Blake2.c
index 6080585c..194e7157 100644
--- a/src/Hacl_Hash_Blake2.c
+++ b/src/Hacl_Hash_Blake2.c
@@ -26,6 +26,7 @@
 #include "internal/Hacl_Hash_Blake2.h"
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
 
 static void
 blake2b_update_block(
@@ -531,7 +532,7 @@ Hacl_Blake2b_32_blake2b_update_key(
   {
     blake2b_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 void
@@ -571,7 +572,7 @@ Hacl_Blake2b_32_blake2b_update_last(
   FStar_UInt128_uint128
   totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
   blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 static void
@@ -642,7 +643,7 @@ void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash
     store64_le(second + i * (uint32_t)8U, row1[i]););
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 /**
@@ -670,8 +671,8 @@ Hacl_Blake2b_32_blake2b(
   Hacl_Blake2b_32_blake2b_init(b, kk, nn);
   blake2b_update(b1, b, kk, k, ll, d);
   Hacl_Blake2b_32_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)16U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint64_t);
+  Lib_Memzero0_memzero(b, (uint32_t)16U, uint64_t);
 }
 
 uint64_t *Hacl_Blake2b_32_blake2b_malloc(void)
@@ -1178,7 +1179,7 @@ Hacl_Blake2s_32_blake2s_update_key(
   {
     blake2s_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 void
@@ -1214,7 +1215,7 @@ Hacl_Blake2s_32_blake2s_update_last(
   memcpy(b, last, rem * sizeof (uint8_t));
   uint64_t totlen = prev + (uint64_t)len;
   blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 static void
@@ -1281,7 +1282,7 @@ void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash
     store32_le(second + i * (uint32_t)4U, row1[i]););
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
 }
 
 /**
@@ -1309,8 +1310,8 @@ Hacl_Blake2s_32_blake2s(
   Hacl_Blake2s_32_blake2s_init(b, kk, nn);
   blake2s_update(b1, b, kk, k, ll, d);
   Hacl_Blake2s_32_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)16U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint32_t);
+  Lib_Memzero0_memzero(b, (uint32_t)16U, uint32_t);
 }
 
 uint32_t *Hacl_Blake2s_32_blake2s_malloc(void)
diff --git a/src/Hacl_Hash_Blake2b_256.c b/src/Hacl_Hash_Blake2b_256.c
index 2761aeb1..d0df7cd8 100644
--- a/src/Hacl_Hash_Blake2b_256.c
+++ b/src/Hacl_Hash_Blake2b_256.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
 #include "internal/Hacl_Hash_Blake2.h"
+#include "lib_memzero0.h"
 
 static inline void
 blake2b_update_block(
@@ -254,7 +255,7 @@ Hacl_Blake2b_256_blake2b_update_key(
   {
     blake2b_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 void
@@ -294,7 +295,7 @@ Hacl_Blake2b_256_blake2b_update_last(
   FStar_UInt128_uint128
   totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
   blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 static inline void
@@ -369,7 +370,7 @@ Hacl_Blake2b_256_blake2b_finish(
   Lib_IntVector_Intrinsics_vec256_store64_le(second, row1[0U]);
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 /**
@@ -397,8 +398,8 @@ Hacl_Blake2b_256_blake2b(
   Hacl_Blake2b_256_blake2b_init(b, kk, nn);
   blake2b_update(b1, b, kk, k, ll, d);
   Hacl_Blake2b_256_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)4U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
+  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
 }
 
 void
diff --git a/src/Hacl_Hash_Blake2s_128.c b/src/Hacl_Hash_Blake2s_128.c
index ce5252cc..5bf06711 100644
--- a/src/Hacl_Hash_Blake2s_128.c
+++ b/src/Hacl_Hash_Blake2s_128.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
 #include "internal/Hacl_Hash_Blake2.h"
+#include "lib_memzero0.h"
 
 static inline void
 blake2s_update_block(
@@ -254,7 +255,7 @@ Hacl_Blake2s_128_blake2s_update_key(
   {
     blake2s_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 void
@@ -290,7 +291,7 @@ Hacl_Blake2s_128_blake2s_update_last(
   memcpy(b, last, rem * sizeof (uint8_t));
   uint64_t totlen = prev + (uint64_t)len;
   blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 static inline void
@@ -361,7 +362,7 @@ Hacl_Blake2s_128_blake2s_finish(
   Lib_IntVector_Intrinsics_vec128_store32_le(second, row1[0U]);
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
 }
 
 /**
@@ -389,8 +390,8 @@ Hacl_Blake2s_128_blake2s(
   Hacl_Blake2s_128_blake2s_init(b, kk, nn);
   blake2s_update(b1, b, kk, k, ll, d);
   Hacl_Blake2s_128_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)4U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
+  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
 }
 
 void
diff --git a/src/Hacl_Hash_MD5.c b/src/Hacl_Hash_MD5.c
index 222ac824..1b376960 100644
--- a/src/Hacl_Hash_MD5.c
+++ b/src/Hacl_Hash_MD5.c
@@ -1218,6 +1218,7 @@ void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Hash_Core_MD5_legacy_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Hash_SHA1.c b/src/Hacl_Hash_SHA1.c
index 5ecb3c0b..80edc004 100644
--- a/src/Hacl_Hash_SHA1.c
+++ b/src/Hacl_Hash_SHA1.c
@@ -254,6 +254,7 @@ void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Hash_Core_SHA1_legacy_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Hash_SHA2.c b/src/Hacl_Hash_SHA2.c
index c93c3616..46fde83f 100644
--- a/src/Hacl_Hash_SHA2.c
+++ b/src/Hacl_Hash_SHA2.c
@@ -537,6 +537,7 @@ void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha256_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -835,6 +836,7 @@ void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha224_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -960,6 +962,7 @@ void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s)
   Hacl_Streaming_MD_state_64 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -1259,6 +1262,7 @@ void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s)
   Hacl_Streaming_MD_state_64 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha384_init(block_state);
   Hacl_Streaming_MD_state_64
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Hash_SHA3.c b/src/Hacl_Hash_SHA3.c
index 42c24434..5f4707f4 100644
--- a/src/Hacl_Hash_SHA3.c
+++ b/src/Hacl_Hash_SHA3.c
@@ -228,6 +228,8 @@ void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s)
   Hacl_Streaming_Keccak_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Spec_Hash_Definitions_hash_alg i = block_state.fst;
+  KRML_HOST_IGNORE(i);
   uint64_t *s1 = block_state.snd;
   memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
   Hacl_Streaming_Keccak_state
diff --git a/src/Hacl_K256_ECDSA.c b/src/Hacl_K256_ECDSA.c
index d75eac5a..fb53f3fd 100644
--- a/src/Hacl_K256_ECDSA.c
+++ b/src/Hacl_K256_ECDSA.c
@@ -215,6 +215,7 @@ static void sub_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -288,6 +289,7 @@ static void sqr4(uint64_t *a, uint64_t *res)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -299,6 +301,7 @@ static void sqr4(uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline uint64_t is_qelem_zero(uint64_t *f)
@@ -432,6 +435,7 @@ static inline void load_qelem_modq(uint64_t *f, uint8_t *b)
 static inline void store_qelem(uint8_t *b, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
diff --git a/src/Hacl_P256.c b/src/Hacl_P256.c
index 2b6cb11b..7e586e54 100644
--- a/src/Hacl_P256.c
+++ b/src/Hacl_P256.c
@@ -204,6 +204,7 @@ static inline void bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -277,6 +278,7 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -288,11 +290,13 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void bn_to_bytes_be4(uint8_t *res, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -1057,6 +1061,10 @@ static inline void point_mul_g(uint64_t *res, uint64_t *scalar)
     uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     point_add(res, res, tmp););
+  KRML_HOST_IGNORE(q1);
+  KRML_HOST_IGNORE(q2);
+  KRML_HOST_IGNORE(q3);
+  KRML_HOST_IGNORE(q4);
 }
 
 static inline void
@@ -1564,6 +1572,7 @@ Hacl_P256_ecdsa_sign_p256_sha2(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1596,6 +1605,7 @@ Hacl_P256_ecdsa_sign_p256_sha384(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
   Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1628,6 +1638,7 @@ Hacl_P256_ecdsa_sign_p256_sha512(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
   Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1670,6 +1681,7 @@ Hacl_P256_ecdsa_sign_p256_without_hash(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1705,6 +1717,7 @@ Hacl_P256_ecdsa_verif_p256_sha2(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1735,6 +1748,7 @@ Hacl_P256_ecdsa_verif_p256_sha384(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
   Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1765,6 +1779,7 @@ Hacl_P256_ecdsa_verif_p256_sha512(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
   Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1800,6 +1815,7 @@ Hacl_P256_ecdsa_verif_without_hash(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
diff --git a/src/Hacl_Streaming_Blake2.c b/src/Hacl_Streaming_Blake2.c
index 948d56c2..4faa859e 100644
--- a/src/Hacl_Streaming_Blake2.c
+++ b/src/Hacl_Streaming_Blake2.c
@@ -54,6 +54,7 @@ void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_
   Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
   Hacl_Streaming_Blake2_blake2s_32_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -353,6 +354,7 @@ void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_
   Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
   Hacl_Streaming_Blake2_blake2b_32_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Streaming_Blake2b_256.c b/src/Hacl_Streaming_Blake2b_256.c
index bdb5433f..d2df234a 100644
--- a/src/Hacl_Streaming_Blake2b_256.c
+++ b/src/Hacl_Streaming_Blake2b_256.c
@@ -66,6 +66,7 @@ Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(
   Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
   Hacl_Streaming_Blake2b_256_blake2b_256_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Streaming_Blake2s_128.c b/src/Hacl_Streaming_Blake2s_128.c
index f97bf5d0..eaace7ce 100644
--- a/src/Hacl_Streaming_Blake2s_128.c
+++ b/src/Hacl_Streaming_Blake2s_128.c
@@ -66,6 +66,7 @@ Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(
   Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
   Hacl_Streaming_Blake2s_128_blake2s_128_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Streaming_Poly1305_128.c b/src/Hacl_Streaming_Poly1305_128.c
index ff60cde2..c752cfb0 100644
--- a/src/Hacl_Streaming_Poly1305_128.c
+++ b/src/Hacl_Streaming_Poly1305_128.c
@@ -58,6 +58,7 @@ Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly130
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_128_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
diff --git a/src/Hacl_Streaming_Poly1305_256.c b/src/Hacl_Streaming_Poly1305_256.c
index 63685f99..c1915ed9 100644
--- a/src/Hacl_Streaming_Poly1305_256.c
+++ b/src/Hacl_Streaming_Poly1305_256.c
@@ -58,6 +58,7 @@ Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly130
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_256_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
diff --git a/src/Hacl_Streaming_Poly1305_32.c b/src/Hacl_Streaming_Poly1305_32.c
index 249a622f..89852727 100644
--- a/src/Hacl_Streaming_Poly1305_32.c
+++ b/src/Hacl_Streaming_Poly1305_32.c
@@ -53,6 +53,7 @@ Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_32_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
diff --git a/src/Lib_Memzero0.c b/src/Lib_Memzero0.c
index 8e225318..3d8a1e5f 100644
--- a/src/Lib_Memzero0.c
+++ b/src/Lib_Memzero0.c
@@ -22,13 +22,14 @@
 #include <limits.h>
 #include <inttypes.h>
 
-#include "Lib_Memzero0.h"
+/* This is now a hand-written header */
+#include "lib_memzero0.h"
 #include "krml/internal/target.h"
 
 /* The F* formalization talks about the number of elements in the array. The C
    implementation wants a number of bytes in the array. KaRaMeL is aware of this
    and inserts a sizeof multiplication. */
-void Lib_Memzero0_memzero(void *dst, uint64_t len) {
+void Lib_Memzero0_memzero0(void *dst, uint64_t len) {
   /* This is safe: karamel checks at run-time (if needed) that all object sizes
      fit within a size_t, so the size we receive has been checked at
      allocation-time, possibly via KRML_CHECK_SIZE, to fit in a size_t. */
diff --git a/src/msvc/EverCrypt_AEAD.c b/src/msvc/EverCrypt_AEAD.c
index a4b306b7..564dbc2e 100644
--- a/src/msvc/EverCrypt_AEAD.c
+++ b/src/msvc/EverCrypt_AEAD.c
@@ -40,6 +40,10 @@ typedef struct EverCrypt_AEAD_state_s_s
 }
 EverCrypt_AEAD_state_s;
 
+/**
+Both encryption and decryption require a state that holds the key.
+The state may be reused as many times as desired.
+*/
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee)
 {
   return true;
@@ -93,12 +97,12 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t));
@@ -112,19 +116,21 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
     *dst = p;
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 static EverCrypt_Error_error_code
 create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t));
@@ -138,8 +144,10 @@ create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
     *dst = p;
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 /**
@@ -797,12 +805,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   uint8_t *tag
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[480U] = { 0U };
@@ -919,8 +927,10 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
     }
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -936,12 +946,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   uint8_t *tag
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[544U] = { 0U };
@@ -1058,8 +1068,10 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
     }
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -1831,12 +1843,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   uint8_t *dst
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[480U] = { 0U };
@@ -1850,122 +1862,118 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     {
       return EverCrypt_Error_InvalidKey;
     }
-    else if (iv_len == (uint32_t)0U)
+    if (iv_len == (uint32_t)0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
+    EverCrypt_AEAD_state_s scrut1 = *s;
+    uint8_t *ek0 = scrut1.ek;
+    uint8_t *scratch_b = ek0 + (uint32_t)304U;
+    uint8_t *ek1 = ek0;
+    uint8_t *keys_b = ek1;
+    uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+    uint8_t tmp_iv[16U] = { 0U };
+    uint32_t len = iv_len / (uint32_t)16U;
+    uint32_t bytes_len = len * (uint32_t)16U;
+    uint8_t *iv_b = iv;
+    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t
+    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    uint8_t *inout_b = scratch_b;
+    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
+    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *cipher_b_ = cipher;
+    uint8_t *out_b_ = dst;
+    uint8_t *auth_b_ = ad;
+    memcpy(inout_b,
+      cipher + cipher_len_,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    memcpy(abytes_b,
+      ad + auth_len_,
+      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    uint64_t c;
+    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    {
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
+      uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t
+      scrut2 =
+        gcm128_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      uint64_t c0 = scrut2;
+      c = c0;
+    }
     else
     {
-      EverCrypt_AEAD_state_s scrut1 = *s;
-      uint8_t *ek0 = scrut1.ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)304U;
-      uint8_t *ek1 = ek0;
-      uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)176U;
-      uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
-      uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+      uint32_t len128x61 = (uint32_t)0U;
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + len128x61;
+      uint8_t *out128_b = out_b_ + len128x61;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
-      uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
-      uint8_t *cipher_b_ = cipher;
-      uint8_t *out_b_ = dst;
-      uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        cipher + cipher_len_,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
-      uint64_t c;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
-      {
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
-        uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm128_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      else
-      {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + len128x61;
-        uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm128_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
-        inout_b,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t r = c;
-      if (r == (uint64_t)0U)
-      {
-        return EverCrypt_Error_Success;
-      }
-      else
-      {
-        return EverCrypt_Error_AuthenticationFailure;
-      }
+      scrut2 =
+        gcm128_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      uint64_t c0 = scrut2;
+      c = c0;
     }
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+      inout_b,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t r = c;
+    if (r == (uint64_t)0U)
+    {
+      return EverCrypt_Error_Success;
+    }
+    return EverCrypt_Error_AuthenticationFailure;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -1981,12 +1989,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   uint8_t *dst
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[544U] = { 0U };
@@ -2000,122 +2008,118 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     {
       return EverCrypt_Error_InvalidKey;
     }
-    else if (iv_len == (uint32_t)0U)
+    if (iv_len == (uint32_t)0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
+    EverCrypt_AEAD_state_s scrut1 = *s;
+    uint8_t *ek0 = scrut1.ek;
+    uint8_t *scratch_b = ek0 + (uint32_t)368U;
+    uint8_t *ek1 = ek0;
+    uint8_t *keys_b = ek1;
+    uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+    uint8_t tmp_iv[16U] = { 0U };
+    uint32_t len = iv_len / (uint32_t)16U;
+    uint32_t bytes_len = len * (uint32_t)16U;
+    uint8_t *iv_b = iv;
+    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t
+    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    uint8_t *inout_b = scratch_b;
+    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
+    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *cipher_b_ = cipher;
+    uint8_t *out_b_ = dst;
+    uint8_t *auth_b_ = ad;
+    memcpy(inout_b,
+      cipher + cipher_len_,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    memcpy(abytes_b,
+      ad + auth_len_,
+      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    uint64_t c;
+    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    {
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
+      uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t
+      scrut2 =
+        gcm256_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      uint64_t c0 = scrut2;
+      c = c0;
+    }
     else
     {
-      EverCrypt_AEAD_state_s scrut1 = *s;
-      uint8_t *ek0 = scrut1.ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)368U;
-      uint8_t *ek1 = ek0;
-      uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)240U;
-      uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
-      uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+      uint32_t len128x61 = (uint32_t)0U;
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + len128x61;
+      uint8_t *out128_b = out_b_ + len128x61;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
-      uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
-      uint8_t *cipher_b_ = cipher;
-      uint8_t *out_b_ = dst;
-      uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        cipher + cipher_len_,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
-      uint64_t c;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
-      {
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
-        uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm256_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      else
-      {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + len128x61;
-        uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm256_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
-        inout_b,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t r = c;
-      if (r == (uint64_t)0U)
-      {
-        return EverCrypt_Error_Success;
-      }
-      else
-      {
-        return EverCrypt_Error_AuthenticationFailure;
-      }
+      scrut2 =
+        gcm256_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      uint64_t c0 = scrut2;
+      c = c0;
+    }
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+      inout_b,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t r = c;
+    if (r == (uint64_t)0U)
+    {
+      return EverCrypt_Error_Success;
     }
+    return EverCrypt_Error_AuthenticationFailure;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
diff --git a/src/msvc/EverCrypt_Chacha20Poly1305.c b/src/msvc/EverCrypt_Chacha20Poly1305.c
index b1ad5a74..9a110bbf 100644
--- a/src/msvc/EverCrypt_Chacha20Poly1305.c
+++ b/src/msvc/EverCrypt_Chacha20Poly1305.c
@@ -39,13 +39,12 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   uint8_t *tag
 )
 {
-  bool avx2 = EverCrypt_AutoConfig2_has_avx2();
-  bool avx = EverCrypt_AutoConfig2_has_avx();
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     Hacl_Chacha20Poly1305_256_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
     return;
   }
@@ -53,10 +52,13 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     Hacl_Chacha20Poly1305_128_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
     return;
   }
   #endif
+  KRML_HOST_IGNORE(vec128);
+  KRML_HOST_IGNORE(vec256);
   Hacl_Chacha20Poly1305_32_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
 }
 
@@ -72,22 +74,24 @@ EverCrypt_Chacha20Poly1305_aead_decrypt(
   uint8_t *tag
 )
 {
-  bool avx2 = EverCrypt_AutoConfig2_has_avx2();
-  bool avx = EverCrypt_AutoConfig2_has_avx();
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     return Hacl_Chacha20Poly1305_256_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     return Hacl_Chacha20Poly1305_128_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
   }
   #endif
+  KRML_HOST_IGNORE(vec128);
+  KRML_HOST_IGNORE(vec256);
   return Hacl_Chacha20Poly1305_32_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
 }
 
diff --git a/src/msvc/EverCrypt_Curve25519.c b/src/msvc/EverCrypt_Curve25519.c
index b97637b8..202f58c1 100644
--- a/src/msvc/EverCrypt_Curve25519.c
+++ b/src/msvc/EverCrypt_Curve25519.c
@@ -27,13 +27,6 @@
 
 #include "config.h"
 
-static inline bool has_adx_bmi2(void)
-{
-  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
-  bool has_adx = EverCrypt_AutoConfig2_has_adx();
-  return has_bmi2 && has_adx;
-}
-
 /**
 Calculate a public point from a secret/private key.
 
@@ -45,13 +38,17 @@ This computes a scalar multiplication of the secret/private key with the curve's
 void EverCrypt_Curve25519_secret_to_public(uint8_t *pub, uint8_t *priv)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     Hacl_Curve25519_64_secret_to_public(pub, priv);
     return;
   }
-  #endif
   Hacl_Curve25519_51_secret_to_public(pub, priv);
+  #else
+  Hacl_Curve25519_51_secret_to_public(pub, priv);
+  #endif
 }
 
 /**
@@ -64,13 +61,17 @@ Compute the scalar multiple of a point.
 void EverCrypt_Curve25519_scalarmult(uint8_t *shared, uint8_t *my_priv, uint8_t *their_pub)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     Hacl_Curve25519_64_scalarmult(shared, my_priv, their_pub);
     return;
   }
-  #endif
   Hacl_Curve25519_51_scalarmult(shared, my_priv, their_pub);
+  #else
+  Hacl_Curve25519_51_scalarmult(shared, my_priv, their_pub);
+  #endif
 }
 
 /**
@@ -83,11 +84,15 @@ Execute the diffie-hellmann key exchange.
 bool EverCrypt_Curve25519_ecdh(uint8_t *shared, uint8_t *my_priv, uint8_t *their_pub)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     return Hacl_Curve25519_64_ecdh(shared, my_priv, their_pub);
   }
-  #endif
   return Hacl_Curve25519_51_ecdh(shared, my_priv, their_pub);
+  #else
+  return Hacl_Curve25519_51_ecdh(shared, my_priv, their_pub);
+  #endif
 }
 
diff --git a/src/msvc/EverCrypt_DRBG.c b/src/msvc/EverCrypt_DRBG.c
index dfd7cc64..243d8eb4 100644
--- a/src/msvc/EverCrypt_DRBG.c
+++ b/src/msvc/EverCrypt_DRBG.c
@@ -26,6 +26,7 @@
 #include "EverCrypt_DRBG.h"
 
 #include "internal/EverCrypt_HMAC.h"
+#include "lib_memzero0.h"
 
 uint32_t EverCrypt_DRBG_reseed_interval = (uint32_t)1024U;
 
@@ -632,20 +633,18 @@ reseed_sha1(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA1_s)
   {
-    uu____0 = st_s.case_SHA1_s;
+    scrut = st_s.case_SHA1_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -715,20 +714,18 @@ reseed_sha2_256(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_256_s)
   {
-    uu____0 = st_s.case_SHA2_256_s;
+    scrut = st_s.case_SHA2_256_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -798,20 +795,18 @@ reseed_sha2_384(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_384_s)
   {
-    uu____0 = st_s.case_SHA2_384_s;
+    scrut = st_s.case_SHA2_384_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -881,20 +876,18 @@ reseed_sha2_512(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_512_s)
   {
-    uu____0 = st_s.case_SHA2_512_s;
+    scrut = st_s.case_SHA2_512_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -952,7 +945,6 @@ generate_sha1(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -960,11 +952,11 @@ generate_sha1(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len1 * sizeof (uint8_t));
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len * sizeof (uint8_t));
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -973,58 +965,58 @@ generate_sha1(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
       uint8_t
       *seed_material =
-        (uint8_t *)alloca((entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+        (uint8_t *)alloca((entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA1_s)
       {
-        uu____0 = st_s.case_SHA1_s;
+        scrut = st_s.case_SHA1_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)21U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)21U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[20U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
       EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
       memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)21U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)21U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[20U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
@@ -1050,75 +1042,24 @@ generate_sha1(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA1_s)
+  {
+    scrut = st_s.case_SHA1_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA1_s)
-    {
-      scrut = st_s.case_SHA1_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)21U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[20U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-      EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)21U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[20U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-        EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)20U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)20U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)20U;
-      EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)21U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -1150,10 +1091,54 @@ generate_sha1(
       EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
       memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)20U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)20U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)20U;
+    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)21U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[20U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
+  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[20U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1175,7 +1160,6 @@ generate_sha2_256(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1183,11 +1167,11 @@ generate_sha2_256(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len1 * sizeof (uint8_t));
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len * sizeof (uint8_t));
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1196,58 +1180,58 @@ generate_sha2_256(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
       uint8_t
       *seed_material =
-        (uint8_t *)alloca((entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+        (uint8_t *)alloca((entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_256_s)
       {
-        uu____0 = st_s.case_SHA2_256_s;
+        scrut = st_s.case_SHA2_256_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)33U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)33U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[32U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
       memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)33U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)33U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[32U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
@@ -1273,75 +1257,24 @@ generate_sha2_256(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_256_s)
+  {
+    scrut = st_s.case_SHA2_256_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_256_s)
-    {
-      scrut = st_s.case_SHA2_256_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)33U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[32U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)33U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[32U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)32U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)32U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)32U;
-      EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)33U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -1373,10 +1306,54 @@ generate_sha2_256(
       EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
       memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)32U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)32U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)32U;
+    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)33U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[32U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
+  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[32U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1398,7 +1375,6 @@ generate_sha2_384(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1406,11 +1382,11 @@ generate_sha2_384(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len1 * sizeof (uint8_t));
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len * sizeof (uint8_t));
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1419,58 +1395,58 @@ generate_sha2_384(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
       uint8_t
       *seed_material =
-        (uint8_t *)alloca((entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+        (uint8_t *)alloca((entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_384_s)
       {
-        uu____0 = st_s.case_SHA2_384_s;
+        scrut = st_s.case_SHA2_384_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)49U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)49U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[48U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
       memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)49U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)49U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[48U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
@@ -1496,75 +1472,24 @@ generate_sha2_384(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_384_s)
+  {
+    scrut = st_s.case_SHA2_384_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_384_s)
-    {
-      scrut = st_s.case_SHA2_384_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)49U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[48U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)49U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[48U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)48U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)48U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)48U;
-      EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)49U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -1596,10 +1521,54 @@ generate_sha2_384(
       EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
       memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)48U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)48U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)48U;
+    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)49U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[48U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
+  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[48U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1621,7 +1590,6 @@ generate_sha2_512(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1629,11 +1597,11 @@ generate_sha2_512(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len1 * sizeof (uint8_t));
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len * sizeof (uint8_t));
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1642,58 +1610,58 @@ generate_sha2_512(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
       uint8_t
       *seed_material =
-        (uint8_t *)alloca((entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+        (uint8_t *)alloca((entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_512_s)
       {
-        uu____0 = st_s.case_SHA2_512_s;
+        scrut = st_s.case_SHA2_512_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)65U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)65U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[64U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
       memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)65U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)65U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[64U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
@@ -1719,75 +1687,24 @@ generate_sha2_512(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_512_s)
+  {
+    scrut = st_s.case_SHA2_512_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_512_s)
-    {
-      scrut = st_s.case_SHA2_512_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)65U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[64U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)65U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[64U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)64U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)64U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)64U;
-      EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)65U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -1819,10 +1736,54 @@ generate_sha2_512(
       EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
       memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)64U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)64U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)64U;
+    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)65U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[64U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
+  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[64U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1841,8 +1802,8 @@ static void uninstantiate_sha1(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)20U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)20U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)20U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)20U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1865,8 +1826,8 @@ static void uninstantiate_sha2_256(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)32U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)32U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)32U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1889,8 +1850,8 @@ static void uninstantiate_sha2_384(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)48U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)48U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)48U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1913,8 +1874,8 @@ static void uninstantiate_sha2_512(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)64U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)64U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)64U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
diff --git a/src/msvc/EverCrypt_HMAC.c b/src/msvc/EverCrypt_HMAC.c
index 5691b343..f279dfb8 100644
--- a/src/msvc/EverCrypt_HMAC.c
+++ b/src/msvc/EverCrypt_HMAC.c
@@ -83,16 +83,18 @@ EverCrypt_HMAC_compute_sha1(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)20U;
+    ite = (uint32_t)20U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -201,16 +203,18 @@ EverCrypt_HMAC_compute_sha2_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -329,16 +333,18 @@ EverCrypt_HMAC_compute_sha2_384(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)48U;
+    ite = (uint32_t)48U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -458,16 +464,18 @@ EverCrypt_HMAC_compute_sha2_512(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -587,16 +595,18 @@ EverCrypt_HMAC_compute_blake2s(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -723,16 +733,18 @@ EverCrypt_HMAC_compute_blake2b(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/src/msvc/EverCrypt_Hash.c b/src/msvc/EverCrypt_Hash.c
index b1004449..914a105f 100644
--- a/src/msvc/EverCrypt_Hash.c
+++ b/src/msvc/EverCrypt_Hash.c
@@ -206,8 +206,8 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         #if HACL_CAN_COMPILE_VEC128
+        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
           s =
@@ -231,8 +231,8 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         #if HACL_CAN_COMPILE_VEC256
+        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
           s =
@@ -342,6 +342,7 @@ static void init(EverCrypt_Hash_state_s *s)
     Hacl_Blake2s_128_blake2s_init(p1, (uint32_t)0U, (uint32_t)32U);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -358,6 +359,7 @@ static void init(EverCrypt_Hash_state_s *s)
     Hacl_Blake2b_256_blake2b_init(p1, (uint32_t)0U, (uint32_t)64U);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -391,17 +393,20 @@ k224_256[64U] =
 
 void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_shaext = EverCrypt_AutoConfig2_has_shaext();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
-  #if HACL_CAN_COMPILE_VALE
   if (has_shaext && has_sse)
   {
     uint64_t n1 = (uint64_t)n;
     uint64_t scrut = sha256_update(s, blocks, n1, k224_256);
     return;
   }
-  #endif
   Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  #else
+  KRML_HOST_IGNORE(k224_256);
+  Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  #endif
 }
 
 static void
@@ -495,6 +500,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
     Hacl_Blake2s_128_blake2s_update_multi(n * (uint32_t)64U, wv, p1, prevlen, blocks, n);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -525,6 +531,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
       n);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -622,6 +629,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
     Hacl_Blake2s_128_blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -650,6 +658,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
       last);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -736,6 +745,7 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
     Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, p1);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -752,6 +762,7 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
     Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, p1);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -1026,6 +1037,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2s_128_load_state128s_from_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1052,6 +1064,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2b_256_load_state256b_from_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1078,6 +1091,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2s_128_store_state128s_to_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1104,6 +1118,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2b_256_store_state256b_to_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1281,6 +1296,7 @@ void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s)
   uint8_t *buf = scrut.buf;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   Spec_Hash_Definitions_hash_alg i = alg_of_state(block_state);
+  KRML_HOST_IGNORE(i);
   init(block_state);
   EverCrypt_Hash_Incremental_hash_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -2038,9 +2054,9 @@ static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
     r = (uint32_t)(total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2S));
   }
   uint8_t *buf_1 = buf_;
-  bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   EverCrypt_Hash_state_s s;
   #if HACL_CAN_COMPILE_VEC128
+  bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 buf0[4U] KRML_POST_ALIGN(16) = { 0U };
   uint32_t buf[16U] = { 0U };
   if (vec128)
@@ -2097,9 +2113,9 @@ static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
     r = (uint32_t)(total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2B));
   }
   uint8_t *buf_1 = buf_;
-  bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   EverCrypt_Hash_state_s s;
   #if HACL_CAN_COMPILE_VEC256
+  bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 buf0[4U] KRML_POST_ALIGN(32) = { 0U };
   uint64_t buf[16U] = { 0U };
   if (vec256)
@@ -2384,28 +2400,32 @@ EverCrypt_Hash_Incremental_hash(
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         #if HACL_CAN_COMPILE_VEC128
+        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
           Hacl_Blake2s_128_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
           return;
         }
-        #endif
         Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        #else
+        Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        #endif
         break;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         #if HACL_CAN_COMPILE_VEC256
+        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
           Hacl_Blake2b_256_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
           return;
         }
-        #endif
         Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        #else
+        Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        #endif
         break;
       }
     default:
diff --git a/src/msvc/EverCrypt_Poly1305.c b/src/msvc/EverCrypt_Poly1305.c
index f05f8e85..717b9527 100644
--- a/src/msvc/EverCrypt_Poly1305.c
+++ b/src/msvc/EverCrypt_Poly1305.c
@@ -39,6 +39,7 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key
   if (n_extra == (uint32_t)0U)
   {
     uint64_t scrut = x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U);
+    KRML_HOST_IGNORE((void *)(uint8_t)0U);
   }
   else
   {
@@ -46,8 +47,10 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key
     uint8_t *src16 = src;
     memcpy(tmp, src + len16, n_extra * sizeof (uint8_t));
     uint64_t scrut = x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U);
+    KRML_HOST_IGNORE((void *)(uint8_t)0U);
     memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
     uint64_t scrut0 = x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U);
+    KRML_HOST_IGNORE((void *)(uint8_t)0U);
   }
   memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t));
   #endif
@@ -60,6 +63,7 @@ void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     Hacl_Poly1305_256_poly1305_mac(dst, len, src, key);
     return;
   }
@@ -67,13 +71,17 @@ void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     Hacl_Poly1305_128_poly1305_mac(dst, len, src, key);
     return;
   }
   #endif
+  KRML_HOST_IGNORE(vec256);
+  KRML_HOST_IGNORE(vec128);
   #if HACL_CAN_COMPILE_VALE
   poly1305_vale(dst, src, len, key);
   #else
+  KRML_HOST_IGNORE(poly1305_vale);
   Hacl_Poly1305_32_poly1305_mac(dst, len, src, key);
   #endif
 }
diff --git a/src/msvc/Hacl_Bignum.c b/src/msvc/Hacl_Bignum.c
index 886d7731..ca093c6d 100644
--- a/src/msvc/Hacl_Bignum.c
+++ b/src/msvc/Hacl_Bignum.c
@@ -58,6 +58,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
     uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c10);
   uint32_t c00 = c0;
   uint32_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b0, b1, tmp_);
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b1, b0, t1);
@@ -67,6 +68,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
     uint32_t x = (((uint32_t)0U - c010) & t1[i]) | (~((uint32_t)0U - c010) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint32_t c11 = c010;
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
@@ -150,6 +152,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -182,6 +185,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
     uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c10);
   uint64_t c00 = c0;
   uint64_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b0, b1, tmp_);
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b1, b0, t1);
@@ -191,6 +195,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
     uint64_t x = (((uint64_t)0U - c010) & t1[i]) | (~((uint64_t)0U - c010) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint64_t c11 = c010;
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
@@ -274,6 +279,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -302,7 +308,9 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
     uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint32_t c00 = c0;
+  KRML_HOST_IGNORE(c00);
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len2, t0, tmp1, t23);
@@ -373,6 +381,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -401,7 +410,9 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
     uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint64_t c00 = c0;
+  KRML_HOST_IGNORE(c00);
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len2, t0, tmp1, t23);
@@ -472,6 +483,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -696,6 +708,7 @@ Hacl_Bignum_bn_sub_mod_n_u32(
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t2, res_i);
   }
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len1; i++)
   {
@@ -773,6 +786,7 @@ Hacl_Bignum_bn_sub_mod_n_u64(
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len1; i++)
   {
@@ -1266,6 +1280,7 @@ bn_almost_mont_reduction_u32(
   uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(tmp, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -1362,6 +1377,7 @@ bn_almost_mont_reduction_u64(
   uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(tmp, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
diff --git a/src/msvc/Hacl_Bignum256.c b/src/msvc/Hacl_Bignum256.c
index 619c34b8..b516e70d 100644
--- a/src/msvc/Hacl_Bignum256.c
+++ b/src/msvc/Hacl_Bignum256.c
@@ -229,6 +229,7 @@ void Hacl_Bignum256_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -314,6 +315,7 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -325,6 +327,7 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
@@ -441,6 +444,7 @@ static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -518,6 +522,7 @@ static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint6
     uint64_t r = c1;
     c[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, c, c);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -529,6 +534,7 @@ static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint6
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, tmp, c);
+  KRML_HOST_IGNORE(c1);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -569,6 +575,7 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -1154,6 +1161,7 @@ bool Hacl_Bignum256_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *re
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
   }
   else
@@ -1335,6 +1343,7 @@ Hacl_Bignum256_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
 }
 
@@ -1453,6 +1462,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -1469,6 +1479,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
diff --git a/src/msvc/Hacl_Bignum256_32.c b/src/msvc/Hacl_Bignum256_32.c
index 4db59251..1c8ce59b 100644
--- a/src/msvc/Hacl_Bignum256_32.c
+++ b/src/msvc/Hacl_Bignum256_32.c
@@ -241,6 +241,7 @@ void Hacl_Bignum256_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *
     uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i););
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -328,6 +329,7 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     uint32_t r = c;
     res[i0 + i0] = r;);
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -339,6 +341,7 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
@@ -461,6 +464,7 @@ static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -540,6 +544,7 @@ static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint3
     uint32_t r = c1;
     c[i0 + i0] = r;);
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, c, c);
+  KRML_HOST_IGNORE(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -551,6 +556,7 @@ static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint3
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, tmp, c);
+  KRML_HOST_IGNORE(c1);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -593,6 +599,7 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -1188,6 +1195,7 @@ bool Hacl_Bignum256_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
       c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
   }
   else
@@ -1382,6 +1390,7 @@ Hacl_Bignum256_32_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
 }
 
@@ -1500,6 +1509,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
     (uint32_t)8U,
@@ -1516,6 +1526,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
     (uint32_t)8U,
diff --git a/src/msvc/Hacl_Bignum32.c b/src/msvc/Hacl_Bignum32.c
index 4784502a..f719a08e 100644
--- a/src/msvc/Hacl_Bignum32.c
+++ b/src/msvc/Hacl_Bignum32.c
@@ -181,6 +181,7 @@ bn_slow_precomp(
   uint32_t *tmp0 = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(tmp0, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, a_mod, n, tmp0);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -431,6 +432,7 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
     {
       c1 = c0;
     }
+    KRML_HOST_IGNORE(c1);
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len,
       nBits,
       n,
@@ -670,6 +672,7 @@ Hacl_Bignum32_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(len1,
     k1.n,
     k1.mu,
diff --git a/src/msvc/Hacl_Bignum4096.c b/src/msvc/Hacl_Bignum4096.c
index 5aa2af33..ee51cc5e 100644
--- a/src/msvc/Hacl_Bignum4096.c
+++ b/src/msvc/Hacl_Bignum4096.c
@@ -243,6 +243,7 @@ void Hacl_Bignum4096_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *re
     uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i););
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -393,6 +394,7 @@ static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -457,6 +459,7 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -1047,6 +1050,7 @@ bool Hacl_Bignum4096_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *r
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
   }
   else
@@ -1244,6 +1248,7 @@ Hacl_Bignum4096_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
 }
 
@@ -1362,6 +1367,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
     store64_be(res + i * (uint32_t)8U, b[(uint32_t)64U - i - (uint32_t)1U]);
@@ -1377,6 +1383,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
     store64_le(res + i * (uint32_t)8U, b[i]);
diff --git a/src/msvc/Hacl_Bignum4096_32.c b/src/msvc/Hacl_Bignum4096_32.c
index 1924e7d8..790d0428 100644
--- a/src/msvc/Hacl_Bignum4096_32.c
+++ b/src/msvc/Hacl_Bignum4096_32.c
@@ -238,6 +238,7 @@ void Hacl_Bignum4096_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -385,6 +386,7 @@ static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -448,6 +450,7 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -1033,6 +1036,7 @@ bool Hacl_Bignum4096_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
       c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
   }
   else
@@ -1228,6 +1232,7 @@ Hacl_Bignum4096_32_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
 }
 
@@ -1346,6 +1351,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
     store32_be(res + i * (uint32_t)4U, b[(uint32_t)128U - i - (uint32_t)1U]);
@@ -1361,6 +1367,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
     store32_le(res + i * (uint32_t)4U, b[i]);
diff --git a/src/msvc/Hacl_Bignum64.c b/src/msvc/Hacl_Bignum64.c
index ee99893a..9e701c7b 100644
--- a/src/msvc/Hacl_Bignum64.c
+++ b/src/msvc/Hacl_Bignum64.c
@@ -180,6 +180,7 @@ bn_slow_precomp(
   uint64_t *tmp0 = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(tmp0, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, a_mod, n, tmp0);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -430,6 +431,7 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
     {
       c1 = c0;
     }
+    KRML_HOST_IGNORE(c1);
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len,
       nBits,
       n,
@@ -669,6 +671,7 @@ Hacl_Bignum64_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(len1,
     k1.n,
     k1.mu,
diff --git a/src/msvc/Hacl_Ed25519.c b/src/msvc/Hacl_Ed25519.c
index 39d25998..9d7c3bd4 100644
--- a/src/msvc/Hacl_Ed25519.c
+++ b/src/msvc/Hacl_Ed25519.c
@@ -1483,6 +1483,9 @@ static inline void point_mul_g(uint64_t *out, uint8_t *scalar)
     uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp););
+  KRML_HOST_IGNORE(q2);
+  KRML_HOST_IGNORE(q3);
+  KRML_HOST_IGNORE(q4);
 }
 
 static inline void
@@ -1717,8 +1720,10 @@ static inline void sha512_pre_msg(uint8_t *hash, uint8_t *prefix, uint32_t len,
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
   Hacl_Streaming_Types_error_code
-  uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code uu____1 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
+  Hacl_Streaming_Types_error_code err1 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  KRML_HOST_IGNORE(err0);
+  KRML_HOST_IGNORE(err1);
   Hacl_Streaming_SHA2_finish_512(st, hash);
 }
 
@@ -1739,10 +1744,13 @@ sha512_pre_pre2_msg(
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
   Hacl_Streaming_Types_error_code
-  uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
+  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
   Hacl_Streaming_Types_error_code
-  uu____1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code uu____2 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  err1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
+  Hacl_Streaming_Types_error_code err2 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  KRML_HOST_IGNORE(err0);
+  KRML_HOST_IGNORE(err1);
+  KRML_HOST_IGNORE(err2);
   Hacl_Streaming_SHA2_finish_512(st, hash);
 }
 
diff --git a/src/msvc/Hacl_Frodo1344.c b/src/msvc/Hacl_Frodo1344.c
index a038e69c..2951f848 100644
--- a/src/msvc/Hacl_Frodo1344.c
+++ b/src/msvc/Hacl_Frodo1344.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo1344_crypto_bytes = (uint32_t)32U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43008U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)1344U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U, uint16_t);
   uint32_t slen1 = (uint32_t)43056U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)32U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)32U, pk, (uint32_t)21520U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)21520U, pk, (uint32_t)32U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)80U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)80U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
     (uint32_t)1344U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)21664U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)21632U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)21632U, k, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)32U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)32U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)32U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[64U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
     (uint32_t)1344U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)1344U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -291,10 +292,10 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)21632U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)21632U, kp_s, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)32U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)32U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/src/msvc/Hacl_Frodo64.c b/src/msvc/Hacl_Frodo64.c
index d1036c70..45ee9dd6 100644
--- a/src/msvc/Hacl_Frodo64.c
+++ b/src/msvc/Hacl_Frodo64.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 /*
  this variant is used only for testing purposes!
@@ -59,7 +60,7 @@ uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2048U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   Hacl_Impl_Matrix_matrix_add((uint32_t)64U, (uint32_t)8U, b_matrix, e_matrix);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b_matrix, b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)64U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U, uint16_t);
   uint32_t slen1 = (uint32_t)2016U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)976U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)976U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
     (uint32_t)64U,
@@ -155,12 +156,12 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)1096U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
@@ -168,9 +169,9 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)1080U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)1080U, k, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)16U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -199,8 +200,8 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -223,7 +224,7 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
     (uint32_t)64U,
@@ -264,12 +265,12 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)64U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -290,10 +291,10 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)1080U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)1080U, kp_s, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/src/msvc/Hacl_Frodo640.c b/src/msvc/Hacl_Frodo640.c
index 6a31856c..badd2bae 100644
--- a/src/msvc/Hacl_Frodo640.c
+++ b/src/msvc/Hacl_Frodo640.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo640_crypto_bytes = (uint32_t)16U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20480U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)640U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U, uint16_t);
   uint32_t slen1 = (uint32_t)19872U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)9616U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)9616U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
     (uint32_t)640U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)9736U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)9720U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)9720U, k, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)16U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
     (uint32_t)640U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)640U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -292,10 +293,10 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)9720U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)9720U, kp_s, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/src/msvc/Hacl_Frodo976.c b/src/msvc/Hacl_Frodo976.c
index 34a7226c..dbd9bc32 100644
--- a/src/msvc/Hacl_Frodo976.c
+++ b/src/msvc/Hacl_Frodo976.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo976_crypto_bytes = (uint32_t)24U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31232U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)976U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U, uint16_t);
   uint32_t slen1 = (uint32_t)31272U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)24U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)24U, pk, (uint32_t)15632U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)15632U, pk, (uint32_t)24U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)64U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)64U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
     (uint32_t)976U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)15768U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)15744U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)15744U, k, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)24U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)24U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)24U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[48U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)48U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
     (uint32_t)976U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)976U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -291,10 +292,10 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)15744U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)15744U, kp_s, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)24U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)24U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)24U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/src/msvc/Hacl_GenericField32.c b/src/msvc/Hacl_GenericField32.c
index 1801e114..47ca15e8 100644
--- a/src/msvc/Hacl_GenericField32.c
+++ b/src/msvc/Hacl_GenericField32.c
@@ -614,6 +614,7 @@ Hacl_GenericField32_inverse(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_GenericField32_exp_vartime(k, aM, k1.len * (uint32_t)32U, n2, aInvM);
 }
 
diff --git a/src/msvc/Hacl_GenericField64.c b/src/msvc/Hacl_GenericField64.c
index 97b3517e..e8084285 100644
--- a/src/msvc/Hacl_GenericField64.c
+++ b/src/msvc/Hacl_GenericField64.c
@@ -613,6 +613,7 @@ Hacl_GenericField64_inverse(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_GenericField64_exp_vartime(k, aM, k1.len * (uint32_t)64U, n2, aInvM);
 }
 
diff --git a/src/msvc/Hacl_HMAC.c b/src/msvc/Hacl_HMAC.c
index 51032fb2..d46c4812 100644
--- a/src/msvc/Hacl_HMAC.c
+++ b/src/msvc/Hacl_HMAC.c
@@ -49,16 +49,18 @@ Hacl_HMAC_legacy_compute_sha1(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)20U;
+    ite = (uint32_t)20U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -173,16 +175,18 @@ Hacl_HMAC_compute_sha2_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -307,16 +311,18 @@ Hacl_HMAC_compute_sha2_384(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)48U;
+    ite = (uint32_t)48U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -442,16 +448,18 @@ Hacl_HMAC_compute_sha2_512(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -577,16 +585,18 @@ Hacl_HMAC_compute_blake2s_32(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -719,16 +729,18 @@ Hacl_HMAC_compute_blake2b_32(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/src/msvc/Hacl_HMAC_Blake2b_256.c b/src/msvc/Hacl_HMAC_Blake2b_256.c
index 4b5fc1a0..20b050de 100644
--- a/src/msvc/Hacl_HMAC_Blake2b_256.c
+++ b/src/msvc/Hacl_HMAC_Blake2b_256.c
@@ -47,16 +47,18 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/src/msvc/Hacl_HMAC_Blake2s_128.c b/src/msvc/Hacl_HMAC_Blake2s_128.c
index 8980e9be..144722e4 100644
--- a/src/msvc/Hacl_HMAC_Blake2s_128.c
+++ b/src/msvc/Hacl_HMAC_Blake2s_128.c
@@ -46,16 +46,18 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/src/msvc/Hacl_HMAC_DRBG.c b/src/msvc/Hacl_HMAC_DRBG.c
index b307ee21..93e47dc9 100644
--- a/src/msvc/Hacl_HMAC_DRBG.c
+++ b/src/msvc/Hacl_HMAC_DRBG.c
@@ -469,10 +469,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____0 = st;
-        uint8_t *k = uu____0.k;
-        uint8_t *v = uu____0.v;
-        uint32_t *ctr = uu____0.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -524,10 +523,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____1 = st;
-        uint8_t *k = uu____1.k;
-        uint8_t *v = uu____1.v;
-        uint32_t *ctr = uu____1.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -579,10 +577,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____2 = st;
-        uint8_t *k = uu____2.k;
-        uint8_t *v = uu____2.v;
-        uint32_t *ctr = uu____2.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -634,10 +631,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____3 = st;
-        uint8_t *k = uu____3.k;
-        uint8_t *v = uu____3.v;
-        uint32_t *ctr = uu____3.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
diff --git a/src/msvc/Hacl_Hash_Blake2.c b/src/msvc/Hacl_Hash_Blake2.c
index 6080585c..194e7157 100644
--- a/src/msvc/Hacl_Hash_Blake2.c
+++ b/src/msvc/Hacl_Hash_Blake2.c
@@ -26,6 +26,7 @@
 #include "internal/Hacl_Hash_Blake2.h"
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
 
 static void
 blake2b_update_block(
@@ -531,7 +532,7 @@ Hacl_Blake2b_32_blake2b_update_key(
   {
     blake2b_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 void
@@ -571,7 +572,7 @@ Hacl_Blake2b_32_blake2b_update_last(
   FStar_UInt128_uint128
   totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
   blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 static void
@@ -642,7 +643,7 @@ void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash
     store64_le(second + i * (uint32_t)8U, row1[i]););
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 /**
@@ -670,8 +671,8 @@ Hacl_Blake2b_32_blake2b(
   Hacl_Blake2b_32_blake2b_init(b, kk, nn);
   blake2b_update(b1, b, kk, k, ll, d);
   Hacl_Blake2b_32_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)16U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint64_t);
+  Lib_Memzero0_memzero(b, (uint32_t)16U, uint64_t);
 }
 
 uint64_t *Hacl_Blake2b_32_blake2b_malloc(void)
@@ -1178,7 +1179,7 @@ Hacl_Blake2s_32_blake2s_update_key(
   {
     blake2s_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 void
@@ -1214,7 +1215,7 @@ Hacl_Blake2s_32_blake2s_update_last(
   memcpy(b, last, rem * sizeof (uint8_t));
   uint64_t totlen = prev + (uint64_t)len;
   blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 static void
@@ -1281,7 +1282,7 @@ void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash
     store32_le(second + i * (uint32_t)4U, row1[i]););
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
 }
 
 /**
@@ -1309,8 +1310,8 @@ Hacl_Blake2s_32_blake2s(
   Hacl_Blake2s_32_blake2s_init(b, kk, nn);
   blake2s_update(b1, b, kk, k, ll, d);
   Hacl_Blake2s_32_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)16U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint32_t);
+  Lib_Memzero0_memzero(b, (uint32_t)16U, uint32_t);
 }
 
 uint32_t *Hacl_Blake2s_32_blake2s_malloc(void)
diff --git a/src/msvc/Hacl_Hash_Blake2b_256.c b/src/msvc/Hacl_Hash_Blake2b_256.c
index 2761aeb1..d0df7cd8 100644
--- a/src/msvc/Hacl_Hash_Blake2b_256.c
+++ b/src/msvc/Hacl_Hash_Blake2b_256.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
 #include "internal/Hacl_Hash_Blake2.h"
+#include "lib_memzero0.h"
 
 static inline void
 blake2b_update_block(
@@ -254,7 +255,7 @@ Hacl_Blake2b_256_blake2b_update_key(
   {
     blake2b_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 void
@@ -294,7 +295,7 @@ Hacl_Blake2b_256_blake2b_update_last(
   FStar_UInt128_uint128
   totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
   blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 static inline void
@@ -369,7 +370,7 @@ Hacl_Blake2b_256_blake2b_finish(
   Lib_IntVector_Intrinsics_vec256_store64_le(second, row1[0U]);
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 /**
@@ -397,8 +398,8 @@ Hacl_Blake2b_256_blake2b(
   Hacl_Blake2b_256_blake2b_init(b, kk, nn);
   blake2b_update(b1, b, kk, k, ll, d);
   Hacl_Blake2b_256_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)4U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
+  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
 }
 
 void
diff --git a/src/msvc/Hacl_Hash_Blake2s_128.c b/src/msvc/Hacl_Hash_Blake2s_128.c
index ce5252cc..5bf06711 100644
--- a/src/msvc/Hacl_Hash_Blake2s_128.c
+++ b/src/msvc/Hacl_Hash_Blake2s_128.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
 #include "internal/Hacl_Hash_Blake2.h"
+#include "lib_memzero0.h"
 
 static inline void
 blake2s_update_block(
@@ -254,7 +255,7 @@ Hacl_Blake2s_128_blake2s_update_key(
   {
     blake2s_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 void
@@ -290,7 +291,7 @@ Hacl_Blake2s_128_blake2s_update_last(
   memcpy(b, last, rem * sizeof (uint8_t));
   uint64_t totlen = prev + (uint64_t)len;
   blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 static inline void
@@ -361,7 +362,7 @@ Hacl_Blake2s_128_blake2s_finish(
   Lib_IntVector_Intrinsics_vec128_store32_le(second, row1[0U]);
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
 }
 
 /**
@@ -389,8 +390,8 @@ Hacl_Blake2s_128_blake2s(
   Hacl_Blake2s_128_blake2s_init(b, kk, nn);
   blake2s_update(b1, b, kk, k, ll, d);
   Hacl_Blake2s_128_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)4U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
+  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
 }
 
 void
diff --git a/src/msvc/Hacl_Hash_MD5.c b/src/msvc/Hacl_Hash_MD5.c
index 222ac824..1b376960 100644
--- a/src/msvc/Hacl_Hash_MD5.c
+++ b/src/msvc/Hacl_Hash_MD5.c
@@ -1218,6 +1218,7 @@ void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Hash_Core_MD5_legacy_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Hash_SHA1.c b/src/msvc/Hacl_Hash_SHA1.c
index 5ecb3c0b..80edc004 100644
--- a/src/msvc/Hacl_Hash_SHA1.c
+++ b/src/msvc/Hacl_Hash_SHA1.c
@@ -254,6 +254,7 @@ void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Hash_Core_SHA1_legacy_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Hash_SHA2.c b/src/msvc/Hacl_Hash_SHA2.c
index c93c3616..46fde83f 100644
--- a/src/msvc/Hacl_Hash_SHA2.c
+++ b/src/msvc/Hacl_Hash_SHA2.c
@@ -537,6 +537,7 @@ void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha256_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -835,6 +836,7 @@ void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha224_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -960,6 +962,7 @@ void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s)
   Hacl_Streaming_MD_state_64 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -1259,6 +1262,7 @@ void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s)
   Hacl_Streaming_MD_state_64 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha384_init(block_state);
   Hacl_Streaming_MD_state_64
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Hash_SHA3.c b/src/msvc/Hacl_Hash_SHA3.c
index 42c24434..5f4707f4 100644
--- a/src/msvc/Hacl_Hash_SHA3.c
+++ b/src/msvc/Hacl_Hash_SHA3.c
@@ -228,6 +228,8 @@ void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s)
   Hacl_Streaming_Keccak_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Spec_Hash_Definitions_hash_alg i = block_state.fst;
+  KRML_HOST_IGNORE(i);
   uint64_t *s1 = block_state.snd;
   memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
   Hacl_Streaming_Keccak_state
diff --git a/src/msvc/Hacl_K256_ECDSA.c b/src/msvc/Hacl_K256_ECDSA.c
index d2266d00..19395653 100644
--- a/src/msvc/Hacl_K256_ECDSA.c
+++ b/src/msvc/Hacl_K256_ECDSA.c
@@ -215,6 +215,7 @@ static void sub_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -288,6 +289,7 @@ static void sqr4(uint64_t *a, uint64_t *res)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -299,6 +301,7 @@ static void sqr4(uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline uint64_t is_qelem_zero(uint64_t *f)
@@ -432,6 +435,7 @@ static inline void load_qelem_modq(uint64_t *f, uint8_t *b)
 static inline void store_qelem(uint8_t *b, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
diff --git a/src/msvc/Hacl_P256.c b/src/msvc/Hacl_P256.c
index 2b6cb11b..7e586e54 100644
--- a/src/msvc/Hacl_P256.c
+++ b/src/msvc/Hacl_P256.c
@@ -204,6 +204,7 @@ static inline void bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -277,6 +278,7 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -288,11 +290,13 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void bn_to_bytes_be4(uint8_t *res, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -1057,6 +1061,10 @@ static inline void point_mul_g(uint64_t *res, uint64_t *scalar)
     uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     point_add(res, res, tmp););
+  KRML_HOST_IGNORE(q1);
+  KRML_HOST_IGNORE(q2);
+  KRML_HOST_IGNORE(q3);
+  KRML_HOST_IGNORE(q4);
 }
 
 static inline void
@@ -1564,6 +1572,7 @@ Hacl_P256_ecdsa_sign_p256_sha2(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1596,6 +1605,7 @@ Hacl_P256_ecdsa_sign_p256_sha384(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
   Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1628,6 +1638,7 @@ Hacl_P256_ecdsa_sign_p256_sha512(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
   Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1670,6 +1681,7 @@ Hacl_P256_ecdsa_sign_p256_without_hash(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1705,6 +1717,7 @@ Hacl_P256_ecdsa_verif_p256_sha2(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1735,6 +1748,7 @@ Hacl_P256_ecdsa_verif_p256_sha384(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
   Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1765,6 +1779,7 @@ Hacl_P256_ecdsa_verif_p256_sha512(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
   Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1800,6 +1815,7 @@ Hacl_P256_ecdsa_verif_without_hash(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
diff --git a/src/msvc/Hacl_Streaming_Blake2.c b/src/msvc/Hacl_Streaming_Blake2.c
index 948d56c2..4faa859e 100644
--- a/src/msvc/Hacl_Streaming_Blake2.c
+++ b/src/msvc/Hacl_Streaming_Blake2.c
@@ -54,6 +54,7 @@ void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_
   Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
   Hacl_Streaming_Blake2_blake2s_32_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -353,6 +354,7 @@ void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_
   Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
   Hacl_Streaming_Blake2_blake2b_32_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Streaming_Blake2b_256.c b/src/msvc/Hacl_Streaming_Blake2b_256.c
index bdb5433f..d2df234a 100644
--- a/src/msvc/Hacl_Streaming_Blake2b_256.c
+++ b/src/msvc/Hacl_Streaming_Blake2b_256.c
@@ -66,6 +66,7 @@ Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(
   Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
   Hacl_Streaming_Blake2b_256_blake2b_256_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Streaming_Blake2s_128.c b/src/msvc/Hacl_Streaming_Blake2s_128.c
index f97bf5d0..eaace7ce 100644
--- a/src/msvc/Hacl_Streaming_Blake2s_128.c
+++ b/src/msvc/Hacl_Streaming_Blake2s_128.c
@@ -66,6 +66,7 @@ Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(
   Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
   Hacl_Streaming_Blake2s_128_blake2s_128_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Streaming_Poly1305_128.c b/src/msvc/Hacl_Streaming_Poly1305_128.c
index ff60cde2..c752cfb0 100644
--- a/src/msvc/Hacl_Streaming_Poly1305_128.c
+++ b/src/msvc/Hacl_Streaming_Poly1305_128.c
@@ -58,6 +58,7 @@ Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly130
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_128_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
diff --git a/src/msvc/Hacl_Streaming_Poly1305_256.c b/src/msvc/Hacl_Streaming_Poly1305_256.c
index 63685f99..c1915ed9 100644
--- a/src/msvc/Hacl_Streaming_Poly1305_256.c
+++ b/src/msvc/Hacl_Streaming_Poly1305_256.c
@@ -58,6 +58,7 @@ Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly130
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_256_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
diff --git a/src/msvc/Hacl_Streaming_Poly1305_32.c b/src/msvc/Hacl_Streaming_Poly1305_32.c
index 249a622f..89852727 100644
--- a/src/msvc/Hacl_Streaming_Poly1305_32.c
+++ b/src/msvc/Hacl_Streaming_Poly1305_32.c
@@ -53,6 +53,7 @@ Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
+  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_32_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
diff --git a/src/msvc/Lib_Memzero0.c b/src/msvc/Lib_Memzero0.c
index 8e225318..3d8a1e5f 100644
--- a/src/msvc/Lib_Memzero0.c
+++ b/src/msvc/Lib_Memzero0.c
@@ -22,13 +22,14 @@
 #include <limits.h>
 #include <inttypes.h>
 
-#include "Lib_Memzero0.h"
+/* This is now a hand-written header */
+#include "lib_memzero0.h"
 #include "krml/internal/target.h"
 
 /* The F* formalization talks about the number of elements in the array. The C
    implementation wants a number of bytes in the array. KaRaMeL is aware of this
    and inserts a sizeof multiplication. */
-void Lib_Memzero0_memzero(void *dst, uint64_t len) {
+void Lib_Memzero0_memzero0(void *dst, uint64_t len) {
   /* This is safe: karamel checks at run-time (if needed) that all object sizes
      fit within a size_t, so the size we receive has been checked at
      allocation-time, possibly via KRML_CHECK_SIZE, to fit in a size_t. */
diff --git a/src/wasm/EverCrypt_Hash.wasm b/src/wasm/EverCrypt_Hash.wasm
index 843f2e857135bff6c07c504916c16854b061277e..6b1a6c3fcd7de9879f50ecfa716db8f695b4acdf 100644
GIT binary patch
delta 177
zcmZ3}$b7Gnd4n@Q<Co1Y{G}Y?{~8(^7?_#r*z1|<92qni7!=u+nOW*5pAlDLQQ%bI
zp8Qo@V>7=*tQLzh6HqwENptf|rwxoO%8Wpsr;F0&e3y(^2=DqrrOkgA#;`$DMy^oW
zT)#q*m+|N1g<IVqV$ZiKF)0X4=G&$u!RmN`L4i?$S%Jxs!I440gqw$(8*HZWHlP}w
O$x+)BHfL>f;sO9>nKOI<

delta 156
zcmccD$h@YJd4n@Q<Dtzi{G}Yi?;9E#7?_#r*z1|<92qni7!=tjUl3PfS7uh=RNyY0
z{7qbAvyOzn*5rC8O%`P)mio;roHj5{j&V_9QDy}4>Rd8nC%;+<<?$?vVVj(@0>}fY
z>|3G8%Xn?_hOKUse{EG_Rc2BUD4Z;}O^KO@n|pG^HlPTj0#D)Onr#Z3*K9N50sx`=
BFxdbA

diff --git a/src/wasm/Hacl_Bignum.wasm b/src/wasm/Hacl_Bignum.wasm
index c0b9d97a839de4f0a1a78f539696113f7f47d377..579c0d56f1da11845ae83f0630d77869216c5fb2 100644
GIT binary patch
delta 10057
zcmZ{q33yh;)yLnNH%K6AK~^d18KHnk*#&Dsd9kMDc|O{&l|G+ZK@_Prp(tS0YQha9
zVGD$W%M$io*04o3*;HhgeczN#HW$PVMAYwp=FZ%?Z=Uvnym{x`x$`?S^FMRv&dK(3
zDeruevLwB7#j|_za$@yo_?;_1DsJ<OD>oFi@LA12Rk=ETI*8OVmDVx!NqVYLET-N}
z#8g(i17%UuPAMG{G1#b;%1*@SiA-umS&5Wh8L;(9c-qvD9&on4sy}51Me5%MH)bV7
zhRX5>)T<tULV5mDs^|YHvjXnqi#b9K5TFedzzr1CG?CIfM7Btzz}CyqRIZ?w$(B4p
z4;V{OP2~$3Ah-*I1m%iS$`hs8GzcGRu%N*rL8U|HBt#!I#1n+NgT);7Vt}9_g1=az
z$gt3%4(g1<BHWCGK^Iu`a6v<X9>(b5j2<CqghLk!LRD`>h%QV*%Md-%p`EeFp<y)W
zVv8OnXe7`@j2^{kUy$$6qXnU=&ty;cdUO&x9-_xMv@?!%Xc!H8oJE%i8UyrLMwc*p
zyrA(8JwXtvjt@H>pCH=!zkTT*{}(k=y@@>g6EXX4>QS^)FbU2?ij(067mWi`tOHX8
zO@afH*@3C-z%)VAoCDJZq3X2If$6&I+)jp66aBp}SFdEGGefXQ@0=-UCZx%-m?_jO
zR_Sc^bGCoAW;JhifM=<_CA4lLmN|l2LziqZUd|OXOY3r;pts=V9QJY^dpTdweCOo?
zL8v-E@N$-*1=>rNy>2X=Aa9|AI$f4VxZw;fvgpNv76M($=*5g)B4~+2FBOEUOG5P0
zB(ziDGA4V0L(W>}&`y_cTl8{4%YZIp^m0b85VXRfR|-Pa6(M?M651(nRoLmC31?mH
z&`y`{So9h}tAJk3=rxR9D`>4luM>o-YeV!pjh@Z2P_tPT{_Qm@dFy%N*GC1~5=AS}
z4R9+`d>8(3(M<h&)|2-IZGb25vM2AeCmRKAbe?=52vs+Ro_wG^;dUU<_3X+EMnjue
zi<{Y{%~6+Ht1Y-dGejo%o2_@jA`K(2($3mfZ56ad7z=IHFkD8rH#5saJ8GMtIK^y7
zw(AnbLS^j$9gl<7gfH7gmD}r3iuzDcio0be*Jy^(L5&Y}ji%Hb(Tw6wbHlEr8+L=C
z_TZzbYh*8q2}!XqnD(&&j)jK(I%2&8f)1F7Js{LU9;HJ(N{0j*i#%6$VQgRwA1sFj
z?Jj3JB502_nRz@a=%5baV}cH29*>FAEINV@bzIPK%%g{Ai#j0)6^{qAcu>#@J+L9s
z#p=lj)LB1@a>IfC*rHDfItlbCMt{WU(}GS15>jXINJGWbA^J=*+QsVG2-;cCMbIvU
zKe6cZg3bbcp3&zReL>I#gT5#T^}Guq`eHKL#p<O9+F370&@O~Owdl_TT>|<uMqg(1
z=Yl>r=r07J-seodBZdj0FEsj)R`MYoz(oxzc~@8mSD=IN2?O0-u`!~)WVa&atLzY$
z&D?)wUHMwjmvH54cI7I&@{OQxj4R&?LcMRoLHJgC!i^w+udpk37zKTY!J=)VpSl(Z
z_qw3#M!467`ksY*gB`w6PPkf<H=J;P5VV(78Zq4zwBMSH^FIpuUJLgpK|jFxo4f%1
z#0${Rf_{ecEL`3c<w!!^pMws3FDOUy!!Lw7l@5@O>#PH11RZKOR~mYrqye&&21?NL
z@S*Z0<xAd?d73^*66)qly(0sCP%_;Kb#R34tV1GnC*Pr#K1|YJ(1$R67}E<R6=?dL
zgonNlmxQ_nA$@o<-D!11gzl_`5xP_GNJ}r0Gy?QOrWY~2SW>Z}i#~U&QIb%%IHZr#
z^cz~lH$oBn5}NR3M8puOFYRM!G<y~)k71v<Y;-WzdNWSaXm~S*y&1>elt?NGy;0*O
zp=wF!%y{jLFDvlF!T0;jtx+}5(*#LS@&uWQ{nHYv?@f|4Nd`NnNm5P5S2cxQo&uMn
z>#tVS6dA6+Q_YY@Ow%OoV;Qr_xIbOeWZ4M&tr?Q0!u=T%F*pq$YNn)_a9^*#vm~M7
z%)t4{l4iMi)NO@3sM!&y)9_nSZm8io7Cl$eY@p{d`YlG!lQb_FIW^ytgo^V*^!#MB
zlj?#9+F2Jy&`!Xm7QIN)0-zT$dLg41OImEuOC+J5w>U&ENk%)JE{&j_by)=M)LUlJ
zZ%bMV^xKSH#^~jemK*d6NvOA+$yk3e;43tG3RIV&ra&xrc`I21E6d4tWhmQK>=Le9
z8Lwt%xNPSA9qYy#Nvq(-8g^qfyRlZ%TI0q#NvO9r9DsG&3vL8!?@HFJ7l>!Q*6ezj
zp*BFDbWLQccUh?Kv6Jsbo!lqX`;y+(-n?hM!)^+uejHfN)>mzmgt~!+HflBs7y*37
zR7I6a75z8n-r5+gZIHH&iLy^$^#R9*?5#FQ?3*@)o!+biYKx>TXn<GYEmCdewzjdK
z+sXyhX1E7q7*N~Id`3(=B!#uiz<wxcs}880lD1=Dck;mQ;DOyGX%_}o2h?s!sJJT_
z*{zax>)yGx!hqTnfx3X&8|8)pwa=pWOWFhUen#(Q^Z`i+%$y!XK%wG+5PdKi?Ly~J
z1nsPcBWM>;M=biNq(eX-W%OZ2ACq*<ppQ#JJ?~hEKAwzrp>raFcGi;-v<s+@Ec#<f
zCxHH#(I**wO42EVJ}n9LPB9q)g#kaU(c83~w&{R6!x}gf)#_%6vJIfK>{6tBj-BDM
znfFhu8|NjRg&XJDjdSeA1xXi-8y6*^-i2@gE^05h5d_p39Z-RIE=js1)n!SSrTSD7
z^!zD;>ob;f41x}){Bud4YqfnL=?ht!hynT;L$64>VxV7g9hCGI;7h5l0*6*&89`H-
zol-nhNCexm+PyN=SA2shqxdyP$TvE4zLkXkSJ`XWzT=X*#+R@2;9bYyxn>h0Gx~V?
zilgbei>B`-q2a(}hVX`@Yq~Q(;F*dc`~e-|9;us>ZgOWlybAm%3H5I3-T?d)-$Oqd
zkA9XEa$L0J#3QJ1=mx|MZD5>o;@CpP4J|iLxp94_rSjs0YPoS9I>5YqzK8PSL2*#r
z(OiHGj?mmh4Y9PLaT*NTP)i#Yr(uRx5GPa{W@*DUtiZrV0Or{Nb1_jEp}CkCX=z1q
zDg>>_(u(6$Y-pq6glff>=4;w0LmM5(T=7ziPqWlgY8yX$ZYqu#)fl`cmY-<Ei5eS+
z3dWYd7`_}pS7YNgp2o4`TsD(mVqG2|r*Uw3ymfg(oF*8TC&sCy9v97gOwvA2G(Jy`
z>*g}lSih)ot$U}K1}i|XX=-YmrpDE@I8BSI>2aDKS2N;%VXIo=h<~tgXOU7?@BYlx
zG#r>HoT@ArYK1?dRqcw0X6NL@I!K=u*YLA&rn?G1S(O|4scE%ks^>3Ezq_nc>n0T*
zq?WvedK^R31tZXfDusQ%RsA&)qvn}(D|Inl56%vn<LKZvzu@uue(QEsz2@rwh#x;@
zFrMH-<V@g6s)Pofq$jFWsY7w~RP+GhZ@5+&*Ph~Ql_(8g{}xnxI$EtON!2aNc!p#G
z6ulFyfTL&C9S3x^{VHwKyl3gz;Q9EhdJcW+fj;$sbCH+*rxCe5!YAYN)HSKxlez_E
z)1AN5b38sT(DSAA0#>M=i0K#U#URH1L4T(g_1g3t{evIMPkZL(@FAFC+jlXY86v`f
z?iEn}Ng1W|Pf#*J=}o-@%1hLXdK=11ni4=<+`eof(hI?TEX4(K-+<DOUM{76p!5Od
z6?!G0{EPb1D~9r~2*t(gtCr$SuUUwV-!>WQ^?>qkdbO1P4a#evyg_dSlsD;hdc#oO
zWJ(W?)E<6|c6GfV!QfuVpAK^fDx12xLVxPUIRrh0$_r>Yg0f4IJOHmhcmwzhI3Nz>
zSL*@6E9`T~9xyb>KtLY1sETw8RfO$U;df|Pp`xDbTz&};<di3nF$e^eCy-3QJ%a=^
zg=|8Ss8}?E0+(1W$SpjRY#Ab`yRjJ0kx0nbZ{fo@?SMB?ehcRufhypHfcD<wxA5Vd
zK7d6JTfRUFf%{;IPFKh(Sg11=M!2EeMp|?cCnE3~%4p6JsA5hCXf%^Y;RFeFi$nCN
zB(xKt@6gUT+M%5W$5`}O&O4OSXhw66Kp`72&Y?><dqCc}5M7dlb`l)#(9Sr)p{+7A
z6!HndfKTGQLn%#QG%^I)YO+9<AnY}=0;oEf$<<<<6q=&ZgY?VyAfdH7l|?WWA_!N@
zZYbIZ#5DL6DNctsTr?9u!}>9k(+{OIo&A`}e$3*N;n0uS0!OYe*m<9=-QadI;%X}U
zQT@K4Lr6H}avC91A<>}U9_Hdi6o~_ioaYohU#A!JE5v-E7O<iha%UEnQ}jH3+g|7-
zjZ^{)IAU2OkgzZ&)3wE%px^*lA~>yp<N*S55g&^!6||JQ#`~aU0_g@6b;lNPCV&O)
z+6vdOGRJg^Mq(gZ)sXS%3&<-3XBCh;0QqeuBbTr;7*w?iibBPeA$e6Y*=cvRBReDV
z0wLKcdW|Ko6`WK+>Hy?-n7mHVIzvXP0QJ_1IUaWveO{kTcGBJ8$j<m~gzN<Uo+ZB@
zBodHA$l`25mf9F564VFLEW!fu3kuQ*3$>aT25R2K0@wrrgle8AP_}YLQlWdKh$KO9
z*$n+w>&7<D9+cu76K-r_H@0&cK<ioU5J)MYWaoT`?mrk<{^ceuW-pk)4>>cSkSN$G
z6wYL!=v}C@n*|+%q{BrFM_qfg)^J#`R|M}5yP1l29UK*LVprj<9M$#()crys8-QL0
z`#&_L-yd-JgnxLN+=-3EL4EKXlu^W~aZDX{!E;35fFC&pOd>8E<&rwab&m509#3k!
z+)D(q4=Jb-Zahv1WE_mi4CG0H90ErV4*gGHAo)OFzeIe@2l*y=PVtF9iad}2pXPgT
z{vVXi@UgUQGz_D&QB*j7=Pd1$;2{4KOT)qbc{6?&1djGmGBEF=rd=?!OA(rjlFJdA
zi;_<*?K8ng_WJBz_w7F)-E-HjXqY~}N9jwzJli)H8CN4T7a3n!+Sh_l<@NErru~=G
zd9?qXrs*Skl&<Lv4s?e+j@u^qP14i6>;GYv5h*yOhXim;9g!C#5JnV~g>(Gi?<8=T
z&p9ZR&CLH`{k<u0cCSz5gPH$P-~>L<vOcV*AIVO}&)VUi%v|K~SuO|D_dcc9QUh>w
z!BVOKv8Jhk5~u76hv~Ue<>4hzs(k-{(rZ^cT9}g)Q?h@mC;LnMRPy5fmBy_^ioYOz
zt9QGqMiP$`_?U`VsLlnmvFCCP;*EU`s$QikZ|rN@9XnsEg=>{@ttMaNjeQNO6;!Jo
zt#&6i_I09+Uq&|e9ye4M$l7!#)v1!E?!xyv^h>H+rLwx4?xMT1)je<zXJv#&$@-~K
zO;KG^xaD5DSJk6>sy^LA^|REk7*3=^fLm`s4emp@HKc|eV_Ed8EY*k_sr#s*YE1W$
z*EnC@kKc{6RTFALDE*r5r(fr(rZ6_mSIwwd;*ruJsyQ{HhWV;RM~_<McNAHwCDNNM
z^HeKprLVWfh2|Yac0RSnXUAA>UPqCu9-s!)sBJ7p52!YYP&C9#Qh#c|D^l%X*xLrB
zpzt8X_?vMpT8P^I@YZSGL-Y`}K_jsKmL5{=@Vh-k*dCqKM<i&j+$z)-i$i<e7I*w%
zdN3%PDSm|7vAF|1OdYZ?Bq~7()sY@nk5Wf^G++IWe`Tx3=rJy(*P-80dY<|{tiR7!
zf1p3;{&u1SJ?wXXv2GW1yp!&DXM9qJpyPj}M<@~a{3mKhe+<6<FB#9UzGG(Ci$90X
zh4b|nYUe-FEU#rddN#PNhrJC8jk)c4dt0#f@HF?tZQttKUI}h{)!v2`!`$|oy)9To
z__o(^+k)m}s<p%RJh*SDp!OVN?R}MA)5E^K{5bPEP{8XzLAh(;GSHT{_J)a#{exUI
zqmTW&9)4`uaivh`85qesa8<-6-kjr0vB+1W@Xh0|<_~(b5&Lb}M~gf)Mpqnziem*f
z*LqsU>8<>5*h&N@rbKA1V)tCayWu>AE%St+=0v_ePUxA#cT8QO2<C1Qzb?QZJsP!n
z+uRNt=wNK7=$94@P601Kyf@~~RG>C#!Qb7e=>j`lHG?;`YNqfzr`IZ5(s_DSe@W+6
zWtF;LPD!H{{OtQnB1TR8u8-HfqgnLWfgbNiDL8XT7e#)rp6x|d|LUs8%C7VrSot=*
z-LYOi5*_ho=kM;O@V5%5>>%f&FCUA1+?(=D=dx=rSAMu`YoEEdv;?J1rs|4_>4xd*
m7TNlwsAurD`5S)0vVYV@T>&qf@p>2GH_ob2)_&z}Z~i}D;~yIU

delta 10541
zcmZ{q33OCN*2lZ5!y@?2pr8|RyEUTX_#Kx4@pD|D<EY~}d^(_xqaYvxnjlJW1CqQf
z-4J%d1Hvk+2G9T+0YMQF5Em3#R6u1>a6?2?5Kwgfx0YA0IpaARy6WAo-@mHvtyfjI
zm+i@Ub9c_d>l-!reto($(V`-3-{{(~W$R|)*R5KHI~z5_|LsKmI@LI@VTV*g4NSJ9
zfppQ0Iqg!3mWc$lQbnl*-BCcTXkaR*cRuR+rUG5nk1q3dg{qi}Op%J);EMxOB3}&*
z59BsW-l0mus=wrhuMB7$1cWd1^FWmf@X7>$Wr8kB<@AZ5m!@)1*W2<`xu8F1*Hj3)
z%+?q)l@?SgAWmfjm5W-c5VggW!5=k9&>)eb+RB=g=o_fPf?zvH)Ub$BL4yT<a72;s
zpp_o#D~H6m`6-JY>d?akRRTSP(Zd)$T+r|ctwsnM8gPw6kH|vH2tCrHedQ>RMx{lM
zcIYZWBY_^p=qg5!5j4i5LqRYdBWeQM>o5zQjL>5}+E<SAXjEGCc!#bQG#2P_jIL(%
z1VIx#dZHkhPOzQ+y`YI2T_)H+%EE7R&kQE94@`m&cn3hyO~hnKiWR3o3>U48sZPcd
zf+j=86qfM>%a|r;nwK$M5KN~<V?SN1;CAw*ngkiAG%)@%BdogiH0`Q01<izu@`%k8
zY8HFzY*sq^IB#X&oNeT=13oFVH^pk664ct-Sk*OxW@&GoBj`z}eu`DkVbya5%{8h6
zxT~5c2)1*L>{){5Y1xkG9rI}q^_9=WxY4}TI`n)&PXql7qvtbvfuIF`z!t()VY?tg
zFU&%F$9&eKedTi=?Y*_mp`RD@EYQy}`guk#612#p7Yl-EuqZ+=&O&>~T;kEb@&%9f
z-n!JGmkC+|^b3q$#^@IXz39;|34-a1Og=e*Iii;|dbak~+1gu|vkxqfd+VQ3bl&<h
zB*ls=Acl)}-d}MtRtkC<GFGsRl`P{`L9cols|3OH)o1`#X%*ZKymdKbG`kz#xSEx$
zjw@-c*1%0^hA04bwG(9)Y*g}!?Q09wYl7AYTSKpD1|B0WS93sgogvg(K}kwD`LF8|
zB_d~f18}?<S`$9JE}HzVIpwG~1?Bj!yu}t5V@zQ2rnb0<E<r$}_*U4yd2XwudMAsq
z9;K9|L~jRumn$G5s@M=k=te;sZG>(VY7<B3W*(Ex0s><1lXVygR7Nk9_XNFtT-E!6
z-f>lSvOW;BNeAf`LGNL*wussydLMt(RzX`aSpnWDYMUS!ZZ%W2NzgVuj1kdC<A*V*
zul*>_jmGt3hu$veL!h@a`Xff~5VXViiQ0(>h2f3}y)zr_qj6UZ?Q1`Yp?#2k>d?Cd
z?E-o?qd#Hv9zlC7`ZGbW3-(0l&$7`z8b6PreeD-9v=7oR9r`Olp9B3BqrYJEUO{^;
z`fEY3+sovp2}}@ut<jsc-)<J+%Fbs5``8Kg!3m-l$~u9vi_vdbQ>?t7)o|HP{I^cW
z0YTqD#{t%{pLKjE=sT<9dqJ@KE*gRFwG3_qA-a#_r-|{N9|V=qTG3A(jQsYHphMPg
z4+-@n`|V+teE2xO)gF1+`|S}y>)A<TRYwJFa8*|RPlA5be*3eaBanZT7nz@VkvS&l
z8053x^2_BHL9jh$y6~f*Uvw8DsCUv|V_aWbDr4x#b<3osmrME;^im0WIsT{$NfnYe
zVu7ZoCBe2r>fI3NX~}Qei0=I~BYm%Z?VuRld+%UJuauOLwKRz7l}sNZX^5uRqyqGP
zs3h19iReSK>E2a`#pu3vc#Q5Hc!Z;mlr#+V;Y=UN^ih&VS-R+Zwi+!7wxc5YXiYz?
zefY5P;VKD-sFE=shL2WB=fh)IR;(PdATC=c80(~rlQafWLY6X)rHq#}K9ZuUCBbxj
zq@-Fasgm{iHBcpa|9-OZrU{bZ$`fRPnkb{~{3J<}q}d})l4>$Oswpgd3WUd3U_Gr<
zWV8ZLwWAuVdP35>?8#hZJ26etWXXG~>5`_R6VoLE@d^A<GbGJGC-e$DQxXhkm@Z6~
zG}BL|ZY$c{&Wb_38_$k&BR781p`Vg83+Sg9J)6-rl4{KOsX2ip7}iASIoW9Mt#e~&
zUpp^`_CEZyLq8*FF3`^~dLE-|CDmH=d`YkiY9sXgY_xaP1u?X*T^K`q2Y%L}pOdrz
z=;s){kkNIL>MZ(sNwBM9GFD&=`12Y)1-_S$+1D%ZB6fmB$9eCf$a@#FCOmiEyoA+o
z*-rcmPRCM7i=ksF>sZ1%mPuM>b-XAEcFUp>cu~vXM)H$tk#^m{xX(-4bzhSCYB@ZV
z4vGTxGP~*uR=Fas@?D``k@T{bv%<;4{s~q6IKX^ep;{>kwx)(wYB&lQ1N=>>2C5-7
z2#@5Rcp+L_E?pZFW#2;eDo2OxqgF|5l~zT)UhU&*jifbbg;&HiQoY6vu4S=nkBh6-
z(1^+?u3op(8moFkQe<U^_f1K!>9~4J((4%Bw|IEp;Ne{-X&r`F$JN`CV7ShV?`x9Y
z)?M^%MRD~`4C>=*eViM`)w>S8LDD-wZ(#I#MsJj~(a!89#1#xTM(9o1XdgkFV`yLd
zUJUKy>V1d)K+<NQKVbBGjNT$?i$!mh1iN5Mgx;Es_7Su#hW51|#?U^lK62=fC2a%x
zV@7|-=<SlWTl5Y|u-ndL#1#g7heof}KDE}w)lPPTopFy{Em3xHw2L*x%Ac?rF58L!
z)alqQX%}?tW*wifjy;n0SRJ29g592I1U}O;xDmwFP7_zgeLk1;xl~_B`a-HNCBdz~
zM2vmKUY&qnN0Yu+(q8RvUrYL0)}|7me#O*%lJ;5ZH*ABF-VS^t)qe2MN+RDhRd8cY
z0E3j-q@C6~UwzA8uw@hvaEyHCBj|fc_-{XJ$AcfZqz<ypAs)g*7((B6N)*IjR^M_^
z9r8i-qa?I$s_Z}>mUK|}=m_4k7|0{&4R=c&m2{MQ6yRv^lO)(3)m;MkXZ{ZTWECBg
z6mfje{1Qh+<M*qhl_u#I&`Oh*R+gl)q`uoy<w=5BS(3*Ou%IHzwDP1WrjwrL<0O;x
z9rLp_h`-5i-N8x9Bx`A~qg5uU($a<`31*d!HdMogSlBSY0ykhjG=|4$J~T!++Q=jg
z2W_OIjY`reOB<aen2mC@Doq=0X=9R@D_(Z-*Dkx%uub@LZbRHOst_l~<0l%?qQ)lS
z1!IqY7@Zg3Tw{|is>ZQ!F5Af;?<7|zX&fY1JINE0G{H)qn56M7xM=5NlGZ%YYMz|b
z&E-P|c34d>h0rOs(R%RN#%gMkrY6-B$<+R1iw_nzrW0aaOC%bv3xD`idm-!cE-Yx6
z`x`dP!VRr17R^G@x+Cs)Z)<&1J-*-Vh;DbJ6QYiusBTRq=#m0DkviJ`n(Kl~a9i*{
zzOGQ+Mz@+G-Nvt_jy&WY!?HHbuvkYo1h<n3EH_mDq7%^azv%WRO`20u-4VY{_&1(4
z!m~U0*$LDbAOCI4?u?t=MN)O*W?h?|Nv2SYc8TI{Y)8)tx=<JM!tA2DqNCl=(Qf!s
z>>A)s#BjIhRe2BHl~wLeolM!z^1alRgP;f9Q%gOtV0A}y_oSXC+IrEw)Kf22U8xrj
z$DM)wa`aZb&$aKP`~C<Kg?7H76wrOOQ~=8Tp!BBRhVlUAQ*TRoKvN9FM{pkpkwFB0
z&{2FyKV&F<sZTBS1?53d3aQXg`q4vFXes?-6d$<{JBqJ*#6esnx5-zJ8p>nza4kIs
z$|ImWPLCT(e|nT2x0L=&>BbJ!jU6cLoY$~m0Oo5z?6h+y4RG-{knZw@BI<;Kougty
zETMt5R03iVh@4^I+kWI1sF(taEY)XQd@)}QU}k+ixn($#w+PBPWng@#T&M~@j;96W
zr11iZ`w#m^+K|~ZGJ-m1*C5q!x2>@P2MemuXYoqG*$Ctv_&myI@gV|<0xeWu^dgA>
z+acyGUV%)3*6WDgg@$>kuSA|9;zph|!l6eB&PE{bz=u&rj}k}}Xf)pfjK(z*Y)3`t
z(OGEkYgHcYE0Je#Xzy;JLyyIg6zDOGMv|adA(b%BqsI$^X)rEAkIzDTZ>#obUx_?}
zLpvwTR}&q2lHhCv5)VL6V)SHA5JbI38Ud!0nT*XA27HP}r}Ys$Eu32hQ`r%w!V#hs
zvlEKWGm&)Y94k(PA}-p=pYF8G5S)@g_5oUEu$GxRwP15nYL+0F&WuK3mX^ZpV8b<4
zYiVh`Xtv;7*=(F&o@C#|5dyh|B+>^CS)(0#jzBWOIP@HWlmZ-j9`^&;ge-@y;q&%9
z@6k`25slR#g%BCpUe$6wg8hHKNgyD1P{dh;q9}pDd!L0OmOYp&$Yc+EThVIutY><M
zM*1LbYRPqu{JhB@Aazj0Nra+U{y;5;L&4A{4?s4_gQz+0x=TFSS0Z~5H?`!Yj=apI
z50E)1;v7OzEPbG&+<{KAfoyUIQFGpNmwU3WMCKrFYRM}c`4xdYLM_q)AR~29q*e-K
z4zxdW@&I-#jRVaUzenbPSJ-*lndf<DUd2wZ3QiC?bB#dRdGl(>iWS$eATC=e$QGE1
zU&}dzTHI+u${LpPI^X^qDQ^fQ5>V31F2>*ut%MuNS8|n>5|~zyCwNn+w~z-A3fHr6
z=ykBc#Vl{io`Nq}EUvxY(f)=TgZ0839^PguPCB?S(n~!~<}iELP&WvLtN?mx_I+qd
zA0BW8WxA4!)50cw0d2}C;`TV9-qW%3zQ7$n(h3+r)P2AuwS^yV<-yyU)$DQS1|%SI
zU=i&wwh1I1Y?bZIhXQE?4j$b5Z^Ib!oxVOde9U+G=nTh>zVt_t#}MEh{2inKOlc=y
zPP;~<DB2ZAMML+AqkU@b@;`O7-2(UeX6W_^-0q`fVZmpbw#U*wkI{UPd=aDhRsTyz
z!}UFG?e+D&?%Uq~dV9}Z+oxgr1|Oww01I5-d|>R4(fmUHt)m?fd^fKz={4;)?&#4z
zt}ii=`l24CgF1-=mqRKiq3Wv!RG%8O35U1Q=Y~W7Wug%$xU7d4;I=yET=0S@p5Rxw
z&Nsi4z@0v4qENPzf5b^XDsY9bFXqkU;}-rWI~{yy--3&FK8|V4KilcRjXgJ)4;gqv
zHN6(Xf3=O)gU>crr4kqJs!X~wLBm+raBf&Tva~dzWJ$w7mdHSqoDd|#-(A>B%98N*
z)@Ow$-7wc}<{Kg^n#MNsTy93ZnQul-o1Da(`BU63ou8eGXN~ae6n@5=`DS#gG5bT@
zEEk*k)7)mBzt=prndfqFI)?TSluM^IX{^q`=hLV;o!+F8I+M<zGmF((c!S}!cQzV5
zo5z*ELog#cod{o1q|_hjkLnyci_R%hEf`K`>xf{}bLrd*5Pj#-d3lK<YEh)lr}I@y
zI!|3dE$M=c`cqid>wIxuxU|<9H|GU(ah@p7P%He+OH`!uM1^Wi=hFF?Clb_JU6zX6
z;A~!EO6Xj(!Z4^!yl^>Y;s2^<Tq<(ID=%*xTtQdRWoQGnf1xYXmH786c-2)<s;@iH
z+HosO8wC7Sy0fhQYP#H%ZU3*KE4jKYT}^F^&@a`F+Nl&>t@0>Ec^P#r|5L2~N`K|j
zbpc&V*QM3<sJ%X;ZlD`dZEGvl->4m3ol!TU*EeSJM3MSC-AI2=tDER1{rn$z@Hagi
z|G-~rYlfpeT|@0mSN@-_r1s|H&13~*6~|z(xLYF4`Q+y9pGJ2Fx`jGu-5sf;x|MDT
zZ@>SN;FgT)1Y{?zr874Dozv=WZ1`Af7d*I2Yw5yTIv6co>7Ufm2<QeaUCqaPoE9up
zR!euM#jIUCUH2L(J*YeN&{6^%^;9qFuI{5=bYDi@&;Jywe4NNoDxmwRAdQ1sFY299
z56}ZzRv+p~-81SzsC!V$euy5VhtjGq_0`V{@t}{EUC6R~7}@>!C~34l4B7q6$KVmC
z8%v(m{ixGzRzcSNn9=<>AFj0S{?uO$phwj}9Hs_lR1yDEtcr0GLa78l(JD#fgfxJH
z44;qi6D%IjGC??=WmLI<!g9gdZ^1bTAE`p5aTvm}M;m6?piJmK;4?b$xaq_oL61>?
zBYm(yHwFn)s1$S+FIZRcdc_wqL*hYW+??0dp#l+rLr_)-M9XR$JaVHjOwi?Aw9b#S
zkM@2XVen*x(4#Pte-6dxoMA$Z=Ccic{*+Nwf&FNI9;GWoKBC|ll2$mZz;G-K%_)UP
zW;{29Rx+xZyI!rwhJWEy&A(|%^KoOM8JbD_e7qSNe8$j>5N2#}@PNpX7?3kK<Z<%2
z5(f`6JX86k$Kx|pFX*S@InET^p?Y*#WAhs(HNEaY`=uv|apBWlE*AB|X$w-}%{`me
zUEKA|dL2^<`riWOZ+86FE(f910YANnUF%SXez=;ADt_xu2RBk-+x{nu!Qr|dSBoZL
zx24zB-Q2UhQP;c#6%}K90+l;>zOXZi^LFwsg#!M8g7Mf249Rwp0n=Bd)h^sn>t8Xz
z2tP5vK=5OX!4Cdm3zO@*_HA^H7#kKWXeH{^O<T~rKKHXtf$9WuXMj6raqq_Ja0Q>m
s-Om%L6ZbQ!C{$grvDHQDf?X6og4UUD-s;-+ClQ`FzhT|<CCvx^2S<yfsQ>@~

diff --git a/src/wasm/Hacl_Bignum256.wasm b/src/wasm/Hacl_Bignum256.wasm
index 2443d3482b4690fc4a122e564b0c1829d88b56bf..b3b0455710a1c98525a21975f2bf9210436ce45f 100644
GIT binary patch
delta 226
zcmccE$M&s{ZNqjp#toZyuvLgM{+?_oW6LPGIbUWI7q3DCqb37`;$22328HU$>!cM$
z>J;uXI&$P>0fn2L>J{!Wwkj}Bek|?Vyj*?za&<;WJI2}5U#2ozGKy}GvtVRq+OC$t
zc!!g>2xQDXMxc7d`;5~Wix|bs9xy5}DLw?6toVqL*+Jm}qa%Yii-RMB1_Oh_Lq-sv
zF&ku)!Xrj=pb(g^_+auzFOltuMU0%Rj5DWamousYEt*))sKmyr0<vNPqrwD6#fgm5
PE6Nykw%@B|Ean6NVaP#D

delta 271
zcmey?$9A!gZNqjp#_r8K*eXOBKTS52v1Jt4oG-J9E76HTp}JP_E~6uZ;yp%Y2Zei#
zjx3%m4vq{O3=9g)iuV~6?lLOWfrL47vNRbOnw{!_BCQI{NJ1@&4;U4IDj|v#9x$2%
z^#VDJSwJ%<Pn@UPyg_~Y26aY9JI3DWpHdku8HKm&q%q#-_6}EIP+)XyU{Z)uU=om(
za%5n2WC7|?U;<j~!~irF;vxobn2R8`FlK{XgJe;*;=S!DMU1knoZY<*4Ge-zbsW?A
a(imld7Of~}RAQSxp^Q;`J98alF(&|f4ocAg

diff --git a/src/wasm/Hacl_Bignum256_32.wasm b/src/wasm/Hacl_Bignum256_32.wasm
index 5c3eefb8272245099d45e2312fcb695d1aadc9f7..3e0b1f72cdc53751cff986719649b8c477deb9ce 100644
GIT binary patch
delta 2629
zcmZ9OOKenC7{}+#voJLd(n3;|{!dE`0g(z7h|$<<3;{9p1)V--%A?T7ooPGM=}g~q
z+XCfPpynhRADFn%t|pq?xM3kIUFpskS>eirg^!JHO#IG0=gz&b>D=!;{=e^>@BiJ~
z&mIP!JPdyOIP&~I_Udw=>C>yr%YoWpd8_D*Zx{C(YV3IQXk4_$zq9|{_9z@j%bq}h
zcNzig6F((hdf_#68{w=;gL%V3R{<gMU*ed3a_80%`&jfe9Ee0MR^B4jSkV5Wp(pYj
z_DhLVMuNAaT_ldYD89KDZ|y*b5jY$Opxs~@-X3bBhrr2jn-QSZ=%9!&=%Bz`Bpx?z
zA47*shj-DAE~DmzyCXo6N~{9kbD4Kj#;9E1<fqZS$<LtE2%;<NsGpJ2I%cLbbXpE|
z8O-Ee;{3gO@vE^zrfc<}N2S}tlSJ<&dasc%!V}d5m=Q*=qbrZwN4oyFA9|iSOZWhi
za#;#}6{ISQ=&vmDG}0>5K@1?hDKkl8Q2sDWiK!&z#<Q-zH*~IwFbz#PuP7IAwt@>p
zIY*Qs3@OS*oX3!+Ty!W35_E1tLN2+Gpj90kb}6(>Q$`eJ6qhO(CCV^S#xSNRCPpx(
zDW;DSsw!q&iZ_&XAvEMb4x4;jQ6`Y7V1g)FqD*2^QF0i^q^9H~rB{})mkd)cer$@3
z<*8nIBjFW`BIOo7g-$OhfKi~&HLZw6OjS@MVu6SyloW9W(<o`;j3m-Fljo&HV`|^5
z-P!!8#y+rnBYMyX;EfDVk#o|NN!sVz5FbPeM`_G!tCVc3zxE!p_a9mhu}{SP!%wx9
zXxnGmD@RU6A~;B866@(^@#kA{aX)=Te04A}hBKVZ%9BJ&`ba^F+z#<Qmw7MUmeV19
z=-uS~<aC-=9nvpPreob9eR3!%51SOmjymz+?WXPl45;oH@SX9g?ue7O($(%5Bu#&O
z7J6Ra{5hn=_k6dJ!jPo7lU2)HboYDizvNq`Rfb8Wxk;*w`BXf6o34sClyOx&cV|iE
zded$zg-M@^=hd96;tl0p71zEdxhy3+s(@TY`UrXQ(ln;ky_3T*?RY7LqJ*U7^`@zY
zQ657SF&Yz%`(l>7QmP>@QE5v)JI5)~cAi0x7tBJ==<AqMDa>Q0f_X||mQq;2f=Xc#
zb6C(REXovUo5@R0rBEv#B%)F0982QWwwKw@;{CQmY=>QL`#RQ-_ncP-IsKgsAEu2X
zl;nudf3<uR!+4j*Jf{yAQ0om$(Q9K=g{ovDGKmqf?RZ@z!A+QA<M=DB8Dx~%=-rUv
zCQ(e^mm@<F=_5ng$aAPgB5%~SW_Xr9LgUEt2}*C0Hjeu?PEf=$&R(a`GUDUJuHVaZ
zv^M8EN{}Lb-+5#y&{sSq@+X?D0tza@0-q*Okv12NVD;ToOV%$|TcLz06>AB4ugH6x
z#f<!!L#aYuDa&GEjtWNA!@N_cY0NvNlZVujsv9i1aiJ<(eN8Va<s~f21!XKK<t0)s
zld^?HSX$Y7R@v*2W#%e-EwaLt^eV#&+hdXXWrk&@^j8@HF4G@=MNZ=i(~v9dS&G*|
zSF04Sh1N9X8p9fsN4U;#RYR^x$aM+1!FJI!Zn%^i9;GPVRFrPAYWPh?Wx2_GMXi;g
zuIeq~%TO0(U88R^tUKsC47W7;wnX2N=(}<jcU|&bk1Ul;LXsO|yaq8bXVf-2b>3je
z8a2o%({3<XO|p~8bJDUA`t&1fhd-EkGr01hSX$e~qW0%&zr~UlR1M2iwj^kku^dD{
zf{BI(BM>oaIF%{LS0r#%9(0+Ws{dS35h&JPUv-d9Oq;})JL~OV?)(vEe~TYPBMaHT
Ui*RUbousv(g}-h;`KV>f|FPM5YXATM

delta 2696
zcmZ9OOKe+36ox(5b{=&KDNUOyRoj0`gph(LqAw_j=AwdBwIs2V*h%c9=_3zcJ8|Mi
z-nHGPP17cA5L2lVs1lnhY%CR-B@#ufSXAuTu!0Q>kYI^WB{*|uuJ3I(j?bAp|9582
ze{%iD6XS~~#^YauFK<_`mwksnzgaH(nvCKO5f1IH`s+GFjjNlK+N)EdC)C1%VzIqb
zJPMtu{<G_sK(FaTM~a6{ACLGu5iuLi20BgO>pma+ycc1-Nx4AUqQtCOLO2J%o5=D$
z^r{ejCumE=WEPJIb8m}yuVYs=(z?UXZj0fzBf(&a6&qz)j8z}CMT2!_Gw(u|FwOnq
zzlWh?-RL%bQliUbDc(h;beX<$PAT0KQ4#2-GTev6*AI6m(an3P_%Q7Vdy4l_q{^<q
z^S#I;R3s|v+jO|dHr3x_8VILtb^8c9W|p1mm9(%tRhVdd#MS{`>PNpSwVy|c93yhf
zY&HYawVPvR05MyW>g5B(@WzAC>&$+H4<RZai({aIcx45Hl@*>qLRC48AtbhC6;TY!
zKkQv4rV5lBM;v`Ob)kl^OidX@RKz}LH>0?0%P1AYKBiQ;;;6W(F-L_`T4kJ6zO_}7
z9u<F0#d1{KRLW7IlvYWT3P0VxGm4B<iOKto(fziR<TcX8^BKC-8ME2FQHoSM`7C<e
zAPYu;md&Y)%wx8KJY8g#F0z1vy2v@?P|z1SC#kf};xp9101qO7Amy6GcMn^u3$Omz
zU_84kK5l=T1*?ngeRXn3j;DB>9!^kU36IbGd>C=OLpgUy;&Mo8i7Yi}ScMpo;DiJx
zYD04N=%$}-h@Ve9KO_fFJ`IYMS^n8uA@SAhN%2kduE{=5&f`%kA?hi?pvbYh=X;UI
z=w@xJ4<NS92g$aytgJpL3(>K*`hZMDWo=Qrw&JP7r6CL{s}Fe&|D4rB<fBB*>cgbz
zjYpu@b%!n>F1<F2;R;5nLnG9oi@2z&yo3w5Xm==%OR|_yNr}0>zU=6`sVg-^&0b@Q
zGLFj?j1%PwQ6?~<D3ch&gr-c|6a{f@pL8Hb$>VE%5O)+(ijqdMf;3SqqD)~*QKpf?
zl%`C3DDGHf9EzKoagO3l$_b0yZr@lInTqr?W{8qQPEp9|$Z1MmQe11*CaFMfDR?F+
zM3J7PIrO{1JmiY*(}JQdVy=QkqRta_2}_E)j0G%d>awKLHj5X?nRUD#b*QIYlQ{Io
zO9x(Qqrqu-ZXxva0lkn88^wL%llBg_N5otASAXc-sFyQ#I>pE6>2WG~++*-2>fRVW
zq?|irV>vXri7cPQgbHCdbzGJ-E=JF_1e<vhNqWz`cFcmM+?<r}m?Tk>o_CBz5$Qv|
z>g1`^L*nl<EypaLqSsX#DLzHzP1DA-XX6w_EM@PtTP-7=mh286&(Ome&shwL^!3k>
zM>5Wh&kDYOpV&GY3TKg3Rc3jPXn7LIn?~(FVH4RkUmLgrW>u^kNB`yIfX!o0{#ihw
zf*JAU=$=vzi+1<q$+Uz!LrXQ4+6*l#p%pAkp{rOTp-K@eWQMC`h9Z_xv^|hR@kL>G
zluC|p$(@@rQ_|NM%1nx1XDBK4YmDTt(+6Lbi&$kEvC3X#xKne3IS^-TEPhin));Qu
zjN`W$ZZJhzlayPMvM!gg?oifUN?!UWPd(gQy3MEqx0$DhO)}I?yhC&u>igf&;7x`N
z8+@1Hj^=Jk?p?{fCs%RL;oft(Qpw`<>Erdh0rhAQ|DM@#$ZqNuL&|JGM*T9`VzQOw
zAB$(CNrUv$0IBN9^Yf>SzdjX@*AB8k^{2Jp>OYEsmdvt2za)(2HX6yG*+306c!?-w
vdAg#<%_WMoo69yrhP)`g@7Y(y)}I0PyV!aEkeF_5tRBDr%&5Nq;7H^D8J32E

diff --git a/src/wasm/Hacl_Bignum32.wasm b/src/wasm/Hacl_Bignum32.wasm
index 4952f6e00e3d9437c2424ed48e58b2b62dc56bec..020a40abca476f576064a0d475e0bd6ffc630646 100644
GIT binary patch
delta 291
zcmYk%ze)o^5C-sF?;wFBL`2M)>KiLlDHyD82ogfxzz6U)w|l!$ixd`OX(w!L<qHV+
zB;q^x2-ePVk)-_Q&u^I5&D-YlqN~5_%kD`>|Hk?7O84uhVcogK&AC!^#|pWnf)$x0
zhk;t8IV)*lKr0lO!EowIDctijibo7~g$F9JY9q>PSuw0jGVx_}npoKQKAKD&9IK{h
zSzEGl!?Ifb-*A#dhZBD{6u*v+`;ID3p&WVmIL;>1fY3_5k-SKLPYRM6DQu;7sFAWj
WYsfoDuts&*8%xkQKvjQaKWBgQ`$5tG

delta 301
zcmYk1y-EX75QXQOg)GF7MWQUh;*6D63I^*PEJQ4QhrP-D3u=+V!rD&Qx3CiSHEi+{
zwt0ojvPvw!!<p|eAM5w^*JW<L+pGL!XtvGW<l2nd*GW5k6hh^>7GgW7U_tj;C3H@N
zF)vW#7FM$0G<cFX)GrwCgJ)i1(Ib{OdSb;mw$0|~cnWgt;EH_K+em|EQ=HB{yiiwm
zVmvz?bwUq+qh3kp;B|0cQseZ{bC3)aI3hM&Ud$6xZ;G8Msww_6C8f@keocL;GnI)~
V(El*N3ZWRy6bud!+RyUmYzGE|Lh%3q

diff --git a/src/wasm/Hacl_Bignum4096.wasm b/src/wasm/Hacl_Bignum4096.wasm
index 803b3740e7e5435453b0e19b8b7bf8ddb116487f..a3db37774c90287d829923c700de1e0df1b8a2eb 100644
GIT binary patch
delta 206
zcmbREiFw;6<_!|;Onr|xOR+bJGBr(~JWs}kQE>BZnH^lb3Jr{!3=E2Q8J!puswYdz
zD2dc5+-G#;$jJf<H#^lU++%E2V4mzR<GWc(BY!>P^2uG-Eg3~OAG!XDo3{w0^&TTo
zjpBXA$!i~rn>}DuU{ZVtG)(akBeR3T14c&%Zx#nf1`P%Vg@=qFK4Uh>aD_*V=0G7Z
vU-7}_UyoH-8D~$Hf2j&I+V!Oh8?Oq;=n0Gp6BrdIGEUZcp|g3)`&v!_hf6@c

delta 264
zcmdn?iFx8D<_!|;OfMg8mSS%bW%@a7@;n(EMuExm!d*7Y%a(8@IWZ_y*DBs+bYxJx
z$H?rUaF5aP0D~usgCm0m1A_vy;(bPiyNn8TAaRbIEKLT6W~X|fNUH)fl2D7{14ad)
zN{Awb2aM)Gy+96Q7SPbi8*5ZID{JJhXPh~C@^wo_;mv2SzvA`@S71<JbZk&ih*Dq@
zkdty`U<FzXRIb1Tw9|<JXd=Wl4BjxuKrCR)1~~-Dj%>wyn+2b!uyXeHHZ(8@GSzWR
UUVmK{XidyZ6}HWN?^kdF0KW83p8x;=

diff --git a/src/wasm/Hacl_Bignum4096_32.wasm b/src/wasm/Hacl_Bignum4096_32.wasm
index ca76643bee1b65861b773eb6342429a27600a5ba..d937d02cadb5b167e7fbcbd852dd8f020dc3d18c 100644
GIT binary patch
delta 556
zcmYk2u}fP~6vpp)dFGikh>3zWM0;+bXd7u1wYcdmMGy;09a^k9NSefV-+M7ysFS|9
zi-tSep}07-L*Y&$=pvoEIrksvpq<1aV9zzRal7BS-}!y#oSizH*5P{?b-rFyL-zQy
z>W_WVea??K)YL^Xr)JYaFQuNeC_m}gf?-x|BzscNaZcEt+s{}<Y~h=AjHtupq^@@j
z#C0aUA2rTVb&Nf!F<iXoTrkexIH^aU&Rg(H?PZ4{q0h1h&U<`CH2#4a$0aWa#*2{&
zEQ%1O><Pi>4->qE1$;@xW^`d46V1XJU%^sC;>rtZDGG3TQSoOTjtDL8qN~JAM*SIn
zFd|V3W<0I{$z2L_1)ILhlB6gFB?UK41nP`S?upRmKKkmUyTJ-DXs~?4@`>f&V+EuP
zEBME1m<+2c;APs7R<N*)UVAK!3;{iTKJqDN?bg)md@n?`%wIb1md$xKag%T1TjLTT
z;yhaInY3Un1mVQ7copb!+dvb9^!mR}6^sUXJI6MdjczqHsoKL1t-Wg-uGF{6BZ%mq
XmDWhS)5HzpARkgks{{JxV_WPmIlGHB

delta 674
zcmY+AO>0v@6ozN+N3TgsY1%?dDDj*k*b=cyTIsGC6+v7`(tyyUg+i0|eif4<?rz47
zh#(YZ<D!W47Zm0Pxbp|Na3S4vCx~CTQK;Y<ulA;k1M|Lf&iioAn^XSclpo0<@7L!i
zlFc5dx!h}g*?XJk&()X00(W(3yzMpwgK~&9!LV*up)Mr9>r@4sV+?Fug&JHX(}@By
zx}p!YJ+L#QhYeUwB{Xi(NL}y%>#BQcQXLlx+Md3W=g-u&*$Q`6X}qdm7B3DN<Wh)D
zLbeFmI*(k3CM=VgA)5wyX7q3a)>8=^2H7&m)*15F{F=qzt5@X;AJ*^6hn~T$gxDrr
zhj5)i+z4(%8*Y-B;o5sJk{LbRf$dbnj=^;duA??96P}P3`rxbkIHSJJ4=)A~2xfYG
z!9(;3<_mW3|1|?rL;-Wjtcijq^8toJIv7Eu4sNGeF~n(BWU?a4iUzV`QYI_@mz6e|
ztf?4xX+v7Uf?Wv5az$XkA=DoiA1_$H_toZBi91?uef91<FkeCftbsK)QxwdlNld`P
zJ{?PPf+hpdJ}Dml<w|ZgFcK5>-Jj4OqMr_adMYIwwUS()CwVGopj>)${iA!qRwob3
J`ud~M+#fKhryc+R

diff --git a/src/wasm/Hacl_Bignum_Base.wasm b/src/wasm/Hacl_Bignum_Base.wasm
index 36c90f4f3c558f4e65a7cf49416997e2e3284dbc..e407cd7801c73d69dfcdfc15c6db86c600fcf01f 100644
GIT binary patch
delta 865
zcmZvayG|QH6ozNkUMmTaQX{4KM-(ANf>VG<$CODLyj~mI%f;qmV7(YH%f$q-De3(X
zt|p4)7vKf*1nDECPoJEb+4Z`h7|oo2&pF>ed*=5e|NF>)JS*^Dljnu^@A&u8YI$kC
zl<@l(wA`7cHD~gz+;LwmEixw7!N5XML1px3`EBCClWc`CR3z_-N@0x->`QS?GD?O=
zQ85bPQIID|CR|a1ixO!sxy$F~;E5{9KGpkRpR#%mU)NK$!p!+z)KHU9591G_j@npk
zpeh~sk%4V!QX2EnNOdjwl83?{{al{sjnTjILefOjdT)vr!2^N^XvkuJ%6DWDf$6HR
zzDZqY<1M7$xk(Y*Xz8>aY%1)iJ8Y>t(MH=C6&-A&J=Q*2=;+N!Y%^<77w%^Lb7^mi
z2xUsyx0D0yDjX1Hk0@PqE#(mV=%$oIL$MIY{09v=${<cM)s8a?rKOb6QhGR2=n>_Z
zC=nt{IYEdhrJT%A3e%4LjFL;I8H6MQNkVaEDd*@boD=1gC<6>E<pO6Iq?8Ly3G@Ji
zr(Ta98Vy>+G{P8-e13@2_aiP*&4VjAi0j#1udRz4Tq@j<iz{+5#L&99#WjYhi(Bm?
S)-K|wT$t&9oqYcI`pti0lgA$b

delta 823
zcmYk)y;9pi5C`x(`6Gm(Op`SHZ&D-_BrXV(P;n)b#<C2yg~1pwn6oh$^I>Kflrn8b
zFObgF%`oE^;05v;sZ*p+_H-x9g+{llyZx=S`uog(Kl7)B9RD?anftKHf5x9nA72+D
z{<uh&xu;i=)_nS{)GjPAFeS<;$A3PptoiUITW1Vq$$O%l+oT2in%|V{JtcjL@_hxL
zf^1X#qxq`qi;83-paTKeR(gOVFb8P6#@zZ*R8f`C-zQ=l)rr_aMS2MON%0+1*~MHX
zscn-ABv&FZSTSk27XK@~jq0e|hU=n14TRJ{h?>j~W<7W^k1#1sZHQeeJs&sWp7Ugj
z*h9l?+sCfPzJ5ScKZq7uw%G&hp*1nhG;m;UUSx~eKFz^)T0cu2&Il!)a%7cbv^9=N
zIV7cnj#W-@gpN~A62&53@-Yl@nj&5_%XL$QwmId@Dhj6>ij*!XJ@l;7#~FG~>CY*-
zS;g~I$x?$9p;UsbD{*0!OPp(5k}@D=h@n-kaDkyyu8b0zDTZc>k(m;WSBz+8Bh<2i
zVdQ=qag9nA+`yy2z1yu-?{KYgN9ql!V~nkOk6VnLdT&%Zro@Q;kAf(ofFk9V;^mDO
K)9}licmDxq+r|q3

diff --git a/src/wasm/Hacl_Ed25519.wasm b/src/wasm/Hacl_Ed25519.wasm
index e4d48bf9111441625360fa22fede70b8093beda5..57ca4d366a2d9d8f5a81677d96a5d09bdce14907 100644
GIT binary patch
delta 11448
zcmb7JX>1i&mVUlVcnMKDGr_?mVfvgVsMDGs>G?B+MVgqA(w)&rqn3I`-ReL6XQU`<
zrT@%GGn)6Xjd^BY3$vNUHkic=2Fzx&g8>6J*zAO07PAHnm?i9C&b?LlRoz={TOFP7
zsPBCDEZ@0xdG%`cRZ)0Rtb3ef&s!UwB>(->w>vHu6(-tp*f?G=!u#WAzxUc}k{;B4
z{*!?PIpf|6|My_zr{1{Qw;TR#<jhZhUc<1KK~GM8BLCe#<>&nA>t7@iP|Kp1DXe2&
z#czidtYtvfH+KXrcS%V*U@`@DOqrb~6Nl0k#oPYpcXHP<tY`V34P#%5g8a|&6JLk|
zsP`(q9{#~P24v)nbdvvB-6V47e>FrXpI7uhgWp=Oc({SV2Ct&~!#M*7CL0)#)iW=@
zd~kjP8=DxBNaiPSqk?f0gH3E8Zf3BV;T8tZZK<|c`BJ#mm#UEgS>IeGl}k#36_BLb
z%9L4XA`^$w7DY?d$gs(ks!2<=jR6@sU8$P1RLZBN+OBxGgTW3X)lLRvO}<n+vr_F+
zFz#lso21&qU=PE+3`(p7u-Cdw;XYrgW(H(^bCpysDQO2JsrE5tcA88aN?Q~yRWrl=
zu2lQAR0kN4k<*oGzm`h*v{VNb4_g?t1X6i_{N@d|Ukf$*P*$kJ3=T0o!r%xA)!JX%
z*yc-glmS`)61k+fL~RVnT!~^(T%rL-86IPB%xmu&^2>GxtqeODv@<-;V5X%GbXb=u
zJmEKSk^x!YTs3Exl(YlVoKG-icA88aN?Q~?=aURixpO|H=X{z089CiKpVD(yK0W6%
ziic+zoHe(^IR<2>{7Ik7PWoE~<9P<>Y0}^I*EnAAMe1Zg*1t$DDK63l24t>CF(@w5
zfKG-N8C=wpzQo`=hL;&!Vt9o?sihBGwk}iH<u`Ga0a@Q%HEEZWv;)$lyO=UNO(qVd
zEsCD>RfgBxNng{GzRrM*obIHr=}9Y}p7agH!<!6lnn~YcKz7Za^sVfqzgIBcW^kJ(
zeW$<1vD+8vE(5auMRG}Tk-8a>xgy1&xJU!;GQ7v&o}To526q_tFu2d~0fPmWKG0)b
zrtqQP#3Ke|eRI{MT~g8xNRxiZl-X%AaVTw3^rRm#eC$s8v7Yn~49LjoPWrK)wDRdm
zKT$k<%HXM)^fLxzkNrtM%TD^ag7F1|7c}XY{WXrSe35=+K-RxVE-5b3D+Xk)NHHib
z(tsZszGm=RP5RS94lfxNaVX?Cp2I>*A1LBcxl&l{;s1X8{sazWF4g<ZiueB2fs=Lw
z8f`IGX2;FMp)^svfA~Wl<-!bizT#!LSM=4#AC_<+Bd<GA@?ZWsPim)E)cyXziHeDn
zI7}kXe-9rpnFCqIoBe-zqb76n6>o|{aVm$Yd>~G9I!QP+r*OK`qF@FGGFJ<$rj*+B
zE-9|ebPi;$GBHRg6L##4{=+-T860PFn9044uDpU-9Hw!c&0!YDIUHt3$cY4c9F8-b
z%i#*cQVtIo&f_qi<9rTtI4<Deaa_oul#hL_{`+Zh{=0Q0xQN4Cp8rYRBrM}Vwun!_
z#T@3@tR-q)fu=3xK(>Tv%Q(!pY2|96W>s(?D<@VZhXpokxmu@LD>#rXCsq{+ZL?OY
zb(*z`1KCRc9}{pjhs7M%a9GB%nnNYW8V*$)YdNguSjS-iuH}%#dJb>mIu38)dJY3k
z!?=ON8a^zCo)zBL*iVYb!5Z&xrVRc)HYisB!uyId4jK%Q!i|>OEXGY7HW?Cb?kze!
zPpAzwVk-wSqHR<~l<3VvfGNpOYOYKUUEt6$vEsIvyeYMgVkId!HfF;Ojs(CNdBd8b
z9Srt!HDzPqHgbFGGw=OuJBRHC#vQ$d%h{<r+Qos4Slhym2nc!zvY0EYpuyhfg>Mvu
zT?O2oCUw}=E{?miA@jl@h6!0r3xRtSIiNwF-{>9#q;PM<{YAJI_i@-~SlIm6B;2p1
zIKY977VZtDARuTysKZ=^U3gQcMTZ;k_M1vV84hqfm<=~165#&Cyx+A%nt~yI&n?*)
zc*t^_wRo7rVMD?ry#>!{)%~?`AS2eHus;HVj)I)#%A}w@b${Yuuk%-LL^g21Z8fRG
z9@{t`&4&CS668`b-J-{$U3}m-c`O?Q+by?Qj2#?03<;0-7M<Y<-Q`IRWJGHZyCfj!
zD@batOb+VuQgL*O0q=y#8+Le-<0%f+DtPn|s`d||)5;Y@HHXk?1Elbb<u=*zEQhm(
zgy(vT&hT5^;du^ZL^~69NPsEHm(^UE9H0suIwn@!w<d4c;dzeVWy6JsP_?HHp$pLt
zf?NJVHU@T*TOUFfIb1X_Ug|Ae&Sl-v75XQS1F<^8jtB^P2(p-~NJlusKZL@r0`6s#
zI_&BS$F6M1?12-RRu)qNrtqpFn@I*Y^;H9;@LI$jJ%p}vxNcZ@<F840Q%iA+0~sy6
z7D_=t(0ovbxr#`k4xw1RH%%p>47WIbpA8otLe+Ga=l$+>q$zU<-Ok3qJC@rd$8HYY
zhJ<%}3!ZaN_jjKI8L{q!{Sgp!6dWw(%A}w@We%aR$AEj!qz-$$&#{L?jY<%`MQi+9
z^nr4j!3N(G9vFb0mn^rb03UI9WJvh9x9ALi&|N;^Kt{BOVV4A$lKflLT$vo83LH8n
zR@@IJZ`k1zj!(1U!dtXP-=fc=9RxSTvuq4}PHugRzToh}!1%Jaa5=AZM?Z2PBi8e<
zBLadRf-L4L(vi7E!>$7EE0a3x>PL>Rvmvv$V`N%c%)dnoMbzhuS}20#DJ+V(e--(j
zFkZlT!@^=k(i<fkJQ~z=;wPLS)UWF!G6KkGWsxA<{}xDqiQ^Yyu1o|HUEQOh4#B-V
z!ITo}kP%oSpw`{Lwf_E{s9Zr*^H0pgY!IAexlMMQEMT%B;gsH@bDZk8I86W<@g{{W
z5@2fbTQpZD38)H(j)_$_)g%sEoF;I3He9%YYxM@65p5yZE;F(*a3;C+2A(BgmVt40
zZ{gS+za>uq8PR5jEfEkj5u`C!k(PoT9BC`y&M~>ewmgAz1=P8dtMeyUs$9<GO0z+5
zp5-<b;Cun|4G9<Y7M-39{Wcc~AS2$quuTF?P5$J}l}Q4s!l9#L)h#rM!xk3_EECQ%
zf1`fp_m0kZBe&6dq}6YA$g7_C7Yk54dg5OqV6niZ0+tH>#J@}cS)+R5|7e*oPyFQy
z#R>rxVjx!P#q<dM%jE(p1+EaVTws-e-Bv#M&bmzDN-avkDgk7DbJY(4E-7gTq@PGu
z3T1YhOdLvE6#YZMDuJs7tQOw5l|$JYU01SN0GY-<dQ%nPUv;k>nzu#(*$NT<oRFZm
zNwn@~tNuQ>T40Skgc`46!SD}jX-CshWG&NEs3EOs3fifsP^Xx<R=`?+3iSfWYP`?O
z^G4Tar?5_;xL&||n!<+uG{gp9?~MY;`q$ef#r19wK<4TlgZ_fv8wG9>u*uhZv#<9S
z0c0BU_4con-kSxGxq8z&(mT0D;8p=!h58Zar;P$O2yCJqDR7&BgVvUVF7J!Equz~y
zv*zahiv=d3E4q-j)^?%HLTTbLC`}ag>zg;AG?zW)-rtq}T77&~I&Ab)C*m#vWEM&h
zV^EqXI$~$(p!cB3+B@{P?T>Vy0J1%n)8(oi?2?i;iTd0tl-X%AaVTw3yv0l3$=xTg
z+1>WddfV?8Kt@jY=f-A#+iR!Z_6HOb57ONHZQmk*tXXgSmh84aq)<F8;4p3bBk>_e
zg-)cf)z_#^0GT!Bgfme6laWh`?}b(YWbR&wL256AEvsYZ=WPOy3OH&h;cS5v9`oyM
z7eLlGSIyKVCGCJT(_=!JyVGKj+G$R`?E*UlblCOUn<ItC{d!LbAnTi}>UBx+J$PII
znVlvRhvIuMc|zbx0VnlQ0H*{T5qMhAU+@em8EKBn_?~<JxoG5{V`!*ABBA%gIcI5-
zmPSaV?^&VDLg`M9L1~p!oejgwa@lL{jVb%J`Y0(IHu|*_@w@;s3#EuLC`}X{@nspE
z4b!bLrLfbV%S8cX7c8gCRdaDkNt;A{b_!*7noJx@TNHIR48ADvl7LHg4X1@SX7R{x
zVrWEMe*#yWrAas)jYO4Q7RoG?^ol`gIPJ||Iwbdsz%KWw>e5HmRRLt=bdRbo|ESVV
zeN<gjOuR1Ox_?yN5J1+YkE$Elqw1zY@s@yFbX0xs>?E}bqlr>@+aK8-0c8DeO_vnk
znzsdz*=aIyNNvrq5`9$N5!fxD+fu^Wktw|E*LzO@S>If>#avR-4oHK%E0nn#KL)9d
z@6>xw;C%u2?RxFKn!+Bx-UkB6`sS*7T~hp(=n+6>r^&>jzi>-D5cp8QL%UwOC5p>O
zeiK8(UV}sFv9mOOOFR-l=H3!9D7YoOf36thUFdonp3rU)_*Bqe@EIMQ5t&Jl9y)F+
zNB(0Bjn((USxPTqxmR8}Xn2nmFays?KntR`uKt<UQ<<An;tg2-CH?uE<sXkKiAqIV
z<&{uop>)s3pfr@Id){kVKIm^@ZZrmcH7HcCLko%|kiE8iE>&#@mz1<gR8yf;W@pL7
zp|nNOCuEVt@e;<%sFF}7yyS|J-^9=;N&g!)!C9K5r4bTURxFiSD5({L(op8BwIVm?
zsn@yUOZxMZs*guKb;6ZMAhS>k7lY_4g$}o@YEXfGoTc}oI9WoKz$p^837jh7jKFCU
zo(Y^TVY0*-66hV{6q(NdCwgl-Q^HJ1k4Pm1rWA^^6oRuQ%#t`q0=<f)7_(){=X(-7
zpI=Y>z=LxMEs$7BqmejI!a91>E1}dZnlE9#zi1sT3Ou+#p}0`O0*Q+x(3?&waG_aK
zMq>JF*3+86gNqf4OC&6oxKskY5T$mO=rsk@%`yqgB)xPkAy3M<uv|j9#0m*>Bvwk8
zCvmxiMG{v?SSqnfLWRVYa%}giGdHTb7QBh8<k+*d54YE!eDX4ZtL50vU*H-!Hi6Z0
zY$5%ZgEbOXNvxHyT4J4qH4@iKD5#cLFQG=_Iti4fHc)sywdOZcDN_o?4GO^qDqrG8
z2~-RPX)uj%lCa6=FDHKB!OaTAEfO|M+$w=er<7aFnnnqY1^%KHv?y?46TuR<NobO|
zoi+tclQxA}v_rxUe@zvw2|Tz{p}0%JPKmoEtfXN|*k#u2k+8>Kvy#>X9^9+Y0^BEI
zuf%2v`{dZ1H15|j_<wGcnc@r{(9IG;EpOGxLEQ==)X;W~wCFkssgkf;BZqVqgitNb
z8aXWCfW#vb4oYm5&?2!-0vwWfRKj72$0Qt)*e;<}Vuyq_iN_@zmEK1+pA1XDDXET{
c1e~VNBz>Nt&v)tbEPdwD=edR@HUCxe|F#)Q6aWAK

delta 11706
zcmai4X>3&4m9DzWP#w2=U;@~58ud8?X-y}sVe*THw3OH*jnYw~XnxG7`$v>SiqxY?
zq>hwK`cGAxt=xbC8y>6KY`|>ZFt%y-&Fq+c-@LHzV0LJhIrrAP_1=9~cA<ld`<?He
zbH01-z2&OMs17mpvRL&v!Ag%dJx%=Au(vN>9X%>`EY7~>#lyYdfBd=kvlR)iY{k!i
zkXIc4`Yrm)-B%Ar4DsF{QPA}7Bg%$(eZP1=UhDnj4?{&AgF5e>FF+2D#pqwDFEGEB
z0a+C*j1~6%b7B0?|NCJqmWEod<%^Hrt7BNtpoU=sgYI~k0S#VD`-ju=@&-0CAalHL
z+6R1UfeB~`=SU=B6;o!Rl-Yq&l&kB~An)%T!ziD(s^hQf<zG8T^tIy0i1t<IhhF8M
z`nis6ojI#n&wwmijRX1Be6)e#Mh5E`ZesAlUYbo|ov|ctR!d*Jg#lUbRMnLzDFIeI
zTDQ$inT682IZ(=?c(*UTGhhqDt*r3lA?#C8T=;Qe>_0>?Z1s*@dzV)9-E9oW$RFAW
zg&)_ACq}=&4id`eRh`QJ-gd>qRtBwJzrTObX9okatzP5Vf{{B|QEYfDQ5eIW3dLOv
zcCkF%ol7_F(Mz<K0a@-Pijv$V+QWb>x<n4-F40GO8SZ1So8f*2CDvNNeruS-HeK`q
z24uZcRbQi|gdLCi+QyXGS<)_)vM9Q*2N)iV_Vu9Y>mdeY<d63Cpzf>k>AoITJUqhS
zi0<oA24n|yUyo+{dQ72soWXJG>xo>t@uXg&Qw+#*FHw}_F40K_WYHyZAa{xSoML#I
z!D%mkdC;&k3{EgS%is*da}3I?rGc~7Fp1~2h6@bHdZ(&3M@b1g9<}*AQ)XvLyHLua
z=r&(q*dA?jyJ>R=12XbQ+uW|(tbDr7or;HD47zliFESu&*KNL-ZSy6C;$;Sxsm)h%
z>Bg&iiLNmq%e_QVlDkA#8IVPn$bsA?>T`|Zbq3dUn{P0<!tf@88w_tTm|-mq+_Z*C
zysb6dVL;Y9Rkb-vO4#wJ&9|8{J4@PyQWizG`3}Ro(Kg>TZNA5VjQr6y-_>naKHcW~
ziih3w&aB(~fC1TE-R1|`Ha}D-K4S2Q+Wa_|ZhWGb=qUrT+)ETCxl8nf0a<j39LQaw
zK2I4wWAIG3`8k8f3|}yK&hR@1v#q6p7uGO|FSUkO49I$?sy0VS2|FIO`6W|kXGyzI
z%A)8tzhd}0+UD1$&2Jcxkw4nz*SgKhr`nu1iW3h<a~RFNez(;7c%LyG$X@GKkKyJG
zd8|Tl9EWi{57Rt{b}aFJGG=J;Hyp@vFH@A{E>j5yvgk57kh@HYZ#a(UFrIrq?<yEJ
zfkT?(L=F=;mU5V5tq)A(;pIx=BrRex2eRI&s@G9c!j4D1p2U^eS<)_)vM657Z{Ha>
znd1~5`NeArb?h%ge^ADOjJ(lKEC2NZshwW;{|(G5S4^DBVQRM5(>Rb#@fxQTjGUJ3
zwWm;=&S5(BdPXkoI8!gvEDmJ3mnlkemuV&kvgk57kh@HYSsZ86e$%}!p2J}V#|o;6
z<6I6E)(YV~4(Axo=WvVR0uJ9XT*#r6V<m^V9IH6Y<G6^!0$%h+{ds?EVc)tET+CrU
zFZ`Ff@wkKo*<wBpt2r#RSxeQtVoh7dfov(!mUF1IX)Dx3&05KUYz47uI8@oJS~X9z
z>Nt?q604rWBAeBq=4sX{4rC4dzsF%ChiZ<iIV|Vc#G!^`GlzPPEgTv-uHn!JzvYm?
zwH)5UbsWBj>pA2Z!MK6LYCa@RzrhdG*guZ_8diIalk-2vjmqVNFi>&6hK&YD;wH;&
zCgWxfn+*xK^c0;wW2g-^d>aQcqHR(|lqA&|BfylDNoqzWhc0mNCr)u&P2QxMN3jwV
z3%6&(<%a^4mlk~18di{>$<>;Tfjca>nTtC)>@+0Y)l=~JZmn+*2Qp&q2=o!)EAn%i
zkx4=N%1iUT&awXx(&%${o792EJskIDLl%UBbf*f2><f!1$Y|V`je+~g?fvJ3@Becf
zhc*M_fu6#}4{BA1IFJ!*f1rv0Ux%N?jI4t4y#>DttMa)AP3l0^A&!T$AqRzm{4QPa
z*%9UOF&LClb;JNkJZibkTs+3%m?7cuo`T0uXpJX1kP+)>ppgJym7mj$ObS}e-=(7(
zeeMa9I?#BM<Ed=OcSAvbGn&rd>9C4-Ga^rCgWws<Z6@Pc4rdJs&-E0YsZT6){w{DJ
zBifljB>}!JKdBj+9HjC$qr>OV=bbls1BDkjwsUAw!NWI9Q|5;0P%b~JxnVjCki<^Q
zZL(t*hb}|Hi#<hWcu6a~%z=z(oq<9EOi7t#H6xP)RDpv(af-WS@&*bobG(ub7u+yS
zbc72&yBb#DpWv(67<kQco8)+%!*xT#8$AV&-_-hU(YqT5VqFXL5#THGbDEJ!LHf)M
z6KM3gH%;n5<1LQ2vmt{UrpZ$`%$=|Z|2*Hx#=yJe);G*O4)+X<_j?K#@7Agwa3CYr
z-9Qxqz79W&8HH4Jr!uE6P~~&GP3l0^1C9@~A%h#HiH>l=XOEP}4{UCjM+QjZW6Ny{
zz$YA@7!p41DR}&u*7%$Q8L=J*8VT@K`L~7{nH02`=7w?VduCDx8lQ7~!J%0t2%o>^
z%=!CHxr|8v9sWB5(8nOlZ7RT599|g`zV0bH!#7&xC;?<ddl{%Cz?76Ze`aKIfGTkC
zCr)v1Ox{4@D1oE1;ezwmtk2&V<uL;N{XItbKoZAVZj&6x2^eQcnC>Zfyu_PYF?9Gh
z0?3FpR*;s=Z!iS-iu{~rWKxhmbN-zAN=)iN<2M4wXF~?(uUVhJ31JcbZl92iffLEC
z&tIv4QUl|pp2Ec^YgJPOkP&NQpo#!rho8laLaNO93sm{s$tHE6YKp)z0WHzJ*^=3t
z<;vwpHt!AP*&sO8a+?Zpnt*ABgkDe48BW(KX9yr8+SEWL0j8wP-ZUeV15|;7KXHni
zZt?~SX9%2`4HxXq7QHuTg%$YwWL7o?&bHhpInEI<$B?k1r{M9qTHibYWW<^s=p(>a
z<mWUalY;b_y%}iqxpPhGK;t}t^98Jlc5zLniwl&?k8HZQAR7c1T5eMTRtl&zB&_Nw
zI>SX;<zfM3L|YiBB*2uE>7p5#9H0suJklv{k;xk<Tr6;jh<q;Jp7~r}Er4vh^{G=o
z4pDykT&|t^bNN!m#AO1O3G*Gyasg!9)#vi}mJ9P8%nF6#N&zcH9@ePf`b&*k0W|{a
z1k?(w7qHh#30JIP5*yUQ6t5CM);m>w;EIwGc0Br0qd_RMv!q=pWl_|Z8Xv3@*eIY;
zgul6fI%}B3)w<j!0c5>XRk=}8!j4Dft`^GdENK@?Srq*pOq0OoXs?^8WAq(N3mqJ~
z0j<(?ua*CLflyBG5A*Z$)+i!=E8ttx>cm<BWJIj`pZp)K&Gveof^ofo_0;PPZmYaW
z-pDU=_is~VrrW=b0?4BMb0F0}uj;o2-mj+*V0FU#<Mdysm-^{LerhcyE%6qi%tGn;
zq64WV))9x!=<ofi>+NCN1#A%5O8Z*i4grU)jSIJ}VG?)hjj>ArS?^S}F`}e|9gnKs
zDU{h+(k_&;D0(0761ZEyZmat++8QS538gxAd#N3{sH)s3DPhN>a`y;jc9ygYr7Vgr
zcdx*G0`^(;L8~=P;(lFjn*g%jsjA#4DPhN>a`y{mc9ygYr7Vg*c5MO=M33Ep%&|Kt
zfQ-D+uRfKZj-7JqV|Pdq@i1+a?6Er{fQ*QA>_#5R9=oFo#$y7G(Xl(8YiHpJy-X(s
zkmcTlQIfj}PY583ZbAogH(~xsfu{tVvetrn@72s1@uh=?7fgSzb|x~_-EXG_kVW^K
z1F8L{5A~la2C!D)jj8yBdTFZ|qF%Zy`u{Mx2hK&eh1vr;MA2M*FF?D1;{rPb{R2Cx
zQ0pRqhur(Od89FlIvOuVrY2}=h(w#TODMBYy0{!DrE;pP@culBaLHcs@zyYjm-P<0
zLN~0)K~)DSN=kqgk7~Rulvya%=s+opqR;&mfma1wwd#YJ)-Z|Jbh+0Bko8Vg<wi*f
zJ06vLO(?Uoq+KXwQFOW21>O*F!>SKDtYH#w>T+)hAnTo~%8il|c04Ngrch>QNxM+W
zqUdYtmcZN5YwC99nz|!^jJ(lnO8M!UQcitM-Bm=qC*WT8nz}E5jEHni{rG<Nn(9_C
zJ`nJLuBnHSjU7|_^Q+1c{hTx5ZL946OAB=m!6N}=(L>-s*+VeAs{cP(n=MBFW$CHz
z%QFFFPb}e4s_ILW<nH>X0?4Af-htd*pZ`qYa{<ro8fFUbtEv(GTy$Gi|6f|DyQ5zS
zAdBv32U0s)UlPL?4TyJmzh3ky{hYOE=ufT9MO*HbP-dZYpdCnUIUVnv#hF`il!S-$
z{f2~5630kr58q`mc)`7wi${Fvpy55JZ~k$Ssr2YI9El1XE0tL&73e_p=rwaIZd@`T
zUgjNL@+tj%uX-r`EUX^z!!oM_X(*9kLn#_-fnGIjsQDH>i4)ZC*~Jqjkd2pN6;Z0%
zP*GCCCXuKKQkk74?LsMwq7HguqQp`OrP3Q#{vM-8#8g*evIH`Xfz15t&a}Y=lO&MQ
z2gK09r{}%Wn^6Aa4<<{TB4LWHWwbR+Vwsj*E`h9fs*)Wg(Yts!9?34FRhKqOy>uXY
z7Y|KTvWv?lPL(h<1jl0f12a7u#c2}i1$q*82%IjVQ{W5<V<gU$Fiqkt3G|rJlc~a=
z(Sy_35@t*Ka8yEIQlU6UAy^?{j>NeV=xHRysF2AFf1ZSSvanc9SW6Rp7tU8OE}$Mt
zTqt23J?xdRz)Y%?P?<@xj^_9ttWqd0l29dau>^Y9Nd+!4bCyu6GIQ3`9N&Z03dN<x
z5~?LGlRyteNzYO<X}N^ulAgPkkRxe4xI)4Ti7O?{l~^NTp~PAVizU`cSSGPv!b*t^
zvgppTQ`f35&3+44$)eM>4>vX(fBG_pjk2iyLtHJ3V%Q{$M$w-*HdFpp5?drRN?aph
zwZv~FG)Y`5p;_WO36!SAU*Yv6EhD5xCKZYs6oMP6dWoAPP%#u^qtUQg!sZOWmiWF0
zw<r|1O4uTCn=A&Zol<T!leSCPo|#lflY9@hDin7}XqC8=HU)K)Hien9OTw<qoO+t$
zdvLcxagT)E68B1Ipk_+gW9ICWu#e^x(+W4xB;SSm6^v~X_Deh<p-mRWQ+QA>L+0lu
znI4<QLs~2$Bzc=g4ojtk5c;`OBS&<dgw#vetC6F+3PPxs0~$HzwJ!hQ^Ai%!N;oO;
zoP<*n&r3Kh@q&ai65A!5mDnNSoWxEE=OuPYxFGSOgc!8z|1KSa4th<{xRYM{(rXvJ
P7SQX(rngu8t>pg!90Z2f

diff --git a/src/wasm/Hacl_HMAC.wasm b/src/wasm/Hacl_HMAC.wasm
index b557e0f35ecaeb3bcf073ca364f6275a4be036cb..32bdf4664eb86ba0eaa1148ff829265d6bc3ec25 100644
GIT binary patch
literal 29842
zcmeHQX>?u1k-lv`!NU^pFy4?6R9Uhu88Gs0*~a*K!}7k{*x=_US+=!WmSp2ai%k&w
zV%7j*u_0^$Ljqw7Au;=!ge+&0ANfB&=A4;1XU^oz{Fuyq)!lcIbf4bk41qv&kl*d<
z?y9cp+ts(ay1H>PZB5E?9Cgq2M~^z=cc?DawL^8QZu67Z-R-AMZr6}*Tc%-KA<^9x
zR16~}kS`Q$UaumQ#49>OY6kQLG|lx+^{HaO05=~Qn#h+)40-u>^vl>YmuFftO|^}A
zO|?x!oK(SPbldv<EiHRn+lPnJ>FV0{y^Xaqra4ZIDpRL8Do2&cGn^seD(8nA0w0HK
zTlYG7;TpYI$u!pOZcc-hM7YYZUPLmDjeBdH{BVUa;R>EO>6T1QL+wuIjBw3VxMq86
zro}lkTwEM3uGv#t(~z#-ziU@*Yr3uOaIKR(XKALUF}*a?wkN%QsXMu-H<)g$-JPj9
zl-`4K=d3<;IlAutmYtdQ+H_;4t=$>g2c<YbS-7{gRyUbWr+3%3r_*~XoPyrfr(CG3
zuWxUy%{0|D@0RLQG%x8X(`Pt^eQFzis+w9FO~tEfn`>L^YApRdf^v2rlyRm3A-ldN
z)0k<UIwjq<Cxfc#uo&m`K`YCN)?AHO+R)~l+XpkdL{n!?b5eb3=a5KH&g+AcMIuz~
zCDE`xXjvo*p?MOW-v=|hMAIivafbJ)okJo)8PNwNi$ti}OQMl|(6UGrLh~dVl?q1X
zg2qfk?UYeE!=&5N7!%bxyUiJG^h1v^Q=DG7x4Er7)7;)RQ6ohb*&$eWU_++55u@I@
zpkI?ES(@x6V^Ke}(i~__`y1QqoH70I!V*>o5>`7GekBqvaEkji8I~~IWG@LX>W3DV
zFbd5`c(M0s7>da!lg1lqZO`j=@@_hc@5UL#V@pcMopGZ8s@rj$f-~PehV+?sK3eH6
z^k%x6y-h9qF@0ecnCy_94y8O)Fhx&4oUKsQa%{Fj8Q~>HXO@P^+7X6V;gn`A7WtiV
zXBiPOednp6AN}bV1bp^cNHb(e*XOF+b;=xv&vH*YJd}oV0TrZ@MLLs)x~ftBq(*%z
z;W~UKC+SQ|&HzRs6}rxB$DsmOHE==Rd?cLZiTMV#P_i5Asqiu<RH+w*LY1!y3aF6J
zrnC7R8UhYhCc0@zzB{~t&!w~JT+@6#r~E?2=g~PljE3;}Xz=_{gTnx+2Hoa)e$qBB
zC5*};_D$oilTV6<&^f8I3W^~7a2g&@_z^V1ogu;x7t+JQ%kU5{BP1KbkFf2VN)heT
z2p);-QNSNXL#w>b8%d)CAJ{w^{on%^kS(FnbU~Z@ziOYbfZ}={6-9k07g13>fyU4n
z_s{xG6^TSe;0S}jf1P6hi9}<pM5a<yn`8JwWETU!I3&@9RP0G~5hU_~i^-PIMRc(*
z5sK@%ID)z!TW&r`xrr>pl8D@6AKv$~GcZPxyycIt{k3a`lR)yXZ~n^%hh{iQB>(d4
zC&v^F0wn+az0V%&nBk;|m}w-BB@FW=7>2ySp^+GpsiFCz8YPsVl4dTIM+=XmQgjZD
zL)Cq#TPj^P-Y}<xxnvgRCeQ>LFN{q9o$*xC*Z|fbXBkc4aw^Y{L1H3Jq*5U<k;WP1
zOK2irN|zS!WptVANZWW*qSKRl!3n;cCZS2Lpgf*Tc~l{sqAE`T2UGFFrn<@-f+F%X
zjJ9bsRnGuYZ91_~ogt3|&y+`!XUU_GE9H^m+3pt(&!IWqm;)${WP4Y0X|C&tEOVp-
z=YWMdp)ofXPy%CaE?NyLMT`oX%U2+K9`NU(MNb9*sVcmk=}3SBE9{kYCFrFT&!_qM
zbOp-t8l)K!&DC(yhZku093Nh&;gk<AB9|7>LR!?;*5<1AFm&;O)&gFv>x&GFMSyuS
ztmj1tfUG58eo2^l^rypDnZ90X`nt;W^)l1f%RzjJ$N35*hl{XFscN5#M;k5M*Ou>2
zpe0o(np-8qRLbzPY#&ugX<NSJ(6Y9+f&yM?3Ahja$1Q)z&j(Zna_-4L{_|hX5NNJI
zfBx@({jY=h?mvC+w%>OY0BIFn<>t5JXUu_CT3Jua>uFUzt*GbK#I#yOX1Yq0k7=oU
zQ9FKy9B35{WU3PFV_GJfw?z77Np!!gLBFgC_sbOk(W7SEtP#vL5t!0N4zHC*g4f9-
z$?N4&$Q$I5;*Ds1EzPJmT&|;;NC~6sX%<q#;s&ZjO1Ruevyn=Pg4FZWh~|*B35;%{
zN#5WS1=>uLX)|r|hu#)x+2O0@k>IWJNb)v$6!JClNb$80mABLOm<p7pwCRZLqCnfh
z!uF5?r2)y{OQTg0(^QIJpVGVo*%{zx!hM}F3bX~efdW-iHRwTsYN#fkcAzX!pq&~H
z6sT6ifdcK)aG*fDX(!dvF4}DsC<JK*+N0}>40}X?jP!pdLI7mdf%&>H^XN~9>rG!b
zn7(c_ecfdGx*5dlJO$c|q*kB?Y7_-(Xrm^hKy_6pG72PR)PMqNlu{@Va;QlwP>Utt
zDNtQ61riDo3bc>vMS<$I0=3jrb3N^=r@i&uictqmaqzI?vOyH6AyA-3Gc=oIT-Hgy
z)J6A88~UX!+%G!-`U-?;tDf5;Fr|weZkI=b_sb*62jo%6*U2Nr2f<rAT@Chx%l)*~
zGJ1fvAtefQ9bJQzD9}N=7O50%lIAu=HV1_{MHQzyXbN4P8d?D3gAalALvFsOQZyEj
zKMp}vAepyQ_>?<<K>JV>?U8&K*+)R_NQfE(l79HN|9R~{J5vP)0yUv^L}(p}pe1VE
z;SQ&cX6}?n3wKc`RF1l=DbOj3Xl!bCKvUqTBK&nrYeyAGbyJ6D4IGmqzFyJwDvm|)
zJw^EI6iRrCu>;0$kWB7T)T0XcMnyNOUZ%lKeR2|fvm#`6H1aKq4)d+}p<A>7^69?~
z*nGP}58jSE?}bQb+@WB>;pcY!dDZ5`ok|9X!*}Utf{*KGlJC~fLcT{oQ+%(I$?iTy
z_o<lE-TjL02PY!wec+=3$Y2S{z)(dMz%papuk6e8sz$s{RN@Cjw(kp}?+ZhoZ~|%b
z0pcL(k2`))(St%7GvGst9#Z-AfUXhDf)6X36-<Ob@Unur@DVR7m<}IR1YFcb*`vzN
ziG6bPy!e=hD}p|zhd+44n8k0@Du*8z`5x~jpMFOt>^nMX-_aBH9X)B^(GPV)Ks1`h
zPbs0ICrY3^p=7E&soLmCWhTqVRh3jQ)1|3_aw$e-T?><@&Ih39&8K~e-pmR7u<fDA
zMa-SgC_15J_QbE)A5W`#`XT;3gMUw<E1rc2^sMe1Mji8YKdEFI#jkIOJb@CKqMpPv
zCA<R_zmdK8ob=*zy?PPv9vL!^=wXR8@bTLp-zde8bjK$6dHqcC3;J2er}Q($FXBn4
zbeF<}=^%}Y$0eOW8kO&sv`nr*xJS~$JCN>`bV{pdJv23<ePq2P{J$iM?u~L$;U6o4
zy5skyK!<;#*>U(~{Y>yH`kCaP>SrOps-G!-P3!RMie8Va!*3{h1MG=#uWKECU6?{L
z&|y>oEJOPZPlvs#5ptmtzbOL$ObGp~*V_T4br|9x8R+m^ir%t1{BuP=hYr7~YXmy{
zwz64)4*$Z-3Uv6FURI#PrxgJgby0TO)8RfjT8H29a7EB}^f(2N7(MvyKYEb$uE_Up
zFZr|%zh~dk`}Q4uVBgV)_8ons8v>%$;g6M2(K-y253~-y4;}u{>hQbJVN@_WY-$i5
zC`M&n3p%Xx0caim#HZ-#Fz~}VtjR^_@TZF2(>jb_(cw>^yC31-r}+0Vy5cj4K%eQp
zVbnBQ@V?ez{Q5fl0ZK#<KEyL6yaN@#k-hl2^y25edJ*p)8NLo94Sf9e$2U6sE8VdP
z{<VH4`8WDm$Y1DZihqkIq0-BulMd3T_===Ohf(>bk`^5X!mE-N-huR*q*G8sX&=8)
z?L%Qt;lm6&={7|-tJF|2lzt~N{SF=JsWmwQ`r{qsH5eF60MQ11`?ujbbXKqIg7=Oe
z)y~3=e~-RG`ucr^g@eArZ-cKe$wcH^mdSw}QA}(;NhDS!L7OP_Jpvt>9klX`LYqpx
zbj13yna3i#1o$Ox(pSc@TxwStXTx(i4rO*G9#5qPFiyb|(a93Gze>_ro&euune|OB
zaAX$fzz;lh6H@1B2W2@WsJxjc%A<wh6NCVCiCvXU6tOOi;a!9akuDV(F9V%RsoYzV
zz?BI1;pK6bBNbFZ6NN+tU4khO;!LIro<dU!cq%+7VFx9=iy=4x592g62@hi)&xC_=
zhUc@J<%xQ35lut7k!C{fbBm-KXa?rO>GF?eNoQc?NN`71`Y#@DOM74<H!)_@Y_o|`
zDLqt)7grg2@v{M8`9rfWGn*KuQq&8Y&G20ET;R_Qz4$qRf=PIShJrbGuDotIK>O`V
z&>X&k%HSy^z7iC#3~@9Mklp3D!cSW6q=ZqqKfRHRT^V*k%MEciffxA0av{8!t~V?f
z!KtYMS|sn$6+Ybvy6Aph>=G?*hW8GS7WgaS##;`Dpz({tvDd&$V+^}0_#u}{TUDU5
zloor#ZW&eaa#|i|*sUP=K!wB#?Q#UWD`^Ehl&cEhja(fXW)83E1t;JpT!SXzCY%o+
z;e1->4Z95x5UX1mX>dBquv;GtyLA|HYvmvOgcx=*>Ne8Gc%yC;93gtIWutV^M!c7e
z=(Yr264sUQA|e~3Zj*hlrcy-z(<a`G>@C3G5_+$j0fk4MK*6ZnB5!j`6t&IpOgg+3
zf@}lDZ6S`f0<xp-YCmbYlM+VdexuIqXGeVYBiIqCAzc@DtFANfuN41=;om6y8*bC*
z`!)t#Am8wQ<WXh!BP$|o3{&_w+mB2Q+8Ezb8zbA^AIp~FOz3x38zU(;M!6HJ6ronw
zrW}jx>^8=E*2Vxe&|+g_2<h?Ccu7nf!<)2+WZ%rhhNTfmKay0=usJY+xmcNH$GQYY
z$x(Gmc)3K-lXMARD%OgdlFzj8Ot4e}sDrVqnUn0K7<FL47>4yDNtbg)46MmC*<*OJ
zVR$lQ$22ELFm_C9`jMomJS_&+beit9Hr=!~ooB?rn@KZ0yqN}XCeMn22TRGrt2B6(
z*u~8)9X5GAyg3GM4$sB@GI}(4b%cHjpbmNGlVHFFc}duKA*cgp=Vb)81Ed~gfS(|v
zQ}&Dlu;+#z_sUZ@gLaZ8!ECw$TxqL#SUyrb4`%GVX1-D$Eo^Kl!gp40+iQafhK+fZ
zuoAPW?gBB0#I{%fIxfxg%#($*fEUrCIOfS>T1;08iN!SESj9_dG3=$Q3V12OL<()&
z!xRd^35F4bCSeEV@d{YQ%RTdCr6=n7MX;NWsz#VT6H@0Fc>)cfgfNSMpp|fyd3&oE
zHd4+py#|)ja*ejepsj)NB*s;syKBQx2d|4kb$yIF8)$>a@dnfM28Pj;lVg}#mg7wZ
zP1{U4(YC;bvK_R=;BDcnV>Gvww%X>l8nmrq8|7^78oI`!U1QL$!A@{)wC%LrqHQ;5
z+c_NrZ3peJXgdtr4$i=|MR$hYBP`1R(yF_j&;x#6QY^#(>Y#P_4@~=6P7gA`PLR=w
z4crhIR^9bn9fNV~IMXsc{Avv2HN2C67&JjU!%zp;#-O?@MxEWX+qS&hw7i@5#6YW~
zI*V3k(CQc)1v!U91NN1ToDBx8flWZsz@OG8YO-ie2Ca#kW3;xH_FA;P25m35U{Ahx
zze3uem-TSyT_cH2?4U-n1Kaww1f~O|9%O)>AfuC7!eDqf?Bad2kCxF&OlZTfqCf3m
zN4(WvT%CrEk$p|yh7E4Lx@wiBNh{Vet!}WoY6B#zt2VoSF_oeWtu}5)_I}{+53R1+
z1@b~V5XU8u7%eGnw(S@5YJU{9c5I)Q@pWzm9|XmNA&#yCWLH-Q{G{bhN*I;<t*+n>
zI)v=QpmjLJ-2^^j*YxLc2X#o9F#|j4hykcmKEsEF&%+UPG3#-cTR~mT*u}=9g=Lo-
z+{!Ms`D}IzPsae6aXi3x^Lp9BrepBRJ4k@sG3-x!A5ZL6U$11J`i5A$+<Gh9?3W{X
z6g0)Pgq`gk#W%^8R)K6`-wd`wpVC|U<RoNc8<|~=*wUs$*eIhzaHM-*)H@W!*DHQ}
zQg0EU5j$#eKdN^sx>IoU1a+q}x^$<)KDgIa1ALK>%Qhca(a6Uw@^K}b=7Jw+4R!#-
zU<bC-W01#Qd+upRZ^e58+-G^XPqFN|=bW=1&^yIefCnt{1B$;N2l+wSQ}<ea&>}ym
zu)!XqWo(e+&$j%qMSfWE58@zWryYM5`4Nl!h~h`%AY&UIe-`;Mi~N|<`^Pyu?1Uox
zS>zKI`Gn$=vYD&n96~Q$dNBa?{EJG`J$`NyfdgT%1N+1BCzAM;@KHvV>~9BIow6Su
zg2NN>y^5beVNPKXFMz*W&G3EF3iG7mA4-rwm^ilR!(ay@3Sy9dI!>i$6!!i-9-gs0
zJfjc@5Tk|XWFOx{e$FC4r}#&4ke^qwO>d=t-XcG*u(=<j<x@)b@-6Zyi+oBU5+DXL
zHuLdkkzcaNFDcp6M_@&tu9uDoUb`MdeJdpqdl0IG@Ay+n{zQ@hwMVjqzaXm<0R&+<
zJcyoFj174FVe-90rqf~ii;mcWmxHK*fxqd9KX?W7XX8WiGN$VW1Sa6ihh*?!M-?f;
zr~MUWzn)&zi0>RKA(#OLuL_}8Rp=Xv7zcqv-*^oMA9;ZIdg3?Yv;0$qm<Vzh0SguU
zhR~L12j92*x{iLZUwc$Up#dz%8U|hjX}6z0^|#+vf9h%H>vyOQA9Sb=I#ek_uW~w6
zM+`bt&FZt?5wJmrYX4(#-&u$1$bTG%>Zq_ob=06kHROHZL5FI8ogZ|lhAm+pbg2Ga
zJ5)!0w;ZbQ4Sziz)e-+6kLqd1xK!o&Rr*vx?_1+k#b-6_RE_mv9dxStKEgq#YHmN|
zpi{NnaR!~La-0f(|4>fVk^c}*RebIL#$MGwJ&Gt*T#fUv@<UP4=r<gS>R*lXbsl$d
ziEu3s!5Qs3snLV}({F?SG{qD;^pcXDZN!4hhqIsej)}jjLoYNI7vzj}6Q;R(E(Kr@
z+|<K+I@T@pO2*spgbQ$@WdgY3GCu?Hq;lE7L_Y(eqH^uPrG5sY1LXpONqz<#ka874
zg`a_7%`#^=;xo;u{tM*DNtrVmp_g6;0xZj%3vtF|9F<92!Z<mslE4GUUXplBlH+*e
zsY1%e(-bKiPt&AqJk3BElp)!U<0)nC(W5sc5p_v8r;TfHN@$j#lo)a)hFpmuS8B+W
z8giwET&X69o~uMG$83AF$4&LRK4-x9_f_7WbK1deG6(=gqz#Qs6~X1D4;6j4!zWX6
zJj4$w8nCbR5fXX7t7P+W6}I(Og?9B;1Cj$`t1+O1N>O_at8rTmx_FKBHLjOZsWC-(
z<!fneJT?$xXH<5ru(1|wAl%a5TwDi8*jQ)TFqNX%SciiyRbWI;v{cf(Q-~a`GOQrZ
zG9D{9>|$8iAgpWvD;q+rYy>2%Y_zPHN>QwAghz21f;20^&MAZ?c1YNl9)bEK*Jj%6
z^Mk<o>``A5v8nfmHw!<T!4D!B{jS*pNVbNz*nL)0DT*J&dD7Lmoabs+4+tRPik?c`
z&r=ypZwPa=m+d6{Lw;NJWjlt$dW3W8t9PvQxOk_YaWhZIkLuk&$7yhyb^|)w1oHQu
zuho#8-jQ*Y7CH#2>_-P2!v~2d&e@2gB(4F?nvnF>fb5=g#!uRwkP=4a2%0XAJ*M)C
zFg@)=57dTxU>5*?g5M3mpWyfSGcAH2!8ZaPy{Q*rjWWSE`WXmVlnK7s&p;@mOz<s!
z2EqVkf^YRR5Zosde7m2qpZ3cHf56YUj;@ml{vaYYah%%016SoF@MxAvd^feo1i#1J
zuCs^QrECu!kg`2=(4XKBA)ZlB@Q2I<e;Cn=hlL!X8U+QhjDk{Y$n7%Zb{TTJ47pu~
z+-Y1r;}RWd#>Fvsv~VYN;N8fzF**vpLtX%`k3nC#O2$vNDD-aJ5rf-Z9E9T$b<q(o
zknSh~^bn5+KTw=NbQ6<@8}B3}Pi~EoFuG7IUI8P#u19P>9RVRj&qUdUauO18htRtt
zjS_RWQ?88JDWP{-J?jx;hdB-Lb+-l49Rp6T2(h~z4GK#Vi`M{L3}Cr)#@Am|0W34h
z?cS9TUe&0fd%MELG&0fNq4Z39p*PcNcalG$49L}8Ch|_WLRcTTx>LA9GT;hT01H=l
zd0cr_qqw?D$z3?OiAN@0q$=r%oaIN3nR^lIcX!M#)1h6a%McF;=I$2eBs9?PGE@O9
z%-!QL=T(hj?jFU6D8qZjubGQ)mRkmpajTN)nEKq*GvH)wFY1wS9q;xXu!m&8p1G(;
z=H&ama2>B|6npxj9$c$~ctZRJb2B0bE9D-Z(Cqv$nnCa%8bm-`FtGwrV1H@_l7_v>
z6#!;e{Pv#;k@bksdn8N`Eeq_^LkyyZJ$e8@55N8Ci5!ngWF8}Y(2;OK;uF#UuCfVw
z=y4^mowrfZ2kgwPVc<nKU?%UrS2=w00v5O9hjcNHTjC=4EdTPl%1~C4wOsJ>G>u|^
zjf}YAZ+MODAJ_a^!;55=30BD$4z7~FrK{v@UtRv{j%|il$q375f0ZnNze*OsTO}9E
zDj6PKf0bO!SS6RkX7X0a#klI>l5&_x-YU6Ru7NFwMdYoLi{;{ma)<m?axpGsm|X6Z
z`K#n&StXY{75*x@7&kFYFL!2{RkEBHz$#fz*kP4C6F1agl|0iKEvsZH!zx+Iuu7IP
ztdddYI;Y&^sT*aTyuhxLVcz%j^q7^hpkbvfXjmx=8dl0e5-VjX!%A7ouu_&XtdylJ
z_ewe2JH$#^qVWf~XBM4KbJ5X3rKnj|-!p6Mv;ji-=g~aVntmi{9xi2ojfV9#Zfrne
zWa=WlzQ&9>pAs~`nO%9bu-v);!*GE$3|-9qyfB7gh$D!!Q0$aNptF$Xdxqg+TEt6e
zNgS&X2NBH)$E#?8F$tH_Rg7yH3UK^zS;+Kra1JpHCvYZlIhw?63wc;h=g~^f3S12%
z5a$JZ8(Z1l5LUpZ&(?_0Yw#&tgRbyyM8E|Nutw`?t$jnLQq&t-8}Gm&tv9XdN0QdF
z94^FhwMty(Agl6=WmO)&&Ouv>*_cO2j3JlxItO8XlVv`~bq+a)7Z$oSUmp_*PA1ZF
z@ZX5bW-IAxT1Cr^062^oulKjnHY31R>HV$f{jH(i-v&qo*k%PVm7;oo8(-rM*8%k7
zS{xI!r(~{`W|MTSERJ&uj>~Ror4~GG&~R%lmf4{oblMSyIye)9YITe{ICtoATw|KX
z!NVAMat6+DTx-y3<Hp8#&3)<9hNihMecI5Ved*JN2JK6qHZ*9V(}vZ(&utPSh=QX9
z`k+EJg-;;%J8hVuOyARnnb@Zdt8v<J1za|jICHpyR_p2c8;p^mc3imI4*T6Mrw?F-
zbDg)qfg<YjfQO)@xc}C7KkWyE`N^Q*=3Rm0#DaX#vfhjf9X1CD13CxvDM63UL33u%
z(#d*g5F8(&BM6U~&7H7^xeLs}qv6lroq+5*ro&I#Rg9E~`=h`AsU4&|2UIuu05h~*
z<w+;N;bC1+0>PDGeNX~@Pg!qJu{mD|{^8Z|^WeF-QHc?CQ;-Kg#?8n}!I$CJ!*P{c
zkvAIt2tQBzD#V(Cf5G^*is2Z58$b*yoYeF3u)IHxyb3JL{XD&B7qbdWY%tuT<mDi7
z6B0>D+=4_(61O2S8W;G&e<5{{xJ%bT;%;3BiF>7vXJ_H)UXL=C7FN;L)WQ-QeRjVl
zfrM!W3DXP`rWy34X$A??3=*apBuq1~Rj}$l?O^5FEJylus)exzmXm4A<@BEMW&y<e
z49@Kh;LpN>8GjGy)1g?igCv&Z4=B%i!8N!z#HY{a#j#-YdK%n_9fb6QNQh?(>t-yo
zv6Oxs2SiUOlI5~d6z$nM*(WE#PbeIR6E^rs@vGqgTQ@xkp+vXp<+NIgacJu4K7N{P
zrol6ECQask2Po1rPb=t#9B1>D162TH*rKLYG_PuuR(z=gZKmbk$Jy}SpM|!_C9~od
z)25C-z!uL|ctH+>8M@DFiJljUkPIY36~H3V3!X$?)hLNxPzcwE@il!>&Ya=RXcOQ?
zd)Dnm#W(<W(wx;jC2|48OFL;L!$G(o$9z}%jGB=QXW8(sek_v7u{Qr*p$cG;>?fXN
zUezecexh(rErw(`x`xwj)+TzzN@fqJ<ur?4mE&p{qPkmNwaBk3eoZbK4Sz>*zi1fj
zkTYtztu8r>mXn7!<%(HPfHy4<Zz_G2ZBAr;8Lub6TNe2(#XpbJ^4oIVuGjM07Wr+(
zzlej3D|+!~yY813`Im}M$3cEa;nrRc`5lY=j?x#;=9Kw8x%k#Ye$OJmr}+IiEq@@l
z_Ik)4SmX~Be<<e(<)Y(|@r28b!=SdMP)WMSx3H49s5lIE;QD3xdpDemlf%do{(L;A
z6F2UL;qakP+{*lsoIu5)Oem#EKBdIAf`Ra{!u7uXe1p%to?i7p>ldc*iNdwOW^3<b
zt(G5)S|S;!C8|gf)bbP0m+V!IQp-;if2wfDuv{<vsR|6O&%r7G3O}w6WDrZ@*JuX!
z`=Y_$gnhq21RU5~K+>>haRGqu7r*_@8f1MT^u7qwL(6~zdcU@?M-PRdhu{A6M2_Do
zTpx_ve97V8%ZHTzAT9hM+(o}v0$U>tHGROEVHyTrbPJ#<mRMhJa)J3Dq&X!{f%AVL
C6?E(X

literal 29748
zcmeHQd2pS@k^jbef`=vG;R{<>xLfiigRy)d%NN$?16#gtV;d~XvTRv;mSsKJ_|Roy
zbKgfC!cBlU29t2a5Fm-UA>_{1=AZn(wY62dTeY>R-9I+Fzn+=zkn}yhk6J>2sF2@G
z&rHvB&rHwP(=$CdwV8d&aUAvFE#2MD_#LWKb?#7Is>}T3b#?i1liE3`%jRj=7D#k;
z1_i@N38YI6Hmye%a^huOASHwP1vJg|jP)vFzyLQN3A&Qc6B+dC-RPH+3zyfn*6yoM
z=k2TCH^@m9Y(}@OKiJZ;zqM^xC|<L(zHNWHzG8;s<R~(Inxk?QnOflt3Ktm~ZU}T7
zt#94$<b_N0Af-0FcTaN-NJ)f?4CzrxZ92Wb&dCoKxFTG@W2dI2wyvpumvce5WGY;;
zt+lqrxiFkv9L}z5sIP0P*?DmH?)ui6%-*B*PV$nawRP#5rL~!cn)OTFsYN}(nsoi1
z+PWh(4aj#c>Q$Db%N}gmRohlyldjFQIfHwl6bC2^_qW#TCTnVH_SCo4)HIYk1wD&T
z8?B44Z)>fu-M6=Sj})J#X{niZZG}_VtF)n~dS6T06kJl@T;IC4&eq=`C>Qra8D|=h
zYS-7*rfXZLPpio^)S_rjn2k$%p-s$**1Qu#+LUoF?S+}0qv@41oK&yUIXDuO%X*<?
z;Rr>0a5SVBS{9B%XdXvHdtqkh=-R2%oMF96=io?ChWA3r!V!x0;AliIv@9Hj&^(SV
zPX)7bLAti7e%j?a!NfB)m=im7a>f~H<U`LflU=iLe{-g-wz(}cNh3vO*(td9(1zNb
zY0P?ORG%hGvozU*$D%%HV{@SGJD6_U>s-+XFU;Z2fWw{6=r4rB1x|6FCc_+to9w~i
zm3`2{97drT4##+(hQU~TYHKhet!;T-PTp<Z_-<T4Tv9rA+y%D^pt>B_DY)>x<A`5q
z*Q1s0LT{z3+rO{nAeJwz0#hBb%c10lGN$R}hqGmhSe9hVlo?)XWM*l&T06rq6wcVJ
z*}}gw?jpk?mhU_@_@DoH91Na14Q>Vv>ikS~xz0q#;fvh!4iBcmTtEe>WRXs!!LCZn
zpOk1!C0vIu<Ro24$qHZ;Qlab2b{r~jRTCHFRUzUmPgEJyLP<_HQsHDLRH#P{g(_ba
z6i^{wOoPz+%0w3p%6Eqq@FjFHU+SkRPSK@&84cngXk$pIjmrS3Cf!WRkJ|Pmhfz30
zv1!kB@=4Jkx-@lBK@s>JN<-uEJB)_86~gaOsd^}A85*Kxm?VSWVYYo!D58BD#>0_3
z0{A0naJAQ8!)b)z1Dh|WivwUJ*&Mo@MrPdqRR@Fwlx^e@QMC`|Q8X$ZLq$~N{z(tc
zDB)-nC>j;ws0fg7RAf0ag`(Ol;wz9m8u+6_99==9J&uaOkq=x+HiwGoN}nTSH}dF+
z+VymD^HG(X$TAbh&=~jlM-RVs0j4FQcl`0(UpgzC1fqZW$-jJfq{2xe`sdT19#_x-
z5dHV}KYOyh!b#B>CK}F6nAz83_R#`|hGQnC2Iq@3lu&|7nz>Yh79LBb=o}i0q6bj6
zRJv@OAx;T#$t=W;r|~pS2pf-j#!*SS38aC~2{fK3(!~52Rg_T~l}Z(5G}a(bqB6dU
zt}5WG>1x-JwlPv7#*=%%3BHCVqe-4Zd0b9;G({*yQJxA4reVOQxyqY@!t!*?w&^rY
z3%wMZK_s<aD?x%QBuMg12@1JVf)vkkf9vpUn(fUwfYL~|v6@43Tt|4BEgd);B+L%Y
zxjBFmm~(T`YETHY2J4PpHRkYKB+mo>JhbTX03cP3(V2k=D6q_4N7tdgl;Zg`KcD6z
zFRw|O5!R|Sob+K=!<YE*0u85pcp+7hOABaWCX;bhTNoO1sI`C>>GHzEB4J>jOzU|O
z3?OMSh+iBg9{uU?^`@_vn7&?W`nuZm^)ghx*rR+oqQivQCA9Q_iy%YQ2QvBY1X^5;
zthv=PO(hRM)dy&)<Yw|Eg{m`|f&yM)D{vqEk30S$KOfLUROdeP$A9|s1p>_#=uiLs
zum5#8-~GpL-Svm|0wArV>)re|{9JLUl~y#;vPN3jNXr{}6%nlxmWi$x;Uik&UfG79
zL5EsJ0*RK2^bu8y<SmwdSsdLjtMjU8b+}*V0z{9Rd9zwDS4Ut<7dgB}f&{OXAj#__
zDCG4Lq<8~bUqjb68Y<UP1!6+zI+}@?khq>I5fdsm&@9AKA|Q=CEuuLjZOp5pjWpSt
zd?G-bsGK&@Mt|yUmX;m9L4pKtks!%iB`D-=5~TP>u*x^lO)&*%J8d@|agzwpO(5Z>
zkN|B5B$IDDS`{`;p$PJ6JJ%q22k>`<`+A2Fpv_1P1gMs3Q6B_oC+*Cq8sr56RHxxU
zfOcs(5TJSu2LiO4>S!0$({3w3AxI0*9$j8|*dq+=kpABh!2psPKzu`(c=V^kdre<A
zn!au_eVsOay$_W)cmmXns1~3`Y7zlz%uw10P(wAci~va<H6nwWBo_jN6iRCW+HWiH
z1gN2h07(rI0@Ol#MS%8d0ovb4`x>dGk(wL%01+K9Q**DGmyIGoje!8+%OO)UE%UNL
z`lTVdUs};Gt>J#D0q6@*t6;W9U`iJ`oRJ{GZ4xB;pag|{NP-mKjMg)B0|diCtc|uH
zCIWPjwjw41bcnVgCRE-`HzJmzjndr4$mSq0XKBjWcA84pqy`s2>Ey$CRdm?R_e6>q
zkUtMmt3a}Dr|>Cv0HN-~QFRaJBS=1q+Kz^5BS6v*|MoxU{<9-hU?9{cbsd$ujz-ia
zVtvdVM#q}DU4j<wpmvBHby!uPT?Dbybx@JpuPV?*T?EC%p)S<ZNyj`@pj%NFA6Il-
z#nA?CQG`F}FOGyA7y%IdElK1PicY8kKB?%W>Y*0g+AAf&w<$v6u{7VV=m_6|AG%!=
zFQ5H8fz5X*^xj=a^9DmY;%)`)4L^73PpeiX?ol#19KKhF3BFH<Nxol)h5UdHQ~aQk
zh3+9m52=_--NT9=1|`DjL!hGx$RG*PV4Hy=fMvCKSlNN}ibf123h^Vt+qb2nZwo;l
za{_7A0qh{^&pAG&=#*5A)$coszN7N#5nUo!0UuR1DOd!*>m>#2;A37=uoOP72)HPV
zyvLPY4|}EPHSq}#R~UUlPkqpc`HJ7Zx)G9|6#ky<!Ji(Zr}S7P_-P#``57G+^0PWj
z@%MB?Kr~Xu&nc-zFOoocM#(byw93%4$}E&ms%j}<mP%6s`I3#ox)c^noen^+na}$*
zdaEYz!+M9VE@It$LD5r6R!;ni?(w{8r0?P13;6dOy5jp_fxfT%hET>VOiwFWLh<V>
zA<rO3mZxVCri6B&;y1DvPfIVJ?$L`FdnCvjqNgR|z{hW2d?OS;&>frLGdfK2i#jai
zmvorovj_==?p0VU9mG-aK8ee+io*9xTozU!JRotQ9Y_yKJf+365t16wK9XKmc~$hX
z2)Z}RMTCE-2;z?4mjfC8ktWCCS9F-*S9O@=*K}COuj??yKh`pQPSLrzGW>?3H$a{+
zcTUUjIUx$sK!#BSuuSbYJQ?<iM(~9~{H8Gc6RGGYJw^wRmSM1iXduIHDSFGw@Y{;s
zh77-{O9V3fj<QLC4FA+i3S{_aUQ!^#KUV}?lttdpJsIwmqGkBJhbxSp*YgxKV)o#-
z@9aU+yTaeQJ^0fy{GJ|*1i!DtB!8g8LjF*PDgH<|1Vk&tA1kRv%P>$r&@%i!WcWiX
z!|y_dQNYNsDM1L3jl#MVWLT#I&@%jqU!y0(zz@r?t}a4`KUMUemSOyg41WUI{Rsa)
z#lMfy6~6!r^b6fLgpx)I-q$jWUtfklK#s`4hX_+bJ5cc(*^8e^FMige7curo@MRcr
z;N!P1zLDWy>W)qDuXLE?U+b`tf1|?`{}v&k&?_R74&o^Is>DTxQTR29iwpzdb%_h@
zK>D%7QxHRGAHPxULtxM1!weniPDQt=)L>DPey8%P=y&KyPprui(4X(9UW0+61Q2cD
zw{IJ+Ll^Z(E;x68x3&##_^O!(=}R*W77myOzYeCsB*XOQE0f9o>`ssg^A#E+isTpw
z(3sFChycmDEDNm2uqo6-EUev$n2}rp{1P|m%O7*8-Beu6V`(h%?BY9)N)2FafF&Y^
zB~kS<kB2F80zsLFDRO}$g5QoG805yMF46YLiIkv;&0Hoy3&R8m256Gqgp>(eSGf)t
za3Sp3?UAq;(pAFa)u`txn&@ppU^#@f@R~R~kSR2U%A|@ZGzqI5*eRzeJe8&v@H7}q
z!uCiQ6GLzU2F2-U5(dRQSQGQ;TF*o`(_{70BASkPnkvBerA5*WbS;*@8S;;2N@rlB
zNU%Ou`U6j<7R`L0V~SZc%N$cwN)J_H;3`7{KMN3cJTz;vIi@g$q6TOd&qneb;LiyS
z{A@tMx;tJ&!LmC?h8y<IzUIr>JeMZGFi3nIYP>E)(L6x*P-CtiwbV%tqj2B)hVy(R
zSD~(|5Ow3(^{3?m7%i*3X}OSG1JFVl$10(-DxzL=KQD5L7B$0IhoA-KNm%Wc!~SQ?
z;IQL0@sb$RZYj);OQfx(sAmZ+@}^xiE#+mjEY7rBPB3{&6=>c}yA`w?2FaBLFg~sd
zO*4mA_ka_y3a&<zunNwHNpL=`^`_l=Fo+GU%rw{-W!kL^rrlahxi#_+W<g9lnROdz
zL%dnH5q1xKw6Z}uXamM&1G>#S?AZuNX5B_RuBK2#|I<d^gyhY@-y9m(O@P9)PM~1c
zZI;p8997#U7$P0s0!Fr?#;qZWwg9rT?gl?<sgoQ=;Xbp@?V~!peFmySYEb8uU8?f}
z{2PmZL-6l%{2ONDLw&WPTm3Ch9J`f0aV!ti3X}F%J8?`6s1;vRwIbW;9?7BMOsq*+
z)rzF36=hDSP=q8=F16w^t5%>k)Wt@vkgCT?<0UcG3U8erlwCc*k)&Zr2T7X9P&15D
z(GS)n=po(etk5z^(33O?=aay6Q~JCSG!vAQ0BUEPTjs2Ga*Q(2Sq#BCNYXVtB?eYG
zm3su28-mN_Of)A&&~Hp@I!Mwqo*n~h2F>tVn_*g;!PmyXtDp)GufpI}@XQ!^P>wvj
zN`qI4bK2b8;TYG$n{DuB^BkNYqep|GBlJ@Mwab`KhRznGC85@Zpmu1QR};t%kWL~2
z^aKeVaw;5vCr_Mo=bybDbth>uG^M$qN-M%c@)6^C&|K#=^K}xm;80i8CxZT?59YOw
z1YIVlBJ7F|B<h5VdT@;FX(S8C<%P5`jz+SG7SVN5#Uh$-G?K-%2rAO`1-t|&pJ7E9
z+D`~hF!UZY3DqZ$mqQU==4m7=JXVJmK~?HjX=pp+Q$ve9hWZggXhJ~HLb%e5-b#jA
zlygq6hH|t_qpdb*tD!H6J{8FBnlRMPYh%>9E=HO4wBDn5y=i(qLr=;{F|;d7@kWED
z)ufzgo1r$@4%%$+HuDWJn%hEKY;#)-+7?lVayGY(wpp}o25lS8dUK=UDA=OiWYBKn
z?J>}5aI|SgvBsd)@D6CR=+4kMLYWL8ExPLnJ>aJ$MJWuRc3O-7K(wFaoJ0c12@*PR
zL>mIbqPvc3V-SurWvbTGZ>J%AC)W`WgC?jh47KyF7`4{ND6^Y(+m?5mmUr`>7-$XD
zV9^>3S_AKmf!2tVW5Z{oL2Klu7-(rqTeP%6OY^=MXwB4Y(V7ifGw;W#d(VCaw?QxK
z>Cm%8635g*iDWwt?spN04v<bF0ptV;9kf3ThNnY4w@?dJ(+VtTL$HZI@9+US;P0o-
z!*HSRO^Ar}*~Yix2wQKc4#;lg0Jbj&u<Cmos#ZX<p=z~T7E>rn(Q4%klG}ja7TQo{
z1oAFz;HH*9qG+YG+SVrORa;bT861#L;6rXX-;5e>4pDRnklj!n^rMzK$zc@kv!Q|o
z=rEFxpsph!>c;a?yN$n$kI^y7GiqQv9W?;y!8;;!9*L+Is~&f_<<!xPb7}-FjDu(p
zi-TzM(d-n8x|KJt`Y|8rV`}QwHu~cVmEp_W;e9%9kuz*Li~d%ulk5|6Ty0Lo5q6m`
zC=RbrD8||JtvJcPO^n`{Pr(JZ+k2%X<m?)W9ci3e(_x&2(P7xiz0c|03cTwbKE9{7
z3y{X4S==w`J&NuT9KAZ-ql_Tkqj1#i^;AEf<NM?!52R@1`z-Q(O3uXvKM)xl@`b^6
zoS4U`9>?jqza{##-DBV(OT$Bo<ybxE_X}s8__GW=Vv!$F{Ovf%r{vh&Yx$H#KBaJm
z9;0QPf#c7%{HR5KRPlG?AmcC{e-`;Mi~N}4$KxR5q#b`2`3Z~sgwjXEIXeue>-e+C
zPg&%rl$^FdXs$AZ23>kF0JZ$0kaUlqn#A3JFxZYGVEGeH{6hF5BT0_1gQO0^k#`6V
zufh*1ochNYgJ<RZ9w)_m`aWx!c~;340l^O%!zp|iY{#X67}Y-?rx4Ek@n>mx!P4-8
z!dZWe7Ea4iy@!0-BA-_LgE+`%l$^xdmd{w^GYaSTF<Qo1J^n26OBVShg~R?B$T+XZ
zpGAJzBEPKU*dBK$dUd^YL@*M167?>W#PxzuA$-K2Q}QRA1gIw^N$3lbI&eoI42LJt
z^NMlCjz28Ecgu1*M1Rh4ec+YgVnF{NbX+lb74^$)_E)f6H{tF9K6{7;Uv(6bEPU5r
zRrb^A6^;1Fp%CsXAmeqZ=yetPfZ`g1z@ZPk27@m=Kzus!8}UtkP2t)DIgC3A<@|=!
zEf*Sm)#IGL;9x)XD2Pl0Sc)|ayojpZKK9dhzmE3P^UjxMKpi$<Kpilkj)@Q@%4I+u
zK43u2;-E5MK<&HR{KgtkNBsR5P%jS~P%j@apoXjsJYYcWEAs;e)Ufi)0|wNuv;lR*
zH_LzuTkw}-K^^}8v7nxJj0si3FV2RF+P*GERD4szM$}ke)d3@_Zxb9aqUN?b4;WE#
z?lfRT6%VPuHzVqZzY8NOKJ|ZPE9x(v=++J_kACGIxA_u0SX?5!okOrUyH0B4fW7qV
zU@uMe@MB5I;We&zN8W=VqA$vi1t!xHVmD!$YvfV@)`zAM)>3v0y_|9O`oSnTsf@=l
zC{OSca9>oO3n=pwa1~S@4!Fus!0kVILSV9=0E44ECNRZMz-7#d&M@4+G=BM`#EWF2
zGZI%Ty#!pKoal^(+sIg&AouOYivLLh0X$if2queD-8h;edE*E#Fv?Rq(<N^l$-{pT
zhGZK&PA0hB-6xW`RY~x+=9yGNGX<r@R99lED>2oTn(9hTb)}}dQe7Q-t`c`OW?63?
zH`U_-oPNjei+um)yo2{(aKTfY7>1{cVB*q#Lf`D`kty-`@GlMZ+t=DFM8<ceoG-4#
z$=%A(!QCoA;`6l%6FMjqb+)hy@6Di#S4&^xfhd)_q6kC2hStO*19#|*$gUAG)_@FL
zr}WPc*8&nU)><-5p(rxe!gpmU2oWchN}6{TH$#^iQgDwl9x3o&F{G>)Qr3f%^&wI=
z01{F*SW--(C{i}Sf>@19n3W*sEUq24%e5{&1GRJ3CfelF)30-u+{n~Nz?+1gO`r!i
z6#cH*3`kCYH`}9BQz(ia+~cGh@Vw3quAUG;!XrDCcwwh9Sl)1r(LR@x@cs6-=;v}|
znUi+5X-FJtWIo{OoJPjmIw8BM_ktX62c_HHpq{M)`NzvQYRIc+yVQd#lYQy|#jrW@
z4w{8~lEgbv=gtuKwSerg@(w?0dqQ#;g(K?3wdO=BuL#Ri9eQ9_xCiP1_zV1Q0R95M
z$6sl2xe@&HUOxfX7G;5N@)K|&Q5N`pegdu<$^yUNPrx-lS>O-&3Anr`3w*{;Xrne+
z;1Bu<hv<+j@HgW|CLX_W5XduW2=>V$zMJ;T0>8(+kF$p|lDCHrO5Ps2*<auf<G!L^
z;18Px{s`?NJpbk((AD9tqM+<D)zzEo>P>a^rn-7l-FZA7<KnrPW<33ZpoQD%7{*2(
ze$ltgkI4Yw0T}d^D_0ccazW(xx)Tq*;Efgs_w9%}=%{y94j1qkR-f)z7v;>QyJJ!f
zqImj6d@e(m?F#sW+?tcGoSw-tg8Cj^C?z3x>X3LeEw}3G<lUD#xm;)FK5o%rNy81g
zJA?Zh{jROJM0Xb&6q4k&T@!FIf92sAUwlynuq-HddG9)SMWbf!T?((u$U2J)C9=?7
z;Vrb<faI?y{Ze(Wxmzbx;o=^sx<{x&G@uGa01H+3dQ^Euqo}%9$%8g0g|M{T=c}Zn
z;*gINv-ILN-~BPWOkdtIU4|QfAntx4PA>oXU4|lng}4Vi;=H0!#66%Gcg8TT_%%!M
zZSqtA67Ep48dI<5cKTh5?Q1)7A;)_{2jn3dkY`@ok)`rs??R4OG>Sa^+79jz;>I9;
zgQXdF11se*ozUX^D4N0bJ~W6cZ^60>M1lR46-XNP)>Z&mT=Cm?B}CF=Qr~0Y`p~k#
zeto!Qs9~=@0H_bYed`lG9+$g!j0=MD!VY@(DQN)j(F8s8q<*EwF54)G%pSLaGz`4x
z2F%*s`#pv?Ucz>E{Gd*P1EtFPFRybV@=CMj3vON~Bft2o=79NSTp*H#CD<2_9@rOu
zP4~swzO(ejIbw$Q#kgo6?285P_r(Hu`{H8R7sG7p?~98W`{FWaN#4G=81FSqDuYtw
z?Td>U`{FX_K;FK%SYBT!bI9Kp7voih@-k<lzb`J9eQ}vn?(d6>@tnepGN;n)i^UNS
z`(p8#!@hW?lahV$OlPF*izN^HV#&k4Sn{whMxN`Ob(3drm7VbdyEBGDfAZu>vo{tr
z?2QEtdt*Vv-dL){-dOUmH<mo?jU^9zW68_CH_kSO*c;0gdk0>K_&UzU+B!S5w94DC
z=yaNcjt&Y%Eu{KwSfiQsb3cC`%`>g(AW8G^vH~<R?5N>Th{*8Nm3l`F---E@p!v;Q
zB|!_jcrO8}plemZDj{}33{?<Lg|t9alZB{f0nPVR!9}!?7t`W64u^0pG(L;hlWVlV
zC3HRGZG{3j6jq0{JqMnJVK@OV!)0iaS5O`{(0R1NQ~Xvz?}G<mPyH&}2w~4_`V6nI
zHt}kV(CW|#;gtnFLTl^@nL<$`v?iVlA+0m5=^#n#Slk8SfL4hY8Dt+mM)u+1HyN~Y
zn2mT`dNI{yeUm|^*G5ZxjyD-{PA_b2X}-QZANU%=%~KpuHi3Z~XeBK(48XlGUhi+E
zt%iXu()(M``&&Z2zZH-$u+=hP3Ptt)R^H}K*M8*VMmYXi*Owcm*(BX4+u@vyZ>R0F
zLNmVIpy8!iY^Fmu%c&*|weyY`wbsTc15ZMa;+>{xxDv*|6R$Qy@h*e5EAH(Vues0d
zKWLi!-2Q_G?Q{DN8nn;tKWNZG{)4rI?hHHx2zP`6NP8dDQrM@kkN@Bf+R@v8a7S$a
z!CLqaE{Bn(5?+MMX_a1{|Ax0<D1%3GGf>&>4*DQAHHW-Cjc5nr;ddB9iZ^S0gHszI
ztWO37ujL9PZV2*0%leuv>M<^XK|Kex-=9~{&Av;Z)RWZ>5ELJ!qqqPwi{)u4?f`MH
zVfeexc0hLPa?Fofi<9Jt!K1ImDTAs!lT#=9pex)5Sgx(jNqPjv3u|-|=oV$oKgGsn
z5ZwSfhMxvo#YrVP)U83<ZQ}hWY7}mvn6rUm@&CI6X(M5Q@YA$)LX;_36uffUj3D|H
zyzjg;Z0PR;ZaKE%ewyB<i&lkAH3&YTq)!pK6_KPwZbu{~kvkC?DUa~pt;-;CuP%eg
z{kjYy4@wzN&4N4L31t*5?3=Bog-vxA_S4czmu;lWw$WvqKrfmm5HU?4Vwyn2GyydQ
zd+hTL_NmR{qNigmd`dr73w7m`vib`0FqDBG9_C`UFQ)Os`;K<@#10)*Vgvq&@)Vcv
ziklvG%h*H5QC{@!8IS9V3WWG6M8uATT{1S+*f>84hfjU`1FMRb5!scC^PFs#{gebh
zqX>y0L!Pbe6o<4<xT<+#2=B8L!wKs7URIfGJi@`uc$PUpk)C;8K`g{Q&6f)l0gNe&
zl2%r|qEQ0zxg6BwgX6$a&3t%_dm6^{`;ZhkZfPT!)^fB%T0Ax3MRD#j^`6ljoe_=@
z4LCv(z{1gs9!Fl$D2`rKxQ-FyLwZ(x$S^Yc>wnhrbXGAO+Tf5Vst>MoREmEa2JLC9
zzrnHXhcU-W`<xlh;G2fA`k`<pZfgEmp$K5%>_;AFUePGdex%@c7K1amqQP6usza|@
z&aA^(PL1ewaX-Tp)!p*CMSfi|yv1Ha<H08sPlATQcJVpOt#FBNSxy?>lviOr2HvzZ
zys7l-vpJF9lJ|2x2HvvBZz+B|PRsAe3%Op)?^xt_6#q01GG5iipY6JzS>&H7{&^ha
z^9m2`ddTN3@_D7-ip|OMd-7JThy0#JeoyiHaa#UB9@_PgKd{IjD0!pz4gK<Pc+jO6
zgE^qpC=`<J@l%r|3<qF4UQCw1cf+ah1V)n3=NEK3@JMbL4m)w;A?1%0JWAnY386I6
z=ai^b&<#FTc#+p%Z}5fJDvO?IecopHMByc0bB_117R!%CED;UF5=A5nV)=<@IrfT1
ziRCAXKUH`ZSY8DF6qZ(RasLdI@-Ok@>RSt<Mf?iQ@UNx8UxzKdKm;79T0qjUr)&X$
zr5C?_H5w%SM(X=bxIVNDIH>Pe7WV2xChEg)-};1)-zvQLiwAhg;or-Ll>Z<t{2|;$
mzgGfV{R<_1V6u6dQp3QDZUJ?Q64u*xTwwkeW=^S7;QSw<QdtB5

diff --git a/src/wasm/Hacl_HMAC_Blake2b_256.wasm b/src/wasm/Hacl_HMAC_Blake2b_256.wasm
index f2c3560f7483664ed64ed95ca5e9ecb6252c0017..d95e2b0f601c17e131827ee876844b4fb3d2cfe5 100644
GIT binary patch
delta 505
zcmZvYO-=$q5QVE72*}9)3<Et3yxJHOb<4sPwbK~a#w(0&jC*0j3FaVr1QQc4KwRlv
zw3?rh1xcsVRj=ObulqAt1#efj^}Spy$b9+T+83AK+2wtMo3OGlx8*r(Mcygk78+=Y
zdDNA0yHE{x(Bv*G_ewMLgl@_+p;IDswK5NW9G&8rzn0*Hd?fS=7$KqdQQ%PL5MiF#
zlX-+lrk9!!s-HuR4fkRr-`33Ng6Mxph^t&f6}2hRv8k9KK*W7*$Lfz!zusZ>5qrP7
zd7w`!iXpbjIR+R$%ddIz@v3JWABwNDgIfb9NaSY?<2<p`8}*IFM<iN#;$%y_89Ef1
o@JQRK`qMq)5z-y;Sc!{bf{k*PVT?&Zta`@jfp{r1@>1pF4|E((iU0rr

delta 492
zcmZvXF;2rk5JhJ<wi04OoY-+<#|eKLKthzHpz?MgM9l@L3=N{kZgK)&gd-p!Au1YL
z?gFzU4ldlRcIN;6|LvFe?!8><;pe(6NqyK;>*u(-)$2l=Qr$QOv}<0;;{yzMh<d5m
z$B;+RJnm!|8@hHfLnlNS$)xU$ddT7Lu4hCSqFIH-%w6uGi{6T8U%ATj4A~M$K9nIt
z{+`!O(B}X_l{rVpAwsjV34u)rq%vq!hITD|VRhcY9YUT+MI@#O{i~X5g2<YLgr^w%
z4>N2POfh>hKkCu;h&Sh`g;bzo#1^VZkeKhkf5nz6mcqC}mB?hNlI`a=rnbn0=dw=a
kecAw?BdviK0=yfR*eItt7Fh0xMb9~Hi8l@(R=)f83zWM{6951J

diff --git a/src/wasm/Hacl_HMAC_Blake2s_128.wasm b/src/wasm/Hacl_HMAC_Blake2s_128.wasm
index 874949d0089779659a6afdfeea348354111f182e..5b04e5663628bd8c6c5e734fe1c2651170be3455 100644
GIT binary patch
delta 503
zcmZvXJx;?w5QS$qjuLG0Z^!XEPTn*K2`Fe%P-Qz1qJ}dV8bnXh<ODtk5=TIS3m_^a
z?gF#<F)kvlRy*_Nz4`Vd_zYezb?1AvT$1{7x7N?5xYet>7Pq188{K#d=(<I~9kkG~
z>OoG<-BMKCL!0~1JgChvuypOsEgch~FO|A?<LH&o;-!Yfk|aVFKv}ZXJqQeZ4iOgT
z-q9jLWM>x=5Q?2cNewHhk!wq2bVl?)WQiNxL<7wk(V?oVAV9=JX~*J^;a}~jhKQYC
z+&q#Wl|_QBa*7d>C;O`&UA*Wy$NS=aHZW`86si4L!x%?wWTUANr&2lMbW6M$+83Gf
nSlXHRvkLJT*^YQ3#APwXMmfnb!L%e6J?Cssy!9A`s=xmMml;h=

delta 425
zcmYk1u};G<6h&<(MWRugG)~jnP0M`?u&@CG1FAPr#0=jMSP(mO=@;Zj_yi;n6AL^4
z0?&|yESB%P*Y_QNMsLycg^EA6n~jj~{#5GG)Yoczquh(Q3ZI|`4iSwpq8RN=Qi7N!
zP?QF1q)wFK+KEFUFkvNcoxH1%bk`#x&e-z~rL_x;<|;@hoJe*fiy>*~`aIk}$dI{H
zpVdCAxm@?kGe73$tUeA<BBQAjlyfM@@UkVCBKINQNi&T8#T<=;8Rie}Ti*LUoUJHl
zCcVQL2F7EYSXlS<%WOP{;T5LGVOe<&+kEUV<V#9eS};_>FNz-20!0h8WT;N8&^TCP
T)j_dcQNev#5Yk>f9=!el1YJjz

diff --git a/src/wasm/Hacl_HMAC_DRBG.wasm b/src/wasm/Hacl_HMAC_DRBG.wasm
index 7582346593f81307f4c62b8139c281007bdb0a11..990b72e231ac84134f8464954de2ceab58ef4aea 100644
GIT binary patch
delta 2982
zcmZ8jTT_!)6wQfo8t~H4Nq{7Pdy9|+p@v&fE|LS-Ix066?HFRm3j&FqcG_}NYH_^O
zc0|BaZKoYTs;$+R+Ocna(P_u`&a@Am=}+lH_x{ewmoI%`&N_Rab=F$nKEU6v#ILW!
zvnh{w@qF4dR8@TE$-;um?Y{C*sH<%;FL*L|O~5rJs_VM03%D+%tKH>-YeI@FRW>Dg
z={oF5N>`Njsf9}yGqh@OIa}2qHU56u#Tx=P;Y|TI1b!yKjklQOmXn0G35%@7L!CA-
zj26aQ%vcJW@pI+^H+Ay?{6c_7EmaSyRMqyr+X9GL`m9pa<-x_m4KLmi@}&#hWHf_I
z0+s|W3s@FDZ%8{@66*Epimnv_E5`e><$alD(=zX!TDU~sS90D>D=QtLUA!ycu0SPV
zQQ(&Xl)!sJzHs4vCcEz>yC)c%45-xxCIbuOeP&imt;J!E^DAa2H@PIfrc}t6S`6%0
zf7Mj9Q<1(%lCFi@d@Xg8U*Fac$)Qc&S>&I*L(;zCHvE=%l&6#_e00^89WQfntqNEb
zxF%pNAJ?jmYhA#)iEGV@YmFV!G9MSUaEant&&6e0bzJKL9|(9LaKno0I{_O4AF>*J
z#AJ`0WDf;n6Bo7Gz{F)?e3Xl8gyZ_2*&T8HpyR^F%>LNPP8Gt2osQYSuv-`(6FYoL
zl!8Mh)jDJ{v6>5cqcCJL^rIE>6U)|9zWAy0;wOT!xtLmQU@o>W@)7i65qP0U{ZkVN
z&`gVj%Ozb~H*K*-08@}s8_`(9D2(a{oFZ0C(S0eI|0JV?_=AjUdL>SWw!<i<>A{|c
zG`<UN^;0OJe%VuUU^AY9bpFwu1rMGhwsQ`)vxJQFGxpL5=L()vE6o8lTD7g?{Qq9*
zSONCp1=(nx=s1ky1Wee^bDUpi%Op%{TNBJXK|&@RLM92Ztx0paZc;z*@s~_u1~Qn1
zF}w&_d{4&Jd<7c}2h#XHWMpIREq$P$($%`R)IxM?U52lVLl(}<IAmblw<QE)kR>oC
z;|#L+A)LpLh%i)=P?fu_rxVP%n1U&shH2Zyl;vUuX0(fGb}>yZrX4P32(gP9<3cyF
zi@q70g;|^<7nfiTFUvU2)8To?;md@~x42|44G~vxo`|Z*^d~TzH+@B$?y0v-*U$1~
z$6?MgJquIX^jzNb94-iQeN~X{r}d}&7jk3hHe=Wf%{+#Y7HH8<oB8f$65H$$+d_z)
zwy1a;NNB-U8o&g!VjH+|FE#IVG`A5l&Jy<0IO7WL<%nor_d#oZUfXG2JBX>n!PHL3
zFzvIKhKVcKVb5!4!F+nKs{ng(zeF>y-O!CmNZMbz+xpTHr1qa=-Xsa3zn}IWQAvpX
zOLMtyvgTD{5A<L!bYUO#;sFWj&oVu)t@t+dNX*UaLH+6C<q7qBq9WbH*8%iGrv&JM
zZeMW-x}cXpmjnjAcnCW2umn6pYK}P6942I9Ib<)5GOpkeQdX&+#fwV%p&tiez&6{@
zW+Q_zsLc*=_W;okIOqonvDra&Gmd?OI0QpDO#Y6-Fdid0$Ep9gqyHEoBj>2SG;+9t
z$9a+uw&Dm3<>NSE#epY@?4*P21R+B<VlNFDSMa2Inb=V~#DfnoY^65@{W`tje0sz9
z4s@#Dg6$l(*#G?FrY2$iV)GXah6e)$*o&nyU<RcO%CH>D?d-~|K?y=oXIIW@%1M5?
zLw=ADXBRY*brTOtUl2nO!Y~A|0>W4+{a8hZs~m?b2^sGd_R<h>1*<s7z&6|gAsNWc
z73jGtK2`r3(6D6@IiWQDv()bLLm2$h4<RV?6@?%GVFCf^XAs7n;Kypxv5R!<a_Fcg
zWOVGbmqrIya2L-PNiadxKn>PHtsPX26;uQwI;dJcQcHK#I_`)N;-DgiS2uA`B@v85
z6k`-r9mH_A^s6$^FKQb$Ks4|CP3>G!bu#saT4*RvM|m#%5VKrIp+>uo<z2@xPOclt
fbrUISawuvfWL(GXrBTNfY~ox+>GO2kzq|hffk<T3

delta 3328
zcmZ8jTTfJ16rPP^%I#rjXAlOIwNM!tKnEP~4je94MP&f5$i=(Jtxb)FTh*ot+SI5$
zpw(&>(Ha{yO?>Q2eetzz(ll*M`b(Oo-`Z!-nKQna^_{i$_pSBqwMTw_tNwngemdt@
z|GYl$Pprs#@%+*yUq;4-XZEk9Yy2~cW^A=G+AynVR$0DHJ|E2}OAYgkTGAw;uif8d
z`O5JfC6XE$LR9TbE4A~gf*;N*zN%;mUsH5d@mGp6?AebR>|j-1Xeoa!A1MRJg@Lat
z^4tG8*&f9=6y1Q770_9T@y++X`1#g*Uo!a{WxerH2Kk4E*j8jKo>MfZ0-0f_VO!a6
zDvKND70sK`=JaTDG8)3vXef~sMw?HLmMoRg_RTB4t?0JmJBn^8{#MZ)#dnqUi;wRK
z**!1WT_sozYd(~^z?h~n&Iz-9GoHN{Zha^0m?r7ZeRzer_<^uL@UkNVY}j$k1%_Q?
zeqjF=p^KozH8r7Gx+%><11<$}!x#b|<;yMkSH57N@1=|%>aiY)@FTDALnYV<qtpdP
zSYwtWoXJ^~Nm+JLRW=69vZu<j^A{8?D1NNyaq5B=oC{i1w5U7vAqfRkK^$S~f>0tU
zT+m|jf|8|TV|Y>V6GcxHKh+oXgQBO3pUEWlpV@i`#py7delBGmr+;*uwzuXq*ndQd
zFCwYLGY~nRfp;P4+0%5-pz%U`_ELNHO4@$qZTqDXY&=7$3yfzPvm9|fdlw0Xu-K~J
z=d*mdOLCk&=%YS+w6-GNPyNm#?GvB+px5VdsUJu@>NoUGkr>p}&jWaxM`(bLQU)Kx
z!DF6-M}bV2N8HemNQRFIN!wCBP6Me&e1iOZ5=<vOOecU0({VR6Op@V~!n9lQDLR$*
z;7_MvKM$tiOg>}Pn5RBOLp)5w?lT{fR~{ds5yu(4yI~$iTf?5VMu5bb5z~rOB(3C)
z@F<P)7!C3#G{&D=G5cL~o1Li72@UXPG-}l(-{e`XZ-?{h?dz2RI}po_j*4WA#^|&a
zqfr_P<b-LE#sCJbn1C@pN2mEbNYCOJehTG1gxyibX`Cl$!X0H?k1|P<&L|Ty$^=H4
z@QgAEB%@54QJf+@$|O(G6i;K6&uN-3K=po=9%b18Us5!cn&k_#_2KHCQ&Y0=F`Cvx
zOwqVA#B^$iY5r1Sip$E1@fC%3u6TF+vJ!0W9EC10{b|fs<OeBuCb`!cX0PKE*Lz(@
zb<W6f895G(xM$=#AQ`#NP&!32a#J1GW3Sg!J#WBXZ^Xfko`V~JOlRxe(2z)mHwp>%
zdK1;B_Ifk+dJCAgc$hW=8KzBcXqY6!TZ9RFy_L46?R7&M_H$zz&g3SG&0bq%aWgf$
z%V6ncXrUIznPyRGMqACEwpxJ1nHJNEQ>2%ng<GkW+o+MZQ5%13kv-U3^#N@cn(a~{
zzlhuGc?Y#xoZRu9&d*IdWZFG4JAusfJKWGnN`~9*-y<b`t<ot`8#P!&tz-qV!_-J^
z0F4$2XyaYfz`HHtJy6)=QP>S+6n43xQIHJpF)icuBn|7J4o*<QHLOD$)=8a?VF@{w
zfKI}r(+MPobsBD`NVr=&xr@5E8;0$rZr+C`_v7$>&*6PQrpdi-Xow`k`#ruMpstj!
z2OVDzf$)%r@F0*OJm7|gP%?Z-``RThl&D+#+C?3XuiYtMySWFx9!AT(Q0Vn290oE9
zJ#J_eB*VR;pqgIy)Yht99Hd~{_J-21pYzjjCNHx>W_t^$fD5V6y^I2V8DYZTV)932
zp=cGNxk68KVfl>92%CnSB7GTQE}|kXrhHyb#k|4_atRKXcn+@sGLtQLLqjAPE-{yp
zyN#&G3ME(E*&Z$hU8#qTfeanFp`nuum+Gr1l5v7mOd%^sMN|;T3R6B61LRvl0mZzM
zLc9tMuZF^EkHRV-qp;Eqje=x&wP_fCFx6${l~EZ-DB>DgrVTBpa>vk!oQOao;*lr^
z5<|-kty828E$0fV;3y2Oq$pRRziJ$=_8hJPGW}J$p&^nCSG$I;p^B8DYn|PWfiC8u
zTMK09*0`aelMKhi&_spoc95dl&<ZMZ42`A?jdBePtwqD@ps>!PPzz)fYTVHNtD5Bh
NX0_~f<NALq{|DWeo!kHb

diff --git a/src/wasm/Hacl_Hash_SHA3.wasm b/src/wasm/Hacl_Hash_SHA3.wasm
index f9b0542d18d7432483966833e532ddf9f6dcba20..e318aff08a7d65bf76da26645fd115f889cc1e55 100644
GIT binary patch
delta 251
zcmYk0I|>3(3`O&F#Q8Y$=7HZrNIDx^MM0Q|IEXuWD!2j>J3C=k-~t4}71+7~mtgG<
z%!rERN$x$#eXkySb)J^g;gXix#(VCzTW|^+KU>vD6Ce*=26mUMmbL>9`P`xaeX5Ls
z!eW8}!`w+2IsjM^QVR)N4Ew@4QIH+0wQN(PUc^9JDw^Hdw<0r(+Ws98>H-X<u31^q
y*;QB52+KWiQPQVA#28U5E+a0(&7TW$m$4{2ZoVHD`nXK)GVfQ`gZOf5gxweN<t~K)

delta 214
zcmX|(KMny=5QpcnVt4I6kNC3+$xNr&Mud<^jDm=pJX~S3(W&1F96&<$1WqB*sa(S-
zD8HHC_q|W*aZ=Y+Mdii1(r*N>W1fRo$^v)j%tsyt+@lZ!sx5({@&ZGKt+!wp0ANi>
z?bzR2j3&ZgqR^dNZI`ua95av>MYF&8DRQ%@E&2@Nu@Y6=6ksO0W@Smcd%ZP`u{s7H
jWqp}|!I<jOGSV`f{9EvC8H@7c#NEumWz%Ny?8fN_w&^HF

diff --git a/src/wasm/Hacl_K256_ECDSA.wasm b/src/wasm/Hacl_K256_ECDSA.wasm
index 41e9fd6a4ab6ef3d463362203ad358e62294ecd5..3f9a5db6e56bf1031581ea79b097df0764720c8e 100644
GIT binary patch
delta 1284
zcmZuxS!_&U6#mb2ZhM&~uGnUx^qgdbwuA?XL?qmK5Q2yV;en(TA)`+oi@9Y?jlDJ6
z(bihjI$acF-=6Fgkw~Z|5z7OSXgmmY&VR4!gPWV2^L=Og&pG%0>wApG9;3|&_!6Hw
z@&cJq-p{(qN>%7fm4}9>o`(xyU@95f)KM|2q<;h}p-3ru1rdd7)=?MOie5v`G<*%V
zf2Mz$t;Q&YIrIjw3os_MSsvw(c*J2QfjOxa;W_b=3E7ef5E?b&LOqun?28R>a%155
zV}>WgjuD%ZEnNVXIrr<Y^WE!cqm)WWsYKsWWdhA|8{~~*zU^mXmCdhP*HV*|;>aox
zM~G4)J#Q%t8?;H%B{>sq2HebLXiNI-5(v-U3b>WKbECG2jgzqxyKk53qRsl-C_6Le
zN*u#Yx<Na7gLJ8tJ0&AkONJWBP}BGP)j+!d%Y^Lhf>MAf$!96r4Y(Vq7O)nm4v>Ad
zXB6wet(MjdH&&yoIeP%BIW|c3u3}MxtC-a2DvI_3)<dMnee&Y8Pp~~Plf(v(E{xmx
znW~MnADFVou%*$psJI;z!vSE%E?~o6G33PUu+RrhV8XUC$<)Zsq0T{|qkxBingOHO
z<Q@5#fWr(-9?5Y5M;KTPP6#;4AjsgPfMy2B;1pm5F0%6Jw6Ke@!kSDOzzk1yy5B+h
z#HfW$MaraBEiGzuv=XFtEs@Rup5fgt^gFgPu>GIf29d)}wf*O_0Sxqz=hh054ask<
z*+cJ@XYa#!J}nUW(%t;KspVtt{D6L_1F*vZKHBQY%?&TsKj=(zC-Nnp1*U%e*zx#w
zS3{mVgL6W?eD%4TH^P)m;=E9QH{{ME`;VIH4&{RGOVLFwO}eC|MVGY<()cS{LAuJJ
zGNEf)nsi-Di*9Hcq?=k|dU7d@&1L6Xur|H26bkA_L+-NGc-uSr19rnZ3}kT+1>9vI
z$9*K=9s^n2V*&RW$l^K$=zSTs3K%v7=n3Ex7Eb}6vUmpgEd8Mrt_^ut#g~EUi}mv^
z0Uuuo1GAUP;H7VddkGYA!eah~iu+tPg^YTC9W?m@DE`m?U&3DelN6`gFAfTDma%e>
NaX2pfeK~9o{Q(MOUIhRE

delta 1327
zcmZuxOKenS6#l<?&@0oJtBB5oCOs!92_s#Q(8P!fd+$PHh;9U<3ll8~i=i7`R+tOS
zP(~D5xs(g74_X9KnYK`L@PSZY6cC}1m}qQeLqag|l@M22&-w2_XW`AAod5gI`<%J|
z&|G@UTzWj6N&I?aqA63&HT|`B^JdeU2)lDj!XMgN;D(jl_KBXQ%NM@j8+v6E&%iT0
zi)1Iw!b?4o>h#PqV<^eLfM!5NrJe3V-k6df2(yin4OE%0fy6R4qHB0ad<CGuv*A5$
z_eH;Fac`+(MXh56a!WB5J+&4~@JOw&7OwNS;j$(!Hzw{<=yZF~w?NHaN{9`fym1w-
zkrYz$HmITGDI?_Eq6dWP)mFAkFs^_ql7L@D#7`p|9(XwO<POjd_;v5s)IfrYrTDzA
zRp@E;?e@i3uw)b;X+2K4bKXf)c8ljO4a$8Qq+f&dH@4CTego8{<ei3iH)ywpbPb1~
z5WEMp2Rr~0TWeXM0Ue`++-n)>vETL>2o-_)#68RV;)Bck<AcM4@xkyAXdnE!_-QKf
zn~J@TYK8XK>DH3hT<tCMTM)`yCYr%mV@h6D6>mcruSFC?sz{c+wrX#t%<n)5&#hKM
zo^A;afDeHRG+eLuu!0c*j#T=df`bBF0Y?<PD<CW2eFcXEkbn<BJ@l;G%pWTI9QC-X
z_$cV8jP$WoK>Ekys;KhD;ZZAH9<wqV@VGq?9|Ike-9D3&5v6H-{x}Bz;K;zjHKIV8
z>Zoou3V&<m&#~I@byL?jFm;<M{NHXJ{&!^b#)35&`|xqlaY$t^`@!VaAGchbj-(Ua
z)&zw6=kHyYr)CG6;u)M!>gSo8w`3PW=_Ec<>h^Bpd3-!iJsJ<CX8SUH(n^OvvC`#F
zt<3UgR<0!eTwHZRr>u1N3oBhdZDp3vSV=qyl31s(G4fwTd+;UrEa)rn6zFU4InX!Y
z^Pq3R7sP|k)?4~c!IS`9=tTwR1ZW%ID>yGe7kWv-1p&Iy%L?os)1JwsJ!E(qG%ex^
z=!%G|NYYhAlN)d(8tKB~`+w?{JIYBE?+O+a5u}O<`ME*#$4e;IR<FbJiB7|L`MB~8
r_fxB&J0BG}a!cg@=aP6(tmN~_N5ku|C?mx!*K*pay>|C{?9BZKaV}xc

diff --git a/src/wasm/Hacl_Lib.wasm b/src/wasm/Hacl_Lib.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..f29473f2d8c429e311a0338499453bff4dd71905
GIT binary patch
literal 474
zcmaKpJx&8L5QX2YAt7uN0Ue^^1pFvHH6;b5Guccaip{RPPLm>DQP6Q1uEi-ZtRhXM
zh-Ng>`~1mz18zM5ps%j$Fq+bqws{mOO)1eo!=#k+;`=>6D~FF9*o!k>e1UQKoUKpm
zrl~``P`jN;tes5m0gYT9LTtm;O6DL<?#b9KU*2q%6&g9yGSAM{6^sV<9Q}vxZgHfM
zv3A734UTnuz;H9cKqFV$P`ygEva|JKA;GrGjbNzRbIs-gHxg=`>?%E-b7b2_4$&kG
ZK7P+c2@kpS&%b@t16gaR>|<P`#1F}SpsWA@

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_P256.wasm b/src/wasm/Hacl_P256.wasm
index 13c3a3a68227fdb000a1d36c5e71803923b2cf5c..113d780fc88014d7bf47007aee3d6843061bec5e 100644
GIT binary patch
delta 95
zcmbQy#k#PIbweu$WB2AZj`;%Yzo#`cFvv4ajxUm)>@F$8C^-2PNBid2lG<Fn3Jr{!
z3=E2Q8J!puswbBSD~i-9+-G#;$jJf<H#^lU++%E2V3@p8*tdC(%Jw-bj5P`X(BB>9

delta 153
zcmZ43#X6&lbweu$W7Fm~j`;%YpQbf5Fvv4aUdJIl*<DhGQDE{Zj`q#3CAGN{oEQ|U
zYZdP@Ix;BUV`O$vxX0+o;>qIR$e_W%punJbpHbm1qe2}>m?I}klYybxsU9fOs=$CG
o)S~!+Q30qDqDbKZqd8D7ki(dzcyICrVYTL^D%+Q;FxDsl007A?%K!iX

diff --git a/src/wasm/INFO.txt b/src/wasm/INFO.txt
index 0288bd71..7ed8e74a 100644
--- a/src/wasm/INFO.txt
+++ b/src/wasm/INFO.txt
@@ -1,4 +1,4 @@
 This code was generated with the following toolchain.
-F* version: e617752a1b014a16892f7d8772d62e5c234f06c1
-Karamel version: 2cf2974007f4103dba5619e4eb9e3eaeefad533b
+F* version: 155853a14336aa0713dba7db5408f4c8ab512a06
+KaRaMeL version: db63c1de17565be0ec4989f58532717a04e3ff40
 Vale version: 0.3.19
diff --git a/src/wasm/main.html b/src/wasm/main.html
index a4841fcb..76be617a 100644
--- a/src/wasm/main.html
+++ b/src/wasm/main.html
@@ -8,7 +8,7 @@
     <script type="application/javascript" src="./test.js"></script>
 
     <script type="application/javascript">
-      var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Hash_Blake2", "Hacl_Hash_Blake2b_256", "Hacl_Hash_Blake2s_128", "Hacl_Hash_SHA3", "Hacl_Hash_Base", "Hacl_Hash_MD5", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_Poly1305_32", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HMAC", "Hacl_HKDF", "Hacl_Chacha20Poly1305_32", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_Streaming_Blake2b_256", "Hacl_Streaming_Blake2s_128", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HMAC_Blake2s_128", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_Streaming_Poly1305_32", "Hacl_HMAC_DRBG", "Hacl_Streaming_Blake2", "Hacl_Bignum64", "Hacl_HMAC_Blake2b_256", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"];
+      var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Lib", "Hacl_Hash_Blake2", "Hacl_Hash_Blake2b_256", "Hacl_Hash_Blake2s_128", "Hacl_Hash_SHA3", "Hacl_Hash_Base", "Hacl_Hash_MD5", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_Poly1305_32", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HMAC", "Hacl_HKDF", "Hacl_Chacha20Poly1305_32", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_Streaming_Blake2b_256", "Hacl_Streaming_Blake2s_128", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HMAC_Blake2s_128", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_Streaming_Poly1305_32", "Hacl_HMAC_DRBG", "Hacl_Streaming_Blake2", "Hacl_Bignum64", "Hacl_HMAC_Blake2b_256", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"];
     </script>
     <script type="application/javascript" src="browser.js"></script>
     <script type="application/javascript" src="loader.js"></script>
diff --git a/src/wasm/shell.js b/src/wasm/shell.js
index 7c0dd16d..2b0217e7 100644
--- a/src/wasm/shell.js
+++ b/src/wasm/shell.js
@@ -1,7 +1,7 @@
 
 // To be loaded by main.js
 var my_js_files = ["./test.js"];
-var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Hash_Blake2", "Hacl_Hash_Blake2b_256", "Hacl_Hash_Blake2s_128", "Hacl_Hash_SHA3", "Hacl_Hash_Base", "Hacl_Hash_MD5", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_Poly1305_32", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HMAC", "Hacl_HKDF", "Hacl_Chacha20Poly1305_32", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_Streaming_Blake2b_256", "Hacl_Streaming_Blake2s_128", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HMAC_Blake2s_128", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_Streaming_Poly1305_32", "Hacl_HMAC_DRBG", "Hacl_Streaming_Blake2", "Hacl_Bignum64", "Hacl_HMAC_Blake2b_256", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"];
+var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Lib", "Hacl_Hash_Blake2", "Hacl_Hash_Blake2b_256", "Hacl_Hash_Blake2s_128", "Hacl_Hash_SHA3", "Hacl_Hash_Base", "Hacl_Hash_MD5", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_Poly1305_32", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HMAC", "Hacl_HKDF", "Hacl_Chacha20Poly1305_32", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_Streaming_Blake2b_256", "Hacl_Streaming_Blake2s_128", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HMAC_Blake2s_128", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_Streaming_Poly1305_32", "Hacl_HMAC_DRBG", "Hacl_Streaming_Blake2", "Hacl_Bignum64", "Hacl_HMAC_Blake2b_256", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"];
 var my_debug = false;
 
 if (typeof module !== "undefined")
diff --git a/tools/configure.py b/tools/configure.py
index 9d5e06d1..1edd68e0 100644
--- a/tools/configure.py
+++ b/tools/configure.py
@@ -72,7 +72,8 @@ def dependencies(self, source_dir, algorithm, source_file):
         files = []
         for line in stdout.splitlines():
             # Remove object file and the c file itself
-            first_line_search = "(\w*).o: " + re.escape(join(source_dir, "(\w*).c"))
+            first_line_search = "(\w*).o: " + \
+                re.escape(join(source_dir, "(\w*).c"))
             line = re.sub(first_line_search, "", line)
             line = line.strip()
             line = line.split(" ")
@@ -86,7 +87,8 @@ def dependencies(self, source_dir, algorithm, source_file):
         # Get all source files in source_dir
         source_files = glob(join(source_dir, "*.c"))
         # remove source_dir and .c
-        source_files = list(map(lambda s: s[len(source_dir) + 1 : -2], source_files))
+        source_files = list(
+            map(lambda s: s[len(source_dir) + 1: -2], source_files))
 
         # Now let's collect the c files from the included headers
         # This adds all files without looking at the feature requirements into deps.
@@ -96,8 +98,9 @@ def dependencies(self, source_dir, algorithm, source_file):
             # Get the file name from the path
             file_name = os.path.splitext(os.path.basename(include))[0]
             # Only add the dependency if there's a corresponding source file.
-            if file_name in source_files:
-                deps.append(join(source_dir, file_name + ".c"))
+            for s in source_files:
+                if s.lower() == file_name.lower():
+                    deps.append(join(source_dir, s + ".c"))
             # We take all includes though
             if include.endswith(".h"):
                 includes.append(include)
@@ -174,7 +177,8 @@ def __init__(
         self.hacl_includes = []
         for a in self.hacl_files:
             for source_file in self.hacl_files[a]:
-                files, includes = self.dependencies(source_dir, a, source_file["file"])
+                files, includes = self.dependencies(
+                    source_dir, a, source_file["file"])
                 self.hacl_includes.extend(
                     includes if type(includes) == list else [includes]
                 )
@@ -236,7 +240,8 @@ def __init__(
             self.hacl_compile_feature[k] = list(
                 dict.fromkeys(self.hacl_compile_feature[k])
             )
-        self.evercrypt_compile_files = list(dict.fromkeys(self.evercrypt_compile_files))
+        self.evercrypt_compile_files = list(
+            dict.fromkeys(self.evercrypt_compile_files))
         self.hacl_includes = list(dict.fromkeys(self.hacl_includes))
         # Drop Hacl_ files from evercrypt
         self.evercrypt_compile_files = [

From 8ab2d0fbbc7425cecdb2b1fa9727ef50590e7bf6 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 27 Sep 2023 09:18:13 +0200
Subject: [PATCH 2/7] Update .clabot

---
 .clabot | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.clabot b/.clabot
index a23279be..48f58d25 100644
--- a/.clabot
+++ b/.clabot
@@ -9,7 +9,8 @@
     "addressxception": "InfernoRed",
     "bkmgit": "",
     "mamonet": "",
-    "emillon": ""
+    "emillon": "",
+    "protz": ""
   },
   "contributors": [
     "franziskuskiefer",
@@ -21,6 +22,7 @@
     "bkmgit",
     "mgstoyanov",
     "mamonet",
-    "emillon"
+    "emillon",
+    "protz"
   ]
 }

From 1a0f62c0b5e4bafa5bc1da5aef4cc9ad2ef43547 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 27 Sep 2023 09:20:05 +0200
Subject: [PATCH 3/7] Update .clabot

---
 .clabot | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.clabot b/.clabot
index 48f58d25..a049f5a8 100644
--- a/.clabot
+++ b/.clabot
@@ -10,7 +10,8 @@
     "bkmgit": "",
     "mamonet": "",
     "emillon": "",
-    "protz": ""
+    "protz": "",
+    "ma-ilsi": ""
   },
   "contributors": [
     "franziskuskiefer",
@@ -23,6 +24,7 @@
     "mgstoyanov",
     "mamonet",
     "emillon",
-    "protz"
+    "protz",
+    "ma-ilsi"
   ]
 }

From fa640943968b9abd61a8223dfaa5e5772e14cf0f Mon Sep 17 00:00:00 2001
From: Jonathan Protzenko <jonathan.protzenko@gmail.com>
Date: Wed, 27 Sep 2023 02:41:59 -0700
Subject: [PATCH 4/7] Refresh list of algorithms (#427)

---
 docs/book/src/algorithms.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/book/src/algorithms.md b/docs/book/src/algorithms.md
index ea43ca0d..72feaafe 100644
--- a/docs/book/src/algorithms.md
+++ b/docs/book/src/algorithms.md
@@ -15,6 +15,7 @@ For a detailed description fo the Support column, please see the [Architectures
 | Signature            | Ed25519           | Portable                                |
 | Signature            | ECDSA P-256r1     | Portable                                |
 | Signature            | ECDSA P-256k1     | Portable                                |
+| Signature            | RSA-PSS           | Portable                                |
 | Hash                 | SHA2-224          | Portable \| SHAEXT                      |
 | Hash                 | SHA2-256          | Portable \| SHAEXT                      |
 | Hash                 | SHA2-384          | Portable                                |
@@ -29,3 +30,5 @@ For a detailed description fo the Support column, please see the [Architectures
 | MAC                  | HMAC              | Portable (depends on hash)              |
 | MAC                  | Poly1305          | Portable \| vec128 \| vec256 \| x64 ASM |
 | Hybrid Encryption    | Nacl              | Portable                                |
+| Hybrid Encryption    | HPKE              | Portable (depends on hash, aead, dh)    |
+| Random Generation    | HMAC-DRBG         | Portable (depends on hash)              |

From 27f40b2174da5267627acd3e1a60116f303c3d85 Mon Sep 17 00:00:00 2001
From: Muhammad Ali <m.ali023@hotmail.com>
Date: Wed, 27 Sep 2023 07:07:44 -0400
Subject: [PATCH 5/7] Improve RSAPSS usage example (#425)

Case analysis of invlaid key arguments.
---
 tests/rsapss.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tests/rsapss.cc b/tests/rsapss.cc
index 029065a2..440e63e3 100644
--- a/tests/rsapss.cc
+++ b/tests/rsapss.cc
@@ -35,8 +35,17 @@ TEST(ApiSuite, ApiTest)
   generate_rsapss_key(&e, &eBits, &d, &dBits, &mod, &modBits);
   uint64_t* skey =
     Hacl_RSAPSS_new_rsapss_load_skey(modBits, eBits, dBits, mod, e, d);
+
+  if (skey == NULL) {
+    //Error
+  }
+
   uint64_t* pkey = Hacl_RSAPSS_new_rsapss_load_pkey(modBits, eBits, mod, e);
 
+  if (pkey == NULL) {
+    //Error
+  }
+
   // Message
   const char* msg = "Hello, World!";
   size_t msgLen = strlen(msg);

From 4d3ac1cbb383f1719da96cd3b7e7d678c0ce87bc Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 11 Oct 2023 14:01:05 +0200
Subject: [PATCH 6/7] update HACL to 1b30697fc2b0d8d5e2f541eccfd3fb52b45b905c
 (#429)

---
 CMakeLists.txt                                |   6 +-
 include/Hacl_RSAPSS.h                         |  45 +-
 include/internal/Hacl_Bignum25519_51.h        |   4 +
 include/msvc/Hacl_RSAPSS.h                    |  45 +-
 include/msvc/internal/Hacl_Bignum25519_51.h   |   4 +
 info.txt                                      |   6 +-
 karamel/include/krml/internal/target.h        |   8 +
 karamel/krmllib/dist/minimal/Makefile.basic   |  56 ---
 karamel/krmllib/dist/minimal/Makefile.include |   5 -
 .../dist/minimal/fstar_uint128_gcc64.h        |   4 +-
 karamel/krmllib/dist/minimal/libkrmllib.def   |  11 -
 ocaml/ctypes.depend                           |  10 +-
 src/EverCrypt_AEAD.c                          | 438 +++++++++++-------
 src/EverCrypt_AutoConfig2.c                   |  48 +-
 src/EverCrypt_DRBG.c                          |   4 +
 src/EverCrypt_Hash.c                          |   5 +-
 src/EverCrypt_Poly1305.c                      |  16 +-
 src/Hacl_Chacha20_Vec128.c                    |   6 +-
 src/Hacl_Chacha20_Vec256.c                    |   6 +-
 src/Hacl_Chacha20_Vec32.c                     |   6 +-
 src/Hacl_Curve25519_64.c                      |  18 +-
 src/Hacl_Ed25519.c                            |  84 ++--
 src/Hacl_FFDHE.c                              |   7 +-
 src/Hacl_Frodo_KEM.c                          |   2 +-
 src/Hacl_HMAC_DRBG.c                          |   3 +
 src/Hacl_Hash_Blake2.c                        |   2 +
 src/Hacl_Hash_Blake2b_256.c                   |   1 +
 src/Hacl_Hash_Blake2s_128.c                   |   1 +
 src/Hacl_Hash_MD5.c                           |   1 -
 src/Hacl_Hash_SHA1.c                          |   1 -
 src/Hacl_Hash_SHA2.c                          |   4 -
 src/Hacl_Hash_SHA3.c                          |   7 +-
 src/Hacl_K256_ECDSA.c                         |  28 +-
 src/Hacl_RSAPSS.c                             |  45 +-
 src/Hacl_Salsa20.c                            |   8 +-
 src/Hacl_Streaming_Blake2.c                   |   2 -
 src/Hacl_Streaming_Blake2b_256.c              |   1 -
 src/Hacl_Streaming_Blake2s_128.c              |   1 -
 src/Hacl_Streaming_Poly1305_128.c             |   3 +-
 src/Hacl_Streaming_Poly1305_256.c             |   3 +-
 src/Hacl_Streaming_Poly1305_32.c              |   1 -
 src/msvc/EverCrypt_AEAD.c                     | 438 +++++++++++-------
 src/msvc/EverCrypt_AutoConfig2.c              |  48 +-
 src/msvc/EverCrypt_DRBG.c                     |   4 +
 src/msvc/EverCrypt_Hash.c                     |   5 +-
 src/msvc/EverCrypt_Poly1305.c                 |  16 +-
 src/msvc/Hacl_Chacha20_Vec128.c               |   6 +-
 src/msvc/Hacl_Chacha20_Vec256.c               |   6 +-
 src/msvc/Hacl_Chacha20_Vec32.c                |   6 +-
 src/msvc/Hacl_Curve25519_64.c                 |  18 +-
 src/msvc/Hacl_Ed25519.c                       |  84 ++--
 src/msvc/Hacl_FFDHE.c                         |   7 +-
 src/msvc/Hacl_Frodo_KEM.c                     |   2 +-
 src/msvc/Hacl_HMAC_DRBG.c                     |   3 +
 src/msvc/Hacl_Hash_Blake2.c                   |   2 +
 src/msvc/Hacl_Hash_Blake2b_256.c              |   1 +
 src/msvc/Hacl_Hash_Blake2s_128.c              |   1 +
 src/msvc/Hacl_Hash_MD5.c                      |   1 -
 src/msvc/Hacl_Hash_SHA1.c                     |   1 -
 src/msvc/Hacl_Hash_SHA2.c                     |   4 -
 src/msvc/Hacl_Hash_SHA3.c                     |   7 +-
 src/msvc/Hacl_K256_ECDSA.c                    |  28 +-
 src/msvc/Hacl_RSAPSS.c                        |  45 +-
 src/msvc/Hacl_Salsa20.c                       |   8 +-
 src/msvc/Hacl_Streaming_Blake2.c              |   2 -
 src/msvc/Hacl_Streaming_Blake2b_256.c         |   1 -
 src/msvc/Hacl_Streaming_Blake2s_128.c         |   1 -
 src/msvc/Hacl_Streaming_Poly1305_128.c        |   3 +-
 src/msvc/Hacl_Streaming_Poly1305_256.c        |   3 +-
 src/msvc/Hacl_Streaming_Poly1305_32.c         |   1 -
 src/wasm/EverCrypt_Hash.wasm                  | Bin 49374 -> 49373 bytes
 src/wasm/Hacl_Bignum.wasm                     | Bin 78522 -> 78554 bytes
 src/wasm/Hacl_Bignum256.wasm                  | Bin 100214 -> 100226 bytes
 src/wasm/Hacl_Bignum256_32.wasm               | Bin 41067 -> 41067 bytes
 src/wasm/Hacl_Bignum32.wasm                   | Bin 15248 -> 15248 bytes
 src/wasm/Hacl_Bignum4096.wasm                 | Bin 63798 -> 63810 bytes
 src/wasm/Hacl_Bignum4096_32.wasm              | Bin 32319 -> 32319 bytes
 src/wasm/Hacl_Bignum64.wasm                   | Bin 24421 -> 24432 bytes
 src/wasm/Hacl_Chacha20Poly1305_32.wasm        | Bin 7661 -> 7657 bytes
 src/wasm/Hacl_Chacha20_Vec32.wasm             | Bin 5552 -> 5544 bytes
 src/wasm/Hacl_Curve25519_51.wasm              | Bin 7170 -> 7166 bytes
 src/wasm/Hacl_GenericField32.wasm             | Bin 10727 -> 10731 bytes
 src/wasm/Hacl_GenericField64.wasm             | Bin 11708 -> 11718 bytes
 src/wasm/Hacl_HMAC.wasm                       | Bin 29842 -> 29855 bytes
 src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm   | Bin 21304 -> 21306 bytes
 src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm   | Bin 21432 -> 21434 bytes
 src/wasm/Hacl_Hash_MD5.wasm                   | Bin 15550 -> 15558 bytes
 src/wasm/Hacl_Hash_SHA1.wasm                  | Bin 13140 -> 13148 bytes
 src/wasm/Hacl_Hash_SHA3.wasm                  | Bin 17639 -> 17611 bytes
 src/wasm/Hacl_K256_ECDSA.wasm                 | Bin 98203 -> 98193 bytes
 src/wasm/Hacl_NaCl.wasm                       | Bin 5031 -> 5027 bytes
 src/wasm/Hacl_P256.wasm                       | Bin 83233 -> 83213 bytes
 src/wasm/Hacl_Salsa20.wasm                    | Bin 10032 -> 10024 bytes
 src/wasm/INFO.txt                             |   4 +-
 94 files changed, 927 insertions(+), 785 deletions(-)
 delete mode 100644 karamel/krmllib/dist/minimal/Makefile.basic
 delete mode 100644 karamel/krmllib/dist/minimal/Makefile.include
 delete mode 100644 karamel/krmllib/dist/minimal/libkrmllib.def

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 825b1192..dcdd2f68 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -93,12 +93,9 @@ if(NOT MSVC)
         # -pedantic
         # -Wconversion
         # -Wsign-conversion
-        # -Werror=gcc-compat
         $<$<CONFIG:DEBUG>:-g>
         $<$<CONFIG:DEBUG>:-Og>
         $<$<CONFIG:RELEASE>:-O3>
-        # $<$<CONFIG:RELEASE>:-g>
-        # $<$<CONFIG:RELEASE>:-Wno-deprecated-declarations>
     )
 endif()
 
@@ -337,6 +334,9 @@ configure_file(config/Config.h.in config.h)
 # Now combine everything into the hacl library
 # # Dynamic library
 add_library(hacl SHARED ${SOURCES_std} ${VALE_OBJECTS})
+if(NOT MSVC)
+    target_compile_options(hacl PRIVATE -Wsign-conversion -Wconversion -Wall -Wextra -pedantic)
+endif()
 
 if(TOOLCHAIN_CAN_COMPILE_VEC128 AND HACL_VEC128_O)
     add_dependencies(hacl hacl_vec128)
diff --git a/include/Hacl_RSAPSS.h b/include/Hacl_RSAPSS.h
index 8f4de949..90bd69ce 100644
--- a/include/Hacl_RSAPSS.h
+++ b/include/Hacl_RSAPSS.h
@@ -43,9 +43,9 @@ extern "C" {
 Sign a message `msg` and write the signature to `sgnt`.
 
 @param a Hash algorithm to use. Allowed values for `a` are ...
-  * Spec_Hash_Definitions_SHA2_256,
-  * Spec_Hash_Definitions_SHA2_384, and
-  * Spec_Hash_Definitions_SHA2_512.
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
@@ -75,7 +75,10 @@ Hacl_RSAPSS_rsapss_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.
@@ -105,10 +108,10 @@ Load a public key from key parts.
 
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 
-@return Returns an allocated public key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb);
@@ -119,11 +122,11 @@ Load a secret key from key parts.
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 
-@return Returns an allocated secret key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_skey(
@@ -138,13 +141,16 @@ uint64_t
 /**
 Sign a message `msg` and write the signature to `sgnt`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param salt Pointer to `saltLen` bytes where the salt is read from.
 @param msgLen Length of message.
@@ -172,11 +178,14 @@ Hacl_RSAPSS_rsapss_skey_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param sgntLen Length of signature.
 @param sgnt Pointer to `sgntLen` bytes where the signature is read from.
diff --git a/include/internal/Hacl_Bignum25519_51.h b/include/internal/Hacl_Bignum25519_51.h
index 9fe5e9fc..25a10503 100644
--- a/include/internal/Hacl_Bignum25519_51.h
+++ b/include/internal/Hacl_Bignum25519_51.h
@@ -84,6 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul(
   FStar_UInt128_uint128 *uu___
 )
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -167,6 +168,7 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   FStar_UInt128_uint128 *uu___
 )
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -371,6 +373,7 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f0 = f[0U];
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
@@ -446,6 +449,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f[0U];
   uint64_t f11 = f[1U];
   uint64_t f12 = f[2U];
diff --git a/include/msvc/Hacl_RSAPSS.h b/include/msvc/Hacl_RSAPSS.h
index 8f4de949..90bd69ce 100644
--- a/include/msvc/Hacl_RSAPSS.h
+++ b/include/msvc/Hacl_RSAPSS.h
@@ -43,9 +43,9 @@ extern "C" {
 Sign a message `msg` and write the signature to `sgnt`.
 
 @param a Hash algorithm to use. Allowed values for `a` are ...
-  * Spec_Hash_Definitions_SHA2_256,
-  * Spec_Hash_Definitions_SHA2_384, and
-  * Spec_Hash_Definitions_SHA2_512.
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
@@ -75,7 +75,10 @@ Hacl_RSAPSS_rsapss_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.
@@ -105,10 +108,10 @@ Load a public key from key parts.
 
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 
-@return Returns an allocated public key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb);
@@ -119,11 +122,11 @@ Load a secret key from key parts.
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 
-@return Returns an allocated secret key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_skey(
@@ -138,13 +141,16 @@ uint64_t
 /**
 Sign a message `msg` and write the signature to `sgnt`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param salt Pointer to `saltLen` bytes where the salt is read from.
 @param msgLen Length of message.
@@ -172,11 +178,14 @@ Hacl_RSAPSS_rsapss_skey_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param sgntLen Length of signature.
 @param sgnt Pointer to `sgntLen` bytes where the signature is read from.
diff --git a/include/msvc/internal/Hacl_Bignum25519_51.h b/include/msvc/internal/Hacl_Bignum25519_51.h
index 9fe5e9fc..25a10503 100644
--- a/include/msvc/internal/Hacl_Bignum25519_51.h
+++ b/include/msvc/internal/Hacl_Bignum25519_51.h
@@ -84,6 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul(
   FStar_UInt128_uint128 *uu___
 )
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -167,6 +168,7 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   FStar_UInt128_uint128 *uu___
 )
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -371,6 +373,7 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f0 = f[0U];
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
@@ -446,6 +449,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f[0U];
   uint64_t f11 = f[1U];
   uint64_t f12 = f[2U];
diff --git a/info.txt b/info.txt
index 1a29e888..af3dbf98 100644
--- a/info.txt
+++ b/info.txt
@@ -1,5 +1,5 @@
 The code was generated with the following toolchain.
-F* version: 155853a14336aa0713dba7db5408f4c8ab512a06
-KaRaMeL version: db63c1de17565be0ec4989f58532717a04e3ff40
-HACL* version: ad60c9d98c9ce8f6a4fa13090511fa4b3a2c137b
+F* version: bc622701c668f6b4092760879372968265d4a4e1
+KaRaMeL version: 7cffd27cfefbd220e986e561e8d350f043609f76
+HACL* version: 1b30697fc2b0d8d5e2f541eccfd3fb52b45b905c
 Vale version: 0.3.19
diff --git a/karamel/include/krml/internal/target.h b/karamel/include/krml/internal/target.h
index 634c20fc..4903d224 100644
--- a/karamel/include/krml/internal/target.h
+++ b/karamel/include/krml/internal/target.h
@@ -57,6 +57,14 @@
 #  define KRML_HOST_IGNORE(x) (void)(x)
 #endif
 
+#ifndef KRML_MAYBE_UNUSED
+#  if defined(__GNUC__)
+#    define KRML_MAYBE_UNUSED __attribute__((unused))
+#  else
+#    define KRML_MAYBE_UNUSED
+#  endif
+#endif
+
 #ifndef KRML_NOINLINE
 #  if defined(_MSC_VER)
 #    define KRML_NOINLINE __declspec(noinline)
diff --git a/karamel/krmllib/dist/minimal/Makefile.basic b/karamel/krmllib/dist/minimal/Makefile.basic
deleted file mode 100644
index d7a1fdfd..00000000
--- a/karamel/krmllib/dist/minimal/Makefile.basic
+++ /dev/null
@@ -1,56 +0,0 @@
-# A basic Makefile that KaRaMeL copies in the output directory; this is not
-# guaranteed to work and will only work well for very simple projects. This
-# Makefile uses:
-# - the custom C files passed to your krml invocation
-# - the custom C flags passed to your krml invocation
-# - the -o option passed to your krml invocation
-
-include Makefile.include
-
-ifeq (,$(KRML_HOME))
-  $(error please define KRML_HOME to point to the root of your KaRaMeL git checkout)
-endif
-
-CFLAGS 	+= -I. -I $(KRML_HOME)/include -I $(KRML_HOME)/krmllib/dist/minimal
-CFLAGS 	+= -Wall -Wextra -Werror -std=c11 -Wno-unused-variable \
-  -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-function \
-  -Wno-unused-parameter -Wno-infinite-recursion \
-  -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE
-ifeq ($(OS),Windows_NT)
-CFLAGS 	+= -D__USE_MINGW_ANSI_STDIO
-else
-CFLAGS 	+= -fPIC
-endif
-CFLAGS 	+= $(USER_CFLAGS)
-
-SOURCES += $(ALL_C_FILES) $(USER_C_FILES)
-ifneq (,$(BLACKLIST))
-  SOURCES := $(filter-out $(BLACKLIST),$(SOURCES))
-endif
-OBJS 	+= $(patsubst %.c,%.o,$(SOURCES))
-
-all: $(USER_TARGET)
-
-$(USER_TARGET): $(OBJS)
-
-AR ?= ar
-
-%.a:
-	$(AR) cr $@ $^
-
-%.exe:
-	$(CC) $(CFLAGS) -o $@ $^ $(KRML_HOME)/krmllib/dist/generic/libkrmllib.a
-
-%.so:
-	$(CC) $(CFLAGS) -shared -o $@ $^
-
-%.d: %.c
-	@set -e; rm -f $@; \
-	  $(CC) -MM -MG $(CFLAGS) $< > $@.$$$$; \
-	  sed 's,\($(notdir $*)\)\.o[ :]*,$(dir $@)\1.o $@ : ,g' < $@.$$$$ > $@; \
-	  rm -f $@.$$$$
-
-include $(patsubst %.c,%.d,$(SOURCES))
-
-clean:
-	rm -rf *.o *.d $(USER_TARGET)
diff --git a/karamel/krmllib/dist/minimal/Makefile.include b/karamel/krmllib/dist/minimal/Makefile.include
deleted file mode 100644
index ad532171..00000000
--- a/karamel/krmllib/dist/minimal/Makefile.include
+++ /dev/null
@@ -1,5 +0,0 @@
-USER_TARGET=libkrmllib.a
-USER_CFLAGS=
-USER_C_FILES=fstar_uint128.c
-ALL_C_FILES=
-ALL_H_FILES=FStar_UInt128.h FStar_UInt_8_16_32_64.h LowStar_Endianness.h
diff --git a/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h b/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h
index e40304b2..ae109004 100644
--- a/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h
+++ b/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h
@@ -110,7 +110,7 @@ inline static uint128_t FStar_UInt128_mul_wide(uint64_t x, uint64_t y) {
 inline static uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) {
   uint64_t mask =
       FStar_UInt64_eq_mask((uint64_t)(x >> 64), (uint64_t)(y >> 64)) &
-      FStar_UInt64_eq_mask(x, y);
+      FStar_UInt64_eq_mask((uint64_t)x, (uint64_t)y);
   return ((uint128_t)mask) << 64 | mask;
 }
 
@@ -118,7 +118,7 @@ inline static uint128_t FStar_UInt128_gte_mask(uint128_t x, uint128_t y) {
   uint64_t mask =
       (FStar_UInt64_gte_mask(x >> 64, y >> 64) &
        ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) |
-      (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask(x, y));
+      (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask((uint64_t)x, (uint64_t)y));
   return ((uint128_t)mask) << 64 | mask;
 }
 
diff --git a/karamel/krmllib/dist/minimal/libkrmllib.def b/karamel/krmllib/dist/minimal/libkrmllib.def
deleted file mode 100644
index c4ab8e38..00000000
--- a/karamel/krmllib/dist/minimal/libkrmllib.def
+++ /dev/null
@@ -1,11 +0,0 @@
-LIBRARY libkrmllib
-
-EXPORTS
-  FStar_UInt64_eq_mask
-  FStar_UInt64_gte_mask
-  FStar_UInt32_eq_mask
-  FStar_UInt32_gte_mask
-  FStar_UInt16_eq_mask
-  FStar_UInt16_gte_mask
-  FStar_UInt8_eq_mask
-  FStar_UInt8_gte_mask
diff --git a/ocaml/ctypes.depend b/ocaml/ctypes.depend
index 86af86df..31393b5e 100644
--- a/ocaml/ctypes.depend
+++ b/ocaml/ctypes.depend
@@ -1,4 +1,4 @@
-CTYPES_DEPS=lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Blake2_stubs.cmx lib/Hacl_Hash_Blake2_bindings.cmx lib/Hacl_Hash_Blake2b_256_stubs.cmx lib/Hacl_Hash_Blake2b_256_bindings.cmx lib/Hacl_Hash_Blake2s_128_stubs.cmx lib/Hacl_Hash_Blake2s_128_bindings.cmx lib/Hacl_Hash_SHA3_stubs.cmx lib/Hacl_Hash_SHA3_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_Poly1305_32_stubs.cmx lib/Hacl_Poly1305_32_bindings.cmx lib/Hacl_Poly1305_128_stubs.cmx lib/Hacl_Poly1305_128_bindings.cmx lib/Hacl_Poly1305_256_stubs.cmx lib/Hacl_Poly1305_256_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_128_stubs.cmx lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_Chacha20Poly1305_256_stubs.cmx lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_32_stubs.cmx lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/Hacl_Streaming_Poly1305_32_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_Streaming_Blake2_stubs.cmx lib/Hacl_Streaming_Blake2_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx 
+CTYPES_DEPS=lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Blake2_stubs.cmx lib/Hacl_Hash_Blake2_bindings.cmx lib/Hacl_Hash_Blake2b_256_stubs.cmx lib/Hacl_Hash_Blake2b_256_bindings.cmx lib/Hacl_Hash_Blake2s_128_stubs.cmx lib/Hacl_Hash_Blake2s_128_bindings.cmx lib/Hacl_Hash_SHA3_stubs.cmx lib/Hacl_Hash_SHA3_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_Poly1305_32_stubs.cmx lib/Hacl_Poly1305_32_bindings.cmx lib/Hacl_Poly1305_128_stubs.cmx lib/Hacl_Poly1305_128_bindings.cmx lib/Hacl_Poly1305_256_stubs.cmx lib/Hacl_Poly1305_256_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_128_stubs.cmx lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_Chacha20Poly1305_256_stubs.cmx lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_32_stubs.cmx lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_Streaming_Poly1305_32_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_Streaming_Blake2_stubs.cmx lib/Hacl_Streaming_Blake2_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx 
 lib/Hacl_Streaming_Types_bindings.cmx: 
 lib/Hacl_Streaming_Types_bindings.cmo: 
 lib_gen/Hacl_Streaming_Types_gen.cmx: lib/Hacl_Streaming_Types_bindings.cmx
@@ -283,14 +283,14 @@ lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Imp
 lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo 
 lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.cmx: lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx
 lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.cmx 
-lib/EverCrypt_Poly1305_bindings.cmx: 
-lib/EverCrypt_Poly1305_bindings.cmo: 
-lib_gen/EverCrypt_Poly1305_gen.cmx: lib/EverCrypt_Poly1305_bindings.cmx
-lib_gen/EverCrypt_Poly1305_gen.exe: lib/EverCrypt_Poly1305_bindings.cmx lib_gen/EverCrypt_Poly1305_gen.cmx 
 lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx 
 lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo 
 lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx: lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx
 lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx 
+lib/EverCrypt_Poly1305_bindings.cmx: 
+lib/EverCrypt_Poly1305_bindings.cmo: 
+lib_gen/EverCrypt_Poly1305_gen.cmx: lib/EverCrypt_Poly1305_bindings.cmx
+lib_gen/EverCrypt_Poly1305_gen.exe: lib/EverCrypt_Poly1305_bindings.cmx lib_gen/EverCrypt_Poly1305_gen.cmx 
 lib/Hacl_Streaming_Poly1305_32_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
 lib/Hacl_Streaming_Poly1305_32_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
 lib_gen/Hacl_Streaming_Poly1305_32_gen.cmx: lib/Hacl_Streaming_Poly1305_32_bindings.cmx
diff --git a/src/EverCrypt_AEAD.c b/src/EverCrypt_AEAD.c
index 564dbc2e..d3a4ffbe 100644
--- a/src/EverCrypt_AEAD.c
+++ b/src/EverCrypt_AEAD.c
@@ -46,6 +46,8 @@ The state may be reused as many times as desired.
 */
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee)
 {
+  KRML_HOST_IGNORE(a);
+  KRML_HOST_IGNORE(projectee);
   return true;
 }
 
@@ -58,8 +60,7 @@ Return the algorithm used in the AEAD state.
 */
 Spec_Agile_AEAD_alg EverCrypt_AEAD_alg_of_state(EverCrypt_AEAD_state_s *s)
 {
-  EverCrypt_AEAD_state_s scrut = *s;
-  Spec_Cipher_Expansion_impl impl = scrut.impl;
+  Spec_Cipher_Expansion_impl impl = (*s).impl;
   switch (impl)
   {
     case Spec_Cipher_Expansion_Hacl_CHACHA20:
@@ -97,6 +98,8 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  KRML_HOST_IGNORE(dst);
+  KRML_HOST_IGNORE(k);
   #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
@@ -108,8 +111,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
     uint8_t *hkeys_b = ek + (uint32_t)176U;
-    uint64_t scrut = aes128_key_expansion(k, keys_b);
-    uint64_t scrut0 = aes128_keyhash_init(keys_b, hkeys_b);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b, hkeys_b));
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek });
@@ -125,6 +128,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  KRML_HOST_IGNORE(dst);
+  KRML_HOST_IGNORE(k);
   #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
@@ -136,8 +141,8 @@ create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
     uint8_t *hkeys_b = ek + (uint32_t)240U;
-    uint64_t scrut = aes256_key_expansion(k, keys_b);
-    uint64_t scrut0 = aes256_keyhash_init(keys_b, hkeys_b);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b, hkeys_b));
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek });
@@ -203,6 +208,15 @@ encrypt_aes128_gcm(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(s);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
@@ -212,8 +226,7 @@ encrypt_aes128_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -223,8 +236,12 @@ encrypt_aes128_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -250,9 +267,7 @@ encrypt_aes128_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t
-    scrut0 =
-      gcm128_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -268,7 +283,7 @@ encrypt_aes128_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   else
   {
@@ -281,9 +296,7 @@ encrypt_aes128_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
-    uint64_t
-    scrut0 =
-      gcm128_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -299,7 +312,7 @@ encrypt_aes128_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
     inout_b,
@@ -327,6 +340,15 @@ encrypt_aes256_gcm(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(s);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
@@ -336,8 +358,7 @@ encrypt_aes256_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -347,8 +368,12 @@ encrypt_aes256_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -374,9 +399,7 @@ encrypt_aes256_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t
-    scrut0 =
-      gcm256_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -392,7 +415,7 @@ encrypt_aes256_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   else
   {
@@ -405,9 +428,7 @@ encrypt_aes256_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
-    uint64_t
-    scrut0 =
-      gcm256_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -423,7 +444,7 @@ encrypt_aes256_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
     inout_b,
@@ -525,27 +546,34 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  uint64_t scrut0 = aes128_key_expansion(k, keys_b0);
-  uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_Error_error_code r;
   if (s == NULL)
   {
-    r = EverCrypt_Error_InvalidKey;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
   else if (iv_len == (uint32_t)0U)
   {
-    r = EverCrypt_Error_InvalidIVLength;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
-    EverCrypt_AEAD_state_s scrut = *s;
-    uint8_t *ek0 = scrut.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -555,8 +583,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -582,9 +614,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t
-      scrut2 =
-        gcm128_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -600,7 +630,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     else
     {
@@ -613,9 +643,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
-      uint64_t
-      scrut2 =
-        gcm128_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -631,12 +659,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
       inout_b,
       (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    r = EverCrypt_Error_Success;
+    KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
   #else
@@ -669,27 +697,34 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  uint64_t scrut0 = aes256_key_expansion(k, keys_b0);
-  uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_Error_error_code r;
   if (s == NULL)
   {
-    r = EverCrypt_Error_InvalidKey;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
   else if (iv_len == (uint32_t)0U)
   {
-    r = EverCrypt_Error_InvalidIVLength;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
-    EverCrypt_AEAD_state_s scrut = *s;
-    uint8_t *ek0 = scrut.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -699,8 +734,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -726,9 +765,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t
-      scrut2 =
-        gcm256_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -744,7 +781,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     else
     {
@@ -757,9 +794,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
-      uint64_t
-      scrut2 =
-        gcm256_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -775,12 +810,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
       inout_b,
       (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    r = EverCrypt_Error_Success;
+    KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
   #else
@@ -805,6 +840,15 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -816,23 +860,21 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    uint64_t scrut0 = aes128_key_expansion(k, keys_b0);
-    uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
-    EverCrypt_Error_error_code r;
     if (s == NULL)
     {
-      r = EverCrypt_Error_InvalidKey;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
     else if (iv_len == (uint32_t)0U)
     {
-      r = EverCrypt_Error_InvalidIVLength;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
-      EverCrypt_AEAD_state_s scrut = *s;
-      uint8_t *ek0 = scrut.ek;
+      uint8_t *ek0 = (*s).ek;
       uint8_t *scratch_b = ek0 + (uint32_t)304U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
@@ -842,8 +884,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
       uint32_t bytes_len = len * (uint32_t)16U;
       uint8_t *iv_b = iv;
       memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+          (uint64_t)iv_len,
+          (uint64_t)len,
+          tmp_iv,
+          tmp_iv,
+          hkeys_b));
       uint8_t *inout_b = scratch_b;
       uint8_t *abytes_b = scratch_b + (uint32_t)16U;
       uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -869,9 +915,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128x6_ = len128x6 / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm128_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -887,7 +931,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       else
       {
@@ -900,9 +944,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
         uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm128_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -918,12 +960,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
         inout_b,
         (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      r = EverCrypt_Error_Success;
+      KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
   }
@@ -946,6 +988,15 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -957,23 +1008,21 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    uint64_t scrut0 = aes256_key_expansion(k, keys_b0);
-    uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
-    EverCrypt_Error_error_code r;
     if (s == NULL)
     {
-      r = EverCrypt_Error_InvalidKey;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
     else if (iv_len == (uint32_t)0U)
     {
-      r = EverCrypt_Error_InvalidIVLength;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
-      EverCrypt_AEAD_state_s scrut = *s;
-      uint8_t *ek0 = scrut.ek;
+      uint8_t *ek0 = (*s).ek;
       uint8_t *scratch_b = ek0 + (uint32_t)368U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
@@ -983,8 +1032,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
       uint32_t bytes_len = len * (uint32_t)16U;
       uint8_t *iv_b = iv;
       memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+          (uint64_t)iv_len,
+          (uint64_t)len,
+          tmp_iv,
+          tmp_iv,
+          hkeys_b));
       uint8_t *inout_b = scratch_b;
       uint8_t *abytes_b = scratch_b + (uint32_t)16U;
       uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1010,9 +1063,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128x6_ = len128x6 / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm256_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -1028,7 +1079,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       else
       {
@@ -1041,9 +1092,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
         uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm256_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -1059,12 +1108,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
         inout_b,
         (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      r = EverCrypt_Error_Success;
+      KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
   }
@@ -1087,12 +1136,12 @@ EverCrypt_AEAD_encrypt_expand_chacha20_poly1305(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(iv_len);
   uint8_t ek[32U] = { 0U };
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek };
   memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek0 = scrut.ek;
+  uint8_t *ek0 = (*s).ek;
   EverCrypt_Chacha20Poly1305_aead_encrypt(ek0, iv, ad_len, ad, plain_len, plain, cipher, tag);
   return EverCrypt_Error_Success;
 }
@@ -1173,6 +1222,15 @@ decrypt_aes128_gcm(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(s);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
@@ -1182,8 +1240,7 @@ decrypt_aes128_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -1193,8 +1250,12 @@ decrypt_aes128_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1222,7 +1283,7 @@ decrypt_aes128_gcm(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1240,7 +1301,6 @@ decrypt_aes128_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   else
@@ -1255,7 +1315,7 @@ decrypt_aes128_gcm(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1273,7 +1333,6 @@ decrypt_aes128_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1307,6 +1366,15 @@ decrypt_aes256_gcm(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(s);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
@@ -1316,8 +1384,7 @@ decrypt_aes256_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -1327,8 +1394,12 @@ decrypt_aes256_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1356,7 +1427,7 @@ decrypt_aes256_gcm(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1374,7 +1445,6 @@ decrypt_aes256_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   else
@@ -1389,7 +1459,7 @@ decrypt_aes256_gcm(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1407,7 +1477,6 @@ decrypt_aes256_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1449,8 +1518,7 @@ decrypt_chacha20_poly1305(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint32_t
   r = EverCrypt_Chacha20Poly1305_aead_decrypt(ek, iv, ad_len, ad, cipher_len, dst, cipher, tag);
   if (r == (uint32_t)0U)
@@ -1508,8 +1576,7 @@ EverCrypt_AEAD_decrypt(
   {
     return EverCrypt_Error_InvalidKey;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  Spec_Cipher_Expansion_impl i = scrut.impl;
+  Spec_Cipher_Expansion_impl i = (*s).impl;
   switch (i)
   {
     case Spec_Cipher_Expansion_Vale_AES128:
@@ -1553,12 +1620,21 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  uint64_t scrut = aes128_key_expansion(k, keys_b0);
-  uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
@@ -1569,8 +1645,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut1 = *s;
-  uint8_t *ek0 = scrut1.ek;
+  uint8_t *ek0 = (*s).ek;
   uint8_t *scratch_b = ek0 + (uint32_t)304U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
@@ -1580,8 +1655,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1609,7 +1688,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1627,7 +1706,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   else
@@ -1642,7 +1720,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1660,7 +1738,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1702,12 +1779,21 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  uint64_t scrut = aes256_key_expansion(k, keys_b0);
-  uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
@@ -1718,8 +1804,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut1 = *s;
-  uint8_t *ek0 = scrut1.ek;
+  uint8_t *ek0 = (*s).ek;
   uint8_t *scratch_b = ek0 + (uint32_t)368U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
@@ -1729,8 +1814,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1758,7 +1847,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1776,7 +1865,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   else
@@ -1791,7 +1879,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1809,7 +1897,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1843,6 +1930,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -1854,8 +1950,8 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    uint64_t scrut = aes128_key_expansion(k, keys_b0);
-    uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
@@ -1866,8 +1962,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     {
       return EverCrypt_Error_InvalidIVLength;
     }
-    EverCrypt_AEAD_state_s scrut1 = *s;
-    uint8_t *ek0 = scrut1.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -1877,8 +1972,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1906,7 +2005,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t
-      scrut2 =
+      c0 =
         gcm128_decrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
@@ -1924,7 +2023,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
           (uint64_t)cipher_len,
           scratch_b1,
           tag);
-      uint64_t c0 = scrut2;
       c = c0;
     }
     else
@@ -1939,7 +2037,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      scrut2 =
+      c0 =
         gcm128_decrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
@@ -1957,7 +2055,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
           (uint64_t)cipher_len,
           scratch_b1,
           tag);
-      uint64_t c0 = scrut2;
       c = c0;
     }
     memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1989,6 +2086,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -2000,8 +2106,8 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    uint64_t scrut = aes256_key_expansion(k, keys_b0);
-    uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
@@ -2012,8 +2118,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     {
       return EverCrypt_Error_InvalidIVLength;
     }
-    EverCrypt_AEAD_state_s scrut1 = *s;
-    uint8_t *ek0 = scrut1.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -2023,8 +2128,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -2052,7 +2161,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t
-      scrut2 =
+      c0 =
         gcm256_decrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
@@ -2070,7 +2179,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
           (uint64_t)cipher_len,
           scratch_b1,
           tag);
-      uint64_t c0 = scrut2;
       c = c0;
     }
     else
@@ -2085,7 +2193,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      scrut2 =
+      c0 =
         gcm256_decrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
@@ -2103,7 +2211,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
           (uint64_t)cipher_len,
           scratch_b1,
           tag);
-      uint64_t c0 = scrut2;
       c = c0;
     }
     memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -2214,8 +2321,7 @@ Cleanup and free the AEAD state.
 */
 void EverCrypt_AEAD_free(EverCrypt_AEAD_state_s *s)
 {
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   KRML_HOST_FREE(ek);
   KRML_HOST_FREE(s);
 }
diff --git a/src/EverCrypt_AutoConfig2.c b/src/EverCrypt_AutoConfig2.c
index fe93ef8a..b549d020 100644
--- a/src/EverCrypt_AutoConfig2.c
+++ b/src/EverCrypt_AutoConfig2.c
@@ -113,75 +113,59 @@ void EverCrypt_AutoConfig2_recall(void)
 void EverCrypt_AutoConfig2_init(void)
 {
   #if HACL_CAN_COMPILE_VALE
-  uint64_t scrut = check_aesni();
-  if (scrut != (uint64_t)0U)
+  if (check_aesni() != (uint64_t)0U)
   {
     cpu_has_aesni[0U] = true;
     cpu_has_pclmulqdq[0U] = true;
   }
-  uint64_t scrut0 = check_sha();
-  if (scrut0 != (uint64_t)0U)
+  if (check_sha() != (uint64_t)0U)
   {
     cpu_has_shaext[0U] = true;
   }
-  uint64_t scrut1 = check_adx_bmi2();
-  if (scrut1 != (uint64_t)0U)
+  if (check_adx_bmi2() != (uint64_t)0U)
   {
     cpu_has_bmi2[0U] = true;
     cpu_has_adx[0U] = true;
   }
-  uint64_t scrut2 = check_avx();
-  if (scrut2 != (uint64_t)0U)
+  if (check_avx() != (uint64_t)0U)
   {
-    uint64_t scrut3 = check_osxsave();
-    if (scrut3 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut4 = check_avx_xcr0();
-      if (scrut4 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
         cpu_has_avx[0U] = true;
       }
     }
   }
-  uint64_t scrut3 = check_avx2();
-  if (scrut3 != (uint64_t)0U)
+  if (check_avx2() != (uint64_t)0U)
   {
-    uint64_t scrut4 = check_osxsave();
-    if (scrut4 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut5 = check_avx_xcr0();
-      if (scrut5 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
         cpu_has_avx2[0U] = true;
       }
     }
   }
-  uint64_t scrut4 = check_sse();
-  if (scrut4 != (uint64_t)0U)
+  if (check_sse() != (uint64_t)0U)
   {
     cpu_has_sse[0U] = true;
   }
-  uint64_t scrut5 = check_movbe();
-  if (scrut5 != (uint64_t)0U)
+  if (check_movbe() != (uint64_t)0U)
   {
     cpu_has_movbe[0U] = true;
   }
-  uint64_t scrut6 = check_rdrand();
-  if (scrut6 != (uint64_t)0U)
+  if (check_rdrand() != (uint64_t)0U)
   {
     cpu_has_rdrand[0U] = true;
   }
-  uint64_t scrut7 = check_avx512();
-  if (scrut7 != (uint64_t)0U)
+  if (check_avx512() != (uint64_t)0U)
   {
-    uint64_t scrut8 = check_osxsave();
-    if (scrut8 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut9 = check_avx_xcr0();
-      if (scrut9 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
-        uint64_t scrut10 = check_avx512_xcr0();
-        if (scrut10 != (uint64_t)0U)
+        if (check_avx512_xcr0() != (uint64_t)0U)
         {
           cpu_has_avx512[0U] = true;
           return;
diff --git a/src/EverCrypt_DRBG.c b/src/EverCrypt_DRBG.c
index f21313e9..13e517e5 100644
--- a/src/EverCrypt_DRBG.c
+++ b/src/EverCrypt_DRBG.c
@@ -92,6 +92,7 @@ EverCrypt_DRBG_uu___is_SHA1_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA1_s)
   {
     return true;
@@ -105,6 +106,7 @@ EverCrypt_DRBG_uu___is_SHA2_256_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_256_s)
   {
     return true;
@@ -118,6 +120,7 @@ EverCrypt_DRBG_uu___is_SHA2_384_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_384_s)
   {
     return true;
@@ -131,6 +134,7 @@ EverCrypt_DRBG_uu___is_SHA2_512_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_512_s)
   {
     return true;
diff --git a/src/EverCrypt_Hash.c b/src/EverCrypt_Hash.c
index 914a105f..b88df9e2 100644
--- a/src/EverCrypt_Hash.c
+++ b/src/EverCrypt_Hash.c
@@ -399,7 +399,7 @@ void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
   if (has_shaext && has_sse)
   {
     uint64_t n1 = (uint64_t)n;
-    uint64_t scrut = sha256_update(s, blocks, n1, k224_256);
+    KRML_HOST_IGNORE(sha256_update(s, blocks, n1, k224_256));
     return;
   }
   Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
@@ -2156,8 +2156,7 @@ Perform a run-time test to determine which algorithm was chosen for the given pi
 Spec_Hash_Definitions_hash_alg
 EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *s;
-  EverCrypt_Hash_state_s *block_state = scrut.block_state;
+  EverCrypt_Hash_state_s *block_state = (*s).block_state;
   return alg_of_state(block_state);
 }
 
diff --git a/src/EverCrypt_Poly1305.c b/src/EverCrypt_Poly1305.c
index 717b9527..454c0fce 100644
--- a/src/EverCrypt_Poly1305.c
+++ b/src/EverCrypt_Poly1305.c
@@ -28,8 +28,13 @@
 #include "internal/Vale.h"
 #include "config.h"
 
-static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key)
+KRML_MAYBE_UNUSED static void
+poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key)
 {
+  KRML_HOST_IGNORE(dst);
+  KRML_HOST_IGNORE(src);
+  KRML_HOST_IGNORE(len);
+  KRML_HOST_IGNORE(key);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ctx[192U] = { 0U };
   memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
@@ -38,19 +43,16 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key
   uint8_t tmp[16U] = { 0U };
   if (n_extra == (uint32_t)0U)
   {
-    uint64_t scrut = x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U);
-    KRML_HOST_IGNORE((void *)(uint8_t)0U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U));
   }
   else
   {
     uint32_t len16 = n_blocks * (uint32_t)16U;
     uint8_t *src16 = src;
     memcpy(tmp, src + len16, n_extra * sizeof (uint8_t));
-    uint64_t scrut = x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U);
-    KRML_HOST_IGNORE((void *)(uint8_t)0U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U));
     memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
-    uint64_t scrut0 = x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U);
-    KRML_HOST_IGNORE((void *)(uint8_t)0U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U));
   }
   memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t));
   #endif
diff --git a/src/Hacl_Chacha20_Vec128.c b/src/Hacl_Chacha20_Vec128.c
index ed112654..1e0c4ec1 100644
--- a/src/Hacl_Chacha20_Vec128.c
+++ b/src/Hacl_Chacha20_Vec128.c
@@ -370,9 +370,8 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)256U;
-    uint8_t *uu____3 = text + nb * (uint32_t)256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -676,9 +675,8 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)256U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
diff --git a/src/Hacl_Chacha20_Vec256.c b/src/Hacl_Chacha20_Vec256.c
index 2df300b6..620f5040 100644
--- a/src/Hacl_Chacha20_Vec256.c
+++ b/src/Hacl_Chacha20_Vec256.c
@@ -470,9 +470,8 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)512U;
-    uint8_t *uu____3 = text + nb * (uint32_t)512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -968,9 +967,8 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)512U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
diff --git a/src/Hacl_Chacha20_Vec32.c b/src/Hacl_Chacha20_Vec32.c
index 6f137f39..2bf4764c 100644
--- a/src/Hacl_Chacha20_Vec32.c
+++ b/src/Hacl_Chacha20_Vec32.c
@@ -229,9 +229,8 @@ Hacl_Chacha20_Vec32_chacha20_encrypt_32(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = text + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
@@ -279,9 +278,8 @@ Hacl_Chacha20_Vec32_chacha20_decrypt_32(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
diff --git a/src/Hacl_Curve25519_64.c b/src/Hacl_Curve25519_64.c
index 526fbd22..fb0974fe 100644
--- a/src/Hacl_Curve25519_64.c
+++ b/src/Hacl_Curve25519_64.c
@@ -35,7 +35,7 @@ static inline void add_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   add_scalar(out, f1, f2);
   #else
-  uint64_t uu____0 = add_scalar_e(out, f1, f2);
+  KRML_HOST_IGNORE(add_scalar_e(out, f1, f2));
   #endif
 }
 
@@ -44,7 +44,7 @@ static inline void fadd0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fadd(out, f1, f2);
   #else
-  uint64_t uu____0 = fadd_e(out, f1, f2);
+  KRML_HOST_IGNORE(fadd_e(out, f1, f2));
   #endif
 }
 
@@ -53,7 +53,7 @@ static inline void fsub0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsub(out, f1, f2);
   #else
-  uint64_t uu____0 = fsub_e(out, f1, f2);
+  KRML_HOST_IGNORE(fsub_e(out, f1, f2));
   #endif
 }
 
@@ -62,7 +62,7 @@ static inline void fmul0(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *tm
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul(out, f1, f2, tmp);
   #else
-  uint64_t uu____0 = fmul_e(tmp, f1, out, f2);
+  KRML_HOST_IGNORE(fmul_e(tmp, f1, out, f2));
   #endif
 }
 
@@ -71,7 +71,7 @@ static inline void fmul20(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *t
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul2(out, f1, f2, tmp);
   #else
-  uint64_t uu____0 = fmul2_e(tmp, f1, out, f2);
+  KRML_HOST_IGNORE(fmul2_e(tmp, f1, out, f2));
   #endif
 }
 
@@ -80,7 +80,7 @@ static inline void fmul_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul_scalar(out, f1, f2);
   #else
-  uint64_t uu____0 = fmul_scalar_e(out, f1, f2);
+  KRML_HOST_IGNORE(fmul_scalar_e(out, f1, f2));
   #endif
 }
 
@@ -89,7 +89,7 @@ static inline void fsqr0(uint64_t *out, uint64_t *f1, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr(out, f1, tmp);
   #else
-  uint64_t uu____0 = fsqr_e(tmp, f1, out);
+  KRML_HOST_IGNORE(fsqr_e(tmp, f1, out));
   #endif
 }
 
@@ -98,7 +98,7 @@ static inline void fsqr20(uint64_t *out, uint64_t *f, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr2(out, f, tmp);
   #else
-  uint64_t uu____0 = fsqr2_e(tmp, f, out);
+  KRML_HOST_IGNORE(fsqr2_e(tmp, f, out));
   #endif
 }
 
@@ -107,7 +107,7 @@ static inline void cswap20(uint64_t bit, uint64_t *p1, uint64_t *p2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   cswap2(bit, p1, p2);
   #else
-  uint64_t uu____0 = cswap2_e(bit, p1, p2);
+  KRML_HOST_IGNORE(cswap2_e(bit, p1, p2));
   #endif
 }
 
diff --git a/src/Hacl_Ed25519.c b/src/Hacl_Ed25519.c
index 9d7c3bd4..f9881e91 100644
--- a/src/Hacl_Ed25519.c
+++ b/src/Hacl_Ed25519.c
@@ -711,65 +711,53 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 c00 = carry0;
   FStar_UInt128_uint128
   carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U);
-  uint64_t
-  t100 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00))
-    & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c10 = carry1;
   FStar_UInt128_uint128
   carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U);
-  uint64_t
-  t101 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10))
-    & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c20 = carry2;
   FStar_UInt128_uint128
   carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U);
-  uint64_t
-  t102 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20))
-    & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c30 = carry3;
   FStar_UInt128_uint128
   carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U);
   uint64_t
-  t103 =
+  t100 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c40 = carry4;
-  uint64_t t410 = t103;
+  uint64_t t410 = t100;
   FStar_UInt128_uint128
   carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), (uint32_t)56U);
   uint64_t
-  t104 =
+  t101 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c5 = carry5;
-  uint64_t t51 = t104;
+  uint64_t t51 = t101;
   FStar_UInt128_uint128
   carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), (uint32_t)56U);
   uint64_t
-  t105 =
+  t102 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c6 = carry6;
-  uint64_t t61 = t105;
+  uint64_t t61 = t102;
   FStar_UInt128_uint128
   carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), (uint32_t)56U);
   uint64_t
-  t106 =
+  t103 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c7 = carry7;
-  uint64_t t71 = t106;
+  uint64_t t71 = t103;
   FStar_UInt128_uint128
   carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), (uint32_t)56U);
   uint64_t
-  t107 =
+  t104 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c8 = carry8;
-  uint64_t t81 = t107;
+  uint64_t t81 = t104;
   uint64_t t91 = FStar_UInt128_uint128_to_uint64(c8);
   uint64_t qmu4_ = t410;
   uint64_t qmu5_ = t51;
@@ -818,19 +806,19 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 xy31 = FStar_UInt128_mul_wide(qdiv3, m1);
   FStar_UInt128_uint128 xy40 = FStar_UInt128_mul_wide(qdiv4, m0);
   FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, (uint32_t)56U);
-  uint64_t t108 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
+  uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c0 = carry9;
-  uint64_t t010 = t108;
+  uint64_t t010 = t105;
   FStar_UInt128_uint128
   carry10 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0),
       (uint32_t)56U);
   uint64_t
-  t109 =
+  t106 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c11 = carry10;
-  uint64_t t110 = t109;
+  uint64_t t110 = t106;
   FStar_UInt128_uint128
   carry11 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
@@ -839,14 +827,14 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c11),
       (uint32_t)56U);
   uint64_t
-  t1010 =
+  t107 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
             xy11),
           xy20),
         c11))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c21 = carry11;
-  uint64_t t210 = t1010;
+  uint64_t t210 = t107;
   FStar_UInt128_uint128
   carry =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
@@ -856,7 +844,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c21),
       (uint32_t)56U);
   uint64_t
-  t1011 =
+  t108 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
               xy12),
             xy21),
@@ -864,7 +852,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c21))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c31 = carry;
-  uint64_t t310 = t1011;
+  uint64_t t310 = t108;
   uint64_t
   t411 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy04,
@@ -880,24 +868,24 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t qmul3 = t310;
   uint64_t qmul4 = t411;
   uint64_t b5 = (r0 - qmul0) >> (uint32_t)63U;
-  uint64_t t1012 = (b5 << (uint32_t)56U) + r0 - qmul0;
+  uint64_t t109 = (b5 << (uint32_t)56U) + r0 - qmul0;
   uint64_t c1 = b5;
-  uint64_t t011 = t1012;
+  uint64_t t011 = t109;
   uint64_t b6 = (r1 - (qmul1 + c1)) >> (uint32_t)63U;
-  uint64_t t1013 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
+  uint64_t t1010 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
   uint64_t c2 = b6;
-  uint64_t t111 = t1013;
+  uint64_t t111 = t1010;
   uint64_t b7 = (r2 - (qmul2 + c2)) >> (uint32_t)63U;
-  uint64_t t1014 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
+  uint64_t t1011 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
   uint64_t c3 = b7;
-  uint64_t t211 = t1014;
+  uint64_t t211 = t1011;
   uint64_t b8 = (r3 - (qmul3 + c3)) >> (uint32_t)63U;
-  uint64_t t1015 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
+  uint64_t t1012 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
   uint64_t c4 = b8;
-  uint64_t t311 = t1015;
+  uint64_t t311 = t1012;
   uint64_t b9 = (r4 - (qmul4 + c4)) >> (uint32_t)63U;
-  uint64_t t1016 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
-  uint64_t t412 = t1016;
+  uint64_t t1013 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
+  uint64_t t412 = t1013;
   uint64_t s0 = t011;
   uint64_t s1 = t111;
   uint64_t s2 = t211;
@@ -914,21 +902,21 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t y3 = m31;
   uint64_t y4 = m41;
   uint64_t b10 = (s0 - y0) >> (uint32_t)63U;
-  uint64_t t1017 = (b10 << (uint32_t)56U) + s0 - y0;
+  uint64_t t1014 = (b10 << (uint32_t)56U) + s0 - y0;
   uint64_t b0 = b10;
-  uint64_t t01 = t1017;
+  uint64_t t01 = t1014;
   uint64_t b11 = (s1 - (y1 + b0)) >> (uint32_t)63U;
-  uint64_t t1018 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
+  uint64_t t1015 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
   uint64_t b1 = b11;
-  uint64_t t11 = t1018;
+  uint64_t t11 = t1015;
   uint64_t b12 = (s2 - (y2 + b1)) >> (uint32_t)63U;
-  uint64_t t1019 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
+  uint64_t t1016 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
   uint64_t b2 = b12;
-  uint64_t t21 = t1019;
+  uint64_t t21 = t1016;
   uint64_t b13 = (s3 - (y3 + b2)) >> (uint32_t)63U;
-  uint64_t t1020 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
+  uint64_t t1017 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
   uint64_t b3 = b13;
-  uint64_t t31 = t1020;
+  uint64_t t31 = t1017;
   uint64_t b = (s4 - (y4 + b3)) >> (uint32_t)63U;
   uint64_t t10 = (b << (uint32_t)56U) + s4 - (y4 + b3);
   uint64_t b4 = b;
diff --git a/src/Hacl_FFDHE.c b/src/Hacl_FFDHE.c
index 78aaaab6..9cf2ddfb 100644
--- a/src/Hacl_FFDHE.c
+++ b/src/Hacl_FFDHE.c
@@ -127,7 +127,6 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui
   memset(p_n1, 0U, nLen * sizeof (uint64_t));
   uint64_t
   c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, p_n[0U], (uint64_t)1U, p_n1);
-  uint64_t c1;
   if ((uint32_t)1U < nLen)
   {
     uint64_t *a1 = p_n + (uint32_t)1U;
@@ -159,12 +158,12 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui
       uint64_t *res_i = res1 + i;
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
     }
-    uint64_t c10 = c;
-    c1 = c10;
+    uint64_t c1 = c;
+    KRML_HOST_IGNORE(c1);
   }
   else
   {
-    c1 = c0;
+    KRML_HOST_IGNORE(c0);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t b2[nLen];
diff --git a/src/Hacl_Frodo_KEM.c b/src/Hacl_Frodo_KEM.c
index 13db363a..4265ac0e 100644
--- a/src/Hacl_Frodo_KEM.c
+++ b/src/Hacl_Frodo_KEM.c
@@ -30,6 +30,6 @@
 
 void randombytes_(uint32_t len, uint8_t *res)
 {
-  bool b = Lib_RandomBuffer_System_randombytes(res, len);
+  KRML_HOST_IGNORE(Lib_RandomBuffer_System_randombytes(res, len));
 }
 
diff --git a/src/Hacl_HMAC_DRBG.c b/src/Hacl_HMAC_DRBG.c
index 181a8ef4..0a09aaed 100644
--- a/src/Hacl_HMAC_DRBG.c
+++ b/src/Hacl_HMAC_DRBG.c
@@ -71,6 +71,8 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
 bool
 Hacl_HMAC_DRBG_uu___is_State(Spec_Hash_Definitions_hash_alg a, Hacl_HMAC_DRBG_state projectee)
 {
+  KRML_HOST_IGNORE(a);
+  KRML_HOST_IGNORE(projectee);
   return true;
 }
 
@@ -1084,6 +1086,7 @@ Hacl_HMAC_DRBG_generate(
 
 void Hacl_HMAC_DRBG_free(Spec_Hash_Definitions_hash_alg uu___, Hacl_HMAC_DRBG_state s)
 {
+  KRML_HOST_IGNORE(uu___);
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
diff --git a/src/Hacl_Hash_Blake2.c b/src/Hacl_Hash_Blake2.c
index 194e7157..aecc6165 100644
--- a/src/Hacl_Hash_Blake2.c
+++ b/src/Hacl_Hash_Blake2.c
@@ -545,6 +545,7 @@ Hacl_Blake2b_32_blake2b_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     FStar_UInt128_uint128
@@ -1192,6 +1193,7 @@ Hacl_Blake2s_32_blake2s_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
diff --git a/src/Hacl_Hash_Blake2b_256.c b/src/Hacl_Hash_Blake2b_256.c
index d0df7cd8..b37ffc5f 100644
--- a/src/Hacl_Hash_Blake2b_256.c
+++ b/src/Hacl_Hash_Blake2b_256.c
@@ -268,6 +268,7 @@ Hacl_Blake2b_256_blake2b_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     FStar_UInt128_uint128
diff --git a/src/Hacl_Hash_Blake2s_128.c b/src/Hacl_Hash_Blake2s_128.c
index 5bf06711..86c4f030 100644
--- a/src/Hacl_Hash_Blake2s_128.c
+++ b/src/Hacl_Hash_Blake2s_128.c
@@ -268,6 +268,7 @@ Hacl_Blake2s_128_blake2s_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
diff --git a/src/Hacl_Hash_MD5.c b/src/Hacl_Hash_MD5.c
index 1b376960..222ac824 100644
--- a/src/Hacl_Hash_MD5.c
+++ b/src/Hacl_Hash_MD5.c
@@ -1218,7 +1218,6 @@ void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Hash_Core_MD5_legacy_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Hash_SHA1.c b/src/Hacl_Hash_SHA1.c
index 80edc004..5ecb3c0b 100644
--- a/src/Hacl_Hash_SHA1.c
+++ b/src/Hacl_Hash_SHA1.c
@@ -254,7 +254,6 @@ void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Hash_Core_SHA1_legacy_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Hash_SHA2.c b/src/Hacl_Hash_SHA2.c
index 46fde83f..c93c3616 100644
--- a/src/Hacl_Hash_SHA2.c
+++ b/src/Hacl_Hash_SHA2.c
@@ -537,7 +537,6 @@ void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha256_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -836,7 +835,6 @@ void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha224_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -962,7 +960,6 @@ void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s)
   Hacl_Streaming_MD_state_64 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -1262,7 +1259,6 @@ void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s)
   Hacl_Streaming_MD_state_64 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha384_init(block_state);
   Hacl_Streaming_MD_state_64
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Hash_SHA3.c b/src/Hacl_Hash_SHA3.c
index 5f4707f4..19d13b1b 100644
--- a/src/Hacl_Hash_SHA3.c
+++ b/src/Hacl_Hash_SHA3.c
@@ -125,10 +125,9 @@ Hacl_Hash_SHA3_update_last_sha3(
   if (input_len == len)
   {
     Hacl_Impl_SHA3_absorb_inner(len, input, s);
-    uint8_t *uu____0 = input + input_len;
     uint8_t lastBlock_[200U] = { 0U };
     uint8_t *lastBlock = lastBlock_;
-    memcpy(lastBlock, uu____0, (uint32_t)0U * sizeof (uint8_t));
+    memcpy(lastBlock, input + input_len, (uint32_t)0U * sizeof (uint8_t));
     lastBlock[0U] = suffix;
     Hacl_Impl_SHA3_loadState(len, lastBlock, s);
     if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && (uint32_t)0U == len - (uint32_t)1U)
@@ -167,8 +166,7 @@ hash_buf2;
 
 Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s)
 {
-  Hacl_Streaming_Keccak_state scrut = *s;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Hacl_Streaming_Keccak_hash_buf block_state = (*s).block_state;
   return block_state.fst;
 }
 
@@ -809,6 +807,7 @@ Hacl_Impl_SHA3_keccak(
   uint8_t *output
 )
 {
+  KRML_HOST_IGNORE(capacity);
   uint32_t rateInBytes = rate / (uint32_t)8U;
   uint64_t s[25U] = { 0U };
   absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix);
diff --git a/src/Hacl_K256_ECDSA.c b/src/Hacl_K256_ECDSA.c
index fb53f3fd..2ffc1060 100644
--- a/src/Hacl_K256_ECDSA.c
+++ b/src/Hacl_K256_ECDSA.c
@@ -498,7 +498,7 @@ mul_pow2_256_minus_q_add(
     uint64_t r = c;
     tmp[len + i0] = r;);
   memcpy(res + (uint32_t)2U, a, len * sizeof (uint64_t));
-  uint64_t uu____0 = bn_add(resLen, res, len + (uint32_t)2U, tmp, res);
+  KRML_HOST_IGNORE(bn_add(resLen, res, len + (uint32_t)2U, tmp, res));
   uint64_t c = bn_add(resLen, res, (uint32_t)4U, e, res);
   return c;
 }
@@ -514,15 +514,23 @@ static inline void modq(uint64_t *out, uint64_t *a)
   uint64_t *t01 = tmp;
   uint64_t m[7U] = { 0U };
   uint64_t p[5U] = { 0U };
-  uint64_t
-  c0 = mul_pow2_256_minus_q_add((uint32_t)4U, (uint32_t)7U, t01, a + (uint32_t)4U, a, m);
-  uint64_t
-  c10 = mul_pow2_256_minus_q_add((uint32_t)3U, (uint32_t)5U, t01, m + (uint32_t)4U, m, p);
+  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)4U,
+      (uint32_t)7U,
+      t01,
+      a + (uint32_t)4U,
+      a,
+      m));
+  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)3U,
+      (uint32_t)5U,
+      t01,
+      m + (uint32_t)4U,
+      m,
+      p));
   uint64_t
   c2 = mul_pow2_256_minus_q_add((uint32_t)1U, (uint32_t)4U, t01, p + (uint32_t)4U, p, r);
-  uint64_t c00 = c2;
+  uint64_t c0 = c2;
   uint64_t c1 = add4(r, tmp, out);
-  uint64_t mask = (uint64_t)0U - (c00 + c1);
+  uint64_t mask = (uint64_t)0U - (c0 + c1);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -612,7 +620,7 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
     uint64_t *res_i = res1 + i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
-  uint64_t uu____0 = c1;
+  KRML_HOST_IGNORE(c1);
   uint64_t flag = l[5U] >> (uint32_t)63U;
   uint64_t mask = (uint64_t)0U - flag;
   KRML_MAYBE_FOR4(i,
@@ -1223,6 +1231,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)118285133003718U, (uint64_t)434519962075150U, (uint64_t)1114612377498854U,
       (uint64_t)3488596944003813U, (uint64_t)450716531072892U, (uint64_t)66044973203836U
     };
+  KRML_HOST_IGNORE(q2);
   uint64_t
   q3[15U] =
     {
@@ -1232,6 +1241,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)265969268774814U, (uint64_t)1913228635640715U, (uint64_t)2831959046949342U,
       (uint64_t)888030405442963U, (uint64_t)1817092932985033U, (uint64_t)101515844997121U
     };
+  KRML_HOST_IGNORE(q3);
   uint64_t
   q4[15U] =
     {
@@ -1241,6 +1251,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)12245672982162U, (uint64_t)2119364213800870U, (uint64_t)2034960311715107U,
       (uint64_t)3172697815804487U, (uint64_t)4185144850224160U, (uint64_t)2792055915674U
     };
+  KRML_HOST_IGNORE(q4);
   uint64_t *r1 = scalar;
   uint64_t *r2 = scalar + (uint32_t)1U;
   uint64_t *r3 = scalar + (uint32_t)2U;
@@ -1605,6 +1616,7 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(
 )
 {
   uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  KRML_HOST_IGNORE(oneq);
   uint64_t rsdk_q[16U] = { 0U };
   uint64_t *r_q = rsdk_q;
   uint64_t *s_q = rsdk_q + (uint32_t)4U;
diff --git a/src/Hacl_RSAPSS.c b/src/Hacl_RSAPSS.c
index 19d4e5b4..ceb9a6f0 100644
--- a/src/Hacl_RSAPSS.c
+++ b/src/Hacl_RSAPSS.c
@@ -404,9 +404,9 @@ load_skey(
 Sign a message `msg` and write the signature to `sgnt`.
 
 @param a Hash algorithm to use. Allowed values for `a` are ...
-  * Spec_Hash_Definitions_SHA2_256,
-  * Spec_Hash_Definitions_SHA2_384, and
-  * Spec_Hash_Definitions_SHA2_512.
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
@@ -518,7 +518,10 @@ Hacl_RSAPSS_rsapss_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.
@@ -637,10 +640,10 @@ Load a public key from key parts.
 
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 
-@return Returns an allocated public key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb)
@@ -707,11 +710,11 @@ Load a secret key from key parts.
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 
-@return Returns an allocated secret key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_skey(
@@ -804,13 +807,16 @@ uint64_t
 /**
 Sign a message `msg` and write the signature to `sgnt`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param salt Pointer to `saltLen` bytes where the salt is read from.
 @param msgLen Length of message.
@@ -873,11 +879,14 @@ Hacl_RSAPSS_rsapss_skey_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param sgntLen Length of signature.
 @param sgnt Pointer to `sgntLen` bytes where the signature is read from.
diff --git a/src/Hacl_Salsa20.c b/src/Hacl_Salsa20.c
index e157d5ef..2758f8a4 100644
--- a/src/Hacl_Salsa20.c
+++ b/src/Hacl_Salsa20.c
@@ -181,6 +181,7 @@ salsa20_encrypt(
   memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
   ctx[15U] = (uint32_t)0x6b206574U;
   uint32_t k[16U] = { 0U };
+  KRML_HOST_IGNORE(k);
   uint32_t rem = len % (uint32_t)64U;
   uint32_t nb = len / (uint32_t)64U;
   uint32_t rem1 = len % (uint32_t)64U;
@@ -217,9 +218,8 @@ salsa20_encrypt(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = text + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
@@ -294,6 +294,7 @@ salsa20_decrypt(
   memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
   ctx[15U] = (uint32_t)0x6b206574U;
   uint32_t k[16U] = { 0U };
+  KRML_HOST_IGNORE(k);
   uint32_t rem = len % (uint32_t)64U;
   uint32_t nb = len / (uint32_t)64U;
   uint32_t rem1 = len % (uint32_t)64U;
@@ -330,9 +331,8 @@ salsa20_decrypt(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
diff --git a/src/Hacl_Streaming_Blake2.c b/src/Hacl_Streaming_Blake2.c
index 4faa859e..948d56c2 100644
--- a/src/Hacl_Streaming_Blake2.c
+++ b/src/Hacl_Streaming_Blake2.c
@@ -54,7 +54,6 @@ void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_
   Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
   Hacl_Streaming_Blake2_blake2s_32_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -354,7 +353,6 @@ void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_
   Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
   Hacl_Streaming_Blake2_blake2b_32_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Streaming_Blake2b_256.c b/src/Hacl_Streaming_Blake2b_256.c
index d2df234a..bdb5433f 100644
--- a/src/Hacl_Streaming_Blake2b_256.c
+++ b/src/Hacl_Streaming_Blake2b_256.c
@@ -66,7 +66,6 @@ Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(
   Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
   Hacl_Streaming_Blake2b_256_blake2b_256_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Streaming_Blake2s_128.c b/src/Hacl_Streaming_Blake2s_128.c
index eaace7ce..f97bf5d0 100644
--- a/src/Hacl_Streaming_Blake2s_128.c
+++ b/src/Hacl_Streaming_Blake2s_128.c
@@ -66,7 +66,6 @@ Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(
   Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
   Hacl_Streaming_Blake2s_128_blake2s_128_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/Hacl_Streaming_Poly1305_128.c b/src/Hacl_Streaming_Poly1305_128.c
index c752cfb0..c3f7c19a 100644
--- a/src/Hacl_Streaming_Poly1305_128.c
+++ b/src/Hacl_Streaming_Poly1305_128.c
@@ -58,7 +58,6 @@ Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly130
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_128_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
@@ -312,7 +311,7 @@ Hacl_Streaming_Poly1305_128_finish(
   {
     ite1 = r % (uint32_t)16U;
   }
-  uint64_t prev_len_last = total_len - (uint64_t)ite1;
+  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
   uint32_t ite2;
   if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
   {
diff --git a/src/Hacl_Streaming_Poly1305_256.c b/src/Hacl_Streaming_Poly1305_256.c
index c1915ed9..e56275a4 100644
--- a/src/Hacl_Streaming_Poly1305_256.c
+++ b/src/Hacl_Streaming_Poly1305_256.c
@@ -58,7 +58,6 @@ Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly130
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_256_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
@@ -312,7 +311,7 @@ Hacl_Streaming_Poly1305_256_finish(
   {
     ite1 = r % (uint32_t)16U;
   }
-  uint64_t prev_len_last = total_len - (uint64_t)ite1;
+  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
   uint32_t ite2;
   if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
   {
diff --git a/src/Hacl_Streaming_Poly1305_32.c b/src/Hacl_Streaming_Poly1305_32.c
index 89852727..249a622f 100644
--- a/src/Hacl_Streaming_Poly1305_32.c
+++ b/src/Hacl_Streaming_Poly1305_32.c
@@ -53,7 +53,6 @@ Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_32_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
diff --git a/src/msvc/EverCrypt_AEAD.c b/src/msvc/EverCrypt_AEAD.c
index 564dbc2e..d3a4ffbe 100644
--- a/src/msvc/EverCrypt_AEAD.c
+++ b/src/msvc/EverCrypt_AEAD.c
@@ -46,6 +46,8 @@ The state may be reused as many times as desired.
 */
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee)
 {
+  KRML_HOST_IGNORE(a);
+  KRML_HOST_IGNORE(projectee);
   return true;
 }
 
@@ -58,8 +60,7 @@ Return the algorithm used in the AEAD state.
 */
 Spec_Agile_AEAD_alg EverCrypt_AEAD_alg_of_state(EverCrypt_AEAD_state_s *s)
 {
-  EverCrypt_AEAD_state_s scrut = *s;
-  Spec_Cipher_Expansion_impl impl = scrut.impl;
+  Spec_Cipher_Expansion_impl impl = (*s).impl;
   switch (impl)
   {
     case Spec_Cipher_Expansion_Hacl_CHACHA20:
@@ -97,6 +98,8 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  KRML_HOST_IGNORE(dst);
+  KRML_HOST_IGNORE(k);
   #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
@@ -108,8 +111,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
     uint8_t *hkeys_b = ek + (uint32_t)176U;
-    uint64_t scrut = aes128_key_expansion(k, keys_b);
-    uint64_t scrut0 = aes128_keyhash_init(keys_b, hkeys_b);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b, hkeys_b));
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek });
@@ -125,6 +128,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  KRML_HOST_IGNORE(dst);
+  KRML_HOST_IGNORE(k);
   #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
@@ -136,8 +141,8 @@ create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
     uint8_t *hkeys_b = ek + (uint32_t)240U;
-    uint64_t scrut = aes256_key_expansion(k, keys_b);
-    uint64_t scrut0 = aes256_keyhash_init(keys_b, hkeys_b);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b, hkeys_b));
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek });
@@ -203,6 +208,15 @@ encrypt_aes128_gcm(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(s);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
@@ -212,8 +226,7 @@ encrypt_aes128_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -223,8 +236,12 @@ encrypt_aes128_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -250,9 +267,7 @@ encrypt_aes128_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t
-    scrut0 =
-      gcm128_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -268,7 +283,7 @@ encrypt_aes128_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   else
   {
@@ -281,9 +296,7 @@ encrypt_aes128_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
-    uint64_t
-    scrut0 =
-      gcm128_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -299,7 +312,7 @@ encrypt_aes128_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
     inout_b,
@@ -327,6 +340,15 @@ encrypt_aes256_gcm(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(s);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
@@ -336,8 +358,7 @@ encrypt_aes256_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -347,8 +368,12 @@ encrypt_aes256_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -374,9 +399,7 @@ encrypt_aes256_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t
-    scrut0 =
-      gcm256_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -392,7 +415,7 @@ encrypt_aes256_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   else
   {
@@ -405,9 +428,7 @@ encrypt_aes256_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
-    uint64_t
-    scrut0 =
-      gcm256_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -423,7 +444,7 @@ encrypt_aes256_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
     inout_b,
@@ -525,27 +546,34 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  uint64_t scrut0 = aes128_key_expansion(k, keys_b0);
-  uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_Error_error_code r;
   if (s == NULL)
   {
-    r = EverCrypt_Error_InvalidKey;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
   else if (iv_len == (uint32_t)0U)
   {
-    r = EverCrypt_Error_InvalidIVLength;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
-    EverCrypt_AEAD_state_s scrut = *s;
-    uint8_t *ek0 = scrut.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -555,8 +583,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -582,9 +614,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t
-      scrut2 =
-        gcm128_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -600,7 +630,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     else
     {
@@ -613,9 +643,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
-      uint64_t
-      scrut2 =
-        gcm128_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -631,12 +659,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
       inout_b,
       (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    r = EverCrypt_Error_Success;
+    KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
   #else
@@ -669,27 +697,34 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  uint64_t scrut0 = aes256_key_expansion(k, keys_b0);
-  uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_Error_error_code r;
   if (s == NULL)
   {
-    r = EverCrypt_Error_InvalidKey;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
   else if (iv_len == (uint32_t)0U)
   {
-    r = EverCrypt_Error_InvalidIVLength;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
-    EverCrypt_AEAD_state_s scrut = *s;
-    uint8_t *ek0 = scrut.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -699,8 +734,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -726,9 +765,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t
-      scrut2 =
-        gcm256_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -744,7 +781,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     else
     {
@@ -757,9 +794,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
-      uint64_t
-      scrut2 =
-        gcm256_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -775,12 +810,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
       inout_b,
       (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    r = EverCrypt_Error_Success;
+    KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
   #else
@@ -805,6 +840,15 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -816,23 +860,21 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    uint64_t scrut0 = aes128_key_expansion(k, keys_b0);
-    uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
-    EverCrypt_Error_error_code r;
     if (s == NULL)
     {
-      r = EverCrypt_Error_InvalidKey;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
     else if (iv_len == (uint32_t)0U)
     {
-      r = EverCrypt_Error_InvalidIVLength;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
-      EverCrypt_AEAD_state_s scrut = *s;
-      uint8_t *ek0 = scrut.ek;
+      uint8_t *ek0 = (*s).ek;
       uint8_t *scratch_b = ek0 + (uint32_t)304U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
@@ -842,8 +884,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
       uint32_t bytes_len = len * (uint32_t)16U;
       uint8_t *iv_b = iv;
       memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+          (uint64_t)iv_len,
+          (uint64_t)len,
+          tmp_iv,
+          tmp_iv,
+          hkeys_b));
       uint8_t *inout_b = scratch_b;
       uint8_t *abytes_b = scratch_b + (uint32_t)16U;
       uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -869,9 +915,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128x6_ = len128x6 / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm128_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -887,7 +931,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       else
       {
@@ -900,9 +944,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
         uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm128_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -918,12 +960,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
         inout_b,
         (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      r = EverCrypt_Error_Success;
+      KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
   }
@@ -946,6 +988,15 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(plain);
+  KRML_HOST_IGNORE(plain_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(tag);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -957,23 +1008,21 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    uint64_t scrut0 = aes256_key_expansion(k, keys_b0);
-    uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
-    EverCrypt_Error_error_code r;
     if (s == NULL)
     {
-      r = EverCrypt_Error_InvalidKey;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
     else if (iv_len == (uint32_t)0U)
     {
-      r = EverCrypt_Error_InvalidIVLength;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
-      EverCrypt_AEAD_state_s scrut = *s;
-      uint8_t *ek0 = scrut.ek;
+      uint8_t *ek0 = (*s).ek;
       uint8_t *scratch_b = ek0 + (uint32_t)368U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
@@ -983,8 +1032,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
       uint32_t bytes_len = len * (uint32_t)16U;
       uint8_t *iv_b = iv;
       memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+          (uint64_t)iv_len,
+          (uint64_t)len,
+          tmp_iv,
+          tmp_iv,
+          hkeys_b));
       uint8_t *inout_b = scratch_b;
       uint8_t *abytes_b = scratch_b + (uint32_t)16U;
       uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1010,9 +1063,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128x6_ = len128x6 / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm256_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -1028,7 +1079,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       else
       {
@@ -1041,9 +1092,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
         uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm256_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -1059,12 +1108,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
         inout_b,
         (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      r = EverCrypt_Error_Success;
+      KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
   }
@@ -1087,12 +1136,12 @@ EverCrypt_AEAD_encrypt_expand_chacha20_poly1305(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(iv_len);
   uint8_t ek[32U] = { 0U };
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek };
   memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek0 = scrut.ek;
+  uint8_t *ek0 = (*s).ek;
   EverCrypt_Chacha20Poly1305_aead_encrypt(ek0, iv, ad_len, ad, plain_len, plain, cipher, tag);
   return EverCrypt_Error_Success;
 }
@@ -1173,6 +1222,15 @@ decrypt_aes128_gcm(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(s);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
@@ -1182,8 +1240,7 @@ decrypt_aes128_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -1193,8 +1250,12 @@ decrypt_aes128_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1222,7 +1283,7 @@ decrypt_aes128_gcm(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1240,7 +1301,6 @@ decrypt_aes128_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   else
@@ -1255,7 +1315,7 @@ decrypt_aes128_gcm(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1273,7 +1333,6 @@ decrypt_aes128_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1307,6 +1366,15 @@ decrypt_aes256_gcm(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(s);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
@@ -1316,8 +1384,7 @@ decrypt_aes256_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -1327,8 +1394,12 @@ decrypt_aes256_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1356,7 +1427,7 @@ decrypt_aes256_gcm(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1374,7 +1445,6 @@ decrypt_aes256_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   else
@@ -1389,7 +1459,7 @@ decrypt_aes256_gcm(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1407,7 +1477,6 @@ decrypt_aes256_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1449,8 +1518,7 @@ decrypt_chacha20_poly1305(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint32_t
   r = EverCrypt_Chacha20Poly1305_aead_decrypt(ek, iv, ad_len, ad, cipher_len, dst, cipher, tag);
   if (r == (uint32_t)0U)
@@ -1508,8 +1576,7 @@ EverCrypt_AEAD_decrypt(
   {
     return EverCrypt_Error_InvalidKey;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  Spec_Cipher_Expansion_impl i = scrut.impl;
+  Spec_Cipher_Expansion_impl i = (*s).impl;
   switch (i)
   {
     case Spec_Cipher_Expansion_Vale_AES128:
@@ -1553,12 +1620,21 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  uint64_t scrut = aes128_key_expansion(k, keys_b0);
-  uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
@@ -1569,8 +1645,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut1 = *s;
-  uint8_t *ek0 = scrut1.ek;
+  uint8_t *ek0 = (*s).ek;
   uint8_t *scratch_b = ek0 + (uint32_t)304U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
@@ -1580,8 +1655,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1609,7 +1688,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1627,7 +1706,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   else
@@ -1642,7 +1720,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1660,7 +1738,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1702,12 +1779,21 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  uint64_t scrut = aes256_key_expansion(k, keys_b0);
-  uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
@@ -1718,8 +1804,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut1 = *s;
-  uint8_t *ek0 = scrut1.ek;
+  uint8_t *ek0 = (*s).ek;
   uint8_t *scratch_b = ek0 + (uint32_t)368U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
@@ -1729,8 +1814,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1758,7 +1847,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1776,7 +1865,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   else
@@ -1791,7 +1879,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1809,7 +1897,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1843,6 +1930,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -1854,8 +1950,8 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    uint64_t scrut = aes128_key_expansion(k, keys_b0);
-    uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
@@ -1866,8 +1962,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     {
       return EverCrypt_Error_InvalidIVLength;
     }
-    EverCrypt_AEAD_state_s scrut1 = *s;
-    uint8_t *ek0 = scrut1.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -1877,8 +1972,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1906,7 +2005,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t
-      scrut2 =
+      c0 =
         gcm128_decrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
@@ -1924,7 +2023,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
           (uint64_t)cipher_len,
           scratch_b1,
           tag);
-      uint64_t c0 = scrut2;
       c = c0;
     }
     else
@@ -1939,7 +2037,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      scrut2 =
+      c0 =
         gcm128_decrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
@@ -1957,7 +2055,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
           (uint64_t)cipher_len,
           scratch_b1,
           tag);
-      uint64_t c0 = scrut2;
       c = c0;
     }
     memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1989,6 +2086,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   uint8_t *dst
 )
 {
+  KRML_HOST_IGNORE(k);
+  KRML_HOST_IGNORE(iv);
+  KRML_HOST_IGNORE(iv_len);
+  KRML_HOST_IGNORE(ad);
+  KRML_HOST_IGNORE(ad_len);
+  KRML_HOST_IGNORE(cipher);
+  KRML_HOST_IGNORE(cipher_len);
+  KRML_HOST_IGNORE(tag);
+  KRML_HOST_IGNORE(dst);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -2000,8 +2106,8 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    uint64_t scrut = aes256_key_expansion(k, keys_b0);
-    uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
@@ -2012,8 +2118,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     {
       return EverCrypt_Error_InvalidIVLength;
     }
-    EverCrypt_AEAD_state_s scrut1 = *s;
-    uint8_t *ek0 = scrut1.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -2023,8 +2128,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -2052,7 +2161,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t
-      scrut2 =
+      c0 =
         gcm256_decrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
@@ -2070,7 +2179,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
           (uint64_t)cipher_len,
           scratch_b1,
           tag);
-      uint64_t c0 = scrut2;
       c = c0;
     }
     else
@@ -2085,7 +2193,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      scrut2 =
+      c0 =
         gcm256_decrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
@@ -2103,7 +2211,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
           (uint64_t)cipher_len,
           scratch_b1,
           tag);
-      uint64_t c0 = scrut2;
       c = c0;
     }
     memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -2214,8 +2321,7 @@ Cleanup and free the AEAD state.
 */
 void EverCrypt_AEAD_free(EverCrypt_AEAD_state_s *s)
 {
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   KRML_HOST_FREE(ek);
   KRML_HOST_FREE(s);
 }
diff --git a/src/msvc/EverCrypt_AutoConfig2.c b/src/msvc/EverCrypt_AutoConfig2.c
index fe93ef8a..b549d020 100644
--- a/src/msvc/EverCrypt_AutoConfig2.c
+++ b/src/msvc/EverCrypt_AutoConfig2.c
@@ -113,75 +113,59 @@ void EverCrypt_AutoConfig2_recall(void)
 void EverCrypt_AutoConfig2_init(void)
 {
   #if HACL_CAN_COMPILE_VALE
-  uint64_t scrut = check_aesni();
-  if (scrut != (uint64_t)0U)
+  if (check_aesni() != (uint64_t)0U)
   {
     cpu_has_aesni[0U] = true;
     cpu_has_pclmulqdq[0U] = true;
   }
-  uint64_t scrut0 = check_sha();
-  if (scrut0 != (uint64_t)0U)
+  if (check_sha() != (uint64_t)0U)
   {
     cpu_has_shaext[0U] = true;
   }
-  uint64_t scrut1 = check_adx_bmi2();
-  if (scrut1 != (uint64_t)0U)
+  if (check_adx_bmi2() != (uint64_t)0U)
   {
     cpu_has_bmi2[0U] = true;
     cpu_has_adx[0U] = true;
   }
-  uint64_t scrut2 = check_avx();
-  if (scrut2 != (uint64_t)0U)
+  if (check_avx() != (uint64_t)0U)
   {
-    uint64_t scrut3 = check_osxsave();
-    if (scrut3 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut4 = check_avx_xcr0();
-      if (scrut4 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
         cpu_has_avx[0U] = true;
       }
     }
   }
-  uint64_t scrut3 = check_avx2();
-  if (scrut3 != (uint64_t)0U)
+  if (check_avx2() != (uint64_t)0U)
   {
-    uint64_t scrut4 = check_osxsave();
-    if (scrut4 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut5 = check_avx_xcr0();
-      if (scrut5 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
         cpu_has_avx2[0U] = true;
       }
     }
   }
-  uint64_t scrut4 = check_sse();
-  if (scrut4 != (uint64_t)0U)
+  if (check_sse() != (uint64_t)0U)
   {
     cpu_has_sse[0U] = true;
   }
-  uint64_t scrut5 = check_movbe();
-  if (scrut5 != (uint64_t)0U)
+  if (check_movbe() != (uint64_t)0U)
   {
     cpu_has_movbe[0U] = true;
   }
-  uint64_t scrut6 = check_rdrand();
-  if (scrut6 != (uint64_t)0U)
+  if (check_rdrand() != (uint64_t)0U)
   {
     cpu_has_rdrand[0U] = true;
   }
-  uint64_t scrut7 = check_avx512();
-  if (scrut7 != (uint64_t)0U)
+  if (check_avx512() != (uint64_t)0U)
   {
-    uint64_t scrut8 = check_osxsave();
-    if (scrut8 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut9 = check_avx_xcr0();
-      if (scrut9 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
-        uint64_t scrut10 = check_avx512_xcr0();
-        if (scrut10 != (uint64_t)0U)
+        if (check_avx512_xcr0() != (uint64_t)0U)
         {
           cpu_has_avx512[0U] = true;
           return;
diff --git a/src/msvc/EverCrypt_DRBG.c b/src/msvc/EverCrypt_DRBG.c
index 243d8eb4..9591823c 100644
--- a/src/msvc/EverCrypt_DRBG.c
+++ b/src/msvc/EverCrypt_DRBG.c
@@ -92,6 +92,7 @@ EverCrypt_DRBG_uu___is_SHA1_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA1_s)
   {
     return true;
@@ -105,6 +106,7 @@ EverCrypt_DRBG_uu___is_SHA2_256_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_256_s)
   {
     return true;
@@ -118,6 +120,7 @@ EverCrypt_DRBG_uu___is_SHA2_384_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_384_s)
   {
     return true;
@@ -131,6 +134,7 @@ EverCrypt_DRBG_uu___is_SHA2_512_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_512_s)
   {
     return true;
diff --git a/src/msvc/EverCrypt_Hash.c b/src/msvc/EverCrypt_Hash.c
index 914a105f..b88df9e2 100644
--- a/src/msvc/EverCrypt_Hash.c
+++ b/src/msvc/EverCrypt_Hash.c
@@ -399,7 +399,7 @@ void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
   if (has_shaext && has_sse)
   {
     uint64_t n1 = (uint64_t)n;
-    uint64_t scrut = sha256_update(s, blocks, n1, k224_256);
+    KRML_HOST_IGNORE(sha256_update(s, blocks, n1, k224_256));
     return;
   }
   Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
@@ -2156,8 +2156,7 @@ Perform a run-time test to determine which algorithm was chosen for the given pi
 Spec_Hash_Definitions_hash_alg
 EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *s;
-  EverCrypt_Hash_state_s *block_state = scrut.block_state;
+  EverCrypt_Hash_state_s *block_state = (*s).block_state;
   return alg_of_state(block_state);
 }
 
diff --git a/src/msvc/EverCrypt_Poly1305.c b/src/msvc/EverCrypt_Poly1305.c
index 717b9527..454c0fce 100644
--- a/src/msvc/EverCrypt_Poly1305.c
+++ b/src/msvc/EverCrypt_Poly1305.c
@@ -28,8 +28,13 @@
 #include "internal/Vale.h"
 #include "config.h"
 
-static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key)
+KRML_MAYBE_UNUSED static void
+poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key)
 {
+  KRML_HOST_IGNORE(dst);
+  KRML_HOST_IGNORE(src);
+  KRML_HOST_IGNORE(len);
+  KRML_HOST_IGNORE(key);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ctx[192U] = { 0U };
   memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
@@ -38,19 +43,16 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key
   uint8_t tmp[16U] = { 0U };
   if (n_extra == (uint32_t)0U)
   {
-    uint64_t scrut = x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U);
-    KRML_HOST_IGNORE((void *)(uint8_t)0U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U));
   }
   else
   {
     uint32_t len16 = n_blocks * (uint32_t)16U;
     uint8_t *src16 = src;
     memcpy(tmp, src + len16, n_extra * sizeof (uint8_t));
-    uint64_t scrut = x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U);
-    KRML_HOST_IGNORE((void *)(uint8_t)0U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U));
     memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
-    uint64_t scrut0 = x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U);
-    KRML_HOST_IGNORE((void *)(uint8_t)0U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U));
   }
   memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t));
   #endif
diff --git a/src/msvc/Hacl_Chacha20_Vec128.c b/src/msvc/Hacl_Chacha20_Vec128.c
index ed112654..1e0c4ec1 100644
--- a/src/msvc/Hacl_Chacha20_Vec128.c
+++ b/src/msvc/Hacl_Chacha20_Vec128.c
@@ -370,9 +370,8 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)256U;
-    uint8_t *uu____3 = text + nb * (uint32_t)256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -676,9 +675,8 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)256U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
diff --git a/src/msvc/Hacl_Chacha20_Vec256.c b/src/msvc/Hacl_Chacha20_Vec256.c
index 2df300b6..620f5040 100644
--- a/src/msvc/Hacl_Chacha20_Vec256.c
+++ b/src/msvc/Hacl_Chacha20_Vec256.c
@@ -470,9 +470,8 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)512U;
-    uint8_t *uu____3 = text + nb * (uint32_t)512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -968,9 +967,8 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)512U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
diff --git a/src/msvc/Hacl_Chacha20_Vec32.c b/src/msvc/Hacl_Chacha20_Vec32.c
index 6f137f39..2bf4764c 100644
--- a/src/msvc/Hacl_Chacha20_Vec32.c
+++ b/src/msvc/Hacl_Chacha20_Vec32.c
@@ -229,9 +229,8 @@ Hacl_Chacha20_Vec32_chacha20_encrypt_32(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = text + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
@@ -279,9 +278,8 @@ Hacl_Chacha20_Vec32_chacha20_decrypt_32(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
diff --git a/src/msvc/Hacl_Curve25519_64.c b/src/msvc/Hacl_Curve25519_64.c
index 526fbd22..fb0974fe 100644
--- a/src/msvc/Hacl_Curve25519_64.c
+++ b/src/msvc/Hacl_Curve25519_64.c
@@ -35,7 +35,7 @@ static inline void add_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   add_scalar(out, f1, f2);
   #else
-  uint64_t uu____0 = add_scalar_e(out, f1, f2);
+  KRML_HOST_IGNORE(add_scalar_e(out, f1, f2));
   #endif
 }
 
@@ -44,7 +44,7 @@ static inline void fadd0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fadd(out, f1, f2);
   #else
-  uint64_t uu____0 = fadd_e(out, f1, f2);
+  KRML_HOST_IGNORE(fadd_e(out, f1, f2));
   #endif
 }
 
@@ -53,7 +53,7 @@ static inline void fsub0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsub(out, f1, f2);
   #else
-  uint64_t uu____0 = fsub_e(out, f1, f2);
+  KRML_HOST_IGNORE(fsub_e(out, f1, f2));
   #endif
 }
 
@@ -62,7 +62,7 @@ static inline void fmul0(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *tm
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul(out, f1, f2, tmp);
   #else
-  uint64_t uu____0 = fmul_e(tmp, f1, out, f2);
+  KRML_HOST_IGNORE(fmul_e(tmp, f1, out, f2));
   #endif
 }
 
@@ -71,7 +71,7 @@ static inline void fmul20(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *t
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul2(out, f1, f2, tmp);
   #else
-  uint64_t uu____0 = fmul2_e(tmp, f1, out, f2);
+  KRML_HOST_IGNORE(fmul2_e(tmp, f1, out, f2));
   #endif
 }
 
@@ -80,7 +80,7 @@ static inline void fmul_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul_scalar(out, f1, f2);
   #else
-  uint64_t uu____0 = fmul_scalar_e(out, f1, f2);
+  KRML_HOST_IGNORE(fmul_scalar_e(out, f1, f2));
   #endif
 }
 
@@ -89,7 +89,7 @@ static inline void fsqr0(uint64_t *out, uint64_t *f1, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr(out, f1, tmp);
   #else
-  uint64_t uu____0 = fsqr_e(tmp, f1, out);
+  KRML_HOST_IGNORE(fsqr_e(tmp, f1, out));
   #endif
 }
 
@@ -98,7 +98,7 @@ static inline void fsqr20(uint64_t *out, uint64_t *f, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr2(out, f, tmp);
   #else
-  uint64_t uu____0 = fsqr2_e(tmp, f, out);
+  KRML_HOST_IGNORE(fsqr2_e(tmp, f, out));
   #endif
 }
 
@@ -107,7 +107,7 @@ static inline void cswap20(uint64_t bit, uint64_t *p1, uint64_t *p2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   cswap2(bit, p1, p2);
   #else
-  uint64_t uu____0 = cswap2_e(bit, p1, p2);
+  KRML_HOST_IGNORE(cswap2_e(bit, p1, p2));
   #endif
 }
 
diff --git a/src/msvc/Hacl_Ed25519.c b/src/msvc/Hacl_Ed25519.c
index 9d7c3bd4..f9881e91 100644
--- a/src/msvc/Hacl_Ed25519.c
+++ b/src/msvc/Hacl_Ed25519.c
@@ -711,65 +711,53 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 c00 = carry0;
   FStar_UInt128_uint128
   carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U);
-  uint64_t
-  t100 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00))
-    & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c10 = carry1;
   FStar_UInt128_uint128
   carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U);
-  uint64_t
-  t101 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10))
-    & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c20 = carry2;
   FStar_UInt128_uint128
   carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U);
-  uint64_t
-  t102 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20))
-    & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c30 = carry3;
   FStar_UInt128_uint128
   carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U);
   uint64_t
-  t103 =
+  t100 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c40 = carry4;
-  uint64_t t410 = t103;
+  uint64_t t410 = t100;
   FStar_UInt128_uint128
   carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), (uint32_t)56U);
   uint64_t
-  t104 =
+  t101 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c5 = carry5;
-  uint64_t t51 = t104;
+  uint64_t t51 = t101;
   FStar_UInt128_uint128
   carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), (uint32_t)56U);
   uint64_t
-  t105 =
+  t102 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c6 = carry6;
-  uint64_t t61 = t105;
+  uint64_t t61 = t102;
   FStar_UInt128_uint128
   carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), (uint32_t)56U);
   uint64_t
-  t106 =
+  t103 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c7 = carry7;
-  uint64_t t71 = t106;
+  uint64_t t71 = t103;
   FStar_UInt128_uint128
   carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), (uint32_t)56U);
   uint64_t
-  t107 =
+  t104 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c8 = carry8;
-  uint64_t t81 = t107;
+  uint64_t t81 = t104;
   uint64_t t91 = FStar_UInt128_uint128_to_uint64(c8);
   uint64_t qmu4_ = t410;
   uint64_t qmu5_ = t51;
@@ -818,19 +806,19 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 xy31 = FStar_UInt128_mul_wide(qdiv3, m1);
   FStar_UInt128_uint128 xy40 = FStar_UInt128_mul_wide(qdiv4, m0);
   FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, (uint32_t)56U);
-  uint64_t t108 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
+  uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c0 = carry9;
-  uint64_t t010 = t108;
+  uint64_t t010 = t105;
   FStar_UInt128_uint128
   carry10 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0),
       (uint32_t)56U);
   uint64_t
-  t109 =
+  t106 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c11 = carry10;
-  uint64_t t110 = t109;
+  uint64_t t110 = t106;
   FStar_UInt128_uint128
   carry11 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
@@ -839,14 +827,14 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c11),
       (uint32_t)56U);
   uint64_t
-  t1010 =
+  t107 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
             xy11),
           xy20),
         c11))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c21 = carry11;
-  uint64_t t210 = t1010;
+  uint64_t t210 = t107;
   FStar_UInt128_uint128
   carry =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
@@ -856,7 +844,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c21),
       (uint32_t)56U);
   uint64_t
-  t1011 =
+  t108 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
               xy12),
             xy21),
@@ -864,7 +852,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c21))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c31 = carry;
-  uint64_t t310 = t1011;
+  uint64_t t310 = t108;
   uint64_t
   t411 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy04,
@@ -880,24 +868,24 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t qmul3 = t310;
   uint64_t qmul4 = t411;
   uint64_t b5 = (r0 - qmul0) >> (uint32_t)63U;
-  uint64_t t1012 = (b5 << (uint32_t)56U) + r0 - qmul0;
+  uint64_t t109 = (b5 << (uint32_t)56U) + r0 - qmul0;
   uint64_t c1 = b5;
-  uint64_t t011 = t1012;
+  uint64_t t011 = t109;
   uint64_t b6 = (r1 - (qmul1 + c1)) >> (uint32_t)63U;
-  uint64_t t1013 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
+  uint64_t t1010 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
   uint64_t c2 = b6;
-  uint64_t t111 = t1013;
+  uint64_t t111 = t1010;
   uint64_t b7 = (r2 - (qmul2 + c2)) >> (uint32_t)63U;
-  uint64_t t1014 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
+  uint64_t t1011 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
   uint64_t c3 = b7;
-  uint64_t t211 = t1014;
+  uint64_t t211 = t1011;
   uint64_t b8 = (r3 - (qmul3 + c3)) >> (uint32_t)63U;
-  uint64_t t1015 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
+  uint64_t t1012 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
   uint64_t c4 = b8;
-  uint64_t t311 = t1015;
+  uint64_t t311 = t1012;
   uint64_t b9 = (r4 - (qmul4 + c4)) >> (uint32_t)63U;
-  uint64_t t1016 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
-  uint64_t t412 = t1016;
+  uint64_t t1013 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
+  uint64_t t412 = t1013;
   uint64_t s0 = t011;
   uint64_t s1 = t111;
   uint64_t s2 = t211;
@@ -914,21 +902,21 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t y3 = m31;
   uint64_t y4 = m41;
   uint64_t b10 = (s0 - y0) >> (uint32_t)63U;
-  uint64_t t1017 = (b10 << (uint32_t)56U) + s0 - y0;
+  uint64_t t1014 = (b10 << (uint32_t)56U) + s0 - y0;
   uint64_t b0 = b10;
-  uint64_t t01 = t1017;
+  uint64_t t01 = t1014;
   uint64_t b11 = (s1 - (y1 + b0)) >> (uint32_t)63U;
-  uint64_t t1018 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
+  uint64_t t1015 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
   uint64_t b1 = b11;
-  uint64_t t11 = t1018;
+  uint64_t t11 = t1015;
   uint64_t b12 = (s2 - (y2 + b1)) >> (uint32_t)63U;
-  uint64_t t1019 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
+  uint64_t t1016 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
   uint64_t b2 = b12;
-  uint64_t t21 = t1019;
+  uint64_t t21 = t1016;
   uint64_t b13 = (s3 - (y3 + b2)) >> (uint32_t)63U;
-  uint64_t t1020 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
+  uint64_t t1017 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
   uint64_t b3 = b13;
-  uint64_t t31 = t1020;
+  uint64_t t31 = t1017;
   uint64_t b = (s4 - (y4 + b3)) >> (uint32_t)63U;
   uint64_t t10 = (b << (uint32_t)56U) + s4 - (y4 + b3);
   uint64_t b4 = b;
diff --git a/src/msvc/Hacl_FFDHE.c b/src/msvc/Hacl_FFDHE.c
index 53b87f73..bc77dbdc 100644
--- a/src/msvc/Hacl_FFDHE.c
+++ b/src/msvc/Hacl_FFDHE.c
@@ -127,7 +127,6 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui
   memset(p_n1, 0U, nLen * sizeof (uint64_t));
   uint64_t
   c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, p_n[0U], (uint64_t)1U, p_n1);
-  uint64_t c1;
   if ((uint32_t)1U < nLen)
   {
     uint64_t *a1 = p_n + (uint32_t)1U;
@@ -159,12 +158,12 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui
       uint64_t *res_i = res1 + i;
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
     }
-    uint64_t c10 = c;
-    c1 = c10;
+    uint64_t c1 = c;
+    KRML_HOST_IGNORE(c1);
   }
   else
   {
-    c1 = c0;
+    KRML_HOST_IGNORE(c0);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t *b2 = (uint64_t *)alloca(nLen * sizeof (uint64_t));
diff --git a/src/msvc/Hacl_Frodo_KEM.c b/src/msvc/Hacl_Frodo_KEM.c
index 13db363a..4265ac0e 100644
--- a/src/msvc/Hacl_Frodo_KEM.c
+++ b/src/msvc/Hacl_Frodo_KEM.c
@@ -30,6 +30,6 @@
 
 void randombytes_(uint32_t len, uint8_t *res)
 {
-  bool b = Lib_RandomBuffer_System_randombytes(res, len);
+  KRML_HOST_IGNORE(Lib_RandomBuffer_System_randombytes(res, len));
 }
 
diff --git a/src/msvc/Hacl_HMAC_DRBG.c b/src/msvc/Hacl_HMAC_DRBG.c
index 93e47dc9..b3acf354 100644
--- a/src/msvc/Hacl_HMAC_DRBG.c
+++ b/src/msvc/Hacl_HMAC_DRBG.c
@@ -71,6 +71,8 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
 bool
 Hacl_HMAC_DRBG_uu___is_State(Spec_Hash_Definitions_hash_alg a, Hacl_HMAC_DRBG_state projectee)
 {
+  KRML_HOST_IGNORE(a);
+  KRML_HOST_IGNORE(projectee);
   return true;
 }
 
@@ -1104,6 +1106,7 @@ Hacl_HMAC_DRBG_generate(
 
 void Hacl_HMAC_DRBG_free(Spec_Hash_Definitions_hash_alg uu___, Hacl_HMAC_DRBG_state s)
 {
+  KRML_HOST_IGNORE(uu___);
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
diff --git a/src/msvc/Hacl_Hash_Blake2.c b/src/msvc/Hacl_Hash_Blake2.c
index 194e7157..aecc6165 100644
--- a/src/msvc/Hacl_Hash_Blake2.c
+++ b/src/msvc/Hacl_Hash_Blake2.c
@@ -545,6 +545,7 @@ Hacl_Blake2b_32_blake2b_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     FStar_UInt128_uint128
@@ -1192,6 +1193,7 @@ Hacl_Blake2s_32_blake2s_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
diff --git a/src/msvc/Hacl_Hash_Blake2b_256.c b/src/msvc/Hacl_Hash_Blake2b_256.c
index d0df7cd8..b37ffc5f 100644
--- a/src/msvc/Hacl_Hash_Blake2b_256.c
+++ b/src/msvc/Hacl_Hash_Blake2b_256.c
@@ -268,6 +268,7 @@ Hacl_Blake2b_256_blake2b_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     FStar_UInt128_uint128
diff --git a/src/msvc/Hacl_Hash_Blake2s_128.c b/src/msvc/Hacl_Hash_Blake2s_128.c
index 5bf06711..86c4f030 100644
--- a/src/msvc/Hacl_Hash_Blake2s_128.c
+++ b/src/msvc/Hacl_Hash_Blake2s_128.c
@@ -268,6 +268,7 @@ Hacl_Blake2s_128_blake2s_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
diff --git a/src/msvc/Hacl_Hash_MD5.c b/src/msvc/Hacl_Hash_MD5.c
index 1b376960..222ac824 100644
--- a/src/msvc/Hacl_Hash_MD5.c
+++ b/src/msvc/Hacl_Hash_MD5.c
@@ -1218,7 +1218,6 @@ void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Hash_Core_MD5_legacy_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Hash_SHA1.c b/src/msvc/Hacl_Hash_SHA1.c
index 80edc004..5ecb3c0b 100644
--- a/src/msvc/Hacl_Hash_SHA1.c
+++ b/src/msvc/Hacl_Hash_SHA1.c
@@ -254,7 +254,6 @@ void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Hash_Core_SHA1_legacy_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Hash_SHA2.c b/src/msvc/Hacl_Hash_SHA2.c
index 46fde83f..c93c3616 100644
--- a/src/msvc/Hacl_Hash_SHA2.c
+++ b/src/msvc/Hacl_Hash_SHA2.c
@@ -537,7 +537,6 @@ void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha256_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -836,7 +835,6 @@ void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s)
   Hacl_Streaming_MD_state_32 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha224_init(block_state);
   Hacl_Streaming_MD_state_32
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -962,7 +960,6 @@ void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s)
   Hacl_Streaming_MD_state_64 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -1262,7 +1259,6 @@ void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s)
   Hacl_Streaming_MD_state_64 scrut = *s;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_SHA2_Scalar32_sha384_init(block_state);
   Hacl_Streaming_MD_state_64
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Hash_SHA3.c b/src/msvc/Hacl_Hash_SHA3.c
index 5f4707f4..19d13b1b 100644
--- a/src/msvc/Hacl_Hash_SHA3.c
+++ b/src/msvc/Hacl_Hash_SHA3.c
@@ -125,10 +125,9 @@ Hacl_Hash_SHA3_update_last_sha3(
   if (input_len == len)
   {
     Hacl_Impl_SHA3_absorb_inner(len, input, s);
-    uint8_t *uu____0 = input + input_len;
     uint8_t lastBlock_[200U] = { 0U };
     uint8_t *lastBlock = lastBlock_;
-    memcpy(lastBlock, uu____0, (uint32_t)0U * sizeof (uint8_t));
+    memcpy(lastBlock, input + input_len, (uint32_t)0U * sizeof (uint8_t));
     lastBlock[0U] = suffix;
     Hacl_Impl_SHA3_loadState(len, lastBlock, s);
     if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && (uint32_t)0U == len - (uint32_t)1U)
@@ -167,8 +166,7 @@ hash_buf2;
 
 Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s)
 {
-  Hacl_Streaming_Keccak_state scrut = *s;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Hacl_Streaming_Keccak_hash_buf block_state = (*s).block_state;
   return block_state.fst;
 }
 
@@ -809,6 +807,7 @@ Hacl_Impl_SHA3_keccak(
   uint8_t *output
 )
 {
+  KRML_HOST_IGNORE(capacity);
   uint32_t rateInBytes = rate / (uint32_t)8U;
   uint64_t s[25U] = { 0U };
   absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix);
diff --git a/src/msvc/Hacl_K256_ECDSA.c b/src/msvc/Hacl_K256_ECDSA.c
index 19395653..c5dda43f 100644
--- a/src/msvc/Hacl_K256_ECDSA.c
+++ b/src/msvc/Hacl_K256_ECDSA.c
@@ -498,7 +498,7 @@ mul_pow2_256_minus_q_add(
     uint64_t r = c;
     tmp[len + i0] = r;);
   memcpy(res + (uint32_t)2U, a, len * sizeof (uint64_t));
-  uint64_t uu____0 = bn_add(resLen, res, len + (uint32_t)2U, tmp, res);
+  KRML_HOST_IGNORE(bn_add(resLen, res, len + (uint32_t)2U, tmp, res));
   uint64_t c = bn_add(resLen, res, (uint32_t)4U, e, res);
   return c;
 }
@@ -514,15 +514,23 @@ static inline void modq(uint64_t *out, uint64_t *a)
   uint64_t *t01 = tmp;
   uint64_t m[7U] = { 0U };
   uint64_t p[5U] = { 0U };
-  uint64_t
-  c0 = mul_pow2_256_minus_q_add((uint32_t)4U, (uint32_t)7U, t01, a + (uint32_t)4U, a, m);
-  uint64_t
-  c10 = mul_pow2_256_minus_q_add((uint32_t)3U, (uint32_t)5U, t01, m + (uint32_t)4U, m, p);
+  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)4U,
+      (uint32_t)7U,
+      t01,
+      a + (uint32_t)4U,
+      a,
+      m));
+  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)3U,
+      (uint32_t)5U,
+      t01,
+      m + (uint32_t)4U,
+      m,
+      p));
   uint64_t
   c2 = mul_pow2_256_minus_q_add((uint32_t)1U, (uint32_t)4U, t01, p + (uint32_t)4U, p, r);
-  uint64_t c00 = c2;
+  uint64_t c0 = c2;
   uint64_t c1 = add4(r, tmp, out);
-  uint64_t mask = (uint64_t)0U - (c00 + c1);
+  uint64_t mask = (uint64_t)0U - (c0 + c1);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -612,7 +620,7 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
     uint64_t *res_i = res1 + i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
-  uint64_t uu____0 = c1;
+  KRML_HOST_IGNORE(c1);
   uint64_t flag = l[5U] >> (uint32_t)63U;
   uint64_t mask = (uint64_t)0U - flag;
   KRML_MAYBE_FOR4(i,
@@ -1223,6 +1231,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)118285133003718U, (uint64_t)434519962075150U, (uint64_t)1114612377498854U,
       (uint64_t)3488596944003813U, (uint64_t)450716531072892U, (uint64_t)66044973203836U
     };
+  KRML_HOST_IGNORE(q2);
   uint64_t
   q3[15U] =
     {
@@ -1232,6 +1241,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)265969268774814U, (uint64_t)1913228635640715U, (uint64_t)2831959046949342U,
       (uint64_t)888030405442963U, (uint64_t)1817092932985033U, (uint64_t)101515844997121U
     };
+  KRML_HOST_IGNORE(q3);
   uint64_t
   q4[15U] =
     {
@@ -1241,6 +1251,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)12245672982162U, (uint64_t)2119364213800870U, (uint64_t)2034960311715107U,
       (uint64_t)3172697815804487U, (uint64_t)4185144850224160U, (uint64_t)2792055915674U
     };
+  KRML_HOST_IGNORE(q4);
   uint64_t *r1 = scalar;
   uint64_t *r2 = scalar + (uint32_t)1U;
   uint64_t *r3 = scalar + (uint32_t)2U;
@@ -1605,6 +1616,7 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(
 )
 {
   uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  KRML_HOST_IGNORE(oneq);
   uint64_t rsdk_q[16U] = { 0U };
   uint64_t *r_q = rsdk_q;
   uint64_t *s_q = rsdk_q + (uint32_t)4U;
diff --git a/src/msvc/Hacl_RSAPSS.c b/src/msvc/Hacl_RSAPSS.c
index ce2fb517..084f10b3 100644
--- a/src/msvc/Hacl_RSAPSS.c
+++ b/src/msvc/Hacl_RSAPSS.c
@@ -404,9 +404,9 @@ load_skey(
 Sign a message `msg` and write the signature to `sgnt`.
 
 @param a Hash algorithm to use. Allowed values for `a` are ...
-  * Spec_Hash_Definitions_SHA2_256,
-  * Spec_Hash_Definitions_SHA2_384, and
-  * Spec_Hash_Definitions_SHA2_512.
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
@@ -518,7 +518,10 @@ Hacl_RSAPSS_rsapss_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.
@@ -637,10 +640,10 @@ Load a public key from key parts.
 
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 
-@return Returns an allocated public key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb)
@@ -707,11 +710,11 @@ Load a secret key from key parts.
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 
-@return Returns an allocated secret key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_skey(
@@ -804,13 +807,16 @@ uint64_t
 /**
 Sign a message `msg` and write the signature to `sgnt`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param salt Pointer to `saltLen` bytes where the salt is read from.
 @param msgLen Length of message.
@@ -875,11 +881,14 @@ Hacl_RSAPSS_rsapss_skey_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param sgntLen Length of signature.
 @param sgnt Pointer to `sgntLen` bytes where the signature is read from.
diff --git a/src/msvc/Hacl_Salsa20.c b/src/msvc/Hacl_Salsa20.c
index e157d5ef..2758f8a4 100644
--- a/src/msvc/Hacl_Salsa20.c
+++ b/src/msvc/Hacl_Salsa20.c
@@ -181,6 +181,7 @@ salsa20_encrypt(
   memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
   ctx[15U] = (uint32_t)0x6b206574U;
   uint32_t k[16U] = { 0U };
+  KRML_HOST_IGNORE(k);
   uint32_t rem = len % (uint32_t)64U;
   uint32_t nb = len / (uint32_t)64U;
   uint32_t rem1 = len % (uint32_t)64U;
@@ -217,9 +218,8 @@ salsa20_encrypt(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = text + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
@@ -294,6 +294,7 @@ salsa20_decrypt(
   memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
   ctx[15U] = (uint32_t)0x6b206574U;
   uint32_t k[16U] = { 0U };
+  KRML_HOST_IGNORE(k);
   uint32_t rem = len % (uint32_t)64U;
   uint32_t nb = len / (uint32_t)64U;
   uint32_t rem1 = len % (uint32_t)64U;
@@ -330,9 +331,8 @@ salsa20_decrypt(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
diff --git a/src/msvc/Hacl_Streaming_Blake2.c b/src/msvc/Hacl_Streaming_Blake2.c
index 4faa859e..948d56c2 100644
--- a/src/msvc/Hacl_Streaming_Blake2.c
+++ b/src/msvc/Hacl_Streaming_Blake2.c
@@ -54,7 +54,6 @@ void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_
   Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
   Hacl_Streaming_Blake2_blake2s_32_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -354,7 +353,6 @@ void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_
   Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
   Hacl_Streaming_Blake2_blake2b_32_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Streaming_Blake2b_256.c b/src/msvc/Hacl_Streaming_Blake2b_256.c
index d2df234a..bdb5433f 100644
--- a/src/msvc/Hacl_Streaming_Blake2b_256.c
+++ b/src/msvc/Hacl_Streaming_Blake2b_256.c
@@ -66,7 +66,6 @@ Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(
   Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
   Hacl_Streaming_Blake2b_256_blake2b_256_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Streaming_Blake2s_128.c b/src/msvc/Hacl_Streaming_Blake2s_128.c
index eaace7ce..f97bf5d0 100644
--- a/src/msvc/Hacl_Streaming_Blake2s_128.c
+++ b/src/msvc/Hacl_Streaming_Blake2s_128.c
@@ -66,7 +66,6 @@ Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(
   Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
   Hacl_Streaming_Blake2s_128_blake2s_128_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
diff --git a/src/msvc/Hacl_Streaming_Poly1305_128.c b/src/msvc/Hacl_Streaming_Poly1305_128.c
index c752cfb0..c3f7c19a 100644
--- a/src/msvc/Hacl_Streaming_Poly1305_128.c
+++ b/src/msvc/Hacl_Streaming_Poly1305_128.c
@@ -58,7 +58,6 @@ Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly130
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_128_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
@@ -312,7 +311,7 @@ Hacl_Streaming_Poly1305_128_finish(
   {
     ite1 = r % (uint32_t)16U;
   }
-  uint64_t prev_len_last = total_len - (uint64_t)ite1;
+  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
   uint32_t ite2;
   if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
   {
diff --git a/src/msvc/Hacl_Streaming_Poly1305_256.c b/src/msvc/Hacl_Streaming_Poly1305_256.c
index c1915ed9..e56275a4 100644
--- a/src/msvc/Hacl_Streaming_Poly1305_256.c
+++ b/src/msvc/Hacl_Streaming_Poly1305_256.c
@@ -58,7 +58,6 @@ Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly130
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_256_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
@@ -312,7 +311,7 @@ Hacl_Streaming_Poly1305_256_finish(
   {
     ite1 = r % (uint32_t)16U;
   }
-  uint64_t prev_len_last = total_len - (uint64_t)ite1;
+  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
   uint32_t ite2;
   if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
   {
diff --git a/src/msvc/Hacl_Streaming_Poly1305_32.c b/src/msvc/Hacl_Streaming_Poly1305_32.c
index 89852727..249a622f 100644
--- a/src/msvc/Hacl_Streaming_Poly1305_32.c
+++ b/src/msvc/Hacl_Streaming_Poly1305_32.c
@@ -53,7 +53,6 @@ Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_
   uint8_t *k_ = scrut.p_key;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  KRML_HOST_IGNORE((void *)(uint8_t)0U);
   Hacl_Poly1305_32_poly1305_init(block_state, k);
   memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
   uint8_t *k_1 = k_;
diff --git a/src/wasm/EverCrypt_Hash.wasm b/src/wasm/EverCrypt_Hash.wasm
index 6b1a6c3fcd7de9879f50ecfa716db8f695b4acdf..8fdc7b27e028cff8b53492b41b29a176bc2bb191 100644
GIT binary patch
delta 1974
zcmZ9NOHU+K6vwOjRR!HM-89{FSHsZf&_F+Epy&sW=6L~uh8dtW1I$dKnWZ?<m2NZx
zs2@PR3ln2pn7A`>5@Otri3`7jaWWe>ZX|K#!pAwcit56o7xh1V9{=CDw^A=Ig1=q_
zpKZkTKQA}q@0!uS&(F`bVBo27rpuo)n|kiDH)|z(uRf=6An^3$O#bnvCATV5{U-K;
z4m~3DMCklGg<knlrLz<j8peWa5EJ2cXiaD(O@k=jqTHA-_m)zp^k*VCOBpetpJGgk
z)|mWa&N6Nbz&ONZXJR~(fP~Om(ta}3!&4HI8mWs9Mw*zUF-c*1WBN#S?c7$XJ0i&=
zk~E^<hCb{E9aCZm)6^p^w7qMqDN_1dil^Uul)qF#!g5l+UA2q>@|J-NduwDNOWw$T
zhKevly)wRDSq_usEL--H*uf%X(V|7=s3PYhut;?Y29)X&<d`7m5Lh@!1ViNI4)wU>
zn>s|wB^dM`Wo}9le70bj!{WJydC1F7v)BLthak@cdFqw-^#W2%04{-(<PZQN5sXm9
zh>rkSc~@dssnaqYvo=Q?7-51DhXAoa1f#;nG3qhqn>tF$B`A20^1-xo2ER{P<~So1
zp{Ni_P;wB8j8LRzMPIWLDMl!{2u_lNP{J}HRH&ljLnyQI5XP12B2*Zm!u2aq#tA~G
zvYAP0GU*#zCFL?qc#p0H{s$+i#fmuvQ{od{49RmlCEu{E;51Cj_w8EH23tO}YdteC
zBYxIsg39>Uwv3tptV3PhzXmiM^g6e!lZU#`LxU8fH{7{S5?g-+4QxUaXQ3$)l*4H_
z2Q{3Bnh0?qM1cibPK$cBM96!`W?6a5nOBN$D8IxlUQJ7W`t?9<k;)c*Wpk{&vIV8C
z%NDt8k!>}|(h@A;GHrE*FjuL|st;&|l)Kbr?@{LKXfy?gP{Ndn)pB&Lpoh+=nnG$x
z>#*)DN$`>c^%TCI>!f%|>+X`ABz9xLI&Q!QZo)=)Nw2^fZpo8+%iQK;-+>)<2iwqg
zX6*2c9h$M@o6#o4GurM9C&@X8HtxbM?!hkEbr0e$Y~wxHb`HX%gV?8oIG~;fzK!mY
z>fX|OO7Sh_*X)2ddY}&Ckjf5yWp_z+%l4JJE<5D1L$(zsOC9Lot8@^r@#TB|xGKMC
z4(huy-Lzx(3jx|N;UB?~!as&%2mgrik7(wR5C51H;~%^DP7==<hGRT|6MO(CUHpe|
zA0HJoabd`-@~HfBEq<Ap{o%dke?D|RLXk7|RlzW5LK6vfdFcjX1R`jF;g1Pzi;RZD
zV90m&)3Pv;lrIlMshc@L&e7%7d@3vgoZ8n(Z`@3Ya7qvTccZz%QS<*%lcT-dCx4LE
z4SCi{%j9Y@EFv6xtYSaX$HN2@!gR1f3_%b=^a4e{`uHYc1hmT+-@dNPnTL73N51@i
L;PS8UeoOoZzzl+h

delta 1785
zcmYjSOK%!i6rO>J0An7p4F+TIIUzj!0P{8vCvY1Za2!Z%gPV5Kc1t3)n`G4{PFi(u
z-9?vGvTquRR^7E(<ZrZDRqCQrH(gX+R6S>A7)C<kesj<H&i8$DFZ}w<`P(z+>stZ!
z@99C{k=y&<#l?l<bUblAb;!4?2M+X2J(1{==Z|mbxx?|~TtclXKi*mnsNfOWL!t6#
z0&e;B)=7OqDCl)|z$>mCX&s?t6$Mm6^ST8cO=u(NtkJGls1x+cPxe!?z8!Tf3P2zD
z<mC@B`Fh8@?FYY5npEc#>I3u<wNEI=GipCSrs4jaqBP~3+IkE87$6NnDhvv@r6E9Q
zu3=F}a}7b(5R{jnuj~i#DyX<5)^V9AmTj|^2&oVBaaXM+&n0oZgUh;!M>|p13YiE&
zXl5c8hOl8G#C0Je4%vvqgxEybAd{Cb*IE$9Rk9JG(umE*DxtZJ6&=lOMA$||x3P**
zvav=wVnh+MO<N;m+K5_9(+2NgOt;}`MBVG+je>EA%NONLCIJb<L!67^#2UA;CJ3>I
zguKW>3lg|N>Vb;DrhbEwbzs(YG})wspzKkG!0JI)zkx{VuZaRCi6Uv6bB&Ox9<8OR
zo_8>*tN-jfP5#^nxv#T>6r^+qX-FFmQe2oK=9G;&O^6+&<u7@1kj9KqFiS;Qn}ZA^
z%fWRW%^hUfL6#j<GPp?&ws`zDactWLZ4ojpY+6gUAluC&bw>^gC1(zD@;QCyAuoTT
z?_JoHe-_HF0=>{86lVvkQi76UsmPX!G^uEtR3gNdN@hSt5$pS~gk>mW1<HcXzJ7tR
z3I(h|L1_FydpN;83ZPDub)i}JsKUq!pr#`}fP9ndY`;$VhsxNXzJ{%@%E;>5)6uN2
z!F>&u<tt+on%JV~_65lNek8{FTX4fn%rwFfZ*YfNmfx0ky*HDp_LQ<|LwlA@rUUf*
z!<Vzo)ol{gwq?VJxjXWU5=J^GK;U~I=5gGDn|L5UDmUGS{1&^=<wI2ILC;|AGHaJu
zyEfJyA!hBFLX9Fl@gDY}k4Mm_NoL}=;Si7E&`8`(iQl2b2ShorC3i$<e&mjI#7B;=
z%z%>{7>N(5Z)oegO=#YCM@O^1A@>bgmgwVMxQq8F@e{UrN-U=~LnnmH!+OtJn&x;1
zPnkvQQ?GncT9NQdlY7<B;#tx`FN6q3Fw!sI7{*3!Bkmf}n2~MFm=NbSmj6~TGRAW_
z$M@lU9@Tv~!w;tKs((H9Jpa=8BXY_7FgpG8)tMRt4_u+>oTz~lG&+mkmtW0_ptd%>
XKRi`s@o~Zd3-aBM;pso${~r7wCd_Bg

diff --git a/src/wasm/Hacl_Bignum.wasm b/src/wasm/Hacl_Bignum.wasm
index 579c0d56f1da11845ae83f0630d77869216c5fb2..b9c99c898a2c73ae248089b38ce824515f17262c 100644
GIT binary patch
delta 4324
zcmcgvX>3&26`u2+!A>ltQko{Hvcz{<60;;YEHR52+cO4(+0Bv_$kMW8AS7gISv))&
z&m(5B!G3@-O8^rBNo19jgi5I@^-q5ES3^nCHX(&15Yi^>yTQ<Nmp5aGDpi$I$(nc1
zIrrV~JNLYM?&tT9Wqo=qYj64O*|i5!)sY^1f^oP1o^pcd!0!8c=1$2gIN|Uq2Pd7j
zSfs5A-#KkneA>ZjCx*7V-F(J@L{B@r3nLMnarkVoE5G~Q=Nz1HVico!v8;IsKJUaL
ze8CAChjt78xHz}_MF;YC){%E4a7kHwS<SiPxTUxf<n_$+&N;CxTygXQJtGlrcOc6c
zmtFR%gUgPJU31XxwBed?QzW^=L5Jmc-GNN&(EJ48hI$3pEpoMsGz=vaRkd1;D@a}l
zl?anq=32B`7d37hYF&$#a*=Y)Zul-_TFO<sA!y6hEAU-oz1j)QNu$*%Gz%tPo7xI5
zL|f^iPS93{XscYTvS_PatWcIktJi3&Em}h-G&ha5rW2ZYE!x@;tkK090c&*IhM1jf
za?xbb0v9r`DMVYR(E^LM-j!O#C?ORL&UE{+C&_Pc5kVv&KOZ=WxiOj>%bG7+%+0RU
zxcSy#MOJAnBD*gIkziPgjf$?aEzy>c=q48%h3KYmS2nxYY<X^R(b7Yic3ZY;qFXG{
z*Id0^LTD(WaUr_RF4{%D$Xwp;V!O*bT<mbU)kUkzJKfl+j{O&sxwuVcXLAm+ks~F|
z{j#yTI+7n;>7AENOUe7u((C|z?%7w+=ML8!!bKPwk5plB6%WHOj$$YmBZ^|5OVlID
zr6^Ta3?+!AI4;h(&t)i!m9*9Ia16sxpGU+!jPT=B#pM`*@)VE6NF5&~f#GpV`WPj@
z@knhdPPJTtA`BZOn^@uS=-~and3TP%5OWN3<QR?>`s12+^rLP~1-agMjK^r1EY1lS
z&lBZYDV3>|g6XOa2#c03%^3MiE9b>zsa|qSCSk0xr8a8y$(X3zQ!oirsw8usimCiC
zCh;S97?1e;sCp#%F+8TM$2~lX$5Z@-c%Sfj8m8&Irei85`8-3?o1yc55;O2*il4$$
zI{vf-rt7?)mS0RUc|U{6m}*k_1t#JdGyEkiVL95C^UO5ogr~kK#e0_FJsUGITl1cS
zIs7bUastmH;qzSeNb)?)Q`U2si|0~2U!3!Oejd+jS}$M@X8OE9*e%esU&I2unBtf4
zl8(PDffqFGmlf^VLfeyiy@FYoW61tWc)wzXzYcjzJFvVLhP+LOP_!2r+KaIei#6>f
zSi)6U$VpTo>GM+cNU{e{S=EH4sHPOxkoarJXKxu{8EJO4ge6$$bBcs!igW@#$q2r@
zv7E5n%zIVEYf0xJV@YJO+5bAiA}lfNSCC{<N5)u5VJ^~aY%Z%vC*#SNWIB+_X0^Pf
zzMgu5#Oq0C)Iew;UZY&RmLP+*LcGzAlH5d)KjjMu;tquEIvrgnzV(FlhW7@wjx6GH
zv&x`ZXE>QRk_@p?UTPt<n5mo8gbgM|8B2=wWOCe05Rwfxu`Mdg&DPjTs8qeLGHiXX
z(f1CK>U`Ts&eyhEVwuw=p>U73%N{Ayexf_<?z9pl(rR{RCt)Y?>&nHu2r}3u8NM;t
z4wJl_Ab-lahwuhrk7W9$j=m|rw+L^UoZnUpVS7+E?cS(l|F+5gH#+-PoBdvbkl1Mx
zen(}$*BZYi%{0N=g45mZDv~y`&(Q6H(YgFC;a%eQ2=5W^C+sKw9sP%PdMG$BU@qnC
ziw?YWN5O~0e<2(oqdNXfa;qOC93*qkengPyLDH(@BjS&P>1Ex2@(JNX*|YGn_$vvQ
zzXgqDJ-ojY<nLpWt}VV#mBpW_@F7)_L+O(2q3<=lPe{7lAt{7a2cHvUVdFAh{s-YR
zQp({l;d5%kVPUIv$PvO3#n=;}^aVlY9nq8p_)GN;zOanGBBXILLgZ*?sPtuhEJXX7
za8%H~4$+Pij@$kDh9J|9hhW}6HQF~8?O&bHGD76rPG}h+@?D5_g7B@Noe0rR5>8sQ
zQv{iIGDJJA!A@DQGXmy?8<r6wXFH)~gvhxN?L6VEpq&rVE)XtQw2K6pb|FN&q|q)~
zw96#5QfE<qBixm<(G}T+!Ro@CEU~Wye;9F(*RE>berwIs=TN?)cHwKZ;8jIa*|yZz
zLV_KHt3t3NBzT>0-4eV(kZIRLg4K?y^bJd}#<@)|m*92^Y6`UgS*B*l_tQnb&|I!{
zQ0s8YLCRrY)T6`8o$$oubV^DD$X5;3)sdeE@08zllK?qf{sDRSaZltc0dj8@_d+l3
zjePEd-st1={pykA2k?Nh`r>}{O>u!Z3w(YM59&LiA9^9*=l;?V`s)i}0QzG<iU(q#
zjz1)Ue)=YONPa^BQiz`DC9NNY4i5^rBJa+@xGy6>h6w$kT7U#agL1nSiCh^Zv&B0M
zMI4o9v6QAbSXuE?Z?K%P;<VT(5gns#+Yw6<Ro8_UPx`KiBQD~pM1)frhKq1gkEE!k
za%GJa@ia2Uqr^GN7nM|@Qy7gnN_-w8nT*jXj>Q;^P4PI4i<NjH!p2Kvw9aw7x(Q<D
zBA9?u#0~3-BHAXHVI?f#jM$iz=B&@Iy5=Su+W&<{^0Y|$p)^u7qme9aIq~*>o~dbj
zviGJ7DBiOS@BgDl^0Y|0RU<_+8p-m`=!%8mc4t(@B18Ls(MX;aNk5!MigwmW#j0Z!
z-*mQvhQhAuzbH{d5u?WuUQJ3$tX4ft^vF%IbPF3Sp|G5ysD>!h9vl%u`s9e1lE@k(
zB}81UB_*utNr@^MG>Jk8JUdJ(RV9DQDXJ<^!YaiZbaaFGnw5~!M@l4>tW__*7A2%w
zjF#M_<P|o_J0hYso0(fwe4~*XGM3}D#!3xQQ$ljBsEa(+8AMA(vDIn~5l<==r59E6
h{F%hJn}oVxP%eu^*+DESsg-!Akw^Q^jQi8ke*;!(buj<{

delta 4212
zcmb_fX>?W96@L5PV4`oWE^DVW((>(9kN^rI7$78s8z2y9AV3@u)RxJYh@iF%=5a&v
zE;9+?GJ`;<76emmqyA`r^+$iSe@dOIU>S;FOQ}pn2oUH#!+kH<KP*<)x_S5Pv(Me%
zx6iQ8mxCv=etRP8?XtVFj~__Y#k%hfEAILoWrr05yS3%VtGf33(rNW#t+hDqwAS(&
z2WK1)t;_fDSqJ}C)}De`3}+oa7w+%b?YrkyuSXu$cv&?GzTkK<{*M#36y}CU7sdUH
z4&*uK$T#BnN?CkKjk)Z&!*SU`46%g#{J}|7dsOXZ%_+|s?#1$BF`Re2EE%EWip}i~
zB)aLcXjdFua+L3?gLbDCSB0|T&et4VQ?z~I-QhsSUDLb;_`3QA9hT7zCxb%?m4XUa
z=XQchM7b?-En2;cI=2<|u0?Bb(cqd%O1Y3>4X&Cb0rLa(4N|T#m%14=CylnO6Pone
z+?GdZD_krSv=tHBN*60F+A0?^Y-NPDT7#{!U~2@-k0#7bqcwIylU|F~6rrtk(I{wZ
zBeZ50%@%E)3mMiNp@kZ4okd&k%367pkcE}JvpEOZ$SDXb_vQFvZ*c#2p=Gjpqbs{$
z<JX;?wtzUJMcJf?E89}u98uolVv|tb5>ejjVymUR&Bf;K%CzgTU31=MIlt=aa0#Ii
zp3D7KcOkmN2JIqyHqJX;>~wjTi(M|axM*>CcX+IK?j4^r*VV;(gg1J3rMuhEr>E-|
zmd0u^xR!@vC>NoSi&2E)fQPA9l1osctl=1j;VJf{(+jv1rCv$vavp)9C=7UHsgIFC
zDb?~QjKruEm!VAiM~h=bDJ27pmfzA?L#mV-cnpSM=pZ>JW4PR-@K1g7?iq_A<{;+C
zK^!N^{CLyv`%`YX){o~_paSJGTzbc&f+xtkQl`E#?B6fXA1kM-vc{9oddcRWh;hc2
zc~+4oVS?(OjER_BD`|2Ss`wF1<VW!c9u4?0^-A*NcwAXe;4wUr;wPo^$$+O|iq7FF
zRAFMkQzezDI>%|4ifJi+8c%yAzD&Y1;(1CZ`HcKxvPtq;OhT1m{S!>Uv!?k|Si*8(
zE$8WJ&U!~H+A|F8nV625n)WQr;@Oza&tW#63pk-(Nv=k<ugn@GP?O^4rT6)O=U|TJ
z{Q_oTdcbpq-CWIk9_C_RieJQw+W(R`UeL5(QnY6p+Am`UW*M$O6WTAE=FcPAa>gy~
z`I@#bb8pVQ;=RD|UWoZvsCh5KB7Oz)xfZXWHsGXsC3!IxE6Ya`ev0czdh00QC4?oU
zsnrt}VSd03Bpe$^vrmz<kfIa^guskjO1=!JC!NJo^}<4v#xlYJEHdPmlO(c?jIn~E
zRHT5|R8~^71g5B{R94AHYU`{fh<i2Zbk-2o5I3qWZX!sdxJihw)y*bKax+05)whly
z-Rp#IsJ)@|ttYHE#5brwSQ(C((xXT+*kCf)qBB@cCWWm8A+g5t-lme+YK`rLN>#5a
z)zMcq>Q#zr)PU$NQYC5!$vN5aHD9_yjTKik1v_O5lxfe+E}MM|K|C!c``v`y#J^Bo
z{2D<TuSrs``?i_nUlQa|oqGtc6ZS~<d$o73^u0lN!(_it1(GNM?^g@F-z@N(BrUut
z-?S21&B$LV|2{K2(w6mYv9t3QK}hbF3AtAlhPT!9yk)27*Q8TP@Q(0o?ze}E`!^<^
zE+~(48=;N(9l|@r?-Jf6eviB}9q(OC#&M^Njp~0a7XLUrHlUia+bRZL`o^@skkJ-@
zCb^{FC%jMQ+WdfUKv`N_d_er6%wn_}dnr*}p5@DcjLi5*jn9}LlVJXpM0NbA+b0Bh
zJ|uJFeyS`!sQic2LLLfFjp*usL{i}nnR`Ut_n#3Ygz2)k%ijnGN%;;FKBHC~7RFjy
z93dRBtdA08*b&WI0FJ3oaMU9Iosfo+LS>c3afReZQ0eRU^9bz(;kclkh|o?FPFl1t
z2r}$sg!T`O_Ju|JXD76bvN+W#uZ*(z*LNbc(}Yukc3Pu_2fF4>mNd@jz+c+HXFCPX
zh=_BY0%t_T`6%uM!a0e1!Ni^OgS>ks?pHeQMH}}L$pWbJcPN}!_PrlozG=CQ5>%(J
zT`gLBcy`qHXUm$m%OV+tc100Twq35P5%e{}6@k7MO<)J1!%pCJf(+}3Ch&&lbKUZ(
z69uXHv@1SUOB}QOU1TT4x!ys&!wn7^98QUxb2xCK?Vcm4-ND(o1KG0W;-5Cw)y3FZ
zoZ~x-9r?S{cjcY6nEbojj+PxJzo$|PJ!&~0`P>UVxi@;DcfftrE6Mlceq}v?K6oI-
zeWkN+!2Qrqm-GjbkDdYdm-F0T*Yk(a9}lH?00wCPKyf^%>-a$Vjg-Q}xDWYKxbZL-
zh*I#%^X?gh`!Y&lup}_VD1~u@;(j3tQDEx4=n^gxZ?UXFadaFJ6~}Z993<PhI4vKB
zVX(1n87x7Ox&yTK(HDRRPqfc4(LJRYA-YGsk|KIWDXT0`#7|j@M@#SMKvd2comn|N
z3=5CW?yBypa-Cv@s$|1WnIDf5c!u)?5m)0)vl5nBMkh>6lS}J_NrvAo${YVS^v$iw
zo1%=ov9vQfVR}T{@zcC#7~Z#_Z~mY1##h?&CVf+s(KnWNMik7CcxN=h0z><D<xS0P
z=o{HGw;*qdI?J14Rhf#z<^rt@M7+ezzp3fXuWHjORhvX!+~mug3UNisKm^cWW!fVl
zvPGW>(LUm7G|E7<P!lN`w3?Izl18&!?(0Mu=w?!BAbC`$XdsbB>*bc;puHQUZzEx&
zx$ifrKoTY3&FbdgY?Q$kk`}heH=>EQnvvU-f0I!L(w6hoXqAD8BO%!oDFcy4Mc8hY
mfoLI>ipV=vDZA}7$#g+MoOdZf!7WPduvI#3-yHwP&;JW_30IN;

diff --git a/src/wasm/Hacl_Bignum256.wasm b/src/wasm/Hacl_Bignum256.wasm
index b3b0455710a1c98525a21975f2bf9210436ce45f..24cf040619ff738d3363a3ea5d31270ff81a4ad1 100644
GIT binary patch
delta 1871
zcmYjSOK%fb6rK}1lRyZe4XUWh<2!`B1B6$cw>^`DyyH0UgaooE229!li&iQbPrx%F
zJOg+!Y8S1#s45mn>_VkV?XsKxhpxKly6Up(xp$n0Wc$o{%)Q_D-E*%0ePKS_G~aER
z^h@r&x%J+pwrf@2f3vn`oG8kcx{++eJ)AY&ecDD`GaGd&OK#=Xp)`FEF&lB-CMRgT
zMfLkG-~wO7MZOf={g95lE-7<c&|(`g!$1qiEQ4Dk3A9?#!DzxV>Lg0ym9Av!4TIZY
z>^kjeL%Yu%wu=tmrd94l2Rc3OLYEbPyTRS)mQ6XncY(y-1uP`khPBK+u+igluQCqz
zp-*|2(TmF-_e-$f=K&1pMF(ZKL0Q)4A;b_zOkm|C7WXk^yXtAkw~d^a^Aw?0i!$6A
z{F$c1m8z15Q6nXn{2YdJJhG#}C`LmCMtMvWNQwf<Jqj4&6%-i9xNZ2Hl2uZg^aN6v
z@OToF8s8MA6zOS<LB0iW(>{`KLqti1C@Fgsvx#DuErxM`julf`nf05YU-)T-XE0*B
zsi<p3c^0$zyTK=NOc&=c7lNF%=r+#^##zf4-ae%{@dP90WKTssEYj4E&+$AAMSlVF
zd<6@3kz*SUFJh6Gun_!lo0@4M`0qBI5OaKm+CIL5MYYIh{5cGZELu@(^B0)ky0b!W
ziucbz`odZ(!hBG5j}~ZTD|?S3#T7q3mzJzlEveftkoG$ky!nd0tt{h%C@*YWfeJo^
z^8B5WW-8DBP;xYi3USj1&bF(wvnj{GK~yLRU`DBBSVvX_MW)V(?!q~VvR$WY=P*y<
z6j;4_imOHF8WF0-GIrYeq!mSt=A#s;MOEk*DAu7`h3io(3ZdTN1~hOZYPkuGX!7~A
zG7g`?8RebDX`J=AS%S?zpTjxnfszeAj|SA{JB}Z7#rhnRW{K%$X_cOB^<<3NbhEVU
zv6O6!>gXKW#h^YEpaXSiP%Ns^p-cfbWwtx9a|d~5`+T}W@ZIQC;JY1m<A`$toh+jU
z%a>^r<H)@AC{N8>uP5`CK%bho%NkTa;^>rt6IcTp^dJT>=*hed>HKh*mkz~<&W~aQ
zqaKf8Oy`s67aEcsw#ikjl8RM#$Z8y2h=;7k_pmD3VU^luC85HROoXf^ky5NC9hMoB
z0ZYl4Ok>8E5fS6CjEC~(F^hRmI(-@o{u$}^D;m`zret7wNpLM`)K{^Ds~%s&HJx8p
z`TVc@kKVvy2!C0Op#M~%pA6Ao#{{NA^w;;GkL;jNZ=;t`0sV~-{Y|75`kM~l!Y$4q
zo&Ooll+OQ+6Y{&C6Xn(TTCG{5E{K}oyH)zgy)UhM--_(Eu6TueXcblB6!vh!J+fF;
zdt~L@;qn?`l^+nqJ|LeT7M>i=5#*y{9znt$dF<<~FR^vPI%!EBxda!hK5vkywn199
z$0Sd9EU!EvJP8Y*7V4g<x@TeCbCM@Km%0~(7h&Bd;Sq)6K2=uK-BcFYP~MjW2X3hE
zONtq#hN76^`}!6u*Ms?r@QU~~1)E<|(^e!)f0b1J{y;9BNRj;inOXgp#iqUt^2_68
W!8?zlLDf1<o296b&4P#P^w0mHIkzwX

delta 1843
zcmYjSNmCSA5U!+~h5^~6RTPmg*#vPxQM5&|t6Wgo8W8PfQCu3ZWfr|mj96W0R}qE_
zI>SU%7<2P7CnLPINAEM2`3G~F<D4euG>6Ies#}Pl$;$j*z5Kp>nXjI`iTt}B`IwK;
z$K0n#{!@fvx0-)>x4LRHm1N7EP&VX5vk|94+mI8<hMj0Wx<GZIienbp+>37X`rY@b
z>#O59&L?n!`}~L7sbS;op=$rneyVKdSSXH|8NL#Zn?|Q$fW#|b&U6_DpN8Szj#F>-
zmY6BA_i@UU$ui1t%&%LbX#FX*d>9>;gFY{Z;T(_XJU^9HI-?l1jFYnSD36&2CnR5D
zOFl!qLcVc~TZYFIvde^L(G#A;1SVa+hHK`z56^iDQ%co!j6r^qGAApqdq{l9xhg?I
zF-k~|QjVY$kv_xNMn0A(yxaV2=r?{{<{KEXobj+@hB=Ak#zVhRSRPLy6|hX2^njB>
zGHDt^#iFFd6Ou?tQk5xKq_yu!@iYvje+DyFiESA+&tjJ6FysI6fO>ew<FxQhYefr4
zW5MM`ENVqdn3ZKM%M@#y#;n@;YyJj?NhU3;g#0b0H=XZ_HO;?Yrj^o)8<68NS4%MM
z?|($oG?IVzh(e{6?_NuX)Ts`M`age9d8ewts~Xi@gDS2?4Qf5EQ^w})*si>K)S=$x
zs05=P@4ybta3`u!<?$|2uuCgwz%Denyc@eUz9+yN1#i^&UNmB_%S~v~_&)5ku97YA
z9yvSdjeTM)Bj;L_<7QN%TB&YkpxiXfhGh|+=`_Ndq8XK&PD`-@PAggg^=d1($%(hi
zfwh~)mo8>AjCNf@but}j3H(A;_oGdPJEdU_8=W?Hp^FcogS&A6-5wuQ#^ysfq`bp8
zh{G-)k>C-Jd(b1o%AWI4bfIHoq^ijg>v5k*?9&xEi9Vck`4mp+3dC?!Np^4|C_qdM
zI)eh7#(s1u6>T`JOo29KiX+kgg?Xmf5@!PPXVI_7pS9T;zyO~^KgV$nagR-9Y_?!2
z?>tPLclm+@FL-<r7d5F%7(l<rgF<UilfH~WTz2^iu4w#ffDZ{ir14=4Vc6vnjA(om
zmjY2&EppVcjw)4W165-<gMmQR*cMeKUsNTEsw7l6lJP**1QJTsge|i_DTAMop}&SH
zPljHMEyH_5c}ckdk}jttnDQJMz-i5D29rp5JS(hcHS0N<uQ``*;-<!L1^B$+^BTX6
zdE9pS4(@3Du1v5#s#{`2)LkWNA`o>C<CqLY-P<B6lrfJLuCH`amBb3F76Mg^NGnx~
zHZNg`?<2kOTTKt8H~y<>mj8Qe<5g|=L2cTuZm@QBuhcuz)sLmCADf}gt`@J5Yy~ai
z6w*8i(%4v0X>6Ob$g+bKUL`nKC6Av54>ms|$e#-32olYa%dP@l33&vMbS2g(j4W3C
zzvrlZP98jdNm8|!q|5e-<O#3j)z^gA!5iy@H43WtLRl%_y0Wl?`n@4MK{hDh8&X#2
zXZW$cM7QaAd`oys{A2zvo9fH!e}5{sSg1t4Z)I8iY2rxm?V3+i`k!42`@L&4RZ$~3
O<U%V)t-roT|NIYrEUrHQ

diff --git a/src/wasm/Hacl_Bignum256_32.wasm b/src/wasm/Hacl_Bignum256_32.wasm
index 3e0b1f72cdc53751cff986719649b8c477deb9ce..d949c8788df393d3026b6be17fa1b991bb1434cb 100644
GIT binary patch
delta 1193
zcmYk4xlbEW5XN^Ga}!Quj5+)b_kG`|ANOr;n<J6Z8iZu8ln(4P2`GpZi<By%q_UKV
zIua?86loGEEy^E2>eQLXt``@p-I;y!o9~-9_qW>pt@iQrSz0r?gnD3nKWj|yMmP1K
z$N0J7F=9*E(LVGErB6}NNBu&fffOGGM8>?sCzJ-xsvJ2EL;OjDP#%LJ3}Q&9VG+f!
zF4Pc>U>GA28pWvazMwITaYGtUuJ<L^3;1XPf}Txc0+TvT$=3l*V_HTtn8HkiW;r>l
z(;Vg`bDn$6GgYSr^kW?TEGo>oaUBaHD!&$Vp@bvhh_o{xMGY8VR*ReuCutFNe56+o
zV=+ui29>#`|D$CroBo$+h5h^4zdy;p!ja{F6{|wgX^kms50=-lhV=+-U_;8=#HO^o
zg%$8)Y1`7_H}&|X9>4MFjms&29?~|JM0Cax6&Vyj!1#4q*Aqn0)Dn=S080r7WifFT
zL5^4of?O^gnunyrCIo2*^1f&nJG6)0xX|LqLWv*KKK2FTr`JLa(^KpjN9S&J=jQc!
zua>pV7ov)oh8^SE#jd(^LvQaLng3qJVoI)dl4TTM-ZW%WE}lHn@{niK@{x<YYpEok
z3XH#(?%YCT3stCxQYIB8MjUm*i2`}fNyR*37yEJv)n2he;ehL*Mj9wVkr`VUH;QGt
z6eV%#2c_)E1COnu3~qQHR1~93HnDJOC~<GmavK>+h^sKEl_)o<l}z=*Yg2&=cr7ZD
zsG3cs1e8;j)G8BN4KktC46Q*;)TY*=3N;qBHi?>IQ|l5`PFd7?liGkfliI-4Ml{;c
zCe)+Rf;LGg&o)FZ9&{?DAr)!HkJYT_4r=DHH;eSgv2$c?b_<F)u==%{{o2rC_G{yQ
z?P$0Ab)XgPR=*C}k1IpeEcY<mEbT-mb=?fV`<<To^(8Nprk&&%f8Mtnvsarr8N5O2
R0W$bf!^Yi*F5~X%;y>us42%E(

delta 836
zcmYk4&ubGw6vubhNSlV{2T5wu*5><68k01pzmj6S*Z~p5q)F4XP11T5jHQqUytR!8
z+Cr&^Dd<Ie>?t7RtW*TSqu|wpCl9%Ze}Qkh=^B=Sote*k-h1<=dv0{kjSn9WhvtO-
zl;$yodHLlqZcigk8DwZd(pW&Yat`^a;0#gr$|AC2@PTbnXfaKL&NJIqoqy>LG#M?=
zIs29bFFh_l8DL1SQ&!F%`MkFkn?qFWW1-nVu0i?B5Zg;w650Z5m#82#Dsr%5Uoeel
zy<p2&7Fv@^Y$-LBd<7+}>`)nH5qd_eSXJe$p#UBnvBBV46UD}k(ihc<qWoO+jo@N?
zi`J1B`}b}8Vvs7R$nOWybQM)In~HK(IGKvj9$r>n<ryb~D%+LQgj9)>RjNVV4sBqg
zEsXZA(AvASiA{m_!I{t-^awS%eH74ZomWR0V`v?GlcHtt>eu6%p6}4>uFd}UWvit*
zjXk^cpL8O_|4mLfEt3llIL}l9E^^C1CxNRTID{^9X;NK-mp`}K_L7gU)X!D;g>LoF
zBj2W@@sYO55CP6Ih@j;j#We&k+&+vdhevkP$@rK_UuSv(6BZr9I3{{@$fWOOl5v>y
z4W`2gTXY13aF33d^t((lHEGf}nT{c5(Q!l(>(OyVa}9O!s}6c?l;ENgVxX_6-&v%l
zOw}z`rI4~z(?}xKQ%x&XLa7p}aYH`Uv>D9MZ0GKq9|QJp&$$DJu{SKoPhYrQ>KV8(
Q2p;N5$zSj1<j>RNe_rOu>i_@%

diff --git a/src/wasm/Hacl_Bignum32.wasm b/src/wasm/Hacl_Bignum32.wasm
index 020a40abca476f576064a0d475e0bd6ffc630646..fa107b622cacbea76c88e7bad3eaafe849ef3f52 100644
GIT binary patch
delta 1241
zcmYk6%}x_h6vt;uAvS<eTE5Ch{|77<LFA)ArxfVr8xbss&{pFE6oP3d(UlIabYmpB
zOCJCiHi7U2E==6{1jZ+D;mWP&_RbU*&D?u>@9+Ho=bV|d*JrOU{tYyYVoI1t(i|KP
zB#@wKOw)|K40p-#SfewGSz*i=24*QK46^DnuwZQZGs1{-)CWuWkBhvd6wK?*98#FG
zDJ>kNZDAH^9%;;%X#oo&`id5@$SEmv^S-!we+hz?u|zLcu#6R(R@LK(*082_>sZBl
znKn4MVbdly74sqIddO6pwva>yNfuS&SjNVdaMWtc7DlODDl0pd5@pE}!Xb5#9^o#Z
zn6XQERHALq{>ct@wEZ1=%=WWvKYPQziL7UT7rVl+X^$y;RmV@ThbLv)$G%ec6i=1o
z13U)*Txkb3vRY17$;rygc(?=AzmMq<+rnA%J1{7RoP5_al*l8m)#MZ_$6|8A*z$Uj
z=N<O~d8R9i`jE2Nnx_IxW%C&d^c>IRr&yQyTz-i~&BE1>*k@nUAy?lg0OJ@1`7&NG
zx8-hM=;~Lzw?6Ru{pqQ3+xNCf{*89Z?y-w_Gqs|nB7BuM!l=BVAc6vw59h)xQ5#wj
zJXiVKC?x-kMccw?7N#(dl{jkWDt5@AHRyDr6Cpmwfi84XH$NlnD1rc+6aJIhjD>|C
zk?L*bpa<=G?*e<#t-^iisVFVzV?F)oujz@R7yU{P^MP(e^^zR8T(ju4aG-`RdU6Lf
z{SF2+{SMP(h}Gyr7(~pa-(~ucrpG<FuLd9X;2cuY9WKT_O&`IqrjIav6r(lzecZ#S
zOCMwUeNBJh(d%mTagWX+w=feLK8bM+pJezHzv^zIKnYA>%B4>;J)!9{h^S$V$Y3hu
zaM5PHhH#lE$sI~o1J~_A(kq~acHX%8Q#$_~ES-Oj^QV#a^79uVg|wS~fz!|H^oxp6
ztbT0jNp_@ex3Gpxl~s>WBZ;ez6JKuyzQ5y{^r@K)SPx_=wcijxD-VwRnfmr04^RjH

delta 1241
zcmYk5%Tg0T6ozL)P$Hl}VoU_&KS&^41j8-Kgg{!5i(CUJCRjc|q@a>1WhJ94-HFvp
zAHa<%wRi$|y7B=mpTTnF$|_H%XCjN#bf5Hm|No!Ub9#Jw{OM2cr3qm^p-GHjQvU57
z3`}8)rZG)P`8gDkzhcc!3MpYs8wOI876w@jIan}O{5fI7x$1)@{0AjoQU>P#%?vV_
zu_-GYWNl%VXck$_R%i}$qURaqkW<3q{QGy#zdw&Vw19bfd>0G2Yty27JfS5lsogRb
zv0R}QF0R;g5BC&vm9<uxYSS9h5J<DBGS`HSHQ}h$nk|fSrCd>QEM>})WrTw2AgyD7
zPbBR!*2}cv#XsD{rjEZ!TO2>n@$={6o5*|dx3Mh@n|7G8Q%k&y9qd-<KJF`b5AZ-G
z-oqC7=UUsdk=J(e%1&N>j)%gi{e3_Wu_2sAzXO8`D9D$c{gXu$wVQ%s71&Hc7^~ha
zioD}lpvZI;Q6EwfTZ*&~Q^kCQNAgW9B2U6i@?$Jw?w@^)z4Ns^<lg%PU>smy9>t61
zhRk;d&wj?c8UsIGy?9|<_MJ4#-#yo4bo5i-m8$Snp9`b<oZ8SPP<{Pgm}P25E85;G
z<#y_jzejsIf@l?{Fb|Y13UU9g)*5>&-Ry)BMhBne;x&XR!p|t@i6X$!g#WO9!-B$(
zXpNx!Uq?vqU1%pFs@#R^Rpkd=?5P{wbx$|YiEibI`8|l>hF-#f%QZ{h0I7~Hd6s)M
z{U%7$Z!*0PeRX;az36l4{Y;N(`hW-b)!}gu&Lw5t;f4%q`ViupKE(844A<!+7{stk
zzs2+sO&|5>4R!jMN9U5;nA;kjz?g<77(R}14-T5ZZH&A0Nv2O|`V^w-Dn{i|BJ50i
z)8HOalE;&*75>i#Nw0e;gm~kMr?t3+loq#GJcEoUPBZ+0W?bzoYtLxySw$#Ol4sRO
z7tkn=6PH`&YOF?dG*j;EZQ?^y;M+^SkUrl@t87h=$*0z?JWXG02%uelx4!%XC`t_6

diff --git a/src/wasm/Hacl_Bignum4096.wasm b/src/wasm/Hacl_Bignum4096.wasm
index a3db37774c90287d829923c700de1e0df1b8a2eb..c1ced14d7f5db133e6216d1f7adca5a9616d2979 100644
GIT binary patch
delta 1820
zcmY*aNlYA95be*vfXx;O4p=efl`+F+8*F13U|^=3&8)+)&9K>E8)6fZT;o7bL#Ert
zHh4)NqC~zU5?P9clv|`IH|LV=U?~#5B$wn8$x@UYQ~&p{M4FlURlnxfd-Y#+fBnYy
z-5cLmCE4Qh-4oe&ek}j;v$Zv?EF+m?`I0`XIO(^JDeJTR$xKTmg;lis;#G;yUyF-|
zFx_8%tv+@Mm#6^^blF|sDYqKYXlPBEhDK`AH46G72<qQzy_peRtKzU=H)naNTGOZ*
z+M&~eX0$leYFKD>46#Zfv?63v8`|{n^9^c8I~Szz(E}n!56}@I1M@m{z(9vXozj@p
zg)ZrJqZ8dW^>DDqp)0te4(;V?y?m@geP}`$O$;l=v9N<a!;-5$$Iw!C%9f0Rx>%y1
zJGWC@BonD00nWJWq|l$D0mXh0gC6@q8e;ZQW*<GuUSl`Sei*}s=1`1}h$+G&h+)L0
zQH&~VV;GZ!$1w!{rh$z+h(7nwL?xOi7s(<&vfyvjw7fErC317Qp!&o1GEHE>uwt1O
zhbWG?tABIS4ZqH9NFd?ijO*fEiZjf(uJ!NVQGz{2i3C@b#Jwa*{8WM_p-J*nn51b;
z85yRbnKXkLn#GiRXRlsNxnJy+@$dJ0%_pWYBM*3w-iM|OT`bFU=>tseo_xKNb$kLW
z2z?Ehbbt75S`6&g{(d~GaC?hISR_TL1n0hZRqD?E@vJD93Xq>JScpP;3;FI(+4Umd
z-C^eW?#sNoVtHGJND)wgLRlI_?z2Bj3Qi;U5J0)QtTQ+Rk~wFng8LZYE(G+#1ErqU
zGZ9dLCErSvdw!Zj6)I%78kNi+)h5-ThH6nsXHko@4xN+6r1Lm0y*ivjolW%|tas=F
zF7Op+Z_q{5pwitwRcf(ysEM`Eq_hxZIR<T>kY=TY7By|W+bG4FLJJ#IdrVtVg&N7C
z0<F@dVT+}Gp@j~RFYRAIn+LufAql?Sq+l3fiXcQhMbI4{BsM0GQit^9D0SLAN)dF)
zQR-HpdJsm){j{LeV(SnK4Fd}NAO<jK(-4MKUKBkHmv{R;@KFiA-2*?2HiSL!!$-hp
z9DtAQgXd7X^CKSkQN$$pQIjkl6`qqAt9=|34hx-)Nvv_{O(Kp-oAo-5DTgIHtw7CS
zjK_{<8P==<eHF8~YST4bQ~Pt?{ygu`tNrVk$90=-;D*}2i5ZX7oFQi9mE4r9Mm<&w
z7{QpwYT*bg-vO(|eO4SwvwFv4bqkA<)h&~5<2Ef}(XFI<vFIkKjDJ6*h*g1)<e33E
z{sH}e<L^y>h*nt1D|+})$?T<{I;$vWCtcI@Y9_HNYbLpquxL$SmDUB=t_z1gPOnT#
z3Gl~~L0f?1wy?=j+YZO>3fvW{H}^OTs}5}l?%sw_?Yl2{h5P)E2Lcbgyoc$$O_{gp
z<!uRGVT<z~2|V)h9t+$PUbi2LT3&FwAIkueUca9Rn6SKtKM~S0#U)yiPpmvOrcVW)
t3i@Ps^RKsaie9es^Tn6JFE@Wuy_Cq$&w~>8=YJObIVj|VUH#v`{{uZ|x|#q0

delta 1786
zcmYjSNlYA95be*f1q=)ZvtwSd8H{bP*}*K`Uf5yS%nXYSwuzkyan1&M8ZzBBUcgTJ
z6eV|yNRBNbMam(P<$IziJ|v1n4oNP#IFh9(mU2n`--AJ#nd+)n{j1)q|Np#v<NM}~
z?|EL5*xJcYy8UCxlh4=IwBoo(vgM2Ttn5glm7=WAN{qx?*>3M&#XCR!{9jzk8AF&<
zj~djwuYRq5uK^9zh(>C1*SE{uw_l}$T7BJU)n90R@!h&srD+iCCNG7nHI3S!x$DpB
z(+`An4!wL9PU0jHrdD@;J3FgI<_@CLu+Zd0F&L#GxxO`wVMA-?C5LH5*C@c10tYK;
z?8YjMV${$a8sjC#97C+qIL0t;(*!2;uBRI`iAl-i5=OvZt{3IZOAZ20qqeLNklh5h
zNCG7y0f|kTcF4W;Ix+u+rqZ7*(G-RZYc$^C4k(DAtAAJY*)ORLA%wgpgSz;Tg4|<J
z*9P{)2(ia4BE%(S9WP0;E(p;yG|7AhGe(?gXeP~KmgX?yn!9yk#{GJ?gnxh7ZOxy?
ztbF++x&=)ax>%BH(#M$I!Ef6MDN|t8^)+DHef7tT7}}}*GbJJQi%p(!rkt^y=eJf`
ztVlZ2DFbQbM+W>3WlCexVH}oT7BZ1#Q#J>)9Xf&|O1&JUBh8^))+|@4n}=NF*_4lb
zg%@~uA>)M#FG3-TY$`^v!jB@y=oco#1v~{F@liI07PSo#r4pnfUD7KdAX(S+yd`EB
zuF~T7sS;B6ol><q%1{Q#*UG4z=T^bOSLhk<b|LBUs8Bjdi7Qd+`7!B^p<ITmc+Y7j
zs!XazH62GK)!;a496BM5NhfhqdZ%y#r);X_V68)SsAEz|8+01gsC1vF6<cf_YGQg#
zihVPh&}>r+S`_<MoR)MgG<xJ)*`UfJ--ctTmMqHACQYnu5#HO_?e97d@6G+J*L(-s
zW%C^-S)J&lF0@lOy3p;AE{#bB4C$SNj&nAh=iqsVF5rS{>LNPP?obc6)uWp3MGtyy
z>O-Hx`#pSs@d1SoVgQ3S4Pi*(!?@^?>NkWXM>;H7b$F~sa2A~&tC0h&;@+_e?6Kld
zY$T%|t1$#5t1**L@Hije03Y26OgemY*_eC^r=%C;V;r<8#KDkb@kyFiUCm$|0f%O}
z>si(H9A+_R(`8&%_!SSIXMA4a3z)}(O;>SM;n(;ms!?5G!=$cBQez&e>lnqjN9y_k
zQogW$CUyxe?y=%njMe)ds~cF9tZtZe6F2DtEV_06I<e?3_)GYA-QS&7j@xq43V9Dz
zxbv@btYzNO%X-)Tj%F`bXa%M0#7eAsB}}Zy5~fKJM99JltqE9I6ArC=4<>ygz#kck
z3UD+kY_cV2bI1{Jgi_&-Km^u`Lw5xWbyp~*HUvLmgWtF(aL-G;FB3WMfy{g0<vkSq
zgom8BDX{6~Z3)~Fp0M|&Wo5Udh3QHANMIEaPuoXA+GRbSg;<ss<so%c9}7Gd^y$u*
se-|caeZS6En=g+4wvr<1PlpouPRMhA|93GZgV*J|Eg61y=<PrM0||DvsQ>@~

diff --git a/src/wasm/Hacl_Bignum4096_32.wasm b/src/wasm/Hacl_Bignum4096_32.wasm
index d937d02cadb5b167e7fbcbd852dd8f020dc3d18c..a088be23f89c350f1125b831fb5ba639affb670f 100644
GIT binary patch
delta 1197
zcmYk4$!-%-5JkHk3o^%vhd85eWg_4t&OA>q^X$yF6Cf;*A{<N5ZiNjvHWEVYSoB9^
zWnmPt&W@j86Fvc!C=%3jw}(ZmyQ*KEy7yJx-mACwYUc9%fggiHy)csJkIRNIM8g=S
z5#!r=dvX+`LK#&QjMA7;XuM<|<07T5+vkPS&1scGdo0SIGy$a$Okx6)I!%crrgWi3
zX&O_Qj?)ZggzqiQVwU^STygz;alODiEkK;nA{MZy(~^8$&@z@~w1Oq9#A%h2t2(V=
zO)}TH*E&;m+Q1m*Fvg-Z&durA5J~y9p$kQeYjNpkT#6bue!p@#<w4p+7oQl>HEe3M
zCB47i#<uBwn|9cHki7?sy(=7A-gmJp6rJ`Mv6r>Gk3H<i=>P{(+93|5-6QOPA4}Jf
zj-aU}D76Gxi_<HR{U4)aY>DKGJ;@Czgpl#e-)vy4VmOSjDJmq1A=VTU%4TjHVUAc5
z!rVi;G!IFajxa?aM@A=z&?!!g+Nihl6i=_^xo7koicp0bljU@VNFjJ3FXKjwmf6aW
z!4nrLAYy!sovK?mcd<YAvcI2FDW%$WRc`#$zVB2}HLB9WmQDyIouC@j2&6w>3soZr
zs!@~e=b&1Y3Pm_#+>*D)UT9Z`ibCMbE};u9)JmBya`PZOY}zAy`5mkic6hSFrM-GM
z&Diqdg<GZ@P@k59(7>V^(U=$21TPx1qTFbbO)Q)m%?&r%oJU4;H`HQMThVM%Tbb&E
zFHZ$p;IpVGqT2FQ%0W40No_Ns?I07{&d?5YZ04z*XhVlZ?JS~}<f&abDyJ;!Ba_;V
zE~Xl1u9hk{p2%X4Tsx0kyO-i#AwOTMU;I-F_sXHQ-#u`0U;%qgU>|x+nSCrXfIwbl
zKY9_cRQAh8Tp1<5+`{tgECw(@gT~#Po|}Qo%)_!DA9#OkwyR1b^DbaCB#tUed1=%O
Ql=9#-<LmoDBa`^@ADZI~N&o-=

delta 1067
zcmYk5$xl;J6vpo>1#FR0XbWX(ze5=cWs*rSns7HHDnpsu;+U8aA5HYN!I&ttCd9aZ
ze*~*0B*ZmK6aNJ_822t*xFXSW`-XPWr04Y9-}jxNS2x<#jdpQ-=%10=5zQinS@Xl;
zX!9KAXdd(C=He`9sbLvQvaCJyE=!RV0vd<jyv|?g9)$Vp{!E}QB{`LN@Vc3cG@X{r
zmxXX>QPr+uSeCF*G_Y#Wnki#Z6L(wQtYck@1;(z^h7^=$wRF9j;Lujv#HJKQ+G5OB
zQPH=th3x|EU`NK^(JppX8++IQe^}Ds!o4EWMnUn@>P4FUgrXAF-}AJOHCbBmmROK7
z$e2G<eah5a7Fo+wMiDdYDI>*WX8>7_*b=g=p~zN|>hyM&a!^B}100y`dUPm<C+Di>
zDLsRbn$+^@DLqH77QAqVacSs2kAELLV_61r=2`wgTf4l@|MB|%elC|qz;o&|e;8jM
zwN|93aw0|LgaQaiRKA=`&7d~4AW+q7qabccA%l6A<Xw4da_wlT1s#rdDTEM$%4&$h
zyod-l9g%T&>+RBuNY%V*uM-_sZ1>ZJuu4bKSy84CWn<mwc8&F*3*A*?Ve}{w8>i{c
za!b7~Qg^1*XHomnYf<}|8bi#b#?gnEO^w%4JuVdvlvB1<vY-Qi1sz~$0*R7K9Rwj^
zQwQs)4K8)ap>oQm4qMa_3|Z6>rY4bep`#c^(uR&IXhfZ3ga_S7O=v`uc~tPdk~f0J
zc<^KLpQufqL;D|)LI(%7<hUg{fs`dV!IG1hbS0-Sj!9c`N=fodoyOFi`m5WT#x&hA
luiuVe&L3Yi`@VnT3-fqRTg~4e&-`ub^7)1kG~b_m`w!Pk>Q(>%

diff --git a/src/wasm/Hacl_Bignum64.wasm b/src/wasm/Hacl_Bignum64.wasm
index c848593e20ba1382136898fa1c6d4f91efc54688..edc590b15151087ece0332fefb9eb32fc02f45b4 100644
GIT binary patch
delta 2221
zcmaKu%TrWG6vl7EFgg-M1QkK?JE9^Wpok0u2;3`g<mCeyKzzSOG$_91&IRY*M58h4
z_5H|Wl}f5irHZ|ks%)}JnQi`nEV4+-O*UEOboUIpN)^)G=N!7v@9X|<`Ntda?v42I
zRw(%U_p>ubq5m#aF!x<(L3Qz?=QA@#Nm_iNlO9iZ^5Q`!q{eh77!NoiE}Y!Cw+)mY
z+=Q)`u>F6VN<%fMp>5bkwLUG*_gli5P8ea!2pa~%RA(9#NpC>}MpvN4G&XWH4H0wU
zM6A>>s2<||q5<`2@Tk#p(CArWnzo}6+g)lxliB?GCN-m(&!m<QH!wfkz=BCTU>&4Z
z>_DqWZE~=w9qn?}fi`rw)XBk4kGjyMHtpuqx_MiVdQgWJ)Nxx0j<tB`u^c(;@hl_Z
zCR_;=F-43b{%<vTxw4RUqJ%4Iy##h9sCQm~KJ;k;`lz1;7+?VgJ`g})ASJ*c1}(#*
zUA)UK#k?E4u-m0Q*rVFpi@lP02>sxH$=-%M47}D24akND_>3SeKoARR4dWxRIzwb;
znm-xp55AqCedx8E!GHsUhB54CHEyVhBC0zaHpOWg<_3pNqbGGkQC{&4A<73zY+WR=
zi=s3FA<;)MLSq=U(rnAHX+QSUI7a=K=4LVK|7xz`-+!4AG3J+8MPg*G-O31N?c>Wz
zlYJQz81aWYM?~-3TxUl{_Rn|u*%hY67wISFzip`StNVU%vS<milPBaLhn6Cna<LS-
z9_7iwre#<rSId!y<u0w@;0llOk*~yCi5z5mRKVgEC~*r>fI^p6VU^0S*7+jN7peRj
z6k&}^08~CoSjp;hdbNBZ36NazW3WVm)?x{Aq&RD-*c1qL1>#s_8fN~4DJEhYjese5
zB4wm?$a=q6&zH49y_9>InNA5xP|Uk<a3e~nl*cl@j537yUd+JRdDE;j11MA5N%70E
zUaylUY(l9FSD>6P0~Iz^qLQjmPMcAM%^q!$gH6?_maDDUf~_vqpvpmwC(WyHYf*`E
zkHX9wR&vxKj5?Ph{OqOw>UF+>^9?HBhz2yeY}4&3--KGNR=rlMi3e0@wVJUBm722!
zrD)bu(?OC;#8Qs1=Fws){dQ=&R#=jb9o>dDcD2QpZbyg5mgd2hmX@n-bfVj3JGZlS
z*`YgCbG__-%cDMSzE3sZk3RG}E)B35CEcJd_#Y?sYPvy9Cw+-lO*h2fls1jDkLiZ=
zbT|c<HV+p~!Es1lox`tVMAMB*N7@***;QlgrzrbrKgK;eAP1Wc;-Fj|!T}s|=`aTm
zdvpXxRP#qMhNwr!nC_UOJC0*G?$QaIQ2CQOe~R;`R6d4Nh`HpP#%WbBfuox4q^6sY
zbfcQ?3`Q`fk<K#R89n_tMVCHLH<_a2Q1W4(({Sf8DdEoBG=(X;fJwTD3%KYxbV-gj
zUB+cz(iL376_>7Z@Ty1Ga7{IL9aEU}Xqvm9R^8i}hV4=uag}#;enxP?j8GM`f@hc&
zF5M8gAyipH;JSu%G-N_lNX+vZ(-k;}DGlcd26csAd?HXLKeJ`NIkwE9Puc9+oMvEx
zZVI;RO&xk~R*t0J^DTk(a+wt5Gu~NR^|rt*AvL+ppZ7ZgcLaSdLv&YwCwGNMUnFNX
z-4oy+8N2TYaQr@lJy7Wf9P|ZzjrdS*#JhO(NQ&`Di}6_S43GJ5o(MeAl~3m@pUKK+
zy7IZ;8J=_H3xOB9@}<B-p>=yItcdy$zLWuOT`TuWfU)i*<@!=;_bR#gN+|Xi>m=1%
wOkZpM3>0V5H*<gP`FmmJFSGphPfz3jYy|ytV^x06_}*X$OZWtTa{QnF0HU222><{9

delta 2174
zcmYk8*;5o(6vq1wBM1Zm#RXjWjv@jAZY;9X4amL>i^4FtuSi637n=sB+cmE3u1S1L
zB~@0X!b9?8@&}|+mFJ}LmUpd6Uh<T4@0~%bhPn5ibLRH>efNG{yniSDekZ=am7Mt7
zcXPAGYX5z5&iuE@N!xQDzMP#kHU?%EI|(xhPS#AKlcL51Cvhg|Wcg`5B|p^u6G+)%
z37g7Lj57bf`oiRLlv4#NsM4n;tNg~wRR7P)B@R_5G@=?td$7?o3Je1QRGW(@#tRLD
zY9Kx?YEgq)kLoN3b)F@zQa$QW?@|LA%!ao&sS%CxdFH1ZSf6gt1dE!{L@j7Wi$}ZU
zVE0oiTII40yU^xRJ4f3+>OhCuw3DCK$=iC=g({e+;<ln3Gd*-!j+}LQmJxNMZY8%~
zZHjTK_7Bu&Et7@RjZIup=|#~UrJgvp(~DlqkoCRPXBre@0YaY$AP|ZR(2su0@MwT{
z8BolF7{H)QLl{!+?Z$4&ya#>YzgTa3JcQorhC;HT5I-Z4l8}g`3d8tJ_^0cG+2${X
z`oT97G>jh02?ZS(G=dR7vo^mhjIi!-#1toKgc}?&jn4Q9g?Ys%gfKr)V(21?ofD=}
z2#Fp+#0uD!Vbd7KXfGoE8*{6O_`jRE{QbeK5~KcRYn>RK@30mnrVaB!1!Pag1V;Tx
zTUhkW|Jc^LDD|g%eAluAGb!p`{o$m?cFjNrWg?xHA`?qJS|$gZvXCWL%drg0U0T7x
z6&|g`N+s4RWFXz6Y!)+HiJ60J<hZmNt5trD&adVCT9sdiwOHp;E^<{KSY_o2o6~FL
zjfes~$iufpln80akYW(6_wV=SF5Q4MQ<!2xDn)sG1RK@)KS)h=@{y1AT+6{t$fp7x
z3t8eqB(vIP@YI48Hkd&asvV@HMaa|Z*ruCNAj8EdVwq8FQwd6_6h*WJrP$)pRyo+T
z4cp{uJGNrGOFK~NV28)HEK^YBC_#}&6--s3pes><N|$zGr^;99d^P8*RlbJJTH{hJ
zYE`}t<x&L)Ra%oe9#E_`smErNXwC){pk7ZK9mKfAc>JE53uxnU$t+FR1XI#A*=*fr
zwyw#(ZNV;&ZOenrwq@gbY};0}yKLJQba>Q>PSso&o7wcJo7?MF&G(=iJ&sH4KvmGE
z3qo8FQU(3&#D13sFre~->~cldr|AYIU6ZC8f`w*{w43RM^mI=gF0cSM9EanOJUWLj
z#E7N~V_4FKZMMxQduEv362X`!4TCY8_F<n~?Z;m1cj*8J4|sGC2UT;2Fp6Q14s-K|
zRr5!17)M+>ilZujOy`et{<zAYz;T>#$r;DEDmaNln(mmUJ1ObHnr;Fk7}ZFhGu?!q
zo{G~YEYMBH={OX-n5Q+|8B9vJGd4|Oiq2w^&fzT1c@CYIqfHlZftPd<=W)@cOB}r9
z(Pdm#&0WD1COw+w?x$7vS22yNF4?eEen#gV&O0hUE8t*OxHKm)CsfTffh(GDMiX8W
zJQm@MW{e7)#*`*=1ye?aUU&k9^37T3_eGXFbX~-qX$B|ghG4JW(4mh`<w*Q8-xSD`
z%a|IscxUO;+X6R*6y!F)vF`}n5%h%&(Om(a+!Y?(i_L7hFTfued*BFg`~ibKROyEt
zd?fHlBl>b9-o>NGf~9yYlon3}&+vqQ^Hkueu6(vo`CL{$*Oe~>&+vjPUkbd`m9GSR
zDHK;d6IPXa*S(SfZe1()T7a?c#N_%?YWF&}_(~}Dan?zymrh@6{zX`yN^gY!S6Au$
lrlFq~r~W#}Z}x-$|M!sOe;9L9GWY@fN>4_nKfU+g{{ihM4^IF9

diff --git a/src/wasm/Hacl_Chacha20Poly1305_32.wasm b/src/wasm/Hacl_Chacha20Poly1305_32.wasm
index 57b13d122acc1359ed36e6b0bacc393afd4bd45a..eb45d058f670de2e077ee014b939dcfe4bf2427d 100644
GIT binary patch
delta 68
zcmV-K0K5O~JLx;H#{vP7v&aJX7zvq#fPer30)7^=$Q!2t3Kbw6K>=$){{eB6eH|?W
a9UvW(tsNN)9zg&FK>-UPA0Qu-(H$H|@f4o`

delta 92
zcmaE9{nmQJaVEy8n@=!(m*AY+($K)b#8fA~`GoXxMm`xw#%#y`jD?D_3Ze?KlPhI)
t)#ViAfFf=nQI>iI76n!XHU$O+Mn^^gE=74q23AK#ZbbzJg~?}SWdL#=7_a~U

diff --git a/src/wasm/Hacl_Chacha20_Vec32.wasm b/src/wasm/Hacl_Chacha20_Vec32.wasm
index 8ca2ca540f219633048e867c05eff7dcd8f4ad7e..6d808d9a6c28d619538eb10245905d33308b7199 100644
GIT binary patch
delta 802
zcmeHEyH3ME5IkQD5eg5ZBn?pPHZhV##oZ;ovlCxjAw<C+P&?`9Q3@Ia62;L_(osgr
z5AY?_d<J{SiOe5R(CzHZ&dunS$$PSNJh)%I@UQKi$EU@DaekMrUJpK7ZTrDcfN;;<
zSV)kTX~sa<V1}Yq(7-Ok!m?9ZO23|0AkSDs<gnAblBj?~OkQ)6cohyo;Rptpl1tif
z84(I*KSsmNSUY+KQ}=e*+lo+wcGtUu#DK9((fiu7n(TDL&JYSIl%a&m;r_`D7|bAp
zJ&2>uk!6_EMQ)>ubqz%*T*ss<9K#qVFrgbyRJ6Lq0)EM$@BwlgRG9n1nL-QaIHi6i
f*_Vw#Q$lq=yBX_#p23p(_1#1N`2Q#V$WO%I(9oMc

delta 810
zcmeHE!AiqG5Z$DqP--=xf{4P*rBR9}lifDENi%IO;>j=Yo)$cK*Iv986t*AXvCtpz
zOFa7-&PrR;FYqGlVcyKV_hx3_d&}O^`rdrC@V}a^*ZFKFeE%t1y|g|XC*VUwA7V<L
zdlkkEFoDEYohX(dNu)wRLf!<EM!|u&4GIz$oRls-tw3IhT9d{0k&>t&#y%(<Ko?Uc
zrZwV#kvI9__P3!Ev2XilO$t$iws(8o*nlA+*-ATq%`&<sV;BYOZ+MvBCg*=|FoO&_
z5QXhi5|}eHr|@PoxndM-R%SL1VTc73%yET^Q;$fn(+1=`a`Gz7orh64f@>V}ekIG7
lwZX=W*87dN;rd9ff+Y(a+J}Sl|KH%7?wtA0e&hN0@*D9Un}h%W

diff --git a/src/wasm/Hacl_Curve25519_51.wasm b/src/wasm/Hacl_Curve25519_51.wasm
index 0ddac4a401efa55adb1289142bf33887f2593393..12a0dd5c375c47fdf0842e4043e0be5386fc7b75 100644
GIT binary patch
delta 65
zcmZp&_-DSspM~k~y3K(se?&PyHZ?RbFfr8$ZVr<YVdUab5O!qDcKpv+IJrVvmtRCd
S1ju#+@fAfCL?>^N_5%Rr&J?Bq

delta 69
zcmexo-ej@CpM|M${pLWHKcbvpn;IGzn3(E>Hit=xF!BjIGG;seXDn0{QQ%P!nOq{R
V%P*=R3KVezi;5|TP2M2w2LKQr6qx`3

diff --git a/src/wasm/Hacl_GenericField32.wasm b/src/wasm/Hacl_GenericField32.wasm
index b8e4b468986347e138e2a445c00ea9e029735889..52efafdf1d60e8bcb44b3c33f4fd7f2a6e19ba25 100644
GIT binary patch
delta 697
zcmZwE%TB^T6vpumQW8_5h=^1~z5^7wc>@I%FU-=NiEmMji4TCd(}i)<SCF`BVq#nw
zS3ZmjAHc+wr%b1AT(xsD`Q@K8pJ!iZ&yS{feHokI#p(Ckn;T;$c5QiM=cAUSS<Lt{
z<`1Re4=II|gn#!W#TCtA7OAJMVPKBZ-hH*0o<~v&DK2FE!ljHfXu*3(<h&op8fB41
zn(y*(5n0Od*Pa@{#<UdYGJbgyA4sFd*1U|vo(O!RC1lh&MDxf6<7F)QK@XO>senS%
zw1PYeK@<B$<glWCG19JZgSfz;h<0^yN$F*f(#xz@P>FO0B~(Ja%DSWURgK3Yyryv;
z1?eMRNL}d-)Rf*}y@_U|w@^nj)Yn*VDSch*Q<1)*bsmL_*;M!zHWa?acpGhvkEnx9
zv_pNH^^VeaU`yeW&HFMb0TT(HCxt02i$`7kJiIjO@q6_qgTKc@Pp@+q89szHd#Yw1
qyQ*gYlymy%>l`}39{OR;A=ezJnxlYlsrP@)@kBL|wrJqB>Tkca1B@2{

delta 662
zcmYMx%TB^j5C-5DS`(CjfJnK?f4CM<ZfX_0o~3Kvq7oAyK&vZtXVO>Duxg@lWn38_
z#)S{y)+wi_uG*Qj-#?l8nSM`So^<u~?OFe=#NO|2Zj?midf9z$eAN>kk9b#H@vc}B
zNe=IR&ecn{ia3&UOHr`OQto53l1?MeRj$ssHnUlVD{RgEY}TACvPjW))L2KB<>+Zd
zPhlX&)pM?0oN1?AG091D4aVYcs#qQwQ3qfFIlo;*-t%Wck>)9(6wXsd0VRJP@;8t}
zS-e&p>8iFrm~SAYZ8<IzdKD0QmGl~Fp<V|=EzldJ*M;7ccqGJI5~r3wx<kt_h2BO>
z=xx$F=!AL~COUz>NqSf4TT+jPdQa-q3Kr8B_y9eD4+tM(C~>e6`WOcKHt8dw@4(=y
z%?$U}Tz7WmHE2i7qVrgb#{X?#$?feSLq!n2FT%&z6X9bDpI{=x*#Y)339=6<`#@wL
d`GU<Xx|PnBpt}!dB7VHEbfi|;i92Y2`~i{KiP!)D

diff --git a/src/wasm/Hacl_GenericField64.wasm b/src/wasm/Hacl_GenericField64.wasm
index 31f5c1652fd69a353a283758b862d3645f92319c..a475b2db329ea3d4bdae0fec0cd095ed0aa465d5 100644
GIT binary patch
delta 1512
zcmYL}*;7<k5XPqws<bqKpa>%JHIi|L%^eUo?tlv_DlQ2!?xNx_5y4%!Ty*YH0@0x3
zj!Pbr$5f>%ugPovh5R|D&*>RbHC283`+83G@0)w)ujD_;KYlHuxj%m^8b!(H=TlRW
z>VnB70Zmd+p5^Gj!7?sEaiYLaM0_qqDKAGcmti@|442#D^9ro6-Aa^WWylpGRv2D|
zRo<T8r@0cPC^lS`2vB7bG{LJ;h1DTfquTjv)UOf0#`$YegS8>oqSpB_pfW+e*lVPi
z3}CxRCQML<86_xfi$uU&mz`f<Tec3%Jn|^*El#Jn-iz?J*{_Q$voq19K@?Hc$*hR$
z5#^ZF_@Yk4vBaZcukc1sVW$^~$zAKbLd4w-@koRlP_KRN(niFr+=K=R1Wi6SqnTUK
zz#Gtl4Td+`;`1hKvfXBE#O9E<pe4W-!&|Y{L2W}b8Vt7zRjY$;Lo3=sZb!TGx2xYF
zeuwjSpaVNX-ie*g--T_O$#%_TmlQN<CcDvyX64+27<TKiGstsM%7$YZyalvWKC*<;
zb-}ZAT|RfCoA<)web|eAhWFdz^8p;NT@Uu7C**@79yELihum_9(GAaVuPoo|mOp}C
z90@``ilc7em=5&GK%W~pjy@a@`2<cl|0E78-7%#*Y3aI@?i3Q}R;2HQ?vx(C&%+fg
z!1d?hM6y3!AP>Z8r5ixMr5o@$i6oyvKcB@JoHcyT7N5`KyzMUF94>@>QN)XeFX56~
z?lO|-H#{iI54z>AU=UYAzKW~Pzo!0>_(RUWjv-tRIY=Sp28MB2>8>f=u%#PNx-?EB
zsYpKvU0RPf@^p(9=tlB%BIO>;n+i9I5eql!^BBhX7Do6sZsE2G_>QeU-^E>N`5x}z
zUdZ=Fyl?mc9=PQmVhkgO$7TC*xBUdhF%hy4-}#g32jU0LpCSa9qL3dE9+8`QOn9h-
zlS=rQq&8qw88d{N7*n#4gfc_g7((2m6vwl3jTONY%D<RiVVa+kysA%C`u{~0CI2i>
z6Y6c73*$$**goPjglV#Q%#hEsgjwRBti;a<a(G6DpXW|K|4fjN)#fOG=ySsL!r3oG
zd`Wnzgjsu$++z3@NfNKfMe&;CgxB(&H-tAj`F3IQot=EAlkZ7RcrTM52p@EEo{+UU
z$<$k^?e?#3-U_n12KSL5ShKmbKH2C#=9<ss*i({|4ey&TieH4frTk0wYt!HV0X?>H
AWdHyG

delta 1569
zcmY+E*;5o(6vq4DjDdoH3(A0~-;n?_0^$aU>vZFWqT&_=+)>eCg5WOF(<psW(BLw-
zXL(5;Q<bW`CV9-im7II;%vh<Ks<V7&?wsE@efyumKL>yRB}y}Y{2Cp{*9-GgQ%-eJ
zrX;A$e3fl&sLJkc_&X@~ihR%UxdIiu1m(OGOR!Y&G97$gj^(<l#4=Qdyh55Q6tBce
zch7InxC#|0R~+*K#FR&qT#Xp2L#{!M(N|f$R`gn<uSP9ahr9-BjJ_6C-f8khUgeRm
zrm<Fn=S+tlO*2r2iVnvCm|a3icO-*i*KuQMm(r=Y6LCorw>X{RbtwB%)VU6Sll`|i
zmYr`X4eC)3mQ$qJfO>9}7+;h`93?J|xRKHBNYZuU@+<4y2;%0rgyV1mb+*p^!g@67
zb`ug}6`Fi*Ml-h{!5h$m4T@WJ@OdLP>S_~Ou_@%uXbG@c@fK_`xLeVTgyJ^gZ8LVX
zqYdpLcc8=Q+pOLxdZ*F1qZ8Xh-hmxP--)f-p8(seTRSD7$-1=*>(OjEccT%zY`Q1N
zb5Tk=r5Tb1v{c?d*V1`NYC6y7E_Cr;BzYh9VxQvuI{1752Xu81`*ASjZfSNaK7>PN
zxx?r}QgM&0*JGAHf*u?RLOzP4X5g3|=#_z9GjJTeI3Dr|oG|)H9JX}FEZs>>=UKW_
zaM5LvP7B>Bn|_;zD=NVC<>92I|GGe)jx(07AAOpx-{%1g@F4p5ECz8_@i`rQK9BRd
zx`1=I5b{N7UQ~Pum&|gPF@QeBL$dskS^f%!a3$ocxN7ukRv#99*yz_WjO!r>H*muY
zq;T2NU9)s4P1kSfMsNlL7AY-sBR2gmPq(N*H=3uDR_?*PY2n5&s^P|b9>+M}!YJRy
zE!<WC-_g<MySOVQ-@_f;3;Dh@?<;<Q2WGj47{{pM3E6(aZ2t%ocogy^CXMb}JtKO?
z=n^4+?G#~(%*12DL(At|zQ?2i#{x_Egm4q%mTQ`X@d?=?B*a}xaolw{%8L=j;&#U=
zqbQY@N=wPTxA)YIq<Mzq=FZsGmwPLn{G<JpP^ZhBH_r%xxwf-}r=<OvC7<UAbHvYe
zi(e2Vc|nT5&t*Q(6Xc_NFA36qNg=;7>MQBJCcL)DZ}d5Gh~g}XF<COsERbYakng-D
zyrsan^R6)ZUXQ-FqaR2ze2~$Pgpc;nPlPwxIhlH=qr4M887F7SI{BF(SaUi1e$ZZi
g&J{nBVNZ!q1vhK{XXj5cF0X(nxRig+mbCo!A7hzx8vp<R

diff --git a/src/wasm/Hacl_HMAC.wasm b/src/wasm/Hacl_HMAC.wasm
index 32bdf4664eb86ba0eaa1148ff829265d6bc3ec25..033e7523a05ee2ad4575a4696b36b47f7cef8808 100644
GIT binary patch
delta 2062
zcmZ8iPfT285Pw78l1+DGp8++|rq1Z0nCcZ1qe;KSG$B2hXiPME@ajTrVF`&Xu#44J
zYAJ<RC{!&_XiKpul|pH0we1$@KWZx^dh}*`@?i94;%{c(+btyf-pn`ioB3wu%@2AX
z(a<BBdM&wW_4kgvS2;7D&wCXW?f0kalIJ#7iR|GQ_*3UMIMQE+_k@1cw%WbUlhzH}
zxz#1={O!)G@jMos{DzGC>%ZB5+JaQ^1V=4=t&TF%8jkF!s&UsmX>--w_KCEs*eyA3
zciv9UId4a!uLr7^JcSS6fAOUbV*K)?IXVdNJaJn?eXZxCfX~z^`-t~ZLeaU;iScV!
zFl4TX`a+GepLjo|<N)yja-K_CGbm2JTxap6lNiRf202K)SH8lF4^q^=9742o5nAtp
zE$&@=I!tf!W<E@C#KV$qV$n;EnDnK`WKw!frX@5P$Wd|+Jn19uqwtSSTi@s>?#D&i
zNFT1LhYL4C^>)V71_Wo!8%SL77&PqJ^;E8(<d~K^pn(ILKCV?yK^^9d;-HqktPBzl
zYN~+bIPq~x@G(PdsMl+>jjt&(B}=AnV$%~P)3-3aZIMCAc7hne0K<8Lve~So=Jl56
zTbfcb6z9{<hU~keNG#6)+N#Ei$gp-ayrv_Y@rcdRmy;%wGHNm{V<rPRWtkBeHFKIY
zOSMh{A*0mjRLSxfHD(iTE1Y!-c)d<{vWQ>@2|v&V%O;8r9J1L|O3sv0y1~CYR}%?M
zP=g!X$ZvoCTdBwJ{F6_AI8Ho5F43&-=USTh3}yHfo^d><(d${1%xA560S0@F^GR}B
zn)O}L(p2juVHt%d4LJrG=v4?E)-k<|F-_>0Cf1AzpA!bOU)(I{2$;}yskaG!XOr^f
zoXMn2noP_0CIk5ak^wqG8C^GF0DDx|@&N8tT?<1%sJa%1prfh>MwpCrX@MW1z$q<o
zO1Tzqrn2ZfF&KyURGCFT+WnqPoAl*^$)wDfOv|jvKrR}K=7{HvMPc{u%2$jSbH<@L
zy%1`dLzfh)1K~@?p>W$<TXN9lvQlSW@$+jYh?7wV6+tai=L+$ah&oq^uYx+44N<1f
zPZXKT)cH9!m8o-$_?=>8nL5{r5ezV#*JJ9evlw-5#QC(L8@4?t5}$ZJrcOaSDy-?q
zKK#vSunW;(7o)*0MT5O%nGqOK=Qe2;qYgqAjXDdU&Qe630;mH(kvc^LJ4pC}HW;X5
z4jha+cS<Q^>L9`6)F~9HbC>w0Q3r3O&K*$Z7M{C!Zll+GD4FkB^8#dXHy4aLc$cWN
z2#;>(5@evYBD4@wXIaOzyk<=JC@_?$104a&N}Z2wg7<AwzWib`DGyAh<)O(yeuZR!
zrj-gx9RM$=uG9f|Ms=kQ0%ld$;t+IE^#EkRePQ>mXWkW%WD@_6CR_OsaVG^EpT(-K
nXvHg-OH3seSta(=R@zdA#m@S-Jg^brh(1=d@#zmXzxv+)5M=Lq

delta 2020
zcmZ8hO-x-?5WYk2BRB9OSH+r0qcd7;6HSa85{)K3i7_ROF>&RBg)0{iVuVLX%HN~a
z)?%qG+#*G7DbOEKE3{Ccv|38}=?`ipCc090rYjdlcSgUNckg>b^6vd+=FFTk^WF2k
zq5IT#pC(@nDpr5q*X5OtjdgW-B_*9}QRD0VQ@;d{mQ_5-d!66lNPiiYD0ujpnpWpY
z+m>D2=2Er(F6Zs^JQjF<L&p8_&&*#PVR_!eLJij19A%^}lC70bFL=`KD!Kg~=}>rA
zI=RDnd$`kiuQvKQI8-mW==t4GRd*5Nm(vZp2+28aZ>X>Fd>p<{mt;Tj{^+^g)w%bG
z@$1k`U}rw(eGSS1;saDJ2Z;}o^ITwKpe^}eQ^c1;#0a)GNH=k-e25o!Q#`mFMz!=1
zhVDTunc88TBlHSy<0FKHgeLijSoDyihQ1s#45ZgEEq#WeMC9&ya-8@$MZZ<-2>OZp
zaZpV(T_<H=6P{8S{aUv@hw}&Y`~j^=8c;8+1#dVJX5mB03E~r48<GqX4^oOhwu~+H
z`jxb|Pbdxrh0v!-=z&7$vn2FdScsh@Mlq7Hc#^W&tfS`5ktbT3%H>p2tfQPF{XS?C
zcVQsveW6k(8q$e|HcVv1oi>7e88!@L#4s(RhM}CXolzJMbCz_MN@W5iBh={B$nq#P
zW>anl7Hc)(rCPmX`3!bItRvgfvZ?$6oNTtdT+S7?bc26(|CmbY20L+r8~*9{zf0AP
zE<U)m?mY2na;av0SG6?pIm+-EJm>M8#jIm!na6B+K@Kh_{9$sBH|x8krK!dX5E;Qr
z8aN6J^(d4MDNWCUrg5cdd;?ARoCsiiTo>>P8wKMicqGbIrQZJBi1OtN!$7_?Ov?qs
zP`&~(l8#bF%Y~76Ol|EB$-Qc8UnuBPTYE!Mq;_Z`$ViX&_ZIq_(EcV=Kgq>ZWlR!7
zMR-pXm2uI|_vDhHFH?qrOdF=<vSBDQri@wQSyRT#bHsD14D>pSQR`(^kA&&%N&bP5
z0$;D%oT;Xms;uPZNUo@e=e2Nt1DEhjL}(6XQAAgXuf`&}Mtlt-x?&kc5q(W@s3@Xu
zl2B1Z*AaTdDvKgoAVx8gvAB?kXj8;QbR*eMC%a+y2u<Q+&nx>XqD7r(al=F=qMI?t
zOEJgGF~=)0$E&t83S$x7BHhJAgpy?w(Go<o5{qaNB0@r5MEMMMK&&I%(jX#RfMX)M
zUDz@a5jOb0h!*oAx<h=^M1;4B=r+W&isufVTbT7OTIRbpydX1wO_xkWco#&pj1|48
zE5J~DMd_l_q#{~Vn$|YZgwKgUK}4`ou%_3=MD(o@<;!=5fqZY6mV1Vw`~YMmT~bka
zu#q^Wwu%VJ(`u`TP;gmo?F~gUYKM@89yejf{aaO9+f5hR`7rSz3d<ft!|U4cI%r8m
h#h$u_`-#oW)xY!5xPglu*LC7(a{EJ5t=p>K{12;*=Z^pY

diff --git a/src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm b/src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm
index 000976b0d7efa99286a8a02cc418b3c1e56f1721..7f40d696b3c8016523a7564df64dc38b9bb78558 100644
GIT binary patch
delta 7898
zcmZ8l3Aj$x8s2N4BT9-(h4l2Th}%GhlsM{a!$F)7LUc=|bjVm~z(Gl&!cK$AAtiGs
zhlny%=6O~pH(kx68>w97zVF&=t$pfw`2X)+>l@ba?r;C^SvE^8pQQ@hWR^bk%BYb+
z=Fy@KnVrLnYD(=$^^H!cK~l4J5DcQ#I0&LZ*O6M0%G0&t85Pd0e}$RVb)_yGa_E$q
zAE{DNP*&HIdb+;UkAfTwtqybpX;8k5zA~P4X_a_-sj}G(rC}5#DX)?SD5e`A`_&oQ
z072W#>?rtW5J*E#^~;lnSVZF7$U3ur&Nb3dH<my*k;XbJ65SNxO-qDl0bv`=(8QZQ
z)wO0wH)X0$*Gc0@;7MnlE!jGf4Bbp3-5hyaAa9Ejd7A^-yv@An^R_fYx&`xA%#q5v
z6?WDdY1&8|oWb>RuUeJO8MKwQ?hM*V8)VdN;F*hJ`1WVemQ&b4TVLP?>&yaYx0klM
zLsUw4l#WP#WBh%Y>e-#7lS|xLIx=xbB<_O5`1XlAaSDk$`NTI_XD05^RXXWz(oJ`l
z?$Ks@`ZvQ~3tJ&w57=8_hp>A}w<yD%-Ys&AtNt&TlDOZBRJWO1jY`LZGOOkHl3vjl
zHt+4QKeKu7u;a{oC+tr#o&mcz>?5!<Vc!M&XV{>cz8m&;uup^CM|$ad@SPVm(0!$^
z?kD|lDEB60A`$qH%*rbtkH|bbyT9~zOC2DXL<FJ-;-K*D52`<>a8UjIK@GCbJgEG^
z(q9jeA^JYKFWP{G@G-d`_72!Qs0U#40J))|uz7&o(1WmRC;NE_=5Y*jKM%vMmu%+|
zoY^oL5|wsGI~*510;?NQVs$l#16no?^QK>Fz8TUZxYYATD!E6GQb>8GOF3HMKKj;a
z9`7wz@w_ogTIt6*U(wBvRguI8lKJxElynf>q70F~<;&{v@w_X{<D5T1$pjT0#TK~x
zrwsZUi2HxqAYLy|;2DE>c|3!O29XB5)=36^4#b0)Y!I)XR~s9|3Z;Rb^>Jl@rrc)W
zVN9M5_?$s3aR$)y-nA^y3kDs-+?hZx66vX2<x46m4)n`PURL@QC9fzDXBsBhhF(@=
zY`X#_1sF;8IGsLZ3_b%rL*Z6vdD6g{^Po+E@|W?d4~ln|J1>7G6YAHLyoN)LPMyja
zR6cBCPVjXz7P?EArDT@!<a)y(N3YoiIfBhG$Wd&rL6&6m3~)4?ucQ}pTBa>fpxQ!H
z^mJGBO$D|Ua$|)hH}<9?wuD272Y#1t*+E^%T~=A7WUA6dCiz(|`C=87i?`J?w5zgI
zp@A<m4(B_EcNAV5ant(7BkNry<)lL-I4RslB<0KL_pqo^kt)modZm(;z<k*RdX<XS
z1bVfS)x5+t@wE-Avfs9QU&;G$O78CiPV@fo8R!qWO<Ml`;LLg4-}~wPt@T0N**WW&
zP_M^&^adpxSZ$+n?Y-S5C7XP?&75aBd<J?8%hB@X;LLfH+mx2u>VsIW(l#d4+f{Ui
z-l1d%%k7NoR;bZ#my%t+(r!+%5<UaHhm~mgN^s^pD(y-u?e#&1nERMe?^m*4=>tj*
zq}=<+AjiFr4RYKoHpp@B6Glgw?miDHIq28;Zv!Oh51$&x)12cWB{_$@=VwX)RO0y`
z<5|Xe9#(SLJAQ6JM&kGdhV_^6nubYt`bx=H%Dg<-oxV1RorGTB7{nI{yVJJ@xmV72
z27QA$cBk(Ra^2|%@5%1;qe1L=>`p%!#E!@Abfm6<EXeNkU+>E9^fQq@N(voQa*TKS
zOG=^RN{;&-{>ph?EItGM8!wiYzgReP9v6E&z1ZJ<5HGgQ2`1G4GZ%Z3Y5q`AHT|cO
zKb1bE<P__V#6hs@{h4&VQK5{&Nb=N-4&lQ!;4{#VhFAkFzXmvS9%~pC`hM`34>IH$
z!-V?rP#zEU*igoXzOg-FkR#WV203z#Gsux^yg|0HO)$VUwx<lTeeLOx6n=)a+*>p!
zPfrZ-2u<SRCt+uP@e@O0+u0D~f#1nwJBVPuPpibC998;RlfHtZ<&-cg8@FrJJbtZ0
z#VRj^a#HCRjYl=-F%?zg6^TcsS3<#k@G`JS96H{s)8h8$*2pgir67#RKC*VYK|ccV
z<YyT4B@j~SR}K0JC<ADwLF6!5`<g*yCf}*A8$@Q3wX+Oz@6<QECs{kY5}}?Gf|+we
znHz!`^Fr6$a_5IK-?L%?=gA6u26`b6mX<$QICCDXn4hxZ%`}K-d08Pd>bIC-Q5aQ~
z%sgEbN>Qj6hq9Q}mtcy#EDHHH&V4(Sw=t5O&Qkht1^5i~GOmD@Ujdvsj}^R~uHc<C
z$o!C7&Ww6RC@Vt!ZYb}j#C*>nN6eK5IbyCd$Psh3L6(?n3~<DJ-yloO4-7FsWUUg!
zTuWlE<LcLyT>aXR*b);l9(ZD|w}S{a#M}_doKSBx={+$wh0*DgvkWgQZw;lC-e%^j
zI$CZIB{Lq7IMm%0%3I`a6kv%sbI@{kDC?Ep6UrWc?t4jIy$=&{<*I#3zZL3Y*hOQj
z9#d+6JgnM5buzyBg8piI(Z&lVaj3_I2i5xc8X1nErScqyZn%g;msjV|-0DX;H0@#z
z4XcTv_(aVsO086-WMy2ZR%P`;QL9>?gcsG8D|sFisI_qjB?M|isY8KUCsvoATmLFE
ztFM-;;rdsB+DIDdYvdX)P#a5QaI6UgYK`nH$#TSM3S9_VH3qA$#kJtub1I8dU{sdB
z1&T;Ivvyv#WNG}W!#}Gkn@Ka>T$)Q*{&d{}`C3X#Q(ctKfzWIfiEfP&txJ?>1!S*1
z$D6)f8#AO^vs}gN<w6ZPsoNn<uH<4bH{fBdp50#ByS;RfTrMvcUL8>g-+nLcIfcEn
z_sMUx&P;xGCuy%c<JVvp>4L;JL1b2rFTA8|c30`@l6R9XOx^{_yCXTiee$lHLh`OY
z`OVgu$$RvWt`LwtHFYB&Dt0>xM?O;Qb+^KHLi0B18D+Qw?FHp${cndUiTfQ$b*JeR
z5H@FBQZ2u?^!7sYF4&*hym#Aic8or--CO@2*hk=#iSazxPH6Up&EE;^oc*M?hOE^6
zAv6cb06kC!;$Q|P4QfELKm#B&&%fmC?7=eFEp><t<UtKY^nExeeEWkM%qbkyV1H2e
zTW20r{sS@?0&*yX<AeT{`4DW^mmY@gy3!-CT~8VY+jgYkFkL?y0o!(?e4N=xB|}{+
z%7aM6b&pn9AOvEv!g_4J5RVwJoJ5ERe#wv8K}2)aT_00&uZFN3nrhC+p*i(fCWpFA
zw-4b7Y;z;R1E2c|JBVPD`$;8j^*HACdUd?Q12BQPAxP8Q<BjgKxe<ZM1o+%f*+B#|
zcloE4bQTavhROgmzh|IzYve<(PE2(!^eT|kxswedyT~Z$Rm?e^3%v^Tg=N(ggWNAk
z$W_caoeQ}N<lf1Ut2U1B<QH!<(COT%205Mkl6R%fg^)#{)433|6P1y(y1?k%=}M+6
zs8*T5Uwp6Pq<Fd06(5+~nM!72BzY1cxMuLI;Ec4d^I&Ot&cd1VVC~HGS10tU3o^`w
zVx6h<Y$daCJAV<n(5o23%gy|WMbA|-Hx(ODtU!+5P^>_X;0p|L6klkNB{>u-939OI
zmD~<!nGS8*Q!g?_z0fTp*B5hVi%aediWS&W1|c4J$}F*i2<A4szpZ4N(onP5l2^LR
zpmg;+%nnJLo*U#Yu+5GT4}A9Jb`ZfP`wE4(1cWe>dzB0kygGpTMRw|6e=F}9J#4ch
z29tlI`zkw#U}n!+t>hf(90}5c2S#D9K}N5zt$0op_6Ldz`$Hukl0IvpurJPq7+!~f
zgf;6qg_7_AYc_CwwEX(u%z3b8UCNq`X%Lrm&L(Emo3R)OX4%40Td9qz=WbK7&DYw_
zIo85w0M(0Hw0tc%a~`#}rL}gZL9A727c=VJ)Yf~H>|w3F(AHJ>n#<j%WS=j$pVKUd
z&j9Ke<!JeGaOOP9?Mur+HoG8}Yx^-X>S86uN<%1rl5!q88OU)SLK(<$9!eR=asCja
zqs;iSf1H1-B=5e%X2?rvXyVWPy1y{MD(NqcqgT?2K(=@HwGpURNq@slehVdCBOhw`
zyHrI(4Ffq9{ewY#JF@rvXpnoKLJh;yspumHx!wmcj5*i)em2Od=%WU)pR)HIgNn8V
zsiJ@Ju2j*-iS(~z%5O@3<L&*PFy(}j6aEOGvwkyIhtEKt<kivgR|jX#<LXYNSNBI6
z#H*_fv3$aaWnA4z?iT8}nuahQ9YPSxqm(L-VVn(hbiDK03vwZN$6z3NGNADuMZ4<@
zU&M~(Z+%*R4RGc>)-WbjDiFplh-=7)G#(RbNaAs!h7=y3Divs9AV(i)VIW5zh+!Z{
z9|&9^+cF`20bI+RWRUHc(7f0wl<v5aO66H9l_^|3<ZilpNMT^xcM#)&?`qH4K?HLv
z-JcKTSEV77k=`qn7a^hbRA!%AGCO26u+5GT4}A8Q>>z?o_LoB$8EQyuWcTuW8c)7}
z*`cq~wNEqp*JeiuCjZtm6Ag~LD=^tBL51UwCL{s!<Non8;Z;a?(=_rS!)K=Q9Worq
z$#=+bASd4;!-1T9hYSbeBf%e_vkh|ceU3qVB={o~vK*f7r@}n%$;V|r<onD}F9;)n
zAeV(?<(ri6)pH@V3$f&cj?j1uxlcGDY7q~GmZu|}IS)D(rgVfZcR@VmOQFyUL!-|%
zBzaZI$kPzyOG5~8S;ormASIuNrRI5n&R&jzWC0MD%gh4s89;Vp0kr%A;LLd}V0pR#
z=y4Zho(CxM<)MZWUlnR7@YU(_00|D{o(D*9Aon~#g9Ewe0lFH<J`Ygb0PcBMXOMj!
zAhq#4Kwz&b`8;go^RS7lhssV@4+RcvIfWPxJYzT8K?EDdZV6>Us3Fgh-ail9pxpI#
zX5U^iJM=rS&5jTceD)o75W&peZ6_qYhO|d=FZ&_uGob2`oVwm0Jcfa7a)fx`lSBNQ
zK?E~-UHlnf37@wpKz>|59*6y*Y*zX}C<ic_T=++PX!OUJh;M1yr}UCge+s*3OH=&G
zpg3N0-9a@nF39e$b{Cx$;ZFv|@$_Z~)#i9a^Whje*&Kf|D30Tn92%6vp`UW_Cxhbn
RaBB{&X~UuGuK&Hv{{fj!Hn#u(

delta 7871
zcmZWt3wRdA72Vkc!A2$hKoNv`Z$+)PNL8Q;M6)0fFd|~a;G-2=sf{3{U`rqPgCJr7
z1y;cdNI-ldLJaa$0TDqS0xIGIRH|58+xh?>lqx-Ec4q#+_WR(^Ju`RCow;*ocF(SS
z$Si-zEbdj@`0d$aMn}b;HS{g6icf5pm>ZMBrdH38Qw0CpMNutr=O{`dZJ(|_qRm-9
zw#|B`oQa+a_7>+7(<q5b^ej0`&z7^3r~*xEBJCg@N}FiM^q9tN%R5P@B+7VxA{`J%
zJAm?>qH=)fqT=!-`au*)Cw2|4kxq!5IiKsC(}5+&Rdkk4+C?JmDqXZJ5j_vX&np;S
z280!mp=&S$)%mtb&m+}k<<cb)c+y#6X*Vg-?$S*!0B;ZQ_9)=J0Lbxn4`$%4uua;7
zyv;6@<FzMN)(bSfr8m}pQ98Bsr1DCs^y|M^dV@`S!>bPh;cr-fCA%>D%0PaJb0+z5
zeWg+_O&V!G=?CJ=Y|fHKX>D=q@+ztF{Fh5V^7jLOfAHgP;ICpA_^Sf{70#LbRn=0Z
z17v_+DOV<&-3D9*dp&Fex~pMtg&o7bMg}BBAS0jtRDSBC{|u&N?$?59VEW0Aj!)|v
zmE^9I>ymwr^yjemI?`Xbc9LEX`yI3w!5#$r6WGPDe+m0D*eEl-0rp3*kAVFvxlU{F
z_r~OG9V~-&hzvnuZpw;@Q{z8YR!wPoOL5ckp)%CZbC?WamWE(-EwY5aAxlHqg)9vX
zS^BkeW|nfpWvGsj5qh)SoNUBIcs70mdpm4q>9??%JuYY@Y-W!O`W@_c*?N8t^9wX{
zJ%50GX11I^B4MLsMAA5$d5zwJ&CX$Vxq{i9dJCYd#!<lxQypz=o8~yz{$q^P=&c5v
zM|sY%CTXnW3|Pluwqem@4YA|JhyVifZLU$rrE{CM=s(^_PraSg%{=u4gQ~xS)OQq8
zPcX!e8Y2P-)PHh~dIzaXCmOj_1}2e=kin%TIw>7^RNLHSBa=<CA6a9<@3iPcAg25-
zi&#-i`V@;;FGWC8En?-dlBQYoJ`i)CTEvQDHQj9yBQyrOCyZ+XH2qo&-$Un-fHN#&
zi0=U18(d3({%p|!^c@9sACb=FEN7YItw?7ZnQiobBljEB>Kt_N=9_JJj4SJm)S)F?
z<6Qb6Z*a!wdCV)Vuw`&&KPt7(gj7Bd1~HYn`6Sc_jXa3GNe&+_sx6JX*bF{o+hV_W
z4;y*dgnE9&B45#uTI6f`F^havFR;kf_2U-!%3f$>AUIudKVeYai)_#%ebB`Q1zyjE
z)fX;ou_1N^gCPNgRX*t&wVtc2ZZI;_=n_kQj3<A}BuDE~k}oYJf65R$atsL|kS}wM
zy3~>{H+bBvu-qqj?v;iQxK$)yRY<<l5Ib^=2_TR^?HY9z$-6#d<Y>7x5$q3YAd%9e
z^;r-$N=ym=>uMvbf%!y@bd5>YM!MF>T9(dpY3H+B@oKGHXJj3mvZ{HW-IxOWFl0Ta
zNGntgoY{}6S(mSx7s4RUs`&;I>PE~*Uo`R}qiss3l(wzhY-DqYw1r)agx^TFG7_y2
z3C`?Cq|NzAFNHxi(l!$6c9VQZcNp2hNH3?g9a`FTy<+5*5bafVGa7y)-N|UQLNqwD
zAJJaPM|&*{Vzk^Y66)(lUN`!NkvH-M|E5L0;NP;y7yNFEe8KPG=%m<J!rMmP4s(3R
z0?96=cdg?Q-f^#y@9hnqe=!1JGSBy{XOnbr#}ke&%9=jlBLA8`)6r%k_o0ywjeQ*Q
z^81@byr}5)cZ>K)<mLB~MgAfB4~zbWK3;zRw8&q6{|cVG{64mb7b-8mPb}hv%FFN5
z_7*ZAFTc-%D=)wOM0$X=^0|@Exr1NWTKUq*mtnnMv5UKh-$)N~_h^OPgERZFdtc^v
z@84k%ckhftB-H=d-TRs}-<YJe9yW5==;&BR#|S+JIpBSIIJ-}8jpbIfWG7=ReK-gF
zMmjFW9B73(z?uD+!>w^RueXIkX>x3f+;|e|?Xlb*>x5V)#No=k!y;cnf3nC|&_s)T
z1x>QZU73?D@K@%Y7P%Yqu9$T?g|YlAL5~`p8sn@?<K(9mPJU`k>~0>62_UQ_b&WcW
zE2+LamIFrbvFzXVMLIoBN^}OvXB3i8kBJ>Qh6E7E?{$qj!;=3wmamQ8XUSW8@|jHg
zERxSEB%c`*J8}#OAdt^?jXI0u&F_x|MZgL`X0X$EMVOOLIX62gb+OdN2`fHAw7C}j
z3yAeH&!P{2IFkn~`WUDPXud@}H#{j1TEx@9*Mx^G;%VSXdDtTVn(#>Q<Vkt7IiWrl
zC!z~tS-_HfJf;GuTo}tjgw5vl1pBaNIAPQx=7d%#ML4q`rMNI(ii^V_rs4E@66%vA
zXo!<mQe2};Vp$UFQ?We7z)R7^v#=zsZ_%c5SuD%Yki}n47skhLq$?PoR)`O0_9OnX
zeEgMR5aZ`okx-wG<>^?TiRGF6QFzuOe-u_*<d4D{i~LboYmqw&&spG)!a9rGQFz`S
zh4qY8a1>tPQP{xAZz!Dn3o)@PD2xdp6x2r7s2gmxz8K46v2L>L;V5j5lOuHt$+r}e
zZ;pu_Ifeuf$hW#i-9qv!UW%oWZnNC2{7KjzOR?@C_l`ntGy^+s3<)4`zw8=yhb@6u
zVtJA$Es2mAY&}lGtFhp@?Y4O*Pl~>VrnF_N8yY_u>szoJCbT+W%<Ji>)_cs?=~ZoR
zGTR$AwVBGMt54ixHm03r6q=UHbT(b`eKxf_iA@Vm+RvsrC$nkPDQHR$ozlM1YSTzo
zr|nNY-aOaP^VHq(i4^$!G@u=&o!~#_U+^KJQ+odCZO;0MZPs(-od5ffaIT!Iouza5
zkkCcCpq#s=cb?w1yiCgc>du3PM+tX91)q;p;%}(mGIpVQ%R=VZPv>-RyW?sSDTCne
zhBsm-V7p6qy+AIIxb#Tv0lo^Uu+hcnh4?7YGZF2D5WNaQ^aOHSbzv|=xZbu&dof(I
zi{wOw{MU;?(?|MXEtlX*I6jrrO3M36U%#G9r4Ogr2cG>941dFV`mzh_=^FxE=A0Se
zxGL$Zm*Z8szw`(B753QU!$8y1T9;Q#wdWro{mI`S{8xe>e*=FtyTD%^_^)!#<gdC~
zsv-EVu{xgzIRXWRK94ak)@xz=4+8_`nxx3*m7?GIQ}ava{tHlDj}HSU<p#;1@KNBG
zu=hH`8(ce12Som$@KK-!_9yV+9epEg|50EtY`y{UejXx&6rTWeC_V}dlVMsbwMfdZ
zv%7FuHZu$GQK0o{P0NSNa6iWpQp*h0V)V_(5dMY?4QCfJG(2SJH_n+E%KcV`L+p=)
z$p2k<BltaRe+m8pw!Z@Z2-{zPqhP!1?-rQ;^2@<?SKnxZY(dA5^cNomJ@$I6!3-hh
z?G)2lB^}d!9h$X(NWV!T%}3@1|LqX`>7kPD?C%eyU8xh<A5{A!zPe2&8}xO4!IP|v
zbrp^g=*&P!K&HWwugU4&4lPRWGIF_GpF}cJhT$Tb0@dD<C7y!<pPE<hP~bpbxu+I!
z+qu<H;OO(p9SR(1pWE)~7WtRg85Viv4gu~W@Z}W(+>PTS`Mzr{^vZpvMP9kj3a(V{
zkmeZZl{+N*RAU9Y)>-8aJwDe!hs!*^<UW98@##9(@SIgbXwOGWb~Yg9=GnJh{NnY2
zxuq3~3C`?CInB?%?LvXOK}=`v5fUn-_oLXK|55G`;Aq2xBK!EZz{rBUkbwjT@@2Qs
zB42or;OO(Ex5y$_e30De^5s`=<okfG0wK1q(FPkdDEB2O!F2yIwy0VzGcw00bTXzD
z<o625@ASH+)}#7qBi$5Q7Y--*c|+%}i6C&197^1foM)}%b%lp9==@gUt#OUInwjbf
zL42%So(R~n8&*R<2SVy+{?~PxJkB)q^HxKzH?p3a_yRQa$(4}18!#Z-yN&EZL`Y}s
z-HV(atuQ?}vmbl6A-{K<!XVD5`DPO879OmvMz%82OVC92I8<&kvMog0&TdA-Zv<(J
zXtY8!II|zow&kO}90u8FP`=xYzDf<f)5uOndkq@8ZRIW_yFw(W-kmlQej}(~M4}ZU
z!I}Mtv@0L!%`nK;By{mEqq~jlHVPfQCtr4u!9c$3po4*Y*}ZF#FFWYq-39s?LijIX
zj_+9@*;C?u>lpO&J|h+Tg69WD0GxjQtMzQ+3+qFxPu+HATG^@UzjNsyK~=ZSK^gxe
zuc-fNkyq4E#^~eogqPCC7I{StWsE+rs6VyHUrG?h=<}BngfWm;)CVl$MaN6&^Y#{c
zMg2u^rK0|lNWWtB95ix}`}yxsJrKc%LKYx{4%$7%Z=_#yPicicg){rHr-$-;`b`+b
zJv{^Z`H<Dm*i))!g<x*2(8^<DXk-~jC2<?tdDo4NdDmSG5j-9(*?EBk8;85-MmS^e
z1isYL3Uh!n`!R>{c_{(0><8J$C*<<@SRs=q#tL~nDX%4<kAZw)K_3J8!h%2s@`VM_
z3*_!I$YB6~pG~vKU1!k2SSsZ2#GoaPsL^|%CDPhsyQlBBYt|BK_A8?hv2Y23;67;M
z^xe#303_*{SfNDW5d`iWW}uE4s4L9C94issg@z&M{MLn*$yDU9E@nEKL#X0|26qGe
z$T}XU4?y9z%|WHk&#POgR3NWzp;Cdox`j#w^6C~U709dGM=kQ|_A!fCnS6VKYK5m)
zw~q%;R_#Kl+xf9R5u-8}#j=Q{v6$-CzRF$<L0XR~XJr9hvdESNeko9q6k4Gy;LLuM
zMSZ?3pkMtU=HZ7>vh}gmu?p?lN{VU}%5`}R#VRWpeI+Pan9H-mgd|;smTU%4L@VqJ
z@Ebv)Vg|Ir4B*Uu%wSc129U0PkS$Dz*Hy7Xw62L2Vs&l4Frij~d|^VZ0{Oy(Tm|xl
z2?+}13KQZKz!&BQi(Fwsm7*{qM%NS;<|Y>A$t|<OgtmMlR!B;?gu>hgrJAOhM>P~;
zu|gNZA;?W=!Xn+t1newK0GfeaU1CT8;SCSU(Kcc*vvK;aSeClFL`s&kE?<Y*4foL-
ztXq8(P3h0dZfLwT)^}hxyi^9gxjS8V{vI<Xom+mBd9|T5f!^Gm&g-_vY)MCVABCoG
hx<ha7PVec#rr{NA`m|y{oA&i&)4E=4N_rn`@?S+QLE``b

diff --git a/src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm b/src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm
index 09384397f7e7afcef3fc29b26a851df6f9b33048..1abe96898d71c8c29bc422d6796b65e44679dbec 100644
GIT binary patch
delta 7870
zcmZ8l3z$yT8s2NqNK%@Urx;DA@9V;OPS4aJC5_JPXe1+q=uUT|+)FoxN=g)Vx=1LM
zOK3DmDs*v)A`+E!Il6bcoRZ3^ocCS-T5C@|5C8wYYklke*5%!6|L-iDZI;hA)pPUf
zj+#DtRFpruraHezd{k2@PE7w~pBXGoi=${Tqc%~LM0&h5OH8FUOZyfc*5U-)t0hu`
zgmNb3S0$!S64lq{(p+0eizF&X)2c{YO3Q-%^~7{i*TTvB)h}x$t&%9mc#^b4Eo}+%
zlk>^|qE7i`N%W5>l2+`xrczpA4!PvkE}7-aPmxyIMj|~`+GuGa+7`px)*4<4gjJB?
z)DQ-$(`=KrB~|x-Nt;BF$z&~)GEF2;PnSg7fww()+t=c42jqB94`JXv!!~Jq@-{4&
z#@YcZI}<b=r6acBtaMYe#@vEV(#dZ@g>(d=c0^)l)WUbzf==wh0y+i$vt2Uz5AGtJ
zv};mFyGb{2pOaS9JG!j9boazPq#KF5fw(7#@g0b}vkS!C1M#^onZ!MMNq6lnz4bgf
zFWKNW|9r%&5gX85fcOo>G2#oQcarBf?;^R#SHBpc<kBwzRiCtPF;`yISNbNOI?hWG
zf9yCfbM5539Px)}&qI6#;_ngXBfb*x4~QW$y$bQyi1$N$we;0~_^wP^YJcgk*T^;4
zkZW@~q6YYnqN*%NKgd70Y=8{#(;O)1#0ZQYgiXSC*rWmM!X^y}n>5%ZbCaru$N(KG
zLv@%8OV(i`d_b;4{3c><()EbBd0fzN#N0eC=mx~ax%J$La1WZfo|_Oi&n@R>?AI+a
zG^y*ibp#H1BxX0V*6f;&0CYmUC4^zBRkle-a;l9+8R@5^4JZ%vl((9sZu;)=?b22a
z8a5hZq=VkU{)WDPtVtv-Kf(4l9%rPh^hqKaD*X%U>)lu$HZwUW-JD-kHQva0ll+Kf
za0ez>^aT+2;2w*3#N35@E#d)kA0}EvDe!0~S@a1IH)FCzlmL%6wTKn!0^JwJ?GH5N
z5({^svmW667O}(uKo5k}`alm_v>SZ~0zE{eQ#s3rO|m1>X-1|QeZ<Hk2I85XTcb=%
z`xYEgF~i6VG~|{zlPMGpJ|lh9;9wX9-5{C$P|ge!&f~E#C~e-LQPnIG>f=Tp$37?f
z_T>#Oh)=Z}_=IhX{W&~o<Vh3sHQOSuusIfajm@>lt8AV{PG?V9;FUJtNMCR|u`MuA
z+d^Bko-g{ef#9mSu<F_id)g2?&0$CYVU>$qqgHd3h0hq7YP80ZH}K?(4TMwL!YZrq
zS%d3)nN2v{Cp>5H&PboiWt6^P<RIyq2zCnRlSsiq`XVM(Co%Q;Uso7e0n9f|q$^D_
z+UP1Ht9XVlrSn@h!JSj_vXPgOlRLgw*vsR?XQZ!km5jpiA({O+zL&G(TO9^*VTZ0E
zp|0gbb)AuQtoB;EsNt~{>y4}rr8cmOrSKW)>nz16ltME5QEGiw>WwgnrHVF^P&b+6
z0DaTQo2;}M9DM!`;PY3p#mJUW@hzsXB0eMC%8HCaMI^Hy6}My+-wuPUHn)*bw;S1R
z^c^GbWb%90A}_!9Eb{W(VUd^L`y8F*`y<_HWM`P;2Np=~hWOAX?&lLfGE)9g$o$v{
zKwd8M-!^l9pSjD(u8{bN1upSZH0x(+^ON{vqv~@bpBwuI;q~-|MZ8Lw^rc07i|~5-
z$|C>X`P!l{(Z}oQKNk7x>6?(r>*-sIc;)eW`pzO=dAy#!FR_pXc|H9%r1E<Dfk=O}
zD%x#iH_!GbtD-$d_Jqa#%r2fOJ|q2wXUZs?DU#WbGu@M&>91iB&$M_i3H5*WOn)QI
z?<OhIKaBigbf1xZEIkUF09nZ&_R1R_%V;#@o|#)?q;LxOjP$k`Q(zRPfMoV#3Zvt2
z8QdNQSy_!Cq23Y89kGs$Wo#U7wL2~HvbxJ6FRO7Dd0E|Uk-OE#Ti|cC2^P6a?Vgz8
zy_dE8Tl9=dofzXGn#9RZ!pg$rC&t9?TEmzC!b&E)MxB)QDQr}j#`2@l`z-t4ydI~-
zN&R$1>vrkog$)ZIjO90@57~?&pD`6h)8bQXM$sd&;52v?m?KW1pn*<DKOgIQ_O&`A
zmKkwE{ZY3wE&3LS2k@vxp8;WrK4#H(KzTs3ETW33+s7@UHu+k8!Xj#ux_#0j|5}|L
zGO61+hZ5@Cm^a+KSmwnL$WyWV1z#~gmiZ{1o7)0*Qyln=bRqYbQP^K3vmfG^pNZq?
zFo;`vTr~-G5ec4&lO~d1sWq|G#JV_^#jL#qT@+_cY%jf~u`ESPZUWCThZDeOq{}z~
zMqvU-W<MsdG@HP4VGt)!wVZ_dd@Rq$`a&!(Wa@m;BCpOB7I}59w8*P-l|@dSFInK#
z`Lab$ov&DRzRFs))VZ4KT*Jw)sXh7CF|ku8#sm=5xz;u68mrEAvCNJ2HOn5<xju%h
zhLu|FHGU(OI=ay&H1Xox6ia@(E0<8RC6+~0a1vpP*m8*TtytC?-5Sf*u<dVC!nzF|
z>BuJi>Mn|P2jZG<o9r=Wd-`e7PV-y($`J$1rkWOipUkG!NA5Ih(^)bCO^TmmXj*<0
zn;txxO@|$`n@#nbvgymFXiBeYR#In$sUs`WY0Vm&%{5D!y&oT5EGKe5=ueBW3AOxb
ztF-!`N3=M}HtWf9GIIWGOj}E9Jw;9l#<Y#JfwoSitkWag)GsTQQZK5uFolp*8z|~D
zoC&^zo=VvTHI;@Vpo3&`I;rhpm1R<@i6r>vEamBPy0(*c5*O6d_TW21&ag8Oqvdd!
z9TL$qQR2*6B{~4PGcONeDA&<8>6t9o@GLn}VJ5W#G@Ye0)^j#o=Fw$cq>EomSLw{@
zbw*Y<6vB5{OBZ%wEnNcnIWC#x2X~h)+5<lZdrD6bp9_oG*ltuW>E+3LOHY#b1o?R&
z$9Ev_#V(Nd3gqXzWRmx|KzhMGUZ`}9e4=>K(KhmV;x%^(VsA71$c0Is-_XABelGt~
zgpy0Y3{;oHW*%L2g<KIl=9P#)c7#{Cc3u-#Blhq5eu%$E4sXm##NK1}N6cRbye+Sh
zD-@1W2f$+vlz}=(24P1A=WeBextUo2k9mB_!DT~ah@az78N?kLgweyWL--CmG=yE)
zp&?<1u5-!Up{na;2)yHPc*YyT+ww-l{x-S^vA>IMM(l5*TM)Z@Xaquk3ynnV?w~4c
z7Hr{ge*sm(AL5*EHJBj0VQz-adE>%2qQQv~Ljnj>zRfjaG-uuGb|cp+Jmv7rZr%aA
zsbfhFW0@@<o)g${V?+Rf`%c%0!It|jBb{^{xr0@O9Tgo<ZuroQ`)+IZ95+UwGY10q
z1lNec<Sw|!NDsL@iDbA8gw4G-Ei5^v3O03OW^Z9rfxNw)Y!TH(MZu<`&)ZwrRG?3t
zs-{@ve?P*dqR-n~xKtqj9)?SG<M<wasE>u--cGg1+uMgjD(x-&D+YRd3m-etSQo1^
zti7FSWTt^zl}Gto?=kEY4|k?XwWO%?EF-hfl6wSUv>xSNAsMt!aAO$-%_5ooQ0=Vj
z_a=O*A7qs~n~XZg$Q+!`pA0U1D%$W$vwvODc}C`C4g*dV$jci}703&Gfkj^83oUXY
zhciW@mwC03O97qI;YlylXKc}6aBHab#a!9q+AD)o1$L6bkN|>YmbgX?<}%M)YGk@m
zxL7PHINW7$xcVH~VP&&@gUtnY>=+V2U|;SUG1#&{Z}5760S0++$1uOEBDh|#)Axo`
zdC~e{$Br@R{EOUIx<(8pd+918hf0q`Ko1>QXZ;cwgR^$7Ip?fjvCjHcBd=0EtKqDV
z?F<*Z1_N@cS<5bzgrkOP)^UD}!u*iTeyC<mrkdBXL7dW|>&d7a>=Iu$@;Yn10Y}t?
zFP+XCjcg3{HnE%a@EO7Gq8_7A56SFDy^UGD&DkK<E80RveT(LLtC6iN_cloIWWZeW
z!PsVGTPV4mDJ+T42-X-S8HJKaW<N@9%SysC`#~((={+*)4kJ5^!X>|-X&)vT$ZH=i
z8OUoNHW|ok|09l0^3w^29Ns{3FTY*3X}@&oA;%Q6Gx+4st>tuw^o0e^Cx6LRd<CC;
zOcl)T*O^I%*#+_@`5TM)8ssJStwsLD3A2k#Z<4>a$X{~sy6E$l+z%Fcll-Gayf}Hu
z?S@Hq1!<Ch3aK>7dx-RBD~Vr>{K7N(HArHwk-g!3V5okv=Y!8kf8+Tu3g?4l_Tzl^
zX6N&JHi+kQJUsDU>xpqbqqt(Y;39<qzBPvNmD^}WZbv&bf+mWj0?u{}T5`_;+}v%r
z-1;LKgU9msJfkoPB(oor7?YV1IAAv@opf5GDp=q#vBLU}ixrml?#zt9^8$H|!1Drm
zjllE*d5yrx0=fGU78k(ZkCQBN*CV_wRtifyuC^Juk7i^FCl6nnO&*>X*j+Lh6F|7a
z?sttkg)8a(KrBBSg&hWaFe4AaD(h5|PpwT3yA15eF(iOM{;+G*sg`_NETdwDlLmQk
z*>ur5gXFN!+03U~d+W$C1f74m9&;8O2RDP{Mex}8!w3}sdYm*o&|?6+8tU=Xt6;Qe
zWd<Ea8^{}U7;PYL&|$QJyg`T22I6zUpPO?m@&<jbMSL#!lM}uhnf`~tQz4Vj%zPO1
zS+Op#27O^H3#rSetwHBqSph>`jp^nz2{X5l>xDVT&}X<gjDjYS%zkLHI@2Wlw;RO$
zI1Wa<I<_`k;k=tjUZui!KO4hu%Q6;!F1I^qvJV9e_3|(QxX5L80{D#JuQ35eVFE~I
zKPIp|n*fZr8^j4z!Fex_6^?sltZ>?^vWEgz8^}Ktu-ZWWp@7#0@(%_4Gmv{I;H&}s
zL$Ssp_fWu6<Dr0)URnF0c#RLmdQKj8I-5MKHn5Wx#sm;_yTLW;daK*lV_6U@TsYXn
zL$MJKT{n?@Q*CnCbYMr0Apr#PH(jG{B6+XPF!Blm5AG(|QEn>Ddmg+yxar=*uA>>)
zabrjTfg2XzHtJS#m%!^U;WL*+pvOVunb;o72BYu9@(x;aYI~PYj=qPEbaUH&b(h5Y
zA>x|kH2hs)N7}k<rx}$VmJBd&)r?8-cYz&g<90jEhICK65oj9L{y{b!RL-Wa%h}Yg
W1O6_sBfYpIn@Z1O)AF<a*#G}j^*5#f

delta 7873
zcmZWt3%FKO8vfTlC&kHh=BZFJeV-b6m=Fo2=4_`9<&@;e$vs0j-4&Bd{*F>np|*R{
zK_uy>bf=OoR4Pd>C*(eiam%GKH1E6iTI>JEJWu`Sd)NBb`>pk@Z>_!Gy?mxwI@8Rb
zRap18Y1N}Lg`*bEFRX}~w~kH!c)uB{$H`HG|E)8bp~USonK+}zC(Y{~apDQKS=&e(
z^pvr;FdLgXai&O5loRzNIVsMRp=otS+e+KwdU|qVPH8gbfTEIi(k{-VRHsN=gwnQP
zJ++_&AaizMNt`)4laY4p8c-$e5Il80%{eD)iVi7jFYUC0Wb}0DpdDk;P8i-PZ+J%_
zEP@QD2QyIp)i!A-Qk_>K9b$neofVdzAq840XJ}{eb^&jfJl@Vgj<+<Jfw#;yX&3S~
zJW~$Sv#_$Rpy?*vkb<+5)%9AGluNl^e|PByHthzl9tecLVg2Ro!tBcf`8m#+<PCaC
zxt<%>(O%LE#OEcG|8f{}TOk#m`+Vs|?q1;T4Q~7m+!gEscSYd7z&Vq<qEaffkMz+C
z<-&NAOa4W$*TFWRyBPKs*b(eYq)%J`GV<xAa;cAg8B9stF9%iM<kHrhVD<{RBL2j2
z{tfmX$9bh|C+AhL-$#1^?0&Gnfn5muYS`bwMv>_?u)l<T0PJh!3a!H5{_#mVKnCbQ
z8Hk(=O6!O-<3AQvRdMoOVS|#vGT2XZhzw+s24eJ3Bnf{*k_NL2Ng5oIbe(f%lCr~O
zunw2udc9m9Z^T4+GH!sq4K|bXci2oG7c>Gklg9<!2)lK<o||C)h-R+mX4q}g<=ldN
zjg;YW-E`(vdMoxhi`ixKX4mRgKv#$(gBhke%Gfr|a<09rja2Dv2AuUh=V%kx)iDOF
zV=&vW=+TDQ@nS>(f%$gVsACdSd}!~nM$Xc4q;BY`#~T#<9i+Y^pL)C@cGMUVK%l<U
zHR>ItE}mfIT<IHUWVj3{F4Bp~n))rXlZ;F<@%P9Y6MmOPp93-FcU#1YV$$!ii1ktc
zG}$6n9xG{zMIQq(_lZTUI9AiW7BNCyp!>qOdO-JIX5mNZJP_~!ix}b{pa+9%5zs>x
z?L}XGpofWcDrfnKiQmoWG$YfDK5FDqgIb-A4qkfGlD>_OD6cV6gNAg8kI@BbgD(a@
z&a~1BI|gU=qfl#1$mA1Y5Hp#bK|+1f$dlNbc>n%_p~X=Lo4}`RTjaNHrjeN@l=IUT
z`GTHhkuT|IEb>J?+ag!i&syLMdybL5;B>V;*PyuP*`Npdpz{stdjS`=Ab(-=4Y8{i
z3<)5t@;TS23%JV4g+`_tU1Z7s;K`pi@xi*7<csskpEtyg976&K<V#$mF1F-L4IVVh
zEcfA_d%5A$Z3W3!<dZKq#Eu+e0tn<QU8AlbdFL0594zO?g8e~N#8P~)z6ioPu_@wz
zU1ekyFdwHGU2WoOqic+;VdcDpc2rJWZ7XN3k+o<@E9YgpU>fknuyvd!tx!2|W<M%t
zZLV_Ghe4cK;|(O#jdr207<q*uUroL({&V>zBb!2~&Fo?*{AP3uL(vMM;LLu6+LR0R
zS{TGojkc0dx0(1L-EL$%BfXyNY0FoJ@*PHYgkW#5m%;Fx(VYxND+Gfx`w?tMF4&u4
z5QAlRkx<_<@|MxJjl7*J`gbhyMgOivzUXT$@<qR!qvJwf4euFwFU;|M3naalKCq4l
zc*i|P{<J4}erN=sAocvnde%#7Pj1O;>a(PEJFY+bxslI}eGc;0`-ermp_qU#EaJ0}
zx89c)`KRYUE&2!gNcWXR{?_|f@Z_!cwMD#1dFy>+5pPo7df%R4Ap`Q(`!2Zh*884F
z_u2~i!N?EXw;yeV{AA>(u*{#?#ZAL+M)z^kXoXFKGyAb=Kjk*<-(e6pt@SS?)c@E`
z`;|1mnYfwmH?rU8s7OXd2wjaN@Fv~Q^U(daNNz(zdLBm8g;T(9M#n^$0<ACwII|y9
zxGf4N_4eE#``8~#MjaQ)xJbuGGCm5o<sBCJ!nxBTUpNyi@`W?eB6nL(vcTV#cUj~v
z%ey0%=RJ(&Uk1vmbaI3fGKI6Bl0W;&5wW{;FeZSol*Bb+FqhKj-bnTuz0cDB(HH0a
zQCy@Cko|#t_WL7Z$BrQZ1oj7ABL-Xcha&ma=);!1nP;EM%s)c*NAlUHM#PRCLjnlw
z(_AA4lfBWSk)RG(1V|3{zxWS2J(+t*%WO>~HBrop&mh!e7X1r|<?^^ip8|0jPgwLd
zPyx^ki+FB$Ql7Mkr-APWPg%s%z>_l5BL9BybnxU!nbnw3pNaTjm>tP%mgKXMQ$F42
zL^21V)49!MHx>;)jGV`$&<f=UXZE8U=j6(9er^!+aO?sy>T_gR7{yJcuu2z2vMAE$
zBYB>|7o&^kVNsN9FKpI*NhC|qlFnc$eK-UBW^@^6Kr74u&g{nwmgHuzJU56l$gUux
zu8d@5q%TDBLheAkXpuh<t1R*dVzov7K&-LI9f+4K@CRb8MeabnY!Adb#>zVo>v<qH
zaP}MWXTLroc149T0feI3=o&HDmh3B$JQL}wmOdPaO;LQHZYKNYeD+Ndv17-O00R3K
z*NDMnuY4_%I=a=8H}&UXTO@_Lo#fl|$<Yk#$T1{<K>oUG#9)#ivm=t{c;Mm;a)Zsr
zd3YldJh$Ce@8o&WH_?=2n_gS@xk%rIz3}U%KN|B^@@cc(=GWxqBL<mm3s3sf6gI7I
zzT0d}X2?i19f?<4G_5$2O%JtT)1fW*vZ?-2Z2ICTG$q%xI-$-gQ%6=M(^?${m&L7W
zqvn+N{5GH`OKZV@EFkYoLc3(nF-M$uifz_Y<<$TCl5m=wrtPJD_>#~;I-sUc$9Za5
z(os74)pde`M;UiO75^2v#NSZE9odBn?if<XemW=BZ4Rl5r6c728F(vp61G%IwX<}V
zsQ5tb0=_aSv(d%qnfN4dRxH{TA-d*;I19+_)tSKz;kwx-?aFWs&z9y2@vq%M(?fb-
zE$1ZLTD2(YDLwsK&XpdVUJrQnLLmGNYw5`@tfgllKhHUnyg`NZ)bsHw-CKHt_yT+q
zXi-urm7chd^d@m{5MKyl{0+pF>;iFRAil^slepqysf5nI#L9af;0!3J?|FQAuU-z@
ze-G#@m&64=nH2lZpITp1_bWkl6}|_w$o7+d;bXwnu=hB^Yg{|d1jK#6@G+nY_BZh1
z72O}U{}?a;HeY~vJr9(A3hA$d@iAbC4AG%76xp~gy#<G)GqV660|p)4pk$Z~^K%?7
zLz$tW7=1l5gufv}!`Ouk4GS5%!8tQS*}uy$i2M-{_cw<3ftz6a%kO5`{_490w!ipB
z!gkl*tuXzimxb-Fyio?(f_@+2FFXo)Z1QM>8A8O{DJK6ZIyt%h_=bl<oDWh+@)0?q
zKMq1axu||A`+GxSm+J)f2em#CdP66X4Z1qF;E7hgy0XRybfzFAAl2T;*QBKS_(O~D
zHgdjP6=!6G41rp|2Wq`Za#`D=ER^@;oMMOa2J(tMv54Ewt%mYOpI7Wq-awzY?Y`e4
z|L*#LMP9K(c)JLEcZKkF<M>2=_;L%qVxMY}SL}}jS1NW$at!o}9nyTVvBF$ytYU`{
zf6PFD%j0~-eFDkibM-Nk^gX&+ITZE`w4`SPD(-Rnu8Uv1JutVlLNURa{V1myxp!Si
zZ#RhP%sx#*h31}x{rMls4&{wDJRZ_-ZnKTd&Z!q@Zy;ZGb1d?O2knhMUwZQ_a>WO&
zjV@n)3yd5I=qeB@`x0Gfg9gdI2ql=D*T5E4lO;x`8-+l|w1Vzl2Hl;!lzLRIG;)SQ
z<ig=_KW_-!)fp&TB!}8IB<Dq|bzR|M3_5>Tc&lBbu41OTKnXXN^J4)!cEgJ2mq1A2
z%>TMJ)x@cIe%XrWbw<{46W7BJn;2K8n+UPH0WIk!Zln)FLpWm-U*SAyg?Yl6{n*3}
zxlMdE4C2%pZz7>?wkzFYWD8@y25r=o2cvwek*y)zHg+={elt+E2uCY~gERXPZfh>w
z>tPVXHG=TnYV-{%=$%G(GTNI^&@Ib%8QB#gLG<plk?@;=_(ddIArhR~k4U?6k=_Y|
zY;{5w?=o6zq}C{8@a|jzLInf)0)z|(@&)*TMZN$bgKP8TGj#BWVU8bJAnEhsW9t~?
z^Cw2iJ_(+m8Ub+f`7`TT&zIQeR;arDOhvPE{DMpW66(5T783cNIcfcsMP6D%BBPH_
z7G6(ZTjZrRBr^KEwEos2e?37Vqt9PYP{=@DTJN=pS01mYA0VyK>816L!IjebCnEjX
zmd`#T`?#V14&?(i{7Xm!#Lzywsrb$4uiR8xVN>DEer)P5xlR2o4C1C92O<5771G#L
z%4mgjZl+Mpqa&zg8ACa7JKAw#(8O!6JJj%4w4^5nLTn7KrT%cn;PHH`r4{A?XZB+b
zV{>u>s@V^+Pg3aSv5`VAPlyycd16jZKqv$G%7Rb^@|6Xp4CE^d>KDjeZP3L4{%V_I
zk-OO-h_O`2;0Zxa98jhAK~5w)8<!?y+B9qeRr|A1Xj!-fN$@Z<a?<$_>(K|wv^rAg
zQFsKMJDnM*VFqgQGcetXMR&Jh2s(dvx21v=Ijo78jz*BI__D#>06(&h_xdNGbJHg)
zH0z9<)`eyT@>&;~707E{XjUMvb)i{-yw;s%k=MG<Sj6(=%M>ImJiXR^Hh8jh=RoVu
zh;**iy7MBL$NHF0t=qCYWa$FTIjsu_lX<o-@JpGBtk4Q|0cZB3E*9kK0xH%IVj_-(
zo?Q@GHLDP?O{JhpAzzn9kgc+ek(Yy#mAN#nOvus|Xh~-PNwmz)0KXZiRLp=@m;s#G
zj~T4U%>eS%53-dB0lOkn2-nq-La?sMRVEZGkgrTARv=%QkgPzyG9g2OTxCL_0{F_@
zV3Dg#C{t7>^yupR%6yfTIiX2fnUI%rBZa7hOQ_7P5Ua_))T0s_u}~ol;SdBTL}7vM
zWCC{PCjiaBt}rnqfbg~l>1Z1<nAtdHS0syFVIn0<S(tA@@P-TNZ5FP+gQjFh$7|~@
zj`V%l3rjmeaMmX6OLm*;<gj><d1K+Y7=p7lX<EA5Y)*bI9f_tJIzw>QCJoBi^i>&~
X`kx8GS({wml}(+xv1w(u-|GDrq@g^%

diff --git a/src/wasm/Hacl_Hash_MD5.wasm b/src/wasm/Hacl_Hash_MD5.wasm
index 16b8442342ef70b4d09ecf6759a06371ef87ef7e..c6c7b045a3db6d4a13da0847a3fc92289b2d17ca 100644
GIT binary patch
delta 101
zcmdm2d8~57W@g6so3}96t8=byYG`0!VyY9GY@>Zgm{U<qfk{EsktN5G5rnc7#5Swz
sh;a!%Xa*`{W2$4TXRPA}Vy4Z0W}S?}{E89^j0)mN>LoTmGrz$C0770I(f|Me

delta 93
zcmX?Bxvz4=W@g6co3}96t8*@IYG`0!VyY9IY@>aLpGiT~ktN5G5rnc7I5%tSh;a$t
kX$C4`W2$4TXRPA}V#duuW}S@uj0)mNYWX+6Grz$C0FNLW>Hq)$

diff --git a/src/wasm/Hacl_Hash_SHA1.wasm b/src/wasm/Hacl_Hash_SHA1.wasm
index 40ffd059753b1b103d46df0369d56d6cb98b7161..b345c0a6f97ec37aa1ff1b4c5e11524688ef9084 100644
GIT binary patch
delta 102
zcmcbTb|-B^D>LKz&27x(9Go9I8X6dwnCeV7v+>BY2y-f0DljQnII`q8GJ;T+g5_ot
tflMjESzSPNY)o}*^^A3TK+Lpxoz_7XVSYtx1x5ucB=y#t>-4WN0{|a^9J>Gj

delta 94
zcmcbUb|q~?D>LKr&27x(9Gq`D8X6dwnCeV6v+>BY@G~h`II`q8GJ;T+0_SE6flMjE
lX<a}yY)o}*^^A3TK+L##lh#2Nentf=B(?mT+w`w70{~sF8%F>D

diff --git a/src/wasm/Hacl_Hash_SHA3.wasm b/src/wasm/Hacl_Hash_SHA3.wasm
index e318aff08a7d65bf76da26645fd115f889cc1e55..3243ec79e02b4b850f6427f46581ab175a85b6db 100644
GIT binary patch
delta 1720
zcma)+J#Q015Qg{8KHoWZ9NQPjhwU(v4{Vb-wy_=Ci7)YnC;}lm{s0w{p{D|p0tpHv
zq;2^DP=S;R_yHhMQBzS-fhZ^t6fm>5F&6|9ij>{ioqgt=_tyLIf%W!*^?cv4zkWZu
z=wz+rmq!N&B5B|8)wRS!SH7_@1u6Axr`%3MT8d2}ASJCEn2HT)A}+^=QdDR$&C54O
zkgkbHl4^R>dug16Nz8x^F-qYqoPrEyrNA6fauG_FBI||*O^v5aRIk=blNm@-eb$tR
zJZmcZ;D?&>tSL{le1zsx#F~8d#Ko46(^T~oOyg;oz!}P&iR7N9$W%Txo~ot<b-R}A
z&Rsh0a~fu)$4xM~Dg@5K9L|HKmq*7VZNU7!u6kN4srPALdC6j|00r%15sIPa0&6ai
zjzUC7ks{VyG(Lt&?Bi?^OHjfESbzy5RUTMmh&l|G)XyP(rJ$?YUTz48uz-s+EK#S+
zRAD(%VTmHs>Ed{5s__mkQ#Jn*eVr9Lxgvk}juf5f{VbftGWE>M+`AsR_wv0i{a=yR
z2v=Bp#>$rFrEvJ$RiL7Ms6sXLp~6KgRI3tES*3`5s2XKqlD<z>JO}4+6>MCCRjfe_
z*Xi(j<Zz85)8g8AYCyb$>kRT&^@SXbZ&e-Y`c^fd5h|;5Zk^!u2)scND{H9xDI7Mi
zNg~ce6I<kUn{wNc+!jSf$ocWq2;m)UAA8-QlbwjyO^Qx<y#X88C69TTz1Aap-PK-q
z*z1n^;FZ<qbTQV0o;JA;{jilDSL;!cUPNA>B5tK`B!x-r&6z%K!X|FP)*qLRzu*7{
z8XiCp!Uqf=5PT4U2NW?pFz_&m;llv8VGDO)8;4|?q=PbYkRxN-&Uk7dyo2)Cv|T#6
z8!>I0q7$ZFfD5=sX7MtcrbjkyPn)*OrtPvM^)fTF^zwk-KHI(%zpLLgbU;WUV>kJ*
z6eCPP;^<rE%A)`HFiiAJVgiK9wiaCQWO^Swb=aI$L95>JKv2<SHir{Zr1&L;1pTh!
zM2>^AAw=qvDd`%LOQd(Xg1XhrT$f^>lvobf;mmd*se!fuhD4W$4ry~B!Nf;KTjJkM
zP*d8a5k1`Ks&|fWxhgjoT=l>Mhj1~BLk!}K`(XtBH_pEM`%emR)pl#`@?XHO4cPf#
Oo#3*$?$L|ZdhQo8ZZs_b

delta 1538
zcmZWpJ#Q015Z$};*}n5f;+&ntiA`ogzHFStmjoM|*vS&GKva}eh=RsY@dNTvP*8x7
zmLCBB02E4uM2D0nR7m^*>PScwAi>PuVlG0qZg*y9-n{qjv?oukZ%?f^1J{1>^Z2Ga
zZh7Bd93BeK-Y=^A$!A5d!I9P@`VTQ9KUtWCta|G$s}B=x^)6K?<S-9;9D@vw!x$E%
zP!EEZYNiXhG4Q%Va8CdM_iPoRC<Wypkk&&CoL$<8+lgH%Rw!BI^rImZS4FHyy-gK&
zi&!G?NhskI_&80C)3L@WimZpacXG5fAbf(;>L@)qC{tTmmT&!?SE4A*%DA&81kS(=
z&Vr@W!@nyX!0eMYJ<HM>Vww4<FWEpPyoytSiWXLdY9y?}<0>?$6605;h=o-Rr>Ka5
zyeeLR3pfXJ>L?dD0HEOzFoFYy1A>DX98$z^XyBqE?GxfW%;80t#|83fks23cjSCbR
zpDvEJ282&=QTwz+ZA&qq<|#Vo(=sgM3i-on_DQeo(~9<KiG5nqKArj*rv^1Gst)x?
zRE<Z~Xh<!_txge(svAC05reercnL0H18iJ{2CjjF>(sm+YhI(s2wNR(RWge~Lw~))
z(U;hSrX~|Y7?Ei*nI_>iV|XD&OeQpBq9P{K4{?J?Y{CX^k;9j%@p7zjiy}j0bF?)e
ze4;*POSh!J7WK7a7H?2=&f+$-@d{bXX|`CeZ1ELsaf>Z(X^X#P*PRY@w5l$2BUK%m
zg&i8wiIMA4#HzZ6P*lVqUKg*zRosSc{TcS4r{Vh0kKlR?*CV)I46aWR!}SeZRK#$(
zKJLIa?!pdA@YPpnxNwai)T_K!zeh-WG4(qXol}1uuHy|-&1qJzS5|*RtKVbwds_Xe
zpH%Pj1@FTlU0Sxi@2c!XRox47$G`G&e(Kdxl=coJUon^jfhkC-v#?f597xNx5B~k6
z08c#+8>>EeAZV;VUZ6WqWcbd5B)zr-x{v_3B}C@T3{0yZQ`Nhk6p?}<Pw~N**#SLr
zgU3<~^dPXKo$Z3J!EFN`p{EGlC3-F-8U3Z<oicL9)Mq!a((2Ayui_Cqm&zSXfCC9G
b|82<pE8h?MGyj#Hn6jinojHEJSugwnzJD9%

diff --git a/src/wasm/Hacl_K256_ECDSA.wasm b/src/wasm/Hacl_K256_ECDSA.wasm
index 3f9a5db6e56bf1031581ea79b097df0764720c8e..d1f56f3a9f5d59e69b496ed0a8abcbafe74f34f6 100644
GIT binary patch
delta 8349
zcma)BYj9OnmOd*lZ%ATJNJuUr!L{;EAPJ9<5JE!EMIPZLAgH_|$U{vc5CZZ_?nQDB
zjf%E-#p@eEpwSUTQPH-2|Cyed?$PP)nVP9_s^*7PPEXamYOJa1DRsWJ&$*8ttEMKE
zx@)g})>->oYwxqyclLSyhwRfoWM9k9%lPkauHTgR)jo>Gz8>32bbWdFhw7GcCeC)U
zIE%CGQaP2u_@Cfd5|CUDaBjP0<^6|y?3k6E5w;^)vB!>#U;pm>Rig6Pl?!E&a))ql
z0T(-24h=bhp#d)DT>BO&;S!m|xt!0IT_&X=izjjE=$MqjbuhD+gHBdoR<C0<SQc9{
znakKhAMS6otnpBU%Us-??1)M^Pxe$U@4ziVhXy3*#MkbnlGwGQ_VxQNUd|{y^B90m
z$_VF2C`^&U*p$mtXyWyb%R8vpl8IatvPMHRD#ct3d_}Qu^JY*{tS-N?C1j09Lo_bT
z6S-LZvj`U;HZLZrVk@Oo$G#{G#$N8si_~xpi<;L+E#j&}Ty>6>jH?Q%sWVAIP*Ts;
zp6>f>;9Bi&<a%x#1u|*kCYi?dGM%UKbXS^Hj7bZ(sMgBO+!~b`=$zroOrGg1xN_4;
znZ-?9AN#njB7&UF3elL$?fB(JFP;u=;3frF%N;6wL^R-MTIMD}4J2ai^l;7NxjfI{
z>f$b$&vT`l=X19!Ju1dz0WVOkmwUK3Do!za9alme0<e>^kh^$pd?}Fuw$K1uqQK^P
zz?O0+cX_~;rUA=H0_#fvLzkbhWgf8Q+{eoeuob*QR&t-L;+4G0mD^N|$!cD$+8Vx%
z*F<G)1iforxt(t}z}E2!?sH{5(zV{z#c&6&=R2ZuC*NtV--Qe74BWdE?s5<A242Q1
zJh&Uu;ASS_ZcM;Mmk)Q72RE{rH}YnKcMETke%>f|b3fnh%2pL)vW>T?b`Njmd!n)(
zo!ed6!8;6`oxFuNy0QzXb{V+$@-DtND);ey=KB4(u+zZ3U*T@{;12L6-r~U>n4q#w
zAD6nAOfHT%mJDK@4mz2sbqdXU@??msq4*Iz;6<>Thj_OMU=Qz+y*wntyqAYv*{5Pm
zMtDTE{k)I&N96!I54iFmKWG3R<UKs($|2x9qyfyA!+eMjN970~F$PC*<)De+s7A2c
zi(r%=;5}Xhqbh)DKn4*&$sY66jPZm<tHC%3V{ZwMi3WCz5ZN*8NXgJFd5Ac|miDGL
zmxzlkE7cQ~<HWG@diXf$h)^)(G18=6KX$dcAos6NV0X#E?h<?bgR>cI#U8zOINm=%
zl@VZJ>?k%DIc--?M6vM|Ir&#k@<gXW)lxKqP>Y=kRm;$*fm-6&ss?!y_P<i>aAh)u
zgHpkTT%iaGc}j;BfWVGtLrm_lf(Wt_F;=F9n9o&}h)pMru>BU|q8F)csh3I(qcScN
zXi|~GzLiXMvg8)NCHCc|y4Yvemq$2H_o6Bl0jXADOO1-4)T&^q<0`K9!qc5h!>jSa
zYd}N8tM$TbL_@=?^TNaagk7xxyILc*v?lCl!Yv9+xLLy!p59?Cupy^;@wFnp*0lJh
zLQ91wM$;<ch1aU#wZ_-%rAej^{NW>ayz7ToFjHk2;i5=JI46=D&Wx0Vvm%+{>_5`8
zP$vq)Ww@RbnGiOmNCI)WovLqq6`~s%Ih9<4B^iHd5jE!4axGF&C-w0!7EyJifg3_5
zy$#anSkeT{O=*~IX#Nv5jZ0EWVr$2mZ#Iu}3%2!^sI(#~-8N_N42+2FJ<Y+abO*C}
zmbCHgSV39yY&hxC2M3#TBhTbU<U}jyOqb_}BHEhoYF!(TYPOp+Pfc-JL?yObN;eGZ
zUG5&29uxC!Z0I4g@)u}i0ca4mCxW~{P^`s4oKAY2*zmQ-k98q0L^-gN9lX#TcjZ<N
zc|ClqB5@RnW02(b$RaGn#k?2`aZ3DHDdn{-;U!*X7dtd4i!tD0$6B7C3QM42FkXTX
z)R|{woUL3UOL=MN)8l{p(67FX|I^12y}mT`!6)bc@cS2T{LRmy2cU;FsHGuj`Y`pu
ze_vWaMY4=DQKtLi+is<j$;)}UtiayiX9hJDpiklV#lEa6&0NVVQ@B_0Di8Nc#k~@K
zSEk`ci83x$`M5nJgFADT+-4Tl9#k&HW$|iR18i&IV{JM%Xnvw^M{!Fk>-ctF_kWc%
zUc;uCt<e>t{?}>@Yt864Yo~1B4YCoHX_Emme=~3PV%aQP0Hhy4`u_+>e*(zeycCyw
zR9pFO-WvP6U`2#?=rZ2PMX8Is(k)TNP{Qt&`}sb;-<1IsV=~Btstxe~4@KnxbUxt9
zZr*JkjXhYed(3j*i<*eKsKKCbr^|c2<-Rw$+yfTIMTq?-L|aW|7`B^S9v+u{-g-yb
z^49x^#u|WT*1Hiw9+CZs`~V_9kRCbe+J5x-0UzXpD0)T74nC;s{SZIs_3$B0_5nq5
zz(cYR)o&3W9+x9dwjAZ7F?r8l_M?mntL8^_`5eW#N7I(iC^TL6qlhGBWPIk1%9z6v
z=5So@p}MvRqY}=8qp&&(!x6T&<nt5JZa9iGTWLndQGNu~&MDM_`4Gh)${-I}H)`W?
z@~}OGnm7mpI7Kt%)s#;I@HqJhebZP`&7{iXB;&;RFS6Uqc?>PPu^i8RlsHPsC#c&c
zcKv~(W}v7Jgl1|Wm_XM|xQT&$QynPclAItO)9L<+kpVerq%98{8I(tiWO<YrCMU_O
zXs1k5Yudx)6}87mn_AW$A+N4IPTJJU_9%I!?We@2NS+{mjN~-&<3l7*691GWMhqM=
zvzwyvBpLzjIgN&`jVI91?dK_t@Tqjda*R|@)jJp)Jyr3bVnIEn0T<p3nqpUKF3%93
zNz3Ka#83OVJY#ZsMn^(3l}ngF*IYiG$fa+pt_z+fi36BCL;Osd<7bJV^&LNB96zIu
z(M&mp33PS*Y{Ic`s*Zb}C3%iGPOQio%_6(L9JJ+Twr!B0LcLUIPt_JK7HXd*&lA@8
z3&bzPWd+rDzexNdhSX*Lf<f_uqChi+0w#J1C|)FgvHPZqV(E({FTq^S>Wyd9XW)5K
zJv9S2qa2(i5YPlk_J{{;Fb!wbS^U?lDKGbBg?NtmoCond@p&KOIRo*Wj)Z0kB24rW
zAf8V^^i2)K^CYh*#0z@kg>;B7lj<pmg@AbB#}Huyh!^0jB!HQ`NPIChlU<jHFZnZh
z(Ez-t<Di)W2ovZ!la~@RX-wni)=+5<I^}2N@uADam&q$$mq}h#*srO(*V19%tSY?e
z^Z6&lKch7Lbz*eAPOe;mAHG6{9$h80_$o!^4dOS*6oPBSuM%G))B-f%3neYrQdbD}
zHO*Xw>6SN%-z0g9_$`v_x|H80emj+b?stga@e}a2Nx<8R7|m1yU;<qe@J=EDzNwCr
z{SL{yegbX~-|!P~gXBF;!29a%{qzJBs_G};=fv+)n*ISXx;{VxexV8Yg_nR22`&B*
z3HXTkBQF6T6Te6Nu}Q#tsRY0^67aqPYc$>R3GpW+pAvsc@)_|FxV;Xy5&n$a@p1W_
z`1AN9>*({`51$2JF2Mm${EqeXZ_F7o5%`M%ALlyBcd2~5;!MO!EB3h2B)qqjf}0kb
z{FG{0Dpmx=`j!^S*GVp8hydPjAZ)zkKm_$YCuFVRAby5<viU97U%dR7n<~7UD!rSg
zdN<)+B@|hg6>%t=r-s6*)*a}xvbi#i=jp{QuuJdr%_`F9;krEi6Xq$7wU~JrCq5ae
z7o;jApc)ClnN2bQ1$ZUW6O?L`fHLoupav$oK<YFB)kr|h{=PK+$(@uPspkR>zd?nK
zgC2+=PI>Aze7rs&{6_QJWWt}O*Dbs!nVXuun_9e^@P3dCza<$yT7F#3|0{e%-yFIt
zMSXp<=|2u12TB_LjA6WV2+thGiIR;YJM7FwJZl)2Onx0pX5#^B<2E}WbCf@s1F+t9
zoHi*T!SxPq!xkxRXwF66Ad{q{9h#=79r1a_oxZWYT+hNC^SE7b%)|wDJ>F(e3AoD^
z95@wnzG?NqW&yZKFZTj~6aO;X2Y~aY1b~Iys{r&h<yHWIOacf&QvjhPfJMHs0??^m
z%pt*>2Zk=>JiAktqOT7eZ5c1afXic_{Ia?i$4!Z`R`N0(YZ<IoVJyhxSa@A9W35Pz
zb(?RjW9ccyY8+dw;U&%lZ2f8~YeCT0+W9!6GGu(6ih!(FVdH!XB8c-T2$s8WIEB@-
z-mIHD%<rA%_b&bQo`of#^J(5UV#rM>O(6AlAVapqzq^fs@xm>X*V_-8tVI+Sck^bA
zXfv8y5fNlEqJF)E?DczP6c*cjV~t36ihH<Uwj*0OwL-Rbnr!XjU5RYni^DAV-T}+|
z;2SdOdlxjFnO(_j-R~PGeB+u7!uJpl!S@5kH{J;nzHz#wzK7s@FMLBLedFB9_}-oL
zJ?tANeDCAkG6LWGc|Uv~FurkcmGFI#_p5Jx5jX_jkV)To4KThRO!_|T8>{b9+;M~-
z6i|2>Me4_R4F1EZ%r8u^bQl~1Bh_KX&^FW>jpR5Hy@vewd>tmo6XrV5CUk&TM<hzl
zzkc`bw`1aJ<vBrsdm_E^Y*#f!81k`;o%j)9z@6a4FvKo?!W?|*X+1cy1^SG~AKdv7
zLLiS)atBxm=6uR4qObyK21Q0J__gG5MWL-^G%$v)^L@%Mr!WJHPTZs+=}dxBgIJ$d
zCr_%AC(}bYZTR(e?Mwy)A`P01xv(vd35y}XV6b4}p5*{|rMLNj(c)gj_@s$ZA4yQw
z)3`mT%v2jT2&ZWTlyqv3B_Nc~QRoNn@1}9kN9cHcILXiZ-M5V6SPUn6X9-<+jW`Jg
zYHqN`@g{)_FB?u;feSC{h0JlhPMnBDl{JFS+Bg6LC45O~9~dWiAHPh>+Rl-HiGdD+
zF%9x7ei)!!gM0x>00F$J%0(zPl-E?b1Vvvlz^Vp8wK{O{VhLE*QQm;92CQlj=h8>*
zc@hE1x{6d|r{_Tp6jTc`ARt<hwtz=L1_ewClEI}wBSMy6Q{GB7-=xqh=g&;=i?gr!
zX5eebPyYKGH_m-+`PUOY5p?-RZ&2u8zP<GQ`K#aLc-1-2<7_}Sk|<q>ME5H&vysqu
z|MmD6fBFy4-Q?u}bZR8@_h0?~TTBtUG!r+pD=}qWK0uukT?<T7R)eT%V3vS?K?Vd=
z4AKS>QyCPHFi2JkHllVQV2}ajSCF<cEXbg8EJ%*8*hbTHVEj3a#*b{Hig;l?<?I;Y
zU;5a84LklbC^~b0smh;2QM_NM@)uBa=Dt+rS5S23{z?@yVcCwAm+erV{D$~95Wgk<
zEyVALe@F382kG*S^Y_ra!ovUj2}s>d8R0zd(DTMW57WVnoD!Y_;v65^k2B2*u8>Nu
zl&ShbEB?d?<wcZdX^rMvL`M}oe3Hh1a9pd8uO<O!#VMs)4~Jc;0k^C%#J!elxHhUM
zriQcEgY@7)sDaZQG^RUf;zpbjH*E#|`G0==!nZGsW<GhzY-W7uV!+Z9p$3<6Hma@J
z$rB+9Sn<S5{M>dbX;VvSgTYjn+s0)M&k04=;47#lnUcksoYju6o*zGq{N-kZ3;g_j
zbAV1|<dlJaB7fmS$RCm=7#Uu#9m1J#6<2w=tCDKCszL5*(sGvv&Cgvect%pG<65qB
zr5<qVP3{`-MX(_XzSwAThtGnVyJ<*Q@}BAG4w`wo;2e3YwBl1?t1B~9=pph<)n@Sw
zo)txkT96K9aK<SDM$meA+>S3k)41Bt-8B7vXmZz{mb)6wT}|vCKP|D<P&#n8xZE)=
zbG=HidPCmsPVV&1(>gT^0ca4mCxYB5^N^D+<fJP-Ct!Q?(BtQ&o4fJVF)!JH4~#fZ
z(+`fugnM*lb}5)H1v6(ZzCum_U&E=A#S`pl<v6XzMCM?mEXmeS+B%V6`x9B{Pvo^D
zbS@*OoJA*c(-<ZaGl!2J)d<o5vO6E#-kVFD`omj2aM!2dE`a7^ZU9kEDvel%jj^#(
zoPaj#q=CMtF1Dsy&fr$e&<sq^OrGUpdLYJhdQ_Xkvw2PwQ!|s>T`=noGiP&=^|@xw
zI=K$hS?AALi;E<iIqOW$S&oHq@h)=u`%+u&WFBs=aq;<8x{}3v_k4UQ!2V)Em?<;D
z_Ou|+mu`gKgV1}@Lr2cL(c^~?qOH6=*}=U!WezX!de~9-JvwDQsO}}1T@s3Kiclqm
J;)f$t^*@2~TN(fW

delta 8348
zcmZWu32>B0cK&-L!AOIoUm(Qj0KKPkgig?fWPvmT27x#Y<}k(vV|++}EpZy88Su;x
z_*~erJvLt37>v&aV`CfJtPhsmt=&zW*xs#5Qk6}mlG;?fRmo;6aV3>4$N66OKZnbd
znAflS{jb0Gb^qP(?>_Zy&a>a<T*~ozoUblV_Wf>59gF{dVu$iv9twY3-Nui4NKsBO
zo3bg#F5$;KgulF?#a_-OFXeVwmhZouBS)+pPuPx3ia&NJdil?1FRBO^2eX1Xluvdr
zJE(RBy*r1=rfGI1PY){i%cp7ShG~?Gh7u~_8I(&?$g*d!KV;Di@{dn&DY`4m8lbXZ
z_R{QupcSwzvbdZ|$wD0*H&|9Q6roZF54#nmRy4*HRBm*t=*BZ;K{d=}i9hXB)8m&8
z+n4V=|EkCL&7%N6%@dvyvE${hmQN}Qdm<_v-+lgg{Q9eZ8z~A|;~_Q9Q)wzsqarS*
zX;kd+bP*GRShN{5oo2+?k4nG8rBoX1zi@)fXet#sTn=RAj`$Eb6)~PkGj;ncG?azZ
zghR9N8v@{vigG1_nkr~3nJC{6t_*q1WTlm=_~(WG_?aGGq?)RU#J-wqz*8-FstsBx
zo)}cuYW6`A*HM+xU7z(-Bh>+_qrf;K<pyft*;L1kG@BY7ZW1xU&D1Pf3pG(oj9XFJ
z>TnyiA&kfgo<j{(=kQ#FGgrsiPIIX}#vRn5<LpGk935vTekow$?4o*V5ZpD?CBg-&
zhTQ?>?iAMHBn9&f+#c$t9u2pbBE5VAb#ouxKz$C+7cs#LXn|<`G@troJb=mphl3Q<
za6;5e-3~7Vs)ZWvB3ej`VtgarsM{B#A*A6h7PvhI?h=|uy$0@*47i?13h!VNuP23f
zslmI925FhbJ48dgoCbLXEvFR@uM{!Ct7w&It7#>zj`12)u5tJ#x=F)XOG7m1@H(Jc
zr{UgA>*(efuc!6WzMVIqWv#}$LGUg!csJ5g8Zvk{X5h_A!QGUEiz;_E++yHvrcJb2
z!@ZSm<t?-+URv0uHpQ0}_U6~nz2dD_-lW?2(Tmd~Jd7DP9L!43IB4db<PoZZ;(Fg{
zyzinB+NHhkrrmrWjqv?+AKmZpsE7$3qcPF;&?xPR@m^H!b$B1`(`4+Y-8ACx0fc-&
zlX0+@4$#3EKR^#?gF|T9ugN$hWb86z9HyPL+mLZs1TYQraGXnvZ_jJ60{TfnBCItN
zc!$D>DEytZCPEWrp)S4F;H}M1SH$>;qKMJyh>||S(nt96(TiRAxnCZ`8Z*fg_QgNF
z`a&YSUmc8~UyBO~!ppV@n~OyFvC=>g7MnsWogEjB#jxhs!6_F`P*E@->U0$RP^Shf
zL@hy~2I{n+E$R#^#zHh5t56A6pcz;u3#eQG6;N5X<%KBiw(LGgf4AjFv=xZ9A~RZO
z-kmaP3QKl@)`o%Bw!}*X!it}|ToV8BN5083gV{WbX2sRHx{gY!3~7s5K{dj&;B;2d
z8cHtLmC$4dsDvYNV~pbJt>TERb3S2%MR>VNgw53={9Ge~xRx06RkI;$n6Oc8*r-QA
z*r+jV1W*t*Y7HA$nXsPKV?7ICF>Am|M${|-h?;~AqEI8~fShgEXvrF&mJBv#LQAtj
zT1&IhB7@wL-chE0;zZj|zl71A;RzQ-JmE=^yl_^eIGi2H3g>)B&&H0EA1*=rq=@gz
zuS4peJb5*kvj}x2)h6D)Q8nb&0ewBt2NG>Js_F<9XG1a8XbfB<pf+YewV}B$UK16k
zm1Zp4%~-whYP9H=rj=T#HRdkhvVP0z%yY3lryR6rI_RKw?xc?R^X1L$aMCC57na)D
zSmtMA;AHEa>(KmAL`w4=*~y|YA-PfLX-r%zR>ihh@&XtH99j_N{=~I~s(SYT4TSXT
zG9Zz8p+VS2_-TNHh%<yZLz!{%LJFeBjdc+%qJCgcR?s3R>R>frXlm$2K@t)qA&n%r
zpBH1^E}<m}UaRUl25Hc+x<n@K5_GmCW8w}%lZiX%PF!Q89jzGTrL;73?ZLl0`q>wW
zuRe)LM@vIjKRx@ufB4arzxfcl7kXF%S{i~TZ`(5XUzQO}5f4!o_T*)WIeS!b>2g|*
z&0z>8(&-BExJ;lgi+@p7lC_dn8qC-+4Ca-Bc_n<V%)q<~nmoSB#cYf;=B!n`+DxW3
zv_>#lw1#g2uC?&7HWL>#m*91@I<4s4$KmxD$n|<MZJ_nEA;ueNqh3Zg(I%Npx6n<5
z|1vwIkF^rRT68msC(|UF++`&`D^}hDG2qR#ne|R%fZay7nb>aQ+wsI!0NeT<U|W;G
zwqcJ;DR<B|y2Ih^0JdENyOXxloiW})J2bGn=q>?vHx;FyxhK=Xy>t%`)4lQe4SJT3
z>RCQUx6|EpyTk#<cRMs@X8BmgEZ-`@Z8fu8EO`%1w>Y#X%6rW$$M$7r`96uv3r){*
zE&Q~P_an{&i1R>ZoP3b>qsAQsY;d#}*pn6XfXwnkbkNk$A))zzAUR-=?B&C>m<~sI
zJeb21G!f^Q$`dDxl&>R9VMFkQOr8n!i%l=JQiq|*<Ow4Z@o9{-&%7{4f+Snrk%U^U
z>gOL-bW{bcUYH$0o;rdictbJm4kpqBheuVjm1!C;s+pdDRPlo<SjbUDQI$|$WiZZ<
zDT*nBGO9gC#WRX&&oF^5P-Du)>Y9q@ikM<Y5&nwot}^V+j<Or@0l~)<9ZS$!pg*qY
zxZB4u-N!NM1I2V7Fo7<898dP)no1v$<BCsU-<L6eNJ}q2tfkG5XzAxiwIqH_5lkLd
zW)FK@7iAZFM44^u2TF>vkv*!+PIgjBQTDROl-bNqDSBM-4;B4Daa_^Kor<4ObV~7)
zih$!uy^x~t1PWfMiKAdk;fE;5>hqLD_!K_BQrX&rO7!#&2V<?L_c*ASRZmI41qJk=
zvS$j72}KD*<I{?sc4<s#8WYk9ifI~Q0$pf)I!U8zDqg2Nt@s&W;?s&w8=ucAde-%M
zTKhaLK2c2jgb8%<`E1gsYbri_o>lxKMb9V_yo6$rU0;Tjs(@@8c~PM>7230;gvLVD
zVP-$4=s7d9pI7uedXt&`oCffm06;Mf04CA|0M939wreT?mOQWc1(@?0dGJgo<(8;v
z#tX3epHU-0{2?05C6j2u2DG0MU&R)_T}(d4FDl?XtLUu3c}~$e7w1`x^Q?4-Vj3q*
zqzO3BC2_i@;(PF%;+F*Hd3o@BCe9a?=xLyZ0DAuWKw$%*=i#h)G6wNwMK7B{d_~bK
z?jXLbvArx^pqR!66X-ICuOtW2H5F_*uPA<1nO)&EMXxEdVZEmKbwT`wxO*cLae=6Y
zME<d&S5=07K@qAhD2Fe?4_#DxlXz31L~p7XUs7~Q>7C*&MQ<tDE8bT0x+48sh;h+7
z89G3;ZwS2d*99|QR&-hMJBr>>{H{#n_Y}Qn7`US7ip#)znt}HOGKy&iU;<qjxRPYR
zHPsAUQT)Ekzz2#xa2fbO@rS~|RdIJUlYv4}T?T%l=zW!;f20UiAAy07g@KO^1D`0A
z=o2vTsiIE}1J@K?(+vDn(T9rkZ;AnQ00yoKyoL`o1J@N@SNt<YKU4g3MdNV(E}Tc`
z=gNsj`4@_QkvP6iUC(|08Dz%Ao^WAe?ak^xiV?w71TZyYIhvBN$JJnjrU<hoBE0yb
zfw1vW1L2qNnvk`IX5eR(a7KjRQu)P8tsg2k4^^0lW}1iakrIlm%Z>z94$TaO)1~#O
zvvQ~+BWpwBZDN;M=bDvgBzx<8@{cQVs$?yu%26irq+e4;Y*mO2$1SO)HXq+KjCZKY
zq<S?}gIvEFCNlc9ve#A#vsLn48p#&|>IlM%PXGv;10wu5qNx)C>UHP={fo~65HMTX
z@mXLVYBCQsn}=Em>AxFxbBX|z+{l`~OF(c72*|8+%^JT?08WF1fYwoNBcirZd`{Rn
zzr&(iL~};bq!|VsbMb1lQ@icuj>NWcRXxy2oqC5yTNkxs{o{5NyTKY{Dj(^DCIodN
zHgE)sd9JY>KeTZVb#gC`bn@+boCINcr(T<J9#lwEbZI`GSbz+ppZd}DKw`8;>4UQY
z3|6xH5cNy<{V-jK?jcj%2cb##!BqG7+R(<*J>fee$cvF^6`(_(-NX2H;6Y?u_%c9u
z%M#aix!vLDC)wR{S}Gov!gK|?gG_Zd1WmddN_Dr=H8zJWt7r)4M2mxYvLC<@r$wu2
zjXed&MXP1-*NX5mQg)d!H;eG&s0f011CEI>an|W6bF=<kuYWhluXzy`BazSWz6lU-
z36iAfi00PBA6F}X!rr2M16yc|-X39a8*P?wHluhu!huYMvqhQ^&K8sU!D6dxEaBL^
zjkfR|U~4;VhyOd%Y$0n;vUL}27x&xo@ZE3^nR34any|Ga#nwHpv2lMd?cia!AE6Pr
z-<fv5i*_a5<3LH=kHGzXa1WVskE1H>epkx<{jRZbKT5lJ4DR>P9=J!YpB!t+_ua|5
zpZ19RJ#a4>K4i-MK4^k|U&{SK*I3*a<4kKGAHs8oF#zK<jxHwB0}w(MpB#V)jY}Wn
zu+<4T3aL)Q(uPjLsS!X%Zp@{ZjYz*K%t)O7_|1D?PjF1O6-NQ7lew+jA!<4kn1WTz
z`CcY~Cy`vkPz|#aKXS2TIv*EzCuCE6Nb+BV@UYS^|8nHVkC?3y7D$pG!eb+_g7%nn
zFQrrvForH%J>qVXFhdUQJ|unJ%Q}PRlj7l&csP|Az)77q-yxN$FeHbLi$B|vJo*Wp
zM?a~MBqLuomcvMf&7zagHHhq#^cG>Hv?uYbADOEz*pj_UjhB&`O2IM-Xy{w>Z*o-9
zOXRs7$mmZiQ(YOwQ5FvEkV_(Y4WI>Suh?5rd<&rA1xbYQJ#Ye9DjKq)_#i-a?iqy&
zd=;FC_kU3mIivWzq8F7UU&F}u3}hr%lJntP0F)pX8m5<^*ic>*<vbMmCP0caj4Z6%
zA}DVtIz$_>o*-8m#yRjIyO)tUT>z_C$Vt*u<WC~KjNA#*=1UP>@G}x8RFLFNZ)0rT
zJp;K^vUo{_&YgWS&)tVy%{6;dg&sWdr#G*>_<PH3&!};2kh%T)*DwFy*^B==$!xzq
zoqa_Vpp7NBCPX5;1QN2b&^Q16_~*a;htrb{2k%PN-~a9pUxQ#&2@}ZG#!@3>__&g;
z>Nlhyi_(E31Ji*cCDMUk)zZ&BNUL<<$gswQAtY3gUPf*OX-j4W>1X6ski<x+;Ok>G
zo>;U^HF>V9gs)yzY#*avy5K*9A^i%94BcOe@@psp_^(Cz3n(&lpNsOBP-N)75Jitz
zPSEn@1eK4!RP-gpZxsCo;<t)^d*#pD)IS#%{?BnFVv}(oZH^?b{M)EH;K?hOq_+Ym
ze-(-0y*PfvMU@=ya;3g(`o|A_5yE+?ENn!~=&}m0S!Ragg@(6OD8TV;TB$*rQ{!+g
zQo>rDcGpoY)y3p&Q)k=(3P{%tl;L1@rUP6@aT7Ie#rdr{%M>xet<)+fn{7DHY>OfB
zXrei|hoZUKsT@_d>qDFlVq8%%V96m)gF_wW5T_&K5U0wdUSIrYafcYPTv}B+)EVV2
z>Iy~H;11N{EY7AZ%9cCN>kom!Tu(UPW$<72sYg9|a*@ZCxVEfJ96SgH!51_B%yr%B
zO}_YwcXA_{H+AXs(1$Z?m%KWp6Dg%0mvi+F2LLFb$!nkhHN=qa&DL=?Qls?R1in(w
zG-o<!p=L1E0-9Q>&EYv4M9O*ZTv6L;j=8LBr49$jyq(%9LPpqf&f85j;8m^(g}f$*
zx(#{V8RXRpd9`wyZ|nQSd9bW<XkL_i;`~<iZscd?{Hs@Hj~5yQ5;YNi!VMm{?ZaH^
z%gB~}<}xoy$pT#I^&rGPw}KYP`Ip@A=^DbTYM}@meS)L2hX*JR85z!gEXuPR%W$TQ
zQJjRHvN=a?vt<;&a!0Yy9mUrVsTVzYEPPf`88Y=X6BtEYvEm*A*?RKQwGRjL<~_jq
zJUj+~J&=JtADTOq4M>Ai%4|%-+3|w%3Y^4CAFa4UN;S4+TF#+14A2~m4z5xiT%|%x
z$modHMIF=?!^q5)i_Cd6PY+oSNbk`@){CpvR;qW0tknV0`e?p4HDq23{er82d~4WZ
z$v5EfT8D0ka-ZIzchAR(K9&{>LJyi2w$c1FA4#>v{Rq52GjOoJz+}wg6Dc<JAx51-
nqk@7mXd#k^WH%3qdt}qY+%G_~`gmbtO+?L93lsN6RMr0jYN%5)

diff --git a/src/wasm/Hacl_NaCl.wasm b/src/wasm/Hacl_NaCl.wasm
index bb7e23c308e538e97a8c0002309902f66d31cbfb..1762f27f45e6c41e8de668d97407726f73a6970e 100644
GIT binary patch
delta 507
zcmYjN%T5A85S)P(0=UU0CLZKf4eNp~ivr4HRl;0IjC%4X3=k9JT{sx=;BCLac<^dM
zy!%6b1NQJ(N#;=1(^XyFpQVq|S1Kl_v+dY#B=Pn-nTSZ_sTJJEo@Xx!lF1$HDLGVg
z`4D_3y}LBhjQg4!V<jj9ld>??k5F>NZ$LRjm9-{$2!$JC46&t<B0vB`A{bPF0j%4K
z3S`5!;<T?sS+FL^Br-h*juJjoK_%E6gKUQ7Xpf1wGJ1<%IQnZefa8f(^TDb)n8$bf
zhj7S6fhusx1E|XK>W187#tUkPN(e)%qeY3T+Uok4r`K3sQ@C7Dcc~7SE39V`av^-w
zH=+jW%L*FHMNTvwP)!@&o<dR+^8XMm4%tSNIvmvJN&ZIA4zpFzb_m0uXNwZ~+Bba;
cLJLJ?kyp|(=|b`S$0_Qf8@yYE8O&+y56Gioq5uE@

delta 508
zcmYjNO;5s55PT164VIE7CdLTDEKrNuf&vPH3hzQ<)RTWeuRu(Uci~{v#0yE!o;-Nf
z@CW=u{s!IhQAyrmXWq{2?7ll6&ZnWv*Ku6`iNr=P!=Z>o9_s$B{y2V$kxXnT*;Bvr
zj*?hK(*IiVZc<1w(+OB@pagBgq%=(REtKr@>rw_$Wz7K~6fU&^#FBzR1Oe(%78>QC
zf#z*_1+rmV%e3W>66?MfGujRuB^pBTkOFK@LN=G%(KZ8duC<jY2mvSf>UZIIV%EGf
zYxb|>Yn@#<<RV8NTq=U7#PZUDyvT@m3>>_$46XJi6qN$2i+!G6W_elRY(Cwk3S4Gb
z&mv^P@_ur*Dk@V3)#)M!0qjyaFuXd1q#ES^73y&52sLVO&?Zl6E(C2bngu-y%P{Ei
jgra8Pn>;}lb>xu-l(bAbRebz`K`pfWH!C|%na}zk=AmGM

diff --git a/src/wasm/Hacl_P256.wasm b/src/wasm/Hacl_P256.wasm
index 113d780fc88014d7bf47007aee3d6843061bec5e..83a71ab29e05334d2a59c1cdd3a5fc530097d357 100644
GIT binary patch
delta 1427
zcmZWoOKcle6rDF7Pn?XKO#BJRaoT$u(k3*B#*Smhc5S~&n-aUYHcgtJTk-2hDH3I0
zW+D<(T7)Vzi&=Gnx=4kD6k#A6SRup)@!51iOB)HXMal*c3&ee6QyW#XY~T0p=bZD-
z{phCmgPY#%x=;S|uf}!X+Lrd<-Su_JBby<s+xaoa)*IKhZ^&vGq6T~0?rV%49)cm<
z5Bu=|95AdZc)5fgRKNqulq6~2ZBn@`n*n?8i%t92Mo<RHffO6IZx=P^w@H??LwEb9
zda;k{bWZ_vuFNR~E{#eO_$l(e!I}81K@V3zzrxuSI$Il)Bwez9*d4OJ`pn<e&jAAv
zaQ4R8plGZHA;_h)y>c(wElPvWNff>Oag;+4Lo_K&lfoU7`YCEp(r8lnf0L4gCd}Cy
zhV2jUgzevV^~Rmg|7O9TZxB7dY<63+DO=2(w$#S<j-f<~P$hw&NH{mBm`1(?CDEW{
z^O1q#8TSU~VICJ?0nfr&(he745tm?zOS6i_B`+|lHrNI(!?MAuxB?7TAaqiX;3{XD
zreO_gjjLaNgM;_qAsk-W^biKs>NZ{d&<m12VZZX$uzl+n%{Cu?t7;Gs?{@mpSRYA*
zAqZg@RKtRB<NBlTjluixQ=eYh>~;Al<{?WZULI4o)UB%rnGz|$Nx`eo=Jf(_!HYXT
zjj(~yIrj>SP{b0H@D!XPVlEq!;6<)r8Opj3PdoSw8=kH}#gLlvRG~~yi)En{Jr4br
z{<A@aB6@PD(9mY`8GHOeBuc6CP!R&cgg!zd(my?pi*&wZW9VsT_XyJpLOiQkwgStf
zoP;$RQ0sX81&W%U!gH{%9h`@AaNhnWIuu!jR|W0WHtp9ajcC_g+T*XgS9k#~;6=Dd
zlr_8rmo&T#m%&F9RqO&4y2M6&?c_$;Q(Xh}N~+bfQyXQslpc_9f;=39nDFqS$vDKx
zzht_Y5G6)<V;zFT#W4vI7q)(!WcS|-72-Ha;}TSm=pZ;jQQO{rvUlPMdnW{)glH0w
zIJA}yrwCONl1)@8NHtL<1*#+sNp_%0Q6x~MTBw>yE~*qx6RI>7q&rYeQPf7Yk5Hwb
zK$RA#()QlL0Z#@pPF0ALg{<ou$Osr2>YC|*k)=quCEIjMD@nlcWbxQzU%Z)voa+n7
zVV=Mhs7;{*oS&kWCpa8y2L^C3>NrC?GgCL%H9QV8aC{R_zzLrJ<UO2)Jj@EO<Xc{$
wQld~009bzO?(>YPWmupL=hLHXY>-yJwfE0b%egvzE!8*No!|N6C_57R7uR|_Z2$lO

delta 1476
zcmZWpO>Yxd6n)R0*v4bWj_m}AkmOttX;K=Bjj?NoB%UD<5(iRK67oSHfwlw_^$$=y
zsEPX#RCO^D!>U!)MOKv}nUW1sS5>>J+C{~p5~<o>kYy{i>V0E3G3w&Y%zbk|&OPtk
z_vuE<mm4ix)qv;WpS6zy<xTy!4<9@bUQZ=q1?_*{vugLYHax+@ro2yGXh)Z=*ZN=S
zMmP1KhX9yX2`z>oFKO^X%Lt+Wu+AAgo=Tg&`*hvjsl|N;D1?yx)05ugVT28l7Xl$e
z-ldSYz#pQh6%5hGn_;!RT1I$4h`d7)*_8=XE2odJW5m$L|8o><1y<SDbq^XEB6m3<
z@0I(7hzk4u(;oZVCqaLdYqz0I)%L{@<J!)zZSwE|RVAjXJc>y;GArYVBGHsn=bVX`
zaynK_b~#^+%2@5IZ~l_;7oTvSAy4Ii<*9fqS;<-c+SazIb(a)dmoWiejAkt>1h?=O
ziiRvx(Ke2COk8pQ&@`rL1~YUOSD8qf#VpNX&JgD{%MdM)9Bs-qn#a5;OSAxq1ti9z
zhv=FibzP@LEY?<^eMga<4;V{}r{ZNCJ}X!&ypS>&Q#j(#5x2*7`XdP>s2%Op0iS81
zqh{^=Xm<YbkONyil~%V2t<r1xxfyRIYWX);j!5m`m`ZX11@PK$X56{gE4%t8+&wCy
zNRybPi@3;bxY)VjONK^Mn2HAIO=r1Z9xaqmGDV$?%a~H<Kc#r#qviLW21;!4F`~rP
z>dsdh&i2po_Cw5BNpXf`^ceHTU(r)E%X#LU-4pVtrMR-{aSNDdq695+g~cZE%&=7#
z3SDQ(?HM<49XG19#Oy3pP5C}8V+qUabQ3p?k*`0dTezjjcpKNiYoCmFI0c{VBA4>n
zzr@=H=w0_W-NtQN!3uMt(;eK=sf;oL%8mT+!LO#}d*?)-Jm_z?f_!lL_GF*@Oj84s
zM3P0@`Dj4u=@e4+p-C#zlH5+RiLew~O3o=IXC9)ulfC;qQAp7#u9oJ2bW{I=t^MH%
zvCz{m37y$v5AG<flEj38#-Pz@29`l)4_Fr2I<Slamf<>?CSX~%6tHXqSl!75mZdis
zSdIg7O~6jGwGS-Jz;gcsmQ%oT_U@4mZytHacun@E2Qlah3wZ@2&sp<LFb3IDf*Py~
zs^O$ycn9fBT{S}(a#e#N8fIW4oMNO2Sct8LVhT93Zx}omMwLufjOi-oEKHnTr%{Z$
ziaCdKN-^g#3|<Yza5%Rx(kuh}@8<zIy!rTbp4w>@F@sB(aXvpO`#bq=Xj}}ha+&ce
RKjx}y?xnE(`$>5`@h=MxLyQ0b

diff --git a/src/wasm/Hacl_Salsa20.wasm b/src/wasm/Hacl_Salsa20.wasm
index 0df1cd7668501856c53e7f3dc0ecc229350021dc..c712bb36a95d3f9441da82d29d4899cfec4ae3b3 100644
GIT binary patch
delta 1169
zcmeH_Jx{`55XYZZ&=@soLLo+t-Ysfkl*AAQCY}UZprxg}l@}RYfw;IEzJOCFH%2EV
z;S2a}j0qpYJHT33XSVy_%kS=<duGn7Gka5&ulc*G@9(|@lZjB(r}q5e@P2zoeh4f=
zG59>a$QWQqkrM)nQW;@!D^G^7VtFYp$!V~AJOtxfM3RDOQm-0lf(mJ3jVXn*ummQS
z;RY*2sYEDcQp#uvDuw2n$PugrQ(cd1Xn_@IiSsKPY$>wT-{Po6I7|KxWs{20P&Q4N
z4W7?V5@2H$s&D{lZSP2G=zznVj0^6H<1oh|juYXyq?qF}hnlUDcsbj}niS|!fhV={
z&ui4M4kmeG;l>SUP%$>4i7jYh8|usO5ZVm%q%uU0c1z`bLivAC9jK9q`tv(iL-P^4
z&{-+yGQ?+y&yd?5L3$C0Nh+L$aI6@|Wj!wI(K4xA9}0L!XBklWAhQ1*sr6a<p}9T_
ZM{q!0lfeRyHy>#8f&Tr0<_j#uzX8*D@;d+k

delta 1173
zcmeH_IZne+5Qd*kh=f>VK?o6|m}yuFRs{+~ktY$`NxWrWoJ68^($S;b!8JV<M9Kv?
z0GG%SI04Kg!I+jh(ktelH~%+pnHOj5j9*pdbMmI9HrAfQ(MYK3Q*-jM^^nYf3g_}&
z45h*=z&r`mK@YRLM_B_5DQ<-TT`B|AS8^1HQX(hCF(nO74+AhxMXV^C?xn9y$YTLa
zEW#O<$X1Hkilmgm%vp#+MueU8K~idHffZ^yhglnJDQ>8dMfGSA#)@HVQVHsA(@}nl
zsC#PLMh6_&gmZ0upLi~~GoA<DoaZvnC7v7Od8C-<EqL=H=2;$=rN9aqDpD)_T)&J}
zFe#IW-mV5UGGiU;*nkE$p*q_RpvecUNF~5ZIE8esMX1&vR2#~aq5k}^P82?32ikK5
z9fq_R(qhP!PY^!_F-b*dAsj2lvCU_j&zHF~u?zRuqmStmpdWjI9;wC0bfa+bx4eV>
X@G^6;93VlHvK*j)576WbPgcJH4@C5$

diff --git a/src/wasm/INFO.txt b/src/wasm/INFO.txt
index 7ed8e74a..60cb7b00 100644
--- a/src/wasm/INFO.txt
+++ b/src/wasm/INFO.txt
@@ -1,4 +1,4 @@
 This code was generated with the following toolchain.
-F* version: 155853a14336aa0713dba7db5408f4c8ab512a06
-KaRaMeL version: db63c1de17565be0ec4989f58532717a04e3ff40
+F* version: bc622701c668f6b4092760879372968265d4a4e1
+Karamel version: 7cffd27cfefbd220e986e561e8d350f043609f76
 Vale version: 0.3.19

From 484a64f9dcdb18c0316d30d0b544d2787b8202d7 Mon Sep 17 00:00:00 2001
From: Paul-Nicolas Madelaine <pnm@pnm.tf>
Date: Tue, 28 Nov 2023 21:07:31 +0100
Subject: [PATCH 7/7] update to HACL* ae5d839c2e1fa95055b618cda60aeb1c486c720c
 (#377)

---------

Co-authored-by: Franziskus Kiefer <franziskuskiefer@gmail.com>
---
 .github/workflows/js.yml                      |    4 +-
 benchmarks/blake.cc                           |  137 +-
 benchmarks/chacha20poly1305.cc                |   39 +-
 benchmarks/hmac.cc                            |    2 +-
 benchmarks/sha1.cc                            |   12 +-
 benchmarks/sha2.cc                            |   80 +-
 benchmarks/sha3.cc                            |   35 +-
 config/config.json                            |   28 +-
 config/default_config.cmake                   |   96 +-
 docs/reference/evercrypt/hash/index.md        |   12 +-
 docs/reference/hacl/aead/chacha20poly1305.md  |   18 +-
 docs/reference/hacl/hash/blake2/blake2b.md    |   36 +-
 docs/reference/hacl/hash/blake2/blake2s.md    |   36 +-
 docs/reference/hacl/hash/index.md             |   10 +-
 docs/reference/hacl/hash/sha1.md              |   14 +-
 docs/reference/hacl/hash/sha2.md              |   64 +-
 docs/reference/hacl/hash/sha3.md              |   24 +-
 include/EverCrypt_Chacha20Poly1305.h          |    6 +-
 include/EverCrypt_HMAC.h                      |    5 +-
 include/EverCrypt_Hash.h                      |   64 +-
 include/EverCrypt_Poly1305.h                  |    8 +-
 include/Hacl_AEAD_Chacha20Poly1305.h          |  104 ++
 include/Hacl_AEAD_Chacha20Poly1305_Simd128.h  |  104 ++
 include/Hacl_AEAD_Chacha20Poly1305_Simd256.h  |  104 ++
 include/Hacl_Chacha20Poly1305_128.h           |  107 --
 include/Hacl_Chacha20Poly1305_256.h           |  107 --
 include/Hacl_Chacha20Poly1305_32.h            |  107 --
 include/Hacl_HMAC.h                           |    5 +-
 include/Hacl_HMAC_Blake2b_256.h               |    2 +-
 include/Hacl_HMAC_Blake2s_128.h               |    2 +-
 include/Hacl_HPKE_Curve51_CP128_SHA256.h      |    2 +-
 include/Hacl_HPKE_Curve51_CP128_SHA512.h      |    2 +-
 include/Hacl_HPKE_Curve51_CP256_SHA256.h      |    2 +-
 include/Hacl_HPKE_Curve51_CP256_SHA512.h      |    2 +-
 include/Hacl_HPKE_Curve51_CP32_SHA256.h       |    2 +-
 include/Hacl_HPKE_Curve51_CP32_SHA512.h       |    2 +-
 include/Hacl_HPKE_Curve64_CP128_SHA256.h      |    2 +-
 include/Hacl_HPKE_Curve64_CP128_SHA512.h      |    2 +-
 include/Hacl_HPKE_Curve64_CP256_SHA256.h      |    2 +-
 include/Hacl_HPKE_Curve64_CP256_SHA512.h      |    2 +-
 include/Hacl_HPKE_Curve64_CP32_SHA256.h       |    2 +-
 include/Hacl_HPKE_Curve64_CP32_SHA512.h       |    2 +-
 include/Hacl_HPKE_P256_CP128_SHA256.h         |    2 +-
 include/Hacl_HPKE_P256_CP256_SHA256.h         |    2 +-
 include/Hacl_HPKE_P256_CP32_SHA256.h          |    2 +-
 include/Hacl_Hash_Blake2.h                    |  155 --
 ...ming_Blake2b_256.h => Hacl_Hash_Blake2b.h} |   64 +-
 include/Hacl_Hash_Blake2b_Simd256.h           |  113 ++
 ...ming_Blake2s_128.h => Hacl_Hash_Blake2s.h} |   64 +-
 include/Hacl_Hash_Blake2s_Simd128.h           |  112 ++
 include/Hacl_Hash_MD5.h                       |   16 +-
 include/Hacl_Hash_SHA1.h                      |   16 +-
 include/Hacl_Hash_SHA2.h                      |  104 +-
 include/Hacl_Hash_SHA3.h                      |   50 +-
 include/Hacl_IntTypes_Intrinsics.h            |    9 +-
 include/Hacl_IntTypes_Intrinsics_128.h        |    7 +-
 ...ming_Poly1305_32.h => Hacl_MAC_Poly1305.h} |   33 +-
 ...1305_128.h => Hacl_MAC_Poly1305_Simd128.h} |   41 +-
 ...1305_256.h => Hacl_MAC_Poly1305_Simd256.h} |   41 +-
 include/Hacl_NaCl.h                           |    2 +-
 include/Hacl_Poly1305_256.h                   |   67 -
 include/Hacl_Poly1305_32.h                    |   57 -
 include/Hacl_Streaming_Blake2.h               |  147 --
 include/internal/EverCrypt_HMAC.h             |    4 +-
 include/internal/EverCrypt_Hash.h             |    6 +-
 include/internal/Hacl_Bignum.h                |   36 +-
 include/internal/Hacl_Bignum25519_51.h        |  345 ++--
 include/internal/Hacl_Bignum_Base.h           |  292 ++--
 include/internal/Hacl_Bignum_K256.h           |  322 ++--
 include/internal/Hacl_Ed25519_PrecompTable.h  | 1086 ++++++------
 include/internal/Hacl_Frodo_KEM.h             |  357 ++--
 .../Hacl_HMAC.h}                              |   14 +-
 include/internal/Hacl_Hash_Blake2b.h          |   70 +
 .../Hacl_Hash_Blake2b_Simd256.h}              |   52 +-
 include/internal/Hacl_Hash_Blake2s.h          |   70 +
 .../Hacl_Hash_Blake2s_Simd128.h}              |   51 +-
 include/internal/Hacl_Hash_MD5.h              |   17 +-
 include/internal/Hacl_Hash_SHA1.h             |   17 +-
 include/internal/Hacl_Hash_SHA2.h             |  138 +-
 include/internal/Hacl_Hash_SHA3.h             |    4 +-
 include/internal/Hacl_Impl_Blake2_Constants.h |   50 +-
 include/internal/Hacl_Impl_FFDHE_Constants.h  |  723 +++-----
 include/internal/Hacl_K256_PrecompTable.h     |  816 ++++-----
 ...acl_Poly1305_128.h => Hacl_MAC_Poly1305.h} |   18 +-
 .../Hacl_MAC_Poly1305_Simd128.h}              |   23 +-
 .../Hacl_MAC_Poly1305_Simd256.h}              |   23 +-
 include/internal/Hacl_P256_PrecompTable.h     |  776 ++++-----
 include/internal/Hacl_SHA2_Types.h            |   56 +-
 include/msvc/EverCrypt_Chacha20Poly1305.h     |    6 +-
 include/msvc/EverCrypt_HMAC.h                 |    5 +-
 include/msvc/EverCrypt_Hash.h                 |   64 +-
 include/msvc/EverCrypt_Poly1305.h             |    8 +-
 include/msvc/Hacl_AEAD_Chacha20Poly1305.h     |  104 ++
 .../msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.h |  104 ++
 .../msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.h |  104 ++
 include/msvc/Hacl_Chacha20Poly1305_128.h      |  107 --
 include/msvc/Hacl_Chacha20Poly1305_256.h      |  107 --
 include/msvc/Hacl_Chacha20Poly1305_32.h       |  107 --
 include/msvc/Hacl_HMAC.h                      |    5 +-
 include/msvc/Hacl_HMAC_Blake2b_256.h          |    2 +-
 include/msvc/Hacl_HMAC_Blake2s_128.h          |    2 +-
 include/msvc/Hacl_HPKE_Curve51_CP128_SHA256.h |    2 +-
 include/msvc/Hacl_HPKE_Curve51_CP128_SHA512.h |    2 +-
 include/msvc/Hacl_HPKE_Curve51_CP256_SHA256.h |    2 +-
 include/msvc/Hacl_HPKE_Curve51_CP256_SHA512.h |    2 +-
 include/msvc/Hacl_HPKE_Curve51_CP32_SHA256.h  |    2 +-
 include/msvc/Hacl_HPKE_Curve51_CP32_SHA512.h  |    2 +-
 include/msvc/Hacl_HPKE_Curve64_CP128_SHA256.h |    2 +-
 include/msvc/Hacl_HPKE_Curve64_CP128_SHA512.h |    2 +-
 include/msvc/Hacl_HPKE_Curve64_CP256_SHA256.h |    2 +-
 include/msvc/Hacl_HPKE_Curve64_CP256_SHA512.h |    2 +-
 include/msvc/Hacl_HPKE_Curve64_CP32_SHA256.h  |    2 +-
 include/msvc/Hacl_HPKE_Curve64_CP32_SHA512.h  |    2 +-
 include/msvc/Hacl_HPKE_P256_CP128_SHA256.h    |    2 +-
 include/msvc/Hacl_HPKE_P256_CP256_SHA256.h    |    2 +-
 include/msvc/Hacl_HPKE_P256_CP32_SHA256.h     |    2 +-
 include/msvc/Hacl_Hash_Blake2.h               |  155 --
 ...ming_Blake2b_256.h => Hacl_Hash_Blake2b.h} |   64 +-
 include/msvc/Hacl_Hash_Blake2b_Simd256.h      |  113 ++
 ...ming_Blake2s_128.h => Hacl_Hash_Blake2s.h} |   64 +-
 include/msvc/Hacl_Hash_Blake2s_Simd128.h      |  112 ++
 include/msvc/Hacl_Hash_MD5.h                  |   16 +-
 include/msvc/Hacl_Hash_SHA1.h                 |   16 +-
 include/msvc/Hacl_Hash_SHA2.h                 |  104 +-
 include/msvc/Hacl_Hash_SHA3.h                 |   50 +-
 include/msvc/Hacl_IntTypes_Intrinsics.h       |    9 +-
 include/msvc/Hacl_IntTypes_Intrinsics_128.h   |    7 +-
 .../Hacl_MAC_Poly1305.h}                      |   33 +-
 ...1305_128.h => Hacl_MAC_Poly1305_Simd128.h} |   41 +-
 .../Hacl_MAC_Poly1305_Simd256.h}              |   41 +-
 include/msvc/Hacl_NaCl.h                      |    2 +-
 include/msvc/Hacl_Poly1305_128.h              |   67 -
 include/msvc/Hacl_Poly1305_32.h               |   57 -
 include/msvc/Hacl_Streaming_Blake2.h          |  147 --
 include/msvc/internal/EverCrypt_HMAC.h        |    4 +-
 include/msvc/internal/EverCrypt_Hash.h        |    6 +-
 include/msvc/internal/Hacl_Bignum.h           |   36 +-
 include/msvc/internal/Hacl_Bignum25519_51.h   |  345 ++--
 include/msvc/internal/Hacl_Bignum_Base.h      |  292 ++--
 include/msvc/internal/Hacl_Bignum_K256.h      |  322 ++--
 .../msvc/internal/Hacl_Ed25519_PrecompTable.h | 1086 ++++++------
 include/msvc/internal/Hacl_Frodo_KEM.h        |  357 ++--
 .../internal/Hacl_HMAC.h}                     |   14 +-
 include/msvc/internal/Hacl_Hash_Blake2b.h     |   70 +
 .../Hacl_Hash_Blake2b_Simd256.h}              |   52 +-
 include/msvc/internal/Hacl_Hash_Blake2s.h     |   70 +
 .../internal/Hacl_Hash_Blake2s_Simd128.h}     |   51 +-
 include/msvc/internal/Hacl_Hash_MD5.h         |   17 +-
 include/msvc/internal/Hacl_Hash_SHA1.h        |   17 +-
 include/msvc/internal/Hacl_Hash_SHA2.h        |  138 +-
 include/msvc/internal/Hacl_Hash_SHA3.h        |    4 +-
 .../internal/Hacl_Impl_Blake2_Constants.h     |   50 +-
 .../msvc/internal/Hacl_Impl_FFDHE_Constants.h |  723 +++-----
 .../msvc/internal/Hacl_K256_PrecompTable.h    |  816 ++++-----
 .../internal/Hacl_MAC_Poly1305.h}             |   18 +-
 .../internal/Hacl_MAC_Poly1305_Simd128.h}     |   27 +-
 .../Hacl_MAC_Poly1305_Simd256.h}              |   27 +-
 .../msvc/internal/Hacl_P256_PrecompTable.h    |  776 ++++-----
 include/msvc/internal/Hacl_SHA2_Types.h       |   56 +-
 info.txt                                      |    6 +-
 js/api.js                                     |    6 +-
 js/api.json                                   |  434 +++--
 js/test.html                                  |    2 +-
 js/test3.js                                   |   11 +-
 karamel/include/krml/internal/builtin.h       |    2 +
 karamel/include/krml/internal/target.h        |    4 +
 .../dist/minimal/FStar_UInt128_Verified.h     |   18 +-
 .../dist/minimal/FStar_UInt_8_16_32_64.h      |   68 +-
 karamel/krmllib/dist/minimal/Makefile.basic   |   56 +
 karamel/krmllib/dist/minimal/Makefile.include |    5 +
 karamel/krmllib/dist/minimal/libkrmllib.def   |   11 +
 ocaml/Makefile                                |    9 +-
 ocaml/ctypes.depend                           |  150 +-
 ocaml/hacl-star-raw.opam                      |    4 +-
 ocaml/hacl-star/EverCrypt.ml                  |   13 +-
 ocaml/hacl-star/Hacl.ml                       |   93 +-
 ocaml/hacl-star/Hacl.mli                      |   14 +-
 ocaml/hacl-star/SharedDefs.ml                 |    3 +-
 ocaml/hacl-star/SharedFunctors.ml             |   22 +-
 ocaml/hacl-star/tests/hash_test.ml            |    8 +-
 ocaml/hacl-star/tests/poly1305_test.ml        |    6 +-
 ocaml/lib/EverCrypt_HMAC_bindings.ml          |    2 +-
 ocaml/lib/EverCrypt_Hash_bindings.ml          |   50 +-
 ocaml/lib/EverCrypt_Poly1305_bindings.ml      |    4 +-
 ...AEAD_Chacha20Poly1305_Simd128_bindings.ml} |   16 +-
 ...AEAD_Chacha20Poly1305_Simd256_bindings.ml} |   16 +-
 ...=> Hacl_AEAD_Chacha20Poly1305_bindings.ml} |   16 +-
 ocaml/lib/Hacl_Bignum_bindings.ml             |   24 +-
 ocaml/lib/Hacl_HMAC_bindings.ml               |    4 +-
 ocaml/lib/Hacl_Hash_Blake2_bindings.ml        |   61 -
 ocaml/lib/Hacl_Hash_Blake2b_256_bindings.ml   |   12 -
 .../lib/Hacl_Hash_Blake2b_Simd256_bindings.ml |   12 +
 ocaml/lib/Hacl_Hash_Blake2b_bindings.ml       |   61 +
 ocaml/lib/Hacl_Hash_Blake2s_128_bindings.ml   |   12 -
 .../lib/Hacl_Hash_Blake2s_Simd128_bindings.ml |   12 +
 ocaml/lib/Hacl_Hash_Blake2s_bindings.ml       |   75 +
 ocaml/lib/Hacl_Hash_MD5_bindings.ml           |   59 +-
 ocaml/lib/Hacl_Hash_SHA1_bindings.ml          |   59 +-
 ocaml/lib/Hacl_Hash_SHA2_bindings.ml          |  188 +--
 ocaml/lib/Hacl_Hash_SHA3_bindings.ml          |  163 +-
 .../lib/Hacl_MAC_Poly1305_Simd128_bindings.ml |    9 +
 .../lib/Hacl_MAC_Poly1305_Simd256_bindings.ml |    9 +
 ocaml/lib/Hacl_MAC_Poly1305_bindings.ml       |   51 +
 ocaml/lib/Hacl_Poly1305_128_bindings.ml       |    9 -
 ocaml/lib/Hacl_Poly1305_256_bindings.ml       |    9 -
 ocaml/lib/Hacl_Poly1305_32_bindings.ml        |   22 -
 ocaml/lib/Hacl_SHA2_Types_bindings.ml         |  175 +-
 ocaml/lib/Hacl_Streaming_Blake2_bindings.ml   |   90 -
 .../Hacl_Streaming_Poly1305_32_bindings.ml    |   46 -
 .../Hacl_AEAD_Chacha20Poly1305_Simd128_gen.ml |   10 +
 .../Hacl_AEAD_Chacha20Poly1305_Simd256_gen.ml |   10 +
 .../lib_gen/Hacl_AEAD_Chacha20Poly1305_gen.ml |   10 +
 .../lib_gen/Hacl_Chacha20Poly1305_128_gen.ml  |   10 -
 .../lib_gen/Hacl_Chacha20Poly1305_256_gen.ml  |   10 -
 ocaml/lib_gen/Hacl_Chacha20Poly1305_32_gen.ml |   10 -
 ocaml/lib_gen/Hacl_HMAC_gen.ml                |    3 +-
 ocaml/lib_gen/Hacl_Hash_Blake2_gen.ml         |   11 -
 ocaml/lib_gen/Hacl_Hash_Blake2b_256_gen.ml    |   10 -
 .../lib_gen/Hacl_Hash_Blake2b_Simd256_gen.ml  |   11 +
 ocaml/lib_gen/Hacl_Hash_Blake2b_gen.ml        |   11 +
 ocaml/lib_gen/Hacl_Hash_Blake2s_128_gen.ml    |   10 -
 .../lib_gen/Hacl_Hash_Blake2s_Simd128_gen.ml  |   11 +
 ocaml/lib_gen/Hacl_Hash_Blake2s_gen.ml        |   11 +
 .../lib_gen/Hacl_MAC_Poly1305_Simd128_gen.ml  |   11 +
 .../lib_gen/Hacl_MAC_Poly1305_Simd256_gen.ml  |   11 +
 ocaml/lib_gen/Hacl_MAC_Poly1305_gen.ml        |   11 +
 ocaml/lib_gen/Hacl_Poly1305_128_gen.ml        |   11 -
 ocaml/lib_gen/Hacl_Poly1305_256_gen.ml        |   11 -
 ocaml/lib_gen/Hacl_Poly1305_32_gen.ml         |   10 -
 ocaml/lib_gen/Hacl_Streaming_Blake2_gen.ml    |   10 -
 .../lib_gen/Hacl_Streaming_Poly1305_32_gen.ml |   10 -
 rust/hacl-sys/build.rs                        |   20 +-
 rust/hacl-sys/src/bindings/bindings.rs        |  638 +++----
 rust/hacl-sys/wrapper.h                       |    3 +-
 rust/src/digest.rs                            |   20 +-
 rust/src/hazmat/blake2.rs                     |   38 +-
 rust/src/hazmat/chacha20_poly1305.rs          |   84 +-
 rust/src/hazmat/hmac.rs                       |    4 +-
 rust/src/hazmat/sha2.rs                       |   94 +-
 rust/src/hazmat/sha3.rs                       |   32 +-
 src/EverCrypt_AEAD.c                          | 1460 ++++++++---------
 src/EverCrypt_AutoConfig2.c                   |   32 +-
 src/EverCrypt_Chacha20Poly1305.c              |   28 +-
 src/EverCrypt_DRBG.c                          |  922 ++++++-----
 src/EverCrypt_HKDF.c                          |  156 +-
 src/EverCrypt_HMAC.c                          |  471 +++---
 src/EverCrypt_Hash.c                          |  787 ++++-----
 src/EverCrypt_Poly1305.c                      |   46 +-
 ...1305_32.c => Hacl_AEAD_Chacha20Poly1305.c} |  301 ++--
 ...c => Hacl_AEAD_Chacha20Poly1305_Simd128.c} |  460 +++---
 ...c => Hacl_AEAD_Chacha20Poly1305_Simd256.c} |  457 +++---
 src/Hacl_Bignum.c                             | 1428 ++++++++--------
 src/Hacl_Bignum256.c                          |  996 +++++------
 src/Hacl_Bignum256_32.c                       | 1103 ++++++-------
 src/Hacl_Bignum32.c                           |  299 ++--
 src/Hacl_Bignum4096.c                         |  894 +++++-----
 src/Hacl_Bignum4096_32.c                      |  843 +++++-----
 src/Hacl_Bignum64.c                           |  299 ++--
 src/Hacl_Chacha20.c                           |   97 +-
 src/Hacl_Chacha20_Vec128.c                    |  189 ++-
 src/Hacl_Chacha20_Vec256.c                    |  192 ++-
 src/Hacl_Chacha20_Vec32.c                     |  184 +--
 src/Hacl_Curve25519_51.c                      |  197 ++-
 src/Hacl_Curve25519_64.c                      |  213 ++-
 src/Hacl_EC_Ed25519.c                         |   74 +-
 src/Hacl_EC_K256.c                            |   62 +-
 src/Hacl_Ed25519.c                            | 1217 +++++++-------
 src/Hacl_FFDHE.c                              |  152 +-
 src/Hacl_Frodo1344.c                          |  311 ++--
 src/Hacl_Frodo64.c                            |  305 ++--
 src/Hacl_Frodo640.c                           |  315 ++--
 src/Hacl_Frodo976.c                           |  311 ++--
 src/Hacl_Frodo_KEM.c                          |    2 +-
 src/Hacl_GenericField32.c                     |  199 ++-
 src/Hacl_GenericField64.c                     |  199 ++-
 src/Hacl_HKDF.c                               |  130 +-
 src/Hacl_HKDF_Blake2b_256.c                   |   34 +-
 src/Hacl_HKDF_Blake2s_128.c                   |   34 +-
 src/Hacl_HMAC.c                               |  476 +++---
 src/Hacl_HMAC_Blake2b_256.c                   |   86 +-
 src/Hacl_HMAC_Blake2s_128.c                   |   74 +-
 src/Hacl_HMAC_DRBG.c                          |  730 ++++-----
 src/Hacl_HPKE_Curve51_CP128_SHA256.c          |  753 ++++-----
 src/Hacl_HPKE_Curve51_CP128_SHA512.c          |  753 ++++-----
 src/Hacl_HPKE_Curve51_CP256_SHA256.c          |  753 ++++-----
 src/Hacl_HPKE_Curve51_CP256_SHA512.c          |  753 ++++-----
 src/Hacl_HPKE_Curve51_CP32_SHA256.c           |  753 ++++-----
 src/Hacl_HPKE_Curve51_CP32_SHA512.c           |  753 ++++-----
 src/Hacl_HPKE_Curve64_CP128_SHA256.c          |  753 ++++-----
 src/Hacl_HPKE_Curve64_CP128_SHA512.c          |  753 ++++-----
 src/Hacl_HPKE_Curve64_CP256_SHA256.c          |  753 ++++-----
 src/Hacl_HPKE_Curve64_CP256_SHA512.c          |  753 ++++-----
 src/Hacl_HPKE_Curve64_CP32_SHA256.c           |  753 ++++-----
 src/Hacl_HPKE_Curve64_CP32_SHA512.c           |  753 ++++-----
 src/Hacl_HPKE_P256_CP128_SHA256.c             |  761 ++++-----
 src/Hacl_HPKE_P256_CP256_SHA256.c             |  761 ++++-----
 src/Hacl_HPKE_P256_CP32_SHA256.c              |  761 ++++-----
 src/Hacl_Hash_Base.c                          |   76 +-
 src/Hacl_Hash_Blake2.c                        | 1324 ---------------
 src/Hacl_Hash_Blake2b.c                       |  971 +++++++++++
 src/Hacl_Hash_Blake2b_256.c                   |  499 ------
 src/Hacl_Hash_Blake2b_Simd256.c               |  828 ++++++++++
 src/Hacl_Hash_Blake2s.c                       |  931 +++++++++++
 src/Hacl_Hash_Blake2s_128.c                   |  491 ------
 src/Hacl_Hash_Blake2s_Simd128.c               |  794 +++++++++
 src/Hacl_Hash_MD5.c                           |  688 ++++----
 src/Hacl_Hash_SHA1.c                          |  339 ++--
 src/Hacl_Hash_SHA2.c                          |  932 +++++------
 src/Hacl_Hash_SHA3.c                          |  508 +++---
 src/Hacl_K256_ECDSA.c                         | 1335 ++++++++-------
 src/Hacl_MAC_Poly1305.c                       |  712 ++++++++
 ...1305_128.c => Hacl_MAC_Poly1305_Simd128.c} | 1006 ++++++------
 ...1305_256.c => Hacl_MAC_Poly1305_Simd256.c} | 1094 ++++++------
 src/Hacl_NaCl.c                               |   92 +-
 src/Hacl_P256.c                               | 1090 ++++++------
 src/Hacl_Poly1305_32.c                        |  572 -------
 src/Hacl_RSAPSS.c                             |  388 ++---
 src/Hacl_SHA2_Vec128.c                        |  384 ++---
 src/Hacl_SHA2_Vec256.c                        |  848 +++++-----
 src/Hacl_Salsa20.c                            |  302 ++--
 src/Hacl_Streaming_Blake2.c                   |  655 --------
 src/Hacl_Streaming_Blake2b_256.c              |  371 -----
 src/Hacl_Streaming_Blake2s_128.c              |  341 ----
 src/Hacl_Streaming_Poly1305_128.c             |  341 ----
 src/Hacl_Streaming_Poly1305_256.c             |  341 ----
 src/Hacl_Streaming_Poly1305_32.c              |  308 ----
 src/msvc/EverCrypt_AEAD.c                     | 1460 ++++++++---------
 src/msvc/EverCrypt_AutoConfig2.c              |   32 +-
 src/msvc/EverCrypt_Chacha20Poly1305.c         |   28 +-
 src/msvc/EverCrypt_DRBG.c                     |  922 ++++++-----
 src/msvc/EverCrypt_HKDF.c                     |  156 +-
 src/msvc/EverCrypt_HMAC.c                     |  471 +++---
 src/msvc/EverCrypt_Hash.c                     |  787 ++++-----
 src/msvc/EverCrypt_Poly1305.c                 |   46 +-
 ...1305_32.c => Hacl_AEAD_Chacha20Poly1305.c} |  301 ++--
 ...c => Hacl_AEAD_Chacha20Poly1305_Simd128.c} |  460 +++---
 .../Hacl_AEAD_Chacha20Poly1305_Simd256.c}     |  457 +++---
 src/msvc/Hacl_Bignum.c                        | 1428 ++++++++--------
 src/msvc/Hacl_Bignum256.c                     |  996 +++++------
 src/msvc/Hacl_Bignum256_32.c                  | 1103 ++++++-------
 src/msvc/Hacl_Bignum32.c                      |  299 ++--
 src/msvc/Hacl_Bignum4096.c                    |  894 +++++-----
 src/msvc/Hacl_Bignum4096_32.c                 |  843 +++++-----
 src/msvc/Hacl_Bignum64.c                      |  299 ++--
 src/msvc/Hacl_Chacha20.c                      |   97 +-
 src/msvc/Hacl_Chacha20_Vec128.c               |  189 ++-
 src/msvc/Hacl_Chacha20_Vec256.c               |  192 ++-
 src/msvc/Hacl_Chacha20_Vec32.c                |  184 +--
 src/msvc/Hacl_Curve25519_51.c                 |  197 ++-
 src/msvc/Hacl_Curve25519_64.c                 |  213 ++-
 src/msvc/Hacl_EC_Ed25519.c                    |   74 +-
 src/msvc/Hacl_EC_K256.c                       |   62 +-
 src/msvc/Hacl_Ed25519.c                       | 1217 +++++++-------
 src/msvc/Hacl_FFDHE.c                         |  152 +-
 src/msvc/Hacl_Frodo1344.c                     |  311 ++--
 src/msvc/Hacl_Frodo64.c                       |  305 ++--
 src/msvc/Hacl_Frodo640.c                      |  315 ++--
 src/msvc/Hacl_Frodo976.c                      |  311 ++--
 src/msvc/Hacl_Frodo_KEM.c                     |    2 +-
 src/msvc/Hacl_GenericField32.c                |  199 ++-
 src/msvc/Hacl_GenericField64.c                |  199 ++-
 src/msvc/Hacl_HKDF.c                          |  130 +-
 src/msvc/Hacl_HKDF_Blake2b_256.c              |   34 +-
 src/msvc/Hacl_HKDF_Blake2s_128.c              |   34 +-
 src/msvc/Hacl_HMAC.c                          |  476 +++---
 src/msvc/Hacl_HMAC_Blake2b_256.c              |   86 +-
 src/msvc/Hacl_HMAC_Blake2s_128.c              |   74 +-
 src/msvc/Hacl_HMAC_DRBG.c                     |  730 ++++-----
 src/msvc/Hacl_HPKE_Curve51_CP128_SHA256.c     |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve51_CP128_SHA512.c     |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve51_CP256_SHA256.c     |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve51_CP256_SHA512.c     |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve51_CP32_SHA256.c      |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve51_CP32_SHA512.c      |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve64_CP128_SHA256.c     |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve64_CP128_SHA512.c     |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve64_CP256_SHA256.c     |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve64_CP256_SHA512.c     |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve64_CP32_SHA256.c      |  753 ++++-----
 src/msvc/Hacl_HPKE_Curve64_CP32_SHA512.c      |  753 ++++-----
 src/msvc/Hacl_HPKE_P256_CP128_SHA256.c        |  761 ++++-----
 src/msvc/Hacl_HPKE_P256_CP256_SHA256.c        |  761 ++++-----
 src/msvc/Hacl_HPKE_P256_CP32_SHA256.c         |  761 ++++-----
 src/msvc/Hacl_Hash_Base.c                     |   76 +-
 src/msvc/Hacl_Hash_Blake2.c                   | 1324 ---------------
 src/msvc/Hacl_Hash_Blake2b.c                  |  971 +++++++++++
 src/msvc/Hacl_Hash_Blake2b_256.c              |  499 ------
 src/msvc/Hacl_Hash_Blake2b_Simd256.c          |  828 ++++++++++
 src/msvc/Hacl_Hash_Blake2s.c                  |  931 +++++++++++
 src/msvc/Hacl_Hash_Blake2s_128.c              |  491 ------
 src/msvc/Hacl_Hash_Blake2s_Simd128.c          |  794 +++++++++
 src/msvc/Hacl_Hash_MD5.c                      |  688 ++++----
 src/msvc/Hacl_Hash_SHA1.c                     |  339 ++--
 src/msvc/Hacl_Hash_SHA2.c                     |  932 +++++------
 src/msvc/Hacl_Hash_SHA3.c                     |  508 +++---
 src/msvc/Hacl_K256_ECDSA.c                    | 1335 ++++++++-------
 src/msvc/Hacl_MAC_Poly1305.c                  |  712 ++++++++
 .../Hacl_MAC_Poly1305_Simd128.c}              | 1006 ++++++------
 .../Hacl_MAC_Poly1305_Simd256.c}              | 1094 ++++++------
 src/msvc/Hacl_NaCl.c                          |   92 +-
 src/msvc/Hacl_P256.c                          | 1090 ++++++------
 src/msvc/Hacl_Poly1305_32.c                   |  572 -------
 src/msvc/Hacl_RSAPSS.c                        |  390 ++---
 src/msvc/Hacl_SHA2_Vec128.c                   |  384 ++---
 src/msvc/Hacl_SHA2_Vec256.c                   |  848 +++++-----
 src/msvc/Hacl_Salsa20.c                       |  302 ++--
 src/msvc/Hacl_Streaming_Blake2.c              |  655 --------
 src/msvc/Hacl_Streaming_Blake2b_256.c         |  371 -----
 src/msvc/Hacl_Streaming_Blake2s_128.c         |  341 ----
 src/msvc/Hacl_Streaming_Poly1305_128.c        |  341 ----
 src/msvc/Hacl_Streaming_Poly1305_256.c        |  341 ----
 src/msvc/Hacl_Streaming_Poly1305_32.c         |  308 ----
 src/wasm/EverCrypt_Hash.wasm                  |  Bin 49373 -> 49305 bytes
 ...2.wasm => Hacl_AEAD_Chacha20Poly1305.wasm} |  Bin 7657 -> 7653 bytes
 .../Hacl_AEAD_Chacha20Poly1305_Simd128.wasm   |  Bin 0 -> 1910 bytes
 .../Hacl_AEAD_Chacha20Poly1305_Simd256.wasm   |  Bin 0 -> 1910 bytes
 src/wasm/Hacl_Bignum.wasm                     |  Bin 78554 -> 74661 bytes
 src/wasm/Hacl_Bignum256.wasm                  |  Bin 100226 -> 70325 bytes
 src/wasm/Hacl_Bignum256_32.wasm               |  Bin 41067 -> 32207 bytes
 src/wasm/Hacl_Bignum32.wasm                   |  Bin 15248 -> 13286 bytes
 src/wasm/Hacl_Bignum4096.wasm                 |  Bin 63810 -> 52302 bytes
 src/wasm/Hacl_Bignum4096_32.wasm              |  Bin 32319 -> 28696 bytes
 src/wasm/Hacl_Bignum64.wasm                   |  Bin 24432 -> 14527 bytes
 ..._Chacha20_Vec128_Hacl_Chacha20_Vec256.wasm |  Bin 0 -> 1845 bytes
 src/wasm/Hacl_Ed25519.wasm                    |  Bin 77696 -> 77669 bytes
 src/wasm/Hacl_HMAC.wasm                       |  Bin 29855 -> 29754 bytes
 src/wasm/Hacl_HMAC_Blake2b_256.wasm           |  Bin 1491 -> 1510 bytes
 src/wasm/Hacl_HMAC_Blake2s_128.wasm           |  Bin 1489 -> 1508 bytes
 src/wasm/Hacl_HMAC_DRBG.wasm                  |  Bin 25403 -> 25396 bytes
 src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm   |  Bin 21306 -> 21320 bytes
 src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm   |  Bin 21434 -> 21448 bytes
 src/wasm/Hacl_Hash_Blake2.wasm                |  Bin 20644 -> 0 bytes
 src/wasm/Hacl_Hash_Blake2b.wasm               |  Bin 0 -> 15858 bytes
 src/wasm/Hacl_Hash_Blake2b_256.wasm           |  Bin 4552 -> 0 bytes
 src/wasm/Hacl_Hash_Blake2b_Simd256.wasm       |  Bin 0 -> 6794 bytes
 src/wasm/Hacl_Hash_Blake2s.wasm               |  Bin 0 -> 14005 bytes
 src/wasm/Hacl_Hash_Blake2s_128.wasm           |  Bin 3629 -> 0 bytes
 src/wasm/Hacl_Hash_Blake2s_Simd128.wasm       |  Bin 0 -> 5638 bytes
 src/wasm/Hacl_Hash_MD5.wasm                   |  Bin 15558 -> 15447 bytes
 src/wasm/Hacl_Hash_SHA1.wasm                  |  Bin 13148 -> 13044 bytes
 src/wasm/Hacl_Hash_SHA2.wasm                  |  Bin 23682 -> 23468 bytes
 src/wasm/Hacl_Hash_SHA3.wasm                  |  Bin 17611 -> 17565 bytes
 src/wasm/Hacl_Impl_Blake2_Constants.wasm      |  Bin 1544 -> 1517 bytes
 src/wasm/Hacl_K256_ECDSA.wasm                 |  Bin 98193 -> 98188 bytes
 src/wasm/Hacl_MAC_Poly1305.wasm               |  Bin 0 -> 9539 bytes
 src/wasm/Hacl_NaCl.wasm                       |  Bin 5027 -> 5020 bytes
 src/wasm/Hacl_P256.wasm                       |  Bin 83213 -> 83198 bytes
 ..._Hacl_Poly1305_256_Hacl_Impl_Poly1305.wasm |  Bin 0 -> 1993 bytes
 src/wasm/Hacl_Poly1305_32.wasm                |  Bin 6511 -> 0 bytes
 src/wasm/Hacl_Streaming_Blake2.wasm           |  Bin 12128 -> 0 bytes
 src/wasm/Hacl_Streaming_Blake2b_256.wasm      |  Bin 4495 -> 0 bytes
 src/wasm/Hacl_Streaming_Blake2s_128.wasm      |  Bin 4260 -> 0 bytes
 src/wasm/Hacl_Streaming_Poly1305_32.wasm      |  Bin 5365 -> 0 bytes
 src/wasm/INFO.txt                             |    4 +-
 src/wasm/layouts.json                         |    2 +-
 src/wasm/main.html                            |    2 +-
 src/wasm/shell.js                             |    2 +-
 tests/blake2b.cc                              |   75 +-
 tests/blake2s.cc                              |   76 +-
 tests/chacha20poly1305.cc                     |   74 +-
 tests/hmac.cc                                 |    2 +-
 tests/k256_ecdsa.cc                           |    2 +-
 tests/md5.cc                                  |   11 +-
 tests/poly1305.cc                             |  141 +-
 tests/sha1.cc                                 |   36 +-
 tests/sha2.cc                                 |   89 +-
 tests/sha3.cc                                 |   49 +-
 467 files changed, 51436 insertions(+), 60881 deletions(-)
 create mode 100644 include/Hacl_AEAD_Chacha20Poly1305.h
 create mode 100644 include/Hacl_AEAD_Chacha20Poly1305_Simd128.h
 create mode 100644 include/Hacl_AEAD_Chacha20Poly1305_Simd256.h
 delete mode 100644 include/Hacl_Chacha20Poly1305_128.h
 delete mode 100644 include/Hacl_Chacha20Poly1305_256.h
 delete mode 100644 include/Hacl_Chacha20Poly1305_32.h
 delete mode 100644 include/Hacl_Hash_Blake2.h
 rename include/{Hacl_Streaming_Blake2b_256.h => Hacl_Hash_Blake2b.h} (56%)
 create mode 100644 include/Hacl_Hash_Blake2b_Simd256.h
 rename include/{Hacl_Streaming_Blake2s_128.h => Hacl_Hash_Blake2s.h} (56%)
 create mode 100644 include/Hacl_Hash_Blake2s_Simd128.h
 rename include/{msvc/Hacl_Streaming_Poly1305_32.h => Hacl_MAC_Poly1305.h} (67%)
 rename include/{Hacl_Streaming_Poly1305_128.h => Hacl_MAC_Poly1305_Simd128.h} (67%)
 rename include/{msvc/Hacl_Streaming_Poly1305_256.h => Hacl_MAC_Poly1305_Simd256.h} (67%)
 delete mode 100644 include/Hacl_Poly1305_256.h
 delete mode 100644 include/Hacl_Poly1305_32.h
 delete mode 100644 include/Hacl_Streaming_Blake2.h
 rename include/{msvc/internal/Hacl_Hash_Blake2.h => internal/Hacl_HMAC.h} (82%)
 create mode 100644 include/internal/Hacl_Hash_Blake2b.h
 rename include/{Hacl_Hash_Blake2b_256.h => internal/Hacl_Hash_Blake2b_Simd256.h} (61%)
 create mode 100644 include/internal/Hacl_Hash_Blake2s.h
 rename include/{msvc/Hacl_Hash_Blake2s_128.h => internal/Hacl_Hash_Blake2s_Simd128.h} (61%)
 rename include/internal/{Hacl_Poly1305_128.h => Hacl_MAC_Poly1305.h} (77%)
 rename include/{msvc/internal/Hacl_Poly1305_128.h => internal/Hacl_MAC_Poly1305_Simd128.h} (73%)
 rename include/{msvc/internal/Hacl_Poly1305_256.h => internal/Hacl_MAC_Poly1305_Simd256.h} (73%)
 create mode 100644 include/msvc/Hacl_AEAD_Chacha20Poly1305.h
 create mode 100644 include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.h
 create mode 100644 include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.h
 delete mode 100644 include/msvc/Hacl_Chacha20Poly1305_128.h
 delete mode 100644 include/msvc/Hacl_Chacha20Poly1305_256.h
 delete mode 100644 include/msvc/Hacl_Chacha20Poly1305_32.h
 delete mode 100644 include/msvc/Hacl_Hash_Blake2.h
 rename include/msvc/{Hacl_Streaming_Blake2b_256.h => Hacl_Hash_Blake2b.h} (56%)
 create mode 100644 include/msvc/Hacl_Hash_Blake2b_Simd256.h
 rename include/msvc/{Hacl_Streaming_Blake2s_128.h => Hacl_Hash_Blake2s.h} (56%)
 create mode 100644 include/msvc/Hacl_Hash_Blake2s_Simd128.h
 rename include/{Hacl_Streaming_Poly1305_32.h => msvc/Hacl_MAC_Poly1305.h} (67%)
 rename include/msvc/{Hacl_Streaming_Poly1305_128.h => Hacl_MAC_Poly1305_Simd128.h} (67%)
 rename include/{Hacl_Streaming_Poly1305_256.h => msvc/Hacl_MAC_Poly1305_Simd256.h} (67%)
 delete mode 100644 include/msvc/Hacl_Poly1305_128.h
 delete mode 100644 include/msvc/Hacl_Poly1305_32.h
 delete mode 100644 include/msvc/Hacl_Streaming_Blake2.h
 rename include/{internal/Hacl_Hash_Blake2.h => msvc/internal/Hacl_HMAC.h} (82%)
 create mode 100644 include/msvc/internal/Hacl_Hash_Blake2b.h
 rename include/msvc/{Hacl_Hash_Blake2b_256.h => internal/Hacl_Hash_Blake2b_Simd256.h} (61%)
 create mode 100644 include/msvc/internal/Hacl_Hash_Blake2s.h
 rename include/{Hacl_Hash_Blake2s_128.h => msvc/internal/Hacl_Hash_Blake2s_Simd128.h} (61%)
 rename include/{internal/Hacl_Poly1305_256.h => msvc/internal/Hacl_MAC_Poly1305.h} (77%)
 rename include/{Hacl_Poly1305_128.h => msvc/internal/Hacl_MAC_Poly1305_Simd128.h} (72%)
 rename include/msvc/{Hacl_Poly1305_256.h => internal/Hacl_MAC_Poly1305_Simd256.h} (72%)
 create mode 100644 karamel/krmllib/dist/minimal/Makefile.basic
 create mode 100644 karamel/krmllib/dist/minimal/Makefile.include
 create mode 100644 karamel/krmllib/dist/minimal/libkrmllib.def
 rename ocaml/lib/{Hacl_Chacha20Poly1305_128_bindings.ml => Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.ml} (58%)
 rename ocaml/lib/{Hacl_Chacha20Poly1305_256_bindings.ml => Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.ml} (58%)
 rename ocaml/lib/{Hacl_Chacha20Poly1305_32_bindings.ml => Hacl_AEAD_Chacha20Poly1305_bindings.ml} (60%)
 delete mode 100644 ocaml/lib/Hacl_Hash_Blake2_bindings.ml
 delete mode 100644 ocaml/lib/Hacl_Hash_Blake2b_256_bindings.ml
 create mode 100644 ocaml/lib/Hacl_Hash_Blake2b_Simd256_bindings.ml
 create mode 100644 ocaml/lib/Hacl_Hash_Blake2b_bindings.ml
 delete mode 100644 ocaml/lib/Hacl_Hash_Blake2s_128_bindings.ml
 create mode 100644 ocaml/lib/Hacl_Hash_Blake2s_Simd128_bindings.ml
 create mode 100644 ocaml/lib/Hacl_Hash_Blake2s_bindings.ml
 create mode 100644 ocaml/lib/Hacl_MAC_Poly1305_Simd128_bindings.ml
 create mode 100644 ocaml/lib/Hacl_MAC_Poly1305_Simd256_bindings.ml
 create mode 100644 ocaml/lib/Hacl_MAC_Poly1305_bindings.ml
 delete mode 100644 ocaml/lib/Hacl_Poly1305_128_bindings.ml
 delete mode 100644 ocaml/lib/Hacl_Poly1305_256_bindings.ml
 delete mode 100644 ocaml/lib/Hacl_Poly1305_32_bindings.ml
 delete mode 100644 ocaml/lib/Hacl_Streaming_Blake2_bindings.ml
 delete mode 100644 ocaml/lib/Hacl_Streaming_Poly1305_32_bindings.ml
 create mode 100644 ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd128_gen.ml
 create mode 100644 ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd256_gen.ml
 create mode 100644 ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Chacha20Poly1305_128_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Chacha20Poly1305_256_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Chacha20Poly1305_32_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Hash_Blake2_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Hash_Blake2b_256_gen.ml
 create mode 100644 ocaml/lib_gen/Hacl_Hash_Blake2b_Simd256_gen.ml
 create mode 100644 ocaml/lib_gen/Hacl_Hash_Blake2b_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Hash_Blake2s_128_gen.ml
 create mode 100644 ocaml/lib_gen/Hacl_Hash_Blake2s_Simd128_gen.ml
 create mode 100644 ocaml/lib_gen/Hacl_Hash_Blake2s_gen.ml
 create mode 100644 ocaml/lib_gen/Hacl_MAC_Poly1305_Simd128_gen.ml
 create mode 100644 ocaml/lib_gen/Hacl_MAC_Poly1305_Simd256_gen.ml
 create mode 100644 ocaml/lib_gen/Hacl_MAC_Poly1305_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Poly1305_128_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Poly1305_256_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Poly1305_32_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Streaming_Blake2_gen.ml
 delete mode 100644 ocaml/lib_gen/Hacl_Streaming_Poly1305_32_gen.ml
 rename src/{Hacl_Chacha20Poly1305_32.c => Hacl_AEAD_Chacha20Poly1305.c} (65%)
 rename src/{Hacl_Chacha20Poly1305_128.c => Hacl_AEAD_Chacha20Poly1305_Simd128.c} (77%)
 rename src/{msvc/Hacl_Chacha20Poly1305_256.c => Hacl_AEAD_Chacha20Poly1305_Simd256.c} (77%)
 delete mode 100644 src/Hacl_Hash_Blake2.c
 create mode 100644 src/Hacl_Hash_Blake2b.c
 delete mode 100644 src/Hacl_Hash_Blake2b_256.c
 create mode 100644 src/Hacl_Hash_Blake2b_Simd256.c
 create mode 100644 src/Hacl_Hash_Blake2s.c
 delete mode 100644 src/Hacl_Hash_Blake2s_128.c
 create mode 100644 src/Hacl_Hash_Blake2s_Simd128.c
 create mode 100644 src/Hacl_MAC_Poly1305.c
 rename src/{msvc/Hacl_Poly1305_128.c => Hacl_MAC_Poly1305_Simd128.c} (66%)
 rename src/{msvc/Hacl_Poly1305_256.c => Hacl_MAC_Poly1305_Simd256.c} (71%)
 delete mode 100644 src/Hacl_Poly1305_32.c
 delete mode 100644 src/Hacl_Streaming_Blake2.c
 delete mode 100644 src/Hacl_Streaming_Blake2b_256.c
 delete mode 100644 src/Hacl_Streaming_Blake2s_128.c
 delete mode 100644 src/Hacl_Streaming_Poly1305_128.c
 delete mode 100644 src/Hacl_Streaming_Poly1305_256.c
 delete mode 100644 src/Hacl_Streaming_Poly1305_32.c
 rename src/msvc/{Hacl_Chacha20Poly1305_32.c => Hacl_AEAD_Chacha20Poly1305.c} (65%)
 rename src/msvc/{Hacl_Chacha20Poly1305_128.c => Hacl_AEAD_Chacha20Poly1305_Simd128.c} (77%)
 rename src/{Hacl_Chacha20Poly1305_256.c => msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.c} (77%)
 delete mode 100644 src/msvc/Hacl_Hash_Blake2.c
 create mode 100644 src/msvc/Hacl_Hash_Blake2b.c
 delete mode 100644 src/msvc/Hacl_Hash_Blake2b_256.c
 create mode 100644 src/msvc/Hacl_Hash_Blake2b_Simd256.c
 create mode 100644 src/msvc/Hacl_Hash_Blake2s.c
 delete mode 100644 src/msvc/Hacl_Hash_Blake2s_128.c
 create mode 100644 src/msvc/Hacl_Hash_Blake2s_Simd128.c
 create mode 100644 src/msvc/Hacl_MAC_Poly1305.c
 rename src/{Hacl_Poly1305_128.c => msvc/Hacl_MAC_Poly1305_Simd128.c} (66%)
 rename src/{Hacl_Poly1305_256.c => msvc/Hacl_MAC_Poly1305_Simd256.c} (71%)
 delete mode 100644 src/msvc/Hacl_Poly1305_32.c
 delete mode 100644 src/msvc/Hacl_Streaming_Blake2.c
 delete mode 100644 src/msvc/Hacl_Streaming_Blake2b_256.c
 delete mode 100644 src/msvc/Hacl_Streaming_Blake2s_128.c
 delete mode 100644 src/msvc/Hacl_Streaming_Poly1305_128.c
 delete mode 100644 src/msvc/Hacl_Streaming_Poly1305_256.c
 delete mode 100644 src/msvc/Hacl_Streaming_Poly1305_32.c
 rename src/wasm/{Hacl_Chacha20Poly1305_32.wasm => Hacl_AEAD_Chacha20Poly1305.wasm} (78%)
 create mode 100644 src/wasm/Hacl_AEAD_Chacha20Poly1305_Simd128.wasm
 create mode 100644 src/wasm/Hacl_AEAD_Chacha20Poly1305_Simd256.wasm
 create mode 100644 src/wasm/Hacl_Chacha20_Vec128_Hacl_Chacha20_Vec256.wasm
 delete mode 100644 src/wasm/Hacl_Hash_Blake2.wasm
 create mode 100644 src/wasm/Hacl_Hash_Blake2b.wasm
 delete mode 100644 src/wasm/Hacl_Hash_Blake2b_256.wasm
 create mode 100644 src/wasm/Hacl_Hash_Blake2b_Simd256.wasm
 create mode 100644 src/wasm/Hacl_Hash_Blake2s.wasm
 delete mode 100644 src/wasm/Hacl_Hash_Blake2s_128.wasm
 create mode 100644 src/wasm/Hacl_Hash_Blake2s_Simd128.wasm
 create mode 100644 src/wasm/Hacl_MAC_Poly1305.wasm
 create mode 100644 src/wasm/Hacl_Poly1305_128_Hacl_Poly1305_256_Hacl_Impl_Poly1305.wasm
 delete mode 100644 src/wasm/Hacl_Poly1305_32.wasm
 delete mode 100644 src/wasm/Hacl_Streaming_Blake2.wasm
 delete mode 100644 src/wasm/Hacl_Streaming_Blake2b_256.wasm
 delete mode 100644 src/wasm/Hacl_Streaming_Blake2s_128.wasm
 delete mode 100644 src/wasm/Hacl_Streaming_Poly1305_32.wasm

diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml
index bddfc330..cdd803b9 100644
--- a/.github/workflows/js.yml
+++ b/.github/workflows/js.yml
@@ -18,7 +18,9 @@ jobs:
        - uses: actions/checkout@v3
 
        - name: Setup
-         run: sudo apt-get install ninja-build nodejs
+         run: |
+           sudo apt-get update
+           sudo apt-get install ninja-build nodejs
 
        - name: Build JS bindings
          run: |
diff --git a/benchmarks/blake.cc b/benchmarks/blake.cc
index 91a77a03..19f7ed8a 100644
--- a/benchmarks/blake.cc
+++ b/benchmarks/blake.cc
@@ -7,19 +7,17 @@
  */
 
 #include "EverCrypt_Hash.h"
-#include "Hacl_Hash_Blake2.h"
-#include "Hacl_Streaming_Blake2.h"
+#include "Hacl_Hash_Blake2b.h"
+#include "Hacl_Hash_Blake2s.h"
 
 #include "util.h"
 
 #ifdef HACL_CAN_COMPILE_VEC128
-#include "Hacl_Hash_Blake2s_128.h"
-#include "Hacl_Streaming_Blake2s_128.h"
+#include "Hacl_Hash_Blake2s_Simd128.h"
 #endif
 
 #ifdef HACL_CAN_COMPILE_VEC256
-#include "Hacl_Hash_Blake2b_256.h"
-#include "Hacl_Streaming_Blake2b_256.h"
+#include "Hacl_Hash_Blake2b_Simd256.h"
 #endif
 
 #include "blake2.h"
@@ -47,12 +45,9 @@ HACL_blake2b_32_oneshot(benchmark::State& state)
   bytes input(state.range(0), 0xAB);
 
   for (auto _ : state) {
-    Hacl_Blake2b_32_blake2b(digest2b.size(),
-                            digest2b.data(),
-                            input.size(),
-                            (uint8_t*)input.data(),
-                            0,
-                            NULL);
+    Hacl_Hash_Blake2b_hash_with_key(
+      digest2b.data(), digest2b.size(), (uint8_t*)input.data(), input.size(),
+      NULL, 0);
   }
 }
 
@@ -70,12 +65,9 @@ HACL_blake2b_vec256_oneshot(benchmark::State& state)
   bytes input(state.range(0), 0xAB);
 
   for (auto _ : state) {
-    Hacl_Blake2b_256_blake2b(digest2b.size(),
-                             digest2b.data(),
-                             input.size(),
-                             (uint8_t*)input.data(),
-                             0,
-                             NULL);
+    Hacl_Hash_Blake2b_Simd256_hash_with_key(
+      digest2b.data(), digest2b.size(), (uint8_t*)input.data(), input.size(),
+      NULL, 0);
   }
 }
 
@@ -89,9 +81,7 @@ EverCrypt_blake2b_oneshot(benchmark::State& state)
 
   for (auto _ : state) {
     EverCrypt_Hash_Incremental_hash(Spec_Hash_Definitions_Blake2B,
-                                    digest2b.data(),
-                                    input.data(),
-                                    input.size());
+      digest2b.data(), input.data(), input.size());
   }
 }
 
@@ -113,12 +103,9 @@ static void
 HACL_blake2b_32_oneshot_keyed(benchmark::State& state)
 {
   for (auto _ : state) {
-    Hacl_Blake2b_32_blake2b(digest2b.size(),
-                            digest2b.data(),
-                            input.size(),
-                            (uint8_t*)input.data(),
-                            key.size(),
-                            key.data());
+    Hacl_Hash_Blake2b_hash_with_key(
+      digest2b.data(), digest2b.size(), (uint8_t*)input.data(), input.size(),
+      key.data(), key.size());
   }
 }
 
@@ -134,12 +121,9 @@ HACL_blake2b_vec256_oneshot_keyed(benchmark::State& state)
   }
 
   for (auto _ : state) {
-    Hacl_Blake2b_256_blake2b(digest2b.size(),
-                             digest2b.data(),
-                             input.size(),
-                             (uint8_t*)input.data(),
-                             key.size(),
-                             key.data());
+    Hacl_Hash_Blake2b_Simd256_hash_with_key(
+      digest2b.data(), digest2b.size(), (uint8_t*)input.data(), input.size(),
+      key.data(), key.size());
   }
 }
 
@@ -175,8 +159,8 @@ HACL_blake2s_32_oneshot(benchmark::State& state)
   bytes input(state.range(0), 0xAB);
 
   for (auto _ : state) {
-    Hacl_Blake2s_32_blake2s(
-      digest2s.size(), digest2s.data(), input.size(), input.data(), 0, NULL);
+    Hacl_Hash_Blake2s_hash_with_key(
+      digest2s.data(), digest2s.size(), input.data(), input.size(), NULL, 0);
   }
 }
 
@@ -194,8 +178,8 @@ HACL_blake2s_vec128_oneshot(benchmark::State& state)
   bytes input(state.range(0), 0xAB);
 
   for (auto _ : state) {
-    Hacl_Blake2s_128_blake2s(
-      digest2s.size(), digest2s.data(), input.size(), input.data(), 0, NULL);
+    Hacl_Hash_Blake2s_Simd128_hash_with_key(
+      digest2s.data(), digest2s.size(), input.data(), input.size(), NULL, 0);
   }
 }
 
@@ -209,9 +193,7 @@ EverCrypt_blake2s_oneshot(benchmark::State& state)
 
   for (auto _ : state) {
     EverCrypt_Hash_Incremental_hash(Spec_Hash_Definitions_Blake2S,
-                                    digest2s.data(),
-                                    input.data(),
-                                    input.size());
+      digest2s.data(), input.data(), input.size());
   }
 }
 
@@ -233,12 +215,9 @@ static void
 HACL_blake2s_32_oneshot_keyed(benchmark::State& state)
 {
   for (auto _ : state) {
-    Hacl_Blake2s_32_blake2s(digest2s.size(),
-                            digest2s.data(),
-                            input.size(),
-                            (uint8_t*)input.data(),
-                            key.size(),
-                            key.data());
+    Hacl_Hash_Blake2s_hash_with_key(
+      digest2s.data(), digest2s.size(), (uint8_t*)input.data(), input.size(),
+      key.data(), key.size());
   }
 }
 
@@ -254,12 +233,9 @@ HACL_blake2s_vec128_oneshot_keyed(benchmark::State& state)
   }
 
   for (auto _ : state) {
-    Hacl_Blake2s_128_blake2s(digest2s.size(),
-                             digest2s.data(),
-                             input.size(),
-                             (uint8_t*)input.data(),
-                             key.size(),
-                             key.data());
+    Hacl_Hash_Blake2s_Simd128_hash_with_key(
+      digest2s.data(), digest2s.size(), (uint8_t*)input.data(), input.size(),
+      key.data(), key.size());
   }
 }
 
@@ -295,19 +271,18 @@ HACL_blake2b_32_streaming(benchmark::State& state)
     uint8_t digest[HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX];
 
     // Init
-    Hacl_Streaming_Blake2_blake2b_32_state_s* ctx =
-      Hacl_Streaming_Blake2_blake2b_32_no_key_create_in();
-    Hacl_Streaming_Blake2_blake2b_32_no_key_init(ctx);
+    Hacl_Hash_Blake2b_state_t* ctx =
+      Hacl_Hash_Blake2b_malloc();
 
     // Update
     for (auto chunk : chunk(input, chunk_len)) {
-      Hacl_Streaming_Blake2_blake2b_32_no_key_update(
+      Hacl_Hash_Blake2b_update(
         ctx, (uint8_t*)chunk.data(), chunk.size());
     }
 
     // Finish
-    Hacl_Streaming_Blake2_blake2b_32_no_key_finish(ctx, digest);
-    Hacl_Streaming_Blake2_blake2b_32_no_key_free(ctx);
+    Hacl_Hash_Blake2b_digest(ctx, digest);
+    Hacl_Hash_Blake2b_free(ctx);
   }
 }
 
@@ -348,19 +323,18 @@ HACL_blake2b_vec256_streaming(benchmark::State& state)
     uint8_t digest[HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX];
 
     // Init
-    Hacl_Streaming_Blake2b_256_blake2b_256_state_s* ctx =
-      Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in();
-    Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(ctx);
+    Hacl_Hash_Blake2b_Simd256_state_t* ctx =
+      Hacl_Hash_Blake2b_Simd256_malloc();
 
     // Update
     for (auto chunk : chunk(input, chunk_len)) {
-      Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update(
+      Hacl_Hash_Blake2b_Simd256_update(
         ctx, (uint8_t*)chunk.data(), chunk.size());
     }
 
     // Finish
-    Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish(ctx, digest);
-    Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free(ctx);
+    Hacl_Hash_Blake2b_Simd256_digest(ctx, digest);
+    Hacl_Hash_Blake2b_Simd256_free(ctx);
   }
 }
 
@@ -374,9 +348,8 @@ EverCrypt_blake2b_streaming(benchmark::State& state)
     uint8_t digest[HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX];
 
     // Init
-    EverCrypt_Hash_Incremental_hash_state_s* ctx =
-      EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_Blake2B);
-    EverCrypt_Hash_Incremental_init(ctx);
+    EverCrypt_Hash_Incremental_state_t* ctx =
+      EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_Blake2B);
 
     // Update
     for (auto chunk : chunk(input, chunk_len)) {
@@ -384,7 +357,7 @@ EverCrypt_blake2b_streaming(benchmark::State& state)
     }
 
     // Finish
-    EverCrypt_Hash_Incremental_finish(ctx, digest);
+    EverCrypt_Hash_Incremental_digest(ctx, digest);
     EverCrypt_Hash_Incremental_free(ctx);
   }
 }
@@ -411,19 +384,16 @@ HACL_blake2s_32_streaming(benchmark::State& state)
     uint8_t digest[HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX];
 
     // Init
-    Hacl_Streaming_Blake2_blake2s_32_state_s* ctx =
-      Hacl_Streaming_Blake2_blake2s_32_no_key_create_in();
-    Hacl_Streaming_Blake2_blake2s_32_no_key_init(ctx);
+    Hacl_Hash_Blake2s_state_t* ctx = Hacl_Hash_Blake2s_malloc();
 
     // Update
     for (auto chunk : chunk(input, chunk_len)) {
-      Hacl_Streaming_Blake2_blake2s_32_no_key_update(
-        ctx, (uint8_t*)chunk.data(), chunk.size());
+      Hacl_Hash_Blake2s_update(ctx, (uint8_t*)chunk.data(), chunk.size());
     }
 
     // Finish
-    Hacl_Streaming_Blake2_blake2s_32_no_key_finish(ctx, digest);
-    Hacl_Streaming_Blake2_blake2s_32_no_key_free(ctx);
+    Hacl_Hash_Blake2s_digest(ctx, digest);
+    Hacl_Hash_Blake2s_free(ctx);
   }
 }
 
@@ -464,19 +434,17 @@ HACL_blake2s_vec128_streaming(benchmark::State& state)
     uint8_t digest[HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX];
 
     // Init
-    Hacl_Streaming_Blake2s_128_blake2s_128_state_s* ctx =
-      Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in();
-    Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(ctx);
+    Hacl_Hash_Blake2s_Simd128_state_t* ctx = Hacl_Hash_Blake2s_Simd128_malloc();
 
     // Update
     for (auto chunk : chunk(input, chunk_len)) {
-      Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update(
+      Hacl_Hash_Blake2s_Simd128_update(
         ctx, (uint8_t*)chunk.data(), chunk.size());
     }
 
     // Finish
-    Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish(ctx, digest);
-    Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free(ctx);
+    Hacl_Hash_Blake2s_Simd128_digest(ctx, digest);
+    Hacl_Hash_Blake2s_Simd128_free(ctx);
   }
 }
 
@@ -490,9 +458,8 @@ EverCrypt_blake2s_streaming(benchmark::State& state)
     uint8_t digest[HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX];
 
     // Init
-    EverCrypt_Hash_Incremental_hash_state_s* ctx =
-      EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_Blake2S);
-    EverCrypt_Hash_Incremental_init(ctx);
+    EverCrypt_Hash_Incremental_state_t* ctx =
+      EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_Blake2S);
 
     // Update
     for (auto chunk : chunk(input, chunk_len)) {
@@ -500,7 +467,7 @@ EverCrypt_blake2s_streaming(benchmark::State& state)
     }
 
     // Finish
-    EverCrypt_Hash_Incremental_finish(ctx, digest);
+    EverCrypt_Hash_Incremental_digest(ctx, digest);
     EverCrypt_Hash_Incremental_free(ctx);
   }
 }
diff --git a/benchmarks/chacha20poly1305.cc b/benchmarks/chacha20poly1305.cc
index ee01f721..998ab022 100644
--- a/benchmarks/chacha20poly1305.cc
+++ b/benchmarks/chacha20poly1305.cc
@@ -6,12 +6,12 @@
  *    - http://opensource.org/licenses/MIT
  */
 
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 #ifdef HACL_CAN_COMPILE_VEC128
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 #endif
 #ifdef HACL_CAN_COMPILE_VEC256
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 #endif
 
 #include "EverCrypt_AEAD.h"
@@ -112,14 +112,9 @@ static void
 HACL_Chacha20Poly1305_32_encrypt(benchmark::State& state)
 {
   for (auto _ : state) {
-    Hacl_Chacha20Poly1305_32_aead_encrypt(key.data(),
-                                          nonce.data(),
-                                          aad.size(),
-                                          aad.data(),
-                                          INPUT_LEN,
-                                          plaintext.data(),
-                                          ciphertext.data(),
-                                          mac.data());
+    Hacl_AEAD_Chacha20Poly1305_encrypt(
+      ciphertext.data(), mac.data(), plaintext.data(), INPUT_LEN,
+      aad.data(), aad.size(), key.data(), nonce.data());
   }
 
   if (ciphertext != expected_ciphertext) {
@@ -139,14 +134,9 @@ HACL_Chacha20Poly1305_Vec128_encrypt(benchmark::State& state)
   }
 
   for (auto _ : state) {
-    Hacl_Chacha20Poly1305_128_aead_decrypt(key.data(),
-                                           nonce.data(),
-                                           aad.size(),
-                                           aad.data(),
-                                           INPUT_LEN,
-                                           plaintext.data(),
-                                           ciphertext.data(),
-                                           mac.data());
+    Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(
+      plaintext.data(), ciphertext.data(), INPUT_LEN, aad.data(),
+      aad.size(), key.data(), nonce.data(), mac.data());
   }
 
   if (ciphertext != expected_ciphertext) {
@@ -167,14 +157,9 @@ HACL_Chacha20Poly1305_Vec256_encrypt(benchmark::State& state)
   }
 
   for (auto _ : state) {
-    Hacl_Chacha20Poly1305_256_aead_encrypt(key.data(),
-                                           nonce.data(),
-                                           aad.size(),
-                                           aad.data(),
-                                           INPUT_LEN,
-                                           plaintext.data(),
-                                           ciphertext.data(),
-                                           mac.data());
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(
+      ciphertext.data(), mac.data(), plaintext.data(), INPUT_LEN,
+      aad.data(), aad.size(), key.data(), nonce.data());
   }
 
   if (ciphertext != expected_ciphertext) {
diff --git a/benchmarks/hmac.cc b/benchmarks/hmac.cc
index 61dec7a8..dc4d950f 100644
--- a/benchmarks/hmac.cc
+++ b/benchmarks/hmac.cc
@@ -131,7 +131,7 @@ BENCHMARK_CAPTURE(
   sha1,
   from_hex("7DD9CDC17DD7C7CD4B1D39C13FA7E511354CC6EB7F5BEB07ED2D353E138A9428"),
   HACL_MAC_HMAC_SHA1_TAG_LEN,
-  Hacl_HMAC_legacy_compute_sha1)
+  Hacl_HMAC_compute_sha1)
   ->Setup(DoSetup)
   ->Arg(4096);
 
diff --git a/benchmarks/sha1.cc b/benchmarks/sha1.cc
index 1b0ac299..87428664 100644
--- a/benchmarks/sha1.cc
+++ b/benchmarks/sha1.cc
@@ -16,7 +16,7 @@ HACL_Sha1_oneshot(benchmark::State& state)
   bytes digest(HACL_HASH_SHA1_DIGEST_LENGTH, 0);
 
   for (auto _ : state) {
-    Hacl_Streaming_SHA1_legacy_hash(input.data(), input.size(), digest.data());
+    Hacl_Hash_SHA1_hash(digest.data(), input.data(), input.size());
   }
 
   if (digest != expected_digest) {
@@ -55,20 +55,18 @@ HACL_Sha1_streaming(benchmark::State& state)
 
   for (auto _ : state) {
     // Init
-    Hacl_Streaming_SHA1_state* state =
-      Hacl_Streaming_SHA1_legacy_create_in();
-    Hacl_Streaming_SHA1_legacy_init(state);
+    Hacl_Hash_SHA1_state_t* state = Hacl_Hash_SHA1_malloc();
 
     // Update
     for (size_t i = 0; i < input.size();) {
-      Hacl_Streaming_SHA1_legacy_update(
+      Hacl_Hash_SHA1_update(
         state, input.data() + i, min(chunk_len, input.size() - i));
       i += chunk_len;
     }
 
     // Finish
-    Hacl_Streaming_SHA1_legacy_finish(state, digest.data());
-    Hacl_Streaming_SHA1_legacy_free(state);
+    Hacl_Hash_SHA1_digest(state, digest.data());
+    Hacl_Hash_SHA1_free(state);
   }
 
   if (digest != expected_digest) {
diff --git a/benchmarks/sha2.cc b/benchmarks/sha2.cc
index f41933b8..7a862761 100644
--- a/benchmarks/sha2.cc
+++ b/benchmarks/sha2.cc
@@ -9,11 +9,11 @@
 #include "Hacl_Hash_SHA2.h"
 
 #ifdef HACL_CAN_COMPILE_VEC128
-#include "Hacl_Hash_Blake2s_128.h"
+#include "Hacl_Hash_Blake2s_Simd128.h"
 #endif
 
 #ifdef HACL_CAN_COMPILE_VEC256
-#include "Hacl_Hash_Blake2b_256.h"
+#include "Hacl_Hash_Blake2b_Simd256.h"
 #endif
 
 #include "util.h"
@@ -47,13 +47,13 @@ HACL_Sha2_oneshot(benchmark::State& state, Args&&... args)
   auto expected_digest = std::get<1>(args_tuple);
   auto hash = std::get<2>(args_tuple);
 
-  bytes digest(digest_len, 0);
+  bytes output(digest_len, 0);
 
   for (auto _ : state) {
-    hash((uint8_t*)input.data(), input.size(), digest.data());
+    hash(output.data(), (uint8_t*)input.data(), input.size());
   }
 
-  if (digest != expected_digest) {
+  if (output != expected_digest) {
     state.SkipWithError("Incorrect digest.");
     return;
   }
@@ -90,18 +90,17 @@ HACL_Sha2_streaming(benchmark::State& state, Args&&... args)
 
   auto digest_len = std::get<0>(args_tuple);
   auto expected_digest = std::get<1>(args_tuple);
-  auto create_in = std::get<2>(args_tuple);
-  auto init = std::get<3>(args_tuple);
+  auto malloc = std::get<2>(args_tuple);
+  //auto reset = std::get<3>(args_tuple);
   auto update = std::get<4>(args_tuple);
-  auto finish = std::get<5>(args_tuple);
+  auto digest = std::get<5>(args_tuple);
   auto free = std::get<6>(args_tuple);
 
-  bytes digest(digest_len, 0);
+  bytes output(digest_len, 0);
 
   for (auto _ : state) {
     // Init
-    auto* ctx = create_in();
-    init(ctx);
+    auto* ctx = malloc();
 
     // Update
     for (auto chunk : chunk(input, chunk_len)) {
@@ -109,11 +108,11 @@ HACL_Sha2_streaming(benchmark::State& state, Args&&... args)
     }
 
     // Finish
-    finish(ctx, digest.data());
+    digest(ctx, output.data());
     free(ctx);
   }
 
-  if (digest != expected_digest) {
+  if (output != expected_digest) {
     state.SkipWithError("Incorrect digest.");
     return;
   }
@@ -133,9 +132,8 @@ EverCrypt_Sha2_streaming(benchmark::State& state, Args&&... args)
 
   for (auto _ : state) {
     // Init
-    EverCrypt_Hash_Incremental_hash_state* ctx =
-      EverCrypt_Hash_Incremental_create_in(algorithm);
-    EverCrypt_Hash_Incremental_init(ctx);
+    EverCrypt_Hash_Incremental_state_t* ctx =
+      EverCrypt_Hash_Incremental_malloc(algorithm);
 
     // Update
     for (auto chunk : chunk(input, chunk_len)) {
@@ -143,7 +141,7 @@ EverCrypt_Sha2_streaming(benchmark::State& state, Args&&... args)
     }
 
     // Finish
-    EverCrypt_Hash_Incremental_finish(ctx, digest.data());
+    EverCrypt_Hash_Incremental_digest(ctx, digest.data());
     EverCrypt_Hash_Incremental_free(ctx);
   }
 
@@ -159,7 +157,7 @@ BENCHMARK_CAPTURE(HACL_Sha2_oneshot,
                   sha2_224,
                   HACL_HASH_SHA2_224_DIGEST_LENGTH,
                   expected_digest_sha2_224,
-                  Hacl_Streaming_SHA2_hash_224)
+                  Hacl_Hash_SHA2_hash_224)
   ->Setup(DoSetup);
 
 BENCHMARK_CAPTURE(EverCrypt_Sha2_oneshot,
@@ -182,7 +180,7 @@ BENCHMARK_CAPTURE(HACL_Sha2_oneshot,
                   sha2_256,
                   HACL_HASH_SHA2_256_DIGEST_LENGTH,
                   expected_digest_sha2_256,
-                  Hacl_Streaming_SHA2_hash_256)
+                  Hacl_Hash_SHA2_hash_256)
   ->Setup(DoSetup);
 
 BENCHMARK_CAPTURE(EverCrypt_Sha2_oneshot,
@@ -205,7 +203,7 @@ BENCHMARK_CAPTURE(HACL_Sha2_oneshot,
                   sha2_384,
                   HACL_HASH_SHA2_384_DIGEST_LENGTH,
                   expected_digest_sha2_384,
-                  Hacl_Streaming_SHA2_hash_384)
+                  Hacl_Hash_SHA2_hash_384)
   ->Setup(DoSetup);
 
 BENCHMARK_CAPTURE(EverCrypt_Sha2_oneshot,
@@ -228,7 +226,7 @@ BENCHMARK_CAPTURE(HACL_Sha2_oneshot,
                   sha2_512,
                   HACL_HASH_SHA2_512_DIGEST_LENGTH,
                   expected_digest_sha2_512,
-                  Hacl_Streaming_SHA2_hash_512)
+                  Hacl_Hash_SHA2_hash_512)
   ->Setup(DoSetup);
 
 BENCHMARK_CAPTURE(EverCrypt_Sha2_oneshot,
@@ -253,11 +251,11 @@ BENCHMARK_CAPTURE(HACL_Sha2_streaming,
                   sha2_224,
                   HACL_HASH_SHA2_224_DIGEST_LENGTH,
                   expected_digest_sha2_224,
-                  Hacl_Streaming_SHA2_create_in_224,
-                  Hacl_Streaming_SHA2_init_224,
-                  Hacl_Streaming_SHA2_update_224,
-                  Hacl_Streaming_SHA2_finish_224,
-                  Hacl_Streaming_SHA2_free_224)
+                  Hacl_Hash_SHA2_malloc_224,
+                  Hacl_Hash_SHA2_reset_224,
+                  Hacl_Hash_SHA2_update_224,
+                  Hacl_Hash_SHA2_digest_224,
+                  Hacl_Hash_SHA2_free_224)
   ->Setup(DoSetup);
 
 BENCHMARK_CAPTURE(EverCrypt_Sha2_streaming,
@@ -281,11 +279,11 @@ BENCHMARK_CAPTURE(HACL_Sha2_streaming,
                   sha2_256,
                   HACL_HASH_SHA2_256_DIGEST_LENGTH,
                   expected_digest_sha2_256,
-                  Hacl_Streaming_SHA2_create_in_256,
-                  Hacl_Streaming_SHA2_init_256,
-                  Hacl_Streaming_SHA2_update_256,
-                  Hacl_Streaming_SHA2_finish_256,
-                  Hacl_Streaming_SHA2_free_256)
+                  Hacl_Hash_SHA2_malloc_256,
+                  Hacl_Hash_SHA2_reset_256,
+                  Hacl_Hash_SHA2_update_256,
+                  Hacl_Hash_SHA2_digest_256,
+                  Hacl_Hash_SHA2_free_256)
   ->Setup(DoSetup);
 
 BENCHMARK_CAPTURE(EverCrypt_Sha2_streaming,
@@ -337,11 +335,11 @@ BENCHMARK_CAPTURE(HACL_Sha2_streaming,
                   sha2_384,
                   HACL_HASH_SHA2_384_DIGEST_LENGTH,
                   expected_digest_sha2_384,
-                  Hacl_Streaming_SHA2_create_in_384,
-                  Hacl_Streaming_SHA2_init_384,
-                  Hacl_Streaming_SHA2_update_384,
-                  Hacl_Streaming_SHA2_finish_384,
-                  Hacl_Streaming_SHA2_free_384)
+                  Hacl_Hash_SHA2_malloc_384,
+                  Hacl_Hash_SHA2_reset_384,
+                  Hacl_Hash_SHA2_update_384,
+                  Hacl_Hash_SHA2_digest_384,
+                  Hacl_Hash_SHA2_free_384)
   ->Setup(DoSetup);
 
 BENCHMARK_CAPTURE(EverCrypt_Sha2_streaming,
@@ -365,11 +363,11 @@ BENCHMARK_CAPTURE(HACL_Sha2_streaming,
                   sha2_512,
                   HACL_HASH_SHA2_512_DIGEST_LENGTH,
                   expected_digest_sha2_512,
-                  Hacl_Streaming_SHA2_create_in_512,
-                  Hacl_Streaming_SHA2_init_512,
-                  Hacl_Streaming_SHA2_update_512,
-                  Hacl_Streaming_SHA2_finish_512,
-                  Hacl_Streaming_SHA2_free_512)
+                  Hacl_Hash_SHA2_malloc_512,
+                  Hacl_Hash_SHA2_reset_512,
+                  Hacl_Hash_SHA2_update_512,
+                  Hacl_Hash_SHA2_digest_512,
+                  Hacl_Hash_SHA2_free_512)
   ->Setup(DoSetup);
 
 BENCHMARK_CAPTURE(EverCrypt_Sha2_streaming,
diff --git a/benchmarks/sha3.cc b/benchmarks/sha3.cc
index 7f45a7f7..de744d8f 100644
--- a/benchmarks/sha3.cc
+++ b/benchmarks/sha3.cc
@@ -27,7 +27,7 @@ static void
 Hacl_Sha3_224(benchmark::State& state)
 {
   for (auto _ : state) {
-    Hacl_SHA3_sha3_224(input.size(), (uint8_t*)input.data(), digest224.data());
+    Hacl_Hash_SHA3_sha3_224(digest224.data(), (uint8_t*)input.data(), input.size());
   }
   if (digest224 != expected_digest_sha3_224) {
     state.SkipWithError("Incorrect digest.");
@@ -51,7 +51,7 @@ static void
 Hacl_Sha3_256(benchmark::State& state)
 {
   for (auto _ : state) {
-    Hacl_SHA3_sha3_256(input.size(), (uint8_t*)input.data(), digest256.data());
+    Hacl_Hash_SHA3_sha3_256(digest256.data(), (uint8_t*)input.data(), input.size());
   }
   if (digest256 != expected_digest_sha3_256) {
     state.SkipWithError("Incorrect digest.");
@@ -102,7 +102,7 @@ static void
 Hacl_Sha3_384(benchmark::State& state)
 {
   for (auto _ : state) {
-    Hacl_SHA3_sha3_384(input.size(), (uint8_t*)input.data(), digest384.data());
+    Hacl_Hash_SHA3_sha3_384(digest384.data(), (uint8_t*)input.data(), input.size());
   }
   if (digest384 != expected_digest_sha3_384) {
     state.SkipWithError("Incorrect digest.");
@@ -126,7 +126,7 @@ static void
 Hacl_Sha3_512(benchmark::State& state)
 {
   for (auto _ : state) {
-    Hacl_SHA3_sha3_512(input.size(), (uint8_t*)input.data(), digest512.data());
+    Hacl_Hash_SHA3_sha3_512(digest512.data(), (uint8_t*)input.data(), input.size());
   }
   if (digest512 != expected_digest_sha3_512) {
     state.SkipWithError("Incorrect digest.");
@@ -176,21 +176,20 @@ Hacl_Sha3_256_Streaming(benchmark::State& state)
 {
   for (auto _ : state) {
     // Init
-    Hacl_Streaming_Keccak_state* sha_state =
-      Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_SHA3_256);
-    Hacl_Streaming_Keccak_reset(sha_state);
+    Hacl_Hash_SHA3_state_t* sha_state =
+      Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_SHA3_256);
 
     // Update
     for (size_t i = 0; i < input.size();) {
-      Hacl_Streaming_Keccak_update(sha_state,
-                                   (uint8_t*)input.data() + i,
-                                   min(chunk_len, input.size() - i));
+      Hacl_Hash_SHA3_update(sha_state,
+                            (uint8_t*)input.data() + i,
+                            min(chunk_len, input.size() - i));
       i += chunk_len;
     }
 
     // Finish
-    Hacl_Streaming_Keccak_finish(sha_state, digest256.data());
-    Hacl_Streaming_Keccak_free(sha_state);
+    Hacl_Hash_SHA3_digest(sha_state, digest256.data());
+    Hacl_Hash_SHA3_free(sha_state);
   }
 
   if (digest256 != expected_digest_sha3_256) {
@@ -243,10 +242,8 @@ static void
 Hacl_Sha3_shake128(benchmark::State& state)
 {
   for (auto _ : state) {
-    Hacl_SHA3_shake128_hacl(input.size(),
-                            (uint8_t*)input.data(),
-                            digest_shake.size(),
-                            digest_shake.data());
+    Hacl_Hash_SHA3_shake128_hacl(
+      input.size(), (uint8_t*)input.data(), digest_shake.size(), digest_shake.data());
   }
 }
 
@@ -256,10 +253,8 @@ static void
 Hacl_Sha3_shake256(benchmark::State& state)
 {
   for (auto _ : state) {
-    Hacl_SHA3_shake256_hacl(input.size(),
-                            (uint8_t*)input.data(),
-                            digest_shake.size(),
-                            digest_shake.data());
+    Hacl_Hash_SHA3_shake256_hacl(
+      input.size(), (uint8_t*)input.data(), digest_shake.size(), digest_shake.data());
   }
 }
 
diff --git a/config/config.json b/config/config.json
index 06ff34fe..7dd4cae3 100644
--- a/config/config.json
+++ b/config/config.json
@@ -42,27 +42,19 @@
                 "features": "std"
             },
             {
-                "file": "Hacl_Hash_Blake2.c",
+                "file": "Hacl_Hash_Blake2b.c",
                 "features": "std"
             },
             {
-                "file": "Hacl_Streaming_Blake2.c",
+                "file": "Hacl_Hash_Blake2s.c",
                 "features": "std"
             },
             {
-                "file": "Hacl_Hash_Blake2b_256.c",
+                "file": "Hacl_Hash_Blake2b_Simd256.c",
                 "features": "vec256"
             },
             {
-                "file": "Hacl_Streaming_Blake2b_256.c",
-                "features": "vec256"
-            },
-            {
-                "file": "Hacl_Hash_Blake2s_128.c",
-                "features": "vec128"
-            },
-            {
-                "file": "Hacl_Streaming_Blake2s_128.c",
+                "file": "Hacl_Hash_Blake2s_Simd128.c",
                 "features": "vec128"
             }
         ],
@@ -104,11 +96,11 @@
         ],
         "chacha20poly1305": [
             {
-                "file": "Hacl_Chacha20Poly1305_32.c",
+                "file": "Hacl_AEAD_Chacha20Poly1305.c",
                 "features": "std"
             },
             {
-                "file": "Hacl_Streaming_Poly1305_32.c",
+                "file": "Hacl_MAC_Poly1305.c",
                 "features": "std"
             },
             {
@@ -116,11 +108,11 @@
                 "features": "std"
             },
             {
-                "file": "Hacl_Chacha20Poly1305_128.c",
+                "file": "Hacl_AEAD_Chacha20Poly1305_Simd128.c",
                 "features": "vec128"
             },
             {
-                "file": "Hacl_Streaming_Poly1305_128.c",
+                "file": "Hacl_MAC_Poly1305_Simd128.c",
                 "features": "vec128"
             },
             {
@@ -128,11 +120,11 @@
                 "features": "vec128"
             },
             {
-                "file": "Hacl_Chacha20Poly1305_256.c",
+                "file": "Hacl_AEAD_Chacha20Poly1305_Simd256.c",
                 "features": "vec256"
             },
             {
-                "file": "Hacl_Streaming_Poly1305_256.c",
+                "file": "Hacl_MAC_Poly1305_Simd256.c",
                 "features": "vec256"
             },
             {
diff --git a/config/default_config.cmake b/config/default_config.cmake
index a2fe0e07..9a05896e 100644
--- a/config/default_config.cmake
+++ b/config/default_config.cmake
@@ -1,26 +1,25 @@
 set(SOURCES_std
 	${PROJECT_SOURCE_DIR}/src/Hacl_NaCl.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Salsa20.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Poly1305_32.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_MAC_Poly1305.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Curve25519_51.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_HMAC_DRBG.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_HMAC.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_SHA2.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2b.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2s.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Ed25519.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_EC_Ed25519.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Base.c
 	${PROJECT_SOURCE_DIR}/src/Lib_Memzero0.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Blake2.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Bignum256_32.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Bignum.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Bignum256.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Bignum32.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Bignum4096_32.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_GenericField32.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20Poly1305_32.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_AEAD_Chacha20Poly1305.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Poly1305_32.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20_Vec32.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_P256.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_K256_ECDSA.c
@@ -55,12 +54,10 @@ set(SOURCES_std
 	${PROJECT_SOURCE_DIR}/src/EverCrypt_AEAD.c
 )
 set(SOURCES_vec256
-	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2b_256.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Blake2b_256.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20Poly1305_256.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Poly1305_256.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2b_Simd256.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_AEAD_Chacha20Poly1305_Simd256.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_MAC_Poly1305_Simd256.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20_Vec256.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Poly1305_256.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_SHA2_Vec256.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_HKDF_Blake2b_256.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_HMAC_Blake2b_256.c
@@ -69,15 +66,13 @@ set(SOURCES_vec256
 	${PROJECT_SOURCE_DIR}/src/Hacl_HPKE_P256_CP256_SHA256.c
 )
 set(SOURCES_vec128
-	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2s_128.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Blake2s_128.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2s_Simd128.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Bignum4096.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Bignum64.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_GenericField64.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20Poly1305_128.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Poly1305_128.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_AEAD_Chacha20Poly1305_Simd128.c
+	${PROJECT_SOURCE_DIR}/src/Hacl_MAC_Poly1305_Simd128.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20_Vec128.c
-	${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Poly1305_128.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_SHA2_Vec128.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_HKDF_Blake2s_128.c
 	${PROJECT_SOURCE_DIR}/src/Hacl_HMAC_Blake2s_128.c
@@ -114,7 +109,7 @@ set(INCLUDES
 	${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
 	${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/LowStar_Endianness.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Salsa20.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_32.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Krmllib.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Curve25519_51.h
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Krmllib.h
@@ -123,7 +118,8 @@ set(INCLUDES
 	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Types.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_HMAC.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_SHA2.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s.h
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Ed25519.h
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_SHA2.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_SHA2.h
@@ -139,16 +135,15 @@ set(INCLUDES
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Ed25519.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_EC_Ed25519.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Base.h
-	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_Blake2.h
+	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_Blake2b.h
+	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_Blake2s.h
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Impl_Blake2_Constants.h
-	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2.h
+	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2b.h
+	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2s.h
 	${PROJECT_SOURCE_DIR}/include/lib_memzero0.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_256.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_Simd256.h
 	${PROJECT_SOURCE_DIR}/include/libintvector.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2b_256.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s_128.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2s_128.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s_Simd128.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Bignum256_32.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Bignum.h
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Bignum.h
@@ -160,24 +155,21 @@ set(INCLUDES
 	${PROJECT_SOURCE_DIR}/include/Hacl_Bignum64.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_GenericField32.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_GenericField64.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_32.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_32.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec32.h
 	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Chacha20.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Chacha20.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_128.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_128.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305_Simd128.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec128.h
-	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Poly1305_128.h
-	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Poly1305_128.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_128.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_256.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_256.h
+	${PROJECT_SOURCE_DIR}/include/internal/Hacl_MAC_Poly1305_Simd128.h
+	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_MAC_Poly1305_Simd128.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305_Simd256.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec256.h
-	${PROJECT_SOURCE_DIR}/include/internal/Hacl_Poly1305_256.h
-	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Poly1305_256.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_256.h
+	${PROJECT_SOURCE_DIR}/include/internal/Hacl_MAC_Poly1305_Simd256.h
+	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_MAC_Poly1305_Simd256.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Curve25519_64.h
 	${PROJECT_SOURCE_DIR}/include/internal/Vale.h
 	${PROJECT_SOURCE_DIR}/include/curve25519-inline.h
@@ -256,7 +248,7 @@ set(PUBLIC_INCLUDES
 	${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
 	${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/LowStar_Endianness.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Salsa20.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_32.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Krmllib.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Curve25519_51.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Krmllib.h
@@ -264,7 +256,8 @@ set(PUBLIC_INCLUDES
 	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Types.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_HMAC.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_SHA2.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_SHA2.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Curve25519_51.h
 	${PROJECT_SOURCE_DIR}/include/lib_intrinsics.h
@@ -274,14 +267,12 @@ set(PUBLIC_INCLUDES
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Ed25519.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_EC_Ed25519.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Base.h
-	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2.h
+	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2b.h
+	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2s.h
 	${PROJECT_SOURCE_DIR}/include/lib_memzero0.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_256.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_Simd256.h
 	${PROJECT_SOURCE_DIR}/include/libintvector.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2b_256.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s_128.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2s_128.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s_Simd128.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Bignum256_32.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Bignum.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Bignum.h
@@ -292,21 +283,18 @@ set(PUBLIC_INCLUDES
 	${PROJECT_SOURCE_DIR}/include/Hacl_Bignum64.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_GenericField32.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_GenericField64.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_32.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_32.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec32.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Chacha20.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_128.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_128.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305_Simd128.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec128.h
-	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Poly1305_128.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_128.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_256.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_256.h
+	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_MAC_Poly1305_Simd128.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h
+	${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305_Simd256.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec256.h
-	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Poly1305_256.h
-	${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_256.h
+	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_MAC_Poly1305_Simd256.h
 	${PROJECT_SOURCE_DIR}/include/Hacl_Curve25519_64.h
 	${PROJECT_SOURCE_DIR}/include/curve25519-inline.h
 	${PROJECT_SOURCE_DIR}/include/internal/../Hacl_P256.h
diff --git a/docs/reference/evercrypt/hash/index.md b/docs/reference/evercrypt/hash/index.md
index c2a829dc..62095760 100644
--- a/docs/reference/evercrypt/hash/index.md
+++ b/docs/reference/evercrypt/hash/index.md
@@ -42,12 +42,12 @@ EverCrypt provides multiple hash algorithms, i.e., ...
 ```{doxygendefine} Spec_Hash_Definitions_Blake2B
 ```
 
-```{doxygentypedef} EverCrypt_Hash_Incremental_hash_state
+```{doxygentypedef} EverCrypt_Hash_Incremental_state_t
 ```
 
 ## Functions
 
-<!-- EverCrypt_Hash_string_of_alg, EverCrypt_Hash_uu___is_MD5_s, EverCrypt_Hash_uu___is_SHA1_s, EverCrypt_Hash_uu___is_SHA2_224_s, EverCrypt_Hash_uu___is_SHA2_256_s, EverCrypt_Hash_uu___is_SHA2_384_s, EverCrypt_Hash_uu___is_SHA2_512_s, EverCrypt_Hash_uu___is_Blake2S_s, EverCrypt_Hash_uu___is_Blake2S_128_s, EverCrypt_Hash_uu___is_Blake2B_s, EverCrypt_Hash_uu___is_Blake2B_256_s, EverCrypt_Hash_alg_of_state, EverCrypt_Hash_create_in, EverCrypt_Hash_create, EverCrypt_Hash_init, EverCrypt_Hash_update_multi_256, EverCrypt_Hash_update, EverCrypt_Hash_update_multi, EverCrypt_Hash_update_last_256, EverCrypt_Hash_update_last, EverCrypt_Hash_finish, EverCrypt_Hash_free, EverCrypt_Hash_copy, EverCrypt_Hash_hash_256, EverCrypt_Hash_hash_224, EverCrypt_Hash_hash, EverCrypt_Hash_Incremental_hash_len, EverCrypt_Hash_Incremental_block_len, EverCrypt_Hash_Incremental_create_in, EverCrypt_Hash_Incremental_init, EverCrypt_Hash_Incremental_update, EverCrypt_Hash_Incremental_finish_md5, EverCrypt_Hash_Incremental_finish_sha1, EverCrypt_Hash_Incremental_finish_sha224, EverCrypt_Hash_Incremental_finish_sha256, EverCrypt_Hash_Incremental_finish_sha384, EverCrypt_Hash_Incremental_finish_sha512, EverCrypt_Hash_Incremental_finish_blake2s, EverCrypt_Hash_Incremental_finish_blake2b, EverCrypt_Hash_Incremental_alg_of_state, EverCrypt_Hash_Incremental_finish, EverCrypt_Hash_Incremental_free -->
+<!-- EverCrypt_Hash_string_of_alg, EverCrypt_Hash_uu___is_MD5_s, EverCrypt_Hash_uu___is_SHA1_s, EverCrypt_Hash_uu___is_SHA2_224_s, EverCrypt_Hash_uu___is_SHA2_256_s, EverCrypt_Hash_uu___is_SHA2_384_s, EverCrypt_Hash_uu___is_SHA2_512_s, EverCrypt_Hash_uu___is_Blake2S_s, EverCrypt_Hash_uu___is_Blake2S_128_s, EverCrypt_Hash_uu___is_Blake2B_s, EverCrypt_Hash_uu___is_Blake2B_256_s, EverCrypt_Hash_alg_of_state, EverCrypt_Hash_create_in, EverCrypt_Hash_create, EverCrypt_Hash_init, EverCrypt_Hash_update_multi_256, EverCrypt_Hash_update, EverCrypt_Hash_update_multi, EverCrypt_Hash_update_last_256, EverCrypt_Hash_update_last, EverCrypt_Hash_finish, EverCrypt_Hash_free, EverCrypt_Hash_copy, EverCrypt_Hash_hash_256, EverCrypt_Hash_hash_224, EverCrypt_Hash_hash, EverCrypt_Hash_Incremental_hash_len, EverCrypt_Hash_Incremental_block_len, EverCrypt_Hash_Incremental_malloc, EverCrypt_Hash_Incremental_reset, EverCrypt_Hash_Incremental_update, EverCrypt_Hash_Incremental_finish_md5, EverCrypt_Hash_Incremental_finish_sha1, EverCrypt_Hash_Incremental_finish_sha224, EverCrypt_Hash_Incremental_finish_sha256, EverCrypt_Hash_Incremental_finish_sha384, EverCrypt_Hash_Incremental_finish_sha512, EverCrypt_Hash_Incremental_finish_blake2s, EverCrypt_Hash_Incremental_finish_blake2b, EverCrypt_Hash_Incremental_alg_of_state, EverCrypt_Hash_Incremental_digest, EverCrypt_Hash_Incremental_free -->
 
 ```{doxygenfunction} EverCrypt_Hash_Incremental_hash
 ```
@@ -59,17 +59,17 @@ EverCrypt provides multiple hash algorithms, i.e., ...
 
 --------------------------------------------------------------------------------
 
-```{doxygenfunction} EverCrypt_Hash_Incremental_create_in
+```{doxygenfunction} EverCrypt_Hash_Incremental_malloc
 ```
 
 Create a hash state.
 
 `a` Algorithm to use.
 
-```{doxygenfunction} EverCrypt_Hash_Incremental_init
+```{doxygenfunction} EverCrypt_Hash_Incremental_reset
 ```
 
-Initialize hash state).
+Reset hash state).
 
 `s` The hash state.
 
@@ -82,7 +82,7 @@ Feed the next chunk of the message that will be hashed.
 `data` Pointer to the next chunk of the message that will be hashed.
 `len` Length of the next chunk of the message that will be hashed.
 
-```{doxygenfunction} EverCrypt_Hash_Incremental_finish
+```{doxygenfunction} EverCrypt_Hash_Incremental_digest
 ```
 
 Finish the hash calculation and write the digest to `dst`.
diff --git a/docs/reference/hacl/aead/chacha20poly1305.md b/docs/reference/hacl/aead/chacha20poly1305.md
index f52443e9..04075548 100644
--- a/docs/reference/hacl/aead/chacha20poly1305.md
+++ b/docs/reference/hacl/aead/chacha20poly1305.md
@@ -10,7 +10,7 @@ All memory for the output variables have to be allocated by the caller.
 
 ````{group-tab} 32
 ```c
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 ```
 
 A portable C implementation that can be compiled and run on any platform that is 32-bit or higher.
@@ -20,7 +20,7 @@ This implementation works on all CPUs.
 
 ````{group-tab} 128
 ```c
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 ```
 
 A 128-bit vectorized C implementation that can be compiled and run on any platform that supports 128-bit SIMD instructions.
@@ -30,7 +30,7 @@ Support for VEC128 is needed. Please see the [HACL Packages book].
 
 ````{group-tab} 256
 ```c
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 ```
 
 A 256-bit vectorized C implementation that can be compiled and run on any platform that supports 256-bit SIMD instructions.
@@ -59,21 +59,21 @@ Support for VEC256 is needed. Please see the [HACL Packages book].
 
 `````{tabs}
 ````{group-tab} 32
-```{doxygenfunction} Hacl_Chacha20Poly1305_32_aead_encrypt
+```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_encrypt
 ```
-```{doxygenfunction} Hacl_Chacha20Poly1305_32_aead_decrypt
+```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_decrypt
 ```
 ````
 ````{group-tab} 128
-```{doxygenfunction} Hacl_Chacha20Poly1305_128_aead_encrypt
+```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt
 ```
-```{doxygenfunction} Hacl_Chacha20Poly1305_128_aead_decrypt
+```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt
 ```
 ````
 ````{group-tab} 256
-```{doxygenfunction} Hacl_Chacha20Poly1305_256_aead_encrypt
+```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt
 ```
-```{doxygenfunction} Hacl_Chacha20Poly1305_256_aead_decrypt
+```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt
 ```
 ````
 `````
diff --git a/docs/reference/hacl/hash/blake2/blake2b.md b/docs/reference/hacl/hash/blake2/blake2b.md
index e727c883..03e03300 100644
--- a/docs/reference/hacl/hash/blake2/blake2b.md
+++ b/docs/reference/hacl/hash/blake2/blake2b.md
@@ -12,12 +12,12 @@ It also has a build-in keying mechanism so that it can be used to replace HMAC-b
 `````{tabs}
 ````{group-tab} 32
 ```C
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2b.h"
 ```
 ````
 ````{group-tab} 256
 ```C
-#include "Hacl_Hash_Blake2b_256.h"
+#include "Hacl_Hash_Blake2b_Simd256.h"
 ```
 ````
 `````
@@ -47,11 +47,11 @@ It also has a build-in keying mechanism so that it can be used to replace HMAC-b
 
 `````{tabs}
 ````{group-tab} 32
-```{doxygenfunction} Hacl_Blake2b_32_blake2b
+```{doxygenfunction} Hacl_Hash_Blake2b_hash_with_key
 ```
 ````
 ````{group-tab} 256
-```{doxygenfunction} Hacl_Blake2b_256_blake2b
+```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_hash_with_key
 ```
 ````
 `````
@@ -63,12 +63,12 @@ It also has a build-in keying mechanism so that it can be used to replace HMAC-b
 `````{tabs}
 ````{group-tab} 32
 ```C
-#include "Hacl_Streaming_Blake2.h"
+#include "Hacl_Hash_Blake2b.h"
 ```
 ````
 ````{group-tab} 256
 ```C
-#include "Hacl_Streaming_Blake2b_256.h"
+#include "Hacl_Hash_Blake2b_Simd256.h"
 ```
 ````
 `````
@@ -98,31 +98,31 @@ It also has a build-in keying mechanism so that it can be used to replace HMAC-b
 
 `````{tabs}
 ````{group-tab} 32
-```{doxygentypedef} Hacl_Streaming_Blake2_blake2b_32_state
+```{doxygentypedef} Hacl_Hash_Blake2b_state_t
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_create_in
+```{doxygenfunction} Hacl_Hash_Blake2b_malloc
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_init
+```{doxygenfunction} Hacl_Hash_Blake2b_update
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_update
+```{doxygenfunction} Hacl_Hash_Blake2b_digest
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_finish
+```{doxygenfunction} Hacl_Hash_Blake2b_reset
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_free
+```{doxygenfunction} Hacl_Hash_Blake2b_free
 ```
 ````
 ````{group-tab} 256
-```{doxygentypedef} Hacl_Streaming_Blake2b_256_blake2b_256_state
+```{doxygentypedef} Hacl_Hash_Blake2b_Simd256_state_t
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in
+```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_malloc
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init
+```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_update
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update
+```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_digest
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish
+```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_reset
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free
+```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_free
 ```
 ````
 `````
diff --git a/docs/reference/hacl/hash/blake2/blake2s.md b/docs/reference/hacl/hash/blake2/blake2s.md
index c960a683..e234bd6f 100644
--- a/docs/reference/hacl/hash/blake2/blake2s.md
+++ b/docs/reference/hacl/hash/blake2/blake2s.md
@@ -11,12 +11,12 @@ BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size
 `````{tabs}
 ````{group-tab} 32
 ```C
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2s.h"
 ```
 ````
 ````{group-tab} 128
 ```C
-#include "Hacl_Hash_Blake2s_128.h"
+#include "Hacl_Hash_Blake2s_Simd128.h"
 ```
 ````
 `````
@@ -46,11 +46,11 @@ BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size
 
 `````{tabs}
 ````{group-tab} 32
-```{doxygenfunction} Hacl_Blake2s_32_blake2s
+```{doxygenfunction} Hacl_Hash_Blake2s_hash_with_key
 ```
 ````
 ````{group-tab} 128
-```{doxygenfunction} Hacl_Blake2s_128_blake2s
+```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_hash_with_key
 ```
 ````
 `````
@@ -62,12 +62,12 @@ BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size
 `````{tabs}
 ````{group-tab} 32
 ```C
-#include "Hacl_Streaming_Blake2.h"
+#include "Hacl_Hash_Blake2.h"
 ```
 ````
 ````{group-tab} 128
 ```C
-#include "Hacl_Streaming_Blake2s_128.h"
+#include "Hacl_Hash_Blake2s_Simd128.h"
 ```
 ````
 `````
@@ -97,31 +97,31 @@ BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size
 
 `````{tabs}
 ````{group-tab} 32
-```{doxygentypedef} Hacl_Streaming_Blake2_blake2s_32_state
+```{doxygentypedef} Hacl_Hash_Blake2s_state_t
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_create_in
+```{doxygenfunction} Hacl_Hash_Blake2s_malloc
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_init
+```{doxygenfunction} Hacl_Hash_Blake2s_update
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_update
+```{doxygenfunction} Hacl_Hash_Blake2s_digest
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_finish
+```{doxygenfunction} Hacl_Hash_Blake2s_reset
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_free
+```{doxygenfunction} Hacl_Hash_Blake2s_free
 ```
 ````
 ````{group-tab} 128
-```{doxygentypedef} Hacl_Streaming_Blake2s_128_blake2s_128_state
+```{doxygentypedef} Hacl_Hash_Blake2s_Simd128_state_t
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in
+```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_malloc
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init
+```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_update
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update
+```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_digest
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish
+```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_reset
 ```
-```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free
+```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_free
 ```
 ````
 `````
diff --git a/docs/reference/hacl/hash/index.md b/docs/reference/hacl/hash/index.md
index a0910450..1d5260e0 100644
--- a/docs/reference/hacl/hash/index.md
+++ b/docs/reference/hacl/hash/index.md
@@ -13,15 +13,15 @@ If you want to hash a complete messages, i.e., can provide a slice of memory tha
 If you need to provide a message chunk-by-chunk, e.g., because you read the message from network or similar, it could be more appropriate to use the streaming API.
 
 The streaming API has roughly three phases: init, update, and finish.
-Typically, you create a state element by using `init`, call `update` as often as needed, and then call `finish` to obtain the final digest.
+Typically, you create a state element by using `malloc`, call `update` as often as needed, and then call `digest` to obtain the final digest.
 Finally, you `free` the state element.
 
 **Streaming API (with intermediate digests)**
 
-It is also possible to obtain all intermediate digests by calling `finish` more than once.
-You can call `update("Hello, ")`, and `finish` to obtain the hash of `"Hello, "`.
-Then you can call `update("World!")`, and `finish` *again* to obtain the hash of `"Hello, World!"`.
-You only need to call `init` and `free` once to obtain both digests.
+It is also possible to obtain all intermediate digests by calling `digest` more than once.
+You can call `update("Hello, ")`, and `digest` to obtain the hash of `"Hello, "`.
+Then you can call `update("World!")`, and `digest` *again* to obtain the hash of `"Hello, World!"`.
+You only need to call `malloc` and `free` once to obtain both digests.
 
 ```{toctree}
 :caption: "Algorithms"
diff --git a/docs/reference/hacl/hash/sha1.md b/docs/reference/hacl/hash/sha1.md
index 64fef04f..7889d30d 100644
--- a/docs/reference/hacl/hash/sha1.md
+++ b/docs/reference/hacl/hash/sha1.md
@@ -24,7 +24,7 @@ SHA-1 is insecure. Please avoid or ask your cryptographer of trust for permissio
 :end-before: "// END OneShot"
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA1_legacy_hash
+```{doxygenfunction} Hacl_Hash_SHA1_hash
 ```
 
 ### Streaming
@@ -52,20 +52,20 @@ SHA-1 is insecure. Please avoid or ask your cryptographer of trust for permissio
 :end-before: "// ANCHOR_END(streaming)"
 ```
 
-```{doxygentypedef} Hacl_Streaming_SHA1_state
+```{doxygentypedef} Hacl_Hash_SHA1_state_t
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA1_legacy_create_in
+```{doxygenfunction} Hacl_Hash_SHA1_malloc
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA1_legacy_init
+```{doxygenfunction} Hacl_Hash_SHA1_update
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA1_legacy_update
+```{doxygenfunction} Hacl_Hash_SHA1_digest
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA1_legacy_finish
+```{doxygenfunction} Hacl_Hash_SHA1_reset
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA1_legacy_free
+```{doxygenfunction} Hacl_Hash_SHA1_free
 ```
diff --git a/docs/reference/hacl/hash/sha2.md b/docs/reference/hacl/hash/sha2.md
index 55702c64..990db76e 100644
--- a/docs/reference/hacl/hash/sha2.md
+++ b/docs/reference/hacl/hash/sha2.md
@@ -86,26 +86,26 @@ it is sometimes called `SHA2-256` to avoid confusion with SHA-1 and SHA-3.
 
 **Init**
 
-```{doxygentypedef} Hacl_Streaming_SHA2_state_sha2_224
+```{doxygentypedef} Hacl_Hash_SHA2_state_t_224
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA2_create_in_224
-```
-
-```{doxygenfunction} Hacl_Streaming_SHA2_init_224
+```{doxygenfunction} Hacl_Hash_SHA2_malloc_224
 ```
 
 **Update**
 
-```{doxygenfunction} Hacl_Streaming_SHA2_update_224
+```{doxygenfunction} Hacl_Hash_SHA2_update_224
 ```
 
 **Finish**
 
-```{doxygenfunction} Hacl_Streaming_SHA2_finish_224
+```{doxygenfunction} Hacl_Hash_SHA2_digest_224
+```
+
+```{doxygenfunction} Hacl_Hash_SHA2_reset_224
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA2_free_224
+```{doxygenfunction} Hacl_Hash_SHA2_free_224
 ```
 ````
 
@@ -113,26 +113,26 @@ it is sometimes called `SHA2-256` to avoid confusion with SHA-1 and SHA-3.
 
 **Init**
 
-```{doxygentypedef} Hacl_Streaming_SHA2_state_sha2_256
+```{doxygentypedef} Hacl_Hash_SHA2_state_t_256
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA2_create_in_256
-```
-
-```{doxygenfunction} Hacl_Streaming_SHA2_init_256
+```{doxygenfunction} Hacl_Hash_SHA2_malloc_256
 ```
 
 **Update**
 
-```{doxygenfunction} Hacl_Streaming_SHA2_update_256
+```{doxygenfunction} Hacl_Hash_SHA2_update_256
 ```
 
 **Finish**
 
-```{doxygenfunction} Hacl_Streaming_SHA2_finish_256
+```{doxygenfunction} Hacl_Hash_SHA2_digest_256
+```
+
+```{doxygenfunction} Hacl_Hash_SHA2_reset_256
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA2_free_256
+```{doxygenfunction} Hacl_Hash_SHA2_free_256
 ```
 ````
 
@@ -140,26 +140,26 @@ it is sometimes called `SHA2-256` to avoid confusion with SHA-1 and SHA-3.
 
 **Init**
 
-```{doxygentypedef} Hacl_Streaming_SHA2_state_sha2_384
+```{doxygentypedef} Hacl_Hash_SHA2_state_t_384
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA2_create_in_384
-```
-
-```{doxygenfunction} Hacl_Streaming_SHA2_init_384
+```{doxygenfunction} Hacl_Hash_SHA2_malloc_384
 ```
 
 **Update**
 
-```{doxygenfunction} Hacl_Streaming_SHA2_update_384
+```{doxygenfunction} Hacl_Hash_SHA2_update_384
 ```
 
 **Finish**
 
-```{doxygenfunction} Hacl_Streaming_SHA2_finish_384
+```{doxygenfunction} Hacl_Hash_SHA2_digest_384
+```
+
+```{doxygenfunction} Hacl_Hash_SHA2_reset_384
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA2_free_384
+```{doxygenfunction} Hacl_Hash_SHA2_free_384
 ```
 ````
 
@@ -168,26 +168,26 @@ it is sometimes called `SHA2-256` to avoid confusion with SHA-1 and SHA-3.
 
 **Init**
 
-```{doxygentypedef} Hacl_Streaming_SHA2_state_sha2_512
+```{doxygentypedef} Hacl_Hash_SHA2_state_t_512
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA2_create_in_512
-```
-
-```{doxygenfunction} Hacl_Streaming_SHA2_init_512
+```{doxygenfunction} Hacl_Hash_SHA2_malloc_512
 ```
 
 **Update**
 
-```{doxygenfunction} Hacl_Streaming_SHA2_update_512
+```{doxygenfunction} Hacl_Hash_SHA2_update_512
 ```
 
 **Finish**
 
-```{doxygenfunction} Hacl_Streaming_SHA2_finish_512
+```{doxygenfunction} Hacl_Hash_SHA2_digest_512
+```
+
+```{doxygenfunction} Hacl_Hash_SHA2_reset_512
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA2_free_512
+```{doxygenfunction} Hacl_Hash_SHA2_free_512
 ```
 ````
 `````
diff --git a/docs/reference/hacl/hash/sha3.md b/docs/reference/hacl/hash/sha3.md
index 9fae5bb4..1bbe5e3e 100644
--- a/docs/reference/hacl/hash/sha3.md
+++ b/docs/reference/hacl/hash/sha3.md
@@ -34,22 +34,22 @@ SHAKE128 and SHAKE256 have a 128- or 256-bit security strength and can produce a
 
 `````{tabs}
 ````{tab} 28 byte digest
-```{doxygenfunction} Hacl_SHA3_sha3_224
+```{doxygenfunction} Hacl_Hash_SHA3_sha3_224
 ```
 ````
 
 ````{tab} 32 byte digest
-```{doxygenfunction} Hacl_SHA3_sha3_256
+```{doxygenfunction} Hacl_Hash_SHA3_sha3_256
 ```
 ````
 
 ````{tab} 48 byte digest
-```{doxygenfunction} Hacl_SHA3_sha3_384
+```{doxygenfunction} Hacl_Hash_SHA3_sha3_384
 ```
 ````
 
 ````{tab} 64 byte digest
-```{doxygenfunction} Hacl_SHA3_sha3_512
+```{doxygenfunction} Hacl_Hash_SHA3_sha3_512
 ```
 ````
 `````
@@ -79,22 +79,22 @@ SHAKE128 and SHAKE256 have a 128- or 256-bit security strength and can produce a
 :end-before: "// ANCHOR_END(streaming)"
 ```
 
-```{doxygentypedef} Hacl_Streaming_SHA3_state_256
+```{doxygentypedef} Hacl_Hash_SHA3_state_t
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA3_create_in_256
+```{doxygenfunction} Hacl_Hash_SHA3_malloc
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA3_init_256
+```{doxygenfunction} Hacl_Hash_SHA3_update
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA3_update_256
+```{doxygenfunction} Hacl_Hash_SHA3_digest
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA3_finish_256
+```{doxygenfunction} Hacl_Hash_SHA3_reset
 ```
 
-```{doxygenfunction} Hacl_Streaming_SHA3_free_256
+```{doxygenfunction} Hacl_Hash_SHA3_free
 ```
 
 ## SHAKE
@@ -114,12 +114,12 @@ SHAKE128 and SHAKE256 have a 128- or 256-bit security strength and can produce a
 
 `````{tabs}
 ````{tab} 128-bit security strength
-```{doxygenfunction} Hacl_SHA3_shake128_hacl
+```{doxygenfunction} Hacl_Hash_SHA3_shake128_hacl
 ```
 ````
 
 ````{tab} 256-bit security strength
-```{doxygenfunction} Hacl_SHA3_shake256_hacl
+```{doxygenfunction} Hacl_Hash_SHA3_shake256_hacl
 ```
 ````
 `````
diff --git a/include/EverCrypt_Chacha20Poly1305.h b/include/EverCrypt_Chacha20Poly1305.h
index c3eb2655..bd59e48b 100644
--- a/include/EverCrypt_Chacha20Poly1305.h
+++ b/include/EverCrypt_Chacha20Poly1305.h
@@ -35,9 +35,9 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Hacl_Chacha20Poly1305_32.h"
-#include "Hacl_Chacha20Poly1305_256.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 #include "EverCrypt_AutoConfig2.h"
 
 void
diff --git a/include/EverCrypt_HMAC.h b/include/EverCrypt_HMAC.h
index 6c64a37f..7d1da14d 100644
--- a/include/EverCrypt_HMAC.h
+++ b/include/EverCrypt_HMAC.h
@@ -38,13 +38,14 @@ extern "C" {
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_Krmllib.h"
 #include "Hacl_Hash_SHA2.h"
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2s.h"
+#include "Hacl_Hash_Blake2b.h"
 
 bool EverCrypt_HMAC_is_supported_alg(Spec_Hash_Definitions_hash_alg uu___);
 
 typedef Spec_Hash_Definitions_hash_alg EverCrypt_HMAC_supported_alg;
 
-extern void (*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint32_t x1, uint8_t *x2);
+extern void (*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint8_t *x1, uint32_t x2);
 
 void
 EverCrypt_HMAC_compute(
diff --git a/include/EverCrypt_Hash.h b/include/EverCrypt_Hash.h
index 6791dc27..b35dcf5f 100644
--- a/include/EverCrypt_Hash.h
+++ b/include/EverCrypt_Hash.h
@@ -39,9 +39,10 @@ extern "C" {
 #include "Hacl_Krmllib.h"
 #include "Hacl_Hash_SHA3.h"
 #include "Hacl_Hash_SHA2.h"
-#include "Hacl_Hash_Blake2s_128.h"
-#include "Hacl_Hash_Blake2b_256.h"
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2s_Simd128.h"
+#include "Hacl_Hash_Blake2s.h"
+#include "Hacl_Hash_Blake2b_Simd256.h"
+#include "Hacl_Hash_Blake2b.h"
 #include "EverCrypt_Error.h"
 #include "EverCrypt_AutoConfig2.h"
 
@@ -49,13 +50,13 @@ typedef struct EverCrypt_Hash_state_s_s EverCrypt_Hash_state_s;
 
 uint32_t EverCrypt_Hash_Incremental_hash_len(Spec_Hash_Definitions_hash_alg a);
 
-typedef struct EverCrypt_Hash_Incremental_hash_state_s
+typedef struct EverCrypt_Hash_Incremental_state_t_s
 {
   EverCrypt_Hash_state_s *block_state;
   uint8_t *buf;
   uint64_t total_len;
 }
-EverCrypt_Hash_Incremental_hash_state;
+EverCrypt_Hash_Incremental_state_t;
 
 /**
 Allocate initial state for the agile hash. The argument `a` stands for the
@@ -63,13 +64,13 @@ choice of algorithm (see Hacl_Spec.h). This API will automatically pick the most
 efficient implementation, provided you have called EverCrypt_AutoConfig2_init()
 before. The state is to be freed by calling `free`.
 */
-EverCrypt_Hash_Incremental_hash_state
-*EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_hash_alg a);
+EverCrypt_Hash_Incremental_state_t
+*EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_hash_alg a);
 
 /**
 Reset an existing state to the initial hash state with empty data.
 */
-void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s);
+void EverCrypt_Hash_Incremental_reset(EverCrypt_Hash_Incremental_state_t *state);
 
 /**
 Feed an arbitrary amount of data into the hash. This function returns
@@ -80,34 +81,35 @@ algorithm. Both limits are unlikely to be attained in practice.
 */
 EverCrypt_Error_error_code
 EverCrypt_Hash_Incremental_update(
-  EverCrypt_Hash_Incremental_hash_state *s,
-  uint8_t *data,
-  uint32_t len
+  EverCrypt_Hash_Incremental_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
 );
 
 /**
 Perform a run-time test to determine which algorithm was chosen for the given piece of state.
 */
 Spec_Hash_Definitions_hash_alg
-EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s);
+EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_state_t *s);
 
 /**
-Write the resulting hash into `dst`, an array whose length is
+Write the resulting hash into `output`, an array whose length is
 algorithm-specific. You can use the macros defined earlier in this file to
 allocate a destination buffer of the right length. The state remains valid after
-a call to `finish`, meaning the user may feed more data into the hash via
+a call to `digest`, meaning the user may feed more data into the hash via
 `update`. (The finish function operates on an internal copy of the state and
 therefore does not invalidate the client-held state.)
 */
-void EverCrypt_Hash_Incremental_finish(EverCrypt_Hash_Incremental_hash_state *s, uint8_t *dst);
+void
+EverCrypt_Hash_Incremental_digest(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output);
 
 /**
 Free a state previously allocated with `create_in`.
 */
-void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_hash_state *s);
+void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_state_t *state);
 
 /**
-Hash `input`, of len `len`, into `dst`, an array whose length is determined by
+Hash `input`, of len `input_len`, into `output`, an array whose length is determined by
 your choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined
 earlier in this file to allocate a destination buffer of the right length. This
 API will automatically pick the most efficient implementation, provided you have
@@ -116,34 +118,34 @@ called EverCrypt_AutoConfig2_init() before.
 void
 EverCrypt_Hash_Incremental_hash(
   Spec_Hash_Definitions_hash_alg a,
-  uint8_t *dst,
+  uint8_t *output,
   uint8_t *input,
-  uint32_t len
+  uint32_t input_len
 );
 
-#define MD5_HASH_LEN ((uint32_t)16U)
+#define MD5_HASH_LEN (16U)
 
-#define SHA1_HASH_LEN ((uint32_t)20U)
+#define SHA1_HASH_LEN (20U)
 
-#define SHA2_224_HASH_LEN ((uint32_t)28U)
+#define SHA2_224_HASH_LEN (28U)
 
-#define SHA2_256_HASH_LEN ((uint32_t)32U)
+#define SHA2_256_HASH_LEN (32U)
 
-#define SHA2_384_HASH_LEN ((uint32_t)48U)
+#define SHA2_384_HASH_LEN (48U)
 
-#define SHA2_512_HASH_LEN ((uint32_t)64U)
+#define SHA2_512_HASH_LEN (64U)
 
-#define SHA3_224_HASH_LEN ((uint32_t)28U)
+#define SHA3_224_HASH_LEN (28U)
 
-#define SHA3_256_HASH_LEN ((uint32_t)32U)
+#define SHA3_256_HASH_LEN (32U)
 
-#define SHA3_384_HASH_LEN ((uint32_t)48U)
+#define SHA3_384_HASH_LEN (48U)
 
-#define SHA3_512_HASH_LEN ((uint32_t)64U)
+#define SHA3_512_HASH_LEN (64U)
 
-#define BLAKE2S_HASH_LEN ((uint32_t)32U)
+#define BLAKE2S_HASH_LEN (32U)
 
-#define BLAKE2B_HASH_LEN ((uint32_t)64U)
+#define BLAKE2B_HASH_LEN (64U)
 
 #if defined(__cplusplus)
 }
diff --git a/include/EverCrypt_Poly1305.h b/include/EverCrypt_Poly1305.h
index 62c00764..fba04059 100644
--- a/include/EverCrypt_Poly1305.h
+++ b/include/EverCrypt_Poly1305.h
@@ -35,12 +35,12 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Hacl_Poly1305_32.h"
-#include "Hacl_Poly1305_256.h"
-#include "Hacl_Poly1305_128.h"
+#include "Hacl_MAC_Poly1305_Simd256.h"
+#include "Hacl_MAC_Poly1305_Simd128.h"
+#include "Hacl_MAC_Poly1305.h"
 #include "EverCrypt_AutoConfig2.h"
 
-void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key);
+void EverCrypt_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key);
 
 #if defined(__cplusplus)
 }
diff --git a/include/Hacl_AEAD_Chacha20Poly1305.h b/include/Hacl_AEAD_Chacha20Poly1305.h
new file mode 100644
index 00000000..2a8daa75
--- /dev/null
+++ b/include/Hacl_AEAD_Chacha20Poly1305.h
@@ -0,0 +1,104 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_AEAD_Chacha20Poly1305_H
+#define __Hacl_AEAD_Chacha20Poly1305_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Chacha20.h"
+
+/**
+Encrypt a message `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+*/
+void
+Hacl_AEAD_Chacha20Poly1305_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
+);
+
+/**
+Decrypt a ciphertext `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `output` and `input` can point to the same memory.
+
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
+
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
+
+@returns 0 on succeess; 1 on failure.
+*/
+uint32_t
+Hacl_AEAD_Chacha20Poly1305_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_AEAD_Chacha20Poly1305_H_DEFINED
+#endif
diff --git a/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h b/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h
new file mode 100644
index 00000000..de26c907
--- /dev/null
+++ b/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h
@@ -0,0 +1,104 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_AEAD_Chacha20Poly1305_Simd128_H
+#define __Hacl_AEAD_Chacha20Poly1305_Simd128_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Chacha20_Vec128.h"
+
+/**
+Encrypt a message `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+*/
+void
+Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
+);
+
+/**
+Decrypt a ciphertext `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
+
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
+
+@returns 0 on succeess; 1 on failure.
+*/
+uint32_t
+Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_AEAD_Chacha20Poly1305_Simd128_H_DEFINED
+#endif
diff --git a/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h b/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h
new file mode 100644
index 00000000..0abcdc59
--- /dev/null
+++ b/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h
@@ -0,0 +1,104 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_AEAD_Chacha20Poly1305_Simd256_H
+#define __Hacl_AEAD_Chacha20Poly1305_Simd256_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Chacha20_Vec256.h"
+
+/**
+Encrypt a message `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+*/
+void
+Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
+);
+
+/**
+Decrypt a ciphertext `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
+
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
+
+@returns 0 on succeess; 1 on failure.
+*/
+uint32_t
+Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_AEAD_Chacha20Poly1305_Simd256_H_DEFINED
+#endif
diff --git a/include/Hacl_Chacha20Poly1305_128.h b/include/Hacl_Chacha20Poly1305_128.h
deleted file mode 100644
index 630fab93..00000000
--- a/include/Hacl_Chacha20Poly1305_128.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Chacha20Poly1305_128_H
-#define __Hacl_Chacha20Poly1305_128_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Poly1305_128.h"
-#include "Hacl_Chacha20_Vec128.h"
-
-/**
-Encrypt a message `m` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
-*/
-void
-Hacl_Chacha20Poly1305_128_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-/**
-Decrypt a ciphertext `cipher` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
-
-@returns 0 on succeess; 1 on failure.
-*/
-uint32_t
-Hacl_Chacha20Poly1305_128_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Chacha20Poly1305_128_H_DEFINED
-#endif
diff --git a/include/Hacl_Chacha20Poly1305_256.h b/include/Hacl_Chacha20Poly1305_256.h
deleted file mode 100644
index ff0f2e60..00000000
--- a/include/Hacl_Chacha20Poly1305_256.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Chacha20Poly1305_256_H
-#define __Hacl_Chacha20Poly1305_256_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Poly1305_256.h"
-#include "Hacl_Chacha20_Vec256.h"
-
-/**
-Encrypt a message `m` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
-*/
-void
-Hacl_Chacha20Poly1305_256_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-/**
-Decrypt a ciphertext `cipher` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
-
-@returns 0 on succeess; 1 on failure.
-*/
-uint32_t
-Hacl_Chacha20Poly1305_256_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Chacha20Poly1305_256_H_DEFINED
-#endif
diff --git a/include/Hacl_Chacha20Poly1305_32.h b/include/Hacl_Chacha20Poly1305_32.h
deleted file mode 100644
index 624e29fb..00000000
--- a/include/Hacl_Chacha20Poly1305_32.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Chacha20Poly1305_32_H
-#define __Hacl_Chacha20Poly1305_32_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Poly1305_32.h"
-#include "Hacl_Chacha20.h"
-
-/**
-Encrypt a message `m` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
-*/
-void
-Hacl_Chacha20Poly1305_32_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-/**
-Decrypt a ciphertext `cipher` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
-
-@returns 0 on succeess; 1 on failure.
-*/
-uint32_t
-Hacl_Chacha20Poly1305_32_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Chacha20Poly1305_32_H_DEFINED
-#endif
diff --git a/include/Hacl_HMAC.h b/include/Hacl_HMAC.h
index 84dbedf5..e1dc04f2 100644
--- a/include/Hacl_HMAC.h
+++ b/include/Hacl_HMAC.h
@@ -37,7 +37,8 @@ extern "C" {
 
 #include "Hacl_Krmllib.h"
 #include "Hacl_Hash_SHA2.h"
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2s.h"
+#include "Hacl_Hash_Blake2b.h"
 
 /**
 Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.
@@ -46,7 +47,7 @@ The key can be any length and will be hashed if it is longer and padded if it is
 `dst` must point to 20 bytes of memory.
 */
 void
-Hacl_HMAC_legacy_compute_sha1(
+Hacl_HMAC_compute_sha1(
   uint8_t *dst,
   uint8_t *key,
   uint32_t key_len,
diff --git a/include/Hacl_HMAC_Blake2b_256.h b/include/Hacl_HMAC_Blake2b_256.h
index e94ba05f..d8f3e9e1 100644
--- a/include/Hacl_HMAC_Blake2b_256.h
+++ b/include/Hacl_HMAC_Blake2b_256.h
@@ -36,7 +36,7 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Krmllib.h"
-#include "Hacl_Hash_Blake2b_256.h"
+#include "Hacl_Hash_Blake2b_Simd256.h"
 
 /**
 Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.
diff --git a/include/Hacl_HMAC_Blake2s_128.h b/include/Hacl_HMAC_Blake2s_128.h
index 7f20343e..5ff79038 100644
--- a/include/Hacl_HMAC_Blake2s_128.h
+++ b/include/Hacl_HMAC_Blake2s_128.h
@@ -35,7 +35,7 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Hacl_Hash_Blake2s_128.h"
+#include "Hacl_Hash_Blake2s_Simd128.h"
 
 /**
 Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.
diff --git a/include/Hacl_HPKE_Curve51_CP128_SHA256.h b/include/Hacl_HPKE_Curve51_CP128_SHA256.h
index a768df6b..a46db470 100644
--- a/include/Hacl_HPKE_Curve51_CP128_SHA256.h
+++ b/include/Hacl_HPKE_Curve51_CP128_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP128_SHA256_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve51_CP128_SHA512.h b/include/Hacl_HPKE_Curve51_CP128_SHA512.h
index a4388707..89091754 100644
--- a/include/Hacl_HPKE_Curve51_CP128_SHA512.h
+++ b/include/Hacl_HPKE_Curve51_CP128_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP128_SHA512_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve51_CP256_SHA256.h b/include/Hacl_HPKE_Curve51_CP256_SHA256.h
index 37b26f6a..83ba2adb 100644
--- a/include/Hacl_HPKE_Curve51_CP256_SHA256.h
+++ b/include/Hacl_HPKE_Curve51_CP256_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP256_SHA256_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve51_CP256_SHA512.h b/include/Hacl_HPKE_Curve51_CP256_SHA512.h
index f7240a95..1a796ab7 100644
--- a/include/Hacl_HPKE_Curve51_CP256_SHA512.h
+++ b/include/Hacl_HPKE_Curve51_CP256_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP256_SHA512_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve51_CP32_SHA256.h b/include/Hacl_HPKE_Curve51_CP32_SHA256.h
index e48242e6..d249ba05 100644
--- a/include/Hacl_HPKE_Curve51_CP32_SHA256.h
+++ b/include/Hacl_HPKE_Curve51_CP32_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP32_SHA256_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve51_CP32_SHA512.h b/include/Hacl_HPKE_Curve51_CP32_SHA512.h
index 057f8769..ddc00da3 100644
--- a/include/Hacl_HPKE_Curve51_CP32_SHA512.h
+++ b/include/Hacl_HPKE_Curve51_CP32_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP32_SHA512_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve64_CP128_SHA256.h b/include/Hacl_HPKE_Curve64_CP128_SHA256.h
index 1694a123..fda63e52 100644
--- a/include/Hacl_HPKE_Curve64_CP128_SHA256.h
+++ b/include/Hacl_HPKE_Curve64_CP128_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP128_SHA256_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve64_CP128_SHA512.h b/include/Hacl_HPKE_Curve64_CP128_SHA512.h
index 23f52f25..c8b06ca8 100644
--- a/include/Hacl_HPKE_Curve64_CP128_SHA512.h
+++ b/include/Hacl_HPKE_Curve64_CP128_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP128_SHA512_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve64_CP256_SHA256.h b/include/Hacl_HPKE_Curve64_CP256_SHA256.h
index 33d471bc..2da8dbcf 100644
--- a/include/Hacl_HPKE_Curve64_CP256_SHA256.h
+++ b/include/Hacl_HPKE_Curve64_CP256_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP256_SHA256_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve64_CP256_SHA512.h b/include/Hacl_HPKE_Curve64_CP256_SHA512.h
index d59c1ee4..87d919e1 100644
--- a/include/Hacl_HPKE_Curve64_CP256_SHA512.h
+++ b/include/Hacl_HPKE_Curve64_CP256_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP256_SHA512_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve64_CP32_SHA256.h b/include/Hacl_HPKE_Curve64_CP32_SHA256.h
index 5aaa07e1..bd4b9b59 100644
--- a/include/Hacl_HPKE_Curve64_CP32_SHA256.h
+++ b/include/Hacl_HPKE_Curve64_CP32_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP32_SHA256_setupBaseS(
diff --git a/include/Hacl_HPKE_Curve64_CP32_SHA512.h b/include/Hacl_HPKE_Curve64_CP32_SHA512.h
index 594000f2..0d2bb8f0 100644
--- a/include/Hacl_HPKE_Curve64_CP32_SHA512.h
+++ b/include/Hacl_HPKE_Curve64_CP32_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP32_SHA512_setupBaseS(
diff --git a/include/Hacl_HPKE_P256_CP128_SHA256.h b/include/Hacl_HPKE_P256_CP128_SHA256.h
index 613fef83..c76a100d 100644
--- a/include/Hacl_HPKE_P256_CP128_SHA256.h
+++ b/include/Hacl_HPKE_P256_CP128_SHA256.h
@@ -37,7 +37,7 @@ extern "C" {
 
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_P256_CP128_SHA256_setupBaseS(
diff --git a/include/Hacl_HPKE_P256_CP256_SHA256.h b/include/Hacl_HPKE_P256_CP256_SHA256.h
index 6e74b1db..4a33eb8a 100644
--- a/include/Hacl_HPKE_P256_CP256_SHA256.h
+++ b/include/Hacl_HPKE_P256_CP256_SHA256.h
@@ -37,7 +37,7 @@ extern "C" {
 
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_P256_CP256_SHA256_setupBaseS(
diff --git a/include/Hacl_HPKE_P256_CP32_SHA256.h b/include/Hacl_HPKE_P256_CP32_SHA256.h
index 1f8679d4..2818abed 100644
--- a/include/Hacl_HPKE_P256_CP32_SHA256.h
+++ b/include/Hacl_HPKE_P256_CP32_SHA256.h
@@ -37,7 +37,7 @@ extern "C" {
 
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_P256_CP32_SHA256_setupBaseS(
diff --git a/include/Hacl_Hash_Blake2.h b/include/Hacl_Hash_Blake2.h
deleted file mode 100644
index 3ee29015..00000000
--- a/include/Hacl_Hash_Blake2.h
+++ /dev/null
@@ -1,155 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Hash_Blake2_H
-#define __Hacl_Hash_Blake2_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Krmllib.h"
-
-void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn);
-
-void
-Hacl_Blake2b_32_blake2b_update_key(
-  uint64_t *wv,
-  uint64_t *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-);
-
-void
-Hacl_Blake2b_32_blake2b_update_multi(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks,
-  uint32_t nb
-);
-
-void
-Hacl_Blake2b_32_blake2b_update_last(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint32_t rem,
-  uint8_t *d
-);
-
-void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash);
-
-/**
-Write the BLAKE2b digest of message `d` using key `k` into `output`.
-
-@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2b_32_blake2b(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-);
-
-uint64_t *Hacl_Blake2b_32_blake2b_malloc(void);
-
-void Hacl_Blake2s_32_blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn);
-
-void
-Hacl_Blake2s_32_blake2s_update_key(
-  uint32_t *wv,
-  uint32_t *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-);
-
-void
-Hacl_Blake2s_32_blake2s_update_multi(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint8_t *blocks,
-  uint32_t nb
-);
-
-void
-Hacl_Blake2s_32_blake2s_update_last(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint32_t rem,
-  uint8_t *d
-);
-
-void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash);
-
-/**
-Write the BLAKE2s digest of message `d` using key `k` into `output`.
-
-@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2s_32_blake2s(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-);
-
-uint32_t *Hacl_Blake2s_32_blake2s_malloc(void);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Hash_Blake2_H_DEFINED
-#endif
diff --git a/include/Hacl_Streaming_Blake2b_256.h b/include/Hacl_Hash_Blake2b.h
similarity index 56%
rename from include/Hacl_Streaming_Blake2b_256.h
rename to include/Hacl_Hash_Blake2b.h
index 20e42d7c..414574f9 100644
--- a/include/Hacl_Streaming_Blake2b_256.h
+++ b/include/Hacl_Hash_Blake2b.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Blake2b_256_H
-#define __Hacl_Streaming_Blake2b_256_H
+#ifndef __Hacl_Hash_Blake2b_H
+#define __Hacl_Hash_Blake2b_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -37,67 +37,71 @@ extern "C" {
 
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_Krmllib.h"
-#include "Hacl_Hash_Blake2b_256.h"
 
-typedef struct Hacl_Streaming_Blake2b_256_blake2b_256_block_state_s
+typedef struct Hacl_Hash_Blake2b_block_state_t_s
 {
-  Lib_IntVector_Intrinsics_vec256 *fst;
-  Lib_IntVector_Intrinsics_vec256 *snd;
+  uint64_t *fst;
+  uint64_t *snd;
 }
-Hacl_Streaming_Blake2b_256_blake2b_256_block_state;
+Hacl_Hash_Blake2b_block_state_t;
 
-typedef struct Hacl_Streaming_Blake2b_256_blake2b_256_state_s
+typedef struct Hacl_Hash_Blake2b_state_t_s
 {
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state;
+  Hacl_Hash_Blake2b_block_state_t block_state;
   uint8_t *buf;
   uint64_t total_len;
 }
-Hacl_Streaming_Blake2b_256_blake2b_256_state;
+Hacl_Hash_Blake2b_state_t;
 
 /**
   State allocation function when there is no key
 */
-Hacl_Streaming_Blake2b_256_blake2b_256_state
-*Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in(void);
+Hacl_Hash_Blake2b_state_t *Hacl_Hash_Blake2b_malloc(void);
 
 /**
-  (Re-)initialization function when there is no key
+  Re-initialization function when there is no key
 */
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *s
-);
+void Hacl_Hash_Blake2b_reset(Hacl_Hash_Blake2b_state_t *state);
 
 /**
   Update function when there is no key; 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *p,
-  uint8_t *data,
-  uint32_t len
-);
+Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint32_t chunk_len);
 
 /**
   Finish function when there is no key
 */
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *p,
-  uint8_t *dst
-);
+void Hacl_Hash_Blake2b_digest(Hacl_Hash_Blake2b_state_t *state, uint8_t *output);
 
 /**
   Free state function when there is no key
 */
+void Hacl_Hash_Blake2b_free(Hacl_Hash_Blake2b_state_t *state);
+
+/**
+Write the BLAKE2b digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
 void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *s
+Hacl_Hash_Blake2b_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
 );
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Blake2b_256_H_DEFINED
+#define __Hacl_Hash_Blake2b_H_DEFINED
 #endif
diff --git a/include/Hacl_Hash_Blake2b_Simd256.h b/include/Hacl_Hash_Blake2b_Simd256.h
new file mode 100644
index 00000000..adddce66
--- /dev/null
+++ b/include/Hacl_Hash_Blake2b_Simd256.h
@@ -0,0 +1,113 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_Hash_Blake2b_Simd256_H
+#define __Hacl_Hash_Blake2b_Simd256_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Streaming_Types.h"
+#include "Hacl_Krmllib.h"
+#include "libintvector.h"
+
+typedef struct Hacl_Hash_Blake2b_Simd256_block_state_t_s
+{
+  Lib_IntVector_Intrinsics_vec256 *fst;
+  Lib_IntVector_Intrinsics_vec256 *snd;
+}
+Hacl_Hash_Blake2b_Simd256_block_state_t;
+
+typedef struct Hacl_Hash_Blake2b_Simd256_state_t_s
+{
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state;
+  uint8_t *buf;
+  uint64_t total_len;
+}
+Hacl_Hash_Blake2b_Simd256_state_t;
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2b_Simd256_state_t *Hacl_Hash_Blake2b_Simd256_malloc(void);
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2b_Simd256_reset(Hacl_Hash_Blake2b_Simd256_state_t *state);
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2b_Simd256_update(
+  Hacl_Hash_Blake2b_Simd256_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+);
+
+/**
+  Finish function when there is no key
+*/
+void
+Hacl_Hash_Blake2b_Simd256_digest(Hacl_Hash_Blake2b_Simd256_state_t *state, uint8_t *output);
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2b_Simd256_free(Hacl_Hash_Blake2b_Simd256_state_t *state);
+
+/**
+Write the BLAKE2b digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2b_Simd256_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_Hash_Blake2b_Simd256_H_DEFINED
+#endif
diff --git a/include/Hacl_Streaming_Blake2s_128.h b/include/Hacl_Hash_Blake2s.h
similarity index 56%
rename from include/Hacl_Streaming_Blake2s_128.h
rename to include/Hacl_Hash_Blake2s.h
index 60e209ff..2c0d7c5b 100644
--- a/include/Hacl_Streaming_Blake2s_128.h
+++ b/include/Hacl_Hash_Blake2s.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Blake2s_128_H
-#define __Hacl_Streaming_Blake2s_128_H
+#ifndef __Hacl_Hash_Blake2s_H
+#define __Hacl_Hash_Blake2s_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -36,67 +36,71 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Streaming_Types.h"
-#include "Hacl_Hash_Blake2s_128.h"
 
-typedef struct Hacl_Streaming_Blake2s_128_blake2s_128_block_state_s
+typedef struct Hacl_Hash_Blake2s_block_state_t_s
 {
-  Lib_IntVector_Intrinsics_vec128 *fst;
-  Lib_IntVector_Intrinsics_vec128 *snd;
+  uint32_t *fst;
+  uint32_t *snd;
 }
-Hacl_Streaming_Blake2s_128_blake2s_128_block_state;
+Hacl_Hash_Blake2s_block_state_t;
 
-typedef struct Hacl_Streaming_Blake2s_128_blake2s_128_state_s
+typedef struct Hacl_Hash_Blake2s_state_t_s
 {
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state;
+  Hacl_Hash_Blake2s_block_state_t block_state;
   uint8_t *buf;
   uint64_t total_len;
 }
-Hacl_Streaming_Blake2s_128_blake2s_128_state;
+Hacl_Hash_Blake2s_state_t;
 
 /**
   State allocation function when there is no key
 */
-Hacl_Streaming_Blake2s_128_blake2s_128_state
-*Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in(void);
+Hacl_Hash_Blake2s_state_t *Hacl_Hash_Blake2s_malloc(void);
 
 /**
-  (Re-)initialization function when there is no key
+  Re-initialization function when there is no key
 */
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *s
-);
+void Hacl_Hash_Blake2s_reset(Hacl_Hash_Blake2s_state_t *state);
 
 /**
   Update function when there is no key; 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *p,
-  uint8_t *data,
-  uint32_t len
-);
+Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint32_t chunk_len);
 
 /**
   Finish function when there is no key
 */
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *p,
-  uint8_t *dst
-);
+void Hacl_Hash_Blake2s_digest(Hacl_Hash_Blake2s_state_t *state, uint8_t *output);
 
 /**
   Free state function when there is no key
 */
+void Hacl_Hash_Blake2s_free(Hacl_Hash_Blake2s_state_t *state);
+
+/**
+Write the BLAKE2s digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
 void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *s
+Hacl_Hash_Blake2s_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
 );
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Blake2s_128_H_DEFINED
+#define __Hacl_Hash_Blake2s_H_DEFINED
 #endif
diff --git a/include/Hacl_Hash_Blake2s_Simd128.h b/include/Hacl_Hash_Blake2s_Simd128.h
new file mode 100644
index 00000000..6484005e
--- /dev/null
+++ b/include/Hacl_Hash_Blake2s_Simd128.h
@@ -0,0 +1,112 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_Hash_Blake2s_Simd128_H
+#define __Hacl_Hash_Blake2s_Simd128_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Streaming_Types.h"
+#include "libintvector.h"
+
+typedef struct Hacl_Hash_Blake2s_Simd128_block_state_t_s
+{
+  Lib_IntVector_Intrinsics_vec128 *fst;
+  Lib_IntVector_Intrinsics_vec128 *snd;
+}
+Hacl_Hash_Blake2s_Simd128_block_state_t;
+
+typedef struct Hacl_Hash_Blake2s_Simd128_state_t_s
+{
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state;
+  uint8_t *buf;
+  uint64_t total_len;
+}
+Hacl_Hash_Blake2s_Simd128_state_t;
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2s_Simd128_state_t *Hacl_Hash_Blake2s_Simd128_malloc(void);
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2s_Simd128_reset(Hacl_Hash_Blake2s_Simd128_state_t *state);
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2s_Simd128_update(
+  Hacl_Hash_Blake2s_Simd128_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+);
+
+/**
+  Finish function when there is no key
+*/
+void
+Hacl_Hash_Blake2s_Simd128_digest(Hacl_Hash_Blake2s_Simd128_state_t *state, uint8_t *output);
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2s_Simd128_free(Hacl_Hash_Blake2s_Simd128_state_t *state);
+
+/**
+Write the BLAKE2s digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2s_Simd128_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_Hash_Blake2s_Simd128_H_DEFINED
+#endif
diff --git a/include/Hacl_Hash_MD5.h b/include/Hacl_Hash_MD5.h
index dd4c75e0..db93d7d6 100644
--- a/include/Hacl_Hash_MD5.h
+++ b/include/Hacl_Hash_MD5.h
@@ -37,25 +37,25 @@ extern "C" {
 
 #include "Hacl_Streaming_Types.h"
 
-typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_MD5_state;
+typedef Hacl_Streaming_MD_state_32 Hacl_Hash_MD5_state_t;
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_create_in(void);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_malloc(void);
 
-void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_MD5_reset(Hacl_Streaming_MD_state_32 *state);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
+Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len);
 
-void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
+void Hacl_Hash_MD5_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
 
-void Hacl_Streaming_MD5_legacy_free(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_MD5_free(Hacl_Streaming_MD_state_32 *state);
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_state_32 *s0);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_copy(Hacl_Streaming_MD_state_32 *state);
 
-void Hacl_Streaming_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_MD5_hash(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/Hacl_Hash_SHA1.h b/include/Hacl_Hash_SHA1.h
index 2737b20f..19045440 100644
--- a/include/Hacl_Hash_SHA1.h
+++ b/include/Hacl_Hash_SHA1.h
@@ -37,25 +37,25 @@ extern "C" {
 
 #include "Hacl_Streaming_Types.h"
 
-typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA1_state;
+typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA1_state_t;
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_malloc(void);
 
-void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA1_reset(Hacl_Streaming_MD_state_32 *state);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
+Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len);
 
-void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
+void Hacl_Hash_SHA1_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
 
-void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA1_free(Hacl_Streaming_MD_state_32 *state);
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_copy(Hacl_Streaming_MD_state_32 *state);
 
-void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA1_hash(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/Hacl_Hash_SHA2.h b/include/Hacl_Hash_SHA2.h
index 8f98d878..d17eab94 100644
--- a/include/Hacl_Hash_SHA2.h
+++ b/include/Hacl_Hash_SHA2.h
@@ -38,19 +38,19 @@ extern "C" {
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_Krmllib.h"
 
-typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_224;
+typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_224;
 
-typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_256;
+typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_256;
 
-typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_384;
+typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_384;
 
-typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_512;
+typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_512;
 
 /**
 Allocate initial state for the SHA2_256 hash. The state is to be freed by
 calling `free_256`.
 */
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_256(void);
 
 /**
 Copies the state passed as argument into a newly allocated state (deep copy).
@@ -58,73 +58,73 @@ The state is to be freed by calling `free_256`. Cloning the state this way is
 useful, for instance, if your control-flow diverges and you need to feed
 more (different) data into the hash in each branch.
 */
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_copy_256(Hacl_Streaming_MD_state_32 *state);
 
 /**
 Reset an existing state to the initial hash state with empty data.
 */
-void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA2_reset_256(Hacl_Streaming_MD_state_32 *state);
 
 /**
 Feed an arbitrary amount of data into the hash. This function returns 0 for
 success, or 1 if the combined length of all of the data passed to `update_256`
-(since the last call to `init_256`) exceeds 2^61-1 bytes.
+(since the last call to `reset_256`) exceeds 2^61-1 bytes.
 
 This function is identical to the update function for SHA2_224.
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_256(
-  Hacl_Streaming_MD_state_32 *p,
+Hacl_Hash_SHA2_update_256(
+  Hacl_Streaming_MD_state_32 *state,
   uint8_t *input,
   uint32_t input_len
 );
 
 /**
-Write the resulting hash into `dst`, an array of 32 bytes. The state remains
-valid after a call to `finish_256`, meaning the user may feed more data into
-the hash via `update_256`. (The finish_256 function operates on an internal copy of
+Write the resulting hash into `output`, an array of 32 bytes. The state remains
+valid after a call to `digest_256`, meaning the user may feed more data into
+the hash via `update_256`. (The digest_256 function operates on an internal copy of
 the state and therefore does not invalidate the client-held state `p`.)
 */
-void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
+void Hacl_Hash_SHA2_digest_256(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
 
 /**
-Free a state allocated with `create_in_256`.
+Free a state allocated with `malloc_256`.
 
 This function is identical to the free function for SHA2_224.
 */
-void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA2_free_256(Hacl_Streaming_MD_state_32 *state);
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 32 bytes.
 */
-void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA2_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_224(void);
 
-void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA2_reset_224(Hacl_Streaming_MD_state_32 *state);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_224(
-  Hacl_Streaming_MD_state_32 *p,
+Hacl_Hash_SHA2_update_224(
+  Hacl_Streaming_MD_state_32 *state,
   uint8_t *input,
   uint32_t input_len
 );
 
 /**
-Write the resulting hash into `dst`, an array of 28 bytes. The state remains
-valid after a call to `finish_224`, meaning the user may feed more data into
+Write the resulting hash into `output`, an array of 28 bytes. The state remains
+valid after a call to `digest_224`, meaning the user may feed more data into
 the hash via `update_224`.
 */
-void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
+void Hacl_Hash_SHA2_digest_224(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
 
-void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p);
+void Hacl_Hash_SHA2_free_224(Hacl_Streaming_MD_state_32 *state);
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 28 bytes.
 */
-void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA2_hash_224(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void);
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_512(void);
 
 /**
 Copies the state passed as argument into a newly allocated state (deep copy).
@@ -132,68 +132,68 @@ The state is to be freed by calling `free_512`. Cloning the state this way is
 useful, for instance, if your control-flow diverges and you need to feed
 more (different) data into the hash in each branch.
 */
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0);
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_copy_512(Hacl_Streaming_MD_state_64 *state);
 
-void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s);
+void Hacl_Hash_SHA2_reset_512(Hacl_Streaming_MD_state_64 *state);
 
 /**
 Feed an arbitrary amount of data into the hash. This function returns 0 for
 success, or 1 if the combined length of all of the data passed to `update_512`
-(since the last call to `init_512`) exceeds 2^125-1 bytes.
+(since the last call to `reset_512`) exceeds 2^125-1 bytes.
 
 This function is identical to the update function for SHA2_384.
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_512(
-  Hacl_Streaming_MD_state_64 *p,
+Hacl_Hash_SHA2_update_512(
+  Hacl_Streaming_MD_state_64 *state,
   uint8_t *input,
   uint32_t input_len
 );
 
 /**
-Write the resulting hash into `dst`, an array of 64 bytes. The state remains
-valid after a call to `finish_512`, meaning the user may feed more data into
-the hash via `update_512`. (The finish_512 function operates on an internal copy of
+Write the resulting hash into `output`, an array of 64 bytes. The state remains
+valid after a call to `digest_512`, meaning the user may feed more data into
+the hash via `update_512`. (The digest_512 function operates on an internal copy of
 the state and therefore does not invalidate the client-held state `p`.)
 */
-void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst);
+void Hacl_Hash_SHA2_digest_512(Hacl_Streaming_MD_state_64 *state, uint8_t *output);
 
 /**
-Free a state allocated with `create_in_512`.
+Free a state allocated with `malloc_512`.
 
 This function is identical to the free function for SHA2_384.
 */
-void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s);
+void Hacl_Hash_SHA2_free_512(Hacl_Streaming_MD_state_64 *state);
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 64 bytes.
 */
-void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA2_hash_512(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void);
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_384(void);
 
-void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s);
+void Hacl_Hash_SHA2_reset_384(Hacl_Streaming_MD_state_64 *state);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_384(
-  Hacl_Streaming_MD_state_64 *p,
+Hacl_Hash_SHA2_update_384(
+  Hacl_Streaming_MD_state_64 *state,
   uint8_t *input,
   uint32_t input_len
 );
 
 /**
-Write the resulting hash into `dst`, an array of 48 bytes. The state remains
-valid after a call to `finish_384`, meaning the user may feed more data into
+Write the resulting hash into `output`, an array of 48 bytes. The state remains
+valid after a call to `digest_384`, meaning the user may feed more data into
 the hash via `update_384`.
 */
-void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst);
+void Hacl_Hash_SHA2_digest_384(Hacl_Streaming_MD_state_64 *state, uint8_t *output);
 
-void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p);
+void Hacl_Hash_SHA2_free_384(Hacl_Streaming_MD_state_64 *state);
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 48 bytes.
 */
-void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA2_hash_384(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/Hacl_Hash_SHA3.h b/include/Hacl_Hash_SHA3.h
index e2f5ff06..e09f8745 100644
--- a/include/Hacl_Hash_SHA3.h
+++ b/include/Hacl_Hash_SHA3.h
@@ -37,48 +37,48 @@ extern "C" {
 
 #include "Hacl_Streaming_Types.h"
 
-typedef struct Hacl_Streaming_Keccak_hash_buf_s
+typedef struct Hacl_Hash_SHA3_hash_buf_s
 {
   Spec_Hash_Definitions_hash_alg fst;
   uint64_t *snd;
 }
-Hacl_Streaming_Keccak_hash_buf;
+Hacl_Hash_SHA3_hash_buf;
 
-typedef struct Hacl_Streaming_Keccak_state_s
+typedef struct Hacl_Hash_SHA3_state_t_s
 {
-  Hacl_Streaming_Keccak_hash_buf block_state;
+  Hacl_Hash_SHA3_hash_buf block_state;
   uint8_t *buf;
   uint64_t total_len;
 }
-Hacl_Streaming_Keccak_state;
+Hacl_Hash_SHA3_state_t;
 
-Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s);
+Spec_Hash_Definitions_hash_alg Hacl_Hash_SHA3_get_alg(Hacl_Hash_SHA3_state_t *s);
 
-Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_hash_alg a);
+Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_hash_alg a);
 
-void Hacl_Streaming_Keccak_free(Hacl_Streaming_Keccak_state *s);
+void Hacl_Hash_SHA3_free(Hacl_Hash_SHA3_state_t *state);
 
-Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_copy(Hacl_Streaming_Keccak_state *s0);
+Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_copy(Hacl_Hash_SHA3_state_t *state);
 
-void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s);
+void Hacl_Hash_SHA3_reset(Hacl_Hash_SHA3_state_t *state);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint32_t len);
+Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t chunk_len);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_finish(Hacl_Streaming_Keccak_state *s, uint8_t *dst);
+Hacl_Hash_SHA3_digest(Hacl_Hash_SHA3_state_t *state, uint8_t *output);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_squeeze(Hacl_Streaming_Keccak_state *s, uint8_t *dst, uint32_t l);
+Hacl_Hash_SHA3_squeeze(Hacl_Hash_SHA3_state_t *s, uint8_t *dst, uint32_t l);
 
-uint32_t Hacl_Streaming_Keccak_block_len(Hacl_Streaming_Keccak_state *s);
+uint32_t Hacl_Hash_SHA3_block_len(Hacl_Hash_SHA3_state_t *s);
 
-uint32_t Hacl_Streaming_Keccak_hash_len(Hacl_Streaming_Keccak_state *s);
+uint32_t Hacl_Hash_SHA3_hash_len(Hacl_Hash_SHA3_state_t *s);
 
-bool Hacl_Streaming_Keccak_is_shake(Hacl_Streaming_Keccak_state *s);
+bool Hacl_Hash_SHA3_is_shake(Hacl_Hash_SHA3_state_t *s);
 
 void
-Hacl_SHA3_shake128_hacl(
+Hacl_Hash_SHA3_shake128_hacl(
   uint32_t inputByteLen,
   uint8_t *input,
   uint32_t outputByteLen,
@@ -86,25 +86,25 @@ Hacl_SHA3_shake128_hacl(
 );
 
 void
-Hacl_SHA3_shake256_hacl(
+Hacl_Hash_SHA3_shake256_hacl(
   uint32_t inputByteLen,
   uint8_t *input,
   uint32_t outputByteLen,
   uint8_t *output
 );
 
-void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
+void Hacl_Hash_SHA3_sha3_224(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
+void Hacl_Hash_SHA3_sha3_256(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
+void Hacl_Hash_SHA3_sha3_384(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
+void Hacl_Hash_SHA3_sha3_512(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-void Hacl_Impl_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s);
+void Hacl_Hash_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s);
 
 void
-Hacl_Impl_SHA3_squeeze(
+Hacl_Hash_SHA3_squeeze0(
   uint64_t *s,
   uint32_t rateInBytes,
   uint32_t outputByteLen,
@@ -112,7 +112,7 @@ Hacl_Impl_SHA3_squeeze(
 );
 
 void
-Hacl_Impl_SHA3_keccak(
+Hacl_Hash_SHA3_keccak(
   uint32_t rate,
   uint32_t capacity,
   uint32_t inputByteLen,
diff --git a/include/Hacl_IntTypes_Intrinsics.h b/include/Hacl_IntTypes_Intrinsics.h
index e2a193e9..c816b046 100644
--- a/include/Hacl_IntTypes_Intrinsics.h
+++ b/include/Hacl_IntTypes_Intrinsics.h
@@ -41,7 +41,7 @@ static inline uint32_t
 Hacl_IntTypes_Intrinsics_add_carry_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r)
 {
   uint64_t res = (uint64_t)x + (uint64_t)cin + (uint64_t)y;
-  uint32_t c = (uint32_t)(res >> (uint32_t)32U);
+  uint32_t c = (uint32_t)(res >> 32U);
   r[0U] = (uint32_t)res;
   return c;
 }
@@ -50,7 +50,7 @@ static inline uint32_t
 Hacl_IntTypes_Intrinsics_sub_borrow_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r)
 {
   uint64_t res = (uint64_t)x - (uint64_t)y - (uint64_t)cin;
-  uint32_t c = (uint32_t)(res >> (uint32_t)32U) & (uint32_t)1U;
+  uint32_t c = (uint32_t)(res >> 32U) & 1U;
   r[0U] = (uint32_t)res;
   return c;
 }
@@ -59,8 +59,7 @@ static inline uint64_t
 Hacl_IntTypes_Intrinsics_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r)
 {
   uint64_t res = x + cin + y;
-  uint64_t
-  c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & (uint64_t)1U;
+  uint64_t c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & 1ULL;
   r[0U] = res;
   return c;
 }
@@ -73,7 +72,7 @@ Hacl_IntTypes_Intrinsics_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y, ui
   c =
     ((FStar_UInt64_gte_mask(res, x) & ~FStar_UInt64_eq_mask(res, x))
     | (FStar_UInt64_eq_mask(res, x) & cin))
-    & (uint64_t)1U;
+    & 1ULL;
   r[0U] = res;
   return c;
 }
diff --git a/include/Hacl_IntTypes_Intrinsics_128.h b/include/Hacl_IntTypes_Intrinsics_128.h
index aa843a6c..d3008969 100644
--- a/include/Hacl_IntTypes_Intrinsics_128.h
+++ b/include/Hacl_IntTypes_Intrinsics_128.h
@@ -45,7 +45,7 @@ Hacl_IntTypes_Intrinsics_128_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y,
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_uint64_to_uint128(x),
         FStar_UInt128_uint64_to_uint128(cin)),
       FStar_UInt128_uint64_to_uint128(y));
-  uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U));
+  uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U));
   r[0U] = FStar_UInt128_uint128_to_uint64(res);
   return c;
 }
@@ -58,10 +58,7 @@ Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y
     FStar_UInt128_sub_mod(FStar_UInt128_sub_mod(FStar_UInt128_uint64_to_uint128(x),
         FStar_UInt128_uint64_to_uint128(y)),
       FStar_UInt128_uint64_to_uint128(cin));
-  uint64_t
-  c =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U))
-    & (uint64_t)1U;
+  uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)) & 1ULL;
   r[0U] = FStar_UInt128_uint128_to_uint64(res);
   return c;
 }
diff --git a/include/msvc/Hacl_Streaming_Poly1305_32.h b/include/Hacl_MAC_Poly1305.h
similarity index 67%
rename from include/msvc/Hacl_Streaming_Poly1305_32.h
rename to include/Hacl_MAC_Poly1305.h
index 88d1a513..95ac4be2 100644
--- a/include/msvc/Hacl_Streaming_Poly1305_32.h
+++ b/include/Hacl_MAC_Poly1305.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Poly1305_32_H
-#define __Hacl_Streaming_Poly1305_32_H
+#ifndef __Hacl_MAC_Poly1305_H
+#define __Hacl_MAC_Poly1305_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -36,43 +36,36 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Streaming_Types.h"
-#include "Hacl_Poly1305_32.h"
+#include "Hacl_Krmllib.h"
 
-typedef struct Hacl_Streaming_Poly1305_32_poly1305_32_state_s
+typedef struct Hacl_MAC_Poly1305_state_t_s
 {
   uint64_t *block_state;
   uint8_t *buf;
   uint64_t total_len;
   uint8_t *p_key;
 }
-Hacl_Streaming_Poly1305_32_poly1305_32_state;
+Hacl_MAC_Poly1305_state_t;
 
-Hacl_Streaming_Poly1305_32_poly1305_32_state *Hacl_Streaming_Poly1305_32_create_in(uint8_t *k);
+Hacl_MAC_Poly1305_state_t *Hacl_MAC_Poly1305_malloc(uint8_t *key);
 
-void
-Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_32_state *s);
+void Hacl_MAC_Poly1305_reset(Hacl_MAC_Poly1305_state_t *state, uint8_t *key);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_32_update(
-  Hacl_Streaming_Poly1305_32_poly1305_32_state *p,
-  uint8_t *data,
-  uint32_t len
-);
+Hacl_MAC_Poly1305_update(Hacl_MAC_Poly1305_state_t *state, uint8_t *chunk, uint32_t chunk_len);
 
-void
-Hacl_Streaming_Poly1305_32_finish(
-  Hacl_Streaming_Poly1305_32_poly1305_32_state *p,
-  uint8_t *dst
-);
+void Hacl_MAC_Poly1305_digest(Hacl_MAC_Poly1305_state_t *state, uint8_t *output);
 
-void Hacl_Streaming_Poly1305_32_free(Hacl_Streaming_Poly1305_32_poly1305_32_state *s);
+void Hacl_MAC_Poly1305_free(Hacl_MAC_Poly1305_state_t *state);
+
+void Hacl_MAC_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Poly1305_32_H_DEFINED
+#define __Hacl_MAC_Poly1305_H_DEFINED
 #endif
diff --git a/include/Hacl_Streaming_Poly1305_128.h b/include/Hacl_MAC_Poly1305_Simd128.h
similarity index 67%
rename from include/Hacl_Streaming_Poly1305_128.h
rename to include/Hacl_MAC_Poly1305_Simd128.h
index d6299052..9b69ebd4 100644
--- a/include/Hacl_Streaming_Poly1305_128.h
+++ b/include/Hacl_MAC_Poly1305_Simd128.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Poly1305_128_H
-#define __Hacl_Streaming_Poly1305_128_H
+#ifndef __Hacl_MAC_Poly1305_Simd128_H
+#define __Hacl_MAC_Poly1305_Simd128_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -36,44 +36,47 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Streaming_Types.h"
-#include "Hacl_Poly1305_128.h"
+#include "libintvector.h"
 
-typedef struct Hacl_Streaming_Poly1305_128_poly1305_128_state_s
+typedef struct Hacl_MAC_Poly1305_Simd128_state_t_s
 {
   Lib_IntVector_Intrinsics_vec128 *block_state;
   uint8_t *buf;
   uint64_t total_len;
   uint8_t *p_key;
 }
-Hacl_Streaming_Poly1305_128_poly1305_128_state;
+Hacl_MAC_Poly1305_Simd128_state_t;
 
-Hacl_Streaming_Poly1305_128_poly1305_128_state
-*Hacl_Streaming_Poly1305_128_create_in(uint8_t *k);
+Hacl_MAC_Poly1305_Simd128_state_t *Hacl_MAC_Poly1305_Simd128_malloc(uint8_t *key);
 
-void
-Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly1305_128_state *s);
+void Hacl_MAC_Poly1305_Simd128_reset(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *key);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_128_update(
-  Hacl_Streaming_Poly1305_128_poly1305_128_state *p,
-  uint8_t *data,
-  uint32_t len
+Hacl_MAC_Poly1305_Simd128_update(
+  Hacl_MAC_Poly1305_Simd128_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
 );
 
 void
-Hacl_Streaming_Poly1305_128_finish(
-  Hacl_Streaming_Poly1305_128_poly1305_128_state *p,
-  uint8_t *dst
-);
+Hacl_MAC_Poly1305_Simd128_digest(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *output);
+
+void Hacl_MAC_Poly1305_Simd128_free(Hacl_MAC_Poly1305_Simd128_state_t *state);
 
-void Hacl_Streaming_Poly1305_128_free(Hacl_Streaming_Poly1305_128_poly1305_128_state *s);
+void
+Hacl_MAC_Poly1305_Simd128_mac(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key
+);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Poly1305_128_H_DEFINED
+#define __Hacl_MAC_Poly1305_Simd128_H_DEFINED
 #endif
diff --git a/include/msvc/Hacl_Streaming_Poly1305_256.h b/include/Hacl_MAC_Poly1305_Simd256.h
similarity index 67%
rename from include/msvc/Hacl_Streaming_Poly1305_256.h
rename to include/Hacl_MAC_Poly1305_Simd256.h
index 689b837b..89f4a104 100644
--- a/include/msvc/Hacl_Streaming_Poly1305_256.h
+++ b/include/Hacl_MAC_Poly1305_Simd256.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Poly1305_256_H
-#define __Hacl_Streaming_Poly1305_256_H
+#ifndef __Hacl_MAC_Poly1305_Simd256_H
+#define __Hacl_MAC_Poly1305_Simd256_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -36,44 +36,47 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Streaming_Types.h"
-#include "Hacl_Poly1305_256.h"
+#include "libintvector.h"
 
-typedef struct Hacl_Streaming_Poly1305_256_poly1305_256_state_s
+typedef struct Hacl_MAC_Poly1305_Simd256_state_t_s
 {
   Lib_IntVector_Intrinsics_vec256 *block_state;
   uint8_t *buf;
   uint64_t total_len;
   uint8_t *p_key;
 }
-Hacl_Streaming_Poly1305_256_poly1305_256_state;
+Hacl_MAC_Poly1305_Simd256_state_t;
 
-Hacl_Streaming_Poly1305_256_poly1305_256_state
-*Hacl_Streaming_Poly1305_256_create_in(uint8_t *k);
+Hacl_MAC_Poly1305_Simd256_state_t *Hacl_MAC_Poly1305_Simd256_malloc(uint8_t *key);
 
-void
-Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly1305_256_state *s);
+void Hacl_MAC_Poly1305_Simd256_reset(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *key);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_256_update(
-  Hacl_Streaming_Poly1305_256_poly1305_256_state *p,
-  uint8_t *data,
-  uint32_t len
+Hacl_MAC_Poly1305_Simd256_update(
+  Hacl_MAC_Poly1305_Simd256_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
 );
 
 void
-Hacl_Streaming_Poly1305_256_finish(
-  Hacl_Streaming_Poly1305_256_poly1305_256_state *p,
-  uint8_t *dst
-);
+Hacl_MAC_Poly1305_Simd256_digest(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *output);
+
+void Hacl_MAC_Poly1305_Simd256_free(Hacl_MAC_Poly1305_Simd256_state_t *state);
 
-void Hacl_Streaming_Poly1305_256_free(Hacl_Streaming_Poly1305_256_poly1305_256_state *s);
+void
+Hacl_MAC_Poly1305_Simd256_mac(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key
+);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Poly1305_256_H_DEFINED
+#define __Hacl_MAC_Poly1305_Simd256_H_DEFINED
 #endif
diff --git a/include/Hacl_NaCl.h b/include/Hacl_NaCl.h
index b7e91a4b..a3ca6804 100644
--- a/include/Hacl_NaCl.h
+++ b/include/Hacl_NaCl.h
@@ -36,7 +36,7 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Salsa20.h"
-#include "Hacl_Poly1305_32.h"
+#include "Hacl_MAC_Poly1305.h"
 #include "Hacl_Curve25519_51.h"
 
 /**
diff --git a/include/Hacl_Poly1305_256.h b/include/Hacl_Poly1305_256.h
deleted file mode 100644
index 9d1ae8c3..00000000
--- a/include/Hacl_Poly1305_256.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Poly1305_256_H
-#define __Hacl_Poly1305_256_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "libintvector.h"
-
-typedef Lib_IntVector_Intrinsics_vec256 *Hacl_Poly1305_256_poly1305_ctx;
-
-void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key);
-
-void Hacl_Poly1305_256_poly1305_update1(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *text);
-
-void
-Hacl_Poly1305_256_poly1305_update(
-  Lib_IntVector_Intrinsics_vec256 *ctx,
-  uint32_t len,
-  uint8_t *text
-);
-
-void
-Hacl_Poly1305_256_poly1305_finish(
-  uint8_t *tag,
-  uint8_t *key,
-  Lib_IntVector_Intrinsics_vec256 *ctx
-);
-
-void Hacl_Poly1305_256_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Poly1305_256_H_DEFINED
-#endif
diff --git a/include/Hacl_Poly1305_32.h b/include/Hacl_Poly1305_32.h
deleted file mode 100644
index f3233b90..00000000
--- a/include/Hacl_Poly1305_32.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Poly1305_32_H
-#define __Hacl_Poly1305_32_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Krmllib.h"
-
-typedef uint64_t *Hacl_Poly1305_32_poly1305_ctx;
-
-void Hacl_Poly1305_32_poly1305_init(uint64_t *ctx, uint8_t *key);
-
-void Hacl_Poly1305_32_poly1305_update1(uint64_t *ctx, uint8_t *text);
-
-void Hacl_Poly1305_32_poly1305_update(uint64_t *ctx, uint32_t len, uint8_t *text);
-
-void Hacl_Poly1305_32_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx);
-
-void Hacl_Poly1305_32_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Poly1305_32_H_DEFINED
-#endif
diff --git a/include/Hacl_Streaming_Blake2.h b/include/Hacl_Streaming_Blake2.h
deleted file mode 100644
index bfb05e4f..00000000
--- a/include/Hacl_Streaming_Blake2.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Streaming_Blake2_H
-#define __Hacl_Streaming_Blake2_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Streaming_Types.h"
-#include "Hacl_Krmllib.h"
-#include "Hacl_Hash_Blake2.h"
-
-typedef struct Hacl_Streaming_Blake2_blake2s_32_block_state_s
-{
-  uint32_t *fst;
-  uint32_t *snd;
-}
-Hacl_Streaming_Blake2_blake2s_32_block_state;
-
-typedef struct Hacl_Streaming_Blake2_blake2b_32_block_state_s
-{
-  uint64_t *fst;
-  uint64_t *snd;
-}
-Hacl_Streaming_Blake2_blake2b_32_block_state;
-
-typedef struct Hacl_Streaming_Blake2_blake2s_32_state_s
-{
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state;
-  uint8_t *buf;
-  uint64_t total_len;
-}
-Hacl_Streaming_Blake2_blake2s_32_state;
-
-typedef struct Hacl_Streaming_Blake2_blake2b_32_state_s
-{
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state;
-  uint8_t *buf;
-  uint64_t total_len;
-}
-Hacl_Streaming_Blake2_blake2b_32_state;
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2_blake2s_32_state
-*Hacl_Streaming_Blake2_blake2s_32_no_key_create_in(void);
-
-/**
-  (Re-)initialization function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_32_state *s1);
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2_blake2s_32_no_key_update(
-  Hacl_Streaming_Blake2_blake2s_32_state *p,
-  uint8_t *data,
-  uint32_t len
-);
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2_blake2s_32_no_key_finish(
-  Hacl_Streaming_Blake2_blake2s_32_state *p,
-  uint8_t *dst
-);
-
-/**
-  Free state function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2s_32_no_key_free(Hacl_Streaming_Blake2_blake2s_32_state *s1);
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2_blake2b_32_state
-*Hacl_Streaming_Blake2_blake2b_32_no_key_create_in(void);
-
-/**
-  (Re)-initialization function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_32_state *s1);
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2_blake2b_32_no_key_update(
-  Hacl_Streaming_Blake2_blake2b_32_state *p,
-  uint8_t *data,
-  uint32_t len
-);
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2_blake2b_32_no_key_finish(
-  Hacl_Streaming_Blake2_blake2b_32_state *p,
-  uint8_t *dst
-);
-
-/**
-  Free state function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2b_32_no_key_free(Hacl_Streaming_Blake2_blake2b_32_state *s1);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Streaming_Blake2_H_DEFINED
-#endif
diff --git a/include/internal/EverCrypt_HMAC.h b/include/internal/EverCrypt_HMAC.h
index 02986e6c..debea462 100644
--- a/include/internal/EverCrypt_HMAC.h
+++ b/include/internal/EverCrypt_HMAC.h
@@ -38,7 +38,9 @@ extern "C" {
 #include "internal/Hacl_Krmllib.h"
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b.h"
+#include "internal/Hacl_HMAC.h"
 #include "internal/EverCrypt_Hash.h"
 #include "../EverCrypt_HMAC.h"
 
diff --git a/include/internal/EverCrypt_Hash.h b/include/internal/EverCrypt_Hash.h
index c9417677..cd706161 100644
--- a/include/internal/EverCrypt_Hash.h
+++ b/include/internal/EverCrypt_Hash.h
@@ -41,11 +41,15 @@ extern "C" {
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
 #include "internal/Hacl_Hash_MD5.h"
+#include "internal/Hacl_Hash_Blake2s_Simd128.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b_Simd256.h"
+#include "internal/Hacl_Hash_Blake2b.h"
 #include "../EverCrypt_Hash.h"
 
 void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n);
 
-void EverCrypt_Hash_Incremental_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void EverCrypt_Hash_Incremental_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/internal/Hacl_Bignum.h b/include/internal/Hacl_Bignum.h
index 901a8dad..4b31236d 100644
--- a/include/internal/Hacl_Bignum.h
+++ b/include/internal/Hacl_Bignum.h
@@ -124,15 +124,6 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(
   uint32_t *res
 );
 
-void
-Hacl_Bignum_Montgomery_bn_mont_reduction_u32(
-  uint32_t len,
-  uint32_t *n,
-  uint32_t nInv,
-  uint32_t *c,
-  uint32_t *res
-);
-
 void
 Hacl_Bignum_Montgomery_bn_to_mont_u32(
   uint32_t len,
@@ -181,15 +172,6 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(
   uint64_t *res
 );
 
-void
-Hacl_Bignum_Montgomery_bn_mont_reduction_u64(
-  uint32_t len,
-  uint64_t *n,
-  uint64_t nInv,
-  uint64_t *c,
-  uint64_t *res
-);
-
 void
 Hacl_Bignum_Montgomery_bn_to_mont_u64(
   uint32_t len,
@@ -228,6 +210,24 @@ Hacl_Bignum_Montgomery_bn_mont_sqr_u64(
   uint64_t *resM
 );
 
+void
+Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(
+  uint32_t len,
+  uint32_t *n,
+  uint32_t nInv,
+  uint32_t *c,
+  uint32_t *res
+);
+
+void
+Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(
+  uint32_t len,
+  uint64_t *n,
+  uint64_t nInv,
+  uint64_t *c,
+  uint64_t *res
+);
+
 uint32_t
 Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32(
   uint32_t len,
diff --git a/include/internal/Hacl_Bignum25519_51.h b/include/internal/Hacl_Bignum25519_51.h
index 25a10503..4678f8a0 100644
--- a/include/internal/Hacl_Bignum25519_51.h
+++ b/include/internal/Hacl_Bignum25519_51.h
@@ -69,11 +69,11 @@ static inline void Hacl_Impl_Curve25519_Field51_fsub(uint64_t *out, uint64_t *f1
   uint64_t f23 = f2[3U];
   uint64_t f14 = f1[4U];
   uint64_t f24 = f2[4U];
-  out[0U] = f10 + (uint64_t)0x3fffffffffff68U - f20;
-  out[1U] = f11 + (uint64_t)0x3ffffffffffff8U - f21;
-  out[2U] = f12 + (uint64_t)0x3ffffffffffff8U - f22;
-  out[3U] = f13 + (uint64_t)0x3ffffffffffff8U - f23;
-  out[4U] = f14 + (uint64_t)0x3ffffffffffff8U - f24;
+  out[0U] = f10 + 0x3fffffffffff68ULL - f20;
+  out[1U] = f11 + 0x3ffffffffffff8ULL - f21;
+  out[2U] = f12 + 0x3ffffffffffff8ULL - f22;
+  out[3U] = f13 + 0x3ffffffffffff8ULL - f23;
+  out[4U] = f14 + 0x3ffffffffffff8ULL - f24;
 }
 
 static inline void
@@ -84,7 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul(
   FStar_UInt128_uint128 *uu___
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -95,10 +95,10 @@ Hacl_Impl_Curve25519_Field51_fmul(
   uint64_t f22 = f2[2U];
   uint64_t f23 = f2[3U];
   uint64_t f24 = f2[4U];
-  uint64_t tmp1 = f21 * (uint64_t)19U;
-  uint64_t tmp2 = f22 * (uint64_t)19U;
-  uint64_t tmp3 = f23 * (uint64_t)19U;
-  uint64_t tmp4 = f24 * (uint64_t)19U;
+  uint64_t tmp1 = f21 * 19ULL;
+  uint64_t tmp2 = f22 * 19ULL;
+  uint64_t tmp3 = f23 * 19ULL;
+  uint64_t tmp4 = f24 * 19ULL;
   FStar_UInt128_uint128 o00 = FStar_UInt128_mul_wide(f10, f20);
   FStar_UInt128_uint128 o10 = FStar_UInt128_mul_wide(f10, f21);
   FStar_UInt128_uint128 o20 = FStar_UInt128_mul_wide(f10, f22);
@@ -129,25 +129,24 @@ Hacl_Impl_Curve25519_Field51_fmul(
   FStar_UInt128_uint128 tmp_w2 = o24;
   FStar_UInt128_uint128 tmp_w3 = o34;
   FStar_UInt128_uint128 tmp_w4 = o44;
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp01 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp01 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w1, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp11 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp11 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w2, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp21 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp21 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w3, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp31 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp31 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w4, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp41 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp01 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp41 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp01 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t o0 = tmp0_;
   uint64_t o1 = tmp11 + c5;
   uint64_t o2 = tmp21;
@@ -168,7 +167,7 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   FStar_UInt128_uint128 *uu___
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -189,14 +188,14 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   uint64_t f42 = f2[7U];
   uint64_t f43 = f2[8U];
   uint64_t f44 = f2[9U];
-  uint64_t tmp11 = f21 * (uint64_t)19U;
-  uint64_t tmp12 = f22 * (uint64_t)19U;
-  uint64_t tmp13 = f23 * (uint64_t)19U;
-  uint64_t tmp14 = f24 * (uint64_t)19U;
-  uint64_t tmp21 = f41 * (uint64_t)19U;
-  uint64_t tmp22 = f42 * (uint64_t)19U;
-  uint64_t tmp23 = f43 * (uint64_t)19U;
-  uint64_t tmp24 = f44 * (uint64_t)19U;
+  uint64_t tmp11 = f21 * 19ULL;
+  uint64_t tmp12 = f22 * 19ULL;
+  uint64_t tmp13 = f23 * 19ULL;
+  uint64_t tmp14 = f24 * 19ULL;
+  uint64_t tmp21 = f41 * 19ULL;
+  uint64_t tmp22 = f42 * 19ULL;
+  uint64_t tmp23 = f43 * 19ULL;
+  uint64_t tmp24 = f44 * 19ULL;
   FStar_UInt128_uint128 o00 = FStar_UInt128_mul_wide(f10, f20);
   FStar_UInt128_uint128 o15 = FStar_UInt128_mul_wide(f10, f21);
   FStar_UInt128_uint128 o25 = FStar_UInt128_mul_wide(f10, f22);
@@ -257,49 +256,47 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   FStar_UInt128_uint128 tmp_w22 = o241;
   FStar_UInt128_uint128 tmp_w23 = o34;
   FStar_UInt128_uint128 tmp_w24 = o44;
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(tmp_w10, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w10, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w11, FStar_UInt128_uint64_to_uint128(c00));
-  uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w12, FStar_UInt128_uint64_to_uint128(c10));
-  uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w13, FStar_UInt128_uint64_to_uint128(c20));
-  uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w14, FStar_UInt128_uint64_to_uint128(c30));
-  uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp00 + c40 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c50 = l_4 >> (uint32_t)51U;
+  uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp00 + c40 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c50 = l_4 >> 51U;
   uint64_t o100 = tmp0_;
   uint64_t o112 = tmp10 + c50;
   uint64_t o122 = tmp20;
   uint64_t o132 = tmp30;
   uint64_t o142 = tmp40;
-  FStar_UInt128_uint128
-  l_5 = FStar_UInt128_add(tmp_w20, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, (uint32_t)51U));
+  FStar_UInt128_uint128 l_5 = FStar_UInt128_add(tmp_w20, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, 51U));
   FStar_UInt128_uint128 l_6 = FStar_UInt128_add(tmp_w21, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, (uint32_t)51U));
+  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, 51U));
   FStar_UInt128_uint128 l_7 = FStar_UInt128_add(tmp_w22, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, (uint32_t)51U));
+  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, 51U));
   FStar_UInt128_uint128 l_8 = FStar_UInt128_add(tmp_w23, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, (uint32_t)51U));
+  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, 51U));
   FStar_UInt128_uint128 l_9 = FStar_UInt128_add(tmp_w24, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, (uint32_t)51U));
-  uint64_t l_10 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_0 = l_10 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_10 >> (uint32_t)51U;
+  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, 51U));
+  uint64_t l_10 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_0 = l_10 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_10 >> 51U;
   uint64_t o200 = tmp0_0;
   uint64_t o212 = tmp1 + c5;
   uint64_t o222 = tmp2;
@@ -339,25 +336,24 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f
   FStar_UInt128_uint128 tmp_w2 = FStar_UInt128_mul_wide(f2, f12);
   FStar_UInt128_uint128 tmp_w3 = FStar_UInt128_mul_wide(f2, f13);
   FStar_UInt128_uint128 tmp_w4 = FStar_UInt128_mul_wide(f2, f14);
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w1, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w2, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w3, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w4, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t o0 = tmp0_;
   uint64_t o1 = tmp1 + c5;
   uint64_t o2 = tmp2;
@@ -373,18 +369,18 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint64_t f0 = f[0U];
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
   uint64_t f4 = f[4U];
-  uint64_t d0 = (uint64_t)2U * f0;
-  uint64_t d1 = (uint64_t)2U * f1;
-  uint64_t d2 = (uint64_t)38U * f2;
-  uint64_t d3 = (uint64_t)19U * f3;
-  uint64_t d419 = (uint64_t)19U * f4;
-  uint64_t d4 = (uint64_t)2U * d419;
+  uint64_t d0 = 2ULL * f0;
+  uint64_t d1 = 2ULL * f1;
+  uint64_t d2 = 38ULL * f2;
+  uint64_t d3 = 19ULL * f3;
+  uint64_t d419 = 19ULL * f4;
+  uint64_t d4 = 2ULL * d419;
   FStar_UInt128_uint128
   s0 =
     FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f0, f0),
@@ -415,25 +411,24 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint
   FStar_UInt128_uint128 o20 = s2;
   FStar_UInt128_uint128 o30 = s3;
   FStar_UInt128_uint128 o40 = s4;
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(o00, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(o00, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(o10, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(o20, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(o30, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(o40, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t o0 = tmp0_;
   uint64_t o1 = tmp1 + c5;
   uint64_t o2 = tmp2;
@@ -449,7 +444,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint64_t f10 = f[0U];
   uint64_t f11 = f[1U];
   uint64_t f12 = f[2U];
@@ -460,12 +455,12 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin
   uint64_t f22 = f[7U];
   uint64_t f23 = f[8U];
   uint64_t f24 = f[9U];
-  uint64_t d00 = (uint64_t)2U * f10;
-  uint64_t d10 = (uint64_t)2U * f11;
-  uint64_t d20 = (uint64_t)38U * f12;
-  uint64_t d30 = (uint64_t)19U * f13;
-  uint64_t d4190 = (uint64_t)19U * f14;
-  uint64_t d40 = (uint64_t)2U * d4190;
+  uint64_t d00 = 2ULL * f10;
+  uint64_t d10 = 2ULL * f11;
+  uint64_t d20 = 38ULL * f12;
+  uint64_t d30 = 19ULL * f13;
+  uint64_t d4190 = 19ULL * f14;
+  uint64_t d40 = 2ULL * d4190;
   FStar_UInt128_uint128
   s00 =
     FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f10, f10),
@@ -496,12 +491,12 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin
   FStar_UInt128_uint128 o120 = s20;
   FStar_UInt128_uint128 o130 = s30;
   FStar_UInt128_uint128 o140 = s40;
-  uint64_t d0 = (uint64_t)2U * f20;
-  uint64_t d1 = (uint64_t)2U * f21;
-  uint64_t d2 = (uint64_t)38U * f22;
-  uint64_t d3 = (uint64_t)19U * f23;
-  uint64_t d419 = (uint64_t)19U * f24;
-  uint64_t d4 = (uint64_t)2U * d419;
+  uint64_t d0 = 2ULL * f20;
+  uint64_t d1 = 2ULL * f21;
+  uint64_t d2 = 38ULL * f22;
+  uint64_t d3 = 19ULL * f23;
+  uint64_t d419 = 19ULL * f24;
+  uint64_t d4 = 2ULL * d419;
   FStar_UInt128_uint128
   s0 =
     FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f20, f20),
@@ -532,49 +527,47 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin
   FStar_UInt128_uint128 o220 = s2;
   FStar_UInt128_uint128 o230 = s3;
   FStar_UInt128_uint128 o240 = s4;
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(o100, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(o100, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(o110, FStar_UInt128_uint64_to_uint128(c00));
-  uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(o120, FStar_UInt128_uint64_to_uint128(c10));
-  uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(o130, FStar_UInt128_uint64_to_uint128(c20));
-  uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(o140, FStar_UInt128_uint64_to_uint128(c30));
-  uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp00 + c40 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c50 = l_4 >> (uint32_t)51U;
+  uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp00 + c40 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c50 = l_4 >> 51U;
   uint64_t o101 = tmp0_;
   uint64_t o111 = tmp10 + c50;
   uint64_t o121 = tmp20;
   uint64_t o131 = tmp30;
   uint64_t o141 = tmp40;
-  FStar_UInt128_uint128
-  l_5 = FStar_UInt128_add(o200, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, (uint32_t)51U));
+  FStar_UInt128_uint128 l_5 = FStar_UInt128_add(o200, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, 51U));
   FStar_UInt128_uint128 l_6 = FStar_UInt128_add(o210, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, (uint32_t)51U));
+  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, 51U));
   FStar_UInt128_uint128 l_7 = FStar_UInt128_add(o220, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, (uint32_t)51U));
+  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, 51U));
   FStar_UInt128_uint128 l_8 = FStar_UInt128_add(o230, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, (uint32_t)51U));
+  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, 51U));
   FStar_UInt128_uint128 l_9 = FStar_UInt128_add(o240, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, (uint32_t)51U));
-  uint64_t l_10 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_0 = l_10 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_10 >> (uint32_t)51U;
+  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, 51U));
+  uint64_t l_10 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_0 = l_10 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_10 >> 51U;
   uint64_t o201 = tmp0_0;
   uint64_t o211 = tmp1 + c5;
   uint64_t o221 = tmp2;
@@ -609,49 +602,49 @@ static inline void Hacl_Impl_Curve25519_Field51_store_felem(uint64_t *u64s, uint
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
   uint64_t f4 = f[4U];
-  uint64_t l_ = f0 + (uint64_t)0U;
-  uint64_t tmp0 = l_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = l_ >> (uint32_t)51U;
+  uint64_t l_ = f0 + 0ULL;
+  uint64_t tmp0 = l_ & 0x7ffffffffffffULL;
+  uint64_t c0 = l_ >> 51U;
   uint64_t l_0 = f1 + c0;
-  uint64_t tmp1 = l_0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = l_0 >> (uint32_t)51U;
+  uint64_t tmp1 = l_0 & 0x7ffffffffffffULL;
+  uint64_t c1 = l_0 >> 51U;
   uint64_t l_1 = f2 + c1;
-  uint64_t tmp2 = l_1 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = l_1 >> (uint32_t)51U;
+  uint64_t tmp2 = l_1 & 0x7ffffffffffffULL;
+  uint64_t c2 = l_1 >> 51U;
   uint64_t l_2 = f3 + c2;
-  uint64_t tmp3 = l_2 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = l_2 >> (uint32_t)51U;
+  uint64_t tmp3 = l_2 & 0x7ffffffffffffULL;
+  uint64_t c3 = l_2 >> 51U;
   uint64_t l_3 = f4 + c3;
-  uint64_t tmp4 = l_3 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = l_3 >> (uint32_t)51U;
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = l_3 & 0x7ffffffffffffULL;
+  uint64_t c4 = l_3 >> 51U;
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t f01 = tmp0_;
   uint64_t f11 = tmp1 + c5;
   uint64_t f21 = tmp2;
   uint64_t f31 = tmp3;
   uint64_t f41 = tmp4;
-  uint64_t m0 = FStar_UInt64_gte_mask(f01, (uint64_t)0x7ffffffffffedU);
-  uint64_t m1 = FStar_UInt64_eq_mask(f11, (uint64_t)0x7ffffffffffffU);
-  uint64_t m2 = FStar_UInt64_eq_mask(f21, (uint64_t)0x7ffffffffffffU);
-  uint64_t m3 = FStar_UInt64_eq_mask(f31, (uint64_t)0x7ffffffffffffU);
-  uint64_t m4 = FStar_UInt64_eq_mask(f41, (uint64_t)0x7ffffffffffffU);
+  uint64_t m0 = FStar_UInt64_gte_mask(f01, 0x7ffffffffffedULL);
+  uint64_t m1 = FStar_UInt64_eq_mask(f11, 0x7ffffffffffffULL);
+  uint64_t m2 = FStar_UInt64_eq_mask(f21, 0x7ffffffffffffULL);
+  uint64_t m3 = FStar_UInt64_eq_mask(f31, 0x7ffffffffffffULL);
+  uint64_t m4 = FStar_UInt64_eq_mask(f41, 0x7ffffffffffffULL);
   uint64_t mask = (((m0 & m1) & m2) & m3) & m4;
-  uint64_t f0_ = f01 - (mask & (uint64_t)0x7ffffffffffedU);
-  uint64_t f1_ = f11 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f2_ = f21 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f3_ = f31 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f4_ = f41 - (mask & (uint64_t)0x7ffffffffffffU);
+  uint64_t f0_ = f01 - (mask & 0x7ffffffffffedULL);
+  uint64_t f1_ = f11 - (mask & 0x7ffffffffffffULL);
+  uint64_t f2_ = f21 - (mask & 0x7ffffffffffffULL);
+  uint64_t f3_ = f31 - (mask & 0x7ffffffffffffULL);
+  uint64_t f4_ = f41 - (mask & 0x7ffffffffffffULL);
   uint64_t f02 = f0_;
   uint64_t f12 = f1_;
   uint64_t f22 = f2_;
   uint64_t f32 = f3_;
   uint64_t f42 = f4_;
-  uint64_t o00 = f02 | f12 << (uint32_t)51U;
-  uint64_t o10 = f12 >> (uint32_t)13U | f22 << (uint32_t)38U;
-  uint64_t o20 = f22 >> (uint32_t)26U | f32 << (uint32_t)25U;
-  uint64_t o30 = f32 >> (uint32_t)39U | f42 << (uint32_t)12U;
+  uint64_t o00 = f02 | f12 << 51U;
+  uint64_t o10 = f12 >> 13U | f22 << 38U;
+  uint64_t o20 = f22 >> 26U | f32 << 25U;
+  uint64_t o30 = f32 >> 39U | f42 << 12U;
   uint64_t o0 = o00;
   uint64_t o1 = o10;
   uint64_t o2 = o20;
@@ -665,11 +658,11 @@ static inline void Hacl_Impl_Curve25519_Field51_store_felem(uint64_t *u64s, uint
 static inline void
 Hacl_Impl_Curve25519_Field51_cswap2(uint64_t bit, uint64_t *p1, uint64_t *p2)
 {
-  uint64_t mask = (uint64_t)0U - bit;
+  uint64_t mask = 0ULL - bit;
   KRML_MAYBE_FOR10(i,
-    (uint32_t)0U,
-    (uint32_t)10U,
-    (uint32_t)1U,
+    0U,
+    10U,
+    1U,
     uint64_t dummy = mask & (p1[i] ^ p2[i]);
     p1[i] = p1[i] ^ dummy;
     p2[i] = p2[i] ^ dummy;);
diff --git a/include/internal/Hacl_Bignum_Base.h b/include/internal/Hacl_Bignum_Base.h
index 2cfb0066..f2e282f4 100644
--- a/include/internal/Hacl_Bignum_Base.h
+++ b/include/internal/Hacl_Bignum_Base.h
@@ -45,7 +45,7 @@ Hacl_Bignum_Base_mul_wide_add2_u32(uint32_t a, uint32_t b, uint32_t c_in, uint32
   uint32_t out0 = out[0U];
   uint64_t res = (uint64_t)a * (uint64_t)b + (uint64_t)c_in + (uint64_t)out0;
   out[0U] = (uint32_t)res;
-  return (uint32_t)(res >> (uint32_t)32U);
+  return (uint32_t)(res >> 32U);
 }
 
 static inline uint64_t
@@ -58,22 +58,22 @@ Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64
         FStar_UInt128_uint64_to_uint128(c_in)),
       FStar_UInt128_uint64_to_uint128(out0));
   out[0U] = FStar_UInt128_uint128_to_uint64(res);
-  return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U));
+  return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U));
 }
 
 static inline void
 Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint64_t *os = res;
-    uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;
   }
@@ -82,24 +82,24 @@ Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t *
 static inline void
 Hacl_Bignum_Convert_bn_to_bytes_be_uint64(uint32_t len, uint64_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store64_be(tmp + i * (uint32_t)8U, b[bnLen - i - (uint32_t)1U]);
+    store64_be(tmp + i * 8U, b[bnLen - i - 1U]);
   }
   memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t));
 }
 
 static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32_t *b)
 {
-  uint32_t priv = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t priv = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
-    uint32_t mask = FStar_UInt32_eq_mask(b[i], (uint32_t)0U);
+    uint32_t mask = FStar_UInt32_eq_mask(b[i], 0U);
     priv = (mask & priv) | (~mask & i);
   }
   return priv;
@@ -107,10 +107,10 @@ static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32
 
 static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64_t *b)
 {
-  uint64_t priv = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t priv = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
-    uint64_t mask = FStar_UInt64_eq_mask(b[i], (uint64_t)0U);
+    uint64_t mask = FStar_UInt64_eq_mask(b[i], 0ULL);
     priv = (mask & priv) | (~mask & (uint64_t)i);
   }
   return priv;
@@ -119,63 +119,63 @@ static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64
 static inline uint32_t
 Hacl_Bignum_Lib_bn_get_bits_u32(uint32_t len, uint32_t *b, uint32_t i, uint32_t l)
 {
-  uint32_t i1 = i / (uint32_t)32U;
-  uint32_t j = i % (uint32_t)32U;
+  uint32_t i1 = i / 32U;
+  uint32_t j = i % 32U;
   uint32_t p1 = b[i1] >> j;
   uint32_t ite;
-  if (i1 + (uint32_t)1U < len && (uint32_t)0U < j)
+  if (i1 + 1U < len && 0U < j)
   {
-    ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)32U - j);
+    ite = p1 | b[i1 + 1U] << (32U - j);
   }
   else
   {
     ite = p1;
   }
-  return ite & (((uint32_t)1U << l) - (uint32_t)1U);
+  return ite & ((1U << l) - 1U);
 }
 
 static inline uint64_t
 Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t l)
 {
-  uint32_t i1 = i / (uint32_t)64U;
-  uint32_t j = i % (uint32_t)64U;
+  uint32_t i1 = i / 64U;
+  uint32_t j = i % 64U;
   uint64_t p1 = b[i1] >> j;
   uint64_t ite;
-  if (i1 + (uint32_t)1U < len && (uint32_t)0U < j)
+  if (i1 + 1U < len && 0U < j)
   {
-    ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)64U - j);
+    ite = p1 | b[i1 + 1U] << (64U - j);
   }
   else
   {
     ite = p1;
   }
-  return ite & (((uint64_t)1U << l) - (uint64_t)1U);
+  return ite & ((1ULL << l) - 1ULL);
 }
 
 static inline uint32_t
 Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < aLen / 4U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i);
   }
-  for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+  for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
   {
     uint32_t t1 = a[i];
     uint32_t t2 = b[i];
@@ -188,27 +188,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b,
 static inline uint64_t
 Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+  uint64_t c = 0ULL;
+  for (uint32_t i = 0U; i < aLen / 4U; i++)
   {
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
-  for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+  for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
   {
     uint64_t t1 = a[i];
     uint64_t t2 = b[i];
@@ -221,27 +221,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b,
 static inline uint32_t
 Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < aLen / 4U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
-  for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+  for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
   {
     uint32_t t1 = a[i];
     uint32_t t2 = b[i];
@@ -254,27 +254,27 @@ Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b,
 static inline uint64_t
 Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+  uint64_t c = 0ULL;
+  for (uint32_t i = 0U; i < aLen / 4U; i++)
   {
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
-  for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+  for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
   {
     uint64_t t1 = a[i];
     uint64_t t2 = b[i];
@@ -294,27 +294,27 @@ Hacl_Bignum_Multiplication_bn_mul_u32(
 )
 {
   memset(res, 0U, (aLen + bLen) * sizeof (uint32_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++)
+  for (uint32_t i0 = 0U; i0 < bLen; i0++)
   {
     uint32_t bj = b[i0];
     uint32_t *res_j = res + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+    uint32_t c = 0U;
+    for (uint32_t i = 0U; i < aLen / 4U; i++)
     {
-      uint32_t a_i = a[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint32_t a_i = a[4U * i];
+      uint32_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i0);
-      uint32_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = a[4U * i + 1U];
+      uint32_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c, res_i1);
-      uint32_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = a[4U * i + 2U];
+      uint32_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c, res_i2);
-      uint32_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = a[4U * i + 3U];
+      uint32_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c, res_i);
     }
-    for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+    for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
     {
       uint32_t a_i = a[i];
       uint32_t *res_i = res_j + i;
@@ -335,27 +335,27 @@ Hacl_Bignum_Multiplication_bn_mul_u64(
 )
 {
   memset(res, 0U, (aLen + bLen) * sizeof (uint64_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++)
+  for (uint32_t i0 = 0U; i0 < bLen; i0++)
   {
     uint64_t bj = b[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < aLen / 4U; i++)
     {
-      uint64_t a_i = a[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = a[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = a[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = a[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = a[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
-    for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+    for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
     {
       uint64_t a_i = a[i];
       uint64_t *res_i = res_j + i;
@@ -370,28 +370,28 @@ static inline void
 Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
 {
   memset(res, 0U, (aLen + aLen) * sizeof (uint32_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++)
+  for (uint32_t i0 = 0U; i0 < aLen; i0++)
   {
     uint32_t *ab = a;
     uint32_t a_j = a[i0];
     uint32_t *res_j = res + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint32_t c = 0U;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint32_t a_i = ab[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint32_t a_i = ab[4U * i];
+      uint32_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i0);
-      uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = ab[4U * i + 1U];
+      uint32_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c, res_i1);
-      uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = ab[4U * i + 2U];
+      uint32_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c, res_i2);
-      uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = ab[4U * i + 3U];
+      uint32_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint32_t a_i = ab[i];
       uint32_t *res_i = res_j + i;
@@ -401,48 +401,48 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     res[i0 + i0] = r;
   }
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  KRML_MAYBE_UNUSED_VAR(c0);
   KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen);
   uint32_t tmp[aLen + aLen];
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t));
-  for (uint32_t i = (uint32_t)0U; i < aLen; i++)
+  for (uint32_t i = 0U; i < aLen; i++)
   {
     uint64_t res1 = (uint64_t)a[i] * (uint64_t)a[i];
-    uint32_t hi = (uint32_t)(res1 >> (uint32_t)32U);
+    uint32_t hi = (uint32_t)(res1 >> 32U);
     uint32_t lo = (uint32_t)res1;
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;
   }
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline void
 Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
 {
   memset(res, 0U, (aLen + aLen) * sizeof (uint64_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++)
+  for (uint32_t i0 = 0U; i0 < aLen; i0++)
   {
     uint64_t *ab = a;
     uint64_t a_j = a[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = ab[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = ab[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = ab[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = ab[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint64_t a_i = ab[i];
       uint64_t *res_i = res_j + i;
@@ -452,20 +452,20 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     res[i0 + i0] = r;
   }
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  KRML_MAYBE_UNUSED_VAR(c0);
   KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen);
   uint64_t tmp[aLen + aLen];
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < aLen; i++)
+  for (uint32_t i = 0U; i < aLen; i++)
   {
     FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U));
+    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U));
     uint64_t lo = FStar_UInt128_uint128_to_uint64(res1);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;
   }
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 #if defined(__cplusplus)
diff --git a/include/internal/Hacl_Bignum_K256.h b/include/internal/Hacl_Bignum_K256.h
index 59aff176..fe72fffe 100644
--- a/include/internal/Hacl_Bignum_K256.h
+++ b/include/internal/Hacl_Bignum_K256.h
@@ -45,13 +45,7 @@ static inline bool Hacl_K256_Field_is_felem_zero_vartime(uint64_t *f)
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
   uint64_t f4 = f[4U];
-  return
-    f0
-    == (uint64_t)0U
-    && f1 == (uint64_t)0U
-    && f2 == (uint64_t)0U
-    && f3 == (uint64_t)0U
-    && f4 == (uint64_t)0U;
+  return f0 == 0ULL && f1 == 0ULL && f2 == 0ULL && f3 == 0ULL && f4 == 0ULL;
 }
 
 static inline bool Hacl_K256_Field_is_felem_eq_vartime(uint64_t *f1, uint64_t *f2)
@@ -76,42 +70,42 @@ static inline bool Hacl_K256_Field_is_felem_lt_prime_minus_order_vartime(uint64_
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
   uint64_t f4 = f[4U];
-  if (f4 > (uint64_t)0U)
+  if (f4 > 0ULL)
   {
     return false;
   }
-  if (f3 > (uint64_t)0U)
+  if (f3 > 0ULL)
   {
     return false;
   }
-  if (f2 < (uint64_t)0x1455123U)
+  if (f2 < 0x1455123ULL)
   {
     return true;
   }
-  if (f2 > (uint64_t)0x1455123U)
+  if (f2 > 0x1455123ULL)
   {
     return false;
   }
-  if (f1 < (uint64_t)0x1950b75fc4402U)
+  if (f1 < 0x1950b75fc4402ULL)
   {
     return true;
   }
-  if (f1 > (uint64_t)0x1950b75fc4402U)
+  if (f1 > 0x1950b75fc4402ULL)
   {
     return false;
   }
-  return f0 < (uint64_t)0xda1722fc9baeeU;
+  return f0 < 0xda1722fc9baeeULL;
 }
 
 static inline void Hacl_K256_Field_load_felem(uint64_t *f, uint8_t *b)
 {
   uint64_t tmp[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = tmp;
-    uint8_t *bj = b + i * (uint32_t)8U;
+    uint8_t *bj = b + i * 8U;
     uint64_t u = load64_be(bj);
     uint64_t r = u;
     uint64_t x = r;
@@ -120,11 +114,11 @@ static inline void Hacl_K256_Field_load_felem(uint64_t *f, uint8_t *b)
   uint64_t s1 = tmp[2U];
   uint64_t s2 = tmp[1U];
   uint64_t s3 = tmp[0U];
-  uint64_t f00 = s0 & (uint64_t)0xfffffffffffffU;
-  uint64_t f10 = s0 >> (uint32_t)52U | (s1 & (uint64_t)0xffffffffffU) << (uint32_t)12U;
-  uint64_t f20 = s1 >> (uint32_t)40U | (s2 & (uint64_t)0xfffffffU) << (uint32_t)24U;
-  uint64_t f30 = s2 >> (uint32_t)28U | (s3 & (uint64_t)0xffffU) << (uint32_t)36U;
-  uint64_t f40 = s3 >> (uint32_t)16U;
+  uint64_t f00 = s0 & 0xfffffffffffffULL;
+  uint64_t f10 = s0 >> 52U | (s1 & 0xffffffffffULL) << 12U;
+  uint64_t f20 = s1 >> 40U | (s2 & 0xfffffffULL) << 24U;
+  uint64_t f30 = s2 >> 28U | (s3 & 0xffffULL) << 36U;
+  uint64_t f40 = s3 >> 16U;
   uint64_t f0 = f00;
   uint64_t f1 = f10;
   uint64_t f2 = f20;
@@ -148,11 +142,11 @@ static inline bool Hacl_K256_Field_load_felem_lt_prime_vartime(uint64_t *f, uint
   bool
   is_ge_p =
     f0
-    >= (uint64_t)0xffffefffffc2fU
-    && f1 == (uint64_t)0xfffffffffffffU
-    && f2 == (uint64_t)0xfffffffffffffU
-    && f3 == (uint64_t)0xfffffffffffffU
-    && f4 == (uint64_t)0xffffffffffffU;
+    >= 0xffffefffffc2fULL
+    && f1 == 0xfffffffffffffULL
+    && f2 == 0xfffffffffffffULL
+    && f3 == 0xfffffffffffffULL
+    && f4 == 0xffffffffffffULL;
   return !is_ge_p;
 }
 
@@ -164,10 +158,10 @@ static inline void Hacl_K256_Field_store_felem(uint8_t *b, uint64_t *f)
   uint64_t f20 = f[2U];
   uint64_t f30 = f[3U];
   uint64_t f4 = f[4U];
-  uint64_t o0 = f00 | f10 << (uint32_t)52U;
-  uint64_t o1 = f10 >> (uint32_t)12U | f20 << (uint32_t)40U;
-  uint64_t o2 = f20 >> (uint32_t)24U | f30 << (uint32_t)28U;
-  uint64_t o3 = f30 >> (uint32_t)36U | f4 << (uint32_t)16U;
+  uint64_t o0 = f00 | f10 << 52U;
+  uint64_t o1 = f10 >> 12U | f20 << 40U;
+  uint64_t o2 = f20 >> 24U | f30 << 28U;
+  uint64_t o3 = f30 >> 36U | f4 << 16U;
   uint64_t f0 = o0;
   uint64_t f1 = o1;
   uint64_t f2 = o2;
@@ -176,11 +170,7 @@ static inline void Hacl_K256_Field_store_felem(uint8_t *b, uint64_t *f)
   tmp[1U] = f2;
   tmp[2U] = f1;
   tmp[3U] = f0;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_be(b + i * (uint32_t)8U, tmp[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(b + i * 8U, tmp[i]););
 }
 
 static inline void Hacl_K256_Field_fmul_small_num(uint64_t *out, uint64_t *f, uint64_t num)
@@ -248,11 +238,11 @@ static inline void Hacl_K256_Field_fsub(uint64_t *out, uint64_t *f1, uint64_t *f
   uint64_t b2 = f2[2U];
   uint64_t b3 = f2[3U];
   uint64_t b4 = f2[4U];
-  uint64_t r00 = (uint64_t)9007190664804446U * x - b0;
-  uint64_t r10 = (uint64_t)9007199254740990U * x - b1;
-  uint64_t r20 = (uint64_t)9007199254740990U * x - b2;
-  uint64_t r30 = (uint64_t)9007199254740990U * x - b3;
-  uint64_t r40 = (uint64_t)562949953421310U * x - b4;
+  uint64_t r00 = 9007190664804446ULL * x - b0;
+  uint64_t r10 = 9007199254740990ULL * x - b1;
+  uint64_t r20 = 9007199254740990ULL * x - b2;
+  uint64_t r30 = 9007199254740990ULL * x - b3;
+  uint64_t r40 = 562949953421310ULL * x - b4;
   uint64_t r0 = r00;
   uint64_t r1 = r10;
   uint64_t r2 = r20;
@@ -287,7 +277,7 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
   uint64_t b2 = f2[2U];
   uint64_t b3 = f2[3U];
   uint64_t b4 = f2[4U];
-  uint64_t r = (uint64_t)0x1000003D10U;
+  uint64_t r = 0x1000003D10ULL;
   FStar_UInt128_uint128
   d0 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0,
@@ -298,9 +288,9 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
   FStar_UInt128_uint128 c0 = FStar_UInt128_mul_wide(a4, b4);
   FStar_UInt128_uint128
   d1 = FStar_UInt128_add_mod(d0, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(c0)));
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, (uint32_t)64U));
-  uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, (uint32_t)52U);
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, 64U));
+  uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, 52U);
   FStar_UInt128_uint128
   d3 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(d2,
@@ -309,12 +299,11 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
           FStar_UInt128_mul_wide(a2, b2)),
         FStar_UInt128_mul_wide(a3, b1)),
       FStar_UInt128_mul_wide(a4, b0));
-  FStar_UInt128_uint128
-  d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << (uint32_t)12U, c1));
-  uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, (uint32_t)52U);
-  uint64_t tx = t4 >> (uint32_t)48U;
-  uint64_t t4_ = t4 & (uint64_t)0xffffffffffffU;
+  FStar_UInt128_uint128 d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << 12U, c1));
+  uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, 52U);
+  uint64_t tx = t4 >> 48U;
+  uint64_t t4_ = t4 & 0xffffffffffffULL;
   FStar_UInt128_uint128 c2 = FStar_UInt128_mul_wide(a0, b0);
   FStar_UInt128_uint128
   d6 =
@@ -323,13 +312,12 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
           FStar_UInt128_mul_wide(a2, b3)),
         FStar_UInt128_mul_wide(a3, b2)),
       FStar_UInt128_mul_wide(a4, b1));
-  uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, (uint32_t)52U);
-  uint64_t u0_ = tx | u0 << (uint32_t)4U;
-  FStar_UInt128_uint128
-  c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> (uint32_t)4U));
-  uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, (uint32_t)52U);
+  uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, 52U);
+  uint64_t u0_ = tx | u0 << 4U;
+  FStar_UInt128_uint128 c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> 4U));
+  uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, 52U);
   FStar_UInt128_uint128
   c5 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(c4, FStar_UInt128_mul_wide(a0, b1)),
@@ -343,10 +331,10 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
   FStar_UInt128_uint128
   c6 =
     FStar_UInt128_add_mod(c5,
-      FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & (uint64_t)0xfffffffffffffU, r));
-  FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, (uint32_t)52U);
-  uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, (uint32_t)52U);
+      FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & 0xfffffffffffffULL, r));
+  FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, 52U);
+  uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, 52U);
   FStar_UInt128_uint128
   c8 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(c7,
@@ -359,16 +347,15 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
       FStar_UInt128_mul_wide(a4, b3));
   FStar_UInt128_uint128
   c9 = FStar_UInt128_add_mod(c8, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(d10)));
-  uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, (uint32_t)64U));
-  uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, (uint32_t)52U);
+  uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, 64U));
+  uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, 52U);
   FStar_UInt128_uint128
   c11 =
-    FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10,
-        FStar_UInt128_mul_wide(r << (uint32_t)12U, d11)),
+    FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, FStar_UInt128_mul_wide(r << 12U, d11)),
       FStar_UInt128_uint64_to_uint128(t3));
-  uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & (uint64_t)0xfffffffffffffU;
-  uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, (uint32_t)52U));
+  uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & 0xfffffffffffffULL;
+  uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, 52U));
   uint64_t r4 = c12 + t4_;
   uint64_t f0 = r0;
   uint64_t f11 = r1;
@@ -389,43 +376,41 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f)
   uint64_t a2 = f[2U];
   uint64_t a3 = f[3U];
   uint64_t a4 = f[4U];
-  uint64_t r = (uint64_t)0x1000003D10U;
+  uint64_t r = 0x1000003D10ULL;
   FStar_UInt128_uint128
   d0 =
-    FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0 * (uint64_t)2U, a3),
-      FStar_UInt128_mul_wide(a1 * (uint64_t)2U, a2));
+    FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0 * 2ULL, a3),
+      FStar_UInt128_mul_wide(a1 * 2ULL, a2));
   FStar_UInt128_uint128 c0 = FStar_UInt128_mul_wide(a4, a4);
   FStar_UInt128_uint128
   d1 = FStar_UInt128_add_mod(d0, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(c0)));
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, (uint32_t)64U));
-  uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, (uint32_t)52U);
-  uint64_t a41 = a4 * (uint64_t)2U;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, 64U));
+  uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, 52U);
+  uint64_t a41 = a4 * 2ULL;
   FStar_UInt128_uint128
   d3 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(d2,
           FStar_UInt128_mul_wide(a0, a41)),
-        FStar_UInt128_mul_wide(a1 * (uint64_t)2U, a3)),
+        FStar_UInt128_mul_wide(a1 * 2ULL, a3)),
       FStar_UInt128_mul_wide(a2, a2));
-  FStar_UInt128_uint128
-  d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << (uint32_t)12U, c1));
-  uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, (uint32_t)52U);
-  uint64_t tx = t4 >> (uint32_t)48U;
-  uint64_t t4_ = t4 & (uint64_t)0xffffffffffffU;
+  FStar_UInt128_uint128 d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << 12U, c1));
+  uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, 52U);
+  uint64_t tx = t4 >> 48U;
+  uint64_t t4_ = t4 & 0xffffffffffffULL;
   FStar_UInt128_uint128 c2 = FStar_UInt128_mul_wide(a0, a0);
   FStar_UInt128_uint128
   d6 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(d5, FStar_UInt128_mul_wide(a1, a41)),
-      FStar_UInt128_mul_wide(a2 * (uint64_t)2U, a3));
-  uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, (uint32_t)52U);
-  uint64_t u0_ = tx | u0 << (uint32_t)4U;
-  FStar_UInt128_uint128
-  c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> (uint32_t)4U));
-  uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, (uint32_t)52U);
-  uint64_t a01 = a0 * (uint64_t)2U;
+      FStar_UInt128_mul_wide(a2 * 2ULL, a3));
+  uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, 52U);
+  uint64_t u0_ = tx | u0 << 4U;
+  FStar_UInt128_uint128 c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> 4U));
+  uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, 52U);
+  uint64_t a01 = a0 * 2ULL;
   FStar_UInt128_uint128 c5 = FStar_UInt128_add_mod(c4, FStar_UInt128_mul_wide(a01, a1));
   FStar_UInt128_uint128
   d8 =
@@ -434,10 +419,10 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f)
   FStar_UInt128_uint128
   c6 =
     FStar_UInt128_add_mod(c5,
-      FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & (uint64_t)0xfffffffffffffU, r));
-  FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, (uint32_t)52U);
-  uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, (uint32_t)52U);
+      FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & 0xfffffffffffffULL, r));
+  FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, 52U);
+  uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, 52U);
   FStar_UInt128_uint128
   c8 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(c7, FStar_UInt128_mul_wide(a01, a2)),
@@ -445,16 +430,15 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f)
   FStar_UInt128_uint128 d10 = FStar_UInt128_add_mod(d9, FStar_UInt128_mul_wide(a3, a41));
   FStar_UInt128_uint128
   c9 = FStar_UInt128_add_mod(c8, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(d10)));
-  uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, (uint32_t)64U));
-  uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, (uint32_t)52U);
+  uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, 64U));
+  uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, 52U);
   FStar_UInt128_uint128
   c11 =
-    FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10,
-        FStar_UInt128_mul_wide(r << (uint32_t)12U, d11)),
+    FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, FStar_UInt128_mul_wide(r << 12U, d11)),
       FStar_UInt128_uint64_to_uint128(t3));
-  uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & (uint64_t)0xfffffffffffffU;
-  uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, (uint32_t)52U));
+  uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & 0xfffffffffffffULL;
+  uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, 52U));
   uint64_t r4 = c12 + t4_;
   uint64_t f0 = r0;
   uint64_t f1 = r1;
@@ -475,23 +459,23 @@ static inline void Hacl_K256_Field_fnormalize_weak(uint64_t *out, uint64_t *f)
   uint64_t t2 = f[2U];
   uint64_t t3 = f[3U];
   uint64_t t4 = f[4U];
-  uint64_t x0 = t4 >> (uint32_t)48U;
-  uint64_t t410 = t4 & (uint64_t)0xffffffffffffU;
+  uint64_t x0 = t4 >> 48U;
+  uint64_t t410 = t4 & 0xffffffffffffULL;
   uint64_t x = x0;
   uint64_t t01 = t0;
   uint64_t t11 = t1;
   uint64_t t21 = t2;
   uint64_t t31 = t3;
   uint64_t t41 = t410;
-  uint64_t t02 = t01 + x * (uint64_t)0x1000003D1U;
-  uint64_t t12 = t11 + (t02 >> (uint32_t)52U);
-  uint64_t t03 = t02 & (uint64_t)0xfffffffffffffU;
-  uint64_t t22 = t21 + (t12 >> (uint32_t)52U);
-  uint64_t t13 = t12 & (uint64_t)0xfffffffffffffU;
-  uint64_t t32 = t31 + (t22 >> (uint32_t)52U);
-  uint64_t t23 = t22 & (uint64_t)0xfffffffffffffU;
-  uint64_t t42 = t41 + (t32 >> (uint32_t)52U);
-  uint64_t t33 = t32 & (uint64_t)0xfffffffffffffU;
+  uint64_t t02 = t01 + x * 0x1000003D1ULL;
+  uint64_t t12 = t11 + (t02 >> 52U);
+  uint64_t t03 = t02 & 0xfffffffffffffULL;
+  uint64_t t22 = t21 + (t12 >> 52U);
+  uint64_t t13 = t12 & 0xfffffffffffffULL;
+  uint64_t t32 = t31 + (t22 >> 52U);
+  uint64_t t23 = t22 & 0xfffffffffffffULL;
+  uint64_t t42 = t41 + (t32 >> 52U);
+  uint64_t t33 = t32 & 0xfffffffffffffULL;
   uint64_t f0 = t03;
   uint64_t f1 = t13;
   uint64_t f2 = t23;
@@ -511,59 +495,59 @@ static inline void Hacl_K256_Field_fnormalize(uint64_t *out, uint64_t *f)
   uint64_t f20 = f[2U];
   uint64_t f30 = f[3U];
   uint64_t f40 = f[4U];
-  uint64_t x0 = f40 >> (uint32_t)48U;
-  uint64_t t40 = f40 & (uint64_t)0xffffffffffffU;
+  uint64_t x0 = f40 >> 48U;
+  uint64_t t40 = f40 & 0xffffffffffffULL;
   uint64_t x1 = x0;
   uint64_t t00 = f00;
   uint64_t t10 = f10;
   uint64_t t20 = f20;
   uint64_t t30 = f30;
   uint64_t t42 = t40;
-  uint64_t t01 = t00 + x1 * (uint64_t)0x1000003D1U;
-  uint64_t t110 = t10 + (t01 >> (uint32_t)52U);
-  uint64_t t020 = t01 & (uint64_t)0xfffffffffffffU;
-  uint64_t t210 = t20 + (t110 >> (uint32_t)52U);
-  uint64_t t120 = t110 & (uint64_t)0xfffffffffffffU;
-  uint64_t t310 = t30 + (t210 >> (uint32_t)52U);
-  uint64_t t220 = t210 & (uint64_t)0xfffffffffffffU;
-  uint64_t t410 = t42 + (t310 >> (uint32_t)52U);
-  uint64_t t320 = t310 & (uint64_t)0xfffffffffffffU;
+  uint64_t t01 = t00 + x1 * 0x1000003D1ULL;
+  uint64_t t110 = t10 + (t01 >> 52U);
+  uint64_t t020 = t01 & 0xfffffffffffffULL;
+  uint64_t t210 = t20 + (t110 >> 52U);
+  uint64_t t120 = t110 & 0xfffffffffffffULL;
+  uint64_t t310 = t30 + (t210 >> 52U);
+  uint64_t t220 = t210 & 0xfffffffffffffULL;
+  uint64_t t410 = t42 + (t310 >> 52U);
+  uint64_t t320 = t310 & 0xfffffffffffffULL;
   uint64_t t0 = t020;
   uint64_t t1 = t120;
   uint64_t t2 = t220;
   uint64_t t3 = t320;
   uint64_t t4 = t410;
-  uint64_t x2 = t4 >> (uint32_t)48U;
-  uint64_t t411 = t4 & (uint64_t)0xffffffffffffU;
+  uint64_t x2 = t4 >> 48U;
+  uint64_t t411 = t4 & 0xffffffffffffULL;
   uint64_t x = x2;
   uint64_t r0 = t0;
   uint64_t r1 = t1;
   uint64_t r2 = t2;
   uint64_t r3 = t3;
   uint64_t r4 = t411;
-  uint64_t m4 = FStar_UInt64_eq_mask(r4, (uint64_t)0xffffffffffffU);
-  uint64_t m3 = FStar_UInt64_eq_mask(r3, (uint64_t)0xfffffffffffffU);
-  uint64_t m2 = FStar_UInt64_eq_mask(r2, (uint64_t)0xfffffffffffffU);
-  uint64_t m1 = FStar_UInt64_eq_mask(r1, (uint64_t)0xfffffffffffffU);
-  uint64_t m0 = FStar_UInt64_gte_mask(r0, (uint64_t)0xffffefffffc2fU);
+  uint64_t m4 = FStar_UInt64_eq_mask(r4, 0xffffffffffffULL);
+  uint64_t m3 = FStar_UInt64_eq_mask(r3, 0xfffffffffffffULL);
+  uint64_t m2 = FStar_UInt64_eq_mask(r2, 0xfffffffffffffULL);
+  uint64_t m1 = FStar_UInt64_eq_mask(r1, 0xfffffffffffffULL);
+  uint64_t m0 = FStar_UInt64_gte_mask(r0, 0xffffefffffc2fULL);
   uint64_t is_ge_p_m = (((m0 & m1) & m2) & m3) & m4;
-  uint64_t m_to_one = is_ge_p_m & (uint64_t)1U;
+  uint64_t m_to_one = is_ge_p_m & 1ULL;
   uint64_t x10 = m_to_one | x;
-  uint64_t t010 = r0 + x10 * (uint64_t)0x1000003D1U;
-  uint64_t t11 = r1 + (t010 >> (uint32_t)52U);
-  uint64_t t02 = t010 & (uint64_t)0xfffffffffffffU;
-  uint64_t t21 = r2 + (t11 >> (uint32_t)52U);
-  uint64_t t12 = t11 & (uint64_t)0xfffffffffffffU;
-  uint64_t t31 = r3 + (t21 >> (uint32_t)52U);
-  uint64_t t22 = t21 & (uint64_t)0xfffffffffffffU;
-  uint64_t t41 = r4 + (t31 >> (uint32_t)52U);
-  uint64_t t32 = t31 & (uint64_t)0xfffffffffffffU;
+  uint64_t t010 = r0 + x10 * 0x1000003D1ULL;
+  uint64_t t11 = r1 + (t010 >> 52U);
+  uint64_t t02 = t010 & 0xfffffffffffffULL;
+  uint64_t t21 = r2 + (t11 >> 52U);
+  uint64_t t12 = t11 & 0xfffffffffffffULL;
+  uint64_t t31 = r3 + (t21 >> 52U);
+  uint64_t t22 = t21 & 0xfffffffffffffULL;
+  uint64_t t41 = r4 + (t31 >> 52U);
+  uint64_t t32 = t31 & 0xfffffffffffffULL;
   uint64_t s0 = t02;
   uint64_t s1 = t12;
   uint64_t s2 = t22;
   uint64_t s3 = t32;
   uint64_t s4 = t41;
-  uint64_t t412 = s4 & (uint64_t)0xffffffffffffU;
+  uint64_t t412 = s4 & 0xffffffffffffULL;
   uint64_t k0 = s0;
   uint64_t k1 = s1;
   uint64_t k2 = s2;
@@ -590,11 +574,11 @@ static inline void Hacl_K256_Field_fnegate_conditional_vartime(uint64_t *f, bool
     uint64_t a2 = f[2U];
     uint64_t a3 = f[3U];
     uint64_t a4 = f[4U];
-    uint64_t r0 = (uint64_t)9007190664804446U - a0;
-    uint64_t r1 = (uint64_t)9007199254740990U - a1;
-    uint64_t r2 = (uint64_t)9007199254740990U - a2;
-    uint64_t r3 = (uint64_t)9007199254740990U - a3;
-    uint64_t r4 = (uint64_t)562949953421310U - a4;
+    uint64_t r0 = 9007190664804446ULL - a0;
+    uint64_t r1 = 9007199254740990ULL - a1;
+    uint64_t r2 = 9007199254740990ULL - a2;
+    uint64_t r3 = 9007199254740990ULL - a3;
+    uint64_t r4 = 562949953421310ULL - a4;
     uint64_t f0 = r0;
     uint64_t f1 = r1;
     uint64_t f2 = r2;
@@ -612,7 +596,7 @@ static inline void Hacl_K256_Field_fnegate_conditional_vartime(uint64_t *f, bool
 
 static inline void Hacl_Impl_K256_Finv_fsquare_times_in_place(uint64_t *out, uint32_t b)
 {
-  for (uint32_t i = (uint32_t)0U; i < b; i++)
+  for (uint32_t i = 0U; i < b; i++)
   {
     Hacl_K256_Field_fsqr(out, out);
   }
@@ -620,8 +604,8 @@ static inline void Hacl_Impl_K256_Finv_fsquare_times_in_place(uint64_t *out, uin
 
 static inline void Hacl_Impl_K256_Finv_fsquare_times(uint64_t *out, uint64_t *a, uint32_t b)
 {
-  memcpy(out, a, (uint32_t)5U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < b; i++)
+  memcpy(out, a, 5U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < b; i++)
   {
     Hacl_K256_Field_fsqr(out, out);
   }
@@ -633,29 +617,29 @@ static inline void Hacl_Impl_K256_Finv_fexp_223_23(uint64_t *out, uint64_t *x2,
   uint64_t x22[5U] = { 0U };
   uint64_t x44[5U] = { 0U };
   uint64_t x88[5U] = { 0U };
-  Hacl_Impl_K256_Finv_fsquare_times(x2, f, (uint32_t)1U);
+  Hacl_Impl_K256_Finv_fsquare_times(x2, f, 1U);
   Hacl_K256_Field_fmul(x2, x2, f);
-  Hacl_Impl_K256_Finv_fsquare_times(x3, x2, (uint32_t)1U);
+  Hacl_Impl_K256_Finv_fsquare_times(x3, x2, 1U);
   Hacl_K256_Field_fmul(x3, x3, f);
-  Hacl_Impl_K256_Finv_fsquare_times(out, x3, (uint32_t)3U);
+  Hacl_Impl_K256_Finv_fsquare_times(out, x3, 3U);
   Hacl_K256_Field_fmul(out, out, x3);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U);
   Hacl_K256_Field_fmul(out, out, x3);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U);
   Hacl_K256_Field_fmul(out, out, x2);
-  Hacl_Impl_K256_Finv_fsquare_times(x22, out, (uint32_t)11U);
+  Hacl_Impl_K256_Finv_fsquare_times(x22, out, 11U);
   Hacl_K256_Field_fmul(x22, x22, out);
-  Hacl_Impl_K256_Finv_fsquare_times(x44, x22, (uint32_t)22U);
+  Hacl_Impl_K256_Finv_fsquare_times(x44, x22, 22U);
   Hacl_K256_Field_fmul(x44, x44, x22);
-  Hacl_Impl_K256_Finv_fsquare_times(x88, x44, (uint32_t)44U);
+  Hacl_Impl_K256_Finv_fsquare_times(x88, x44, 44U);
   Hacl_K256_Field_fmul(x88, x88, x44);
-  Hacl_Impl_K256_Finv_fsquare_times(out, x88, (uint32_t)88U);
+  Hacl_Impl_K256_Finv_fsquare_times(out, x88, 88U);
   Hacl_K256_Field_fmul(out, out, x88);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)44U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 44U);
   Hacl_K256_Field_fmul(out, out, x44);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U);
   Hacl_K256_Field_fmul(out, out, x3);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)23U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 23U);
   Hacl_K256_Field_fmul(out, out, x22);
 }
 
@@ -663,11 +647,11 @@ static inline void Hacl_Impl_K256_Finv_finv(uint64_t *out, uint64_t *f)
 {
   uint64_t x2[5U] = { 0U };
   Hacl_Impl_K256_Finv_fexp_223_23(out, x2, f);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)5U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 5U);
   Hacl_K256_Field_fmul(out, out, f);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U);
   Hacl_K256_Field_fmul(out, out, x2);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U);
   Hacl_K256_Field_fmul(out, out, f);
 }
 
@@ -675,9 +659,9 @@ static inline void Hacl_Impl_K256_Finv_fsqrt(uint64_t *out, uint64_t *f)
 {
   uint64_t x2[5U] = { 0U };
   Hacl_Impl_K256_Finv_fexp_223_23(out, x2, f);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)6U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 6U);
   Hacl_K256_Field_fmul(out, out, x2);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U);
 }
 
 #if defined(__cplusplus)
diff --git a/include/internal/Hacl_Ed25519_PrecompTable.h b/include/internal/Hacl_Ed25519_PrecompTable.h
index 77d2244c..a20cd912 100644
--- a/include/internal/Hacl_Ed25519_PrecompTable.h
+++ b/include/internal/Hacl_Ed25519_PrecompTable.h
@@ -39,655 +39,491 @@ static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4[320U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)1738742601995546U, (uint64_t)1146398526822698U,
-    (uint64_t)2070867633025821U, (uint64_t)562264141797630U, (uint64_t)587772402128613U,
-    (uint64_t)1801439850948184U, (uint64_t)1351079888211148U, (uint64_t)450359962737049U,
-    (uint64_t)900719925474099U, (uint64_t)1801439850948198U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1841354044333475U,
-    (uint64_t)16398895984059U, (uint64_t)755974180946558U, (uint64_t)900171276175154U,
-    (uint64_t)1821297809914039U, (uint64_t)1661154287933054U, (uint64_t)284530020860578U,
-    (uint64_t)1390261174866914U, (uint64_t)1524110943907984U, (uint64_t)1045603498418422U,
-    (uint64_t)928651508580478U, (uint64_t)1383326941296346U, (uint64_t)961937908925785U,
-    (uint64_t)80455759693706U, (uint64_t)904734540352947U, (uint64_t)1507481815385608U,
-    (uint64_t)2223447444246085U, (uint64_t)1083941587175919U, (uint64_t)2059929906842505U,
-    (uint64_t)1581435440146976U, (uint64_t)782730187692425U, (uint64_t)9928394897574U,
-    (uint64_t)1539449519985236U, (uint64_t)1923587931078510U, (uint64_t)552919286076056U,
-    (uint64_t)376925408065760U, (uint64_t)447320488831784U, (uint64_t)1362918338468019U,
-    (uint64_t)1470031896696846U, (uint64_t)2189796996539902U, (uint64_t)1337552949959847U,
-    (uint64_t)1762287177775726U, (uint64_t)237994495816815U, (uint64_t)1277840395970544U,
-    (uint64_t)543972849007241U, (uint64_t)1224692671618814U, (uint64_t)162359533289271U,
-    (uint64_t)282240927125249U, (uint64_t)586909166382289U, (uint64_t)17726488197838U,
-    (uint64_t)377014554985659U, (uint64_t)1433835303052512U, (uint64_t)702061469493692U,
-    (uint64_t)1142253108318154U, (uint64_t)318297794307551U, (uint64_t)954362646308543U,
-    (uint64_t)517363881452320U, (uint64_t)1868013482130416U, (uint64_t)262562472373260U,
-    (uint64_t)902232853249919U, (uint64_t)2107343057055746U, (uint64_t)462368348619024U,
-    (uint64_t)1893758677092974U, (uint64_t)2177729767846389U, (uint64_t)2168532543559143U,
-    (uint64_t)443867094639821U, (uint64_t)730169342581022U, (uint64_t)1564589016879755U,
-    (uint64_t)51218195700649U, (uint64_t)76684578423745U, (uint64_t)560266272480743U,
-    (uint64_t)922517457707697U, (uint64_t)2066645939860874U, (uint64_t)1318277348414638U,
-    (uint64_t)1576726809084003U, (uint64_t)1817337608563665U, (uint64_t)1874240939237666U,
-    (uint64_t)754733726333910U, (uint64_t)97085310406474U, (uint64_t)751148364309235U,
-    (uint64_t)1622159695715187U, (uint64_t)1444098819684916U, (uint64_t)130920805558089U,
-    (uint64_t)1260449179085308U, (uint64_t)1860021740768461U, (uint64_t)110052860348509U,
-    (uint64_t)193830891643810U, (uint64_t)164148413933881U, (uint64_t)180017794795332U,
-    (uint64_t)1523506525254651U, (uint64_t)465981629225956U, (uint64_t)559733514964572U,
-    (uint64_t)1279624874416974U, (uint64_t)2026642326892306U, (uint64_t)1425156829982409U,
-    (uint64_t)2160936383793147U, (uint64_t)1061870624975247U, (uint64_t)2023497043036941U,
-    (uint64_t)117942212883190U, (uint64_t)490339622800774U, (uint64_t)1729931303146295U,
-    (uint64_t)422305932971074U, (uint64_t)529103152793096U, (uint64_t)1211973233775992U,
-    (uint64_t)721364955929681U, (uint64_t)1497674430438813U, (uint64_t)342545521275073U,
-    (uint64_t)2102107575279372U, (uint64_t)2108462244669966U, (uint64_t)1382582406064082U,
-    (uint64_t)2206396818383323U, (uint64_t)2109093268641147U, (uint64_t)10809845110983U,
-    (uint64_t)1605176920880099U, (uint64_t)744640650753946U, (uint64_t)1712758897518129U,
-    (uint64_t)373410811281809U, (uint64_t)648838265800209U, (uint64_t)813058095530999U,
-    (uint64_t)513987632620169U, (uint64_t)465516160703329U, (uint64_t)2136322186126330U,
-    (uint64_t)1979645899422932U, (uint64_t)1197131006470786U, (uint64_t)1467836664863979U,
-    (uint64_t)1340751381374628U, (uint64_t)1810066212667962U, (uint64_t)1009933588225499U,
-    (uint64_t)1106129188080873U, (uint64_t)1388980405213901U, (uint64_t)533719246598044U,
-    (uint64_t)1169435803073277U, (uint64_t)198920999285821U, (uint64_t)487492330629854U,
-    (uint64_t)1807093008537778U, (uint64_t)1540899012923865U, (uint64_t)2075080271659867U,
-    (uint64_t)1527990806921523U, (uint64_t)1323728742908002U, (uint64_t)1568595959608205U,
-    (uint64_t)1388032187497212U, (uint64_t)2026968840050568U, (uint64_t)1396591153295755U,
-    (uint64_t)820416950170901U, (uint64_t)520060313205582U, (uint64_t)2016404325094901U,
-    (uint64_t)1584709677868520U, (uint64_t)272161374469956U, (uint64_t)1567188603996816U,
-    (uint64_t)1986160530078221U, (uint64_t)553930264324589U, (uint64_t)1058426729027503U,
-    (uint64_t)8762762886675U, (uint64_t)2216098143382988U, (uint64_t)1835145266889223U,
-    (uint64_t)1712936431558441U, (uint64_t)1017009937844974U, (uint64_t)585361667812740U,
-    (uint64_t)2114711541628181U, (uint64_t)2238729632971439U, (uint64_t)121257546253072U,
-    (uint64_t)847154149018345U, (uint64_t)211972965476684U, (uint64_t)287499084460129U,
-    (uint64_t)2098247259180197U, (uint64_t)839070411583329U, (uint64_t)339551619574372U,
-    (uint64_t)1432951287640743U, (uint64_t)526481249498942U, (uint64_t)931991661905195U,
-    (uint64_t)1884279965674487U, (uint64_t)200486405604411U, (uint64_t)364173020594788U,
-    (uint64_t)518034455936955U, (uint64_t)1085564703965501U, (uint64_t)16030410467927U,
-    (uint64_t)604865933167613U, (uint64_t)1695298441093964U, (uint64_t)498856548116159U,
-    (uint64_t)2193030062787034U, (uint64_t)1706339802964179U, (uint64_t)1721199073493888U,
-    (uint64_t)820740951039755U, (uint64_t)1216053436896834U, (uint64_t)23954895815139U,
-    (uint64_t)1662515208920491U, (uint64_t)1705443427511899U, (uint64_t)1957928899570365U,
-    (uint64_t)1189636258255725U, (uint64_t)1795695471103809U, (uint64_t)1691191297654118U,
-    (uint64_t)282402585374360U, (uint64_t)460405330264832U, (uint64_t)63765529445733U,
-    (uint64_t)469763447404473U, (uint64_t)733607089694996U, (uint64_t)685410420186959U,
-    (uint64_t)1096682630419738U, (uint64_t)1162548510542362U, (uint64_t)1020949526456676U,
-    (uint64_t)1211660396870573U, (uint64_t)613126398222696U, (uint64_t)1117829165843251U,
-    (uint64_t)742432540886650U, (uint64_t)1483755088010658U, (uint64_t)942392007134474U,
-    (uint64_t)1447834130944107U, (uint64_t)489368274863410U, (uint64_t)23192985544898U,
-    (uint64_t)648442406146160U, (uint64_t)785438843373876U, (uint64_t)249464684645238U,
-    (uint64_t)170494608205618U, (uint64_t)335112827260550U, (uint64_t)1462050123162735U,
-    (uint64_t)1084803668439016U, (uint64_t)853459233600325U, (uint64_t)215777728187495U,
-    (uint64_t)1965759433526974U, (uint64_t)1349482894446537U, (uint64_t)694163317612871U,
-    (uint64_t)860536766165036U, (uint64_t)1178788094084321U, (uint64_t)1652739626626996U,
-    (uint64_t)2115723946388185U, (uint64_t)1577204379094664U, (uint64_t)1083882859023240U,
-    (uint64_t)1768759143381635U, (uint64_t)1737180992507258U, (uint64_t)246054513922239U,
-    (uint64_t)577253134087234U, (uint64_t)356340280578042U, (uint64_t)1638917769925142U,
-    (uint64_t)223550348130103U, (uint64_t)470592666638765U, (uint64_t)22663573966996U,
-    (uint64_t)596552461152400U, (uint64_t)364143537069499U, (uint64_t)3942119457699U,
-    (uint64_t)107951982889287U, (uint64_t)1843471406713209U, (uint64_t)1625773041610986U,
-    (uint64_t)1466141092501702U, (uint64_t)1043024095021271U, (uint64_t)310429964047508U,
-    (uint64_t)98559121500372U, (uint64_t)152746933782868U, (uint64_t)259407205078261U,
-    (uint64_t)828123093322585U, (uint64_t)1576847274280091U, (uint64_t)1170871375757302U,
-    (uint64_t)1588856194642775U, (uint64_t)984767822341977U, (uint64_t)1141497997993760U,
-    (uint64_t)809325345150796U, (uint64_t)1879837728202511U, (uint64_t)201340910657893U,
-    (uint64_t)1079157558888483U, (uint64_t)1052373448588065U, (uint64_t)1732036202501778U,
-    (uint64_t)2105292670328445U, (uint64_t)679751387312402U, (uint64_t)1679682144926229U,
-    (uint64_t)1695823455818780U, (uint64_t)498852317075849U, (uint64_t)1786555067788433U,
-    (uint64_t)1670727545779425U, (uint64_t)117945875433544U, (uint64_t)407939139781844U,
-    (uint64_t)854632120023778U, (uint64_t)1413383148360437U, (uint64_t)286030901733673U,
-    (uint64_t)1207361858071196U, (uint64_t)461340408181417U, (uint64_t)1096919590360164U,
-    (uint64_t)1837594897475685U, (uint64_t)533755561544165U, (uint64_t)1638688042247712U,
-    (uint64_t)1431653684793005U, (uint64_t)1036458538873559U, (uint64_t)390822120341779U,
-    (uint64_t)1920929837111618U, (uint64_t)543426740024168U, (uint64_t)645751357799929U,
-    (uint64_t)2245025632994463U, (uint64_t)1550778638076452U, (uint64_t)223738153459949U,
-    (uint64_t)1337209385492033U, (uint64_t)1276967236456531U, (uint64_t)1463815821063071U,
-    (uint64_t)2070620870191473U, (uint64_t)1199170709413753U, (uint64_t)273230877394166U,
-    (uint64_t)1873264887608046U, (uint64_t)890877152910775U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 1738742601995546ULL, 1146398526822698ULL, 2070867633025821ULL,
+    562264141797630ULL, 587772402128613ULL, 1801439850948184ULL, 1351079888211148ULL,
+    450359962737049ULL, 900719925474099ULL, 1801439850948198ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    1841354044333475ULL, 16398895984059ULL, 755974180946558ULL, 900171276175154ULL,
+    1821297809914039ULL, 1661154287933054ULL, 284530020860578ULL, 1390261174866914ULL,
+    1524110943907984ULL, 1045603498418422ULL, 928651508580478ULL, 1383326941296346ULL,
+    961937908925785ULL, 80455759693706ULL, 904734540352947ULL, 1507481815385608ULL,
+    2223447444246085ULL, 1083941587175919ULL, 2059929906842505ULL, 1581435440146976ULL,
+    782730187692425ULL, 9928394897574ULL, 1539449519985236ULL, 1923587931078510ULL,
+    552919286076056ULL, 376925408065760ULL, 447320488831784ULL, 1362918338468019ULL,
+    1470031896696846ULL, 2189796996539902ULL, 1337552949959847ULL, 1762287177775726ULL,
+    237994495816815ULL, 1277840395970544ULL, 543972849007241ULL, 1224692671618814ULL,
+    162359533289271ULL, 282240927125249ULL, 586909166382289ULL, 17726488197838ULL,
+    377014554985659ULL, 1433835303052512ULL, 702061469493692ULL, 1142253108318154ULL,
+    318297794307551ULL, 954362646308543ULL, 517363881452320ULL, 1868013482130416ULL,
+    262562472373260ULL, 902232853249919ULL, 2107343057055746ULL, 462368348619024ULL,
+    1893758677092974ULL, 2177729767846389ULL, 2168532543559143ULL, 443867094639821ULL,
+    730169342581022ULL, 1564589016879755ULL, 51218195700649ULL, 76684578423745ULL,
+    560266272480743ULL, 922517457707697ULL, 2066645939860874ULL, 1318277348414638ULL,
+    1576726809084003ULL, 1817337608563665ULL, 1874240939237666ULL, 754733726333910ULL,
+    97085310406474ULL, 751148364309235ULL, 1622159695715187ULL, 1444098819684916ULL,
+    130920805558089ULL, 1260449179085308ULL, 1860021740768461ULL, 110052860348509ULL,
+    193830891643810ULL, 164148413933881ULL, 180017794795332ULL, 1523506525254651ULL,
+    465981629225956ULL, 559733514964572ULL, 1279624874416974ULL, 2026642326892306ULL,
+    1425156829982409ULL, 2160936383793147ULL, 1061870624975247ULL, 2023497043036941ULL,
+    117942212883190ULL, 490339622800774ULL, 1729931303146295ULL, 422305932971074ULL,
+    529103152793096ULL, 1211973233775992ULL, 721364955929681ULL, 1497674430438813ULL,
+    342545521275073ULL, 2102107575279372ULL, 2108462244669966ULL, 1382582406064082ULL,
+    2206396818383323ULL, 2109093268641147ULL, 10809845110983ULL, 1605176920880099ULL,
+    744640650753946ULL, 1712758897518129ULL, 373410811281809ULL, 648838265800209ULL,
+    813058095530999ULL, 513987632620169ULL, 465516160703329ULL, 2136322186126330ULL,
+    1979645899422932ULL, 1197131006470786ULL, 1467836664863979ULL, 1340751381374628ULL,
+    1810066212667962ULL, 1009933588225499ULL, 1106129188080873ULL, 1388980405213901ULL,
+    533719246598044ULL, 1169435803073277ULL, 198920999285821ULL, 487492330629854ULL,
+    1807093008537778ULL, 1540899012923865ULL, 2075080271659867ULL, 1527990806921523ULL,
+    1323728742908002ULL, 1568595959608205ULL, 1388032187497212ULL, 2026968840050568ULL,
+    1396591153295755ULL, 820416950170901ULL, 520060313205582ULL, 2016404325094901ULL,
+    1584709677868520ULL, 272161374469956ULL, 1567188603996816ULL, 1986160530078221ULL,
+    553930264324589ULL, 1058426729027503ULL, 8762762886675ULL, 2216098143382988ULL,
+    1835145266889223ULL, 1712936431558441ULL, 1017009937844974ULL, 585361667812740ULL,
+    2114711541628181ULL, 2238729632971439ULL, 121257546253072ULL, 847154149018345ULL,
+    211972965476684ULL, 287499084460129ULL, 2098247259180197ULL, 839070411583329ULL,
+    339551619574372ULL, 1432951287640743ULL, 526481249498942ULL, 931991661905195ULL,
+    1884279965674487ULL, 200486405604411ULL, 364173020594788ULL, 518034455936955ULL,
+    1085564703965501ULL, 16030410467927ULL, 604865933167613ULL, 1695298441093964ULL,
+    498856548116159ULL, 2193030062787034ULL, 1706339802964179ULL, 1721199073493888ULL,
+    820740951039755ULL, 1216053436896834ULL, 23954895815139ULL, 1662515208920491ULL,
+    1705443427511899ULL, 1957928899570365ULL, 1189636258255725ULL, 1795695471103809ULL,
+    1691191297654118ULL, 282402585374360ULL, 460405330264832ULL, 63765529445733ULL,
+    469763447404473ULL, 733607089694996ULL, 685410420186959ULL, 1096682630419738ULL,
+    1162548510542362ULL, 1020949526456676ULL, 1211660396870573ULL, 613126398222696ULL,
+    1117829165843251ULL, 742432540886650ULL, 1483755088010658ULL, 942392007134474ULL,
+    1447834130944107ULL, 489368274863410ULL, 23192985544898ULL, 648442406146160ULL,
+    785438843373876ULL, 249464684645238ULL, 170494608205618ULL, 335112827260550ULL,
+    1462050123162735ULL, 1084803668439016ULL, 853459233600325ULL, 215777728187495ULL,
+    1965759433526974ULL, 1349482894446537ULL, 694163317612871ULL, 860536766165036ULL,
+    1178788094084321ULL, 1652739626626996ULL, 2115723946388185ULL, 1577204379094664ULL,
+    1083882859023240ULL, 1768759143381635ULL, 1737180992507258ULL, 246054513922239ULL,
+    577253134087234ULL, 356340280578042ULL, 1638917769925142ULL, 223550348130103ULL,
+    470592666638765ULL, 22663573966996ULL, 596552461152400ULL, 364143537069499ULL, 3942119457699ULL,
+    107951982889287ULL, 1843471406713209ULL, 1625773041610986ULL, 1466141092501702ULL,
+    1043024095021271ULL, 310429964047508ULL, 98559121500372ULL, 152746933782868ULL,
+    259407205078261ULL, 828123093322585ULL, 1576847274280091ULL, 1170871375757302ULL,
+    1588856194642775ULL, 984767822341977ULL, 1141497997993760ULL, 809325345150796ULL,
+    1879837728202511ULL, 201340910657893ULL, 1079157558888483ULL, 1052373448588065ULL,
+    1732036202501778ULL, 2105292670328445ULL, 679751387312402ULL, 1679682144926229ULL,
+    1695823455818780ULL, 498852317075849ULL, 1786555067788433ULL, 1670727545779425ULL,
+    117945875433544ULL, 407939139781844ULL, 854632120023778ULL, 1413383148360437ULL,
+    286030901733673ULL, 1207361858071196ULL, 461340408181417ULL, 1096919590360164ULL,
+    1837594897475685ULL, 533755561544165ULL, 1638688042247712ULL, 1431653684793005ULL,
+    1036458538873559ULL, 390822120341779ULL, 1920929837111618ULL, 543426740024168ULL,
+    645751357799929ULL, 2245025632994463ULL, 1550778638076452ULL, 223738153459949ULL,
+    1337209385492033ULL, 1276967236456531ULL, 1463815821063071ULL, 2070620870191473ULL,
+    1199170709413753ULL, 273230877394166ULL, 1873264887608046ULL, 890877152910775ULL
   };
 
 static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_g_pow2_64_table_w4[320U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)13559344787725U, (uint64_t)2051621493703448U,
-    (uint64_t)1947659315640708U, (uint64_t)626856790370168U, (uint64_t)1592804284034836U,
-    (uint64_t)1781728767459187U, (uint64_t)278818420518009U, (uint64_t)2038030359908351U,
-    (uint64_t)910625973862690U, (uint64_t)471887343142239U, (uint64_t)1298543306606048U,
-    (uint64_t)794147365642417U, (uint64_t)129968992326749U, (uint64_t)523140861678572U,
-    (uint64_t)1166419653909231U, (uint64_t)2009637196928390U, (uint64_t)1288020222395193U,
-    (uint64_t)1007046974985829U, (uint64_t)208981102651386U, (uint64_t)2074009315253380U,
-    (uint64_t)1564056062071967U, (uint64_t)276822668750618U, (uint64_t)206621292512572U,
-    (uint64_t)470304361809269U, (uint64_t)895215438398493U, (uint64_t)1527859053868686U,
-    (uint64_t)1624967223409369U, (uint64_t)811821865979736U, (uint64_t)350450534838340U,
-    (uint64_t)219143807921807U, (uint64_t)507994540371254U, (uint64_t)986513794574720U,
-    (uint64_t)1142661369967121U, (uint64_t)621278293399257U, (uint64_t)556189161519781U,
-    (uint64_t)351964007865066U, (uint64_t)2011573453777822U, (uint64_t)1367125527151537U,
-    (uint64_t)1691316722438196U, (uint64_t)731328817345164U, (uint64_t)1284781192709232U,
-    (uint64_t)478439299539269U, (uint64_t)204842178076429U, (uint64_t)2085125369913651U,
-    (uint64_t)1980773492792985U, (uint64_t)1480264409524940U, (uint64_t)688389585376233U,
-    (uint64_t)612962643526972U, (uint64_t)165595382536676U, (uint64_t)1850300069212263U,
-    (uint64_t)1176357203491551U, (uint64_t)1880164984292321U, (uint64_t)10786153104736U,
-    (uint64_t)1242293560510203U, (uint64_t)1358399951884084U, (uint64_t)1901358796610357U,
-    (uint64_t)1385092558795806U, (uint64_t)1734893785311348U, (uint64_t)2046201851951191U,
-    (uint64_t)1233811309557352U, (uint64_t)1531160168656129U, (uint64_t)1543287181303358U,
-    (uint64_t)516121446374119U, (uint64_t)723422668089935U, (uint64_t)1228176774959679U,
-    (uint64_t)1598014722726267U, (uint64_t)1630810326658412U, (uint64_t)1343833067463760U,
-    (uint64_t)1024397964362099U, (uint64_t)1157142161346781U, (uint64_t)56422174971792U,
-    (uint64_t)544901687297092U, (uint64_t)1291559028869009U, (uint64_t)1336918672345120U,
-    (uint64_t)1390874603281353U, (uint64_t)1127199512010904U, (uint64_t)992644979940964U,
-    (uint64_t)1035213479783573U, (uint64_t)36043651196100U, (uint64_t)1220961519321221U,
-    (uint64_t)1348190007756977U, (uint64_t)579420200329088U, (uint64_t)1703819961008985U,
-    (uint64_t)1993919213460047U, (uint64_t)2225080008232251U, (uint64_t)392785893702372U,
-    (uint64_t)464312521482632U, (uint64_t)1224525362116057U, (uint64_t)810394248933036U,
-    (uint64_t)932513521649107U, (uint64_t)592314953488703U, (uint64_t)586334603791548U,
-    (uint64_t)1310888126096549U, (uint64_t)650842674074281U, (uint64_t)1596447001791059U,
-    (uint64_t)2086767406328284U, (uint64_t)1866377645879940U, (uint64_t)1721604362642743U,
-    (uint64_t)738502322566890U, (uint64_t)1851901097729689U, (uint64_t)1158347571686914U,
-    (uint64_t)2023626733470827U, (uint64_t)329625404653699U, (uint64_t)563555875598551U,
-    (uint64_t)516554588079177U, (uint64_t)1134688306104598U, (uint64_t)186301198420809U,
-    (uint64_t)1339952213563300U, (uint64_t)643605614625891U, (uint64_t)1947505332718043U,
-    (uint64_t)1722071694852824U, (uint64_t)601679570440694U, (uint64_t)1821275721236351U,
-    (uint64_t)1808307842870389U, (uint64_t)1654165204015635U, (uint64_t)1457334100715245U,
-    (uint64_t)217784948678349U, (uint64_t)1820622417674817U, (uint64_t)1946121178444661U,
-    (uint64_t)597980757799332U, (uint64_t)1745271227710764U, (uint64_t)2010952890941980U,
-    (uint64_t)339811849696648U, (uint64_t)1066120666993872U, (uint64_t)261276166508990U,
-    (uint64_t)323098645774553U, (uint64_t)207454744271283U, (uint64_t)941448672977675U,
-    (uint64_t)71890920544375U, (uint64_t)840849789313357U, (uint64_t)1223996070717926U,
-    (uint64_t)196832550853408U, (uint64_t)115986818309231U, (uint64_t)1586171527267675U,
-    (uint64_t)1666169080973450U, (uint64_t)1456454731176365U, (uint64_t)44467854369003U,
-    (uint64_t)2149656190691480U, (uint64_t)283446383597589U, (uint64_t)2040542647729974U,
-    (uint64_t)305705593840224U, (uint64_t)475315822269791U, (uint64_t)648133452550632U,
-    (uint64_t)169218658835720U, (uint64_t)24960052338251U, (uint64_t)938907951346766U,
-    (uint64_t)425970950490510U, (uint64_t)1037622011013183U, (uint64_t)1026882082708180U,
-    (uint64_t)1635699409504916U, (uint64_t)1644776942870488U, (uint64_t)2151820331175914U,
-    (uint64_t)824120674069819U, (uint64_t)835744976610113U, (uint64_t)1991271032313190U,
-    (uint64_t)96507354724855U, (uint64_t)400645405133260U, (uint64_t)343728076650825U,
-    (uint64_t)1151585441385566U, (uint64_t)1403339955333520U, (uint64_t)230186314139774U,
-    (uint64_t)1736248861506714U, (uint64_t)1010804378904572U, (uint64_t)1394932289845636U,
-    (uint64_t)1901351256960852U, (uint64_t)2187471430089807U, (uint64_t)1003853262342670U,
-    (uint64_t)1327743396767461U, (uint64_t)1465160415991740U, (uint64_t)366625359144534U,
-    (uint64_t)1534791405247604U, (uint64_t)1790905930250187U, (uint64_t)1255484115292738U,
-    (uint64_t)2223291365520443U, (uint64_t)210967717407408U, (uint64_t)26722916813442U,
-    (uint64_t)1919574361907910U, (uint64_t)468825088280256U, (uint64_t)2230011775946070U,
-    (uint64_t)1628365642214479U, (uint64_t)568871869234932U, (uint64_t)1066987968780488U,
-    (uint64_t)1692242903745558U, (uint64_t)1678903997328589U, (uint64_t)214262165888021U,
-    (uint64_t)1929686748607204U, (uint64_t)1790138967989670U, (uint64_t)1790261616022076U,
-    (uint64_t)1559824537553112U, (uint64_t)1230364591311358U, (uint64_t)147531939886346U,
-    (uint64_t)1528207085815487U, (uint64_t)477957922927292U, (uint64_t)285670243881618U,
-    (uint64_t)264430080123332U, (uint64_t)1163108160028611U, (uint64_t)373201522147371U,
-    (uint64_t)34903775270979U, (uint64_t)1750870048600662U, (uint64_t)1319328308741084U,
-    (uint64_t)1547548634278984U, (uint64_t)1691259592202927U, (uint64_t)2247758037259814U,
-    (uint64_t)329611399953677U, (uint64_t)1385555496268877U, (uint64_t)2242438354031066U,
-    (uint64_t)1329523854843632U, (uint64_t)399895373846055U, (uint64_t)678005703193452U,
-    (uint64_t)1496357700997771U, (uint64_t)71909969781942U, (uint64_t)1515391418612349U,
-    (uint64_t)470110837888178U, (uint64_t)1981307309417466U, (uint64_t)1259888737412276U,
-    (uint64_t)669991710228712U, (uint64_t)1048546834514303U, (uint64_t)1678323291295512U,
-    (uint64_t)2172033978088071U, (uint64_t)1529278455500556U, (uint64_t)901984601941894U,
-    (uint64_t)780867622403807U, (uint64_t)550105677282793U, (uint64_t)975860231176136U,
-    (uint64_t)525188281689178U, (uint64_t)49966114807992U, (uint64_t)1776449263836645U,
-    (uint64_t)267851776380338U, (uint64_t)2225969494054620U, (uint64_t)2016794225789822U,
-    (uint64_t)1186108678266608U, (uint64_t)1023083271408882U, (uint64_t)1119289418565906U,
-    (uint64_t)1248185897348801U, (uint64_t)1846081539082697U, (uint64_t)23756429626075U,
-    (uint64_t)1441999021105403U, (uint64_t)724497586552825U, (uint64_t)1287761623605379U,
-    (uint64_t)685303359654224U, (uint64_t)2217156930690570U, (uint64_t)163769288918347U,
-    (uint64_t)1098423278284094U, (uint64_t)1391470723006008U, (uint64_t)570700152353516U,
-    (uint64_t)744804507262556U, (uint64_t)2200464788609495U, (uint64_t)624141899161992U,
-    (uint64_t)2249570166275684U, (uint64_t)378706441983561U, (uint64_t)122486379999375U,
-    (uint64_t)430741162798924U, (uint64_t)113847463452574U, (uint64_t)266250457840685U,
-    (uint64_t)2120743625072743U, (uint64_t)222186221043927U, (uint64_t)1964290018305582U,
-    (uint64_t)1435278008132477U, (uint64_t)1670867456663734U, (uint64_t)2009989552599079U,
-    (uint64_t)1348024113448744U, (uint64_t)1158423886300455U, (uint64_t)1356467152691569U,
-    (uint64_t)306943042363674U, (uint64_t)926879628664255U, (uint64_t)1349295689598324U,
-    (uint64_t)725558330071205U, (uint64_t)536569987519948U, (uint64_t)116436990335366U,
-    (uint64_t)1551888573800376U, (uint64_t)2044698345945451U, (uint64_t)104279940291311U,
-    (uint64_t)251526570943220U, (uint64_t)754735828122925U, (uint64_t)33448073576361U,
-    (uint64_t)994605876754543U, (uint64_t)546007584022006U, (uint64_t)2217332798409487U,
-    (uint64_t)706477052561591U, (uint64_t)131174619428653U, (uint64_t)2148698284087243U,
-    (uint64_t)239290486205186U, (uint64_t)2161325796952184U, (uint64_t)1713452845607994U,
-    (uint64_t)1297861562938913U, (uint64_t)1779539876828514U, (uint64_t)1926559018603871U,
-    (uint64_t)296485747893968U, (uint64_t)1859208206640686U, (uint64_t)538513979002718U,
-    (uint64_t)103998826506137U, (uint64_t)2025375396538469U, (uint64_t)1370680785701206U,
-    (uint64_t)1698557311253840U, (uint64_t)1411096399076595U, (uint64_t)2132580530813677U,
-    (uint64_t)2071564345845035U, (uint64_t)498581428556735U, (uint64_t)1136010486691371U,
-    (uint64_t)1927619356993146U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 13559344787725ULL, 2051621493703448ULL, 1947659315640708ULL,
+    626856790370168ULL, 1592804284034836ULL, 1781728767459187ULL, 278818420518009ULL,
+    2038030359908351ULL, 910625973862690ULL, 471887343142239ULL, 1298543306606048ULL,
+    794147365642417ULL, 129968992326749ULL, 523140861678572ULL, 1166419653909231ULL,
+    2009637196928390ULL, 1288020222395193ULL, 1007046974985829ULL, 208981102651386ULL,
+    2074009315253380ULL, 1564056062071967ULL, 276822668750618ULL, 206621292512572ULL,
+    470304361809269ULL, 895215438398493ULL, 1527859053868686ULL, 1624967223409369ULL,
+    811821865979736ULL, 350450534838340ULL, 219143807921807ULL, 507994540371254ULL,
+    986513794574720ULL, 1142661369967121ULL, 621278293399257ULL, 556189161519781ULL,
+    351964007865066ULL, 2011573453777822ULL, 1367125527151537ULL, 1691316722438196ULL,
+    731328817345164ULL, 1284781192709232ULL, 478439299539269ULL, 204842178076429ULL,
+    2085125369913651ULL, 1980773492792985ULL, 1480264409524940ULL, 688389585376233ULL,
+    612962643526972ULL, 165595382536676ULL, 1850300069212263ULL, 1176357203491551ULL,
+    1880164984292321ULL, 10786153104736ULL, 1242293560510203ULL, 1358399951884084ULL,
+    1901358796610357ULL, 1385092558795806ULL, 1734893785311348ULL, 2046201851951191ULL,
+    1233811309557352ULL, 1531160168656129ULL, 1543287181303358ULL, 516121446374119ULL,
+    723422668089935ULL, 1228176774959679ULL, 1598014722726267ULL, 1630810326658412ULL,
+    1343833067463760ULL, 1024397964362099ULL, 1157142161346781ULL, 56422174971792ULL,
+    544901687297092ULL, 1291559028869009ULL, 1336918672345120ULL, 1390874603281353ULL,
+    1127199512010904ULL, 992644979940964ULL, 1035213479783573ULL, 36043651196100ULL,
+    1220961519321221ULL, 1348190007756977ULL, 579420200329088ULL, 1703819961008985ULL,
+    1993919213460047ULL, 2225080008232251ULL, 392785893702372ULL, 464312521482632ULL,
+    1224525362116057ULL, 810394248933036ULL, 932513521649107ULL, 592314953488703ULL,
+    586334603791548ULL, 1310888126096549ULL, 650842674074281ULL, 1596447001791059ULL,
+    2086767406328284ULL, 1866377645879940ULL, 1721604362642743ULL, 738502322566890ULL,
+    1851901097729689ULL, 1158347571686914ULL, 2023626733470827ULL, 329625404653699ULL,
+    563555875598551ULL, 516554588079177ULL, 1134688306104598ULL, 186301198420809ULL,
+    1339952213563300ULL, 643605614625891ULL, 1947505332718043ULL, 1722071694852824ULL,
+    601679570440694ULL, 1821275721236351ULL, 1808307842870389ULL, 1654165204015635ULL,
+    1457334100715245ULL, 217784948678349ULL, 1820622417674817ULL, 1946121178444661ULL,
+    597980757799332ULL, 1745271227710764ULL, 2010952890941980ULL, 339811849696648ULL,
+    1066120666993872ULL, 261276166508990ULL, 323098645774553ULL, 207454744271283ULL,
+    941448672977675ULL, 71890920544375ULL, 840849789313357ULL, 1223996070717926ULL,
+    196832550853408ULL, 115986818309231ULL, 1586171527267675ULL, 1666169080973450ULL,
+    1456454731176365ULL, 44467854369003ULL, 2149656190691480ULL, 283446383597589ULL,
+    2040542647729974ULL, 305705593840224ULL, 475315822269791ULL, 648133452550632ULL,
+    169218658835720ULL, 24960052338251ULL, 938907951346766ULL, 425970950490510ULL,
+    1037622011013183ULL, 1026882082708180ULL, 1635699409504916ULL, 1644776942870488ULL,
+    2151820331175914ULL, 824120674069819ULL, 835744976610113ULL, 1991271032313190ULL,
+    96507354724855ULL, 400645405133260ULL, 343728076650825ULL, 1151585441385566ULL,
+    1403339955333520ULL, 230186314139774ULL, 1736248861506714ULL, 1010804378904572ULL,
+    1394932289845636ULL, 1901351256960852ULL, 2187471430089807ULL, 1003853262342670ULL,
+    1327743396767461ULL, 1465160415991740ULL, 366625359144534ULL, 1534791405247604ULL,
+    1790905930250187ULL, 1255484115292738ULL, 2223291365520443ULL, 210967717407408ULL,
+    26722916813442ULL, 1919574361907910ULL, 468825088280256ULL, 2230011775946070ULL,
+    1628365642214479ULL, 568871869234932ULL, 1066987968780488ULL, 1692242903745558ULL,
+    1678903997328589ULL, 214262165888021ULL, 1929686748607204ULL, 1790138967989670ULL,
+    1790261616022076ULL, 1559824537553112ULL, 1230364591311358ULL, 147531939886346ULL,
+    1528207085815487ULL, 477957922927292ULL, 285670243881618ULL, 264430080123332ULL,
+    1163108160028611ULL, 373201522147371ULL, 34903775270979ULL, 1750870048600662ULL,
+    1319328308741084ULL, 1547548634278984ULL, 1691259592202927ULL, 2247758037259814ULL,
+    329611399953677ULL, 1385555496268877ULL, 2242438354031066ULL, 1329523854843632ULL,
+    399895373846055ULL, 678005703193452ULL, 1496357700997771ULL, 71909969781942ULL,
+    1515391418612349ULL, 470110837888178ULL, 1981307309417466ULL, 1259888737412276ULL,
+    669991710228712ULL, 1048546834514303ULL, 1678323291295512ULL, 2172033978088071ULL,
+    1529278455500556ULL, 901984601941894ULL, 780867622403807ULL, 550105677282793ULL,
+    975860231176136ULL, 525188281689178ULL, 49966114807992ULL, 1776449263836645ULL,
+    267851776380338ULL, 2225969494054620ULL, 2016794225789822ULL, 1186108678266608ULL,
+    1023083271408882ULL, 1119289418565906ULL, 1248185897348801ULL, 1846081539082697ULL,
+    23756429626075ULL, 1441999021105403ULL, 724497586552825ULL, 1287761623605379ULL,
+    685303359654224ULL, 2217156930690570ULL, 163769288918347ULL, 1098423278284094ULL,
+    1391470723006008ULL, 570700152353516ULL, 744804507262556ULL, 2200464788609495ULL,
+    624141899161992ULL, 2249570166275684ULL, 378706441983561ULL, 122486379999375ULL,
+    430741162798924ULL, 113847463452574ULL, 266250457840685ULL, 2120743625072743ULL,
+    222186221043927ULL, 1964290018305582ULL, 1435278008132477ULL, 1670867456663734ULL,
+    2009989552599079ULL, 1348024113448744ULL, 1158423886300455ULL, 1356467152691569ULL,
+    306943042363674ULL, 926879628664255ULL, 1349295689598324ULL, 725558330071205ULL,
+    536569987519948ULL, 116436990335366ULL, 1551888573800376ULL, 2044698345945451ULL,
+    104279940291311ULL, 251526570943220ULL, 754735828122925ULL, 33448073576361ULL,
+    994605876754543ULL, 546007584022006ULL, 2217332798409487ULL, 706477052561591ULL,
+    131174619428653ULL, 2148698284087243ULL, 239290486205186ULL, 2161325796952184ULL,
+    1713452845607994ULL, 1297861562938913ULL, 1779539876828514ULL, 1926559018603871ULL,
+    296485747893968ULL, 1859208206640686ULL, 538513979002718ULL, 103998826506137ULL,
+    2025375396538469ULL, 1370680785701206ULL, 1698557311253840ULL, 1411096399076595ULL,
+    2132580530813677ULL, 2071564345845035ULL, 498581428556735ULL, 1136010486691371ULL,
+    1927619356993146ULL
   };
 
 static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_g_pow2_128_table_w4[320U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)557549315715710U, (uint64_t)196756086293855U,
-    (uint64_t)846062225082495U, (uint64_t)1865068224838092U, (uint64_t)991112090754908U,
-    (uint64_t)522916421512828U, (uint64_t)2098523346722375U, (uint64_t)1135633221747012U,
-    (uint64_t)858420432114866U, (uint64_t)186358544306082U, (uint64_t)1044420411868480U,
-    (uint64_t)2080052304349321U, (uint64_t)557301814716724U, (uint64_t)1305130257814057U,
-    (uint64_t)2126012765451197U, (uint64_t)1441004402875101U, (uint64_t)353948968859203U,
-    (uint64_t)470765987164835U, (uint64_t)1507675957683570U, (uint64_t)1086650358745097U,
-    (uint64_t)1911913434398388U, (uint64_t)66086091117182U, (uint64_t)1137511952425971U,
-    (uint64_t)36958263512141U, (uint64_t)2193310025325256U, (uint64_t)1085191426269045U,
-    (uint64_t)1232148267909446U, (uint64_t)1449894406170117U, (uint64_t)1241416717139557U,
-    (uint64_t)1940876999212868U, (uint64_t)829758415918121U, (uint64_t)309608450373449U,
-    (uint64_t)2228398547683851U, (uint64_t)1580623271960188U, (uint64_t)1675601502456740U,
-    (uint64_t)1360363115493548U, (uint64_t)1098397313096815U, (uint64_t)1809255384359797U,
-    (uint64_t)1458261916834384U, (uint64_t)210682545649705U, (uint64_t)1606836641068115U,
-    (uint64_t)1230478270405318U, (uint64_t)1843192771547802U, (uint64_t)1794596343564051U,
-    (uint64_t)229060710252162U, (uint64_t)2169742775467181U, (uint64_t)701467067318072U,
-    (uint64_t)696018499035555U, (uint64_t)521051885339807U, (uint64_t)158329567901874U,
-    (uint64_t)740426481832143U, (uint64_t)1369811177301441U, (uint64_t)503351589084015U,
-    (uint64_t)1781114827942261U, (uint64_t)1650493549693035U, (uint64_t)2174562418345156U,
-    (uint64_t)456517194809244U, (uint64_t)2052761522121179U, (uint64_t)2233342271123682U,
-    (uint64_t)1445872925177435U, (uint64_t)1131882576902813U, (uint64_t)220765848055241U,
-    (uint64_t)1280259961403769U, (uint64_t)1581497080160712U, (uint64_t)1477441080108824U,
-    (uint64_t)218428165202767U, (uint64_t)1970598141278907U, (uint64_t)643366736173069U,
-    (uint64_t)2167909426804014U, (uint64_t)834993711408259U, (uint64_t)1922437166463212U,
-    (uint64_t)1900036281472252U, (uint64_t)513794844386304U, (uint64_t)1297904164900114U,
-    (uint64_t)1147626295373268U, (uint64_t)1910101606251299U, (uint64_t)182933838633381U,
-    (uint64_t)806229530787362U, (uint64_t)155511666433200U, (uint64_t)290522463375462U,
-    (uint64_t)534373523491751U, (uint64_t)1302938814480515U, (uint64_t)1664979184120445U,
-    (uint64_t)304235649499423U, (uint64_t)339284524318609U, (uint64_t)1881717946973483U,
-    (uint64_t)1670802286833842U, (uint64_t)2223637120675737U, (uint64_t)135818919485814U,
-    (uint64_t)1144856572842792U, (uint64_t)2234981613434386U, (uint64_t)963917024969826U,
-    (uint64_t)402275378284993U, (uint64_t)141532417412170U, (uint64_t)921537468739387U,
-    (uint64_t)963905069722607U, (uint64_t)1405442890733358U, (uint64_t)1567763927164655U,
-    (uint64_t)1664776329195930U, (uint64_t)2095924165508507U, (uint64_t)994243110271379U,
-    (uint64_t)1243925610609353U, (uint64_t)1029845815569727U, (uint64_t)1001968867985629U,
-    (uint64_t)170368934002484U, (uint64_t)1100906131583801U, (uint64_t)1825190326449569U,
-    (uint64_t)1462285121182096U, (uint64_t)1545240767016377U, (uint64_t)797859025652273U,
-    (uint64_t)1062758326657530U, (uint64_t)1125600735118266U, (uint64_t)739325756774527U,
-    (uint64_t)1420144485966996U, (uint64_t)1915492743426702U, (uint64_t)752968196344993U,
-    (uint64_t)882156396938351U, (uint64_t)1909097048763227U, (uint64_t)849058590685611U,
-    (uint64_t)840754951388500U, (uint64_t)1832926948808323U, (uint64_t)2023317100075297U,
-    (uint64_t)322382745442827U, (uint64_t)1569741341737601U, (uint64_t)1678986113194987U,
-    (uint64_t)757598994581938U, (uint64_t)29678659580705U, (uint64_t)1239680935977986U,
-    (uint64_t)1509239427168474U, (uint64_t)1055981929287006U, (uint64_t)1894085471158693U,
-    (uint64_t)916486225488490U, (uint64_t)642168890366120U, (uint64_t)300453362620010U,
-    (uint64_t)1858797242721481U, (uint64_t)2077989823177130U, (uint64_t)510228455273334U,
-    (uint64_t)1473284798689270U, (uint64_t)5173934574301U, (uint64_t)765285232030050U,
-    (uint64_t)1007154707631065U, (uint64_t)1862128712885972U, (uint64_t)168873464821340U,
-    (uint64_t)1967853269759318U, (uint64_t)1489896018263031U, (uint64_t)592451806166369U,
-    (uint64_t)1242298565603883U, (uint64_t)1838918921339058U, (uint64_t)697532763910695U,
-    (uint64_t)294335466239059U, (uint64_t)135687058387449U, (uint64_t)2133734403874176U,
-    (uint64_t)2121911143127699U, (uint64_t)20222476737364U, (uint64_t)1200824626476747U,
-    (uint64_t)1397731736540791U, (uint64_t)702378430231418U, (uint64_t)59059527640068U,
-    (uint64_t)460992547183981U, (uint64_t)1016125857842765U, (uint64_t)1273530839608957U,
-    (uint64_t)96724128829301U, (uint64_t)1313433042425233U, (uint64_t)3543822857227U,
-    (uint64_t)761975685357118U, (uint64_t)110417360745248U, (uint64_t)1079634164577663U,
-    (uint64_t)2044574510020457U, (uint64_t)338709058603120U, (uint64_t)94541336042799U,
-    (uint64_t)127963233585039U, (uint64_t)94427896272258U, (uint64_t)1143501979342182U,
-    (uint64_t)1217958006212230U, (uint64_t)2153887831492134U, (uint64_t)1519219513255575U,
-    (uint64_t)251793195454181U, (uint64_t)392517349345200U, (uint64_t)1507033011868881U,
-    (uint64_t)2208494254670752U, (uint64_t)1364389582694359U, (uint64_t)2214069430728063U,
-    (uint64_t)1272814257105752U, (uint64_t)741450148906352U, (uint64_t)1105776675555685U,
-    (uint64_t)824447222014984U, (uint64_t)528745219306376U, (uint64_t)589427609121575U,
-    (uint64_t)1501786838809155U, (uint64_t)379067373073147U, (uint64_t)184909476589356U,
-    (uint64_t)1346887560616185U, (uint64_t)1932023742314082U, (uint64_t)1633302311869264U,
-    (uint64_t)1685314821133069U, (uint64_t)1836610282047884U, (uint64_t)1595571594397150U,
-    (uint64_t)615441688872198U, (uint64_t)1926435616702564U, (uint64_t)235632180396480U,
-    (uint64_t)1051918343571810U, (uint64_t)2150570051687050U, (uint64_t)879198845408738U,
-    (uint64_t)1443966275205464U, (uint64_t)481362545245088U, (uint64_t)512807443532642U,
-    (uint64_t)641147578283480U, (uint64_t)1594276116945596U, (uint64_t)1844812743300602U,
-    (uint64_t)2044559316019485U, (uint64_t)202620777969020U, (uint64_t)852992984136302U,
-    (uint64_t)1500869642692910U, (uint64_t)1085216217052457U, (uint64_t)1736294372259758U,
-    (uint64_t)2009666354486552U, (uint64_t)1262389020715248U, (uint64_t)1166527705256867U,
-    (uint64_t)1409917450806036U, (uint64_t)1705819160057637U, (uint64_t)1116901782584378U,
-    (uint64_t)1278460472285473U, (uint64_t)257879811360157U, (uint64_t)40314007176886U,
-    (uint64_t)701309846749639U, (uint64_t)1380457676672777U, (uint64_t)631519782380272U,
-    (uint64_t)1196339573466793U, (uint64_t)955537708940017U, (uint64_t)532725633381530U,
-    (uint64_t)641190593731833U, (uint64_t)7214357153807U, (uint64_t)481922072107983U,
-    (uint64_t)1634886189207352U, (uint64_t)1247659758261633U, (uint64_t)1655809614786430U,
-    (uint64_t)43105797900223U, (uint64_t)76205809912607U, (uint64_t)1936575107455823U,
-    (uint64_t)1107927314642236U, (uint64_t)2199986333469333U, (uint64_t)802974829322510U,
-    (uint64_t)718173128143482U, (uint64_t)539385184235615U, (uint64_t)2075693785611221U,
-    (uint64_t)953281147333690U, (uint64_t)1623571637172587U, (uint64_t)655274535022250U,
-    (uint64_t)1568078078819021U, (uint64_t)101142125049712U, (uint64_t)1488441673350881U,
-    (uint64_t)1457969561944515U, (uint64_t)1492622544287712U, (uint64_t)2041460689280803U,
-    (uint64_t)1961848091392887U, (uint64_t)461003520846938U, (uint64_t)934728060399807U,
-    (uint64_t)117723291519705U, (uint64_t)1027773762863526U, (uint64_t)56765304991567U,
-    (uint64_t)2184028379550479U, (uint64_t)1768767711894030U, (uint64_t)1304432068983172U,
-    (uint64_t)498080974452325U, (uint64_t)2134905654858163U, (uint64_t)1446137427202647U,
-    (uint64_t)551613831549590U, (uint64_t)680288767054205U, (uint64_t)1278113339140386U,
-    (uint64_t)378149431842614U, (uint64_t)80520494426960U, (uint64_t)2080985256348782U,
-    (uint64_t)673432591799820U, (uint64_t)739189463724560U, (uint64_t)1847191452197509U,
-    (uint64_t)527737312871602U, (uint64_t)477609358840073U, (uint64_t)1891633072677946U,
-    (uint64_t)1841456828278466U, (uint64_t)2242502936489002U, (uint64_t)524791829362709U,
-    (uint64_t)276648168514036U, (uint64_t)991706903257619U, (uint64_t)512580228297906U,
-    (uint64_t)1216855104975946U, (uint64_t)67030930303149U, (uint64_t)769593945208213U,
-    (uint64_t)2048873385103577U, (uint64_t)455635274123107U, (uint64_t)2077404927176696U,
-    (uint64_t)1803539634652306U, (uint64_t)1837579953843417U, (uint64_t)1564240068662828U,
-    (uint64_t)1964310918970435U, (uint64_t)832822906252492U, (uint64_t)1516044634195010U,
-    (uint64_t)770571447506889U, (uint64_t)602215152486818U, (uint64_t)1760828333136947U,
-    (uint64_t)730156776030376U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 557549315715710ULL, 196756086293855ULL, 846062225082495ULL,
+    1865068224838092ULL, 991112090754908ULL, 522916421512828ULL, 2098523346722375ULL,
+    1135633221747012ULL, 858420432114866ULL, 186358544306082ULL, 1044420411868480ULL,
+    2080052304349321ULL, 557301814716724ULL, 1305130257814057ULL, 2126012765451197ULL,
+    1441004402875101ULL, 353948968859203ULL, 470765987164835ULL, 1507675957683570ULL,
+    1086650358745097ULL, 1911913434398388ULL, 66086091117182ULL, 1137511952425971ULL,
+    36958263512141ULL, 2193310025325256ULL, 1085191426269045ULL, 1232148267909446ULL,
+    1449894406170117ULL, 1241416717139557ULL, 1940876999212868ULL, 829758415918121ULL,
+    309608450373449ULL, 2228398547683851ULL, 1580623271960188ULL, 1675601502456740ULL,
+    1360363115493548ULL, 1098397313096815ULL, 1809255384359797ULL, 1458261916834384ULL,
+    210682545649705ULL, 1606836641068115ULL, 1230478270405318ULL, 1843192771547802ULL,
+    1794596343564051ULL, 229060710252162ULL, 2169742775467181ULL, 701467067318072ULL,
+    696018499035555ULL, 521051885339807ULL, 158329567901874ULL, 740426481832143ULL,
+    1369811177301441ULL, 503351589084015ULL, 1781114827942261ULL, 1650493549693035ULL,
+    2174562418345156ULL, 456517194809244ULL, 2052761522121179ULL, 2233342271123682ULL,
+    1445872925177435ULL, 1131882576902813ULL, 220765848055241ULL, 1280259961403769ULL,
+    1581497080160712ULL, 1477441080108824ULL, 218428165202767ULL, 1970598141278907ULL,
+    643366736173069ULL, 2167909426804014ULL, 834993711408259ULL, 1922437166463212ULL,
+    1900036281472252ULL, 513794844386304ULL, 1297904164900114ULL, 1147626295373268ULL,
+    1910101606251299ULL, 182933838633381ULL, 806229530787362ULL, 155511666433200ULL,
+    290522463375462ULL, 534373523491751ULL, 1302938814480515ULL, 1664979184120445ULL,
+    304235649499423ULL, 339284524318609ULL, 1881717946973483ULL, 1670802286833842ULL,
+    2223637120675737ULL, 135818919485814ULL, 1144856572842792ULL, 2234981613434386ULL,
+    963917024969826ULL, 402275378284993ULL, 141532417412170ULL, 921537468739387ULL,
+    963905069722607ULL, 1405442890733358ULL, 1567763927164655ULL, 1664776329195930ULL,
+    2095924165508507ULL, 994243110271379ULL, 1243925610609353ULL, 1029845815569727ULL,
+    1001968867985629ULL, 170368934002484ULL, 1100906131583801ULL, 1825190326449569ULL,
+    1462285121182096ULL, 1545240767016377ULL, 797859025652273ULL, 1062758326657530ULL,
+    1125600735118266ULL, 739325756774527ULL, 1420144485966996ULL, 1915492743426702ULL,
+    752968196344993ULL, 882156396938351ULL, 1909097048763227ULL, 849058590685611ULL,
+    840754951388500ULL, 1832926948808323ULL, 2023317100075297ULL, 322382745442827ULL,
+    1569741341737601ULL, 1678986113194987ULL, 757598994581938ULL, 29678659580705ULL,
+    1239680935977986ULL, 1509239427168474ULL, 1055981929287006ULL, 1894085471158693ULL,
+    916486225488490ULL, 642168890366120ULL, 300453362620010ULL, 1858797242721481ULL,
+    2077989823177130ULL, 510228455273334ULL, 1473284798689270ULL, 5173934574301ULL,
+    765285232030050ULL, 1007154707631065ULL, 1862128712885972ULL, 168873464821340ULL,
+    1967853269759318ULL, 1489896018263031ULL, 592451806166369ULL, 1242298565603883ULL,
+    1838918921339058ULL, 697532763910695ULL, 294335466239059ULL, 135687058387449ULL,
+    2133734403874176ULL, 2121911143127699ULL, 20222476737364ULL, 1200824626476747ULL,
+    1397731736540791ULL, 702378430231418ULL, 59059527640068ULL, 460992547183981ULL,
+    1016125857842765ULL, 1273530839608957ULL, 96724128829301ULL, 1313433042425233ULL,
+    3543822857227ULL, 761975685357118ULL, 110417360745248ULL, 1079634164577663ULL,
+    2044574510020457ULL, 338709058603120ULL, 94541336042799ULL, 127963233585039ULL,
+    94427896272258ULL, 1143501979342182ULL, 1217958006212230ULL, 2153887831492134ULL,
+    1519219513255575ULL, 251793195454181ULL, 392517349345200ULL, 1507033011868881ULL,
+    2208494254670752ULL, 1364389582694359ULL, 2214069430728063ULL, 1272814257105752ULL,
+    741450148906352ULL, 1105776675555685ULL, 824447222014984ULL, 528745219306376ULL,
+    589427609121575ULL, 1501786838809155ULL, 379067373073147ULL, 184909476589356ULL,
+    1346887560616185ULL, 1932023742314082ULL, 1633302311869264ULL, 1685314821133069ULL,
+    1836610282047884ULL, 1595571594397150ULL, 615441688872198ULL, 1926435616702564ULL,
+    235632180396480ULL, 1051918343571810ULL, 2150570051687050ULL, 879198845408738ULL,
+    1443966275205464ULL, 481362545245088ULL, 512807443532642ULL, 641147578283480ULL,
+    1594276116945596ULL, 1844812743300602ULL, 2044559316019485ULL, 202620777969020ULL,
+    852992984136302ULL, 1500869642692910ULL, 1085216217052457ULL, 1736294372259758ULL,
+    2009666354486552ULL, 1262389020715248ULL, 1166527705256867ULL, 1409917450806036ULL,
+    1705819160057637ULL, 1116901782584378ULL, 1278460472285473ULL, 257879811360157ULL,
+    40314007176886ULL, 701309846749639ULL, 1380457676672777ULL, 631519782380272ULL,
+    1196339573466793ULL, 955537708940017ULL, 532725633381530ULL, 641190593731833ULL,
+    7214357153807ULL, 481922072107983ULL, 1634886189207352ULL, 1247659758261633ULL,
+    1655809614786430ULL, 43105797900223ULL, 76205809912607ULL, 1936575107455823ULL,
+    1107927314642236ULL, 2199986333469333ULL, 802974829322510ULL, 718173128143482ULL,
+    539385184235615ULL, 2075693785611221ULL, 953281147333690ULL, 1623571637172587ULL,
+    655274535022250ULL, 1568078078819021ULL, 101142125049712ULL, 1488441673350881ULL,
+    1457969561944515ULL, 1492622544287712ULL, 2041460689280803ULL, 1961848091392887ULL,
+    461003520846938ULL, 934728060399807ULL, 117723291519705ULL, 1027773762863526ULL,
+    56765304991567ULL, 2184028379550479ULL, 1768767711894030ULL, 1304432068983172ULL,
+    498080974452325ULL, 2134905654858163ULL, 1446137427202647ULL, 551613831549590ULL,
+    680288767054205ULL, 1278113339140386ULL, 378149431842614ULL, 80520494426960ULL,
+    2080985256348782ULL, 673432591799820ULL, 739189463724560ULL, 1847191452197509ULL,
+    527737312871602ULL, 477609358840073ULL, 1891633072677946ULL, 1841456828278466ULL,
+    2242502936489002ULL, 524791829362709ULL, 276648168514036ULL, 991706903257619ULL,
+    512580228297906ULL, 1216855104975946ULL, 67030930303149ULL, 769593945208213ULL,
+    2048873385103577ULL, 455635274123107ULL, 2077404927176696ULL, 1803539634652306ULL,
+    1837579953843417ULL, 1564240068662828ULL, 1964310918970435ULL, 832822906252492ULL,
+    1516044634195010ULL, 770571447506889ULL, 602215152486818ULL, 1760828333136947ULL,
+    730156776030376ULL
   };
 
 static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_g_pow2_192_table_w4[320U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)1129953239743101U, (uint64_t)1240339163956160U,
-    (uint64_t)61002583352401U, (uint64_t)2017604552196030U, (uint64_t)1576867829229863U,
-    (uint64_t)1508654942849389U, (uint64_t)270111619664077U, (uint64_t)1253097517254054U,
-    (uint64_t)721798270973250U, (uint64_t)161923365415298U, (uint64_t)828530877526011U,
-    (uint64_t)1494851059386763U, (uint64_t)662034171193976U, (uint64_t)1315349646974670U,
-    (uint64_t)2199229517308806U, (uint64_t)497078277852673U, (uint64_t)1310507715989956U,
-    (uint64_t)1881315714002105U, (uint64_t)2214039404983803U, (uint64_t)1331036420272667U,
-    (uint64_t)296286697520787U, (uint64_t)1179367922639127U, (uint64_t)25348441419697U,
-    (uint64_t)2200984961703188U, (uint64_t)150893128908291U, (uint64_t)1978614888570852U,
-    (uint64_t)1539657347172046U, (uint64_t)553810196523619U, (uint64_t)246017573977646U,
-    (uint64_t)1440448985385485U, (uint64_t)346049108099981U, (uint64_t)601166606218546U,
-    (uint64_t)855822004151713U, (uint64_t)1957521326383188U, (uint64_t)1114240380430887U,
-    (uint64_t)1349639675122048U, (uint64_t)957375954499040U, (uint64_t)111551795360136U,
-    (uint64_t)618586733648988U, (uint64_t)490708840688866U, (uint64_t)1267002049697314U,
-    (uint64_t)1130723224930028U, (uint64_t)215603029480828U, (uint64_t)1277138555414710U,
-    (uint64_t)1556750324971322U, (uint64_t)1407903521793741U, (uint64_t)1836836546590749U,
-    (uint64_t)576500297444199U, (uint64_t)2074707599091135U, (uint64_t)1826239864380012U,
-    (uint64_t)1935365705983312U, (uint64_t)239501825683682U, (uint64_t)1594236669034980U,
-    (uint64_t)1283078975055301U, (uint64_t)856745636255925U, (uint64_t)1342128647959981U,
-    (uint64_t)945216428379689U, (uint64_t)938746202496410U, (uint64_t)105775123333919U,
-    (uint64_t)1379852610117266U, (uint64_t)1770216827500275U, (uint64_t)1016017267535704U,
-    (uint64_t)1902885522469532U, (uint64_t)994184703730489U, (uint64_t)2227487538793763U,
-    (uint64_t)53155967096055U, (uint64_t)1264120808114350U, (uint64_t)1334928769376729U,
-    (uint64_t)393911808079997U, (uint64_t)826229239481845U, (uint64_t)1827903006733192U,
-    (uint64_t)1449283706008465U, (uint64_t)1258040415217849U, (uint64_t)1641484112868370U,
-    (uint64_t)1140150841968176U, (uint64_t)391113338021313U, (uint64_t)162138667815833U,
-    (uint64_t)742204396566060U, (uint64_t)110709233440557U, (uint64_t)90179377432917U,
-    (uint64_t)530511949644489U, (uint64_t)911568635552279U, (uint64_t)135869304780166U,
-    (uint64_t)617719999563692U, (uint64_t)1802525001631319U, (uint64_t)1836394639510490U,
-    (uint64_t)1862739456475085U, (uint64_t)1378284444664288U, (uint64_t)1617882529391756U,
-    (uint64_t)876124429891172U, (uint64_t)1147654641445091U, (uint64_t)1476943370400542U,
-    (uint64_t)688601222759067U, (uint64_t)2120281968990205U, (uint64_t)1387113236912611U,
-    (uint64_t)2125245820685788U, (uint64_t)1030674016350092U, (uint64_t)1594684598654247U,
-    (uint64_t)1165939511879820U, (uint64_t)271499323244173U, (uint64_t)546587254515484U,
-    (uint64_t)945603425742936U, (uint64_t)1242252568170226U, (uint64_t)561598728058142U,
-    (uint64_t)604827091794712U, (uint64_t)19869753585186U, (uint64_t)565367744708915U,
-    (uint64_t)536755754533603U, (uint64_t)1767258313589487U, (uint64_t)907952975936127U,
-    (uint64_t)292851652613937U, (uint64_t)163573546237963U, (uint64_t)837601408384564U,
-    (uint64_t)591996990118301U, (uint64_t)2126051747693057U, (uint64_t)182247548824566U,
-    (uint64_t)908369044122868U, (uint64_t)1335442699947273U, (uint64_t)2234292296528612U,
-    (uint64_t)689537529333034U, (uint64_t)2174778663790714U, (uint64_t)1011407643592667U,
-    (uint64_t)1856130618715473U, (uint64_t)1557437221651741U, (uint64_t)2250285407006102U,
-    (uint64_t)1412384213410827U, (uint64_t)1428042038612456U, (uint64_t)962709733973660U,
-    (uint64_t)313995703125919U, (uint64_t)1844969155869325U, (uint64_t)787716782673657U,
-    (uint64_t)622504542173478U, (uint64_t)930119043384654U, (uint64_t)2128870043952488U,
-    (uint64_t)537781531479523U, (uint64_t)1556666269904940U, (uint64_t)417333635741346U,
-    (uint64_t)1986743846438415U, (uint64_t)877620478041197U, (uint64_t)2205624582983829U,
-    (uint64_t)595260668884488U, (uint64_t)2025159350373157U, (uint64_t)2091659716088235U,
-    (uint64_t)1423634716596391U, (uint64_t)653686638634080U, (uint64_t)1972388399989956U,
-    (uint64_t)795575741798014U, (uint64_t)889240107997846U, (uint64_t)1446156876910732U,
-    (uint64_t)1028507012221776U, (uint64_t)1071697574586478U, (uint64_t)1689630411899691U,
-    (uint64_t)604092816502174U, (uint64_t)1909917373896122U, (uint64_t)1602544877643837U,
-    (uint64_t)1227177032923867U, (uint64_t)62684197535630U, (uint64_t)186146290753883U,
-    (uint64_t)414449055316766U, (uint64_t)1560555880866750U, (uint64_t)157579947096755U,
-    (uint64_t)230526795502384U, (uint64_t)1197673369665894U, (uint64_t)593779215869037U,
-    (uint64_t)214638834474097U, (uint64_t)1796344443484478U, (uint64_t)493550548257317U,
-    (uint64_t)1628442824033694U, (uint64_t)1410811655893495U, (uint64_t)1009361960995171U,
-    (uint64_t)604736219740352U, (uint64_t)392445928555351U, (uint64_t)1254295770295706U,
-    (uint64_t)1958074535046128U, (uint64_t)508699942241019U, (uint64_t)739405911261325U,
-    (uint64_t)1678760393882409U, (uint64_t)517763708545996U, (uint64_t)640040257898722U,
-    (uint64_t)384966810872913U, (uint64_t)407454748380128U, (uint64_t)152604679407451U,
-    (uint64_t)185102854927662U, (uint64_t)1448175503649595U, (uint64_t)100328519208674U,
-    (uint64_t)1153263667012830U, (uint64_t)1643926437586490U, (uint64_t)609632142834154U,
-    (uint64_t)980984004749261U, (uint64_t)855290732258779U, (uint64_t)2186022163021506U,
-    (uint64_t)1254052618626070U, (uint64_t)1850030517182611U, (uint64_t)162348933090207U,
-    (uint64_t)1948712273679932U, (uint64_t)1331832516262191U, (uint64_t)1219400369175863U,
-    (uint64_t)89689036937483U, (uint64_t)1554886057235815U, (uint64_t)1520047528432789U,
-    (uint64_t)81263957652811U, (uint64_t)146612464257008U, (uint64_t)2207945627164163U,
-    (uint64_t)919846660682546U, (uint64_t)1925694087906686U, (uint64_t)2102027292388012U,
-    (uint64_t)887992003198635U, (uint64_t)1817924871537027U, (uint64_t)746660005584342U,
-    (uint64_t)753757153275525U, (uint64_t)91394270908699U, (uint64_t)511837226544151U,
-    (uint64_t)736341543649373U, (uint64_t)1256371121466367U, (uint64_t)1977778299551813U,
-    (uint64_t)817915174462263U, (uint64_t)1602323381418035U, (uint64_t)190035164572930U,
-    (uint64_t)603796401391181U, (uint64_t)2152666873671669U, (uint64_t)1813900316324112U,
-    (uint64_t)1292622433358041U, (uint64_t)888439870199892U, (uint64_t)978918155071994U,
-    (uint64_t)534184417909805U, (uint64_t)466460084317313U, (uint64_t)1275223140288685U,
-    (uint64_t)786407043883517U, (uint64_t)1620520623925754U, (uint64_t)1753625021290269U,
-    (uint64_t)751937175104525U, (uint64_t)905301961820613U, (uint64_t)697059847245437U,
-    (uint64_t)584919033981144U, (uint64_t)1272165506533156U, (uint64_t)1532180021450866U,
-    (uint64_t)1901407354005301U, (uint64_t)1421319720492586U, (uint64_t)2179081609765456U,
-    (uint64_t)2193253156667632U, (uint64_t)1080248329608584U, (uint64_t)2158422436462066U,
-    (uint64_t)759167597017850U, (uint64_t)545759071151285U, (uint64_t)641600428493698U,
-    (uint64_t)943791424499848U, (uint64_t)469571542427864U, (uint64_t)951117845222467U,
-    (uint64_t)1780538594373407U, (uint64_t)614611122040309U, (uint64_t)1354826131886963U,
-    (uint64_t)221898131992340U, (uint64_t)1145699723916219U, (uint64_t)798735379961769U,
-    (uint64_t)1843560518208287U, (uint64_t)1424523160161545U, (uint64_t)205549016574779U,
-    (uint64_t)2239491587362749U, (uint64_t)1918363582399888U, (uint64_t)1292183072788455U,
-    (uint64_t)1783513123192567U, (uint64_t)1584027954317205U, (uint64_t)1890421443925740U,
-    (uint64_t)1718459319874929U, (uint64_t)1522091040748809U, (uint64_t)399467600667219U,
-    (uint64_t)1870973059066576U, (uint64_t)287514433150348U, (uint64_t)1397845311152885U,
-    (uint64_t)1880440629872863U, (uint64_t)709302939340341U, (uint64_t)1813571361109209U,
-    (uint64_t)86598795876860U, (uint64_t)1146964554310612U, (uint64_t)1590956584862432U,
-    (uint64_t)2097004628155559U, (uint64_t)656227622102390U, (uint64_t)1808500445541891U,
-    (uint64_t)958336726523135U, (uint64_t)2007604569465975U, (uint64_t)313504950390997U,
-    (uint64_t)1399686004953620U, (uint64_t)1759732788465234U, (uint64_t)1562539721055836U,
-    (uint64_t)1575722765016293U, (uint64_t)793318366641259U, (uint64_t)443876859384887U,
-    (uint64_t)547308921989704U, (uint64_t)636698687503328U, (uint64_t)2179175835287340U,
-    (uint64_t)498333551718258U, (uint64_t)932248760026176U, (uint64_t)1612395686304653U,
-    (uint64_t)2179774103745626U, (uint64_t)1359658123541018U, (uint64_t)171488501802442U,
-    (uint64_t)1625034951791350U, (uint64_t)520196922773633U, (uint64_t)1873787546341877U,
-    (uint64_t)303457823885368U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 1129953239743101ULL, 1240339163956160ULL, 61002583352401ULL,
+    2017604552196030ULL, 1576867829229863ULL, 1508654942849389ULL, 270111619664077ULL,
+    1253097517254054ULL, 721798270973250ULL, 161923365415298ULL, 828530877526011ULL,
+    1494851059386763ULL, 662034171193976ULL, 1315349646974670ULL, 2199229517308806ULL,
+    497078277852673ULL, 1310507715989956ULL, 1881315714002105ULL, 2214039404983803ULL,
+    1331036420272667ULL, 296286697520787ULL, 1179367922639127ULL, 25348441419697ULL,
+    2200984961703188ULL, 150893128908291ULL, 1978614888570852ULL, 1539657347172046ULL,
+    553810196523619ULL, 246017573977646ULL, 1440448985385485ULL, 346049108099981ULL,
+    601166606218546ULL, 855822004151713ULL, 1957521326383188ULL, 1114240380430887ULL,
+    1349639675122048ULL, 957375954499040ULL, 111551795360136ULL, 618586733648988ULL,
+    490708840688866ULL, 1267002049697314ULL, 1130723224930028ULL, 215603029480828ULL,
+    1277138555414710ULL, 1556750324971322ULL, 1407903521793741ULL, 1836836546590749ULL,
+    576500297444199ULL, 2074707599091135ULL, 1826239864380012ULL, 1935365705983312ULL,
+    239501825683682ULL, 1594236669034980ULL, 1283078975055301ULL, 856745636255925ULL,
+    1342128647959981ULL, 945216428379689ULL, 938746202496410ULL, 105775123333919ULL,
+    1379852610117266ULL, 1770216827500275ULL, 1016017267535704ULL, 1902885522469532ULL,
+    994184703730489ULL, 2227487538793763ULL, 53155967096055ULL, 1264120808114350ULL,
+    1334928769376729ULL, 393911808079997ULL, 826229239481845ULL, 1827903006733192ULL,
+    1449283706008465ULL, 1258040415217849ULL, 1641484112868370ULL, 1140150841968176ULL,
+    391113338021313ULL, 162138667815833ULL, 742204396566060ULL, 110709233440557ULL,
+    90179377432917ULL, 530511949644489ULL, 911568635552279ULL, 135869304780166ULL,
+    617719999563692ULL, 1802525001631319ULL, 1836394639510490ULL, 1862739456475085ULL,
+    1378284444664288ULL, 1617882529391756ULL, 876124429891172ULL, 1147654641445091ULL,
+    1476943370400542ULL, 688601222759067ULL, 2120281968990205ULL, 1387113236912611ULL,
+    2125245820685788ULL, 1030674016350092ULL, 1594684598654247ULL, 1165939511879820ULL,
+    271499323244173ULL, 546587254515484ULL, 945603425742936ULL, 1242252568170226ULL,
+    561598728058142ULL, 604827091794712ULL, 19869753585186ULL, 565367744708915ULL,
+    536755754533603ULL, 1767258313589487ULL, 907952975936127ULL, 292851652613937ULL,
+    163573546237963ULL, 837601408384564ULL, 591996990118301ULL, 2126051747693057ULL,
+    182247548824566ULL, 908369044122868ULL, 1335442699947273ULL, 2234292296528612ULL,
+    689537529333034ULL, 2174778663790714ULL, 1011407643592667ULL, 1856130618715473ULL,
+    1557437221651741ULL, 2250285407006102ULL, 1412384213410827ULL, 1428042038612456ULL,
+    962709733973660ULL, 313995703125919ULL, 1844969155869325ULL, 787716782673657ULL,
+    622504542173478ULL, 930119043384654ULL, 2128870043952488ULL, 537781531479523ULL,
+    1556666269904940ULL, 417333635741346ULL, 1986743846438415ULL, 877620478041197ULL,
+    2205624582983829ULL, 595260668884488ULL, 2025159350373157ULL, 2091659716088235ULL,
+    1423634716596391ULL, 653686638634080ULL, 1972388399989956ULL, 795575741798014ULL,
+    889240107997846ULL, 1446156876910732ULL, 1028507012221776ULL, 1071697574586478ULL,
+    1689630411899691ULL, 604092816502174ULL, 1909917373896122ULL, 1602544877643837ULL,
+    1227177032923867ULL, 62684197535630ULL, 186146290753883ULL, 414449055316766ULL,
+    1560555880866750ULL, 157579947096755ULL, 230526795502384ULL, 1197673369665894ULL,
+    593779215869037ULL, 214638834474097ULL, 1796344443484478ULL, 493550548257317ULL,
+    1628442824033694ULL, 1410811655893495ULL, 1009361960995171ULL, 604736219740352ULL,
+    392445928555351ULL, 1254295770295706ULL, 1958074535046128ULL, 508699942241019ULL,
+    739405911261325ULL, 1678760393882409ULL, 517763708545996ULL, 640040257898722ULL,
+    384966810872913ULL, 407454748380128ULL, 152604679407451ULL, 185102854927662ULL,
+    1448175503649595ULL, 100328519208674ULL, 1153263667012830ULL, 1643926437586490ULL,
+    609632142834154ULL, 980984004749261ULL, 855290732258779ULL, 2186022163021506ULL,
+    1254052618626070ULL, 1850030517182611ULL, 162348933090207ULL, 1948712273679932ULL,
+    1331832516262191ULL, 1219400369175863ULL, 89689036937483ULL, 1554886057235815ULL,
+    1520047528432789ULL, 81263957652811ULL, 146612464257008ULL, 2207945627164163ULL,
+    919846660682546ULL, 1925694087906686ULL, 2102027292388012ULL, 887992003198635ULL,
+    1817924871537027ULL, 746660005584342ULL, 753757153275525ULL, 91394270908699ULL,
+    511837226544151ULL, 736341543649373ULL, 1256371121466367ULL, 1977778299551813ULL,
+    817915174462263ULL, 1602323381418035ULL, 190035164572930ULL, 603796401391181ULL,
+    2152666873671669ULL, 1813900316324112ULL, 1292622433358041ULL, 888439870199892ULL,
+    978918155071994ULL, 534184417909805ULL, 466460084317313ULL, 1275223140288685ULL,
+    786407043883517ULL, 1620520623925754ULL, 1753625021290269ULL, 751937175104525ULL,
+    905301961820613ULL, 697059847245437ULL, 584919033981144ULL, 1272165506533156ULL,
+    1532180021450866ULL, 1901407354005301ULL, 1421319720492586ULL, 2179081609765456ULL,
+    2193253156667632ULL, 1080248329608584ULL, 2158422436462066ULL, 759167597017850ULL,
+    545759071151285ULL, 641600428493698ULL, 943791424499848ULL, 469571542427864ULL,
+    951117845222467ULL, 1780538594373407ULL, 614611122040309ULL, 1354826131886963ULL,
+    221898131992340ULL, 1145699723916219ULL, 798735379961769ULL, 1843560518208287ULL,
+    1424523160161545ULL, 205549016574779ULL, 2239491587362749ULL, 1918363582399888ULL,
+    1292183072788455ULL, 1783513123192567ULL, 1584027954317205ULL, 1890421443925740ULL,
+    1718459319874929ULL, 1522091040748809ULL, 399467600667219ULL, 1870973059066576ULL,
+    287514433150348ULL, 1397845311152885ULL, 1880440629872863ULL, 709302939340341ULL,
+    1813571361109209ULL, 86598795876860ULL, 1146964554310612ULL, 1590956584862432ULL,
+    2097004628155559ULL, 656227622102390ULL, 1808500445541891ULL, 958336726523135ULL,
+    2007604569465975ULL, 313504950390997ULL, 1399686004953620ULL, 1759732788465234ULL,
+    1562539721055836ULL, 1575722765016293ULL, 793318366641259ULL, 443876859384887ULL,
+    547308921989704ULL, 636698687503328ULL, 2179175835287340ULL, 498333551718258ULL,
+    932248760026176ULL, 1612395686304653ULL, 2179774103745626ULL, 1359658123541018ULL,
+    171488501802442ULL, 1625034951791350ULL, 520196922773633ULL, 1873787546341877ULL,
+    303457823885368ULL
   };
 
 static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5[640U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)1738742601995546U, (uint64_t)1146398526822698U,
-    (uint64_t)2070867633025821U, (uint64_t)562264141797630U, (uint64_t)587772402128613U,
-    (uint64_t)1801439850948184U, (uint64_t)1351079888211148U, (uint64_t)450359962737049U,
-    (uint64_t)900719925474099U, (uint64_t)1801439850948198U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1841354044333475U,
-    (uint64_t)16398895984059U, (uint64_t)755974180946558U, (uint64_t)900171276175154U,
-    (uint64_t)1821297809914039U, (uint64_t)1661154287933054U, (uint64_t)284530020860578U,
-    (uint64_t)1390261174866914U, (uint64_t)1524110943907984U, (uint64_t)1045603498418422U,
-    (uint64_t)928651508580478U, (uint64_t)1383326941296346U, (uint64_t)961937908925785U,
-    (uint64_t)80455759693706U, (uint64_t)904734540352947U, (uint64_t)1507481815385608U,
-    (uint64_t)2223447444246085U, (uint64_t)1083941587175919U, (uint64_t)2059929906842505U,
-    (uint64_t)1581435440146976U, (uint64_t)782730187692425U, (uint64_t)9928394897574U,
-    (uint64_t)1539449519985236U, (uint64_t)1923587931078510U, (uint64_t)552919286076056U,
-    (uint64_t)376925408065760U, (uint64_t)447320488831784U, (uint64_t)1362918338468019U,
-    (uint64_t)1470031896696846U, (uint64_t)2189796996539902U, (uint64_t)1337552949959847U,
-    (uint64_t)1762287177775726U, (uint64_t)237994495816815U, (uint64_t)1277840395970544U,
-    (uint64_t)543972849007241U, (uint64_t)1224692671618814U, (uint64_t)162359533289271U,
-    (uint64_t)282240927125249U, (uint64_t)586909166382289U, (uint64_t)17726488197838U,
-    (uint64_t)377014554985659U, (uint64_t)1433835303052512U, (uint64_t)702061469493692U,
-    (uint64_t)1142253108318154U, (uint64_t)318297794307551U, (uint64_t)954362646308543U,
-    (uint64_t)517363881452320U, (uint64_t)1868013482130416U, (uint64_t)262562472373260U,
-    (uint64_t)902232853249919U, (uint64_t)2107343057055746U, (uint64_t)462368348619024U,
-    (uint64_t)1893758677092974U, (uint64_t)2177729767846389U, (uint64_t)2168532543559143U,
-    (uint64_t)443867094639821U, (uint64_t)730169342581022U, (uint64_t)1564589016879755U,
-    (uint64_t)51218195700649U, (uint64_t)76684578423745U, (uint64_t)560266272480743U,
-    (uint64_t)922517457707697U, (uint64_t)2066645939860874U, (uint64_t)1318277348414638U,
-    (uint64_t)1576726809084003U, (uint64_t)1817337608563665U, (uint64_t)1874240939237666U,
-    (uint64_t)754733726333910U, (uint64_t)97085310406474U, (uint64_t)751148364309235U,
-    (uint64_t)1622159695715187U, (uint64_t)1444098819684916U, (uint64_t)130920805558089U,
-    (uint64_t)1260449179085308U, (uint64_t)1860021740768461U, (uint64_t)110052860348509U,
-    (uint64_t)193830891643810U, (uint64_t)164148413933881U, (uint64_t)180017794795332U,
-    (uint64_t)1523506525254651U, (uint64_t)465981629225956U, (uint64_t)559733514964572U,
-    (uint64_t)1279624874416974U, (uint64_t)2026642326892306U, (uint64_t)1425156829982409U,
-    (uint64_t)2160936383793147U, (uint64_t)1061870624975247U, (uint64_t)2023497043036941U,
-    (uint64_t)117942212883190U, (uint64_t)490339622800774U, (uint64_t)1729931303146295U,
-    (uint64_t)422305932971074U, (uint64_t)529103152793096U, (uint64_t)1211973233775992U,
-    (uint64_t)721364955929681U, (uint64_t)1497674430438813U, (uint64_t)342545521275073U,
-    (uint64_t)2102107575279372U, (uint64_t)2108462244669966U, (uint64_t)1382582406064082U,
-    (uint64_t)2206396818383323U, (uint64_t)2109093268641147U, (uint64_t)10809845110983U,
-    (uint64_t)1605176920880099U, (uint64_t)744640650753946U, (uint64_t)1712758897518129U,
-    (uint64_t)373410811281809U, (uint64_t)648838265800209U, (uint64_t)813058095530999U,
-    (uint64_t)513987632620169U, (uint64_t)465516160703329U, (uint64_t)2136322186126330U,
-    (uint64_t)1979645899422932U, (uint64_t)1197131006470786U, (uint64_t)1467836664863979U,
-    (uint64_t)1340751381374628U, (uint64_t)1810066212667962U, (uint64_t)1009933588225499U,
-    (uint64_t)1106129188080873U, (uint64_t)1388980405213901U, (uint64_t)533719246598044U,
-    (uint64_t)1169435803073277U, (uint64_t)198920999285821U, (uint64_t)487492330629854U,
-    (uint64_t)1807093008537778U, (uint64_t)1540899012923865U, (uint64_t)2075080271659867U,
-    (uint64_t)1527990806921523U, (uint64_t)1323728742908002U, (uint64_t)1568595959608205U,
-    (uint64_t)1388032187497212U, (uint64_t)2026968840050568U, (uint64_t)1396591153295755U,
-    (uint64_t)820416950170901U, (uint64_t)520060313205582U, (uint64_t)2016404325094901U,
-    (uint64_t)1584709677868520U, (uint64_t)272161374469956U, (uint64_t)1567188603996816U,
-    (uint64_t)1986160530078221U, (uint64_t)553930264324589U, (uint64_t)1058426729027503U,
-    (uint64_t)8762762886675U, (uint64_t)2216098143382988U, (uint64_t)1835145266889223U,
-    (uint64_t)1712936431558441U, (uint64_t)1017009937844974U, (uint64_t)585361667812740U,
-    (uint64_t)2114711541628181U, (uint64_t)2238729632971439U, (uint64_t)121257546253072U,
-    (uint64_t)847154149018345U, (uint64_t)211972965476684U, (uint64_t)287499084460129U,
-    (uint64_t)2098247259180197U, (uint64_t)839070411583329U, (uint64_t)339551619574372U,
-    (uint64_t)1432951287640743U, (uint64_t)526481249498942U, (uint64_t)931991661905195U,
-    (uint64_t)1884279965674487U, (uint64_t)200486405604411U, (uint64_t)364173020594788U,
-    (uint64_t)518034455936955U, (uint64_t)1085564703965501U, (uint64_t)16030410467927U,
-    (uint64_t)604865933167613U, (uint64_t)1695298441093964U, (uint64_t)498856548116159U,
-    (uint64_t)2193030062787034U, (uint64_t)1706339802964179U, (uint64_t)1721199073493888U,
-    (uint64_t)820740951039755U, (uint64_t)1216053436896834U, (uint64_t)23954895815139U,
-    (uint64_t)1662515208920491U, (uint64_t)1705443427511899U, (uint64_t)1957928899570365U,
-    (uint64_t)1189636258255725U, (uint64_t)1795695471103809U, (uint64_t)1691191297654118U,
-    (uint64_t)282402585374360U, (uint64_t)460405330264832U, (uint64_t)63765529445733U,
-    (uint64_t)469763447404473U, (uint64_t)733607089694996U, (uint64_t)685410420186959U,
-    (uint64_t)1096682630419738U, (uint64_t)1162548510542362U, (uint64_t)1020949526456676U,
-    (uint64_t)1211660396870573U, (uint64_t)613126398222696U, (uint64_t)1117829165843251U,
-    (uint64_t)742432540886650U, (uint64_t)1483755088010658U, (uint64_t)942392007134474U,
-    (uint64_t)1447834130944107U, (uint64_t)489368274863410U, (uint64_t)23192985544898U,
-    (uint64_t)648442406146160U, (uint64_t)785438843373876U, (uint64_t)249464684645238U,
-    (uint64_t)170494608205618U, (uint64_t)335112827260550U, (uint64_t)1462050123162735U,
-    (uint64_t)1084803668439016U, (uint64_t)853459233600325U, (uint64_t)215777728187495U,
-    (uint64_t)1965759433526974U, (uint64_t)1349482894446537U, (uint64_t)694163317612871U,
-    (uint64_t)860536766165036U, (uint64_t)1178788094084321U, (uint64_t)1652739626626996U,
-    (uint64_t)2115723946388185U, (uint64_t)1577204379094664U, (uint64_t)1083882859023240U,
-    (uint64_t)1768759143381635U, (uint64_t)1737180992507258U, (uint64_t)246054513922239U,
-    (uint64_t)577253134087234U, (uint64_t)356340280578042U, (uint64_t)1638917769925142U,
-    (uint64_t)223550348130103U, (uint64_t)470592666638765U, (uint64_t)22663573966996U,
-    (uint64_t)596552461152400U, (uint64_t)364143537069499U, (uint64_t)3942119457699U,
-    (uint64_t)107951982889287U, (uint64_t)1843471406713209U, (uint64_t)1625773041610986U,
-    (uint64_t)1466141092501702U, (uint64_t)1043024095021271U, (uint64_t)310429964047508U,
-    (uint64_t)98559121500372U, (uint64_t)152746933782868U, (uint64_t)259407205078261U,
-    (uint64_t)828123093322585U, (uint64_t)1576847274280091U, (uint64_t)1170871375757302U,
-    (uint64_t)1588856194642775U, (uint64_t)984767822341977U, (uint64_t)1141497997993760U,
-    (uint64_t)809325345150796U, (uint64_t)1879837728202511U, (uint64_t)201340910657893U,
-    (uint64_t)1079157558888483U, (uint64_t)1052373448588065U, (uint64_t)1732036202501778U,
-    (uint64_t)2105292670328445U, (uint64_t)679751387312402U, (uint64_t)1679682144926229U,
-    (uint64_t)1695823455818780U, (uint64_t)498852317075849U, (uint64_t)1786555067788433U,
-    (uint64_t)1670727545779425U, (uint64_t)117945875433544U, (uint64_t)407939139781844U,
-    (uint64_t)854632120023778U, (uint64_t)1413383148360437U, (uint64_t)286030901733673U,
-    (uint64_t)1207361858071196U, (uint64_t)461340408181417U, (uint64_t)1096919590360164U,
-    (uint64_t)1837594897475685U, (uint64_t)533755561544165U, (uint64_t)1638688042247712U,
-    (uint64_t)1431653684793005U, (uint64_t)1036458538873559U, (uint64_t)390822120341779U,
-    (uint64_t)1920929837111618U, (uint64_t)543426740024168U, (uint64_t)645751357799929U,
-    (uint64_t)2245025632994463U, (uint64_t)1550778638076452U, (uint64_t)223738153459949U,
-    (uint64_t)1337209385492033U, (uint64_t)1276967236456531U, (uint64_t)1463815821063071U,
-    (uint64_t)2070620870191473U, (uint64_t)1199170709413753U, (uint64_t)273230877394166U,
-    (uint64_t)1873264887608046U, (uint64_t)890877152910775U, (uint64_t)983226445635730U,
-    (uint64_t)44873798519521U, (uint64_t)697147127512130U, (uint64_t)961631038239304U,
-    (uint64_t)709966160696826U, (uint64_t)1706677689540366U, (uint64_t)502782733796035U,
-    (uint64_t)812545535346033U, (uint64_t)1693622521296452U, (uint64_t)1955813093002510U,
-    (uint64_t)1259937612881362U, (uint64_t)1873032503803559U, (uint64_t)1140330566016428U,
-    (uint64_t)1675726082440190U, (uint64_t)60029928909786U, (uint64_t)170335608866763U,
-    (uint64_t)766444312315022U, (uint64_t)2025049511434113U, (uint64_t)2200845622430647U,
-    (uint64_t)1201269851450408U, (uint64_t)590071752404907U, (uint64_t)1400995030286946U,
-    (uint64_t)2152637413853822U, (uint64_t)2108495473841983U, (uint64_t)3855406710349U,
-    (uint64_t)1726137673168580U, (uint64_t)51004317200100U, (uint64_t)1749082328586939U,
-    (uint64_t)1704088976144558U, (uint64_t)1977318954775118U, (uint64_t)2062602253162400U,
-    (uint64_t)948062503217479U, (uint64_t)361953965048030U, (uint64_t)1528264887238440U,
-    (uint64_t)62582552172290U, (uint64_t)2241602163389280U, (uint64_t)156385388121765U,
-    (uint64_t)2124100319761492U, (uint64_t)388928050571382U, (uint64_t)1556123596922727U,
-    (uint64_t)979310669812384U, (uint64_t)113043855206104U, (uint64_t)2023223924825469U,
-    (uint64_t)643651703263034U, (uint64_t)2234446903655540U, (uint64_t)1577241261424997U,
-    (uint64_t)860253174523845U, (uint64_t)1691026473082448U, (uint64_t)1091672764933872U,
-    (uint64_t)1957463109756365U, (uint64_t)530699502660193U, (uint64_t)349587141723569U,
-    (uint64_t)674661681919563U, (uint64_t)1633727303856240U, (uint64_t)708909037922144U,
-    (uint64_t)2160722508518119U, (uint64_t)1302188051602540U, (uint64_t)976114603845777U,
-    (uint64_t)120004758721939U, (uint64_t)1681630708873780U, (uint64_t)622274095069244U,
-    (uint64_t)1822346309016698U, (uint64_t)1100921177951904U, (uint64_t)2216952659181677U,
-    (uint64_t)1844020550362490U, (uint64_t)1976451368365774U, (uint64_t)1321101422068822U,
-    (uint64_t)1189859436282668U, (uint64_t)2008801879735257U, (uint64_t)2219413454333565U,
-    (uint64_t)424288774231098U, (uint64_t)359793146977912U, (uint64_t)270293357948703U,
-    (uint64_t)587226003677000U, (uint64_t)1482071926139945U, (uint64_t)1419630774650359U,
-    (uint64_t)1104739070570175U, (uint64_t)1662129023224130U, (uint64_t)1609203612533411U,
-    (uint64_t)1250932720691980U, (uint64_t)95215711818495U, (uint64_t)498746909028150U,
-    (uint64_t)158151296991874U, (uint64_t)1201379988527734U, (uint64_t)561599945143989U,
-    (uint64_t)2211577425617888U, (uint64_t)2166577612206324U, (uint64_t)1057590354233512U,
-    (uint64_t)1968123280416769U, (uint64_t)1316586165401313U, (uint64_t)762728164447634U,
-    (uint64_t)2045395244316047U, (uint64_t)1531796898725716U, (uint64_t)315385971670425U,
-    (uint64_t)1109421039396756U, (uint64_t)2183635256408562U, (uint64_t)1896751252659461U,
-    (uint64_t)840236037179080U, (uint64_t)796245792277211U, (uint64_t)508345890111193U,
-    (uint64_t)1275386465287222U, (uint64_t)513560822858784U, (uint64_t)1784735733120313U,
-    (uint64_t)1346467478899695U, (uint64_t)601125231208417U, (uint64_t)701076661112726U,
-    (uint64_t)1841998436455089U, (uint64_t)1156768600940434U, (uint64_t)1967853462343221U,
-    (uint64_t)2178318463061452U, (uint64_t)481885520752741U, (uint64_t)675262828640945U,
-    (uint64_t)1033539418596582U, (uint64_t)1743329872635846U, (uint64_t)159322641251283U,
-    (uint64_t)1573076470127113U, (uint64_t)954827619308195U, (uint64_t)778834750662635U,
-    (uint64_t)619912782122617U, (uint64_t)515681498488209U, (uint64_t)1675866144246843U,
-    (uint64_t)811716020969981U, (uint64_t)1125515272217398U, (uint64_t)1398917918287342U,
-    (uint64_t)1301680949183175U, (uint64_t)726474739583734U, (uint64_t)587246193475200U,
-    (uint64_t)1096581582611864U, (uint64_t)1469911826213486U, (uint64_t)1990099711206364U,
-    (uint64_t)1256496099816508U, (uint64_t)2019924615195672U, (uint64_t)1251232456707555U,
-    (uint64_t)2042971196009755U, (uint64_t)214061878479265U, (uint64_t)115385726395472U,
-    (uint64_t)1677875239524132U, (uint64_t)756888883383540U, (uint64_t)1153862117756233U,
-    (uint64_t)503391530851096U, (uint64_t)946070017477513U, (uint64_t)1878319040542579U,
-    (uint64_t)1101349418586920U, (uint64_t)793245696431613U, (uint64_t)397920495357645U,
-    (uint64_t)2174023872951112U, (uint64_t)1517867915189593U, (uint64_t)1829855041462995U,
-    (uint64_t)1046709983503619U, (uint64_t)424081940711857U, (uint64_t)2112438073094647U,
-    (uint64_t)1504338467349861U, (uint64_t)2244574127374532U, (uint64_t)2136937537441911U,
-    (uint64_t)1741150838990304U, (uint64_t)25894628400571U, (uint64_t)512213526781178U,
-    (uint64_t)1168384260796379U, (uint64_t)1424607682379833U, (uint64_t)938677789731564U,
-    (uint64_t)872882241891896U, (uint64_t)1713199397007700U, (uint64_t)1410496326218359U,
-    (uint64_t)854379752407031U, (uint64_t)465141611727634U, (uint64_t)315176937037857U,
-    (uint64_t)1020115054571233U, (uint64_t)1856290111077229U, (uint64_t)2028366269898204U,
-    (uint64_t)1432980880307543U, (uint64_t)469932710425448U, (uint64_t)581165267592247U,
-    (uint64_t)496399148156603U, (uint64_t)2063435226705903U, (uint64_t)2116841086237705U,
-    (uint64_t)498272567217048U, (uint64_t)1829438076967906U, (uint64_t)1573925801278491U,
-    (uint64_t)460763576329867U, (uint64_t)1705264723728225U, (uint64_t)999514866082412U,
-    (uint64_t)29635061779362U, (uint64_t)1884233592281020U, (uint64_t)1449755591461338U,
-    (uint64_t)42579292783222U, (uint64_t)1869504355369200U, (uint64_t)495506004805251U,
-    (uint64_t)264073104888427U, (uint64_t)2088880861028612U, (uint64_t)104646456386576U,
-    (uint64_t)1258445191399967U, (uint64_t)1348736801545799U, (uint64_t)2068276361286613U,
-    (uint64_t)884897216646374U, (uint64_t)922387476801376U, (uint64_t)1043886580402805U,
-    (uint64_t)1240883498470831U, (uint64_t)1601554651937110U, (uint64_t)804382935289482U,
-    (uint64_t)512379564477239U, (uint64_t)1466384519077032U, (uint64_t)1280698500238386U,
-    (uint64_t)211303836685749U, (uint64_t)2081725624793803U, (uint64_t)545247644516879U,
-    (uint64_t)215313359330384U, (uint64_t)286479751145614U, (uint64_t)2213650281751636U,
-    (uint64_t)2164927945999874U, (uint64_t)2072162991540882U, (uint64_t)1443769115444779U,
-    (uint64_t)1581473274363095U, (uint64_t)434633875922699U, (uint64_t)340456055781599U,
-    (uint64_t)373043091080189U, (uint64_t)839476566531776U, (uint64_t)1856706858509978U,
-    (uint64_t)931616224909153U, (uint64_t)1888181317414065U, (uint64_t)213654322650262U,
-    (uint64_t)1161078103416244U, (uint64_t)1822042328851513U, (uint64_t)915817709028812U,
-    (uint64_t)1828297056698188U, (uint64_t)1212017130909403U, (uint64_t)60258343247333U,
-    (uint64_t)342085800008230U, (uint64_t)930240559508270U, (uint64_t)1549884999174952U,
-    (uint64_t)809895264249462U, (uint64_t)184726257947682U, (uint64_t)1157065433504828U,
-    (uint64_t)1209999630381477U, (uint64_t)999920399374391U, (uint64_t)1714770150788163U,
-    (uint64_t)2026130985413228U, (uint64_t)506776632883140U, (uint64_t)1349042668246528U,
-    (uint64_t)1937232292976967U, (uint64_t)942302637530730U, (uint64_t)160211904766226U,
-    (uint64_t)1042724500438571U, (uint64_t)212454865139142U, (uint64_t)244104425172642U,
-    (uint64_t)1376990622387496U, (uint64_t)76126752421227U, (uint64_t)1027540886376422U,
-    (uint64_t)1912210655133026U, (uint64_t)13410411589575U, (uint64_t)1475856708587773U,
-    (uint64_t)615563352691682U, (uint64_t)1446629324872644U, (uint64_t)1683670301784014U,
-    (uint64_t)1049873327197127U, (uint64_t)1826401704084838U, (uint64_t)2032577048760775U,
-    (uint64_t)1922203607878853U, (uint64_t)836708788764806U, (uint64_t)2193084654695012U,
-    (uint64_t)1342923183256659U, (uint64_t)849356986294271U, (uint64_t)1228863973965618U,
-    (uint64_t)94886161081867U, (uint64_t)1423288430204892U, (uint64_t)2016167528707016U,
-    (uint64_t)1633187660972877U, (uint64_t)1550621242301752U, (uint64_t)340630244512994U,
-    (uint64_t)2103577710806901U, (uint64_t)221625016538931U, (uint64_t)421544147350960U,
-    (uint64_t)580428704555156U, (uint64_t)1479831381265617U, (uint64_t)518057926544698U,
-    (uint64_t)955027348790630U, (uint64_t)1326749172561598U, (uint64_t)1118304625755967U,
-    (uint64_t)1994005916095176U, (uint64_t)1799757332780663U, (uint64_t)751343129396941U,
-    (uint64_t)1468672898746144U, (uint64_t)1451689964451386U, (uint64_t)755070293921171U,
-    (uint64_t)904857405877052U, (uint64_t)1276087530766984U, (uint64_t)403986562858511U,
-    (uint64_t)1530661255035337U, (uint64_t)1644972908910502U, (uint64_t)1370170080438957U,
-    (uint64_t)139839536695744U, (uint64_t)909930462436512U, (uint64_t)1899999215356933U,
-    (uint64_t)635992381064566U, (uint64_t)788740975837654U, (uint64_t)224241231493695U,
-    (uint64_t)1267090030199302U, (uint64_t)998908061660139U, (uint64_t)1784537499699278U,
-    (uint64_t)859195370018706U, (uint64_t)1953966091439379U, (uint64_t)2189271820076010U,
-    (uint64_t)2039067059943978U, (uint64_t)1526694380855202U, (uint64_t)2040321513194941U,
-    (uint64_t)329922071218689U, (uint64_t)1953032256401326U, (uint64_t)989631424403521U,
-    (uint64_t)328825014934242U, (uint64_t)9407151397696U, (uint64_t)63551373671268U,
-    (uint64_t)1624728632895792U, (uint64_t)1608324920739262U, (uint64_t)1178239350351945U,
-    (uint64_t)1198077399579702U, (uint64_t)277620088676229U, (uint64_t)1775359437312528U,
-    (uint64_t)1653558177737477U, (uint64_t)1652066043408850U, (uint64_t)1063359889686622U,
-    (uint64_t)1975063804860653U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 1738742601995546ULL, 1146398526822698ULL, 2070867633025821ULL,
+    562264141797630ULL, 587772402128613ULL, 1801439850948184ULL, 1351079888211148ULL,
+    450359962737049ULL, 900719925474099ULL, 1801439850948198ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    1841354044333475ULL, 16398895984059ULL, 755974180946558ULL, 900171276175154ULL,
+    1821297809914039ULL, 1661154287933054ULL, 284530020860578ULL, 1390261174866914ULL,
+    1524110943907984ULL, 1045603498418422ULL, 928651508580478ULL, 1383326941296346ULL,
+    961937908925785ULL, 80455759693706ULL, 904734540352947ULL, 1507481815385608ULL,
+    2223447444246085ULL, 1083941587175919ULL, 2059929906842505ULL, 1581435440146976ULL,
+    782730187692425ULL, 9928394897574ULL, 1539449519985236ULL, 1923587931078510ULL,
+    552919286076056ULL, 376925408065760ULL, 447320488831784ULL, 1362918338468019ULL,
+    1470031896696846ULL, 2189796996539902ULL, 1337552949959847ULL, 1762287177775726ULL,
+    237994495816815ULL, 1277840395970544ULL, 543972849007241ULL, 1224692671618814ULL,
+    162359533289271ULL, 282240927125249ULL, 586909166382289ULL, 17726488197838ULL,
+    377014554985659ULL, 1433835303052512ULL, 702061469493692ULL, 1142253108318154ULL,
+    318297794307551ULL, 954362646308543ULL, 517363881452320ULL, 1868013482130416ULL,
+    262562472373260ULL, 902232853249919ULL, 2107343057055746ULL, 462368348619024ULL,
+    1893758677092974ULL, 2177729767846389ULL, 2168532543559143ULL, 443867094639821ULL,
+    730169342581022ULL, 1564589016879755ULL, 51218195700649ULL, 76684578423745ULL,
+    560266272480743ULL, 922517457707697ULL, 2066645939860874ULL, 1318277348414638ULL,
+    1576726809084003ULL, 1817337608563665ULL, 1874240939237666ULL, 754733726333910ULL,
+    97085310406474ULL, 751148364309235ULL, 1622159695715187ULL, 1444098819684916ULL,
+    130920805558089ULL, 1260449179085308ULL, 1860021740768461ULL, 110052860348509ULL,
+    193830891643810ULL, 164148413933881ULL, 180017794795332ULL, 1523506525254651ULL,
+    465981629225956ULL, 559733514964572ULL, 1279624874416974ULL, 2026642326892306ULL,
+    1425156829982409ULL, 2160936383793147ULL, 1061870624975247ULL, 2023497043036941ULL,
+    117942212883190ULL, 490339622800774ULL, 1729931303146295ULL, 422305932971074ULL,
+    529103152793096ULL, 1211973233775992ULL, 721364955929681ULL, 1497674430438813ULL,
+    342545521275073ULL, 2102107575279372ULL, 2108462244669966ULL, 1382582406064082ULL,
+    2206396818383323ULL, 2109093268641147ULL, 10809845110983ULL, 1605176920880099ULL,
+    744640650753946ULL, 1712758897518129ULL, 373410811281809ULL, 648838265800209ULL,
+    813058095530999ULL, 513987632620169ULL, 465516160703329ULL, 2136322186126330ULL,
+    1979645899422932ULL, 1197131006470786ULL, 1467836664863979ULL, 1340751381374628ULL,
+    1810066212667962ULL, 1009933588225499ULL, 1106129188080873ULL, 1388980405213901ULL,
+    533719246598044ULL, 1169435803073277ULL, 198920999285821ULL, 487492330629854ULL,
+    1807093008537778ULL, 1540899012923865ULL, 2075080271659867ULL, 1527990806921523ULL,
+    1323728742908002ULL, 1568595959608205ULL, 1388032187497212ULL, 2026968840050568ULL,
+    1396591153295755ULL, 820416950170901ULL, 520060313205582ULL, 2016404325094901ULL,
+    1584709677868520ULL, 272161374469956ULL, 1567188603996816ULL, 1986160530078221ULL,
+    553930264324589ULL, 1058426729027503ULL, 8762762886675ULL, 2216098143382988ULL,
+    1835145266889223ULL, 1712936431558441ULL, 1017009937844974ULL, 585361667812740ULL,
+    2114711541628181ULL, 2238729632971439ULL, 121257546253072ULL, 847154149018345ULL,
+    211972965476684ULL, 287499084460129ULL, 2098247259180197ULL, 839070411583329ULL,
+    339551619574372ULL, 1432951287640743ULL, 526481249498942ULL, 931991661905195ULL,
+    1884279965674487ULL, 200486405604411ULL, 364173020594788ULL, 518034455936955ULL,
+    1085564703965501ULL, 16030410467927ULL, 604865933167613ULL, 1695298441093964ULL,
+    498856548116159ULL, 2193030062787034ULL, 1706339802964179ULL, 1721199073493888ULL,
+    820740951039755ULL, 1216053436896834ULL, 23954895815139ULL, 1662515208920491ULL,
+    1705443427511899ULL, 1957928899570365ULL, 1189636258255725ULL, 1795695471103809ULL,
+    1691191297654118ULL, 282402585374360ULL, 460405330264832ULL, 63765529445733ULL,
+    469763447404473ULL, 733607089694996ULL, 685410420186959ULL, 1096682630419738ULL,
+    1162548510542362ULL, 1020949526456676ULL, 1211660396870573ULL, 613126398222696ULL,
+    1117829165843251ULL, 742432540886650ULL, 1483755088010658ULL, 942392007134474ULL,
+    1447834130944107ULL, 489368274863410ULL, 23192985544898ULL, 648442406146160ULL,
+    785438843373876ULL, 249464684645238ULL, 170494608205618ULL, 335112827260550ULL,
+    1462050123162735ULL, 1084803668439016ULL, 853459233600325ULL, 215777728187495ULL,
+    1965759433526974ULL, 1349482894446537ULL, 694163317612871ULL, 860536766165036ULL,
+    1178788094084321ULL, 1652739626626996ULL, 2115723946388185ULL, 1577204379094664ULL,
+    1083882859023240ULL, 1768759143381635ULL, 1737180992507258ULL, 246054513922239ULL,
+    577253134087234ULL, 356340280578042ULL, 1638917769925142ULL, 223550348130103ULL,
+    470592666638765ULL, 22663573966996ULL, 596552461152400ULL, 364143537069499ULL, 3942119457699ULL,
+    107951982889287ULL, 1843471406713209ULL, 1625773041610986ULL, 1466141092501702ULL,
+    1043024095021271ULL, 310429964047508ULL, 98559121500372ULL, 152746933782868ULL,
+    259407205078261ULL, 828123093322585ULL, 1576847274280091ULL, 1170871375757302ULL,
+    1588856194642775ULL, 984767822341977ULL, 1141497997993760ULL, 809325345150796ULL,
+    1879837728202511ULL, 201340910657893ULL, 1079157558888483ULL, 1052373448588065ULL,
+    1732036202501778ULL, 2105292670328445ULL, 679751387312402ULL, 1679682144926229ULL,
+    1695823455818780ULL, 498852317075849ULL, 1786555067788433ULL, 1670727545779425ULL,
+    117945875433544ULL, 407939139781844ULL, 854632120023778ULL, 1413383148360437ULL,
+    286030901733673ULL, 1207361858071196ULL, 461340408181417ULL, 1096919590360164ULL,
+    1837594897475685ULL, 533755561544165ULL, 1638688042247712ULL, 1431653684793005ULL,
+    1036458538873559ULL, 390822120341779ULL, 1920929837111618ULL, 543426740024168ULL,
+    645751357799929ULL, 2245025632994463ULL, 1550778638076452ULL, 223738153459949ULL,
+    1337209385492033ULL, 1276967236456531ULL, 1463815821063071ULL, 2070620870191473ULL,
+    1199170709413753ULL, 273230877394166ULL, 1873264887608046ULL, 890877152910775ULL,
+    983226445635730ULL, 44873798519521ULL, 697147127512130ULL, 961631038239304ULL,
+    709966160696826ULL, 1706677689540366ULL, 502782733796035ULL, 812545535346033ULL,
+    1693622521296452ULL, 1955813093002510ULL, 1259937612881362ULL, 1873032503803559ULL,
+    1140330566016428ULL, 1675726082440190ULL, 60029928909786ULL, 170335608866763ULL,
+    766444312315022ULL, 2025049511434113ULL, 2200845622430647ULL, 1201269851450408ULL,
+    590071752404907ULL, 1400995030286946ULL, 2152637413853822ULL, 2108495473841983ULL,
+    3855406710349ULL, 1726137673168580ULL, 51004317200100ULL, 1749082328586939ULL,
+    1704088976144558ULL, 1977318954775118ULL, 2062602253162400ULL, 948062503217479ULL,
+    361953965048030ULL, 1528264887238440ULL, 62582552172290ULL, 2241602163389280ULL,
+    156385388121765ULL, 2124100319761492ULL, 388928050571382ULL, 1556123596922727ULL,
+    979310669812384ULL, 113043855206104ULL, 2023223924825469ULL, 643651703263034ULL,
+    2234446903655540ULL, 1577241261424997ULL, 860253174523845ULL, 1691026473082448ULL,
+    1091672764933872ULL, 1957463109756365ULL, 530699502660193ULL, 349587141723569ULL,
+    674661681919563ULL, 1633727303856240ULL, 708909037922144ULL, 2160722508518119ULL,
+    1302188051602540ULL, 976114603845777ULL, 120004758721939ULL, 1681630708873780ULL,
+    622274095069244ULL, 1822346309016698ULL, 1100921177951904ULL, 2216952659181677ULL,
+    1844020550362490ULL, 1976451368365774ULL, 1321101422068822ULL, 1189859436282668ULL,
+    2008801879735257ULL, 2219413454333565ULL, 424288774231098ULL, 359793146977912ULL,
+    270293357948703ULL, 587226003677000ULL, 1482071926139945ULL, 1419630774650359ULL,
+    1104739070570175ULL, 1662129023224130ULL, 1609203612533411ULL, 1250932720691980ULL,
+    95215711818495ULL, 498746909028150ULL, 158151296991874ULL, 1201379988527734ULL,
+    561599945143989ULL, 2211577425617888ULL, 2166577612206324ULL, 1057590354233512ULL,
+    1968123280416769ULL, 1316586165401313ULL, 762728164447634ULL, 2045395244316047ULL,
+    1531796898725716ULL, 315385971670425ULL, 1109421039396756ULL, 2183635256408562ULL,
+    1896751252659461ULL, 840236037179080ULL, 796245792277211ULL, 508345890111193ULL,
+    1275386465287222ULL, 513560822858784ULL, 1784735733120313ULL, 1346467478899695ULL,
+    601125231208417ULL, 701076661112726ULL, 1841998436455089ULL, 1156768600940434ULL,
+    1967853462343221ULL, 2178318463061452ULL, 481885520752741ULL, 675262828640945ULL,
+    1033539418596582ULL, 1743329872635846ULL, 159322641251283ULL, 1573076470127113ULL,
+    954827619308195ULL, 778834750662635ULL, 619912782122617ULL, 515681498488209ULL,
+    1675866144246843ULL, 811716020969981ULL, 1125515272217398ULL, 1398917918287342ULL,
+    1301680949183175ULL, 726474739583734ULL, 587246193475200ULL, 1096581582611864ULL,
+    1469911826213486ULL, 1990099711206364ULL, 1256496099816508ULL, 2019924615195672ULL,
+    1251232456707555ULL, 2042971196009755ULL, 214061878479265ULL, 115385726395472ULL,
+    1677875239524132ULL, 756888883383540ULL, 1153862117756233ULL, 503391530851096ULL,
+    946070017477513ULL, 1878319040542579ULL, 1101349418586920ULL, 793245696431613ULL,
+    397920495357645ULL, 2174023872951112ULL, 1517867915189593ULL, 1829855041462995ULL,
+    1046709983503619ULL, 424081940711857ULL, 2112438073094647ULL, 1504338467349861ULL,
+    2244574127374532ULL, 2136937537441911ULL, 1741150838990304ULL, 25894628400571ULL,
+    512213526781178ULL, 1168384260796379ULL, 1424607682379833ULL, 938677789731564ULL,
+    872882241891896ULL, 1713199397007700ULL, 1410496326218359ULL, 854379752407031ULL,
+    465141611727634ULL, 315176937037857ULL, 1020115054571233ULL, 1856290111077229ULL,
+    2028366269898204ULL, 1432980880307543ULL, 469932710425448ULL, 581165267592247ULL,
+    496399148156603ULL, 2063435226705903ULL, 2116841086237705ULL, 498272567217048ULL,
+    1829438076967906ULL, 1573925801278491ULL, 460763576329867ULL, 1705264723728225ULL,
+    999514866082412ULL, 29635061779362ULL, 1884233592281020ULL, 1449755591461338ULL,
+    42579292783222ULL, 1869504355369200ULL, 495506004805251ULL, 264073104888427ULL,
+    2088880861028612ULL, 104646456386576ULL, 1258445191399967ULL, 1348736801545799ULL,
+    2068276361286613ULL, 884897216646374ULL, 922387476801376ULL, 1043886580402805ULL,
+    1240883498470831ULL, 1601554651937110ULL, 804382935289482ULL, 512379564477239ULL,
+    1466384519077032ULL, 1280698500238386ULL, 211303836685749ULL, 2081725624793803ULL,
+    545247644516879ULL, 215313359330384ULL, 286479751145614ULL, 2213650281751636ULL,
+    2164927945999874ULL, 2072162991540882ULL, 1443769115444779ULL, 1581473274363095ULL,
+    434633875922699ULL, 340456055781599ULL, 373043091080189ULL, 839476566531776ULL,
+    1856706858509978ULL, 931616224909153ULL, 1888181317414065ULL, 213654322650262ULL,
+    1161078103416244ULL, 1822042328851513ULL, 915817709028812ULL, 1828297056698188ULL,
+    1212017130909403ULL, 60258343247333ULL, 342085800008230ULL, 930240559508270ULL,
+    1549884999174952ULL, 809895264249462ULL, 184726257947682ULL, 1157065433504828ULL,
+    1209999630381477ULL, 999920399374391ULL, 1714770150788163ULL, 2026130985413228ULL,
+    506776632883140ULL, 1349042668246528ULL, 1937232292976967ULL, 942302637530730ULL,
+    160211904766226ULL, 1042724500438571ULL, 212454865139142ULL, 244104425172642ULL,
+    1376990622387496ULL, 76126752421227ULL, 1027540886376422ULL, 1912210655133026ULL,
+    13410411589575ULL, 1475856708587773ULL, 615563352691682ULL, 1446629324872644ULL,
+    1683670301784014ULL, 1049873327197127ULL, 1826401704084838ULL, 2032577048760775ULL,
+    1922203607878853ULL, 836708788764806ULL, 2193084654695012ULL, 1342923183256659ULL,
+    849356986294271ULL, 1228863973965618ULL, 94886161081867ULL, 1423288430204892ULL,
+    2016167528707016ULL, 1633187660972877ULL, 1550621242301752ULL, 340630244512994ULL,
+    2103577710806901ULL, 221625016538931ULL, 421544147350960ULL, 580428704555156ULL,
+    1479831381265617ULL, 518057926544698ULL, 955027348790630ULL, 1326749172561598ULL,
+    1118304625755967ULL, 1994005916095176ULL, 1799757332780663ULL, 751343129396941ULL,
+    1468672898746144ULL, 1451689964451386ULL, 755070293921171ULL, 904857405877052ULL,
+    1276087530766984ULL, 403986562858511ULL, 1530661255035337ULL, 1644972908910502ULL,
+    1370170080438957ULL, 139839536695744ULL, 909930462436512ULL, 1899999215356933ULL,
+    635992381064566ULL, 788740975837654ULL, 224241231493695ULL, 1267090030199302ULL,
+    998908061660139ULL, 1784537499699278ULL, 859195370018706ULL, 1953966091439379ULL,
+    2189271820076010ULL, 2039067059943978ULL, 1526694380855202ULL, 2040321513194941ULL,
+    329922071218689ULL, 1953032256401326ULL, 989631424403521ULL, 328825014934242ULL,
+    9407151397696ULL, 63551373671268ULL, 1624728632895792ULL, 1608324920739262ULL,
+    1178239350351945ULL, 1198077399579702ULL, 277620088676229ULL, 1775359437312528ULL,
+    1653558177737477ULL, 1652066043408850ULL, 1063359889686622ULL, 1975063804860653ULL
   };
 
 #if defined(__cplusplus)
diff --git a/include/internal/Hacl_Frodo_KEM.h b/include/internal/Hacl_Frodo_KEM.h
index 5d8f2a85..a4e2f62a 100644
--- a/include/internal/Hacl_Frodo_KEM.h
+++ b/include/internal/Hacl_Frodo_KEM.h
@@ -55,22 +55,22 @@ Hacl_Keccak_shake128_4x(
   uint8_t *output3
 )
 {
-  Hacl_SHA3_shake128_hacl(input_len, input0, output_len, output0);
-  Hacl_SHA3_shake128_hacl(input_len, input1, output_len, output1);
-  Hacl_SHA3_shake128_hacl(input_len, input2, output_len, output2);
-  Hacl_SHA3_shake128_hacl(input_len, input3, output_len, output3);
+  Hacl_Hash_SHA3_shake128_hacl(input_len, input0, output_len, output0);
+  Hacl_Hash_SHA3_shake128_hacl(input_len, input1, output_len, output1);
+  Hacl_Hash_SHA3_shake128_hacl(input_len, input2, output_len, output2);
+  Hacl_Hash_SHA3_shake128_hacl(input_len, input3, output_len, output3);
 }
 
 static inline void
 Hacl_Impl_Matrix_mod_pow2(uint32_t n1, uint32_t n2, uint32_t logq, uint16_t *a)
 {
-  if (logq < (uint32_t)16U)
+  if (logq < 16U)
   {
-    for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+    for (uint32_t i0 = 0U; i0 < n1; i0++)
     {
-      for (uint32_t i = (uint32_t)0U; i < n2; i++)
+      for (uint32_t i = 0U; i < n2; i++)
       {
-        a[i0 * n2 + i] = a[i0 * n2 + i] & (((uint16_t)1U << logq) - (uint16_t)1U);
+        a[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] & ((1U << logq) - 1U);
       }
     }
     return;
@@ -80,11 +80,11 @@ Hacl_Impl_Matrix_mod_pow2(uint32_t n1, uint32_t n2, uint32_t logq, uint16_t *a)
 static inline void
 Hacl_Impl_Matrix_matrix_add(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i = (uint32_t)0U; i < n2; i++)
+    for (uint32_t i = 0U; i < n2; i++)
     {
-      a[i0 * n2 + i] = a[i0 * n2 + i] + b[i0 * n2 + i];
+      a[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] + (uint32_t)b[i0 * n2 + i];
     }
   }
 }
@@ -92,11 +92,11 @@ Hacl_Impl_Matrix_matrix_add(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 static inline void
 Hacl_Impl_Matrix_matrix_sub(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i = (uint32_t)0U; i < n2; i++)
+    for (uint32_t i = 0U; i < n2; i++)
     {
-      b[i0 * n2 + i] = a[i0 * n2 + i] - b[i0 * n2 + i];
+      b[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] - (uint32_t)b[i0 * n2 + i];
     }
   }
 }
@@ -111,17 +111,17 @@ Hacl_Impl_Matrix_matrix_mul(
   uint16_t *c
 )
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n3; i1++)
+    for (uint32_t i1 = 0U; i1 < n3; i1++)
     {
-      uint16_t res = (uint16_t)0U;
-      for (uint32_t i = (uint32_t)0U; i < n2; i++)
+      uint16_t res = 0U;
+      for (uint32_t i = 0U; i < n2; i++)
       {
         uint16_t aij = a[i0 * n2 + i];
         uint16_t bjk = b[i * n3 + i1];
         uint16_t res0 = res;
-        res = res0 + aij * bjk;
+        res = (uint32_t)res0 + (uint32_t)aij * (uint32_t)bjk;
       }
       c[i0 * n3 + i1] = res;
     }
@@ -138,17 +138,17 @@ Hacl_Impl_Matrix_matrix_mul_s(
   uint16_t *c
 )
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n3; i1++)
+    for (uint32_t i1 = 0U; i1 < n3; i1++)
     {
-      uint16_t res = (uint16_t)0U;
-      for (uint32_t i = (uint32_t)0U; i < n2; i++)
+      uint16_t res = 0U;
+      for (uint32_t i = 0U; i < n2; i++)
       {
         uint16_t aij = a[i0 * n2 + i];
         uint16_t bjk = b[i1 * n2 + i];
         uint16_t res0 = res;
-        res = res0 + aij * bjk;
+        res = (uint32_t)res0 + (uint32_t)aij * (uint32_t)bjk;
       }
       c[i0 * n3 + i1] = res;
     }
@@ -158,11 +158,11 @@ Hacl_Impl_Matrix_matrix_mul_s(
 static inline uint16_t
 Hacl_Impl_Matrix_matrix_eq(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 {
-  uint16_t res = (uint16_t)0xFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++)
+  uint16_t res = 0xFFFFU;
+  for (uint32_t i = 0U; i < n1 * n2; i++)
   {
     uint16_t uu____0 = FStar_UInt16_eq_mask(a[i], b[i]);
-    res = uu____0 & res;
+    res = (uint32_t)uu____0 & (uint32_t)res;
   }
   uint16_t r = res;
   return r;
@@ -171,19 +171,19 @@ Hacl_Impl_Matrix_matrix_eq(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 static inline void
 Hacl_Impl_Matrix_matrix_to_lbytes(uint32_t n1, uint32_t n2, uint16_t *m, uint8_t *res)
 {
-  for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++)
+  for (uint32_t i = 0U; i < n1 * n2; i++)
   {
-    store16_le(res + (uint32_t)2U * i, m[i]);
+    store16_le(res + 2U * i, m[i]);
   }
 }
 
 static inline void
 Hacl_Impl_Matrix_matrix_from_lbytes(uint32_t n1, uint32_t n2, uint8_t *b, uint16_t *res)
 {
-  for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++)
+  for (uint32_t i = 0U; i < n1 * n2; i++)
   {
     uint16_t *os = res;
-    uint16_t u = load16_le(b + (uint32_t)2U * i);
+    uint16_t u = load16_le(b + 2U * i);
     uint16_t x = u;
     os[i] = x;
   }
@@ -192,53 +192,53 @@ Hacl_Impl_Matrix_matrix_from_lbytes(uint32_t n1, uint32_t n2, uint8_t *b, uint16
 static inline void
 Hacl_Impl_Frodo_Gen_frodo_gen_matrix_shake_4x(uint32_t n, uint8_t *seed, uint16_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint8_t), (uint32_t)8U * n);
-  uint8_t r[(uint32_t)8U * n];
-  memset(r, 0U, (uint32_t)8U * n * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), 8U * n);
+  uint8_t r[8U * n];
+  memset(r, 0U, 8U * n * sizeof (uint8_t));
   uint8_t tmp_seed[72U] = { 0U };
-  memcpy(tmp_seed + (uint32_t)2U, seed, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(tmp_seed + (uint32_t)20U, seed, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(tmp_seed + (uint32_t)38U, seed, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(tmp_seed + (uint32_t)56U, seed, (uint32_t)16U * sizeof (uint8_t));
+  memcpy(tmp_seed + 2U, seed, 16U * sizeof (uint8_t));
+  memcpy(tmp_seed + 20U, seed, 16U * sizeof (uint8_t));
+  memcpy(tmp_seed + 38U, seed, 16U * sizeof (uint8_t));
+  memcpy(tmp_seed + 56U, seed, 16U * sizeof (uint8_t));
   memset(res, 0U, n * n * sizeof (uint16_t));
-  for (uint32_t i = (uint32_t)0U; i < n / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < n / 4U; i++)
   {
-    uint8_t *r0 = r + (uint32_t)0U * n;
-    uint8_t *r1 = r + (uint32_t)2U * n;
-    uint8_t *r2 = r + (uint32_t)4U * n;
-    uint8_t *r3 = r + (uint32_t)6U * n;
+    uint8_t *r0 = r + 0U * n;
+    uint8_t *r1 = r + 2U * n;
+    uint8_t *r2 = r + 4U * n;
+    uint8_t *r3 = r + 6U * n;
     uint8_t *tmp_seed0 = tmp_seed;
-    uint8_t *tmp_seed1 = tmp_seed + (uint32_t)18U;
-    uint8_t *tmp_seed2 = tmp_seed + (uint32_t)36U;
-    uint8_t *tmp_seed3 = tmp_seed + (uint32_t)54U;
-    store16_le(tmp_seed0, (uint16_t)((uint32_t)4U * i + (uint32_t)0U));
-    store16_le(tmp_seed1, (uint16_t)((uint32_t)4U * i + (uint32_t)1U));
-    store16_le(tmp_seed2, (uint16_t)((uint32_t)4U * i + (uint32_t)2U));
-    store16_le(tmp_seed3, (uint16_t)((uint32_t)4U * i + (uint32_t)3U));
-    Hacl_Keccak_shake128_4x((uint32_t)18U,
+    uint8_t *tmp_seed1 = tmp_seed + 18U;
+    uint8_t *tmp_seed2 = tmp_seed + 36U;
+    uint8_t *tmp_seed3 = tmp_seed + 54U;
+    store16_le(tmp_seed0, (uint16_t)(4U * i + 0U));
+    store16_le(tmp_seed1, (uint16_t)(4U * i + 1U));
+    store16_le(tmp_seed2, (uint16_t)(4U * i + 2U));
+    store16_le(tmp_seed3, (uint16_t)(4U * i + 3U));
+    Hacl_Keccak_shake128_4x(18U,
       tmp_seed0,
       tmp_seed1,
       tmp_seed2,
       tmp_seed3,
-      (uint32_t)2U * n,
+      2U * n,
       r0,
       r1,
       r2,
       r3);
-    for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++)
+    for (uint32_t i0 = 0U; i0 < n; i0++)
     {
-      uint8_t *resij0 = r0 + i0 * (uint32_t)2U;
-      uint8_t *resij1 = r1 + i0 * (uint32_t)2U;
-      uint8_t *resij2 = r2 + i0 * (uint32_t)2U;
-      uint8_t *resij3 = r3 + i0 * (uint32_t)2U;
+      uint8_t *resij0 = r0 + i0 * 2U;
+      uint8_t *resij1 = r1 + i0 * 2U;
+      uint8_t *resij2 = r2 + i0 * 2U;
+      uint8_t *resij3 = r3 + i0 * 2U;
       uint16_t u = load16_le(resij0);
-      res[((uint32_t)4U * i + (uint32_t)0U) * n + i0] = u;
+      res[(4U * i + 0U) * n + i0] = u;
       uint16_t u0 = load16_le(resij1);
-      res[((uint32_t)4U * i + (uint32_t)1U) * n + i0] = u0;
+      res[(4U * i + 1U) * n + i0] = u0;
       uint16_t u1 = load16_le(resij2);
-      res[((uint32_t)4U * i + (uint32_t)2U) * n + i0] = u1;
+      res[(4U * i + 2U) * n + i0] = u1;
       uint16_t u2 = load16_le(resij3);
-      res[((uint32_t)4U * i + (uint32_t)3U) * n + i0] = u2;
+      res[(4U * i + 3U) * n + i0] = u2;
     }
   }
 }
@@ -270,27 +270,19 @@ static const
 uint16_t
 Hacl_Impl_Frodo_Params_cdf_table640[13U] =
   {
-    (uint16_t)4643U, (uint16_t)13363U, (uint16_t)20579U, (uint16_t)25843U, (uint16_t)29227U,
-    (uint16_t)31145U, (uint16_t)32103U, (uint16_t)32525U, (uint16_t)32689U, (uint16_t)32745U,
-    (uint16_t)32762U, (uint16_t)32766U, (uint16_t)32767U
+    4643U, 13363U, 20579U, 25843U, 29227U, 31145U, 32103U, 32525U, 32689U, 32745U, 32762U, 32766U,
+    32767U
   };
 
 static const
 uint16_t
 Hacl_Impl_Frodo_Params_cdf_table976[11U] =
-  {
-    (uint16_t)5638U, (uint16_t)15915U, (uint16_t)23689U, (uint16_t)28571U, (uint16_t)31116U,
-    (uint16_t)32217U, (uint16_t)32613U, (uint16_t)32731U, (uint16_t)32760U, (uint16_t)32766U,
-    (uint16_t)32767U
-  };
+  { 5638U, 15915U, 23689U, 28571U, 31116U, 32217U, 32613U, 32731U, 32760U, 32766U, 32767U };
 
 static const
 uint16_t
 Hacl_Impl_Frodo_Params_cdf_table1344[7U] =
-  {
-    (uint16_t)9142U, (uint16_t)23462U, (uint16_t)30338U, (uint16_t)32361U, (uint16_t)32725U,
-    (uint16_t)32765U, (uint16_t)32767U
-  };
+  { 9142U, 23462U, 30338U, 32361U, 32725U, 32765U, 32767U };
 
 static inline void
 Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(
@@ -301,26 +293,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(
 )
 {
   memset(res, 0U, n1 * n2 * sizeof (uint16_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++)
+    for (uint32_t i1 = 0U; i1 < n2; i1++)
     {
-      uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1);
+      uint8_t *resij = r + 2U * (n2 * i0 + i1);
       uint16_t u = load16_le(resij);
       uint16_t uu____0 = u;
-      uint16_t prnd = uu____0 >> (uint32_t)1U;
-      uint16_t sign = uu____0 & (uint16_t)1U;
-      uint16_t sample = (uint16_t)0U;
-      uint32_t bound = (uint32_t)12U;
-      for (uint32_t i = (uint32_t)0U; i < bound; i++)
+      uint16_t prnd = (uint32_t)uu____0 >> 1U;
+      uint16_t sign = (uint32_t)uu____0 & 1U;
+      uint16_t sample = 0U;
+      uint32_t bound = 12U;
+      for (uint32_t i = 0U; i < bound; i++)
       {
         uint16_t sample0 = sample;
         uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table640[i];
-        uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U;
-        sample = samplei + sample0;
+        uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U;
+        sample = (uint32_t)samplei + (uint32_t)sample0;
       }
       uint16_t sample0 = sample;
-      res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign;
+      res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign;
     }
   }
 }
@@ -334,26 +326,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(
 )
 {
   memset(res, 0U, n1 * n2 * sizeof (uint16_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++)
+    for (uint32_t i1 = 0U; i1 < n2; i1++)
     {
-      uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1);
+      uint8_t *resij = r + 2U * (n2 * i0 + i1);
       uint16_t u = load16_le(resij);
       uint16_t uu____0 = u;
-      uint16_t prnd = uu____0 >> (uint32_t)1U;
-      uint16_t sign = uu____0 & (uint16_t)1U;
-      uint16_t sample = (uint16_t)0U;
-      uint32_t bound = (uint32_t)12U;
-      for (uint32_t i = (uint32_t)0U; i < bound; i++)
+      uint16_t prnd = (uint32_t)uu____0 >> 1U;
+      uint16_t sign = (uint32_t)uu____0 & 1U;
+      uint16_t sample = 0U;
+      uint32_t bound = 12U;
+      for (uint32_t i = 0U; i < bound; i++)
       {
         uint16_t sample0 = sample;
         uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table640[i];
-        uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U;
-        sample = samplei + sample0;
+        uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U;
+        sample = (uint32_t)samplei + (uint32_t)sample0;
       }
       uint16_t sample0 = sample;
-      res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign;
+      res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign;
     }
   }
 }
@@ -367,26 +359,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(
 )
 {
   memset(res, 0U, n1 * n2 * sizeof (uint16_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++)
+    for (uint32_t i1 = 0U; i1 < n2; i1++)
     {
-      uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1);
+      uint8_t *resij = r + 2U * (n2 * i0 + i1);
       uint16_t u = load16_le(resij);
       uint16_t uu____0 = u;
-      uint16_t prnd = uu____0 >> (uint32_t)1U;
-      uint16_t sign = uu____0 & (uint16_t)1U;
-      uint16_t sample = (uint16_t)0U;
-      uint32_t bound = (uint32_t)10U;
-      for (uint32_t i = (uint32_t)0U; i < bound; i++)
+      uint16_t prnd = (uint32_t)uu____0 >> 1U;
+      uint16_t sign = (uint32_t)uu____0 & 1U;
+      uint16_t sample = 0U;
+      uint32_t bound = 10U;
+      for (uint32_t i = 0U; i < bound; i++)
       {
         uint16_t sample0 = sample;
         uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table976[i];
-        uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U;
-        sample = samplei + sample0;
+        uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U;
+        sample = (uint32_t)samplei + (uint32_t)sample0;
       }
       uint16_t sample0 = sample;
-      res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign;
+      res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign;
     }
   }
 }
@@ -400,26 +392,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(
 )
 {
   memset(res, 0U, n1 * n2 * sizeof (uint16_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++)
+    for (uint32_t i1 = 0U; i1 < n2; i1++)
     {
-      uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1);
+      uint8_t *resij = r + 2U * (n2 * i0 + i1);
       uint16_t u = load16_le(resij);
       uint16_t uu____0 = u;
-      uint16_t prnd = uu____0 >> (uint32_t)1U;
-      uint16_t sign = uu____0 & (uint16_t)1U;
-      uint16_t sample = (uint16_t)0U;
-      uint32_t bound = (uint32_t)6U;
-      for (uint32_t i = (uint32_t)0U; i < bound; i++)
+      uint16_t prnd = (uint32_t)uu____0 >> 1U;
+      uint16_t sign = (uint32_t)uu____0 & 1U;
+      uint16_t sample = 0U;
+      uint32_t bound = 6U;
+      for (uint32_t i = 0U; i < bound; i++)
       {
         uint16_t sample0 = sample;
         uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table1344[i];
-        uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U;
-        sample = samplei + sample0;
+        uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U;
+        sample = (uint32_t)samplei + (uint32_t)sample0;
       }
       uint16_t sample0 = sample;
-      res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign;
+      res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign;
     }
   }
 }
@@ -435,39 +427,34 @@ Hacl_Impl_Frodo_Pack_frodo_pack(
   uint8_t *res
 )
 {
-  uint32_t n = n1 * n2 / (uint32_t)8U;
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  uint32_t n = n1 * n2 / 8U;
+  for (uint32_t i = 0U; i < n; i++)
   {
-    uint16_t *a1 = a + (uint32_t)8U * i;
+    uint16_t *a1 = a + 8U * i;
     uint8_t *r = res + d * i;
-    uint16_t maskd = (uint16_t)((uint32_t)1U << d) - (uint16_t)1U;
+    uint16_t maskd = (uint32_t)(uint16_t)(1U << d) - 1U;
     uint8_t v16[16U] = { 0U };
-    uint16_t a0 = a1[0U] & maskd;
-    uint16_t a11 = a1[1U] & maskd;
-    uint16_t a2 = a1[2U] & maskd;
-    uint16_t a3 = a1[3U] & maskd;
-    uint16_t a4 = a1[4U] & maskd;
-    uint16_t a5 = a1[5U] & maskd;
-    uint16_t a6 = a1[6U] & maskd;
-    uint16_t a7 = a1[7U] & maskd;
+    uint16_t a0 = (uint32_t)a1[0U] & (uint32_t)maskd;
+    uint16_t a11 = (uint32_t)a1[1U] & (uint32_t)maskd;
+    uint16_t a2 = (uint32_t)a1[2U] & (uint32_t)maskd;
+    uint16_t a3 = (uint32_t)a1[3U] & (uint32_t)maskd;
+    uint16_t a4 = (uint32_t)a1[4U] & (uint32_t)maskd;
+    uint16_t a5 = (uint32_t)a1[5U] & (uint32_t)maskd;
+    uint16_t a6 = (uint32_t)a1[6U] & (uint32_t)maskd;
+    uint16_t a7 = (uint32_t)a1[7U] & (uint32_t)maskd;
     FStar_UInt128_uint128
     templong =
       FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a0),
-                      (uint32_t)7U * d),
-                    FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a11),
-                      (uint32_t)6U * d)),
-                  FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a2),
-                    (uint32_t)5U * d)),
-                FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a3),
-                  (uint32_t)4U * d)),
-              FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a4),
-                (uint32_t)3U * d)),
-            FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a5),
-              (uint32_t)2U * d)),
-          FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a6), (uint32_t)1U * d)),
-        FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a7), (uint32_t)0U * d));
+                      7U * d),
+                    FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a11), 6U * d)),
+                  FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a2), 5U * d)),
+                FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a3), 4U * d)),
+              FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a4), 3U * d)),
+            FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a5), 2U * d)),
+          FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a6), 1U * d)),
+        FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a7), 0U * d));
     store128_be(v16, templong);
-    uint8_t *src = v16 + (uint32_t)16U - d;
+    uint8_t *src = v16 + 16U - d;
     memcpy(r, src, d * sizeof (uint8_t));
   }
 }
@@ -481,48 +468,48 @@ Hacl_Impl_Frodo_Pack_frodo_unpack(
   uint16_t *res
 )
 {
-  uint32_t n = n1 * n2 / (uint32_t)8U;
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  uint32_t n = n1 * n2 / 8U;
+  for (uint32_t i = 0U; i < n; i++)
   {
     uint8_t *b1 = b + d * i;
-    uint16_t *r = res + (uint32_t)8U * i;
-    uint16_t maskd = (uint16_t)((uint32_t)1U << d) - (uint16_t)1U;
+    uint16_t *r = res + 8U * i;
+    uint16_t maskd = (uint32_t)(uint16_t)(1U << d) - 1U;
     uint8_t src[16U] = { 0U };
-    memcpy(src + (uint32_t)16U - d, b1, d * sizeof (uint8_t));
+    memcpy(src + 16U - d, b1, d * sizeof (uint8_t));
     FStar_UInt128_uint128 u = load128_be(src);
     FStar_UInt128_uint128 templong = u;
     r[0U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)7U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          7U * d))
+      & (uint32_t)maskd;
     r[1U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)6U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          6U * d))
+      & (uint32_t)maskd;
     r[2U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)5U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          5U * d))
+      & (uint32_t)maskd;
     r[3U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)4U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          4U * d))
+      & (uint32_t)maskd;
     r[4U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)3U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          3U * d))
+      & (uint32_t)maskd;
     r[5U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)2U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          2U * d))
+      & (uint32_t)maskd;
     r[6U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)1U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          1U * d))
+      & (uint32_t)maskd;
     r[7U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)0U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          0U * d))
+      & (uint32_t)maskd;
   }
 }
 
@@ -535,7 +522,7 @@ Hacl_Impl_Frodo_Encode_frodo_key_encode(
   uint16_t *res
 )
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++)
+  for (uint32_t i0 = 0U; i0 < n; i0++)
   {
     uint8_t v8[8U] = { 0U };
     uint8_t *chunk = a + i0 * b;
@@ -544,11 +531,11 @@ Hacl_Impl_Frodo_Encode_frodo_key_encode(
     uint64_t x = u;
     uint64_t x0 = x;
     KRML_MAYBE_FOR8(i,
-      (uint32_t)0U,
-      (uint32_t)8U,
-      (uint32_t)1U,
-      uint64_t rk = x0 >> b * i & (((uint64_t)1U << b) - (uint64_t)1U);
-      res[i0 * n + i] = (uint16_t)rk << (logq - b););
+      0U,
+      8U,
+      1U,
+      uint64_t rk = x0 >> b * i & ((1ULL << b) - 1ULL);
+      res[i0 * n + i] = (uint32_t)(uint16_t)rk << (logq - b););
   }
 }
 
@@ -561,16 +548,16 @@ Hacl_Impl_Frodo_Encode_frodo_key_decode(
   uint8_t *res
 )
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++)
+  for (uint32_t i0 = 0U; i0 < n; i0++)
   {
-    uint64_t templong = (uint64_t)0U;
+    uint64_t templong = 0ULL;
     KRML_MAYBE_FOR8(i,
-      (uint32_t)0U,
-      (uint32_t)8U,
-      (uint32_t)1U,
+      0U,
+      8U,
+      1U,
       uint16_t aik = a[i0 * n + i];
-      uint16_t res1 = (aik + ((uint16_t)1U << (logq - b - (uint32_t)1U))) >> (logq - b);
-      templong = templong | (uint64_t)(res1 & (((uint16_t)1U << b) - (uint16_t)1U)) << b * i;);
+      uint16_t res1 = (((uint32_t)aik + (1U << (logq - b - 1U))) & 0xFFFFU) >> (logq - b);
+      templong = templong | (uint64_t)((uint32_t)res1 & ((1U << b) - 1U)) << b * i;);
     uint64_t templong0 = templong;
     uint8_t v8[8U] = { 0U };
     store64_le(v8, templong0);
diff --git a/include/msvc/internal/Hacl_Hash_Blake2.h b/include/internal/Hacl_HMAC.h
similarity index 82%
rename from include/msvc/internal/Hacl_Hash_Blake2.h
rename to include/internal/Hacl_HMAC.h
index 8f308bd9..ad344c4c 100644
--- a/include/msvc/internal/Hacl_Hash_Blake2.h
+++ b/include/internal/Hacl_HMAC.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __internal_Hacl_Hash_Blake2_H
-#define __internal_Hacl_Hash_Blake2_H
+#ifndef __internal_Hacl_HMAC_H
+#define __internal_Hacl_HMAC_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,8 +35,12 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "internal/Hacl_Impl_Blake2_Constants.h"
-#include "../Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Krmllib.h"
+#include "internal/Hacl_Hash_SHA2.h"
+#include "internal/Hacl_Hash_SHA1.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b.h"
+#include "../Hacl_HMAC.h"
 
 typedef struct K___uint32_t_uint32_t_s
 {
@@ -49,5 +53,5 @@ K___uint32_t_uint32_t;
 }
 #endif
 
-#define __internal_Hacl_Hash_Blake2_H_DEFINED
+#define __internal_Hacl_HMAC_H_DEFINED
 #endif
diff --git a/include/internal/Hacl_Hash_Blake2b.h b/include/internal/Hacl_Hash_Blake2b.h
new file mode 100644
index 00000000..21689d60
--- /dev/null
+++ b/include/internal/Hacl_Hash_Blake2b.h
@@ -0,0 +1,70 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __internal_Hacl_Hash_Blake2b_H
+#define __internal_Hacl_Hash_Blake2b_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "../Hacl_Hash_Blake2b.h"
+
+void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn);
+
+void
+Hacl_Hash_Blake2b_update_multi(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks,
+  uint32_t nb
+);
+
+void
+Hacl_Hash_Blake2b_update_last(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint32_t rem,
+  uint8_t *d
+);
+
+void Hacl_Hash_Blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __internal_Hacl_Hash_Blake2b_H_DEFINED
+#endif
diff --git a/include/Hacl_Hash_Blake2b_256.h b/include/internal/Hacl_Hash_Blake2b_Simd256.h
similarity index 61%
rename from include/Hacl_Hash_Blake2b_256.h
rename to include/internal/Hacl_Hash_Blake2b_Simd256.h
index 2379fd75..4cc07869 100644
--- a/include/Hacl_Hash_Blake2b_256.h
+++ b/include/internal/Hacl_Hash_Blake2b_Simd256.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Hash_Blake2b_256_H
-#define __Hacl_Hash_Blake2b_256_H
+#ifndef __internal_Hacl_Hash_Blake2b_Simd256_H
+#define __internal_Hacl_Hash_Blake2b_Simd256_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,23 +35,15 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Hacl_Krmllib.h"
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "../Hacl_Hash_Blake2b_Simd256.h"
 #include "libintvector.h"
 
 void
-Hacl_Blake2b_256_blake2b_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn);
+Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn);
 
 void
-Hacl_Blake2b_256_blake2b_update_key(
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-);
-
-void
-Hacl_Blake2b_256_blake2b_update_multi(
+Hacl_Hash_Blake2b_Simd256_update_multi(
   uint32_t len,
   Lib_IntVector_Intrinsics_vec256 *wv,
   Lib_IntVector_Intrinsics_vec256 *hash,
@@ -61,7 +53,7 @@ Hacl_Blake2b_256_blake2b_update_multi(
 );
 
 void
-Hacl_Blake2b_256_blake2b_update_last(
+Hacl_Hash_Blake2b_Simd256_update_last(
   uint32_t len,
   Lib_IntVector_Intrinsics_vec256 *wv,
   Lib_IntVector_Intrinsics_vec256 *hash,
@@ -71,49 +63,29 @@ Hacl_Blake2b_256_blake2b_update_last(
 );
 
 void
-Hacl_Blake2b_256_blake2b_finish(
+Hacl_Hash_Blake2b_Simd256_finish(
   uint32_t nn,
   uint8_t *output,
   Lib_IntVector_Intrinsics_vec256 *hash
 );
 
-/**
-Write the BLAKE2b digest of message `d` using key `k` into `output`.
-
-@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2b_256_blake2b(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-);
-
 void
-Hacl_Blake2b_256_load_state256b_from_state32(
+Hacl_Hash_Blake2b_Simd256_load_state256b_from_state32(
   Lib_IntVector_Intrinsics_vec256 *st,
   uint64_t *st32
 );
 
 void
-Hacl_Blake2b_256_store_state256b_to_state32(
+Hacl_Hash_Blake2b_Simd256_store_state256b_to_state32(
   uint64_t *st32,
   Lib_IntVector_Intrinsics_vec256 *st
 );
 
-Lib_IntVector_Intrinsics_vec256 *Hacl_Blake2b_256_blake2b_malloc(void);
+Lib_IntVector_Intrinsics_vec256 *Hacl_Hash_Blake2b_Simd256_malloc_with_key(void);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Hash_Blake2b_256_H_DEFINED
+#define __internal_Hacl_Hash_Blake2b_Simd256_H_DEFINED
 #endif
diff --git a/include/internal/Hacl_Hash_Blake2s.h b/include/internal/Hacl_Hash_Blake2s.h
new file mode 100644
index 00000000..f814aa95
--- /dev/null
+++ b/include/internal/Hacl_Hash_Blake2s.h
@@ -0,0 +1,70 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __internal_Hacl_Hash_Blake2s_H
+#define __internal_Hacl_Hash_Blake2s_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "../Hacl_Hash_Blake2s.h"
+
+void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn);
+
+void
+Hacl_Hash_Blake2s_update_multi(
+  uint32_t len,
+  uint32_t *wv,
+  uint32_t *hash,
+  uint64_t prev,
+  uint8_t *blocks,
+  uint32_t nb
+);
+
+void
+Hacl_Hash_Blake2s_update_last(
+  uint32_t len,
+  uint32_t *wv,
+  uint32_t *hash,
+  uint64_t prev,
+  uint32_t rem,
+  uint8_t *d
+);
+
+void Hacl_Hash_Blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __internal_Hacl_Hash_Blake2s_H_DEFINED
+#endif
diff --git a/include/msvc/Hacl_Hash_Blake2s_128.h b/include/internal/Hacl_Hash_Blake2s_Simd128.h
similarity index 61%
rename from include/msvc/Hacl_Hash_Blake2s_128.h
rename to include/internal/Hacl_Hash_Blake2s_Simd128.h
index 2af827cd..0589aec5 100644
--- a/include/msvc/Hacl_Hash_Blake2s_128.h
+++ b/include/internal/Hacl_Hash_Blake2s_Simd128.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Hash_Blake2s_128_H
-#define __Hacl_Hash_Blake2s_128_H
+#ifndef __internal_Hacl_Hash_Blake2s_Simd128_H
+#define __internal_Hacl_Hash_Blake2s_Simd128_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,22 +35,15 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "../Hacl_Hash_Blake2s_Simd128.h"
 #include "libintvector.h"
 
 void
-Hacl_Blake2s_128_blake2s_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn);
+Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn);
 
 void
-Hacl_Blake2s_128_blake2s_update_key(
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-);
-
-void
-Hacl_Blake2s_128_blake2s_update_multi(
+Hacl_Hash_Blake2s_Simd128_update_multi(
   uint32_t len,
   Lib_IntVector_Intrinsics_vec128 *wv,
   Lib_IntVector_Intrinsics_vec128 *hash,
@@ -60,7 +53,7 @@ Hacl_Blake2s_128_blake2s_update_multi(
 );
 
 void
-Hacl_Blake2s_128_blake2s_update_last(
+Hacl_Hash_Blake2s_Simd128_update_last(
   uint32_t len,
   Lib_IntVector_Intrinsics_vec128 *wv,
   Lib_IntVector_Intrinsics_vec128 *hash,
@@ -70,49 +63,29 @@ Hacl_Blake2s_128_blake2s_update_last(
 );
 
 void
-Hacl_Blake2s_128_blake2s_finish(
+Hacl_Hash_Blake2s_Simd128_finish(
   uint32_t nn,
   uint8_t *output,
   Lib_IntVector_Intrinsics_vec128 *hash
 );
 
-/**
-Write the BLAKE2s digest of message `d` using key `k` into `output`.
-
-@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2s_128_blake2s(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-);
-
 void
-Hacl_Blake2s_128_store_state128s_to_state32(
+Hacl_Hash_Blake2s_Simd128_store_state128s_to_state32(
   uint32_t *st32,
   Lib_IntVector_Intrinsics_vec128 *st
 );
 
 void
-Hacl_Blake2s_128_load_state128s_from_state32(
+Hacl_Hash_Blake2s_Simd128_load_state128s_from_state32(
   Lib_IntVector_Intrinsics_vec128 *st,
   uint32_t *st32
 );
 
-Lib_IntVector_Intrinsics_vec128 *Hacl_Blake2s_128_blake2s_malloc(void);
+Lib_IntVector_Intrinsics_vec128 *Hacl_Hash_Blake2s_Simd128_malloc_with_key(void);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Hash_Blake2s_128_H_DEFINED
+#define __internal_Hacl_Hash_Blake2s_Simd128_H_DEFINED
 #endif
diff --git a/include/internal/Hacl_Hash_MD5.h b/include/internal/Hacl_Hash_MD5.h
index 7fd567f3..dd77aaf1 100644
--- a/include/internal/Hacl_Hash_MD5.h
+++ b/include/internal/Hacl_Hash_MD5.h
@@ -37,21 +37,16 @@ extern "C" {
 
 #include "../Hacl_Hash_MD5.h"
 
-void Hacl_Hash_Core_MD5_legacy_init(uint32_t *s);
+void Hacl_Hash_MD5_init(uint32_t *s);
 
-void Hacl_Hash_Core_MD5_legacy_finish(uint32_t *s, uint8_t *dst);
+void Hacl_Hash_MD5_finish(uint32_t *s, uint8_t *dst);
 
-void Hacl_Hash_MD5_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
+void Hacl_Hash_MD5_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
 
 void
-Hacl_Hash_MD5_legacy_update_last(
-  uint32_t *s,
-  uint64_t prev_len,
-  uint8_t *input,
-  uint32_t input_len
-);
-
-void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
+Hacl_Hash_MD5_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len);
+
+void Hacl_Hash_MD5_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/internal/Hacl_Hash_SHA1.h b/include/internal/Hacl_Hash_SHA1.h
index 72cf492c..ed53be55 100644
--- a/include/internal/Hacl_Hash_SHA1.h
+++ b/include/internal/Hacl_Hash_SHA1.h
@@ -37,21 +37,16 @@ extern "C" {
 
 #include "../Hacl_Hash_SHA1.h"
 
-void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s);
+void Hacl_Hash_SHA1_init(uint32_t *s);
 
-void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst);
+void Hacl_Hash_SHA1_finish(uint32_t *s, uint8_t *dst);
 
-void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
+void Hacl_Hash_SHA1_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
 
 void
-Hacl_Hash_SHA1_legacy_update_last(
-  uint32_t *s,
-  uint64_t prev_len,
-  uint8_t *input,
-  uint32_t input_len
-);
-
-void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
+Hacl_Hash_SHA1_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len);
+
+void Hacl_Hash_SHA1_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/internal/Hacl_Hash_SHA2.h b/include/internal/Hacl_Hash_SHA2.h
index bbffdc50..7dade3f3 100644
--- a/include/internal/Hacl_Hash_SHA2.h
+++ b/include/internal/Hacl_Hash_SHA2.h
@@ -40,141 +40,121 @@ extern "C" {
 
 static const
 uint32_t
-Hacl_Impl_SHA2_Generic_h224[8U] =
+Hacl_Hash_SHA2_h224[8U] =
   {
-    (uint32_t)0xc1059ed8U, (uint32_t)0x367cd507U, (uint32_t)0x3070dd17U, (uint32_t)0xf70e5939U,
-    (uint32_t)0xffc00b31U, (uint32_t)0x68581511U, (uint32_t)0x64f98fa7U, (uint32_t)0xbefa4fa4U
+    0xc1059ed8U, 0x367cd507U, 0x3070dd17U, 0xf70e5939U, 0xffc00b31U, 0x68581511U, 0x64f98fa7U,
+    0xbefa4fa4U
   };
 
 static const
 uint32_t
-Hacl_Impl_SHA2_Generic_h256[8U] =
+Hacl_Hash_SHA2_h256[8U] =
   {
-    (uint32_t)0x6a09e667U, (uint32_t)0xbb67ae85U, (uint32_t)0x3c6ef372U, (uint32_t)0xa54ff53aU,
-    (uint32_t)0x510e527fU, (uint32_t)0x9b05688cU, (uint32_t)0x1f83d9abU, (uint32_t)0x5be0cd19U
+    0x6a09e667U, 0xbb67ae85U, 0x3c6ef372U, 0xa54ff53aU, 0x510e527fU, 0x9b05688cU, 0x1f83d9abU,
+    0x5be0cd19U
   };
 
 static const
 uint64_t
-Hacl_Impl_SHA2_Generic_h384[8U] =
+Hacl_Hash_SHA2_h384[8U] =
   {
-    (uint64_t)0xcbbb9d5dc1059ed8U, (uint64_t)0x629a292a367cd507U, (uint64_t)0x9159015a3070dd17U,
-    (uint64_t)0x152fecd8f70e5939U, (uint64_t)0x67332667ffc00b31U, (uint64_t)0x8eb44a8768581511U,
-    (uint64_t)0xdb0c2e0d64f98fa7U, (uint64_t)0x47b5481dbefa4fa4U
+    0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL,
+    0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL
   };
 
 static const
 uint64_t
-Hacl_Impl_SHA2_Generic_h512[8U] =
+Hacl_Hash_SHA2_h512[8U] =
   {
-    (uint64_t)0x6a09e667f3bcc908U, (uint64_t)0xbb67ae8584caa73bU, (uint64_t)0x3c6ef372fe94f82bU,
-    (uint64_t)0xa54ff53a5f1d36f1U, (uint64_t)0x510e527fade682d1U, (uint64_t)0x9b05688c2b3e6c1fU,
-    (uint64_t)0x1f83d9abfb41bd6bU, (uint64_t)0x5be0cd19137e2179U
+    0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
+    0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
   };
 
 static const
 uint32_t
-Hacl_Impl_SHA2_Generic_k224_256[64U] =
+Hacl_Hash_SHA2_k224_256[64U] =
   {
-    (uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, (uint32_t)0xe9b5dba5U,
-    (uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U,
-    (uint32_t)0xd807aa98U, (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U,
-    (uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, (uint32_t)0xc19bf174U,
-    (uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU,
-    (uint32_t)0x2de92c6fU, (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU,
-    (uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, (uint32_t)0xbf597fc7U,
-    (uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, (uint32_t)0x06ca6351U, (uint32_t)0x14292967U,
-    (uint32_t)0x27b70a85U, (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U,
-    (uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, (uint32_t)0x92722c85U,
-    (uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U,
-    (uint32_t)0xd192e819U, (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U,
-    (uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, (uint32_t)0x34b0bcb5U,
-    (uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U,
-    (uint32_t)0x748f82eeU, (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U,
-    (uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, (uint32_t)0xc67178f2U
+    0x428a2f98U, 0x71374491U, 0xb5c0fbcfU, 0xe9b5dba5U, 0x3956c25bU, 0x59f111f1U, 0x923f82a4U,
+    0xab1c5ed5U, 0xd807aa98U, 0x12835b01U, 0x243185beU, 0x550c7dc3U, 0x72be5d74U, 0x80deb1feU,
+    0x9bdc06a7U, 0xc19bf174U, 0xe49b69c1U, 0xefbe4786U, 0x0fc19dc6U, 0x240ca1ccU, 0x2de92c6fU,
+    0x4a7484aaU, 0x5cb0a9dcU, 0x76f988daU, 0x983e5152U, 0xa831c66dU, 0xb00327c8U, 0xbf597fc7U,
+    0xc6e00bf3U, 0xd5a79147U, 0x06ca6351U, 0x14292967U, 0x27b70a85U, 0x2e1b2138U, 0x4d2c6dfcU,
+    0x53380d13U, 0x650a7354U, 0x766a0abbU, 0x81c2c92eU, 0x92722c85U, 0xa2bfe8a1U, 0xa81a664bU,
+    0xc24b8b70U, 0xc76c51a3U, 0xd192e819U, 0xd6990624U, 0xf40e3585U, 0x106aa070U, 0x19a4c116U,
+    0x1e376c08U, 0x2748774cU, 0x34b0bcb5U, 0x391c0cb3U, 0x4ed8aa4aU, 0x5b9cca4fU, 0x682e6ff3U,
+    0x748f82eeU, 0x78a5636fU, 0x84c87814U, 0x8cc70208U, 0x90befffaU, 0xa4506cebU, 0xbef9a3f7U,
+    0xc67178f2U
   };
 
 static const
 uint64_t
-Hacl_Impl_SHA2_Generic_k384_512[80U] =
+Hacl_Hash_SHA2_k384_512[80U] =
   {
-    (uint64_t)0x428a2f98d728ae22U, (uint64_t)0x7137449123ef65cdU, (uint64_t)0xb5c0fbcfec4d3b2fU,
-    (uint64_t)0xe9b5dba58189dbbcU, (uint64_t)0x3956c25bf348b538U, (uint64_t)0x59f111f1b605d019U,
-    (uint64_t)0x923f82a4af194f9bU, (uint64_t)0xab1c5ed5da6d8118U, (uint64_t)0xd807aa98a3030242U,
-    (uint64_t)0x12835b0145706fbeU, (uint64_t)0x243185be4ee4b28cU, (uint64_t)0x550c7dc3d5ffb4e2U,
-    (uint64_t)0x72be5d74f27b896fU, (uint64_t)0x80deb1fe3b1696b1U, (uint64_t)0x9bdc06a725c71235U,
-    (uint64_t)0xc19bf174cf692694U, (uint64_t)0xe49b69c19ef14ad2U, (uint64_t)0xefbe4786384f25e3U,
-    (uint64_t)0x0fc19dc68b8cd5b5U, (uint64_t)0x240ca1cc77ac9c65U, (uint64_t)0x2de92c6f592b0275U,
-    (uint64_t)0x4a7484aa6ea6e483U, (uint64_t)0x5cb0a9dcbd41fbd4U, (uint64_t)0x76f988da831153b5U,
-    (uint64_t)0x983e5152ee66dfabU, (uint64_t)0xa831c66d2db43210U, (uint64_t)0xb00327c898fb213fU,
-    (uint64_t)0xbf597fc7beef0ee4U, (uint64_t)0xc6e00bf33da88fc2U, (uint64_t)0xd5a79147930aa725U,
-    (uint64_t)0x06ca6351e003826fU, (uint64_t)0x142929670a0e6e70U, (uint64_t)0x27b70a8546d22ffcU,
-    (uint64_t)0x2e1b21385c26c926U, (uint64_t)0x4d2c6dfc5ac42aedU, (uint64_t)0x53380d139d95b3dfU,
-    (uint64_t)0x650a73548baf63deU, (uint64_t)0x766a0abb3c77b2a8U, (uint64_t)0x81c2c92e47edaee6U,
-    (uint64_t)0x92722c851482353bU, (uint64_t)0xa2bfe8a14cf10364U, (uint64_t)0xa81a664bbc423001U,
-    (uint64_t)0xc24b8b70d0f89791U, (uint64_t)0xc76c51a30654be30U, (uint64_t)0xd192e819d6ef5218U,
-    (uint64_t)0xd69906245565a910U, (uint64_t)0xf40e35855771202aU, (uint64_t)0x106aa07032bbd1b8U,
-    (uint64_t)0x19a4c116b8d2d0c8U, (uint64_t)0x1e376c085141ab53U, (uint64_t)0x2748774cdf8eeb99U,
-    (uint64_t)0x34b0bcb5e19b48a8U, (uint64_t)0x391c0cb3c5c95a63U, (uint64_t)0x4ed8aa4ae3418acbU,
-    (uint64_t)0x5b9cca4f7763e373U, (uint64_t)0x682e6ff3d6b2b8a3U, (uint64_t)0x748f82ee5defb2fcU,
-    (uint64_t)0x78a5636f43172f60U, (uint64_t)0x84c87814a1f0ab72U, (uint64_t)0x8cc702081a6439ecU,
-    (uint64_t)0x90befffa23631e28U, (uint64_t)0xa4506cebde82bde9U, (uint64_t)0xbef9a3f7b2c67915U,
-    (uint64_t)0xc67178f2e372532bU, (uint64_t)0xca273eceea26619cU, (uint64_t)0xd186b8c721c0c207U,
-    (uint64_t)0xeada7dd6cde0eb1eU, (uint64_t)0xf57d4f7fee6ed178U, (uint64_t)0x06f067aa72176fbaU,
-    (uint64_t)0x0a637dc5a2c898a6U, (uint64_t)0x113f9804bef90daeU, (uint64_t)0x1b710b35131c471bU,
-    (uint64_t)0x28db77f523047d84U, (uint64_t)0x32caab7b40c72493U, (uint64_t)0x3c9ebe0a15c9bebcU,
-    (uint64_t)0x431d67c49c100d4cU, (uint64_t)0x4cc5d4becb3e42b6U, (uint64_t)0x597f299cfc657e2aU,
-    (uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U
+    0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+    0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+    0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+    0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+    0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+    0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+    0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+    0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+    0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+    0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+    0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+    0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+    0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+    0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+    0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+    0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+    0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+    0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+    0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+    0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
   };
 
-void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash);
+void Hacl_Hash_SHA2_sha256_init(uint32_t *hash);
 
-void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st);
+void Hacl_Hash_SHA2_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st);
 
 void
-Hacl_SHA2_Scalar32_sha256_update_last(
-  uint64_t totlen,
-  uint32_t len,
-  uint8_t *b,
-  uint32_t *hash
-);
+Hacl_Hash_SHA2_sha256_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *hash);
 
-void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h);
+void Hacl_Hash_SHA2_sha256_finish(uint32_t *st, uint8_t *h);
 
-void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash);
+void Hacl_Hash_SHA2_sha224_init(uint32_t *hash);
 
 void
-Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st);
+Hacl_Hash_SHA2_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st);
 
-void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h);
+void Hacl_Hash_SHA2_sha224_finish(uint32_t *st, uint8_t *h);
 
-void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash);
+void Hacl_Hash_SHA2_sha512_init(uint64_t *hash);
 
-void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
+void Hacl_Hash_SHA2_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
 
 void
-Hacl_SHA2_Scalar32_sha512_update_last(
+Hacl_Hash_SHA2_sha512_update_last(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
   uint8_t *b,
   uint64_t *hash
 );
 
-void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h);
+void Hacl_Hash_SHA2_sha512_finish(uint64_t *st, uint8_t *h);
 
-void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash);
+void Hacl_Hash_SHA2_sha384_init(uint64_t *hash);
 
-void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
+void Hacl_Hash_SHA2_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
 
 void
-Hacl_SHA2_Scalar32_sha384_update_last(
+Hacl_Hash_SHA2_sha384_update_last(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
   uint8_t *b,
   uint64_t *st
 );
 
-void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h);
+void Hacl_Hash_SHA2_sha384_finish(uint64_t *st, uint8_t *h);
 
 #if defined(__cplusplus)
 }
diff --git a/include/internal/Hacl_Hash_SHA3.h b/include/internal/Hacl_Hash_SHA3.h
index 6f53d37c..1c8129fb 100644
--- a/include/internal/Hacl_Hash_SHA3.h
+++ b/include/internal/Hacl_Hash_SHA3.h
@@ -53,9 +53,9 @@ Hacl_Hash_SHA3_update_last_sha3(
   uint32_t input_len
 );
 
-void Hacl_Impl_SHA3_state_permute(uint64_t *s);
+void Hacl_Hash_SHA3_state_permute(uint64_t *s);
 
-void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s);
+void Hacl_Hash_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s);
 
 #if defined(__cplusplus)
 }
diff --git a/include/internal/Hacl_Impl_Blake2_Constants.h b/include/internal/Hacl_Impl_Blake2_Constants.h
index 185317ba..aedc2486 100644
--- a/include/internal/Hacl_Impl_Blake2_Constants.h
+++ b/include/internal/Hacl_Impl_Blake2_Constants.h
@@ -37,52 +37,32 @@ extern "C" {
 
 static const
 uint32_t
-Hacl_Impl_Blake2_Constants_sigmaTable[160U] =
+Hacl_Hash_Blake2s_sigmaTable[160U] =
   {
-    (uint32_t)0U, (uint32_t)1U, (uint32_t)2U, (uint32_t)3U, (uint32_t)4U, (uint32_t)5U,
-    (uint32_t)6U, (uint32_t)7U, (uint32_t)8U, (uint32_t)9U, (uint32_t)10U, (uint32_t)11U,
-    (uint32_t)12U, (uint32_t)13U, (uint32_t)14U, (uint32_t)15U, (uint32_t)14U, (uint32_t)10U,
-    (uint32_t)4U, (uint32_t)8U, (uint32_t)9U, (uint32_t)15U, (uint32_t)13U, (uint32_t)6U,
-    (uint32_t)1U, (uint32_t)12U, (uint32_t)0U, (uint32_t)2U, (uint32_t)11U, (uint32_t)7U,
-    (uint32_t)5U, (uint32_t)3U, (uint32_t)11U, (uint32_t)8U, (uint32_t)12U, (uint32_t)0U,
-    (uint32_t)5U, (uint32_t)2U, (uint32_t)15U, (uint32_t)13U, (uint32_t)10U, (uint32_t)14U,
-    (uint32_t)3U, (uint32_t)6U, (uint32_t)7U, (uint32_t)1U, (uint32_t)9U, (uint32_t)4U,
-    (uint32_t)7U, (uint32_t)9U, (uint32_t)3U, (uint32_t)1U, (uint32_t)13U, (uint32_t)12U,
-    (uint32_t)11U, (uint32_t)14U, (uint32_t)2U, (uint32_t)6U, (uint32_t)5U, (uint32_t)10U,
-    (uint32_t)4U, (uint32_t)0U, (uint32_t)15U, (uint32_t)8U, (uint32_t)9U, (uint32_t)0U,
-    (uint32_t)5U, (uint32_t)7U, (uint32_t)2U, (uint32_t)4U, (uint32_t)10U, (uint32_t)15U,
-    (uint32_t)14U, (uint32_t)1U, (uint32_t)11U, (uint32_t)12U, (uint32_t)6U, (uint32_t)8U,
-    (uint32_t)3U, (uint32_t)13U, (uint32_t)2U, (uint32_t)12U, (uint32_t)6U, (uint32_t)10U,
-    (uint32_t)0U, (uint32_t)11U, (uint32_t)8U, (uint32_t)3U, (uint32_t)4U, (uint32_t)13U,
-    (uint32_t)7U, (uint32_t)5U, (uint32_t)15U, (uint32_t)14U, (uint32_t)1U, (uint32_t)9U,
-    (uint32_t)12U, (uint32_t)5U, (uint32_t)1U, (uint32_t)15U, (uint32_t)14U, (uint32_t)13U,
-    (uint32_t)4U, (uint32_t)10U, (uint32_t)0U, (uint32_t)7U, (uint32_t)6U, (uint32_t)3U,
-    (uint32_t)9U, (uint32_t)2U, (uint32_t)8U, (uint32_t)11U, (uint32_t)13U, (uint32_t)11U,
-    (uint32_t)7U, (uint32_t)14U, (uint32_t)12U, (uint32_t)1U, (uint32_t)3U, (uint32_t)9U,
-    (uint32_t)5U, (uint32_t)0U, (uint32_t)15U, (uint32_t)4U, (uint32_t)8U, (uint32_t)6U,
-    (uint32_t)2U, (uint32_t)10U, (uint32_t)6U, (uint32_t)15U, (uint32_t)14U, (uint32_t)9U,
-    (uint32_t)11U, (uint32_t)3U, (uint32_t)0U, (uint32_t)8U, (uint32_t)12U, (uint32_t)2U,
-    (uint32_t)13U, (uint32_t)7U, (uint32_t)1U, (uint32_t)4U, (uint32_t)10U, (uint32_t)5U,
-    (uint32_t)10U, (uint32_t)2U, (uint32_t)8U, (uint32_t)4U, (uint32_t)7U, (uint32_t)6U,
-    (uint32_t)1U, (uint32_t)5U, (uint32_t)15U, (uint32_t)11U, (uint32_t)9U, (uint32_t)14U,
-    (uint32_t)3U, (uint32_t)12U, (uint32_t)13U
+    0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 14U, 10U, 4U, 8U, 9U, 15U,
+    13U, 6U, 1U, 12U, 0U, 2U, 11U, 7U, 5U, 3U, 11U, 8U, 12U, 0U, 5U, 2U, 15U, 13U, 10U, 14U, 3U, 6U,
+    7U, 1U, 9U, 4U, 7U, 9U, 3U, 1U, 13U, 12U, 11U, 14U, 2U, 6U, 5U, 10U, 4U, 0U, 15U, 8U, 9U, 0U,
+    5U, 7U, 2U, 4U, 10U, 15U, 14U, 1U, 11U, 12U, 6U, 8U, 3U, 13U, 2U, 12U, 6U, 10U, 0U, 11U, 8U, 3U,
+    4U, 13U, 7U, 5U, 15U, 14U, 1U, 9U, 12U, 5U, 1U, 15U, 14U, 13U, 4U, 10U, 0U, 7U, 6U, 3U, 9U, 2U,
+    8U, 11U, 13U, 11U, 7U, 14U, 12U, 1U, 3U, 9U, 5U, 0U, 15U, 4U, 8U, 6U, 2U, 10U, 6U, 15U, 14U, 9U,
+    11U, 3U, 0U, 8U, 12U, 2U, 13U, 7U, 1U, 4U, 10U, 5U, 10U, 2U, 8U, 4U, 7U, 6U, 1U, 5U, 15U, 11U,
+    9U, 14U, 3U, 12U, 13U
   };
 
 static const
 uint32_t
-Hacl_Impl_Blake2_Constants_ivTable_S[8U] =
+Hacl_Hash_Blake2s_ivTable_S[8U] =
   {
-    (uint32_t)0x6A09E667U, (uint32_t)0xBB67AE85U, (uint32_t)0x3C6EF372U, (uint32_t)0xA54FF53AU,
-    (uint32_t)0x510E527FU, (uint32_t)0x9B05688CU, (uint32_t)0x1F83D9ABU, (uint32_t)0x5BE0CD19U
+    0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU, 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU,
+    0x5BE0CD19U
   };
 
 static const
 uint64_t
-Hacl_Impl_Blake2_Constants_ivTable_B[8U] =
+Hacl_Hash_Blake2s_ivTable_B[8U] =
   {
-    (uint64_t)0x6A09E667F3BCC908U, (uint64_t)0xBB67AE8584CAA73BU, (uint64_t)0x3C6EF372FE94F82BU,
-    (uint64_t)0xA54FF53A5F1D36F1U, (uint64_t)0x510E527FADE682D1U, (uint64_t)0x9B05688C2B3E6C1FU,
-    (uint64_t)0x1F83D9ABFB41BD6BU, (uint64_t)0x5BE0CD19137E2179U
+    0x6A09E667F3BCC908ULL, 0xBB67AE8584CAA73BULL, 0x3C6EF372FE94F82BULL, 0xA54FF53A5F1D36F1ULL,
+    0x510E527FADE682D1ULL, 0x9B05688C2B3E6C1FULL, 0x1F83D9ABFB41BD6BULL, 0x5BE0CD19137E2179ULL
   };
 
 #if defined(__cplusplus)
diff --git a/include/internal/Hacl_Impl_FFDHE_Constants.h b/include/internal/Hacl_Impl_FFDHE_Constants.h
index c746c411..80cbdd52 100644
--- a/include/internal/Hacl_Impl_FFDHE_Constants.h
+++ b/include/internal/Hacl_Impl_FFDHE_Constants.h
@@ -35,528 +35,265 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_g2[1U] = { (uint8_t)0x02U };
+static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_g2[1U] = { 0x02U };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p2048[256U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x28U,
-    (uint8_t)0x5CU, (uint8_t)0x97U, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x28U, 0x5CU,
+    0x97U, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU
   };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p3072[384U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU,
-    (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU,
-    (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U,
-    (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U,
-    (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U,
-    (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U,
-    (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU,
-    (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU,
-    (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U,
-    (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U,
-    (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU,
-    (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U,
-    (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U,
-    (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU,
-    (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU,
-    (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU,
-    (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU,
-    (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U,
-    (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU,
-    (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU,
-    (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U,
-    (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU,
-    (uint8_t)0x66U, (uint8_t)0xC6U, (uint8_t)0x2EU, (uint8_t)0x37U, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU,
+    0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU,
+    0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU,
+    0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U,
+    0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU,
+    0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U,
+    0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU,
+    0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U,
+    0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U,
+    0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU,
+    0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0xC6U, 0x2EU, 0x37U, 0xFFU,
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU
   };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p4096[512U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU,
-    (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU,
-    (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U,
-    (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U,
-    (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U,
-    (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U,
-    (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU,
-    (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU,
-    (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U,
-    (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U,
-    (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU,
-    (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U,
-    (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U,
-    (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU,
-    (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU,
-    (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU,
-    (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU,
-    (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U,
-    (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU,
-    (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU,
-    (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U,
-    (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU,
-    (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU,
-    (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU,
-    (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U,
-    (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U,
-    (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U,
-    (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U,
-    (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U,
-    (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U,
-    (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU,
-    (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U,
-    (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U,
-    (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U,
-    (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U,
-    (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU,
-    (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U,
-    (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U,
-    (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U,
-    (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU,
-    (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U,
-    (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U,
-    (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU,
-    (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x65U, (uint8_t)0x5FU, (uint8_t)0x6AU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU,
+    0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU,
+    0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU,
+    0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U,
+    0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU,
+    0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U,
+    0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU,
+    0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U,
+    0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U,
+    0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU,
+    0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU,
+    0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U,
+    0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU,
+    0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU,
+    0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU,
+    0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U,
+    0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU,
+    0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U,
+    0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU,
+    0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U,
+    0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x65U, 0x5FU, 0x6AU, 0xFFU, 0xFFU, 0xFFU,
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU
   };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p6144[768U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU,
-    (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU,
-    (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U,
-    (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U,
-    (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U,
-    (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U,
-    (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU,
-    (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU,
-    (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U,
-    (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U,
-    (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU,
-    (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U,
-    (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U,
-    (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU,
-    (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU,
-    (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU,
-    (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU,
-    (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U,
-    (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU,
-    (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU,
-    (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U,
-    (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU,
-    (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU,
-    (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU,
-    (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U,
-    (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U,
-    (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U,
-    (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U,
-    (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U,
-    (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U,
-    (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU,
-    (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U,
-    (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U,
-    (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U,
-    (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U,
-    (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU,
-    (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U,
-    (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U,
-    (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U,
-    (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU,
-    (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U,
-    (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U,
-    (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU,
-    (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x0DU, (uint8_t)0xD9U, (uint8_t)0x02U,
-    (uint8_t)0x0BU, (uint8_t)0xFDU, (uint8_t)0x64U, (uint8_t)0xB6U, (uint8_t)0x45U, (uint8_t)0x03U,
-    (uint8_t)0x6CU, (uint8_t)0x7AU, (uint8_t)0x4EU, (uint8_t)0x67U, (uint8_t)0x7DU, (uint8_t)0x2CU,
-    (uint8_t)0x38U, (uint8_t)0x53U, (uint8_t)0x2AU, (uint8_t)0x3AU, (uint8_t)0x23U, (uint8_t)0xBAU,
-    (uint8_t)0x44U, (uint8_t)0x42U, (uint8_t)0xCAU, (uint8_t)0xF5U, (uint8_t)0x3EU, (uint8_t)0xA6U,
-    (uint8_t)0x3BU, (uint8_t)0xB4U, (uint8_t)0x54U, (uint8_t)0x32U, (uint8_t)0x9BU, (uint8_t)0x76U,
-    (uint8_t)0x24U, (uint8_t)0xC8U, (uint8_t)0x91U, (uint8_t)0x7BU, (uint8_t)0xDDU, (uint8_t)0x64U,
-    (uint8_t)0xB1U, (uint8_t)0xC0U, (uint8_t)0xFDU, (uint8_t)0x4CU, (uint8_t)0xB3U, (uint8_t)0x8EU,
-    (uint8_t)0x8CU, (uint8_t)0x33U, (uint8_t)0x4CU, (uint8_t)0x70U, (uint8_t)0x1CU, (uint8_t)0x3AU,
-    (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x06U, (uint8_t)0x57U, (uint8_t)0xFCU, (uint8_t)0xCFU,
-    (uint8_t)0xECU, (uint8_t)0x71U, (uint8_t)0x9BU, (uint8_t)0x1FU, (uint8_t)0x5CU, (uint8_t)0x3EU,
-    (uint8_t)0x4EU, (uint8_t)0x46U, (uint8_t)0x04U, (uint8_t)0x1FU, (uint8_t)0x38U, (uint8_t)0x81U,
-    (uint8_t)0x47U, (uint8_t)0xFBU, (uint8_t)0x4CU, (uint8_t)0xFDU, (uint8_t)0xB4U, (uint8_t)0x77U,
-    (uint8_t)0xA5U, (uint8_t)0x24U, (uint8_t)0x71U, (uint8_t)0xF7U, (uint8_t)0xA9U, (uint8_t)0xA9U,
-    (uint8_t)0x69U, (uint8_t)0x10U, (uint8_t)0xB8U, (uint8_t)0x55U, (uint8_t)0x32U, (uint8_t)0x2EU,
-    (uint8_t)0xDBU, (uint8_t)0x63U, (uint8_t)0x40U, (uint8_t)0xD8U, (uint8_t)0xA0U, (uint8_t)0x0EU,
-    (uint8_t)0xF0U, (uint8_t)0x92U, (uint8_t)0x35U, (uint8_t)0x05U, (uint8_t)0x11U, (uint8_t)0xE3U,
-    (uint8_t)0x0AU, (uint8_t)0xBEU, (uint8_t)0xC1U, (uint8_t)0xFFU, (uint8_t)0xF9U, (uint8_t)0xE3U,
-    (uint8_t)0xA2U, (uint8_t)0x6EU, (uint8_t)0x7FU, (uint8_t)0xB2U, (uint8_t)0x9FU, (uint8_t)0x8CU,
-    (uint8_t)0x18U, (uint8_t)0x30U, (uint8_t)0x23U, (uint8_t)0xC3U, (uint8_t)0x58U, (uint8_t)0x7EU,
-    (uint8_t)0x38U, (uint8_t)0xDAU, (uint8_t)0x00U, (uint8_t)0x77U, (uint8_t)0xD9U, (uint8_t)0xB4U,
-    (uint8_t)0x76U, (uint8_t)0x3EU, (uint8_t)0x4EU, (uint8_t)0x4BU, (uint8_t)0x94U, (uint8_t)0xB2U,
-    (uint8_t)0xBBU, (uint8_t)0xC1U, (uint8_t)0x94U, (uint8_t)0xC6U, (uint8_t)0x65U, (uint8_t)0x1EU,
-    (uint8_t)0x77U, (uint8_t)0xCAU, (uint8_t)0xF9U, (uint8_t)0x92U, (uint8_t)0xEEU, (uint8_t)0xAAU,
-    (uint8_t)0xC0U, (uint8_t)0x23U, (uint8_t)0x2AU, (uint8_t)0x28U, (uint8_t)0x1BU, (uint8_t)0xF6U,
-    (uint8_t)0xB3U, (uint8_t)0xA7U, (uint8_t)0x39U, (uint8_t)0xC1U, (uint8_t)0x22U, (uint8_t)0x61U,
-    (uint8_t)0x16U, (uint8_t)0x82U, (uint8_t)0x0AU, (uint8_t)0xE8U, (uint8_t)0xDBU, (uint8_t)0x58U,
-    (uint8_t)0x47U, (uint8_t)0xA6U, (uint8_t)0x7CU, (uint8_t)0xBEU, (uint8_t)0xF9U, (uint8_t)0xC9U,
-    (uint8_t)0x09U, (uint8_t)0x1BU, (uint8_t)0x46U, (uint8_t)0x2DU, (uint8_t)0x53U, (uint8_t)0x8CU,
-    (uint8_t)0xD7U, (uint8_t)0x2BU, (uint8_t)0x03U, (uint8_t)0x74U, (uint8_t)0x6AU, (uint8_t)0xE7U,
-    (uint8_t)0x7FU, (uint8_t)0x5EU, (uint8_t)0x62U, (uint8_t)0x29U, (uint8_t)0x2CU, (uint8_t)0x31U,
-    (uint8_t)0x15U, (uint8_t)0x62U, (uint8_t)0xA8U, (uint8_t)0x46U, (uint8_t)0x50U, (uint8_t)0x5DU,
-    (uint8_t)0xC8U, (uint8_t)0x2DU, (uint8_t)0xB8U, (uint8_t)0x54U, (uint8_t)0x33U, (uint8_t)0x8AU,
-    (uint8_t)0xE4U, (uint8_t)0x9FU, (uint8_t)0x52U, (uint8_t)0x35U, (uint8_t)0xC9U, (uint8_t)0x5BU,
-    (uint8_t)0x91U, (uint8_t)0x17U, (uint8_t)0x8CU, (uint8_t)0xCFU, (uint8_t)0x2DU, (uint8_t)0xD5U,
-    (uint8_t)0xCAU, (uint8_t)0xCEU, (uint8_t)0xF4U, (uint8_t)0x03U, (uint8_t)0xECU, (uint8_t)0x9DU,
-    (uint8_t)0x18U, (uint8_t)0x10U, (uint8_t)0xC6U, (uint8_t)0x27U, (uint8_t)0x2BU, (uint8_t)0x04U,
-    (uint8_t)0x5BU, (uint8_t)0x3BU, (uint8_t)0x71U, (uint8_t)0xF9U, (uint8_t)0xDCU, (uint8_t)0x6BU,
-    (uint8_t)0x80U, (uint8_t)0xD6U, (uint8_t)0x3FU, (uint8_t)0xDDU, (uint8_t)0x4AU, (uint8_t)0x8EU,
-    (uint8_t)0x9AU, (uint8_t)0xDBU, (uint8_t)0x1EU, (uint8_t)0x69U, (uint8_t)0x62U, (uint8_t)0xA6U,
-    (uint8_t)0x95U, (uint8_t)0x26U, (uint8_t)0xD4U, (uint8_t)0x31U, (uint8_t)0x61U, (uint8_t)0xC1U,
-    (uint8_t)0xA4U, (uint8_t)0x1DU, (uint8_t)0x57U, (uint8_t)0x0DU, (uint8_t)0x79U, (uint8_t)0x38U,
-    (uint8_t)0xDAU, (uint8_t)0xD4U, (uint8_t)0xA4U, (uint8_t)0x0EU, (uint8_t)0x32U, (uint8_t)0x9CU,
-    (uint8_t)0xD0U, (uint8_t)0xE4U, (uint8_t)0x0EU, (uint8_t)0x65U, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU,
+    0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU,
+    0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU,
+    0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U,
+    0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU,
+    0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U,
+    0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU,
+    0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U,
+    0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U,
+    0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU,
+    0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU,
+    0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U,
+    0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU,
+    0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU,
+    0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU,
+    0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U,
+    0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU,
+    0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U,
+    0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU,
+    0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U,
+    0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x0DU, 0xD9U, 0x02U, 0x0BU, 0xFDU, 0x64U,
+    0xB6U, 0x45U, 0x03U, 0x6CU, 0x7AU, 0x4EU, 0x67U, 0x7DU, 0x2CU, 0x38U, 0x53U, 0x2AU, 0x3AU,
+    0x23U, 0xBAU, 0x44U, 0x42U, 0xCAU, 0xF5U, 0x3EU, 0xA6U, 0x3BU, 0xB4U, 0x54U, 0x32U, 0x9BU,
+    0x76U, 0x24U, 0xC8U, 0x91U, 0x7BU, 0xDDU, 0x64U, 0xB1U, 0xC0U, 0xFDU, 0x4CU, 0xB3U, 0x8EU,
+    0x8CU, 0x33U, 0x4CU, 0x70U, 0x1CU, 0x3AU, 0xCDU, 0xADU, 0x06U, 0x57U, 0xFCU, 0xCFU, 0xECU,
+    0x71U, 0x9BU, 0x1FU, 0x5CU, 0x3EU, 0x4EU, 0x46U, 0x04U, 0x1FU, 0x38U, 0x81U, 0x47U, 0xFBU,
+    0x4CU, 0xFDU, 0xB4U, 0x77U, 0xA5U, 0x24U, 0x71U, 0xF7U, 0xA9U, 0xA9U, 0x69U, 0x10U, 0xB8U,
+    0x55U, 0x32U, 0x2EU, 0xDBU, 0x63U, 0x40U, 0xD8U, 0xA0U, 0x0EU, 0xF0U, 0x92U, 0x35U, 0x05U,
+    0x11U, 0xE3U, 0x0AU, 0xBEU, 0xC1U, 0xFFU, 0xF9U, 0xE3U, 0xA2U, 0x6EU, 0x7FU, 0xB2U, 0x9FU,
+    0x8CU, 0x18U, 0x30U, 0x23U, 0xC3U, 0x58U, 0x7EU, 0x38U, 0xDAU, 0x00U, 0x77U, 0xD9U, 0xB4U,
+    0x76U, 0x3EU, 0x4EU, 0x4BU, 0x94U, 0xB2U, 0xBBU, 0xC1U, 0x94U, 0xC6U, 0x65U, 0x1EU, 0x77U,
+    0xCAU, 0xF9U, 0x92U, 0xEEU, 0xAAU, 0xC0U, 0x23U, 0x2AU, 0x28U, 0x1BU, 0xF6U, 0xB3U, 0xA7U,
+    0x39U, 0xC1U, 0x22U, 0x61U, 0x16U, 0x82U, 0x0AU, 0xE8U, 0xDBU, 0x58U, 0x47U, 0xA6U, 0x7CU,
+    0xBEU, 0xF9U, 0xC9U, 0x09U, 0x1BU, 0x46U, 0x2DU, 0x53U, 0x8CU, 0xD7U, 0x2BU, 0x03U, 0x74U,
+    0x6AU, 0xE7U, 0x7FU, 0x5EU, 0x62U, 0x29U, 0x2CU, 0x31U, 0x15U, 0x62U, 0xA8U, 0x46U, 0x50U,
+    0x5DU, 0xC8U, 0x2DU, 0xB8U, 0x54U, 0x33U, 0x8AU, 0xE4U, 0x9FU, 0x52U, 0x35U, 0xC9U, 0x5BU,
+    0x91U, 0x17U, 0x8CU, 0xCFU, 0x2DU, 0xD5U, 0xCAU, 0xCEU, 0xF4U, 0x03U, 0xECU, 0x9DU, 0x18U,
+    0x10U, 0xC6U, 0x27U, 0x2BU, 0x04U, 0x5BU, 0x3BU, 0x71U, 0xF9U, 0xDCU, 0x6BU, 0x80U, 0xD6U,
+    0x3FU, 0xDDU, 0x4AU, 0x8EU, 0x9AU, 0xDBU, 0x1EU, 0x69U, 0x62U, 0xA6U, 0x95U, 0x26U, 0xD4U,
+    0x31U, 0x61U, 0xC1U, 0xA4U, 0x1DU, 0x57U, 0x0DU, 0x79U, 0x38U, 0xDAU, 0xD4U, 0xA4U, 0x0EU,
+    0x32U, 0x9CU, 0xD0U, 0xE4U, 0x0EU, 0x65U, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU,
+    0xFFU
   };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p8192[1024U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU,
-    (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU,
-    (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U,
-    (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U,
-    (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U,
-    (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U,
-    (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU,
-    (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU,
-    (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U,
-    (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U,
-    (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU,
-    (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U,
-    (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U,
-    (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU,
-    (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU,
-    (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU,
-    (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU,
-    (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U,
-    (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU,
-    (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU,
-    (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U,
-    (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU,
-    (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU,
-    (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU,
-    (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U,
-    (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U,
-    (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U,
-    (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U,
-    (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U,
-    (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U,
-    (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU,
-    (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U,
-    (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U,
-    (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U,
-    (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U,
-    (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU,
-    (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U,
-    (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U,
-    (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U,
-    (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU,
-    (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U,
-    (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U,
-    (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU,
-    (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x0DU, (uint8_t)0xD9U, (uint8_t)0x02U,
-    (uint8_t)0x0BU, (uint8_t)0xFDU, (uint8_t)0x64U, (uint8_t)0xB6U, (uint8_t)0x45U, (uint8_t)0x03U,
-    (uint8_t)0x6CU, (uint8_t)0x7AU, (uint8_t)0x4EU, (uint8_t)0x67U, (uint8_t)0x7DU, (uint8_t)0x2CU,
-    (uint8_t)0x38U, (uint8_t)0x53U, (uint8_t)0x2AU, (uint8_t)0x3AU, (uint8_t)0x23U, (uint8_t)0xBAU,
-    (uint8_t)0x44U, (uint8_t)0x42U, (uint8_t)0xCAU, (uint8_t)0xF5U, (uint8_t)0x3EU, (uint8_t)0xA6U,
-    (uint8_t)0x3BU, (uint8_t)0xB4U, (uint8_t)0x54U, (uint8_t)0x32U, (uint8_t)0x9BU, (uint8_t)0x76U,
-    (uint8_t)0x24U, (uint8_t)0xC8U, (uint8_t)0x91U, (uint8_t)0x7BU, (uint8_t)0xDDU, (uint8_t)0x64U,
-    (uint8_t)0xB1U, (uint8_t)0xC0U, (uint8_t)0xFDU, (uint8_t)0x4CU, (uint8_t)0xB3U, (uint8_t)0x8EU,
-    (uint8_t)0x8CU, (uint8_t)0x33U, (uint8_t)0x4CU, (uint8_t)0x70U, (uint8_t)0x1CU, (uint8_t)0x3AU,
-    (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x06U, (uint8_t)0x57U, (uint8_t)0xFCU, (uint8_t)0xCFU,
-    (uint8_t)0xECU, (uint8_t)0x71U, (uint8_t)0x9BU, (uint8_t)0x1FU, (uint8_t)0x5CU, (uint8_t)0x3EU,
-    (uint8_t)0x4EU, (uint8_t)0x46U, (uint8_t)0x04U, (uint8_t)0x1FU, (uint8_t)0x38U, (uint8_t)0x81U,
-    (uint8_t)0x47U, (uint8_t)0xFBU, (uint8_t)0x4CU, (uint8_t)0xFDU, (uint8_t)0xB4U, (uint8_t)0x77U,
-    (uint8_t)0xA5U, (uint8_t)0x24U, (uint8_t)0x71U, (uint8_t)0xF7U, (uint8_t)0xA9U, (uint8_t)0xA9U,
-    (uint8_t)0x69U, (uint8_t)0x10U, (uint8_t)0xB8U, (uint8_t)0x55U, (uint8_t)0x32U, (uint8_t)0x2EU,
-    (uint8_t)0xDBU, (uint8_t)0x63U, (uint8_t)0x40U, (uint8_t)0xD8U, (uint8_t)0xA0U, (uint8_t)0x0EU,
-    (uint8_t)0xF0U, (uint8_t)0x92U, (uint8_t)0x35U, (uint8_t)0x05U, (uint8_t)0x11U, (uint8_t)0xE3U,
-    (uint8_t)0x0AU, (uint8_t)0xBEU, (uint8_t)0xC1U, (uint8_t)0xFFU, (uint8_t)0xF9U, (uint8_t)0xE3U,
-    (uint8_t)0xA2U, (uint8_t)0x6EU, (uint8_t)0x7FU, (uint8_t)0xB2U, (uint8_t)0x9FU, (uint8_t)0x8CU,
-    (uint8_t)0x18U, (uint8_t)0x30U, (uint8_t)0x23U, (uint8_t)0xC3U, (uint8_t)0x58U, (uint8_t)0x7EU,
-    (uint8_t)0x38U, (uint8_t)0xDAU, (uint8_t)0x00U, (uint8_t)0x77U, (uint8_t)0xD9U, (uint8_t)0xB4U,
-    (uint8_t)0x76U, (uint8_t)0x3EU, (uint8_t)0x4EU, (uint8_t)0x4BU, (uint8_t)0x94U, (uint8_t)0xB2U,
-    (uint8_t)0xBBU, (uint8_t)0xC1U, (uint8_t)0x94U, (uint8_t)0xC6U, (uint8_t)0x65U, (uint8_t)0x1EU,
-    (uint8_t)0x77U, (uint8_t)0xCAU, (uint8_t)0xF9U, (uint8_t)0x92U, (uint8_t)0xEEU, (uint8_t)0xAAU,
-    (uint8_t)0xC0U, (uint8_t)0x23U, (uint8_t)0x2AU, (uint8_t)0x28U, (uint8_t)0x1BU, (uint8_t)0xF6U,
-    (uint8_t)0xB3U, (uint8_t)0xA7U, (uint8_t)0x39U, (uint8_t)0xC1U, (uint8_t)0x22U, (uint8_t)0x61U,
-    (uint8_t)0x16U, (uint8_t)0x82U, (uint8_t)0x0AU, (uint8_t)0xE8U, (uint8_t)0xDBU, (uint8_t)0x58U,
-    (uint8_t)0x47U, (uint8_t)0xA6U, (uint8_t)0x7CU, (uint8_t)0xBEU, (uint8_t)0xF9U, (uint8_t)0xC9U,
-    (uint8_t)0x09U, (uint8_t)0x1BU, (uint8_t)0x46U, (uint8_t)0x2DU, (uint8_t)0x53U, (uint8_t)0x8CU,
-    (uint8_t)0xD7U, (uint8_t)0x2BU, (uint8_t)0x03U, (uint8_t)0x74U, (uint8_t)0x6AU, (uint8_t)0xE7U,
-    (uint8_t)0x7FU, (uint8_t)0x5EU, (uint8_t)0x62U, (uint8_t)0x29U, (uint8_t)0x2CU, (uint8_t)0x31U,
-    (uint8_t)0x15U, (uint8_t)0x62U, (uint8_t)0xA8U, (uint8_t)0x46U, (uint8_t)0x50U, (uint8_t)0x5DU,
-    (uint8_t)0xC8U, (uint8_t)0x2DU, (uint8_t)0xB8U, (uint8_t)0x54U, (uint8_t)0x33U, (uint8_t)0x8AU,
-    (uint8_t)0xE4U, (uint8_t)0x9FU, (uint8_t)0x52U, (uint8_t)0x35U, (uint8_t)0xC9U, (uint8_t)0x5BU,
-    (uint8_t)0x91U, (uint8_t)0x17U, (uint8_t)0x8CU, (uint8_t)0xCFU, (uint8_t)0x2DU, (uint8_t)0xD5U,
-    (uint8_t)0xCAU, (uint8_t)0xCEU, (uint8_t)0xF4U, (uint8_t)0x03U, (uint8_t)0xECU, (uint8_t)0x9DU,
-    (uint8_t)0x18U, (uint8_t)0x10U, (uint8_t)0xC6U, (uint8_t)0x27U, (uint8_t)0x2BU, (uint8_t)0x04U,
-    (uint8_t)0x5BU, (uint8_t)0x3BU, (uint8_t)0x71U, (uint8_t)0xF9U, (uint8_t)0xDCU, (uint8_t)0x6BU,
-    (uint8_t)0x80U, (uint8_t)0xD6U, (uint8_t)0x3FU, (uint8_t)0xDDU, (uint8_t)0x4AU, (uint8_t)0x8EU,
-    (uint8_t)0x9AU, (uint8_t)0xDBU, (uint8_t)0x1EU, (uint8_t)0x69U, (uint8_t)0x62U, (uint8_t)0xA6U,
-    (uint8_t)0x95U, (uint8_t)0x26U, (uint8_t)0xD4U, (uint8_t)0x31U, (uint8_t)0x61U, (uint8_t)0xC1U,
-    (uint8_t)0xA4U, (uint8_t)0x1DU, (uint8_t)0x57U, (uint8_t)0x0DU, (uint8_t)0x79U, (uint8_t)0x38U,
-    (uint8_t)0xDAU, (uint8_t)0xD4U, (uint8_t)0xA4U, (uint8_t)0x0EU, (uint8_t)0x32U, (uint8_t)0x9CU,
-    (uint8_t)0xCFU, (uint8_t)0xF4U, (uint8_t)0x6AU, (uint8_t)0xAAU, (uint8_t)0x36U, (uint8_t)0xADU,
-    (uint8_t)0x00U, (uint8_t)0x4CU, (uint8_t)0xF6U, (uint8_t)0x00U, (uint8_t)0xC8U, (uint8_t)0x38U,
-    (uint8_t)0x1EU, (uint8_t)0x42U, (uint8_t)0x5AU, (uint8_t)0x31U, (uint8_t)0xD9U, (uint8_t)0x51U,
-    (uint8_t)0xAEU, (uint8_t)0x64U, (uint8_t)0xFDU, (uint8_t)0xB2U, (uint8_t)0x3FU, (uint8_t)0xCEU,
-    (uint8_t)0xC9U, (uint8_t)0x50U, (uint8_t)0x9DU, (uint8_t)0x43U, (uint8_t)0x68U, (uint8_t)0x7FU,
-    (uint8_t)0xEBU, (uint8_t)0x69U, (uint8_t)0xEDU, (uint8_t)0xD1U, (uint8_t)0xCCU, (uint8_t)0x5EU,
-    (uint8_t)0x0BU, (uint8_t)0x8CU, (uint8_t)0xC3U, (uint8_t)0xBDU, (uint8_t)0xF6U, (uint8_t)0x4BU,
-    (uint8_t)0x10U, (uint8_t)0xEFU, (uint8_t)0x86U, (uint8_t)0xB6U, (uint8_t)0x31U, (uint8_t)0x42U,
-    (uint8_t)0xA3U, (uint8_t)0xABU, (uint8_t)0x88U, (uint8_t)0x29U, (uint8_t)0x55U, (uint8_t)0x5BU,
-    (uint8_t)0x2FU, (uint8_t)0x74U, (uint8_t)0x7CU, (uint8_t)0x93U, (uint8_t)0x26U, (uint8_t)0x65U,
-    (uint8_t)0xCBU, (uint8_t)0x2CU, (uint8_t)0x0FU, (uint8_t)0x1CU, (uint8_t)0xC0U, (uint8_t)0x1BU,
-    (uint8_t)0xD7U, (uint8_t)0x02U, (uint8_t)0x29U, (uint8_t)0x38U, (uint8_t)0x88U, (uint8_t)0x39U,
-    (uint8_t)0xD2U, (uint8_t)0xAFU, (uint8_t)0x05U, (uint8_t)0xE4U, (uint8_t)0x54U, (uint8_t)0x50U,
-    (uint8_t)0x4AU, (uint8_t)0xC7U, (uint8_t)0x8BU, (uint8_t)0x75U, (uint8_t)0x82U, (uint8_t)0x82U,
-    (uint8_t)0x28U, (uint8_t)0x46U, (uint8_t)0xC0U, (uint8_t)0xBAU, (uint8_t)0x35U, (uint8_t)0xC3U,
-    (uint8_t)0x5FU, (uint8_t)0x5CU, (uint8_t)0x59U, (uint8_t)0x16U, (uint8_t)0x0CU, (uint8_t)0xC0U,
-    (uint8_t)0x46U, (uint8_t)0xFDU, (uint8_t)0x82U, (uint8_t)0x51U, (uint8_t)0x54U, (uint8_t)0x1FU,
-    (uint8_t)0xC6U, (uint8_t)0x8CU, (uint8_t)0x9CU, (uint8_t)0x86U, (uint8_t)0xB0U, (uint8_t)0x22U,
-    (uint8_t)0xBBU, (uint8_t)0x70U, (uint8_t)0x99U, (uint8_t)0x87U, (uint8_t)0x6AU, (uint8_t)0x46U,
-    (uint8_t)0x0EU, (uint8_t)0x74U, (uint8_t)0x51U, (uint8_t)0xA8U, (uint8_t)0xA9U, (uint8_t)0x31U,
-    (uint8_t)0x09U, (uint8_t)0x70U, (uint8_t)0x3FU, (uint8_t)0xEEU, (uint8_t)0x1CU, (uint8_t)0x21U,
-    (uint8_t)0x7EU, (uint8_t)0x6CU, (uint8_t)0x38U, (uint8_t)0x26U, (uint8_t)0xE5U, (uint8_t)0x2CU,
-    (uint8_t)0x51U, (uint8_t)0xAAU, (uint8_t)0x69U, (uint8_t)0x1EU, (uint8_t)0x0EU, (uint8_t)0x42U,
-    (uint8_t)0x3CU, (uint8_t)0xFCU, (uint8_t)0x99U, (uint8_t)0xE9U, (uint8_t)0xE3U, (uint8_t)0x16U,
-    (uint8_t)0x50U, (uint8_t)0xC1U, (uint8_t)0x21U, (uint8_t)0x7BU, (uint8_t)0x62U, (uint8_t)0x48U,
-    (uint8_t)0x16U, (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x9AU, (uint8_t)0x95U, (uint8_t)0xF9U,
-    (uint8_t)0xD5U, (uint8_t)0xB8U, (uint8_t)0x01U, (uint8_t)0x94U, (uint8_t)0x88U, (uint8_t)0xD9U,
-    (uint8_t)0xC0U, (uint8_t)0xA0U, (uint8_t)0xA1U, (uint8_t)0xFEU, (uint8_t)0x30U, (uint8_t)0x75U,
-    (uint8_t)0xA5U, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0x31U, (uint8_t)0x83U, (uint8_t)0xF8U,
-    (uint8_t)0x1DU, (uint8_t)0x4AU, (uint8_t)0x3FU, (uint8_t)0x2FU, (uint8_t)0xA4U, (uint8_t)0x57U,
-    (uint8_t)0x1EU, (uint8_t)0xFCU, (uint8_t)0x8CU, (uint8_t)0xE0U, (uint8_t)0xBAU, (uint8_t)0x8AU,
-    (uint8_t)0x4FU, (uint8_t)0xE8U, (uint8_t)0xB6U, (uint8_t)0x85U, (uint8_t)0x5DU, (uint8_t)0xFEU,
-    (uint8_t)0x72U, (uint8_t)0xB0U, (uint8_t)0xA6U, (uint8_t)0x6EU, (uint8_t)0xDEU, (uint8_t)0xD2U,
-    (uint8_t)0xFBU, (uint8_t)0xABU, (uint8_t)0xFBU, (uint8_t)0xE5U, (uint8_t)0x8AU, (uint8_t)0x30U,
-    (uint8_t)0xFAU, (uint8_t)0xFAU, (uint8_t)0xBEU, (uint8_t)0x1CU, (uint8_t)0x5DU, (uint8_t)0x71U,
-    (uint8_t)0xA8U, (uint8_t)0x7EU, (uint8_t)0x2FU, (uint8_t)0x74U, (uint8_t)0x1EU, (uint8_t)0xF8U,
-    (uint8_t)0xC1U, (uint8_t)0xFEU, (uint8_t)0x86U, (uint8_t)0xFEU, (uint8_t)0xA6U, (uint8_t)0xBBU,
-    (uint8_t)0xFDU, (uint8_t)0xE5U, (uint8_t)0x30U, (uint8_t)0x67U, (uint8_t)0x7FU, (uint8_t)0x0DU,
-    (uint8_t)0x97U, (uint8_t)0xD1U, (uint8_t)0x1DU, (uint8_t)0x49U, (uint8_t)0xF7U, (uint8_t)0xA8U,
-    (uint8_t)0x44U, (uint8_t)0x3DU, (uint8_t)0x08U, (uint8_t)0x22U, (uint8_t)0xE5U, (uint8_t)0x06U,
-    (uint8_t)0xA9U, (uint8_t)0xF4U, (uint8_t)0x61U, (uint8_t)0x4EU, (uint8_t)0x01U, (uint8_t)0x1EU,
-    (uint8_t)0x2AU, (uint8_t)0x94U, (uint8_t)0x83U, (uint8_t)0x8FU, (uint8_t)0xF8U, (uint8_t)0x8CU,
-    (uint8_t)0xD6U, (uint8_t)0x8CU, (uint8_t)0x8BU, (uint8_t)0xB7U, (uint8_t)0xC5U, (uint8_t)0xC6U,
-    (uint8_t)0x42U, (uint8_t)0x4CU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU,
+    0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU,
+    0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU,
+    0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U,
+    0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU,
+    0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U,
+    0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU,
+    0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U,
+    0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U,
+    0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU,
+    0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU,
+    0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U,
+    0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU,
+    0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU,
+    0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU,
+    0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U,
+    0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU,
+    0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U,
+    0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU,
+    0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U,
+    0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x0DU, 0xD9U, 0x02U, 0x0BU, 0xFDU, 0x64U,
+    0xB6U, 0x45U, 0x03U, 0x6CU, 0x7AU, 0x4EU, 0x67U, 0x7DU, 0x2CU, 0x38U, 0x53U, 0x2AU, 0x3AU,
+    0x23U, 0xBAU, 0x44U, 0x42U, 0xCAU, 0xF5U, 0x3EU, 0xA6U, 0x3BU, 0xB4U, 0x54U, 0x32U, 0x9BU,
+    0x76U, 0x24U, 0xC8U, 0x91U, 0x7BU, 0xDDU, 0x64U, 0xB1U, 0xC0U, 0xFDU, 0x4CU, 0xB3U, 0x8EU,
+    0x8CU, 0x33U, 0x4CU, 0x70U, 0x1CU, 0x3AU, 0xCDU, 0xADU, 0x06U, 0x57U, 0xFCU, 0xCFU, 0xECU,
+    0x71U, 0x9BU, 0x1FU, 0x5CU, 0x3EU, 0x4EU, 0x46U, 0x04U, 0x1FU, 0x38U, 0x81U, 0x47U, 0xFBU,
+    0x4CU, 0xFDU, 0xB4U, 0x77U, 0xA5U, 0x24U, 0x71U, 0xF7U, 0xA9U, 0xA9U, 0x69U, 0x10U, 0xB8U,
+    0x55U, 0x32U, 0x2EU, 0xDBU, 0x63U, 0x40U, 0xD8U, 0xA0U, 0x0EU, 0xF0U, 0x92U, 0x35U, 0x05U,
+    0x11U, 0xE3U, 0x0AU, 0xBEU, 0xC1U, 0xFFU, 0xF9U, 0xE3U, 0xA2U, 0x6EU, 0x7FU, 0xB2U, 0x9FU,
+    0x8CU, 0x18U, 0x30U, 0x23U, 0xC3U, 0x58U, 0x7EU, 0x38U, 0xDAU, 0x00U, 0x77U, 0xD9U, 0xB4U,
+    0x76U, 0x3EU, 0x4EU, 0x4BU, 0x94U, 0xB2U, 0xBBU, 0xC1U, 0x94U, 0xC6U, 0x65U, 0x1EU, 0x77U,
+    0xCAU, 0xF9U, 0x92U, 0xEEU, 0xAAU, 0xC0U, 0x23U, 0x2AU, 0x28U, 0x1BU, 0xF6U, 0xB3U, 0xA7U,
+    0x39U, 0xC1U, 0x22U, 0x61U, 0x16U, 0x82U, 0x0AU, 0xE8U, 0xDBU, 0x58U, 0x47U, 0xA6U, 0x7CU,
+    0xBEU, 0xF9U, 0xC9U, 0x09U, 0x1BU, 0x46U, 0x2DU, 0x53U, 0x8CU, 0xD7U, 0x2BU, 0x03U, 0x74U,
+    0x6AU, 0xE7U, 0x7FU, 0x5EU, 0x62U, 0x29U, 0x2CU, 0x31U, 0x15U, 0x62U, 0xA8U, 0x46U, 0x50U,
+    0x5DU, 0xC8U, 0x2DU, 0xB8U, 0x54U, 0x33U, 0x8AU, 0xE4U, 0x9FU, 0x52U, 0x35U, 0xC9U, 0x5BU,
+    0x91U, 0x17U, 0x8CU, 0xCFU, 0x2DU, 0xD5U, 0xCAU, 0xCEU, 0xF4U, 0x03U, 0xECU, 0x9DU, 0x18U,
+    0x10U, 0xC6U, 0x27U, 0x2BU, 0x04U, 0x5BU, 0x3BU, 0x71U, 0xF9U, 0xDCU, 0x6BU, 0x80U, 0xD6U,
+    0x3FU, 0xDDU, 0x4AU, 0x8EU, 0x9AU, 0xDBU, 0x1EU, 0x69U, 0x62U, 0xA6U, 0x95U, 0x26U, 0xD4U,
+    0x31U, 0x61U, 0xC1U, 0xA4U, 0x1DU, 0x57U, 0x0DU, 0x79U, 0x38U, 0xDAU, 0xD4U, 0xA4U, 0x0EU,
+    0x32U, 0x9CU, 0xCFU, 0xF4U, 0x6AU, 0xAAU, 0x36U, 0xADU, 0x00U, 0x4CU, 0xF6U, 0x00U, 0xC8U,
+    0x38U, 0x1EU, 0x42U, 0x5AU, 0x31U, 0xD9U, 0x51U, 0xAEU, 0x64U, 0xFDU, 0xB2U, 0x3FU, 0xCEU,
+    0xC9U, 0x50U, 0x9DU, 0x43U, 0x68U, 0x7FU, 0xEBU, 0x69U, 0xEDU, 0xD1U, 0xCCU, 0x5EU, 0x0BU,
+    0x8CU, 0xC3U, 0xBDU, 0xF6U, 0x4BU, 0x10U, 0xEFU, 0x86U, 0xB6U, 0x31U, 0x42U, 0xA3U, 0xABU,
+    0x88U, 0x29U, 0x55U, 0x5BU, 0x2FU, 0x74U, 0x7CU, 0x93U, 0x26U, 0x65U, 0xCBU, 0x2CU, 0x0FU,
+    0x1CU, 0xC0U, 0x1BU, 0xD7U, 0x02U, 0x29U, 0x38U, 0x88U, 0x39U, 0xD2U, 0xAFU, 0x05U, 0xE4U,
+    0x54U, 0x50U, 0x4AU, 0xC7U, 0x8BU, 0x75U, 0x82U, 0x82U, 0x28U, 0x46U, 0xC0U, 0xBAU, 0x35U,
+    0xC3U, 0x5FU, 0x5CU, 0x59U, 0x16U, 0x0CU, 0xC0U, 0x46U, 0xFDU, 0x82U, 0x51U, 0x54U, 0x1FU,
+    0xC6U, 0x8CU, 0x9CU, 0x86U, 0xB0U, 0x22U, 0xBBU, 0x70U, 0x99U, 0x87U, 0x6AU, 0x46U, 0x0EU,
+    0x74U, 0x51U, 0xA8U, 0xA9U, 0x31U, 0x09U, 0x70U, 0x3FU, 0xEEU, 0x1CU, 0x21U, 0x7EU, 0x6CU,
+    0x38U, 0x26U, 0xE5U, 0x2CU, 0x51U, 0xAAU, 0x69U, 0x1EU, 0x0EU, 0x42U, 0x3CU, 0xFCU, 0x99U,
+    0xE9U, 0xE3U, 0x16U, 0x50U, 0xC1U, 0x21U, 0x7BU, 0x62U, 0x48U, 0x16U, 0xCDU, 0xADU, 0x9AU,
+    0x95U, 0xF9U, 0xD5U, 0xB8U, 0x01U, 0x94U, 0x88U, 0xD9U, 0xC0U, 0xA0U, 0xA1U, 0xFEU, 0x30U,
+    0x75U, 0xA5U, 0x77U, 0xE2U, 0x31U, 0x83U, 0xF8U, 0x1DU, 0x4AU, 0x3FU, 0x2FU, 0xA4U, 0x57U,
+    0x1EU, 0xFCU, 0x8CU, 0xE0U, 0xBAU, 0x8AU, 0x4FU, 0xE8U, 0xB6U, 0x85U, 0x5DU, 0xFEU, 0x72U,
+    0xB0U, 0xA6U, 0x6EU, 0xDEU, 0xD2U, 0xFBU, 0xABU, 0xFBU, 0xE5U, 0x8AU, 0x30U, 0xFAU, 0xFAU,
+    0xBEU, 0x1CU, 0x5DU, 0x71U, 0xA8U, 0x7EU, 0x2FU, 0x74U, 0x1EU, 0xF8U, 0xC1U, 0xFEU, 0x86U,
+    0xFEU, 0xA6U, 0xBBU, 0xFDU, 0xE5U, 0x30U, 0x67U, 0x7FU, 0x0DU, 0x97U, 0xD1U, 0x1DU, 0x49U,
+    0xF7U, 0xA8U, 0x44U, 0x3DU, 0x08U, 0x22U, 0xE5U, 0x06U, 0xA9U, 0xF4U, 0x61U, 0x4EU, 0x01U,
+    0x1EU, 0x2AU, 0x94U, 0x83U, 0x8FU, 0xF8U, 0x8CU, 0xD6U, 0x8CU, 0x8BU, 0xB7U, 0xC5U, 0xC6U,
+    0x42U, 0x4CU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU
   };
 
 #if defined(__cplusplus)
diff --git a/include/internal/Hacl_K256_PrecompTable.h b/include/internal/Hacl_K256_PrecompTable.h
index 26bdfa1f..ff15f1c9 100644
--- a/include/internal/Hacl_K256_PrecompTable.h
+++ b/include/internal/Hacl_K256_PrecompTable.h
@@ -39,498 +39,378 @@ static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_basepoint_table_w4[240U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)705178180786072U,
-    (uint64_t)3855836460717471U, (uint64_t)4089131105950716U, (uint64_t)3301581525494108U,
-    (uint64_t)133858670344668U, (uint64_t)2199641648059576U, (uint64_t)1278080618437060U,
-    (uint64_t)3959378566518708U, (uint64_t)3455034269351872U, (uint64_t)79417610544803U,
-    (uint64_t)1U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)1282049064345544U, (uint64_t)971732600440099U, (uint64_t)1014594595727339U,
-    (uint64_t)4392159187541980U, (uint64_t)268327875692285U, (uint64_t)2411661712280539U,
-    (uint64_t)1092576199280126U, (uint64_t)4328619610718051U, (uint64_t)3535440816471627U,
-    (uint64_t)95182251488556U, (uint64_t)1893725512243753U, (uint64_t)3619861457111820U,
-    (uint64_t)879374960417905U, (uint64_t)2868056058129113U, (uint64_t)273195291893682U,
-    (uint64_t)2044797305960112U, (uint64_t)2357106853933780U, (uint64_t)3563112438336058U,
-    (uint64_t)2430811541762558U, (uint64_t)106443809495428U, (uint64_t)2231357633909668U,
-    (uint64_t)3641705835951936U, (uint64_t)80642569314189U, (uint64_t)2254841882373268U,
-    (uint64_t)149848031966573U, (uint64_t)2304615661367764U, (uint64_t)2410957403736446U,
-    (uint64_t)2712754805859804U, (uint64_t)2440183877540536U, (uint64_t)99784623895865U,
-    (uint64_t)3667773127482758U, (uint64_t)1354899394473308U, (uint64_t)3636602998800808U,
-    (uint64_t)2709296679846364U, (uint64_t)7253362091963U, (uint64_t)3585950735562744U,
-    (uint64_t)935775991758415U, (uint64_t)4108078106735201U, (uint64_t)556081800336307U,
-    (uint64_t)229585977163057U, (uint64_t)4055594186679801U, (uint64_t)1767681004944933U,
-    (uint64_t)1432634922083242U, (uint64_t)534935602949197U, (uint64_t)251753159522567U,
-    (uint64_t)2846474078499321U, (uint64_t)4488649590348702U, (uint64_t)2437476916025038U,
-    (uint64_t)3040577412822874U, (uint64_t)79405234918614U, (uint64_t)3030621226551508U,
-    (uint64_t)2801117003929806U, (uint64_t)1642927515498422U, (uint64_t)2802725079726297U,
-    (uint64_t)8472780626107U, (uint64_t)866068070352655U, (uint64_t)188080768545106U,
-    (uint64_t)2152119998903058U, (uint64_t)3391239985029665U, (uint64_t)23820026013564U,
-    (uint64_t)2965064154891949U, (uint64_t)1846516097921398U, (uint64_t)4418379948133146U,
-    (uint64_t)3137755426942400U, (uint64_t)47705291301781U, (uint64_t)4278533051105665U,
-    (uint64_t)3453643211214931U, (uint64_t)3379734319145156U, (uint64_t)3762442192097039U,
-    (uint64_t)40243003528694U, (uint64_t)4063448994211201U, (uint64_t)5697015368785U,
-    (uint64_t)1006545411838613U, (uint64_t)4242291693755210U, (uint64_t)135184629190512U,
-    (uint64_t)264898689131035U, (uint64_t)611796474823597U, (uint64_t)3255382250029089U,
-    (uint64_t)3490429246984696U, (uint64_t)236558595864362U, (uint64_t)2055934691551704U,
-    (uint64_t)1487711670114502U, (uint64_t)1823930698221632U, (uint64_t)2130937287438472U,
-    (uint64_t)154610053389779U, (uint64_t)2746573287023216U, (uint64_t)2430987262221221U,
-    (uint64_t)1668741642878689U, (uint64_t)904982541243977U, (uint64_t)56087343124948U,
-    (uint64_t)393905062353536U, (uint64_t)412681877350188U, (uint64_t)3153602040979977U,
-    (uint64_t)4466820876224989U, (uint64_t)146579165617857U, (uint64_t)2628741216508991U,
-    (uint64_t)747994231529806U, (uint64_t)750506569317681U, (uint64_t)1887492790748779U,
-    (uint64_t)35259008682771U, (uint64_t)2085116434894208U, (uint64_t)543291398921711U,
-    (uint64_t)1144362007901552U, (uint64_t)679305136036846U, (uint64_t)141090902244489U,
-    (uint64_t)632480954474859U, (uint64_t)2384513102652591U, (uint64_t)2225529790159790U,
-    (uint64_t)692258664851625U, (uint64_t)198681843567699U, (uint64_t)2397092587228181U,
-    (uint64_t)145862822166614U, (uint64_t)196976540479452U, (uint64_t)3321831130141455U,
-    (uint64_t)69266673089832U, (uint64_t)4469644227342284U, (uint64_t)3899271145504796U,
-    (uint64_t)1261890974076660U, (uint64_t)525357673886694U, (uint64_t)182135997828583U,
-    (uint64_t)4292760618810332U, (uint64_t)3404186545541683U, (uint64_t)312297386688768U,
-    (uint64_t)204377466824608U, (uint64_t)230900767857952U, (uint64_t)3871485172339693U,
-    (uint64_t)779449329662955U, (uint64_t)978655822464694U, (uint64_t)2278252139594027U,
-    (uint64_t)104641527040382U, (uint64_t)3528840153625765U, (uint64_t)4484699080275273U,
-    (uint64_t)1463971951102316U, (uint64_t)4013910812844749U, (uint64_t)228915589433620U,
-    (uint64_t)1209641433482461U, (uint64_t)4043178788774759U, (uint64_t)3008668238856634U,
-    (uint64_t)1448425089071412U, (uint64_t)26269719725037U, (uint64_t)3330785027545223U,
-    (uint64_t)852657975349259U, (uint64_t)227245054466105U, (uint64_t)1534632353984777U,
-    (uint64_t)207715098574660U, (uint64_t)3209837527352280U, (uint64_t)4051688046309066U,
-    (uint64_t)3839009590725955U, (uint64_t)1321506437398842U, (uint64_t)68340219159928U,
-    (uint64_t)1806950276956275U, (uint64_t)3923908055275295U, (uint64_t)743963253393575U,
-    (uint64_t)42162407478783U, (uint64_t)261334584474610U, (uint64_t)3728224928885214U,
-    (uint64_t)4004701081842869U, (uint64_t)709043201644674U, (uint64_t)4267294249150171U,
-    (uint64_t)255540582975025U, (uint64_t)875490593722211U, (uint64_t)796393708218375U,
-    (uint64_t)14774425627956U, (uint64_t)1500040516752097U, (uint64_t)141076627721678U,
-    (uint64_t)2634539368480628U, (uint64_t)1106488853550103U, (uint64_t)2346231921151930U,
-    (uint64_t)897108283954283U, (uint64_t)64616679559843U, (uint64_t)400244949840943U,
-    (uint64_t)1731263826831733U, (uint64_t)1649996579904651U, (uint64_t)3643693449640761U,
-    (uint64_t)172543068638991U, (uint64_t)329537981097182U, (uint64_t)2029799860802869U,
-    (uint64_t)4377737515208862U, (uint64_t)29103311051334U, (uint64_t)265583594111499U,
-    (uint64_t)3798074876561255U, (uint64_t)184749333259352U, (uint64_t)3117395073661801U,
-    (uint64_t)3695784565008833U, (uint64_t)64282709896721U, (uint64_t)1618968913246422U,
-    (uint64_t)3185235128095257U, (uint64_t)3288745068118692U, (uint64_t)1963818603508782U,
-    (uint64_t)281054350739495U, (uint64_t)1658639050810346U, (uint64_t)3061097601679552U,
-    (uint64_t)3023781433263746U, (uint64_t)2770283391242475U, (uint64_t)144508864751908U,
-    (uint64_t)173576288079856U, (uint64_t)46114579547054U, (uint64_t)1679480127300211U,
-    (uint64_t)1683062051644007U, (uint64_t)117183826129323U, (uint64_t)1894068608117440U,
-    (uint64_t)3846899838975733U, (uint64_t)4289279019496192U, (uint64_t)176995887914031U,
-    (uint64_t)78074942938713U, (uint64_t)454207263265292U, (uint64_t)972683614054061U,
-    (uint64_t)808474205144361U, (uint64_t)942703935951735U, (uint64_t)134460241077887U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    705178180786072ULL, 3855836460717471ULL, 4089131105950716ULL, 3301581525494108ULL,
+    133858670344668ULL, 2199641648059576ULL, 1278080618437060ULL, 3959378566518708ULL,
+    3455034269351872ULL, 79417610544803ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1282049064345544ULL,
+    971732600440099ULL, 1014594595727339ULL, 4392159187541980ULL, 268327875692285ULL,
+    2411661712280539ULL, 1092576199280126ULL, 4328619610718051ULL, 3535440816471627ULL,
+    95182251488556ULL, 1893725512243753ULL, 3619861457111820ULL, 879374960417905ULL,
+    2868056058129113ULL, 273195291893682ULL, 2044797305960112ULL, 2357106853933780ULL,
+    3563112438336058ULL, 2430811541762558ULL, 106443809495428ULL, 2231357633909668ULL,
+    3641705835951936ULL, 80642569314189ULL, 2254841882373268ULL, 149848031966573ULL,
+    2304615661367764ULL, 2410957403736446ULL, 2712754805859804ULL, 2440183877540536ULL,
+    99784623895865ULL, 3667773127482758ULL, 1354899394473308ULL, 3636602998800808ULL,
+    2709296679846364ULL, 7253362091963ULL, 3585950735562744ULL, 935775991758415ULL,
+    4108078106735201ULL, 556081800336307ULL, 229585977163057ULL, 4055594186679801ULL,
+    1767681004944933ULL, 1432634922083242ULL, 534935602949197ULL, 251753159522567ULL,
+    2846474078499321ULL, 4488649590348702ULL, 2437476916025038ULL, 3040577412822874ULL,
+    79405234918614ULL, 3030621226551508ULL, 2801117003929806ULL, 1642927515498422ULL,
+    2802725079726297ULL, 8472780626107ULL, 866068070352655ULL, 188080768545106ULL,
+    2152119998903058ULL, 3391239985029665ULL, 23820026013564ULL, 2965064154891949ULL,
+    1846516097921398ULL, 4418379948133146ULL, 3137755426942400ULL, 47705291301781ULL,
+    4278533051105665ULL, 3453643211214931ULL, 3379734319145156ULL, 3762442192097039ULL,
+    40243003528694ULL, 4063448994211201ULL, 5697015368785ULL, 1006545411838613ULL,
+    4242291693755210ULL, 135184629190512ULL, 264898689131035ULL, 611796474823597ULL,
+    3255382250029089ULL, 3490429246984696ULL, 236558595864362ULL, 2055934691551704ULL,
+    1487711670114502ULL, 1823930698221632ULL, 2130937287438472ULL, 154610053389779ULL,
+    2746573287023216ULL, 2430987262221221ULL, 1668741642878689ULL, 904982541243977ULL,
+    56087343124948ULL, 393905062353536ULL, 412681877350188ULL, 3153602040979977ULL,
+    4466820876224989ULL, 146579165617857ULL, 2628741216508991ULL, 747994231529806ULL,
+    750506569317681ULL, 1887492790748779ULL, 35259008682771ULL, 2085116434894208ULL,
+    543291398921711ULL, 1144362007901552ULL, 679305136036846ULL, 141090902244489ULL,
+    632480954474859ULL, 2384513102652591ULL, 2225529790159790ULL, 692258664851625ULL,
+    198681843567699ULL, 2397092587228181ULL, 145862822166614ULL, 196976540479452ULL,
+    3321831130141455ULL, 69266673089832ULL, 4469644227342284ULL, 3899271145504796ULL,
+    1261890974076660ULL, 525357673886694ULL, 182135997828583ULL, 4292760618810332ULL,
+    3404186545541683ULL, 312297386688768ULL, 204377466824608ULL, 230900767857952ULL,
+    3871485172339693ULL, 779449329662955ULL, 978655822464694ULL, 2278252139594027ULL,
+    104641527040382ULL, 3528840153625765ULL, 4484699080275273ULL, 1463971951102316ULL,
+    4013910812844749ULL, 228915589433620ULL, 1209641433482461ULL, 4043178788774759ULL,
+    3008668238856634ULL, 1448425089071412ULL, 26269719725037ULL, 3330785027545223ULL,
+    852657975349259ULL, 227245054466105ULL, 1534632353984777ULL, 207715098574660ULL,
+    3209837527352280ULL, 4051688046309066ULL, 3839009590725955ULL, 1321506437398842ULL,
+    68340219159928ULL, 1806950276956275ULL, 3923908055275295ULL, 743963253393575ULL,
+    42162407478783ULL, 261334584474610ULL, 3728224928885214ULL, 4004701081842869ULL,
+    709043201644674ULL, 4267294249150171ULL, 255540582975025ULL, 875490593722211ULL,
+    796393708218375ULL, 14774425627956ULL, 1500040516752097ULL, 141076627721678ULL,
+    2634539368480628ULL, 1106488853550103ULL, 2346231921151930ULL, 897108283954283ULL,
+    64616679559843ULL, 400244949840943ULL, 1731263826831733ULL, 1649996579904651ULL,
+    3643693449640761ULL, 172543068638991ULL, 329537981097182ULL, 2029799860802869ULL,
+    4377737515208862ULL, 29103311051334ULL, 265583594111499ULL, 3798074876561255ULL,
+    184749333259352ULL, 3117395073661801ULL, 3695784565008833ULL, 64282709896721ULL,
+    1618968913246422ULL, 3185235128095257ULL, 3288745068118692ULL, 1963818603508782ULL,
+    281054350739495ULL, 1658639050810346ULL, 3061097601679552ULL, 3023781433263746ULL,
+    2770283391242475ULL, 144508864751908ULL, 173576288079856ULL, 46114579547054ULL,
+    1679480127300211ULL, 1683062051644007ULL, 117183826129323ULL, 1894068608117440ULL,
+    3846899838975733ULL, 4289279019496192ULL, 176995887914031ULL, 78074942938713ULL,
+    454207263265292ULL, 972683614054061ULL, 808474205144361ULL, 942703935951735ULL,
+    134460241077887ULL
   };
 
 static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_g_pow2_64_table_w4[240U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)4496295042185355U,
-    (uint64_t)3125448202219451U, (uint64_t)1239608518490046U, (uint64_t)2687445637493112U,
-    (uint64_t)77979604880139U, (uint64_t)3360310474215011U, (uint64_t)1216410458165163U,
-    (uint64_t)177901593587973U, (uint64_t)3209978938104985U, (uint64_t)118285133003718U,
-    (uint64_t)434519962075150U, (uint64_t)1114612377498854U, (uint64_t)3488596944003813U,
-    (uint64_t)450716531072892U, (uint64_t)66044973203836U, (uint64_t)2822827191156652U,
-    (uint64_t)2417714248626059U, (uint64_t)2173117567943U, (uint64_t)961513119252459U,
-    (uint64_t)233852556538333U, (uint64_t)3014783730323962U, (uint64_t)2955192634004574U,
-    (uint64_t)580546524951282U, (uint64_t)2982973948711252U, (uint64_t)226295722018730U,
-    (uint64_t)26457116218543U, (uint64_t)3401523493637663U, (uint64_t)2597746825024790U,
-    (uint64_t)1789211180483113U, (uint64_t)155862365823427U, (uint64_t)4056806876632134U,
-    (uint64_t)1742291745730568U, (uint64_t)3527759000626890U, (uint64_t)3740578471192596U,
-    (uint64_t)177295097700537U, (uint64_t)1533961415657770U, (uint64_t)4305228982382487U,
-    (uint64_t)4069090871282711U, (uint64_t)4090877481646667U, (uint64_t)220939617041498U,
-    (uint64_t)2057548127959588U, (uint64_t)45185623103252U, (uint64_t)2871963270423449U,
-    (uint64_t)3312974792248749U, (uint64_t)8710601879528U, (uint64_t)570612225194540U,
-    (uint64_t)2045632925323972U, (uint64_t)1263913878297555U, (uint64_t)1294592284757719U,
-    (uint64_t)238067747295054U, (uint64_t)1576659948829386U, (uint64_t)2315159636629917U,
-    (uint64_t)3624867787891655U, (uint64_t)647628266663887U, (uint64_t)75788399640253U,
-    (uint64_t)710811707847797U, (uint64_t)130020650130128U, (uint64_t)1975045425972589U,
-    (uint64_t)136351545314094U, (uint64_t)229292031212337U, (uint64_t)1061471455264148U,
-    (uint64_t)3281312694184822U, (uint64_t)1692442293921797U, (uint64_t)4171008525509513U,
-    (uint64_t)275424696197549U, (uint64_t)1170296303921965U, (uint64_t)4154092952807735U,
-    (uint64_t)4371262070870741U, (uint64_t)835769811036496U, (uint64_t)275812646528189U,
-    (uint64_t)4006745785521764U, (uint64_t)1965172239781114U, (uint64_t)4121055644916429U,
-    (uint64_t)3578995380229569U, (uint64_t)169798870760022U, (uint64_t)1834234783016431U,
-    (uint64_t)3186919121688538U, (uint64_t)1894269993170652U, (uint64_t)868603832348691U,
-    (uint64_t)110978471368876U, (uint64_t)1659296605881532U, (uint64_t)3257830829309297U,
-    (uint64_t)3381509832701119U, (uint64_t)4016163121121296U, (uint64_t)265240263496294U,
-    (uint64_t)4411285343933251U, (uint64_t)728746770806400U, (uint64_t)1767819098558739U,
-    (uint64_t)3002081480892841U, (uint64_t)96312133241935U, (uint64_t)468184501392107U,
-    (uint64_t)2061529496271208U, (uint64_t)801565111628867U, (uint64_t)3380678576799273U,
-    (uint64_t)121814978170941U, (uint64_t)3340363319165433U, (uint64_t)2764604325746928U,
-    (uint64_t)4475755976431968U, (uint64_t)3678073419927081U, (uint64_t)237001357924061U,
-    (uint64_t)4110487014553450U, (uint64_t)442517757833404U, (uint64_t)3976758767423859U,
-    (uint64_t)2559863799262476U, (uint64_t)178144664279213U, (uint64_t)2488702171798051U,
-    (uint64_t)4292079598620208U, (uint64_t)1642918280217329U, (uint64_t)3694920319798108U,
-    (uint64_t)111735528281657U, (uint64_t)2904433967156033U, (uint64_t)4391518032143166U,
-    (uint64_t)3018885875516259U, (uint64_t)3730342681447122U, (uint64_t)10320273322750U,
-    (uint64_t)555845881555519U, (uint64_t)58355404017985U, (uint64_t)379009359053696U,
-    (uint64_t)450317203955503U, (uint64_t)271063299686173U, (uint64_t)910340241794202U,
-    (uint64_t)4145234574853890U, (uint64_t)2059755654702755U, (uint64_t)626530377112246U,
-    (uint64_t)188918989156857U, (uint64_t)3316657461542117U, (uint64_t)778033563170765U,
-    (uint64_t)3568562306532187U, (uint64_t)2888619469733481U, (uint64_t)4364919962337U,
-    (uint64_t)4095057288587059U, (uint64_t)2275461355379988U, (uint64_t)1507422995910897U,
-    (uint64_t)3737691697116252U, (uint64_t)28779913258578U, (uint64_t)131453301647952U,
-    (uint64_t)3613515597508469U, (uint64_t)2389606941441321U, (uint64_t)2135459302594806U,
-    (uint64_t)105517262484263U, (uint64_t)2973432939331401U, (uint64_t)3447096622477885U,
-    (uint64_t)684654106536844U, (uint64_t)2815198316729695U, (uint64_t)280303067216071U,
-    (uint64_t)1841014812927024U, (uint64_t)1181026273060917U, (uint64_t)4092989148457730U,
-    (uint64_t)1381045116206278U, (uint64_t)112475725893965U, (uint64_t)2309144740156686U,
-    (uint64_t)1558825847609352U, (uint64_t)2008068002046292U, (uint64_t)3153511625856423U,
-    (uint64_t)38469701427673U, (uint64_t)4240572315518056U, (uint64_t)2295170987320580U,
-    (uint64_t)187734093837094U, (uint64_t)301041528077172U, (uint64_t)234553141005715U,
-    (uint64_t)4170513699279606U, (uint64_t)1600132848196146U, (uint64_t)3149113064155689U,
-    (uint64_t)2733255352600949U, (uint64_t)144915931419495U, (uint64_t)1221012073888926U,
-    (uint64_t)4395668111081710U, (uint64_t)2464799161496070U, (uint64_t)3664256125241313U,
-    (uint64_t)239705368981290U, (uint64_t)1415181408539490U, (uint64_t)2551836620449074U,
-    (uint64_t)3003106895689578U, (uint64_t)968947218886924U, (uint64_t)270781532362673U,
-    (uint64_t)2905980714350372U, (uint64_t)3246927349288975U, (uint64_t)2653377642686974U,
-    (uint64_t)1577457093418263U, (uint64_t)279488238785848U, (uint64_t)568335962564552U,
-    (uint64_t)4251365041645758U, (uint64_t)1257832559776007U, (uint64_t)2424022444243863U,
-    (uint64_t)261166122046343U, (uint64_t)4399874608082116U, (uint64_t)640509987891568U,
-    (uint64_t)3119706885332220U, (uint64_t)1990185416694007U, (uint64_t)119390098529341U,
-    (uint64_t)220106534694050U, (uint64_t)937225880034895U, (uint64_t)656288151358882U,
-    (uint64_t)1766967254772100U, (uint64_t)197900790969750U, (uint64_t)2992539221608875U,
-    (uint64_t)3960297171111858U, (uint64_t)3499202002925081U, (uint64_t)1103060980924705U,
-    (uint64_t)13670895919578U, (uint64_t)430132744187721U, (uint64_t)1206771838050953U,
-    (uint64_t)2474749300167198U, (uint64_t)296299539510780U, (uint64_t)61565517686436U,
-    (uint64_t)752778559080573U, (uint64_t)3049015829565410U, (uint64_t)3538647632527371U,
-    (uint64_t)1640473028662032U, (uint64_t)182488721849306U, (uint64_t)1234378482161516U,
-    (uint64_t)3736205988606381U, (uint64_t)2814216844344487U, (uint64_t)3877249891529557U,
-    (uint64_t)51681412928433U, (uint64_t)4275336620301239U, (uint64_t)3084074032750651U,
-    (uint64_t)42732308350456U, (uint64_t)3648603591552229U, (uint64_t)142450621701603U,
-    (uint64_t)4020045475009854U, (uint64_t)1050293952073054U, (uint64_t)1974773673079851U,
-    (uint64_t)1815515638724020U, (uint64_t)104845375825434U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    4496295042185355ULL, 3125448202219451ULL, 1239608518490046ULL, 2687445637493112ULL,
+    77979604880139ULL, 3360310474215011ULL, 1216410458165163ULL, 177901593587973ULL,
+    3209978938104985ULL, 118285133003718ULL, 434519962075150ULL, 1114612377498854ULL,
+    3488596944003813ULL, 450716531072892ULL, 66044973203836ULL, 2822827191156652ULL,
+    2417714248626059ULL, 2173117567943ULL, 961513119252459ULL, 233852556538333ULL,
+    3014783730323962ULL, 2955192634004574ULL, 580546524951282ULL, 2982973948711252ULL,
+    226295722018730ULL, 26457116218543ULL, 3401523493637663ULL, 2597746825024790ULL,
+    1789211180483113ULL, 155862365823427ULL, 4056806876632134ULL, 1742291745730568ULL,
+    3527759000626890ULL, 3740578471192596ULL, 177295097700537ULL, 1533961415657770ULL,
+    4305228982382487ULL, 4069090871282711ULL, 4090877481646667ULL, 220939617041498ULL,
+    2057548127959588ULL, 45185623103252ULL, 2871963270423449ULL, 3312974792248749ULL,
+    8710601879528ULL, 570612225194540ULL, 2045632925323972ULL, 1263913878297555ULL,
+    1294592284757719ULL, 238067747295054ULL, 1576659948829386ULL, 2315159636629917ULL,
+    3624867787891655ULL, 647628266663887ULL, 75788399640253ULL, 710811707847797ULL,
+    130020650130128ULL, 1975045425972589ULL, 136351545314094ULL, 229292031212337ULL,
+    1061471455264148ULL, 3281312694184822ULL, 1692442293921797ULL, 4171008525509513ULL,
+    275424696197549ULL, 1170296303921965ULL, 4154092952807735ULL, 4371262070870741ULL,
+    835769811036496ULL, 275812646528189ULL, 4006745785521764ULL, 1965172239781114ULL,
+    4121055644916429ULL, 3578995380229569ULL, 169798870760022ULL, 1834234783016431ULL,
+    3186919121688538ULL, 1894269993170652ULL, 868603832348691ULL, 110978471368876ULL,
+    1659296605881532ULL, 3257830829309297ULL, 3381509832701119ULL, 4016163121121296ULL,
+    265240263496294ULL, 4411285343933251ULL, 728746770806400ULL, 1767819098558739ULL,
+    3002081480892841ULL, 96312133241935ULL, 468184501392107ULL, 2061529496271208ULL,
+    801565111628867ULL, 3380678576799273ULL, 121814978170941ULL, 3340363319165433ULL,
+    2764604325746928ULL, 4475755976431968ULL, 3678073419927081ULL, 237001357924061ULL,
+    4110487014553450ULL, 442517757833404ULL, 3976758767423859ULL, 2559863799262476ULL,
+    178144664279213ULL, 2488702171798051ULL, 4292079598620208ULL, 1642918280217329ULL,
+    3694920319798108ULL, 111735528281657ULL, 2904433967156033ULL, 4391518032143166ULL,
+    3018885875516259ULL, 3730342681447122ULL, 10320273322750ULL, 555845881555519ULL,
+    58355404017985ULL, 379009359053696ULL, 450317203955503ULL, 271063299686173ULL,
+    910340241794202ULL, 4145234574853890ULL, 2059755654702755ULL, 626530377112246ULL,
+    188918989156857ULL, 3316657461542117ULL, 778033563170765ULL, 3568562306532187ULL,
+    2888619469733481ULL, 4364919962337ULL, 4095057288587059ULL, 2275461355379988ULL,
+    1507422995910897ULL, 3737691697116252ULL, 28779913258578ULL, 131453301647952ULL,
+    3613515597508469ULL, 2389606941441321ULL, 2135459302594806ULL, 105517262484263ULL,
+    2973432939331401ULL, 3447096622477885ULL, 684654106536844ULL, 2815198316729695ULL,
+    280303067216071ULL, 1841014812927024ULL, 1181026273060917ULL, 4092989148457730ULL,
+    1381045116206278ULL, 112475725893965ULL, 2309144740156686ULL, 1558825847609352ULL,
+    2008068002046292ULL, 3153511625856423ULL, 38469701427673ULL, 4240572315518056ULL,
+    2295170987320580ULL, 187734093837094ULL, 301041528077172ULL, 234553141005715ULL,
+    4170513699279606ULL, 1600132848196146ULL, 3149113064155689ULL, 2733255352600949ULL,
+    144915931419495ULL, 1221012073888926ULL, 4395668111081710ULL, 2464799161496070ULL,
+    3664256125241313ULL, 239705368981290ULL, 1415181408539490ULL, 2551836620449074ULL,
+    3003106895689578ULL, 968947218886924ULL, 270781532362673ULL, 2905980714350372ULL,
+    3246927349288975ULL, 2653377642686974ULL, 1577457093418263ULL, 279488238785848ULL,
+    568335962564552ULL, 4251365041645758ULL, 1257832559776007ULL, 2424022444243863ULL,
+    261166122046343ULL, 4399874608082116ULL, 640509987891568ULL, 3119706885332220ULL,
+    1990185416694007ULL, 119390098529341ULL, 220106534694050ULL, 937225880034895ULL,
+    656288151358882ULL, 1766967254772100ULL, 197900790969750ULL, 2992539221608875ULL,
+    3960297171111858ULL, 3499202002925081ULL, 1103060980924705ULL, 13670895919578ULL,
+    430132744187721ULL, 1206771838050953ULL, 2474749300167198ULL, 296299539510780ULL,
+    61565517686436ULL, 752778559080573ULL, 3049015829565410ULL, 3538647632527371ULL,
+    1640473028662032ULL, 182488721849306ULL, 1234378482161516ULL, 3736205988606381ULL,
+    2814216844344487ULL, 3877249891529557ULL, 51681412928433ULL, 4275336620301239ULL,
+    3084074032750651ULL, 42732308350456ULL, 3648603591552229ULL, 142450621701603ULL,
+    4020045475009854ULL, 1050293952073054ULL, 1974773673079851ULL, 1815515638724020ULL,
+    104845375825434ULL
   };
 
 static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_g_pow2_128_table_w4[240U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1277614565900951U,
-    (uint64_t)378671684419493U, (uint64_t)3176260448102880U, (uint64_t)1575691435565077U,
-    (uint64_t)167304528382180U, (uint64_t)2600787765776588U, (uint64_t)7497946149293U,
-    (uint64_t)2184272641272202U, (uint64_t)2200235265236628U, (uint64_t)265969268774814U,
-    (uint64_t)1913228635640715U, (uint64_t)2831959046949342U, (uint64_t)888030405442963U,
-    (uint64_t)1817092932985033U, (uint64_t)101515844997121U, (uint64_t)3309468394859588U,
-    (uint64_t)3965334773689948U, (uint64_t)1945272965790738U, (uint64_t)4450939211427964U,
-    (uint64_t)211349698782702U, (uint64_t)2085160302160079U, (uint64_t)212812506072603U,
-    (uint64_t)3646122434511764U, (uint64_t)1711405092320514U, (uint64_t)95160920508464U,
-    (uint64_t)1677683368518073U, (uint64_t)4384656939250953U, (uint64_t)3548591046529893U,
-    (uint64_t)1683233536091384U, (uint64_t)105919586159941U, (uint64_t)1941416002726455U,
-    (uint64_t)246264372248216U, (uint64_t)3063044110922228U, (uint64_t)3772292170415825U,
-    (uint64_t)222933374989815U, (uint64_t)2417211163452935U, (uint64_t)2018230365573200U,
-    (uint64_t)1985974538911047U, (uint64_t)1387197705332739U, (uint64_t)186400825584956U,
-    (uint64_t)2469330487750329U, (uint64_t)1291983813301638U, (uint64_t)333416733706302U,
-    (uint64_t)3413315564261070U, (uint64_t)189444777569683U, (uint64_t)1062005622360420U,
-    (uint64_t)1800197715938740U, (uint64_t)3693110992551647U, (uint64_t)626990328941945U,
-    (uint64_t)40998857100520U, (uint64_t)3921983552805085U, (uint64_t)1016632437340656U,
-    (uint64_t)4016615929950878U, (uint64_t)2682554586771281U, (uint64_t)7043555162389U,
-    (uint64_t)3333819830676567U, (uint64_t)4120091964944036U, (uint64_t)1960788263484015U,
-    (uint64_t)1642145656273304U, (uint64_t)252814075789128U, (uint64_t)3085777342821357U,
-    (uint64_t)4166637997604052U, (uint64_t)1339401689756469U, (uint64_t)845938529607551U,
-    (uint64_t)223351828189283U, (uint64_t)1148648705186890U, (uint64_t)1230525014760605U,
-    (uint64_t)1869739475126720U, (uint64_t)4193966261205530U, (uint64_t)175684010336013U,
-    (uint64_t)4476719358931508U, (uint64_t)4209547487457638U, (uint64_t)2197536411673724U,
-    (uint64_t)3010838433412303U, (uint64_t)169318997251483U, (uint64_t)49493868302162U,
-    (uint64_t)3594601099078584U, (uint64_t)3662420905445942U, (uint64_t)3606544932233685U,
-    (uint64_t)270643652662165U, (uint64_t)180681786228544U, (uint64_t)2095882682308564U,
-    (uint64_t)813484483841391U, (uint64_t)1622665392824698U, (uint64_t)113821770225137U,
-    (uint64_t)3075432444115417U, (uint64_t)716502989978722U, (uint64_t)2304779892217245U,
-    (uint64_t)1760144151770127U, (uint64_t)235719156963938U, (uint64_t)3180013070471143U,
-    (uint64_t)1331027634540579U, (uint64_t)552273022992392U, (uint64_t)2858693077461887U,
-    (uint64_t)197914407731510U, (uint64_t)187252310910959U, (uint64_t)4160637171377125U,
-    (uint64_t)3225059526713298U, (uint64_t)2574558217383978U, (uint64_t)249695600622489U,
-    (uint64_t)364988742814327U, (uint64_t)4245298536326258U, (uint64_t)1812464706589342U,
-    (uint64_t)2734857123772998U, (uint64_t)120105577124628U, (uint64_t)160179251271109U,
-    (uint64_t)3604555733307834U, (uint64_t)150380003195715U, (uint64_t)1574304909935121U,
-    (uint64_t)142190285600761U, (uint64_t)1835385847725651U, (uint64_t)3168087139615901U,
-    (uint64_t)3201434861713736U, (uint64_t)741757984537760U, (uint64_t)163585009419543U,
-    (uint64_t)3837997981109783U, (uint64_t)3771946407870997U, (uint64_t)2867641360295452U,
-    (uint64_t)3097548691501578U, (uint64_t)124624912142104U, (uint64_t)2729896088769328U,
-    (uint64_t)1087786827035225U, (uint64_t)3934000813818614U, (uint64_t)1176792318645055U,
-    (uint64_t)125311882169270U, (uint64_t)3530709439299502U, (uint64_t)1561477829834527U,
-    (uint64_t)3927894570196761U, (uint64_t)3957765307669212U, (uint64_t)105720519513730U,
-    (uint64_t)3758969845816997U, (uint64_t)2738320452287300U, (uint64_t)2380753632109507U,
-    (uint64_t)2762090901149075U, (uint64_t)123455059136515U, (uint64_t)4222807813169807U,
-    (uint64_t)118064783651432U, (uint64_t)2877694712254934U, (uint64_t)3535027426396448U,
-    (uint64_t)100175663703417U, (uint64_t)3287921121213155U, (uint64_t)4497246481824206U,
-    (uint64_t)1960809949007025U, (uint64_t)3236854264159102U, (uint64_t)35028112623717U,
-    (uint64_t)338838627913273U, (uint64_t)2827531947914645U, (uint64_t)4231826783810670U,
-    (uint64_t)1082490106100389U, (uint64_t)13267544387448U, (uint64_t)4249975884259105U,
-    (uint64_t)2844862161652484U, (uint64_t)262742197948971U, (uint64_t)3525653802457116U,
-    (uint64_t)269963889261701U, (uint64_t)3690062482117102U, (uint64_t)675413453822147U,
-    (uint64_t)2170937868437574U, (uint64_t)2367632187022010U, (uint64_t)214032802409445U,
-    (uint64_t)2054007379612477U, (uint64_t)3558050826739009U, (uint64_t)266827184752634U,
-    (uint64_t)1946520293291195U, (uint64_t)238087872386556U, (uint64_t)490056555385700U,
-    (uint64_t)794405769357386U, (uint64_t)3886901294859702U, (uint64_t)3120414548626348U,
-    (uint64_t)84316625221136U, (uint64_t)223073962531835U, (uint64_t)4280846460577631U,
-    (uint64_t)344296282849308U, (uint64_t)3522116652699457U, (uint64_t)171817232053075U,
-    (uint64_t)3296636283062273U, (uint64_t)3587303364425579U, (uint64_t)1033485783633331U,
-    (uint64_t)3686984130812906U, (uint64_t)268290803650477U, (uint64_t)2803988215834467U,
-    (uint64_t)3821246410529720U, (uint64_t)1077722388925870U, (uint64_t)4187137036866164U,
-    (uint64_t)104696540795905U, (uint64_t)998770003854764U, (uint64_t)3960768137535019U,
-    (uint64_t)4293792474919135U, (uint64_t)3251297981727034U, (uint64_t)192479028790101U,
-    (uint64_t)1175880869349935U, (uint64_t)3506949259311937U, (uint64_t)2161711516160714U,
-    (uint64_t)2506820922270187U, (uint64_t)131002200661047U, (uint64_t)3532399477339994U,
-    (uint64_t)2515815721228719U, (uint64_t)4274974119021502U, (uint64_t)265752394510924U,
-    (uint64_t)163144272153395U, (uint64_t)2824260010502991U, (uint64_t)517077012665142U,
-    (uint64_t)602987073882924U, (uint64_t)2939630061751780U, (uint64_t)59211609557440U,
-    (uint64_t)963423614549333U, (uint64_t)495476232754434U, (uint64_t)94274496109103U,
-    (uint64_t)2245136222990187U, (uint64_t)185414764872288U, (uint64_t)2266067668609289U,
-    (uint64_t)3873978896235927U, (uint64_t)4428283513152105U, (uint64_t)3881481480259312U,
-    (uint64_t)207746202010862U, (uint64_t)1609437858011364U, (uint64_t)477585758421515U,
-    (uint64_t)3850430788664649U, (uint64_t)2682299074459173U, (uint64_t)149439089751274U,
-    (uint64_t)3665760243877698U, (uint64_t)1356661512658931U, (uint64_t)1675903262368322U,
-    (uint64_t)3355649228050892U, (uint64_t)99772108898412U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    1277614565900951ULL, 378671684419493ULL, 3176260448102880ULL, 1575691435565077ULL,
+    167304528382180ULL, 2600787765776588ULL, 7497946149293ULL, 2184272641272202ULL,
+    2200235265236628ULL, 265969268774814ULL, 1913228635640715ULL, 2831959046949342ULL,
+    888030405442963ULL, 1817092932985033ULL, 101515844997121ULL, 3309468394859588ULL,
+    3965334773689948ULL, 1945272965790738ULL, 4450939211427964ULL, 211349698782702ULL,
+    2085160302160079ULL, 212812506072603ULL, 3646122434511764ULL, 1711405092320514ULL,
+    95160920508464ULL, 1677683368518073ULL, 4384656939250953ULL, 3548591046529893ULL,
+    1683233536091384ULL, 105919586159941ULL, 1941416002726455ULL, 246264372248216ULL,
+    3063044110922228ULL, 3772292170415825ULL, 222933374989815ULL, 2417211163452935ULL,
+    2018230365573200ULL, 1985974538911047ULL, 1387197705332739ULL, 186400825584956ULL,
+    2469330487750329ULL, 1291983813301638ULL, 333416733706302ULL, 3413315564261070ULL,
+    189444777569683ULL, 1062005622360420ULL, 1800197715938740ULL, 3693110992551647ULL,
+    626990328941945ULL, 40998857100520ULL, 3921983552805085ULL, 1016632437340656ULL,
+    4016615929950878ULL, 2682554586771281ULL, 7043555162389ULL, 3333819830676567ULL,
+    4120091964944036ULL, 1960788263484015ULL, 1642145656273304ULL, 252814075789128ULL,
+    3085777342821357ULL, 4166637997604052ULL, 1339401689756469ULL, 845938529607551ULL,
+    223351828189283ULL, 1148648705186890ULL, 1230525014760605ULL, 1869739475126720ULL,
+    4193966261205530ULL, 175684010336013ULL, 4476719358931508ULL, 4209547487457638ULL,
+    2197536411673724ULL, 3010838433412303ULL, 169318997251483ULL, 49493868302162ULL,
+    3594601099078584ULL, 3662420905445942ULL, 3606544932233685ULL, 270643652662165ULL,
+    180681786228544ULL, 2095882682308564ULL, 813484483841391ULL, 1622665392824698ULL,
+    113821770225137ULL, 3075432444115417ULL, 716502989978722ULL, 2304779892217245ULL,
+    1760144151770127ULL, 235719156963938ULL, 3180013070471143ULL, 1331027634540579ULL,
+    552273022992392ULL, 2858693077461887ULL, 197914407731510ULL, 187252310910959ULL,
+    4160637171377125ULL, 3225059526713298ULL, 2574558217383978ULL, 249695600622489ULL,
+    364988742814327ULL, 4245298536326258ULL, 1812464706589342ULL, 2734857123772998ULL,
+    120105577124628ULL, 160179251271109ULL, 3604555733307834ULL, 150380003195715ULL,
+    1574304909935121ULL, 142190285600761ULL, 1835385847725651ULL, 3168087139615901ULL,
+    3201434861713736ULL, 741757984537760ULL, 163585009419543ULL, 3837997981109783ULL,
+    3771946407870997ULL, 2867641360295452ULL, 3097548691501578ULL, 124624912142104ULL,
+    2729896088769328ULL, 1087786827035225ULL, 3934000813818614ULL, 1176792318645055ULL,
+    125311882169270ULL, 3530709439299502ULL, 1561477829834527ULL, 3927894570196761ULL,
+    3957765307669212ULL, 105720519513730ULL, 3758969845816997ULL, 2738320452287300ULL,
+    2380753632109507ULL, 2762090901149075ULL, 123455059136515ULL, 4222807813169807ULL,
+    118064783651432ULL, 2877694712254934ULL, 3535027426396448ULL, 100175663703417ULL,
+    3287921121213155ULL, 4497246481824206ULL, 1960809949007025ULL, 3236854264159102ULL,
+    35028112623717ULL, 338838627913273ULL, 2827531947914645ULL, 4231826783810670ULL,
+    1082490106100389ULL, 13267544387448ULL, 4249975884259105ULL, 2844862161652484ULL,
+    262742197948971ULL, 3525653802457116ULL, 269963889261701ULL, 3690062482117102ULL,
+    675413453822147ULL, 2170937868437574ULL, 2367632187022010ULL, 214032802409445ULL,
+    2054007379612477ULL, 3558050826739009ULL, 266827184752634ULL, 1946520293291195ULL,
+    238087872386556ULL, 490056555385700ULL, 794405769357386ULL, 3886901294859702ULL,
+    3120414548626348ULL, 84316625221136ULL, 223073962531835ULL, 4280846460577631ULL,
+    344296282849308ULL, 3522116652699457ULL, 171817232053075ULL, 3296636283062273ULL,
+    3587303364425579ULL, 1033485783633331ULL, 3686984130812906ULL, 268290803650477ULL,
+    2803988215834467ULL, 3821246410529720ULL, 1077722388925870ULL, 4187137036866164ULL,
+    104696540795905ULL, 998770003854764ULL, 3960768137535019ULL, 4293792474919135ULL,
+    3251297981727034ULL, 192479028790101ULL, 1175880869349935ULL, 3506949259311937ULL,
+    2161711516160714ULL, 2506820922270187ULL, 131002200661047ULL, 3532399477339994ULL,
+    2515815721228719ULL, 4274974119021502ULL, 265752394510924ULL, 163144272153395ULL,
+    2824260010502991ULL, 517077012665142ULL, 602987073882924ULL, 2939630061751780ULL,
+    59211609557440ULL, 963423614549333ULL, 495476232754434ULL, 94274496109103ULL,
+    2245136222990187ULL, 185414764872288ULL, 2266067668609289ULL, 3873978896235927ULL,
+    4428283513152105ULL, 3881481480259312ULL, 207746202010862ULL, 1609437858011364ULL,
+    477585758421515ULL, 3850430788664649ULL, 2682299074459173ULL, 149439089751274ULL,
+    3665760243877698ULL, 1356661512658931ULL, 1675903262368322ULL, 3355649228050892ULL,
+    99772108898412ULL
   };
 
 static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_g_pow2_192_table_w4[240U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)34056422761564U,
-    (uint64_t)3315864838337811U, (uint64_t)3797032336888745U, (uint64_t)2580641850480806U,
-    (uint64_t)208048944042500U, (uint64_t)1233795288689421U, (uint64_t)1048795233382631U,
-    (uint64_t)646545158071530U, (uint64_t)1816025742137285U, (uint64_t)12245672982162U,
-    (uint64_t)2119364213800870U, (uint64_t)2034960311715107U, (uint64_t)3172697815804487U,
-    (uint64_t)4185144850224160U, (uint64_t)2792055915674U, (uint64_t)795534452139321U,
-    (uint64_t)3647836177838185U, (uint64_t)2681403398797991U, (uint64_t)3149264270306207U,
-    (uint64_t)278704080615511U, (uint64_t)2752552368344718U, (uint64_t)1363840972378818U,
-    (uint64_t)1877521512083293U, (uint64_t)1862111388059470U, (uint64_t)36200324115014U,
-    (uint64_t)4183622899327217U, (uint64_t)747381675363076U, (uint64_t)2772916395314624U,
-    (uint64_t)833767013119965U, (uint64_t)246274452928088U, (uint64_t)1526238021297781U,
-    (uint64_t)3327534966022747U, (uint64_t)1169012581910517U, (uint64_t)4430894603030025U,
-    (uint64_t)149242742442115U, (uint64_t)1002569704307172U, (uint64_t)2763252093432365U,
-    (uint64_t)3037748497732938U, (uint64_t)2329811173939457U, (uint64_t)270769113180752U,
-    (uint64_t)4344092461623432U, (uint64_t)892200524589382U, (uint64_t)2511418516713970U,
-    (uint64_t)103575031265398U, (uint64_t)183736033430252U, (uint64_t)583003071257308U,
-    (uint64_t)3357167344738425U, (uint64_t)4038099763242651U, (uint64_t)1776250620957255U,
-    (uint64_t)51334115864192U, (uint64_t)2616405698969611U, (uint64_t)1196364755910565U,
-    (uint64_t)3135228056210500U, (uint64_t)533729417611761U, (uint64_t)86564351229326U,
-    (uint64_t)98936129527281U, (uint64_t)4425305036630677U, (uint64_t)2980296390253408U,
-    (uint64_t)2487091677325739U, (uint64_t)10501977234280U, (uint64_t)1805646499831077U,
-    (uint64_t)3120615962395477U, (uint64_t)3634629685307533U, (uint64_t)3009632755291436U,
-    (uint64_t)16794051906523U, (uint64_t)2465481597883214U, (uint64_t)211492787490403U,
-    (uint64_t)1120942867046103U, (uint64_t)486438308572108U, (uint64_t)76058986271771U,
-    (uint64_t)2435216584587357U, (uint64_t)3076359381968283U, (uint64_t)1071594491489655U,
-    (uint64_t)3148707450339154U, (uint64_t)249332205737851U, (uint64_t)4171051176626809U,
-    (uint64_t)3165176227956388U, (uint64_t)2400901591835233U, (uint64_t)1435783621333022U,
-    (uint64_t)20312753440321U, (uint64_t)1767293887448005U, (uint64_t)685150647587522U,
-    (uint64_t)2957187934449906U, (uint64_t)382661319140439U, (uint64_t)177583591139601U,
-    (uint64_t)2083572648630743U, (uint64_t)1083410277889419U, (uint64_t)4267902097868310U,
-    (uint64_t)679989918385081U, (uint64_t)123155311554032U, (uint64_t)2830267662472020U,
-    (uint64_t)4476040509735924U, (uint64_t)526697201585144U, (uint64_t)3465306430573135U,
-    (uint64_t)2296616218591U, (uint64_t)1270626872734279U, (uint64_t)1049740198790549U,
-    (uint64_t)4197567214843444U, (uint64_t)1962225231320591U, (uint64_t)186125026796856U,
-    (uint64_t)737027567341142U, (uint64_t)4364616098174U, (uint64_t)3618884818756660U,
-    (uint64_t)1236837563717668U, (uint64_t)162873772439548U, (uint64_t)3081542470065122U,
-    (uint64_t)910331750163991U, (uint64_t)2110498143869827U, (uint64_t)3208473121852657U,
-    (uint64_t)94687786224509U, (uint64_t)4113309027567819U, (uint64_t)4272179438357536U,
-    (uint64_t)1857418654076140U, (uint64_t)1672678841741004U, (uint64_t)94482160248411U,
-    (uint64_t)1928652436799020U, (uint64_t)1750866462381515U, (uint64_t)4048060485672270U,
-    (uint64_t)4006680581258587U, (uint64_t)14850434761312U, (uint64_t)2828734997081648U,
-    (uint64_t)1975589525873972U, (uint64_t)3724347738416009U, (uint64_t)597163266689736U,
-    (uint64_t)14568362978551U, (uint64_t)2203865455839744U, (uint64_t)2237034958890595U,
-    (uint64_t)1863572986731818U, (uint64_t)2329774560279041U, (uint64_t)245105447642201U,
-    (uint64_t)2179697447864822U, (uint64_t)1769609498189882U, (uint64_t)1916950746430931U,
-    (uint64_t)847019613787312U, (uint64_t)163210606565100U, (uint64_t)3658248417400062U,
-    (uint64_t)717138296045881U, (uint64_t)42531212306121U, (uint64_t)1040915917097532U,
-    (uint64_t)77364489101310U, (uint64_t)539253504015590U, (uint64_t)732690726289841U,
-    (uint64_t)3401622034697806U, (uint64_t)2864593278358513U, (uint64_t)142611941887017U,
-    (uint64_t)536364617506702U, (uint64_t)845071859974284U, (uint64_t)4461787417089721U,
-    (uint64_t)2633811871939723U, (uint64_t)113619731985610U, (uint64_t)2535870015489566U,
-    (uint64_t)2146224665077830U, (uint64_t)2593725534662047U, (uint64_t)1332349537449710U,
-    (uint64_t)153375287068096U, (uint64_t)3689977177165276U, (uint64_t)3631865615314120U,
-    (uint64_t)184644878348929U, (uint64_t)2220481726602813U, (uint64_t)204002551273091U,
-    (uint64_t)3022560051766785U, (uint64_t)3125940458001213U, (uint64_t)4258299086906325U,
-    (uint64_t)1072471915162030U, (uint64_t)2797562724530U, (uint64_t)3974298156223059U,
-    (uint64_t)1624778551002554U, (uint64_t)3490703864485971U, (uint64_t)2533877484212458U,
-    (uint64_t)176107782538555U, (uint64_t)4275987398312137U, (uint64_t)4397120757693722U,
-    (uint64_t)3001292763847390U, (uint64_t)1556490837621310U, (uint64_t)70442953037671U,
-    (uint64_t)1558915972545974U, (uint64_t)744724505252845U, (uint64_t)2697230204313363U,
-    (uint64_t)3495671924212144U, (uint64_t)95744296878924U, (uint64_t)1508848630912047U,
-    (uint64_t)4163599342850968U, (uint64_t)1234988733935901U, (uint64_t)3789722472212706U,
-    (uint64_t)219522007052022U, (uint64_t)2106597506701262U, (uint64_t)3231115099832239U,
-    (uint64_t)1296436890593905U, (uint64_t)1016795619587656U, (uint64_t)231150565033388U,
-    (uint64_t)4205501688458754U, (uint64_t)2271569140386062U, (uint64_t)3421769599058157U,
-    (uint64_t)4118408853784554U, (uint64_t)276709341465173U, (uint64_t)2681340614854362U,
-    (uint64_t)2514413365628788U, (uint64_t)62294545067341U, (uint64_t)277610220069365U,
-    (uint64_t)252463150123799U, (uint64_t)2547353593759399U, (uint64_t)1857438147448607U,
-    (uint64_t)2964811969681256U, (uint64_t)3303706463835387U, (uint64_t)248936570980853U,
-    (uint64_t)3208982702478009U, (uint64_t)2518671051730787U, (uint64_t)727433853033835U,
-    (uint64_t)1290389308223446U, (uint64_t)220742793981035U, (uint64_t)3851225361654709U,
-    (uint64_t)2307489307934273U, (uint64_t)1151710489948266U, (uint64_t)289775285210516U,
-    (uint64_t)222685002397295U, (uint64_t)1222117478082108U, (uint64_t)2822029169395728U,
-    (uint64_t)1172146252219882U, (uint64_t)2626108105510259U, (uint64_t)209803527887167U,
-    (uint64_t)2718831919953281U, (uint64_t)4348638387588593U, (uint64_t)3761438313263183U,
-    (uint64_t)13169515318095U, (uint64_t)212893621229476U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    34056422761564ULL, 3315864838337811ULL, 3797032336888745ULL, 2580641850480806ULL,
+    208048944042500ULL, 1233795288689421ULL, 1048795233382631ULL, 646545158071530ULL,
+    1816025742137285ULL, 12245672982162ULL, 2119364213800870ULL, 2034960311715107ULL,
+    3172697815804487ULL, 4185144850224160ULL, 2792055915674ULL, 795534452139321ULL,
+    3647836177838185ULL, 2681403398797991ULL, 3149264270306207ULL, 278704080615511ULL,
+    2752552368344718ULL, 1363840972378818ULL, 1877521512083293ULL, 1862111388059470ULL,
+    36200324115014ULL, 4183622899327217ULL, 747381675363076ULL, 2772916395314624ULL,
+    833767013119965ULL, 246274452928088ULL, 1526238021297781ULL, 3327534966022747ULL,
+    1169012581910517ULL, 4430894603030025ULL, 149242742442115ULL, 1002569704307172ULL,
+    2763252093432365ULL, 3037748497732938ULL, 2329811173939457ULL, 270769113180752ULL,
+    4344092461623432ULL, 892200524589382ULL, 2511418516713970ULL, 103575031265398ULL,
+    183736033430252ULL, 583003071257308ULL, 3357167344738425ULL, 4038099763242651ULL,
+    1776250620957255ULL, 51334115864192ULL, 2616405698969611ULL, 1196364755910565ULL,
+    3135228056210500ULL, 533729417611761ULL, 86564351229326ULL, 98936129527281ULL,
+    4425305036630677ULL, 2980296390253408ULL, 2487091677325739ULL, 10501977234280ULL,
+    1805646499831077ULL, 3120615962395477ULL, 3634629685307533ULL, 3009632755291436ULL,
+    16794051906523ULL, 2465481597883214ULL, 211492787490403ULL, 1120942867046103ULL,
+    486438308572108ULL, 76058986271771ULL, 2435216584587357ULL, 3076359381968283ULL,
+    1071594491489655ULL, 3148707450339154ULL, 249332205737851ULL, 4171051176626809ULL,
+    3165176227956388ULL, 2400901591835233ULL, 1435783621333022ULL, 20312753440321ULL,
+    1767293887448005ULL, 685150647587522ULL, 2957187934449906ULL, 382661319140439ULL,
+    177583591139601ULL, 2083572648630743ULL, 1083410277889419ULL, 4267902097868310ULL,
+    679989918385081ULL, 123155311554032ULL, 2830267662472020ULL, 4476040509735924ULL,
+    526697201585144ULL, 3465306430573135ULL, 2296616218591ULL, 1270626872734279ULL,
+    1049740198790549ULL, 4197567214843444ULL, 1962225231320591ULL, 186125026796856ULL,
+    737027567341142ULL, 4364616098174ULL, 3618884818756660ULL, 1236837563717668ULL,
+    162873772439548ULL, 3081542470065122ULL, 910331750163991ULL, 2110498143869827ULL,
+    3208473121852657ULL, 94687786224509ULL, 4113309027567819ULL, 4272179438357536ULL,
+    1857418654076140ULL, 1672678841741004ULL, 94482160248411ULL, 1928652436799020ULL,
+    1750866462381515ULL, 4048060485672270ULL, 4006680581258587ULL, 14850434761312ULL,
+    2828734997081648ULL, 1975589525873972ULL, 3724347738416009ULL, 597163266689736ULL,
+    14568362978551ULL, 2203865455839744ULL, 2237034958890595ULL, 1863572986731818ULL,
+    2329774560279041ULL, 245105447642201ULL, 2179697447864822ULL, 1769609498189882ULL,
+    1916950746430931ULL, 847019613787312ULL, 163210606565100ULL, 3658248417400062ULL,
+    717138296045881ULL, 42531212306121ULL, 1040915917097532ULL, 77364489101310ULL,
+    539253504015590ULL, 732690726289841ULL, 3401622034697806ULL, 2864593278358513ULL,
+    142611941887017ULL, 536364617506702ULL, 845071859974284ULL, 4461787417089721ULL,
+    2633811871939723ULL, 113619731985610ULL, 2535870015489566ULL, 2146224665077830ULL,
+    2593725534662047ULL, 1332349537449710ULL, 153375287068096ULL, 3689977177165276ULL,
+    3631865615314120ULL, 184644878348929ULL, 2220481726602813ULL, 204002551273091ULL,
+    3022560051766785ULL, 3125940458001213ULL, 4258299086906325ULL, 1072471915162030ULL,
+    2797562724530ULL, 3974298156223059ULL, 1624778551002554ULL, 3490703864485971ULL,
+    2533877484212458ULL, 176107782538555ULL, 4275987398312137ULL, 4397120757693722ULL,
+    3001292763847390ULL, 1556490837621310ULL, 70442953037671ULL, 1558915972545974ULL,
+    744724505252845ULL, 2697230204313363ULL, 3495671924212144ULL, 95744296878924ULL,
+    1508848630912047ULL, 4163599342850968ULL, 1234988733935901ULL, 3789722472212706ULL,
+    219522007052022ULL, 2106597506701262ULL, 3231115099832239ULL, 1296436890593905ULL,
+    1016795619587656ULL, 231150565033388ULL, 4205501688458754ULL, 2271569140386062ULL,
+    3421769599058157ULL, 4118408853784554ULL, 276709341465173ULL, 2681340614854362ULL,
+    2514413365628788ULL, 62294545067341ULL, 277610220069365ULL, 252463150123799ULL,
+    2547353593759399ULL, 1857438147448607ULL, 2964811969681256ULL, 3303706463835387ULL,
+    248936570980853ULL, 3208982702478009ULL, 2518671051730787ULL, 727433853033835ULL,
+    1290389308223446ULL, 220742793981035ULL, 3851225361654709ULL, 2307489307934273ULL,
+    1151710489948266ULL, 289775285210516ULL, 222685002397295ULL, 1222117478082108ULL,
+    2822029169395728ULL, 1172146252219882ULL, 2626108105510259ULL, 209803527887167ULL,
+    2718831919953281ULL, 4348638387588593ULL, 3761438313263183ULL, 13169515318095ULL,
+    212893621229476ULL
   };
 
 static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_basepoint_table_w5[480U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)705178180786072U,
-    (uint64_t)3855836460717471U, (uint64_t)4089131105950716U, (uint64_t)3301581525494108U,
-    (uint64_t)133858670344668U, (uint64_t)2199641648059576U, (uint64_t)1278080618437060U,
-    (uint64_t)3959378566518708U, (uint64_t)3455034269351872U, (uint64_t)79417610544803U,
-    (uint64_t)1U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)1282049064345544U, (uint64_t)971732600440099U, (uint64_t)1014594595727339U,
-    (uint64_t)4392159187541980U, (uint64_t)268327875692285U, (uint64_t)2411661712280539U,
-    (uint64_t)1092576199280126U, (uint64_t)4328619610718051U, (uint64_t)3535440816471627U,
-    (uint64_t)95182251488556U, (uint64_t)1893725512243753U, (uint64_t)3619861457111820U,
-    (uint64_t)879374960417905U, (uint64_t)2868056058129113U, (uint64_t)273195291893682U,
-    (uint64_t)2044797305960112U, (uint64_t)2357106853933780U, (uint64_t)3563112438336058U,
-    (uint64_t)2430811541762558U, (uint64_t)106443809495428U, (uint64_t)2231357633909668U,
-    (uint64_t)3641705835951936U, (uint64_t)80642569314189U, (uint64_t)2254841882373268U,
-    (uint64_t)149848031966573U, (uint64_t)2304615661367764U, (uint64_t)2410957403736446U,
-    (uint64_t)2712754805859804U, (uint64_t)2440183877540536U, (uint64_t)99784623895865U,
-    (uint64_t)3667773127482758U, (uint64_t)1354899394473308U, (uint64_t)3636602998800808U,
-    (uint64_t)2709296679846364U, (uint64_t)7253362091963U, (uint64_t)3585950735562744U,
-    (uint64_t)935775991758415U, (uint64_t)4108078106735201U, (uint64_t)556081800336307U,
-    (uint64_t)229585977163057U, (uint64_t)4055594186679801U, (uint64_t)1767681004944933U,
-    (uint64_t)1432634922083242U, (uint64_t)534935602949197U, (uint64_t)251753159522567U,
-    (uint64_t)2846474078499321U, (uint64_t)4488649590348702U, (uint64_t)2437476916025038U,
-    (uint64_t)3040577412822874U, (uint64_t)79405234918614U, (uint64_t)3030621226551508U,
-    (uint64_t)2801117003929806U, (uint64_t)1642927515498422U, (uint64_t)2802725079726297U,
-    (uint64_t)8472780626107U, (uint64_t)866068070352655U, (uint64_t)188080768545106U,
-    (uint64_t)2152119998903058U, (uint64_t)3391239985029665U, (uint64_t)23820026013564U,
-    (uint64_t)2965064154891949U, (uint64_t)1846516097921398U, (uint64_t)4418379948133146U,
-    (uint64_t)3137755426942400U, (uint64_t)47705291301781U, (uint64_t)4278533051105665U,
-    (uint64_t)3453643211214931U, (uint64_t)3379734319145156U, (uint64_t)3762442192097039U,
-    (uint64_t)40243003528694U, (uint64_t)4063448994211201U, (uint64_t)5697015368785U,
-    (uint64_t)1006545411838613U, (uint64_t)4242291693755210U, (uint64_t)135184629190512U,
-    (uint64_t)264898689131035U, (uint64_t)611796474823597U, (uint64_t)3255382250029089U,
-    (uint64_t)3490429246984696U, (uint64_t)236558595864362U, (uint64_t)2055934691551704U,
-    (uint64_t)1487711670114502U, (uint64_t)1823930698221632U, (uint64_t)2130937287438472U,
-    (uint64_t)154610053389779U, (uint64_t)2746573287023216U, (uint64_t)2430987262221221U,
-    (uint64_t)1668741642878689U, (uint64_t)904982541243977U, (uint64_t)56087343124948U,
-    (uint64_t)393905062353536U, (uint64_t)412681877350188U, (uint64_t)3153602040979977U,
-    (uint64_t)4466820876224989U, (uint64_t)146579165617857U, (uint64_t)2628741216508991U,
-    (uint64_t)747994231529806U, (uint64_t)750506569317681U, (uint64_t)1887492790748779U,
-    (uint64_t)35259008682771U, (uint64_t)2085116434894208U, (uint64_t)543291398921711U,
-    (uint64_t)1144362007901552U, (uint64_t)679305136036846U, (uint64_t)141090902244489U,
-    (uint64_t)632480954474859U, (uint64_t)2384513102652591U, (uint64_t)2225529790159790U,
-    (uint64_t)692258664851625U, (uint64_t)198681843567699U, (uint64_t)2397092587228181U,
-    (uint64_t)145862822166614U, (uint64_t)196976540479452U, (uint64_t)3321831130141455U,
-    (uint64_t)69266673089832U, (uint64_t)4469644227342284U, (uint64_t)3899271145504796U,
-    (uint64_t)1261890974076660U, (uint64_t)525357673886694U, (uint64_t)182135997828583U,
-    (uint64_t)4292760618810332U, (uint64_t)3404186545541683U, (uint64_t)312297386688768U,
-    (uint64_t)204377466824608U, (uint64_t)230900767857952U, (uint64_t)3871485172339693U,
-    (uint64_t)779449329662955U, (uint64_t)978655822464694U, (uint64_t)2278252139594027U,
-    (uint64_t)104641527040382U, (uint64_t)3528840153625765U, (uint64_t)4484699080275273U,
-    (uint64_t)1463971951102316U, (uint64_t)4013910812844749U, (uint64_t)228915589433620U,
-    (uint64_t)1209641433482461U, (uint64_t)4043178788774759U, (uint64_t)3008668238856634U,
-    (uint64_t)1448425089071412U, (uint64_t)26269719725037U, (uint64_t)3330785027545223U,
-    (uint64_t)852657975349259U, (uint64_t)227245054466105U, (uint64_t)1534632353984777U,
-    (uint64_t)207715098574660U, (uint64_t)3209837527352280U, (uint64_t)4051688046309066U,
-    (uint64_t)3839009590725955U, (uint64_t)1321506437398842U, (uint64_t)68340219159928U,
-    (uint64_t)1806950276956275U, (uint64_t)3923908055275295U, (uint64_t)743963253393575U,
-    (uint64_t)42162407478783U, (uint64_t)261334584474610U, (uint64_t)3728224928885214U,
-    (uint64_t)4004701081842869U, (uint64_t)709043201644674U, (uint64_t)4267294249150171U,
-    (uint64_t)255540582975025U, (uint64_t)875490593722211U, (uint64_t)796393708218375U,
-    (uint64_t)14774425627956U, (uint64_t)1500040516752097U, (uint64_t)141076627721678U,
-    (uint64_t)2634539368480628U, (uint64_t)1106488853550103U, (uint64_t)2346231921151930U,
-    (uint64_t)897108283954283U, (uint64_t)64616679559843U, (uint64_t)400244949840943U,
-    (uint64_t)1731263826831733U, (uint64_t)1649996579904651U, (uint64_t)3643693449640761U,
-    (uint64_t)172543068638991U, (uint64_t)329537981097182U, (uint64_t)2029799860802869U,
-    (uint64_t)4377737515208862U, (uint64_t)29103311051334U, (uint64_t)265583594111499U,
-    (uint64_t)3798074876561255U, (uint64_t)184749333259352U, (uint64_t)3117395073661801U,
-    (uint64_t)3695784565008833U, (uint64_t)64282709896721U, (uint64_t)1618968913246422U,
-    (uint64_t)3185235128095257U, (uint64_t)3288745068118692U, (uint64_t)1963818603508782U,
-    (uint64_t)281054350739495U, (uint64_t)1658639050810346U, (uint64_t)3061097601679552U,
-    (uint64_t)3023781433263746U, (uint64_t)2770283391242475U, (uint64_t)144508864751908U,
-    (uint64_t)173576288079856U, (uint64_t)46114579547054U, (uint64_t)1679480127300211U,
-    (uint64_t)1683062051644007U, (uint64_t)117183826129323U, (uint64_t)1894068608117440U,
-    (uint64_t)3846899838975733U, (uint64_t)4289279019496192U, (uint64_t)176995887914031U,
-    (uint64_t)78074942938713U, (uint64_t)454207263265292U, (uint64_t)972683614054061U,
-    (uint64_t)808474205144361U, (uint64_t)942703935951735U, (uint64_t)134460241077887U,
-    (uint64_t)2104196179349630U, (uint64_t)501632371208418U, (uint64_t)1666838991431177U,
-    (uint64_t)445606193139838U, (uint64_t)73704603396096U, (uint64_t)3140284774064777U,
-    (uint64_t)1356066420820179U, (uint64_t)227054159419281U, (uint64_t)1847611229198687U,
-    (uint64_t)82327838827660U, (uint64_t)3704027573265803U, (uint64_t)1585260489220244U,
-    (uint64_t)4404647914931933U, (uint64_t)2424649827425515U, (uint64_t)206821944206116U,
-    (uint64_t)1508635776287972U, (uint64_t)1933584575629676U, (uint64_t)1903635423783032U,
-    (uint64_t)4193642165165650U, (uint64_t)234321074690644U, (uint64_t)210406774251925U,
-    (uint64_t)1965845668185599U, (uint64_t)3059839433804731U, (uint64_t)1933300510683631U,
-    (uint64_t)150696600689211U, (uint64_t)4069293682158567U, (uint64_t)4346344602660044U,
-    (uint64_t)312200249664561U, (uint64_t)2495020807621840U, (uint64_t)1912707714385U,
-    (uint64_t)299345978159762U, (uint64_t)1164752722686920U, (uint64_t)225322433710338U,
-    (uint64_t)3128747381283759U, (uint64_t)275659067815583U, (uint64_t)1489671057429039U,
-    (uint64_t)1567693343342676U, (uint64_t)921672046098071U, (uint64_t)3707418899384085U,
-    (uint64_t)54646424931593U, (uint64_t)4026733380127147U, (uint64_t)2933435393699231U,
-    (uint64_t)3356593659521967U, (uint64_t)3637750749325529U, (uint64_t)232939412379045U,
-    (uint64_t)2298399636043069U, (uint64_t)270361546063041U, (uint64_t)2523933572551420U,
-    (uint64_t)3456896091572950U, (uint64_t)185447004732850U, (uint64_t)429322937697821U,
-    (uint64_t)2579704215668222U, (uint64_t)695065378803349U, (uint64_t)3987916247731243U,
-    (uint64_t)255159546348233U, (uint64_t)3057777929921282U, (uint64_t)1608970699916312U,
-    (uint64_t)1902369623063807U, (uint64_t)1413619643652777U, (uint64_t)94983996321227U,
-    (uint64_t)2832873179548050U, (uint64_t)4335430233622555U, (uint64_t)1559023976028843U,
-    (uint64_t)3297181988648895U, (uint64_t)100072021232323U, (uint64_t)2124984034109675U,
-    (uint64_t)4501252835618918U, (uint64_t)2053336899483297U, (uint64_t)638807226463876U,
-    (uint64_t)278445213600634U, (uint64_t)2311236445660555U, (uint64_t)303317664040012U,
-    (uint64_t)2659353858089024U, (uint64_t)3598827423980130U, (uint64_t)176059343827873U,
-    (uint64_t)3891639526275437U, (uint64_t)252823982819463U, (uint64_t)3404823300622345U,
-    (uint64_t)2758370772497456U, (uint64_t)91397496598783U, (uint64_t)2248661144141892U,
-    (uint64_t)491087075271969U, (uint64_t)1786344894571315U, (uint64_t)452497694885923U,
-    (uint64_t)34039628873357U, (uint64_t)2116503165025197U, (uint64_t)4436733709429923U,
-    (uint64_t)3045800776819238U, (uint64_t)1385518906078375U, (uint64_t)110495603336764U,
-    (uint64_t)4051447296249587U, (uint64_t)1103557421498625U, (uint64_t)1840785058439622U,
-    (uint64_t)425322753992314U, (uint64_t)98330046771676U, (uint64_t)365407468686431U,
-    (uint64_t)2611246859977123U, (uint64_t)3050253933135339U, (uint64_t)1006482220896688U,
-    (uint64_t)166818196428389U, (uint64_t)3415236093104372U, (uint64_t)1762308883882288U,
-    (uint64_t)1327828123094558U, (uint64_t)3403946425556706U, (uint64_t)96503464455441U,
-    (uint64_t)3893015304031471U, (uint64_t)3740839477490397U, (uint64_t)2411470812852231U,
-    (uint64_t)940927462436211U, (uint64_t)163825285911099U, (uint64_t)1622441495640386U,
-    (uint64_t)850224095680266U, (uint64_t)76199085900939U, (uint64_t)1941852365144042U,
-    (uint64_t)140326673652807U, (uint64_t)3161611011249524U, (uint64_t)317297150009965U,
-    (uint64_t)2145053259340619U, (uint64_t)2180498176457552U, (uint64_t)38457740506224U,
-    (uint64_t)394174899129468U, (uint64_t)2687474560485245U, (uint64_t)1542175980184516U,
-    (uint64_t)1628502671124819U, (uint64_t)48477401124385U, (uint64_t)4474181600025082U,
-    (uint64_t)2142747956365708U, (uint64_t)1638299432475478U, (uint64_t)2005869320353249U,
-    (uint64_t)112292630760956U, (uint64_t)1887521965171588U, (uint64_t)457587531429696U,
-    (uint64_t)840994209504042U, (uint64_t)4268060856325798U, (uint64_t)195597993440388U,
-    (uint64_t)4148484749020338U, (uint64_t)2074885000909672U, (uint64_t)2309839019263165U,
-    (uint64_t)2087616209681024U, (uint64_t)257214370719966U, (uint64_t)2331363508376581U,
-    (uint64_t)1233124357504711U, (uint64_t)2849542202650296U, (uint64_t)3790982825325736U,
-    (uint64_t)13381453503890U, (uint64_t)1665246594531069U, (uint64_t)4165624287443904U,
-    (uint64_t)3418759698027493U, (uint64_t)2118493255117399U, (uint64_t)136249206366067U,
-    (uint64_t)4064050233283309U, (uint64_t)1368779887911300U, (uint64_t)4370550759530269U,
-    (uint64_t)66992990631341U, (uint64_t)84442368922270U, (uint64_t)2139322635321394U,
-    (uint64_t)2076163483726795U, (uint64_t)657097866349103U, (uint64_t)2095579409488071U,
-    (uint64_t)226525774791341U, (uint64_t)4445744257665359U, (uint64_t)2035752839278107U,
-    (uint64_t)1998242662838304U, (uint64_t)1601548415521694U, (uint64_t)151297684296198U,
-    (uint64_t)1350963039017303U, (uint64_t)2624916349548281U, (uint64_t)2018863259670197U,
-    (uint64_t)2717274357461290U, (uint64_t)94024796961533U, (uint64_t)711335520409111U,
-    (uint64_t)4322093765820263U, (uint64_t)2041650358174649U, (uint64_t)3439791603157577U,
-    (uint64_t)179292018616267U, (uint64_t)2436436921286669U, (uint64_t)3905268797208340U,
-    (uint64_t)2829194895162985U, (uint64_t)1355175382191543U, (uint64_t)55128779761539U,
-    (uint64_t)2648428998786922U, (uint64_t)869805912573515U, (uint64_t)3706708942847864U,
-    (uint64_t)2785288916584667U, (uint64_t)37156862850147U, (uint64_t)1422245336293228U,
-    (uint64_t)4497066058933021U, (uint64_t)85588912978349U, (uint64_t)2616252221194611U,
-    (uint64_t)53506393720989U, (uint64_t)3727539190732644U, (uint64_t)872132446545237U,
-    (uint64_t)933583590986077U, (uint64_t)3794591170581203U, (uint64_t)167875550514069U,
-    (uint64_t)2267466834993297U, (uint64_t)3072652681756816U, (uint64_t)2108499037430803U,
-    (uint64_t)1606735192928366U, (uint64_t)72339568815255U, (uint64_t)3258484260684219U,
-    (uint64_t)3277927277719855U, (uint64_t)2459560373011535U, (uint64_t)1672794293294033U,
-    (uint64_t)227460934880669U, (uint64_t)3702454405413705U, (uint64_t)106168148441676U,
-    (uint64_t)1356617643071159U, (uint64_t)3280896569942762U, (uint64_t)142618711614302U,
-    (uint64_t)4291782740862057U, (uint64_t)4141020884874235U, (uint64_t)3720787221267125U,
-    (uint64_t)552884940089351U, (uint64_t)174626154407180U, (uint64_t)972071013326540U,
-    (uint64_t)4458530419931903U, (uint64_t)4435168973822858U, (uint64_t)1902967548748411U,
-    (uint64_t)53007977605840U, (uint64_t)2453997334323925U, (uint64_t)3653077937283262U,
-    (uint64_t)850660265046356U, (uint64_t)312721924805450U, (uint64_t)268503679240683U,
-    (uint64_t)256960167714122U, (uint64_t)1474492507858350U, (uint64_t)2456345526438488U,
-    (uint64_t)3686029507160255U, (uint64_t)279158933010398U, (uint64_t)3646946293948063U,
-    (uint64_t)704477527214036U, (uint64_t)3387744169891031U, (uint64_t)3772622670980241U,
-    (uint64_t)136368897543304U, (uint64_t)3744894052577607U, (uint64_t)1976007214443430U,
-    (uint64_t)2090045379763451U, (uint64_t)968565474458988U, (uint64_t)234295114806066U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    705178180786072ULL, 3855836460717471ULL, 4089131105950716ULL, 3301581525494108ULL,
+    133858670344668ULL, 2199641648059576ULL, 1278080618437060ULL, 3959378566518708ULL,
+    3455034269351872ULL, 79417610544803ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1282049064345544ULL,
+    971732600440099ULL, 1014594595727339ULL, 4392159187541980ULL, 268327875692285ULL,
+    2411661712280539ULL, 1092576199280126ULL, 4328619610718051ULL, 3535440816471627ULL,
+    95182251488556ULL, 1893725512243753ULL, 3619861457111820ULL, 879374960417905ULL,
+    2868056058129113ULL, 273195291893682ULL, 2044797305960112ULL, 2357106853933780ULL,
+    3563112438336058ULL, 2430811541762558ULL, 106443809495428ULL, 2231357633909668ULL,
+    3641705835951936ULL, 80642569314189ULL, 2254841882373268ULL, 149848031966573ULL,
+    2304615661367764ULL, 2410957403736446ULL, 2712754805859804ULL, 2440183877540536ULL,
+    99784623895865ULL, 3667773127482758ULL, 1354899394473308ULL, 3636602998800808ULL,
+    2709296679846364ULL, 7253362091963ULL, 3585950735562744ULL, 935775991758415ULL,
+    4108078106735201ULL, 556081800336307ULL, 229585977163057ULL, 4055594186679801ULL,
+    1767681004944933ULL, 1432634922083242ULL, 534935602949197ULL, 251753159522567ULL,
+    2846474078499321ULL, 4488649590348702ULL, 2437476916025038ULL, 3040577412822874ULL,
+    79405234918614ULL, 3030621226551508ULL, 2801117003929806ULL, 1642927515498422ULL,
+    2802725079726297ULL, 8472780626107ULL, 866068070352655ULL, 188080768545106ULL,
+    2152119998903058ULL, 3391239985029665ULL, 23820026013564ULL, 2965064154891949ULL,
+    1846516097921398ULL, 4418379948133146ULL, 3137755426942400ULL, 47705291301781ULL,
+    4278533051105665ULL, 3453643211214931ULL, 3379734319145156ULL, 3762442192097039ULL,
+    40243003528694ULL, 4063448994211201ULL, 5697015368785ULL, 1006545411838613ULL,
+    4242291693755210ULL, 135184629190512ULL, 264898689131035ULL, 611796474823597ULL,
+    3255382250029089ULL, 3490429246984696ULL, 236558595864362ULL, 2055934691551704ULL,
+    1487711670114502ULL, 1823930698221632ULL, 2130937287438472ULL, 154610053389779ULL,
+    2746573287023216ULL, 2430987262221221ULL, 1668741642878689ULL, 904982541243977ULL,
+    56087343124948ULL, 393905062353536ULL, 412681877350188ULL, 3153602040979977ULL,
+    4466820876224989ULL, 146579165617857ULL, 2628741216508991ULL, 747994231529806ULL,
+    750506569317681ULL, 1887492790748779ULL, 35259008682771ULL, 2085116434894208ULL,
+    543291398921711ULL, 1144362007901552ULL, 679305136036846ULL, 141090902244489ULL,
+    632480954474859ULL, 2384513102652591ULL, 2225529790159790ULL, 692258664851625ULL,
+    198681843567699ULL, 2397092587228181ULL, 145862822166614ULL, 196976540479452ULL,
+    3321831130141455ULL, 69266673089832ULL, 4469644227342284ULL, 3899271145504796ULL,
+    1261890974076660ULL, 525357673886694ULL, 182135997828583ULL, 4292760618810332ULL,
+    3404186545541683ULL, 312297386688768ULL, 204377466824608ULL, 230900767857952ULL,
+    3871485172339693ULL, 779449329662955ULL, 978655822464694ULL, 2278252139594027ULL,
+    104641527040382ULL, 3528840153625765ULL, 4484699080275273ULL, 1463971951102316ULL,
+    4013910812844749ULL, 228915589433620ULL, 1209641433482461ULL, 4043178788774759ULL,
+    3008668238856634ULL, 1448425089071412ULL, 26269719725037ULL, 3330785027545223ULL,
+    852657975349259ULL, 227245054466105ULL, 1534632353984777ULL, 207715098574660ULL,
+    3209837527352280ULL, 4051688046309066ULL, 3839009590725955ULL, 1321506437398842ULL,
+    68340219159928ULL, 1806950276956275ULL, 3923908055275295ULL, 743963253393575ULL,
+    42162407478783ULL, 261334584474610ULL, 3728224928885214ULL, 4004701081842869ULL,
+    709043201644674ULL, 4267294249150171ULL, 255540582975025ULL, 875490593722211ULL,
+    796393708218375ULL, 14774425627956ULL, 1500040516752097ULL, 141076627721678ULL,
+    2634539368480628ULL, 1106488853550103ULL, 2346231921151930ULL, 897108283954283ULL,
+    64616679559843ULL, 400244949840943ULL, 1731263826831733ULL, 1649996579904651ULL,
+    3643693449640761ULL, 172543068638991ULL, 329537981097182ULL, 2029799860802869ULL,
+    4377737515208862ULL, 29103311051334ULL, 265583594111499ULL, 3798074876561255ULL,
+    184749333259352ULL, 3117395073661801ULL, 3695784565008833ULL, 64282709896721ULL,
+    1618968913246422ULL, 3185235128095257ULL, 3288745068118692ULL, 1963818603508782ULL,
+    281054350739495ULL, 1658639050810346ULL, 3061097601679552ULL, 3023781433263746ULL,
+    2770283391242475ULL, 144508864751908ULL, 173576288079856ULL, 46114579547054ULL,
+    1679480127300211ULL, 1683062051644007ULL, 117183826129323ULL, 1894068608117440ULL,
+    3846899838975733ULL, 4289279019496192ULL, 176995887914031ULL, 78074942938713ULL,
+    454207263265292ULL, 972683614054061ULL, 808474205144361ULL, 942703935951735ULL,
+    134460241077887ULL, 2104196179349630ULL, 501632371208418ULL, 1666838991431177ULL,
+    445606193139838ULL, 73704603396096ULL, 3140284774064777ULL, 1356066420820179ULL,
+    227054159419281ULL, 1847611229198687ULL, 82327838827660ULL, 3704027573265803ULL,
+    1585260489220244ULL, 4404647914931933ULL, 2424649827425515ULL, 206821944206116ULL,
+    1508635776287972ULL, 1933584575629676ULL, 1903635423783032ULL, 4193642165165650ULL,
+    234321074690644ULL, 210406774251925ULL, 1965845668185599ULL, 3059839433804731ULL,
+    1933300510683631ULL, 150696600689211ULL, 4069293682158567ULL, 4346344602660044ULL,
+    312200249664561ULL, 2495020807621840ULL, 1912707714385ULL, 299345978159762ULL,
+    1164752722686920ULL, 225322433710338ULL, 3128747381283759ULL, 275659067815583ULL,
+    1489671057429039ULL, 1567693343342676ULL, 921672046098071ULL, 3707418899384085ULL,
+    54646424931593ULL, 4026733380127147ULL, 2933435393699231ULL, 3356593659521967ULL,
+    3637750749325529ULL, 232939412379045ULL, 2298399636043069ULL, 270361546063041ULL,
+    2523933572551420ULL, 3456896091572950ULL, 185447004732850ULL, 429322937697821ULL,
+    2579704215668222ULL, 695065378803349ULL, 3987916247731243ULL, 255159546348233ULL,
+    3057777929921282ULL, 1608970699916312ULL, 1902369623063807ULL, 1413619643652777ULL,
+    94983996321227ULL, 2832873179548050ULL, 4335430233622555ULL, 1559023976028843ULL,
+    3297181988648895ULL, 100072021232323ULL, 2124984034109675ULL, 4501252835618918ULL,
+    2053336899483297ULL, 638807226463876ULL, 278445213600634ULL, 2311236445660555ULL,
+    303317664040012ULL, 2659353858089024ULL, 3598827423980130ULL, 176059343827873ULL,
+    3891639526275437ULL, 252823982819463ULL, 3404823300622345ULL, 2758370772497456ULL,
+    91397496598783ULL, 2248661144141892ULL, 491087075271969ULL, 1786344894571315ULL,
+    452497694885923ULL, 34039628873357ULL, 2116503165025197ULL, 4436733709429923ULL,
+    3045800776819238ULL, 1385518906078375ULL, 110495603336764ULL, 4051447296249587ULL,
+    1103557421498625ULL, 1840785058439622ULL, 425322753992314ULL, 98330046771676ULL,
+    365407468686431ULL, 2611246859977123ULL, 3050253933135339ULL, 1006482220896688ULL,
+    166818196428389ULL, 3415236093104372ULL, 1762308883882288ULL, 1327828123094558ULL,
+    3403946425556706ULL, 96503464455441ULL, 3893015304031471ULL, 3740839477490397ULL,
+    2411470812852231ULL, 940927462436211ULL, 163825285911099ULL, 1622441495640386ULL,
+    850224095680266ULL, 76199085900939ULL, 1941852365144042ULL, 140326673652807ULL,
+    3161611011249524ULL, 317297150009965ULL, 2145053259340619ULL, 2180498176457552ULL,
+    38457740506224ULL, 394174899129468ULL, 2687474560485245ULL, 1542175980184516ULL,
+    1628502671124819ULL, 48477401124385ULL, 4474181600025082ULL, 2142747956365708ULL,
+    1638299432475478ULL, 2005869320353249ULL, 112292630760956ULL, 1887521965171588ULL,
+    457587531429696ULL, 840994209504042ULL, 4268060856325798ULL, 195597993440388ULL,
+    4148484749020338ULL, 2074885000909672ULL, 2309839019263165ULL, 2087616209681024ULL,
+    257214370719966ULL, 2331363508376581ULL, 1233124357504711ULL, 2849542202650296ULL,
+    3790982825325736ULL, 13381453503890ULL, 1665246594531069ULL, 4165624287443904ULL,
+    3418759698027493ULL, 2118493255117399ULL, 136249206366067ULL, 4064050233283309ULL,
+    1368779887911300ULL, 4370550759530269ULL, 66992990631341ULL, 84442368922270ULL,
+    2139322635321394ULL, 2076163483726795ULL, 657097866349103ULL, 2095579409488071ULL,
+    226525774791341ULL, 4445744257665359ULL, 2035752839278107ULL, 1998242662838304ULL,
+    1601548415521694ULL, 151297684296198ULL, 1350963039017303ULL, 2624916349548281ULL,
+    2018863259670197ULL, 2717274357461290ULL, 94024796961533ULL, 711335520409111ULL,
+    4322093765820263ULL, 2041650358174649ULL, 3439791603157577ULL, 179292018616267ULL,
+    2436436921286669ULL, 3905268797208340ULL, 2829194895162985ULL, 1355175382191543ULL,
+    55128779761539ULL, 2648428998786922ULL, 869805912573515ULL, 3706708942847864ULL,
+    2785288916584667ULL, 37156862850147ULL, 1422245336293228ULL, 4497066058933021ULL,
+    85588912978349ULL, 2616252221194611ULL, 53506393720989ULL, 3727539190732644ULL,
+    872132446545237ULL, 933583590986077ULL, 3794591170581203ULL, 167875550514069ULL,
+    2267466834993297ULL, 3072652681756816ULL, 2108499037430803ULL, 1606735192928366ULL,
+    72339568815255ULL, 3258484260684219ULL, 3277927277719855ULL, 2459560373011535ULL,
+    1672794293294033ULL, 227460934880669ULL, 3702454405413705ULL, 106168148441676ULL,
+    1356617643071159ULL, 3280896569942762ULL, 142618711614302ULL, 4291782740862057ULL,
+    4141020884874235ULL, 3720787221267125ULL, 552884940089351ULL, 174626154407180ULL,
+    972071013326540ULL, 4458530419931903ULL, 4435168973822858ULL, 1902967548748411ULL,
+    53007977605840ULL, 2453997334323925ULL, 3653077937283262ULL, 850660265046356ULL,
+    312721924805450ULL, 268503679240683ULL, 256960167714122ULL, 1474492507858350ULL,
+    2456345526438488ULL, 3686029507160255ULL, 279158933010398ULL, 3646946293948063ULL,
+    704477527214036ULL, 3387744169891031ULL, 3772622670980241ULL, 136368897543304ULL,
+    3744894052577607ULL, 1976007214443430ULL, 2090045379763451ULL, 968565474458988ULL,
+    234295114806066ULL
   };
 
 #if defined(__cplusplus)
diff --git a/include/internal/Hacl_Poly1305_128.h b/include/internal/Hacl_MAC_Poly1305.h
similarity index 77%
rename from include/internal/Hacl_Poly1305_128.h
rename to include/internal/Hacl_MAC_Poly1305.h
index b9964714..29e1734a 100644
--- a/include/internal/Hacl_Poly1305_128.h
+++ b/include/internal/Hacl_MAC_Poly1305.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __internal_Hacl_Poly1305_128_H
-#define __internal_Hacl_Poly1305_128_H
+#ifndef __internal_Hacl_MAC_Poly1305_H
+#define __internal_Hacl_MAC_Poly1305_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,21 +35,15 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "../Hacl_Poly1305_128.h"
-#include "libintvector.h"
+#include "../Hacl_MAC_Poly1305.h"
 
-void
-Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b);
+void Hacl_MAC_Poly1305_poly1305_init(uint64_t *ctx, uint8_t *key);
 
-void
-Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
-  Lib_IntVector_Intrinsics_vec128 *out,
-  Lib_IntVector_Intrinsics_vec128 *p
-);
+void Hacl_MAC_Poly1305_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __internal_Hacl_Poly1305_128_H_DEFINED
+#define __internal_Hacl_MAC_Poly1305_H_DEFINED
 #endif
diff --git a/include/msvc/internal/Hacl_Poly1305_128.h b/include/internal/Hacl_MAC_Poly1305_Simd128.h
similarity index 73%
rename from include/msvc/internal/Hacl_Poly1305_128.h
rename to include/internal/Hacl_MAC_Poly1305_Simd128.h
index b9964714..fe120e43 100644
--- a/include/msvc/internal/Hacl_Poly1305_128.h
+++ b/include/internal/Hacl_MAC_Poly1305_Simd128.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __internal_Hacl_Poly1305_128_H
-#define __internal_Hacl_Poly1305_128_H
+#ifndef __internal_Hacl_MAC_Poly1305_Simd128_H
+#define __internal_Hacl_MAC_Poly1305_Simd128_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,21 +35,30 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "../Hacl_Poly1305_128.h"
+#include "../Hacl_MAC_Poly1305_Simd128.h"
 #include "libintvector.h"
 
-void
-Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b);
+void Hacl_MAC_Poly1305_Simd128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b);
 
 void
-Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
+Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize(
   Lib_IntVector_Intrinsics_vec128 *out,
   Lib_IntVector_Intrinsics_vec128 *p
 );
 
+void
+Hacl_MAC_Poly1305_Simd128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key);
+
+void
+Hacl_MAC_Poly1305_Simd128_poly1305_finish(
+  uint8_t *tag,
+  uint8_t *key,
+  Lib_IntVector_Intrinsics_vec128 *ctx
+);
+
 #if defined(__cplusplus)
 }
 #endif
 
-#define __internal_Hacl_Poly1305_128_H_DEFINED
+#define __internal_Hacl_MAC_Poly1305_Simd128_H_DEFINED
 #endif
diff --git a/include/msvc/internal/Hacl_Poly1305_256.h b/include/internal/Hacl_MAC_Poly1305_Simd256.h
similarity index 73%
rename from include/msvc/internal/Hacl_Poly1305_256.h
rename to include/internal/Hacl_MAC_Poly1305_Simd256.h
index 21d78b16..7bf106c1 100644
--- a/include/msvc/internal/Hacl_Poly1305_256.h
+++ b/include/internal/Hacl_MAC_Poly1305_Simd256.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __internal_Hacl_Poly1305_256_H
-#define __internal_Hacl_Poly1305_256_H
+#ifndef __internal_Hacl_MAC_Poly1305_Simd256_H
+#define __internal_Hacl_MAC_Poly1305_Simd256_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,21 +35,30 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "../Hacl_Poly1305_256.h"
+#include "../Hacl_MAC_Poly1305_Simd256.h"
 #include "libintvector.h"
 
-void
-Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b);
+void Hacl_MAC_Poly1305_Simd256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b);
 
 void
-Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
+Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256 *out,
   Lib_IntVector_Intrinsics_vec256 *p
 );
 
+void
+Hacl_MAC_Poly1305_Simd256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key);
+
+void
+Hacl_MAC_Poly1305_Simd256_poly1305_finish(
+  uint8_t *tag,
+  uint8_t *key,
+  Lib_IntVector_Intrinsics_vec256 *ctx
+);
+
 #if defined(__cplusplus)
 }
 #endif
 
-#define __internal_Hacl_Poly1305_256_H_DEFINED
+#define __internal_Hacl_MAC_Poly1305_Simd256_H_DEFINED
 #endif
diff --git a/include/internal/Hacl_P256_PrecompTable.h b/include/internal/Hacl_P256_PrecompTable.h
index f185c2be..c852ef8c 100644
--- a/include/internal/Hacl_P256_PrecompTable.h
+++ b/include/internal/Hacl_P256_PrecompTable.h
@@ -39,476 +39,360 @@ static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_basepoint_table_w4[192U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U,
-    (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U,
-    (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U,
-    (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U,
-    (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U,
-    (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U,
-    (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U,
-    (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U,
-    (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U,
-    (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U,
-    (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U,
-    (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U,
-    (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U,
-    (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U,
-    (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U,
-    (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U,
-    (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U,
-    (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U,
-    (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U,
-    (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U,
-    (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U,
-    (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U,
-    (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U,
-    (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U,
-    (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U,
-    (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U,
-    (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U,
-    (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U,
-    (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U,
-    (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U,
-    (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U,
-    (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U,
-    (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U,
-    (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U,
-    (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U,
-    (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U,
-    (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U,
-    (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U,
-    (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U,
-    (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U,
-    (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U,
-    (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U,
-    (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U,
-    (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U,
-    (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U,
-    (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U,
-    (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U,
-    (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U,
-    (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U,
-    (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U,
-    (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U,
-    (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U,
-    (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U,
-    (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U,
-    (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U,
-    (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U,
-    (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U,
-    (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U,
-    (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U,
-    (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U,
-    (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U,
-    (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U,
-    (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U,
-    (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U,
-    (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U,
-    (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U,
-    (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U,
-    (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 8784043285714375740ULL, 8483257759279461889ULL, 8789745728267363600ULL,
+    1770019616739251654ULL, 15992936863339206154ULL, 10037038012062884956ULL,
+    15197544864945402661ULL, 9615747158586711429ULL, 1ULL, 18446744069414584320ULL,
+    18446744073709551615ULL, 4294967294ULL, 10634854829044225757ULL, 351552716085025155ULL,
+    10645315080955407736ULL, 3609262091244858135ULL, 15760741698986874125ULL,
+    14936374388219697827ULL, 15751360096993017895ULL, 18012233706239762398ULL,
+    1993877568177495041ULL, 10345888787846536528ULL, 7746511691117935375ULL,
+    14517043990409914413ULL, 14122549297570634151ULL, 16934610359517083771ULL,
+    5724511325497097418ULL, 8983432969107448705ULL, 2687429970334080245ULL, 16525396802810050288ULL,
+    7602596488871585854ULL, 4813919589149203084ULL, 7680395813780804519ULL, 6687709583048023590ULL,
+    18086445169104142027ULL, 9637814708330203929ULL, 14785108459960679090ULL,
+    3838023279095023581ULL, 3555615526157830307ULL, 5177066488380472871ULL, 18218186719108038403ULL,
+    16281556341699656105ULL, 1524227924561461191ULL, 4148060517641909597ULL, 2858290374115363433ULL,
+    8942772026334130620ULL, 3034451298319885113ULL, 8447866036736640940ULL, 11204933433076256578ULL,
+    18333595740249588297ULL, 8259597024804538246ULL, 9539734295777539786ULL, 9797290423046626413ULL,
+    5777303437849646537ULL, 8739356909899132020ULL, 14815960973766782158ULL,
+    15286581798204509801ULL, 17597362577777019682ULL, 13259283710820519742ULL,
+    10501322996899164670ULL, 1221138904338319642ULL, 14586685489551951885ULL, 895326705426031212ULL,
+    14398171728560617847ULL, 9592550823745097391ULL, 17240998489162206026ULL,
+    8085479283308189196ULL, 14844657737893882826ULL, 15923425394150618234ULL,
+    2997808084773249525ULL, 494323555453660587ULL, 1215695327517794764ULL, 9476207381098391690ULL,
+    7480789678419122995ULL, 15212230329321082489ULL, 436189395349576388ULL, 17377474396456660834ULL,
+    15237013929655017939ULL, 11444428846883781676ULL, 5112749694521428575ULL, 950829367509872073ULL,
+    17665036182057559519ULL, 17205133339690002313ULL, 16233765170251334549ULL,
+    10122775683257972591ULL, 3352514236455632420ULL, 9143148522359954691ULL, 601191684005658860ULL,
+    13398772186646349998ULL, 15512696600132928431ULL, 9128416073728948653ULL,
+    11233051033546138578ULL, 6769345682610122833ULL, 10823233224575054288ULL,
+    9997725227559980175ULL, 6733425642852897415ULL, 16302206918151466066ULL, 1669330822143265921ULL,
+    2661645605036546002ULL, 17182558479745802165ULL, 1165082692376932040ULL, 9470595929011488359ULL,
+    6142147329285324932ULL, 4829075085998111287ULL, 10231370681107338930ULL, 9591876895322495239ULL,
+    10316468561384076618ULL, 11592503647238064235ULL, 13395813606055179632ULL,
+    511127033980815508ULL, 12434976573147649880ULL, 3425094795384359127ULL, 6816971736303023445ULL,
+    15444670609021139344ULL, 9464349818322082360ULL, 16178216413042376883ULL,
+    9595540370774317348ULL, 7229365182662875710ULL, 4601177649460012843ULL, 5455046447382487090ULL,
+    10854066421606187521ULL, 15913416821879788071ULL, 2297365362023460173ULL,
+    2603252216454941350ULL, 6768791943870490934ULL, 15705936687122754810ULL, 9537096567546600694ULL,
+    17580538144855035062ULL, 4496542856965746638ULL, 8444341625922124942ULL,
+    12191263903636183168ULL, 17427332907535974165ULL, 14307569739254103736ULL,
+    13900598742063266169ULL, 7176996424355977650ULL, 5709008170379717479ULL,
+    14471312052264549092ULL, 1464519909491759867ULL, 3328154641049602121ULL,
+    13020349337171136774ULL, 2772166279972051938ULL, 10854476939425975292ULL,
+    1967189930534630940ULL, 2802919076529341959ULL, 14792226094833519208ULL,
+    14675640928566522177ULL, 14838974364643800837ULL, 17631460696099549980ULL,
+    17434186275364935469ULL, 2665648200587705473ULL, 13202122464492564051ULL,
+    7576287350918073341ULL, 2272206013910186424ULL, 14558761641743937843ULL, 5675729149929979729ULL,
+    9043135187561613166ULL, 11750149293830589225ULL, 740555197954307911ULL, 9871738005087190699ULL,
+    17178667634283502053ULL, 18046255991533013265ULL, 4458222096988430430ULL,
+    8452427758526311627ULL, 13825286929656615266ULL, 13956286357198391218ULL,
+    15875692916799995079ULL, 10634895319157013920ULL, 13230116118036304207ULL,
+    8795317393614625606ULL, 7001710806858862020ULL, 7949746088586183478ULL, 14677556044923602317ULL,
+    11184023437485843904ULL, 11215864722023085094ULL, 6444464081471519014ULL,
+    1706241174022415217ULL, 8243975633057550613ULL, 15502902453836085864ULL, 3799182188594003953ULL,
+    3538840175098724094ULL
   };
 
 static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_g_pow2_64_table_w4[192U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1499621593102562565U,
-    (uint64_t)16692369783039433128U, (uint64_t)15337520135922861848U,
-    (uint64_t)5455737214495366228U, (uint64_t)17827017231032529600U,
-    (uint64_t)12413621606240782649U, (uint64_t)2290483008028286132U,
-    (uint64_t)15752017553340844820U, (uint64_t)4846430910634234874U,
-    (uint64_t)10861682798464583253U, (uint64_t)15404737222404363049U, (uint64_t)363586619281562022U,
-    (uint64_t)9866710912401645115U, (uint64_t)1162548847543228595U, (uint64_t)7649967190445130486U,
-    (uint64_t)5212340432230915749U, (uint64_t)7572620550182916491U, (uint64_t)14876145112448665096U,
-    (uint64_t)2063227348838176167U, (uint64_t)3519435548295415847U, (uint64_t)8390400282019023103U,
-    (uint64_t)17666843593163037841U, (uint64_t)9450204148816496323U, (uint64_t)8483374507652916768U,
-    (uint64_t)6254661047265818424U, (uint64_t)16382127809582285023U, (uint64_t)125359443771153172U,
-    (uint64_t)1374336701588437897U, (uint64_t)11362596098420127726U, (uint64_t)2101654420738681387U,
-    (uint64_t)12772780342444840510U, (uint64_t)12546934328908550060U,
-    (uint64_t)8331880412333790397U, (uint64_t)11687262051473819904U, (uint64_t)8926848496503457587U,
-    (uint64_t)9603974142010467857U, (uint64_t)13199952163826973175U, (uint64_t)2189856264898797734U,
-    (uint64_t)11356074861870267226U, (uint64_t)2027714896422561895U, (uint64_t)5261606367808050149U,
-    (uint64_t)153855954337762312U, (uint64_t)6375919692894573986U, (uint64_t)12364041207536146533U,
-    (uint64_t)1891896010455057160U, (uint64_t)1568123795087313171U, (uint64_t)18138710056556660101U,
-    (uint64_t)6004886947510047736U, (uint64_t)4811859325589542932U, (uint64_t)3618763430148954981U,
-    (uint64_t)11434521746258554122U, (uint64_t)10086341535864049427U,
-    (uint64_t)8073421629570399570U, (uint64_t)12680586148814729338U, (uint64_t)9619958020761569612U,
-    (uint64_t)15827203580658384478U, (uint64_t)12832694810937550406U,
-    (uint64_t)14977975484447400910U, (uint64_t)5478002389061063653U,
-    (uint64_t)14731136312639060880U, (uint64_t)4317867687275472033U, (uint64_t)6642650962855259884U,
-    (uint64_t)2514254944289495285U, (uint64_t)14231405641534478436U, (uint64_t)4045448346091518946U,
-    (uint64_t)8985477013445972471U, (uint64_t)8869039454457032149U, (uint64_t)4356978486208692970U,
-    (uint64_t)10805288613335538577U, (uint64_t)12832353127812502042U,
-    (uint64_t)4576590051676547490U, (uint64_t)6728053735138655107U, (uint64_t)17814206719173206184U,
-    (uint64_t)79790138573994940U, (uint64_t)17920293215101822267U, (uint64_t)13422026625585728864U,
-    (uint64_t)5018058010492547271U, (uint64_t)110232326023384102U, (uint64_t)10834264070056942976U,
-    (uint64_t)15222249086119088588U, (uint64_t)15119439519142044997U,
-    (uint64_t)11655511970063167313U, (uint64_t)1614477029450566107U, (uint64_t)3619322817271059794U,
-    (uint64_t)9352862040415412867U, (uint64_t)14017522553242747074U,
-    (uint64_t)13138513643674040327U, (uint64_t)3610195242889455765U, (uint64_t)8371069193996567291U,
-    (uint64_t)12670227996544662654U, (uint64_t)1205961025092146303U,
-    (uint64_t)13106709934003962112U, (uint64_t)4350113471327723407U,
-    (uint64_t)15060941403739680459U, (uint64_t)13639127647823205030U,
-    (uint64_t)10790943339357725715U, (uint64_t)498760574280648264U, (uint64_t)17922071907832082887U,
-    (uint64_t)15122670976670152145U, (uint64_t)6275027991110214322U, (uint64_t)7250912847491816402U,
-    (uint64_t)15206617260142982380U, (uint64_t)3385668313694152877U,
-    (uint64_t)17522479771766801905U, (uint64_t)2965919117476170655U, (uint64_t)1553238516603269404U,
-    (uint64_t)5820770015631050991U, (uint64_t)4999445222232605348U, (uint64_t)9245650860833717444U,
-    (uint64_t)1508811811724230728U, (uint64_t)5190684913765614385U, (uint64_t)15692927070934536166U,
-    (uint64_t)12981978499190500902U, (uint64_t)5143491963193394698U, (uint64_t)7705698092144084129U,
-    (uint64_t)581120653055084783U, (uint64_t)13886552864486459714U, (uint64_t)6290301270652587255U,
-    (uint64_t)8663431529954393128U, (uint64_t)17033405846475472443U, (uint64_t)5206780355442651635U,
-    (uint64_t)12580364474736467688U, (uint64_t)17934601912005283310U,
-    (uint64_t)15119491731028933652U, (uint64_t)17848231399859044858U,
-    (uint64_t)4427673319524919329U, (uint64_t)2673607337074368008U, (uint64_t)14034876464294699949U,
-    (uint64_t)10938948975420813697U, (uint64_t)15202340615298669183U,
-    (uint64_t)5496603454069431071U, (uint64_t)2486526142064906845U, (uint64_t)4507882119510526802U,
-    (uint64_t)13888151172411390059U, (uint64_t)15049027856908071726U,
-    (uint64_t)9667231543181973158U, (uint64_t)6406671575277563202U, (uint64_t)3395801050331215139U,
-    (uint64_t)9813607433539108308U, (uint64_t)2681417728820980381U, (uint64_t)18407064643927113994U,
-    (uint64_t)7707177692113485527U, (uint64_t)14218149384635317074U, (uint64_t)3658668346206375919U,
-    (uint64_t)15404713991002362166U, (uint64_t)10152074687696195207U,
-    (uint64_t)10926946599582128139U, (uint64_t)16907298600007085320U,
-    (uint64_t)16544287219664720279U, (uint64_t)11007075933432813205U,
-    (uint64_t)8652245965145713599U, (uint64_t)7857626748965990384U, (uint64_t)5602306604520095870U,
-    (uint64_t)2525139243938658618U, (uint64_t)14405696176872077447U,
-    (uint64_t)18432270482137885332U, (uint64_t)9913880809120071177U,
-    (uint64_t)16896141737831216972U, (uint64_t)7484791498211214829U,
-    (uint64_t)15635259968266497469U, (uint64_t)8495118537612215624U, (uint64_t)4915477980562575356U,
-    (uint64_t)16453519279754924350U, (uint64_t)14462108244565406969U,
-    (uint64_t)14837837755237096687U, (uint64_t)14130171078892575346U,
-    (uint64_t)15423793222528491497U, (uint64_t)5460399262075036084U,
-    (uint64_t)16085440580308415349U, (uint64_t)26873200736954488U, (uint64_t)5603655807457499550U,
-    (uint64_t)3342202915871129617U, (uint64_t)1604413932150236626U, (uint64_t)9684226585089458974U,
-    (uint64_t)1213229904006618539U, (uint64_t)6782978662408837236U, (uint64_t)11197029877749307372U,
-    (uint64_t)14085968786551657744U, (uint64_t)17352273610494009342U,
-    (uint64_t)7876582961192434984U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 1499621593102562565ULL, 16692369783039433128ULL,
+    15337520135922861848ULL, 5455737214495366228ULL, 17827017231032529600ULL,
+    12413621606240782649ULL, 2290483008028286132ULL, 15752017553340844820ULL,
+    4846430910634234874ULL, 10861682798464583253ULL, 15404737222404363049ULL, 363586619281562022ULL,
+    9866710912401645115ULL, 1162548847543228595ULL, 7649967190445130486ULL, 5212340432230915749ULL,
+    7572620550182916491ULL, 14876145112448665096ULL, 2063227348838176167ULL, 3519435548295415847ULL,
+    8390400282019023103ULL, 17666843593163037841ULL, 9450204148816496323ULL, 8483374507652916768ULL,
+    6254661047265818424ULL, 16382127809582285023ULL, 125359443771153172ULL, 1374336701588437897ULL,
+    11362596098420127726ULL, 2101654420738681387ULL, 12772780342444840510ULL,
+    12546934328908550060ULL, 8331880412333790397ULL, 11687262051473819904ULL,
+    8926848496503457587ULL, 9603974142010467857ULL, 13199952163826973175ULL, 2189856264898797734ULL,
+    11356074861870267226ULL, 2027714896422561895ULL, 5261606367808050149ULL, 153855954337762312ULL,
+    6375919692894573986ULL, 12364041207536146533ULL, 1891896010455057160ULL, 1568123795087313171ULL,
+    18138710056556660101ULL, 6004886947510047736ULL, 4811859325589542932ULL, 3618763430148954981ULL,
+    11434521746258554122ULL, 10086341535864049427ULL, 8073421629570399570ULL,
+    12680586148814729338ULL, 9619958020761569612ULL, 15827203580658384478ULL,
+    12832694810937550406ULL, 14977975484447400910ULL, 5478002389061063653ULL,
+    14731136312639060880ULL, 4317867687275472033ULL, 6642650962855259884ULL, 2514254944289495285ULL,
+    14231405641534478436ULL, 4045448346091518946ULL, 8985477013445972471ULL, 8869039454457032149ULL,
+    4356978486208692970ULL, 10805288613335538577ULL, 12832353127812502042ULL,
+    4576590051676547490ULL, 6728053735138655107ULL, 17814206719173206184ULL, 79790138573994940ULL,
+    17920293215101822267ULL, 13422026625585728864ULL, 5018058010492547271ULL, 110232326023384102ULL,
+    10834264070056942976ULL, 15222249086119088588ULL, 15119439519142044997ULL,
+    11655511970063167313ULL, 1614477029450566107ULL, 3619322817271059794ULL, 9352862040415412867ULL,
+    14017522553242747074ULL, 13138513643674040327ULL, 3610195242889455765ULL,
+    8371069193996567291ULL, 12670227996544662654ULL, 1205961025092146303ULL,
+    13106709934003962112ULL, 4350113471327723407ULL, 15060941403739680459ULL,
+    13639127647823205030ULL, 10790943339357725715ULL, 498760574280648264ULL,
+    17922071907832082887ULL, 15122670976670152145ULL, 6275027991110214322ULL,
+    7250912847491816402ULL, 15206617260142982380ULL, 3385668313694152877ULL,
+    17522479771766801905ULL, 2965919117476170655ULL, 1553238516603269404ULL, 5820770015631050991ULL,
+    4999445222232605348ULL, 9245650860833717444ULL, 1508811811724230728ULL, 5190684913765614385ULL,
+    15692927070934536166ULL, 12981978499190500902ULL, 5143491963193394698ULL,
+    7705698092144084129ULL, 581120653055084783ULL, 13886552864486459714ULL, 6290301270652587255ULL,
+    8663431529954393128ULL, 17033405846475472443ULL, 5206780355442651635ULL,
+    12580364474736467688ULL, 17934601912005283310ULL, 15119491731028933652ULL,
+    17848231399859044858ULL, 4427673319524919329ULL, 2673607337074368008ULL,
+    14034876464294699949ULL, 10938948975420813697ULL, 15202340615298669183ULL,
+    5496603454069431071ULL, 2486526142064906845ULL, 4507882119510526802ULL, 13888151172411390059ULL,
+    15049027856908071726ULL, 9667231543181973158ULL, 6406671575277563202ULL, 3395801050331215139ULL,
+    9813607433539108308ULL, 2681417728820980381ULL, 18407064643927113994ULL, 7707177692113485527ULL,
+    14218149384635317074ULL, 3658668346206375919ULL, 15404713991002362166ULL,
+    10152074687696195207ULL, 10926946599582128139ULL, 16907298600007085320ULL,
+    16544287219664720279ULL, 11007075933432813205ULL, 8652245965145713599ULL,
+    7857626748965990384ULL, 5602306604520095870ULL, 2525139243938658618ULL, 14405696176872077447ULL,
+    18432270482137885332ULL, 9913880809120071177ULL, 16896141737831216972ULL,
+    7484791498211214829ULL, 15635259968266497469ULL, 8495118537612215624ULL, 4915477980562575356ULL,
+    16453519279754924350ULL, 14462108244565406969ULL, 14837837755237096687ULL,
+    14130171078892575346ULL, 15423793222528491497ULL, 5460399262075036084ULL,
+    16085440580308415349ULL, 26873200736954488ULL, 5603655807457499550ULL, 3342202915871129617ULL,
+    1604413932150236626ULL, 9684226585089458974ULL, 1213229904006618539ULL, 6782978662408837236ULL,
+    11197029877749307372ULL, 14085968786551657744ULL, 17352273610494009342ULL,
+    7876582961192434984ULL
   };
 
 static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_g_pow2_128_table_w4[192U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)14619254753077084366U,
-    (uint64_t)13913835116514008593U, (uint64_t)15060744674088488145U,
-    (uint64_t)17668414598203068685U, (uint64_t)10761169236902342334U,
-    (uint64_t)15467027479157446221U, (uint64_t)14989185522423469618U,
-    (uint64_t)14354539272510107003U, (uint64_t)14298211796392133693U,
-    (uint64_t)13270323784253711450U, (uint64_t)13380964971965046957U,
-    (uint64_t)8686204248456909699U, (uint64_t)17434630286744937066U, (uint64_t)1355903775279084720U,
-    (uint64_t)7554695053550308662U, (uint64_t)11354971222741863570U, (uint64_t)564601613420749879U,
-    (uint64_t)8466325837259054896U, (uint64_t)10752965181772434263U,
-    (uint64_t)11405876547368426319U, (uint64_t)13791894568738930940U,
-    (uint64_t)8230587134406354675U, (uint64_t)12415514098722758608U,
-    (uint64_t)18414183046995786744U, (uint64_t)15508000368227372870U,
-    (uint64_t)5781062464627999307U, (uint64_t)15339429052219195590U,
-    (uint64_t)16038703753810741903U, (uint64_t)9587718938298980714U, (uint64_t)4822658817952386407U,
-    (uint64_t)1376351024833260660U, (uint64_t)1120174910554766702U, (uint64_t)1730170933262569274U,
-    (uint64_t)5187428548444533500U, (uint64_t)16242053503368957131U, (uint64_t)3036811119519868279U,
-    (uint64_t)1760267587958926638U, (uint64_t)170244572981065185U, (uint64_t)8063080791967388171U,
-    (uint64_t)4824892826607692737U, (uint64_t)16286391083472040552U,
-    (uint64_t)11945158615253358747U, (uint64_t)14096887760410224200U,
-    (uint64_t)1613720831904557039U, (uint64_t)14316966673761197523U,
-    (uint64_t)17411006201485445341U, (uint64_t)8112301506943158801U, (uint64_t)2069889233927989984U,
-    (uint64_t)10082848378277483927U, (uint64_t)3609691194454404430U, (uint64_t)6110437205371933689U,
-    (uint64_t)9769135977342231601U, (uint64_t)11977962151783386478U,
-    (uint64_t)18088718692559983573U, (uint64_t)11741637975753055U, (uint64_t)11110390325701582190U,
-    (uint64_t)1341402251566067019U, (uint64_t)3028229550849726478U, (uint64_t)10438984083997451310U,
-    (uint64_t)12730851885100145709U, (uint64_t)11524169532089894189U,
-    (uint64_t)4523375903229602674U, (uint64_t)2028602258037385622U, (uint64_t)17082839063089388410U,
-    (uint64_t)6103921364634113167U, (uint64_t)17066180888225306102U,
-    (uint64_t)11395680486707876195U, (uint64_t)10952892272443345484U,
-    (uint64_t)8792831960605859401U, (uint64_t)14194485427742325139U,
-    (uint64_t)15146020821144305250U, (uint64_t)1654766014957123343U, (uint64_t)7955526243090948551U,
-    (uint64_t)3989277566080493308U, (uint64_t)12229385116397931231U,
-    (uint64_t)13430548930727025562U, (uint64_t)3434892688179800602U, (uint64_t)8431998794645622027U,
-    (uint64_t)12132530981596299272U, (uint64_t)2289461608863966999U,
-    (uint64_t)18345870950201487179U, (uint64_t)13517947207801901576U,
-    (uint64_t)5213113244172561159U, (uint64_t)17632986594098340879U, (uint64_t)4405251818133148856U,
-    (uint64_t)11783009269435447793U, (uint64_t)9332138983770046035U,
-    (uint64_t)12863411548922539505U, (uint64_t)3717030292816178224U,
-    (uint64_t)10026078446427137374U, (uint64_t)11167295326594317220U,
-    (uint64_t)12425328773141588668U, (uint64_t)5760335125172049352U, (uint64_t)9016843701117277863U,
-    (uint64_t)5657892835694680172U, (uint64_t)11025130589305387464U, (uint64_t)1368484957977406173U,
-    (uint64_t)17361351345281258834U, (uint64_t)1907113641956152700U,
-    (uint64_t)16439233413531427752U, (uint64_t)5893322296986588932U,
-    (uint64_t)14000206906171746627U, (uint64_t)14979266987545792900U,
-    (uint64_t)6926291766898221120U, (uint64_t)7162023296083360752U, (uint64_t)14762747553625382529U,
-    (uint64_t)12610831658612406849U, (uint64_t)10462926899548715515U,
-    (uint64_t)4794017723140405312U, (uint64_t)5234438200490163319U, (uint64_t)8019519110339576320U,
-    (uint64_t)7194604241290530100U, (uint64_t)12626770134810813246U,
-    (uint64_t)10793074474236419890U, (uint64_t)11323224347913978783U,
-    (uint64_t)16831128015895380245U, (uint64_t)18323094195124693378U,
-    (uint64_t)2361097165281567692U, (uint64_t)15755578675014279498U,
-    (uint64_t)14289876470325854580U, (uint64_t)12856787656093616839U,
-    (uint64_t)3578928531243900594U, (uint64_t)3847532758790503699U, (uint64_t)8377953190224748743U,
-    (uint64_t)3314546646092744596U, (uint64_t)800810188859334358U, (uint64_t)4626344124229343596U,
-    (uint64_t)6620381605850876621U, (uint64_t)11422073570955989527U,
-    (uint64_t)12676813626484814469U, (uint64_t)16725029886764122240U,
-    (uint64_t)16648497372773830008U, (uint64_t)9135702594931291048U,
-    (uint64_t)16080949688826680333U, (uint64_t)11528096561346602947U,
-    (uint64_t)2632498067099740984U, (uint64_t)11583842699108800714U, (uint64_t)8378404864573610526U,
-    (uint64_t)1076560261627788534U, (uint64_t)13836015994325032828U,
-    (uint64_t)11234295937817067909U, (uint64_t)5893659808396722708U,
-    (uint64_t)11277421142886984364U, (uint64_t)8968549037166726491U,
-    (uint64_t)14841374331394032822U, (uint64_t)9967344773947889341U, (uint64_t)8799244393578496085U,
-    (uint64_t)5094686877301601410U, (uint64_t)8780316747074726862U, (uint64_t)9119697306829835718U,
-    (uint64_t)15381243327921855368U, (uint64_t)2686250164449435196U,
-    (uint64_t)16466917280442198358U, (uint64_t)13791704489163125216U,
-    (uint64_t)16955859337117924272U, (uint64_t)17112836394923783642U,
-    (uint64_t)4639176427338618063U, (uint64_t)16770029310141094964U,
-    (uint64_t)11049953922966416185U, (uint64_t)12012669590884098968U,
-    (uint64_t)4859326885929417214U, (uint64_t)896380084392586061U, (uint64_t)7153028362977034008U,
-    (uint64_t)10540021163316263301U, (uint64_t)9318277998512936585U,
-    (uint64_t)18344496977694796523U, (uint64_t)11374737400567645494U,
-    (uint64_t)17158800051138212954U, (uint64_t)18343197867863253153U,
-    (uint64_t)18204799297967861226U, (uint64_t)15798973531606348828U,
-    (uint64_t)9870158263408310459U, (uint64_t)17578869832774612627U, (uint64_t)8395748875822696932U,
-    (uint64_t)15310679007370670872U, (uint64_t)11205576736030808860U,
-    (uint64_t)10123429210002838967U, (uint64_t)5910544144088393959U,
-    (uint64_t)14016615653353687369U, (uint64_t)11191676704772957822U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 14619254753077084366ULL, 13913835116514008593ULL,
+    15060744674088488145ULL, 17668414598203068685ULL, 10761169236902342334ULL,
+    15467027479157446221ULL, 14989185522423469618ULL, 14354539272510107003ULL,
+    14298211796392133693ULL, 13270323784253711450ULL, 13380964971965046957ULL,
+    8686204248456909699ULL, 17434630286744937066ULL, 1355903775279084720ULL, 7554695053550308662ULL,
+    11354971222741863570ULL, 564601613420749879ULL, 8466325837259054896ULL, 10752965181772434263ULL,
+    11405876547368426319ULL, 13791894568738930940ULL, 8230587134406354675ULL,
+    12415514098722758608ULL, 18414183046995786744ULL, 15508000368227372870ULL,
+    5781062464627999307ULL, 15339429052219195590ULL, 16038703753810741903ULL,
+    9587718938298980714ULL, 4822658817952386407ULL, 1376351024833260660ULL, 1120174910554766702ULL,
+    1730170933262569274ULL, 5187428548444533500ULL, 16242053503368957131ULL, 3036811119519868279ULL,
+    1760267587958926638ULL, 170244572981065185ULL, 8063080791967388171ULL, 4824892826607692737ULL,
+    16286391083472040552ULL, 11945158615253358747ULL, 14096887760410224200ULL,
+    1613720831904557039ULL, 14316966673761197523ULL, 17411006201485445341ULL,
+    8112301506943158801ULL, 2069889233927989984ULL, 10082848378277483927ULL, 3609691194454404430ULL,
+    6110437205371933689ULL, 9769135977342231601ULL, 11977962151783386478ULL,
+    18088718692559983573ULL, 11741637975753055ULL, 11110390325701582190ULL, 1341402251566067019ULL,
+    3028229550849726478ULL, 10438984083997451310ULL, 12730851885100145709ULL,
+    11524169532089894189ULL, 4523375903229602674ULL, 2028602258037385622ULL,
+    17082839063089388410ULL, 6103921364634113167ULL, 17066180888225306102ULL,
+    11395680486707876195ULL, 10952892272443345484ULL, 8792831960605859401ULL,
+    14194485427742325139ULL, 15146020821144305250ULL, 1654766014957123343ULL,
+    7955526243090948551ULL, 3989277566080493308ULL, 12229385116397931231ULL,
+    13430548930727025562ULL, 3434892688179800602ULL, 8431998794645622027ULL,
+    12132530981596299272ULL, 2289461608863966999ULL, 18345870950201487179ULL,
+    13517947207801901576ULL, 5213113244172561159ULL, 17632986594098340879ULL,
+    4405251818133148856ULL, 11783009269435447793ULL, 9332138983770046035ULL,
+    12863411548922539505ULL, 3717030292816178224ULL, 10026078446427137374ULL,
+    11167295326594317220ULL, 12425328773141588668ULL, 5760335125172049352ULL,
+    9016843701117277863ULL, 5657892835694680172ULL, 11025130589305387464ULL, 1368484957977406173ULL,
+    17361351345281258834ULL, 1907113641956152700ULL, 16439233413531427752ULL,
+    5893322296986588932ULL, 14000206906171746627ULL, 14979266987545792900ULL,
+    6926291766898221120ULL, 7162023296083360752ULL, 14762747553625382529ULL,
+    12610831658612406849ULL, 10462926899548715515ULL, 4794017723140405312ULL,
+    5234438200490163319ULL, 8019519110339576320ULL, 7194604241290530100ULL, 12626770134810813246ULL,
+    10793074474236419890ULL, 11323224347913978783ULL, 16831128015895380245ULL,
+    18323094195124693378ULL, 2361097165281567692ULL, 15755578675014279498ULL,
+    14289876470325854580ULL, 12856787656093616839ULL, 3578928531243900594ULL,
+    3847532758790503699ULL, 8377953190224748743ULL, 3314546646092744596ULL, 800810188859334358ULL,
+    4626344124229343596ULL, 6620381605850876621ULL, 11422073570955989527ULL,
+    12676813626484814469ULL, 16725029886764122240ULL, 16648497372773830008ULL,
+    9135702594931291048ULL, 16080949688826680333ULL, 11528096561346602947ULL,
+    2632498067099740984ULL, 11583842699108800714ULL, 8378404864573610526ULL, 1076560261627788534ULL,
+    13836015994325032828ULL, 11234295937817067909ULL, 5893659808396722708ULL,
+    11277421142886984364ULL, 8968549037166726491ULL, 14841374331394032822ULL,
+    9967344773947889341ULL, 8799244393578496085ULL, 5094686877301601410ULL, 8780316747074726862ULL,
+    9119697306829835718ULL, 15381243327921855368ULL, 2686250164449435196ULL,
+    16466917280442198358ULL, 13791704489163125216ULL, 16955859337117924272ULL,
+    17112836394923783642ULL, 4639176427338618063ULL, 16770029310141094964ULL,
+    11049953922966416185ULL, 12012669590884098968ULL, 4859326885929417214ULL, 896380084392586061ULL,
+    7153028362977034008ULL, 10540021163316263301ULL, 9318277998512936585ULL,
+    18344496977694796523ULL, 11374737400567645494ULL, 17158800051138212954ULL,
+    18343197867863253153ULL, 18204799297967861226ULL, 15798973531606348828ULL,
+    9870158263408310459ULL, 17578869832774612627ULL, 8395748875822696932ULL,
+    15310679007370670872ULL, 11205576736030808860ULL, 10123429210002838967ULL,
+    5910544144088393959ULL, 14016615653353687369ULL, 11191676704772957822ULL
   };
 
 static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_g_pow2_192_table_w4[192U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)7870395003430845958U,
-    (uint64_t)18001862936410067720U, (uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U,
-    (uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U, (uint64_t)7139806720777708306U,
-    (uint64_t)8253938546650739833U, (uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U,
-    (uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U, (uint64_t)8392845221328116213U,
-    (uint64_t)14630296398338540788U, (uint64_t)4268947906723414372U, (uint64_t)9231207002243517909U,
-    (uint64_t)14261219637616504262U, (uint64_t)7786881626982345356U,
-    (uint64_t)11412720751765882139U, (uint64_t)14119585051365330009U,
-    (uint64_t)15281626286521302128U, (uint64_t)6350171933454266732U,
-    (uint64_t)16559468304937127866U, (uint64_t)13200760478271693417U,
-    (uint64_t)6733381546280350776U, (uint64_t)3801404890075189193U, (uint64_t)2741036364686993903U,
-    (uint64_t)3218612940540174008U, (uint64_t)10894914335165419505U,
-    (uint64_t)11862941430149998362U, (uint64_t)4223151729402839584U, (uint64_t)2913215088487087887U,
-    (uint64_t)14562168920104952953U, (uint64_t)2170089393468287453U,
-    (uint64_t)10520900655016579352U, (uint64_t)7040362608949989273U, (uint64_t)8376510559381705307U,
-    (uint64_t)9142237200448131532U, (uint64_t)5696859948123854080U, (uint64_t)925422306716081180U,
-    (uint64_t)11155545953469186421U, (uint64_t)1888208646862572812U,
-    (uint64_t)11151095998248845721U, (uint64_t)15793503271680275267U,
-    (uint64_t)7729877044494854851U, (uint64_t)6235134673193032913U, (uint64_t)7364280682182401564U,
-    (uint64_t)5479679373325519985U, (uint64_t)17966037684582301763U,
-    (uint64_t)14140891609330279185U, (uint64_t)5814744449740463867U, (uint64_t)5652588426712591652U,
-    (uint64_t)774745682988690912U, (uint64_t)13228255573220500373U, (uint64_t)11949122068786859397U,
-    (uint64_t)8021166392900770376U, (uint64_t)7994323710948720063U, (uint64_t)9924618472877849977U,
-    (uint64_t)17618517523141194266U, (uint64_t)2750424097794401714U,
-    (uint64_t)15481749570715253207U, (uint64_t)14646964509921760497U,
-    (uint64_t)1037442848094301355U, (uint64_t)6295995947389299132U, (uint64_t)16915049722317579514U,
-    (uint64_t)10493877400992990313U, (uint64_t)18391008753060553521U, (uint64_t)483942209623707598U,
-    (uint64_t)2017775662838016613U, (uint64_t)5933251998459363553U, (uint64_t)11789135019970707407U,
-    (uint64_t)5484123723153268336U, (uint64_t)13246954648848484954U, (uint64_t)4774374393926023505U,
-    (uint64_t)14863995618704457336U, (uint64_t)13220153167104973625U,
-    (uint64_t)5988445485312390826U, (uint64_t)17580359464028944682U, (uint64_t)7297100131969874771U,
-    (uint64_t)379931507867989375U, (uint64_t)10927113096513421444U, (uint64_t)17688881974428340857U,
-    (uint64_t)4259872578781463333U, (uint64_t)8573076295966784472U, (uint64_t)16389829450727275032U,
-    (uint64_t)1667243868963568259U, (uint64_t)17730726848925960919U,
-    (uint64_t)11408899874569778008U, (uint64_t)3576527582023272268U,
-    (uint64_t)16492920640224231656U, (uint64_t)7906130545972460130U,
-    (uint64_t)13878604278207681266U, (uint64_t)41446695125652041U, (uint64_t)8891615271337333503U,
-    (uint64_t)2594537723613594470U, (uint64_t)7699579176995770924U, (uint64_t)147458463055730655U,
-    (uint64_t)12120406862739088406U, (uint64_t)12044892493010567063U,
-    (uint64_t)8554076749615475136U, (uint64_t)1005097692260929999U, (uint64_t)2687202654471188715U,
-    (uint64_t)9457588752176879209U, (uint64_t)17472884880062444019U, (uint64_t)9792097892056020166U,
-    (uint64_t)2525246678512797150U, (uint64_t)15958903035313115662U,
-    (uint64_t)11336038170342247032U, (uint64_t)11560342382835141123U,
-    (uint64_t)6212009033479929024U, (uint64_t)8214308203775021229U, (uint64_t)8475469210070503698U,
-    (uint64_t)13287024123485719563U, (uint64_t)12956951963817520723U,
-    (uint64_t)10693035819908470465U, (uint64_t)11375478788224786725U,
-    (uint64_t)16934625208487120398U, (uint64_t)10094585729115874495U,
-    (uint64_t)2763884524395905776U, (uint64_t)13535890148969964883U,
-    (uint64_t)13514657411765064358U, (uint64_t)9903074440788027562U,
-    (uint64_t)17324720726421199990U, (uint64_t)2273931039117368789U, (uint64_t)3442641041506157854U,
-    (uint64_t)1119853641236409612U, (uint64_t)12037070344296077989U, (uint64_t)581736433335671746U,
-    (uint64_t)6019150647054369174U, (uint64_t)14864096138068789375U, (uint64_t)6652995210998318662U,
-    (uint64_t)12773883697029175304U, (uint64_t)12751275631451845119U,
-    (uint64_t)11449095003038250478U, (uint64_t)1025805267334366480U, (uint64_t)2764432500300815015U,
-    (uint64_t)18274564429002844381U, (uint64_t)10445634195592600351U,
-    (uint64_t)11814099592837202735U, (uint64_t)5006796893679120289U, (uint64_t)6908397253997261914U,
-    (uint64_t)13266696965302879279U, (uint64_t)7768715053015037430U, (uint64_t)3569923738654785686U,
-    (uint64_t)5844853453464857549U, (uint64_t)1837340805629559110U, (uint64_t)1034657624388283114U,
-    (uint64_t)711244516069456460U, (uint64_t)12519286026957934814U, (uint64_t)2613464944620837619U,
-    (uint64_t)10003023321338286213U, (uint64_t)7291332092642881376U, (uint64_t)9832199564117004897U,
-    (uint64_t)3280736694860799890U, (uint64_t)6416452202849179874U, (uint64_t)7326961381798642069U,
-    (uint64_t)8435688798040635029U, (uint64_t)16630141263910982958U,
-    (uint64_t)17222635514422533318U, (uint64_t)9482787389178881499U, (uint64_t)836561194658263905U,
-    (uint64_t)3405319043337616649U, (uint64_t)2786146577568026518U, (uint64_t)7625483685691626321U,
-    (uint64_t)6728084875304656716U, (uint64_t)1140997959232544268U, (uint64_t)12847384827606303792U,
-    (uint64_t)1719121337754572070U, (uint64_t)12863589482936438532U, (uint64_t)3880712899640530862U,
-    (uint64_t)2748456882813671564U, (uint64_t)4775988900044623019U, (uint64_t)8937847374382191162U,
-    (uint64_t)3767367347172252295U, (uint64_t)13468672401049388646U,
-    (uint64_t)14359032216842397576U, (uint64_t)2002555958685443975U,
-    (uint64_t)16488678606651526810U, (uint64_t)11826135409597474760U,
-    (uint64_t)15296495673182508601U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 7870395003430845958ULL, 18001862936410067720ULL, 8006461232116967215ULL,
+    5921313779532424762ULL, 10702113371959864307ULL, 8070517410642379879ULL, 7139806720777708306ULL,
+    8253938546650739833ULL, 17490482834545705718ULL, 1065249776797037500ULL, 5018258455937968775ULL,
+    14100621120178668337ULL, 8392845221328116213ULL, 14630296398338540788ULL,
+    4268947906723414372ULL, 9231207002243517909ULL, 14261219637616504262ULL, 7786881626982345356ULL,
+    11412720751765882139ULL, 14119585051365330009ULL, 15281626286521302128ULL,
+    6350171933454266732ULL, 16559468304937127866ULL, 13200760478271693417ULL,
+    6733381546280350776ULL, 3801404890075189193ULL, 2741036364686993903ULL, 3218612940540174008ULL,
+    10894914335165419505ULL, 11862941430149998362ULL, 4223151729402839584ULL,
+    2913215088487087887ULL, 14562168920104952953ULL, 2170089393468287453ULL,
+    10520900655016579352ULL, 7040362608949989273ULL, 8376510559381705307ULL, 9142237200448131532ULL,
+    5696859948123854080ULL, 925422306716081180ULL, 11155545953469186421ULL, 1888208646862572812ULL,
+    11151095998248845721ULL, 15793503271680275267ULL, 7729877044494854851ULL,
+    6235134673193032913ULL, 7364280682182401564ULL, 5479679373325519985ULL, 17966037684582301763ULL,
+    14140891609330279185ULL, 5814744449740463867ULL, 5652588426712591652ULL, 774745682988690912ULL,
+    13228255573220500373ULL, 11949122068786859397ULL, 8021166392900770376ULL,
+    7994323710948720063ULL, 9924618472877849977ULL, 17618517523141194266ULL, 2750424097794401714ULL,
+    15481749570715253207ULL, 14646964509921760497ULL, 1037442848094301355ULL,
+    6295995947389299132ULL, 16915049722317579514ULL, 10493877400992990313ULL,
+    18391008753060553521ULL, 483942209623707598ULL, 2017775662838016613ULL, 5933251998459363553ULL,
+    11789135019970707407ULL, 5484123723153268336ULL, 13246954648848484954ULL,
+    4774374393926023505ULL, 14863995618704457336ULL, 13220153167104973625ULL,
+    5988445485312390826ULL, 17580359464028944682ULL, 7297100131969874771ULL, 379931507867989375ULL,
+    10927113096513421444ULL, 17688881974428340857ULL, 4259872578781463333ULL,
+    8573076295966784472ULL, 16389829450727275032ULL, 1667243868963568259ULL,
+    17730726848925960919ULL, 11408899874569778008ULL, 3576527582023272268ULL,
+    16492920640224231656ULL, 7906130545972460130ULL, 13878604278207681266ULL, 41446695125652041ULL,
+    8891615271337333503ULL, 2594537723613594470ULL, 7699579176995770924ULL, 147458463055730655ULL,
+    12120406862739088406ULL, 12044892493010567063ULL, 8554076749615475136ULL,
+    1005097692260929999ULL, 2687202654471188715ULL, 9457588752176879209ULL, 17472884880062444019ULL,
+    9792097892056020166ULL, 2525246678512797150ULL, 15958903035313115662ULL,
+    11336038170342247032ULL, 11560342382835141123ULL, 6212009033479929024ULL,
+    8214308203775021229ULL, 8475469210070503698ULL, 13287024123485719563ULL,
+    12956951963817520723ULL, 10693035819908470465ULL, 11375478788224786725ULL,
+    16934625208487120398ULL, 10094585729115874495ULL, 2763884524395905776ULL,
+    13535890148969964883ULL, 13514657411765064358ULL, 9903074440788027562ULL,
+    17324720726421199990ULL, 2273931039117368789ULL, 3442641041506157854ULL, 1119853641236409612ULL,
+    12037070344296077989ULL, 581736433335671746ULL, 6019150647054369174ULL, 14864096138068789375ULL,
+    6652995210998318662ULL, 12773883697029175304ULL, 12751275631451845119ULL,
+    11449095003038250478ULL, 1025805267334366480ULL, 2764432500300815015ULL,
+    18274564429002844381ULL, 10445634195592600351ULL, 11814099592837202735ULL,
+    5006796893679120289ULL, 6908397253997261914ULL, 13266696965302879279ULL, 7768715053015037430ULL,
+    3569923738654785686ULL, 5844853453464857549ULL, 1837340805629559110ULL, 1034657624388283114ULL,
+    711244516069456460ULL, 12519286026957934814ULL, 2613464944620837619ULL, 10003023321338286213ULL,
+    7291332092642881376ULL, 9832199564117004897ULL, 3280736694860799890ULL, 6416452202849179874ULL,
+    7326961381798642069ULL, 8435688798040635029ULL, 16630141263910982958ULL,
+    17222635514422533318ULL, 9482787389178881499ULL, 836561194658263905ULL, 3405319043337616649ULL,
+    2786146577568026518ULL, 7625483685691626321ULL, 6728084875304656716ULL, 1140997959232544268ULL,
+    12847384827606303792ULL, 1719121337754572070ULL, 12863589482936438532ULL,
+    3880712899640530862ULL, 2748456882813671564ULL, 4775988900044623019ULL, 8937847374382191162ULL,
+    3767367347172252295ULL, 13468672401049388646ULL, 14359032216842397576ULL,
+    2002555958685443975ULL, 16488678606651526810ULL, 11826135409597474760ULL,
+    15296495673182508601ULL
   };
 
 static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_basepoint_table_w5[384U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U,
-    (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U,
-    (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U,
-    (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U,
-    (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U,
-    (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U,
-    (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U,
-    (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U,
-    (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U,
-    (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U,
-    (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U,
-    (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U,
-    (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U,
-    (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U,
-    (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U,
-    (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U,
-    (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U,
-    (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U,
-    (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U,
-    (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U,
-    (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U,
-    (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U,
-    (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U,
-    (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U,
-    (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U,
-    (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U,
-    (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U,
-    (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U,
-    (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U,
-    (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U,
-    (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U,
-    (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U,
-    (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U,
-    (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U,
-    (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U,
-    (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U,
-    (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U,
-    (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U,
-    (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U,
-    (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U,
-    (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U,
-    (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U,
-    (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U,
-    (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U,
-    (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U,
-    (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U,
-    (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U,
-    (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U,
-    (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U,
-    (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U,
-    (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U,
-    (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U,
-    (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U,
-    (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U,
-    (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U,
-    (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U,
-    (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U,
-    (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U,
-    (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U,
-    (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U,
-    (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U,
-    (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U,
-    (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U,
-    (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U,
-    (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U,
-    (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U,
-    (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U,
-    (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U,
-    (uint64_t)13240193491554624643U, (uint64_t)12365034249541329920U,
-    (uint64_t)2924326828590977357U, (uint64_t)5687195797140589099U, (uint64_t)16880427227292834531U,
-    (uint64_t)9691471435758991112U, (uint64_t)16642385273732487288U,
-    (uint64_t)12173806747523009914U, (uint64_t)13142722756877876849U,
-    (uint64_t)8370377548305121979U, (uint64_t)17988526053752025426U, (uint64_t)4818750752684100334U,
-    (uint64_t)5669241919350361655U, (uint64_t)4964810303238518540U, (uint64_t)16709712747671533191U,
-    (uint64_t)4461414404267448242U, (uint64_t)3971798785139504238U, (uint64_t)6276818948740422136U,
-    (uint64_t)1426735892164275762U, (uint64_t)7943622674892418919U, (uint64_t)9864274225563929680U,
-    (uint64_t)57815533745003233U, (uint64_t)10893588105168960233U, (uint64_t)15739162732907069535U,
-    (uint64_t)3923866849462073470U, (uint64_t)12279826158399226875U, (uint64_t)1533015761334846582U,
-    (uint64_t)15860156818568437510U, (uint64_t)8252625373831297988U, (uint64_t)9666953804812706358U,
-    (uint64_t)8767785238646914634U, (uint64_t)14382179044941403551U,
-    (uint64_t)10401039907264254245U, (uint64_t)8584860003763157350U, (uint64_t)3120462679504470266U,
-    (uint64_t)8670255778748340069U, (uint64_t)5313789577940369984U, (uint64_t)16977072364454789224U,
-    (uint64_t)12199578693972188324U, (uint64_t)18211098771672599237U,
-    (uint64_t)12868831556008795030U, (uint64_t)5310155061431048194U,
-    (uint64_t)18114153238435112606U, (uint64_t)14482365809278304512U,
-    (uint64_t)12520721662723001511U, (uint64_t)405943624021143002U, (uint64_t)8146944101507657423U,
-    (uint64_t)181739317780393495U, (uint64_t)81743892273670099U, (uint64_t)14759561962550473930U,
-    (uint64_t)4592623849546992939U, (uint64_t)6916440441743449719U, (uint64_t)1304610503530809833U,
-    (uint64_t)5464930909232486441U, (uint64_t)15414883617496224671U, (uint64_t)8129283345256790U,
-    (uint64_t)18294252198413739489U, (uint64_t)17394115281884857288U,
-    (uint64_t)7808348415224731235U, (uint64_t)13195566655747230608U, (uint64_t)8568194219353949094U,
-    (uint64_t)15329813048672122440U, (uint64_t)9604275495885785744U, (uint64_t)1577712551205219835U,
-    (uint64_t)15964209008022052790U, (uint64_t)15087297920782098160U,
-    (uint64_t)3946031512438511898U, (uint64_t)10050061168984440631U,
-    (uint64_t)11382452014533138316U, (uint64_t)6313670788911952792U,
-    (uint64_t)12015989229696164014U, (uint64_t)5946702628076168852U, (uint64_t)5219995658774362841U,
-    (uint64_t)12230141881068377972U, (uint64_t)12361195202673441956U,
-    (uint64_t)4732862275653856711U, (uint64_t)17221430380805252370U,
-    (uint64_t)15397525953897375810U, (uint64_t)16557437297239563045U,
-    (uint64_t)10101683801868971351U, (uint64_t)1402611372245592868U, (uint64_t)1931806383735563658U,
-    (uint64_t)10991705207471512479U, (uint64_t)861333583207471392U, (uint64_t)15207766844626322355U,
-    (uint64_t)9224628129811432393U, (uint64_t)3497069567089055613U, (uint64_t)11956632757898590316U,
-    (uint64_t)8733729372586312960U, (uint64_t)18091521051714930927U, (uint64_t)77582787724373283U,
-    (uint64_t)9922437373519669237U, (uint64_t)3079321456325704615U, (uint64_t)12171198408512478457U,
-    (uint64_t)17179130884012147596U, (uint64_t)6839115479620367181U, (uint64_t)4421032569964105406U,
-    (uint64_t)10353331468657256053U, (uint64_t)17400988720335968824U,
-    (uint64_t)17138855889417480540U, (uint64_t)4507980080381370611U,
-    (uint64_t)10703175719793781886U, (uint64_t)12598516658725890426U,
-    (uint64_t)8353463412173898932U, (uint64_t)17703029389228422404U, (uint64_t)9313111267107226233U,
-    (uint64_t)5441322942995154196U, (uint64_t)8952817660034465484U, (uint64_t)17571113341183703118U,
-    (uint64_t)7375087953801067019U, (uint64_t)13381466302076453648U, (uint64_t)3218165271423914596U,
-    (uint64_t)16956372157249382685U, (uint64_t)509080090049418841U, (uint64_t)13374233893294084913U,
-    (uint64_t)2988537624204297086U, (uint64_t)4979195832939384620U, (uint64_t)3803931594068976394U,
-    (uint64_t)10731535883829627646U, (uint64_t)12954845047607194278U,
-    (uint64_t)10494298062560667399U, (uint64_t)4967351022190213065U,
-    (uint64_t)13391917938145756456U, (uint64_t)951370484866918160U, (uint64_t)13531334179067685307U,
-    (uint64_t)12868421357919390599U, (uint64_t)15918857042998130258U,
-    (uint64_t)17769743831936974016U, (uint64_t)7137921979260368809U,
-    (uint64_t)12461369180685892062U, (uint64_t)827476514081935199U, (uint64_t)15107282134224767230U,
-    (uint64_t)10084765752802805748U, (uint64_t)3303739059392464407U,
-    (uint64_t)17859532612136591428U, (uint64_t)10949414770405040164U,
-    (uint64_t)12838613589371008785U, (uint64_t)5554397169231540728U,
-    (uint64_t)18375114572169624408U, (uint64_t)15649286703242390139U,
-    (uint64_t)2957281557463706877U, (uint64_t)14000350446219393213U,
-    (uint64_t)14355199721749620351U, (uint64_t)2730856240099299695U,
-    (uint64_t)17528131000714705752U, (uint64_t)2537498525883536360U, (uint64_t)6121058967084509393U,
-    (uint64_t)16897667060435514221U, (uint64_t)12367869599571112440U,
-    (uint64_t)3388831797050807508U, (uint64_t)16791449724090982798U, (uint64_t)2673426123453294928U,
-    (uint64_t)11369313542384405846U, (uint64_t)15641960333586432634U,
-    (uint64_t)15080962589658958379U, (uint64_t)7747943772340226569U, (uint64_t)8075023376199159152U,
-    (uint64_t)8485093027378306528U, (uint64_t)13503706844122243648U, (uint64_t)8401961362938086226U,
-    (uint64_t)8125426002124226402U, (uint64_t)9005399361407785203U, (uint64_t)6847968030066906634U,
-    (uint64_t)11934937736309295197U, (uint64_t)5116750888594772351U, (uint64_t)2817039227179245227U,
-    (uint64_t)17724206901239332980U, (uint64_t)4985702708254058578U, (uint64_t)5786345435756642871U,
-    (uint64_t)17772527414940936938U, (uint64_t)1201320251272957006U,
-    (uint64_t)15787430120324348129U, (uint64_t)6305488781359965661U,
-    (uint64_t)12423900845502858433U, (uint64_t)17485949424202277720U,
-    (uint64_t)2062237315546855852U, (uint64_t)10353639467860902375U, (uint64_t)2315398490451287299U,
-    (uint64_t)15394572894814882621U, (uint64_t)232866113801165640U, (uint64_t)7413443736109338926U,
-    (uint64_t)902719806551551191U, (uint64_t)16568853118619045174U, (uint64_t)14202214862428279177U,
-    (uint64_t)11719595395278861192U, (uint64_t)5890053236389907647U, (uint64_t)9996196494965833627U,
-    (uint64_t)12967056942364782577U, (uint64_t)9034128755157395787U,
-    (uint64_t)17898204904710512655U, (uint64_t)8229373445062993977U,
-    (uint64_t)13580036169519833644U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 8784043285714375740ULL, 8483257759279461889ULL, 8789745728267363600ULL,
+    1770019616739251654ULL, 15992936863339206154ULL, 10037038012062884956ULL,
+    15197544864945402661ULL, 9615747158586711429ULL, 1ULL, 18446744069414584320ULL,
+    18446744073709551615ULL, 4294967294ULL, 10634854829044225757ULL, 351552716085025155ULL,
+    10645315080955407736ULL, 3609262091244858135ULL, 15760741698986874125ULL,
+    14936374388219697827ULL, 15751360096993017895ULL, 18012233706239762398ULL,
+    1993877568177495041ULL, 10345888787846536528ULL, 7746511691117935375ULL,
+    14517043990409914413ULL, 14122549297570634151ULL, 16934610359517083771ULL,
+    5724511325497097418ULL, 8983432969107448705ULL, 2687429970334080245ULL, 16525396802810050288ULL,
+    7602596488871585854ULL, 4813919589149203084ULL, 7680395813780804519ULL, 6687709583048023590ULL,
+    18086445169104142027ULL, 9637814708330203929ULL, 14785108459960679090ULL,
+    3838023279095023581ULL, 3555615526157830307ULL, 5177066488380472871ULL, 18218186719108038403ULL,
+    16281556341699656105ULL, 1524227924561461191ULL, 4148060517641909597ULL, 2858290374115363433ULL,
+    8942772026334130620ULL, 3034451298319885113ULL, 8447866036736640940ULL, 11204933433076256578ULL,
+    18333595740249588297ULL, 8259597024804538246ULL, 9539734295777539786ULL, 9797290423046626413ULL,
+    5777303437849646537ULL, 8739356909899132020ULL, 14815960973766782158ULL,
+    15286581798204509801ULL, 17597362577777019682ULL, 13259283710820519742ULL,
+    10501322996899164670ULL, 1221138904338319642ULL, 14586685489551951885ULL, 895326705426031212ULL,
+    14398171728560617847ULL, 9592550823745097391ULL, 17240998489162206026ULL,
+    8085479283308189196ULL, 14844657737893882826ULL, 15923425394150618234ULL,
+    2997808084773249525ULL, 494323555453660587ULL, 1215695327517794764ULL, 9476207381098391690ULL,
+    7480789678419122995ULL, 15212230329321082489ULL, 436189395349576388ULL, 17377474396456660834ULL,
+    15237013929655017939ULL, 11444428846883781676ULL, 5112749694521428575ULL, 950829367509872073ULL,
+    17665036182057559519ULL, 17205133339690002313ULL, 16233765170251334549ULL,
+    10122775683257972591ULL, 3352514236455632420ULL, 9143148522359954691ULL, 601191684005658860ULL,
+    13398772186646349998ULL, 15512696600132928431ULL, 9128416073728948653ULL,
+    11233051033546138578ULL, 6769345682610122833ULL, 10823233224575054288ULL,
+    9997725227559980175ULL, 6733425642852897415ULL, 16302206918151466066ULL, 1669330822143265921ULL,
+    2661645605036546002ULL, 17182558479745802165ULL, 1165082692376932040ULL, 9470595929011488359ULL,
+    6142147329285324932ULL, 4829075085998111287ULL, 10231370681107338930ULL, 9591876895322495239ULL,
+    10316468561384076618ULL, 11592503647238064235ULL, 13395813606055179632ULL,
+    511127033980815508ULL, 12434976573147649880ULL, 3425094795384359127ULL, 6816971736303023445ULL,
+    15444670609021139344ULL, 9464349818322082360ULL, 16178216413042376883ULL,
+    9595540370774317348ULL, 7229365182662875710ULL, 4601177649460012843ULL, 5455046447382487090ULL,
+    10854066421606187521ULL, 15913416821879788071ULL, 2297365362023460173ULL,
+    2603252216454941350ULL, 6768791943870490934ULL, 15705936687122754810ULL, 9537096567546600694ULL,
+    17580538144855035062ULL, 4496542856965746638ULL, 8444341625922124942ULL,
+    12191263903636183168ULL, 17427332907535974165ULL, 14307569739254103736ULL,
+    13900598742063266169ULL, 7176996424355977650ULL, 5709008170379717479ULL,
+    14471312052264549092ULL, 1464519909491759867ULL, 3328154641049602121ULL,
+    13020349337171136774ULL, 2772166279972051938ULL, 10854476939425975292ULL,
+    1967189930534630940ULL, 2802919076529341959ULL, 14792226094833519208ULL,
+    14675640928566522177ULL, 14838974364643800837ULL, 17631460696099549980ULL,
+    17434186275364935469ULL, 2665648200587705473ULL, 13202122464492564051ULL,
+    7576287350918073341ULL, 2272206013910186424ULL, 14558761641743937843ULL, 5675729149929979729ULL,
+    9043135187561613166ULL, 11750149293830589225ULL, 740555197954307911ULL, 9871738005087190699ULL,
+    17178667634283502053ULL, 18046255991533013265ULL, 4458222096988430430ULL,
+    8452427758526311627ULL, 13825286929656615266ULL, 13956286357198391218ULL,
+    15875692916799995079ULL, 10634895319157013920ULL, 13230116118036304207ULL,
+    8795317393614625606ULL, 7001710806858862020ULL, 7949746088586183478ULL, 14677556044923602317ULL,
+    11184023437485843904ULL, 11215864722023085094ULL, 6444464081471519014ULL,
+    1706241174022415217ULL, 8243975633057550613ULL, 15502902453836085864ULL, 3799182188594003953ULL,
+    3538840175098724094ULL, 13240193491554624643ULL, 12365034249541329920ULL,
+    2924326828590977357ULL, 5687195797140589099ULL, 16880427227292834531ULL, 9691471435758991112ULL,
+    16642385273732487288ULL, 12173806747523009914ULL, 13142722756877876849ULL,
+    8370377548305121979ULL, 17988526053752025426ULL, 4818750752684100334ULL, 5669241919350361655ULL,
+    4964810303238518540ULL, 16709712747671533191ULL, 4461414404267448242ULL, 3971798785139504238ULL,
+    6276818948740422136ULL, 1426735892164275762ULL, 7943622674892418919ULL, 9864274225563929680ULL,
+    57815533745003233ULL, 10893588105168960233ULL, 15739162732907069535ULL, 3923866849462073470ULL,
+    12279826158399226875ULL, 1533015761334846582ULL, 15860156818568437510ULL,
+    8252625373831297988ULL, 9666953804812706358ULL, 8767785238646914634ULL, 14382179044941403551ULL,
+    10401039907264254245ULL, 8584860003763157350ULL, 3120462679504470266ULL, 8670255778748340069ULL,
+    5313789577940369984ULL, 16977072364454789224ULL, 12199578693972188324ULL,
+    18211098771672599237ULL, 12868831556008795030ULL, 5310155061431048194ULL,
+    18114153238435112606ULL, 14482365809278304512ULL, 12520721662723001511ULL,
+    405943624021143002ULL, 8146944101507657423ULL, 181739317780393495ULL, 81743892273670099ULL,
+    14759561962550473930ULL, 4592623849546992939ULL, 6916440441743449719ULL, 1304610503530809833ULL,
+    5464930909232486441ULL, 15414883617496224671ULL, 8129283345256790ULL, 18294252198413739489ULL,
+    17394115281884857288ULL, 7808348415224731235ULL, 13195566655747230608ULL,
+    8568194219353949094ULL, 15329813048672122440ULL, 9604275495885785744ULL, 1577712551205219835ULL,
+    15964209008022052790ULL, 15087297920782098160ULL, 3946031512438511898ULL,
+    10050061168984440631ULL, 11382452014533138316ULL, 6313670788911952792ULL,
+    12015989229696164014ULL, 5946702628076168852ULL, 5219995658774362841ULL,
+    12230141881068377972ULL, 12361195202673441956ULL, 4732862275653856711ULL,
+    17221430380805252370ULL, 15397525953897375810ULL, 16557437297239563045ULL,
+    10101683801868971351ULL, 1402611372245592868ULL, 1931806383735563658ULL,
+    10991705207471512479ULL, 861333583207471392ULL, 15207766844626322355ULL, 9224628129811432393ULL,
+    3497069567089055613ULL, 11956632757898590316ULL, 8733729372586312960ULL,
+    18091521051714930927ULL, 77582787724373283ULL, 9922437373519669237ULL, 3079321456325704615ULL,
+    12171198408512478457ULL, 17179130884012147596ULL, 6839115479620367181ULL,
+    4421032569964105406ULL, 10353331468657256053ULL, 17400988720335968824ULL,
+    17138855889417480540ULL, 4507980080381370611ULL, 10703175719793781886ULL,
+    12598516658725890426ULL, 8353463412173898932ULL, 17703029389228422404ULL,
+    9313111267107226233ULL, 5441322942995154196ULL, 8952817660034465484ULL, 17571113341183703118ULL,
+    7375087953801067019ULL, 13381466302076453648ULL, 3218165271423914596ULL,
+    16956372157249382685ULL, 509080090049418841ULL, 13374233893294084913ULL, 2988537624204297086ULL,
+    4979195832939384620ULL, 3803931594068976394ULL, 10731535883829627646ULL,
+    12954845047607194278ULL, 10494298062560667399ULL, 4967351022190213065ULL,
+    13391917938145756456ULL, 951370484866918160ULL, 13531334179067685307ULL,
+    12868421357919390599ULL, 15918857042998130258ULL, 17769743831936974016ULL,
+    7137921979260368809ULL, 12461369180685892062ULL, 827476514081935199ULL, 15107282134224767230ULL,
+    10084765752802805748ULL, 3303739059392464407ULL, 17859532612136591428ULL,
+    10949414770405040164ULL, 12838613589371008785ULL, 5554397169231540728ULL,
+    18375114572169624408ULL, 15649286703242390139ULL, 2957281557463706877ULL,
+    14000350446219393213ULL, 14355199721749620351ULL, 2730856240099299695ULL,
+    17528131000714705752ULL, 2537498525883536360ULL, 6121058967084509393ULL,
+    16897667060435514221ULL, 12367869599571112440ULL, 3388831797050807508ULL,
+    16791449724090982798ULL, 2673426123453294928ULL, 11369313542384405846ULL,
+    15641960333586432634ULL, 15080962589658958379ULL, 7747943772340226569ULL,
+    8075023376199159152ULL, 8485093027378306528ULL, 13503706844122243648ULL, 8401961362938086226ULL,
+    8125426002124226402ULL, 9005399361407785203ULL, 6847968030066906634ULL, 11934937736309295197ULL,
+    5116750888594772351ULL, 2817039227179245227ULL, 17724206901239332980ULL, 4985702708254058578ULL,
+    5786345435756642871ULL, 17772527414940936938ULL, 1201320251272957006ULL,
+    15787430120324348129ULL, 6305488781359965661ULL, 12423900845502858433ULL,
+    17485949424202277720ULL, 2062237315546855852ULL, 10353639467860902375ULL,
+    2315398490451287299ULL, 15394572894814882621ULL, 232866113801165640ULL, 7413443736109338926ULL,
+    902719806551551191ULL, 16568853118619045174ULL, 14202214862428279177ULL,
+    11719595395278861192ULL, 5890053236389907647ULL, 9996196494965833627ULL,
+    12967056942364782577ULL, 9034128755157395787ULL, 17898204904710512655ULL,
+    8229373445062993977ULL, 13580036169519833644ULL
   };
 
 #if defined(__cplusplus)
diff --git a/include/internal/Hacl_SHA2_Types.h b/include/internal/Hacl_SHA2_Types.h
index 1e51a0f1..5a1eb668 100644
--- a/include/internal/Hacl_SHA2_Types.h
+++ b/include/internal/Hacl_SHA2_Types.h
@@ -35,68 +35,68 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_2p_s
+typedef struct Hacl_Hash_SHA2_uint8_2p_s
 {
   uint8_t *fst;
   uint8_t *snd;
 }
-Hacl_Impl_SHA2_Types_uint8_2p;
+Hacl_Hash_SHA2_uint8_2p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_3p_s
+typedef struct Hacl_Hash_SHA2_uint8_3p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_2p snd;
+  Hacl_Hash_SHA2_uint8_2p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_3p;
+Hacl_Hash_SHA2_uint8_3p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_4p_s
+typedef struct Hacl_Hash_SHA2_uint8_4p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_3p snd;
+  Hacl_Hash_SHA2_uint8_3p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_4p;
+Hacl_Hash_SHA2_uint8_4p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_5p_s
+typedef struct Hacl_Hash_SHA2_uint8_5p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_4p snd;
+  Hacl_Hash_SHA2_uint8_4p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_5p;
+Hacl_Hash_SHA2_uint8_5p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_6p_s
+typedef struct Hacl_Hash_SHA2_uint8_6p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_5p snd;
+  Hacl_Hash_SHA2_uint8_5p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_6p;
+Hacl_Hash_SHA2_uint8_6p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_7p_s
+typedef struct Hacl_Hash_SHA2_uint8_7p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_6p snd;
+  Hacl_Hash_SHA2_uint8_6p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_7p;
+Hacl_Hash_SHA2_uint8_7p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_8p_s
+typedef struct Hacl_Hash_SHA2_uint8_8p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_7p snd;
+  Hacl_Hash_SHA2_uint8_7p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_8p;
+Hacl_Hash_SHA2_uint8_8p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_2x4p_s
+typedef struct Hacl_Hash_SHA2_uint8_2x4p_s
 {
-  Hacl_Impl_SHA2_Types_uint8_4p fst;
-  Hacl_Impl_SHA2_Types_uint8_4p snd;
+  Hacl_Hash_SHA2_uint8_4p fst;
+  Hacl_Hash_SHA2_uint8_4p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_2x4p;
+Hacl_Hash_SHA2_uint8_2x4p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_2x8p_s
+typedef struct Hacl_Hash_SHA2_uint8_2x8p_s
 {
-  Hacl_Impl_SHA2_Types_uint8_8p fst;
-  Hacl_Impl_SHA2_Types_uint8_8p snd;
+  Hacl_Hash_SHA2_uint8_8p fst;
+  Hacl_Hash_SHA2_uint8_8p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_2x8p;
+Hacl_Hash_SHA2_uint8_2x8p;
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/EverCrypt_Chacha20Poly1305.h b/include/msvc/EverCrypt_Chacha20Poly1305.h
index c3eb2655..bd59e48b 100644
--- a/include/msvc/EverCrypt_Chacha20Poly1305.h
+++ b/include/msvc/EverCrypt_Chacha20Poly1305.h
@@ -35,9 +35,9 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Hacl_Chacha20Poly1305_32.h"
-#include "Hacl_Chacha20Poly1305_256.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 #include "EverCrypt_AutoConfig2.h"
 
 void
diff --git a/include/msvc/EverCrypt_HMAC.h b/include/msvc/EverCrypt_HMAC.h
index 6c64a37f..7d1da14d 100644
--- a/include/msvc/EverCrypt_HMAC.h
+++ b/include/msvc/EverCrypt_HMAC.h
@@ -38,13 +38,14 @@ extern "C" {
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_Krmllib.h"
 #include "Hacl_Hash_SHA2.h"
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2s.h"
+#include "Hacl_Hash_Blake2b.h"
 
 bool EverCrypt_HMAC_is_supported_alg(Spec_Hash_Definitions_hash_alg uu___);
 
 typedef Spec_Hash_Definitions_hash_alg EverCrypt_HMAC_supported_alg;
 
-extern void (*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint32_t x1, uint8_t *x2);
+extern void (*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint8_t *x1, uint32_t x2);
 
 void
 EverCrypt_HMAC_compute(
diff --git a/include/msvc/EverCrypt_Hash.h b/include/msvc/EverCrypt_Hash.h
index 6791dc27..b35dcf5f 100644
--- a/include/msvc/EverCrypt_Hash.h
+++ b/include/msvc/EverCrypt_Hash.h
@@ -39,9 +39,10 @@ extern "C" {
 #include "Hacl_Krmllib.h"
 #include "Hacl_Hash_SHA3.h"
 #include "Hacl_Hash_SHA2.h"
-#include "Hacl_Hash_Blake2s_128.h"
-#include "Hacl_Hash_Blake2b_256.h"
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2s_Simd128.h"
+#include "Hacl_Hash_Blake2s.h"
+#include "Hacl_Hash_Blake2b_Simd256.h"
+#include "Hacl_Hash_Blake2b.h"
 #include "EverCrypt_Error.h"
 #include "EverCrypt_AutoConfig2.h"
 
@@ -49,13 +50,13 @@ typedef struct EverCrypt_Hash_state_s_s EverCrypt_Hash_state_s;
 
 uint32_t EverCrypt_Hash_Incremental_hash_len(Spec_Hash_Definitions_hash_alg a);
 
-typedef struct EverCrypt_Hash_Incremental_hash_state_s
+typedef struct EverCrypt_Hash_Incremental_state_t_s
 {
   EverCrypt_Hash_state_s *block_state;
   uint8_t *buf;
   uint64_t total_len;
 }
-EverCrypt_Hash_Incremental_hash_state;
+EverCrypt_Hash_Incremental_state_t;
 
 /**
 Allocate initial state for the agile hash. The argument `a` stands for the
@@ -63,13 +64,13 @@ choice of algorithm (see Hacl_Spec.h). This API will automatically pick the most
 efficient implementation, provided you have called EverCrypt_AutoConfig2_init()
 before. The state is to be freed by calling `free`.
 */
-EverCrypt_Hash_Incremental_hash_state
-*EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_hash_alg a);
+EverCrypt_Hash_Incremental_state_t
+*EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_hash_alg a);
 
 /**
 Reset an existing state to the initial hash state with empty data.
 */
-void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s);
+void EverCrypt_Hash_Incremental_reset(EverCrypt_Hash_Incremental_state_t *state);
 
 /**
 Feed an arbitrary amount of data into the hash. This function returns
@@ -80,34 +81,35 @@ algorithm. Both limits are unlikely to be attained in practice.
 */
 EverCrypt_Error_error_code
 EverCrypt_Hash_Incremental_update(
-  EverCrypt_Hash_Incremental_hash_state *s,
-  uint8_t *data,
-  uint32_t len
+  EverCrypt_Hash_Incremental_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
 );
 
 /**
 Perform a run-time test to determine which algorithm was chosen for the given piece of state.
 */
 Spec_Hash_Definitions_hash_alg
-EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s);
+EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_state_t *s);
 
 /**
-Write the resulting hash into `dst`, an array whose length is
+Write the resulting hash into `output`, an array whose length is
 algorithm-specific. You can use the macros defined earlier in this file to
 allocate a destination buffer of the right length. The state remains valid after
-a call to `finish`, meaning the user may feed more data into the hash via
+a call to `digest`, meaning the user may feed more data into the hash via
 `update`. (The finish function operates on an internal copy of the state and
 therefore does not invalidate the client-held state.)
 */
-void EverCrypt_Hash_Incremental_finish(EverCrypt_Hash_Incremental_hash_state *s, uint8_t *dst);
+void
+EverCrypt_Hash_Incremental_digest(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output);
 
 /**
 Free a state previously allocated with `create_in`.
 */
-void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_hash_state *s);
+void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_state_t *state);
 
 /**
-Hash `input`, of len `len`, into `dst`, an array whose length is determined by
+Hash `input`, of len `input_len`, into `output`, an array whose length is determined by
 your choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined
 earlier in this file to allocate a destination buffer of the right length. This
 API will automatically pick the most efficient implementation, provided you have
@@ -116,34 +118,34 @@ called EverCrypt_AutoConfig2_init() before.
 void
 EverCrypt_Hash_Incremental_hash(
   Spec_Hash_Definitions_hash_alg a,
-  uint8_t *dst,
+  uint8_t *output,
   uint8_t *input,
-  uint32_t len
+  uint32_t input_len
 );
 
-#define MD5_HASH_LEN ((uint32_t)16U)
+#define MD5_HASH_LEN (16U)
 
-#define SHA1_HASH_LEN ((uint32_t)20U)
+#define SHA1_HASH_LEN (20U)
 
-#define SHA2_224_HASH_LEN ((uint32_t)28U)
+#define SHA2_224_HASH_LEN (28U)
 
-#define SHA2_256_HASH_LEN ((uint32_t)32U)
+#define SHA2_256_HASH_LEN (32U)
 
-#define SHA2_384_HASH_LEN ((uint32_t)48U)
+#define SHA2_384_HASH_LEN (48U)
 
-#define SHA2_512_HASH_LEN ((uint32_t)64U)
+#define SHA2_512_HASH_LEN (64U)
 
-#define SHA3_224_HASH_LEN ((uint32_t)28U)
+#define SHA3_224_HASH_LEN (28U)
 
-#define SHA3_256_HASH_LEN ((uint32_t)32U)
+#define SHA3_256_HASH_LEN (32U)
 
-#define SHA3_384_HASH_LEN ((uint32_t)48U)
+#define SHA3_384_HASH_LEN (48U)
 
-#define SHA3_512_HASH_LEN ((uint32_t)64U)
+#define SHA3_512_HASH_LEN (64U)
 
-#define BLAKE2S_HASH_LEN ((uint32_t)32U)
+#define BLAKE2S_HASH_LEN (32U)
 
-#define BLAKE2B_HASH_LEN ((uint32_t)64U)
+#define BLAKE2B_HASH_LEN (64U)
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/EverCrypt_Poly1305.h b/include/msvc/EverCrypt_Poly1305.h
index 62c00764..fba04059 100644
--- a/include/msvc/EverCrypt_Poly1305.h
+++ b/include/msvc/EverCrypt_Poly1305.h
@@ -35,12 +35,12 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Hacl_Poly1305_32.h"
-#include "Hacl_Poly1305_256.h"
-#include "Hacl_Poly1305_128.h"
+#include "Hacl_MAC_Poly1305_Simd256.h"
+#include "Hacl_MAC_Poly1305_Simd128.h"
+#include "Hacl_MAC_Poly1305.h"
 #include "EverCrypt_AutoConfig2.h"
 
-void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key);
+void EverCrypt_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key);
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/Hacl_AEAD_Chacha20Poly1305.h b/include/msvc/Hacl_AEAD_Chacha20Poly1305.h
new file mode 100644
index 00000000..2a8daa75
--- /dev/null
+++ b/include/msvc/Hacl_AEAD_Chacha20Poly1305.h
@@ -0,0 +1,104 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_AEAD_Chacha20Poly1305_H
+#define __Hacl_AEAD_Chacha20Poly1305_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Chacha20.h"
+
+/**
+Encrypt a message `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+*/
+void
+Hacl_AEAD_Chacha20Poly1305_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
+);
+
+/**
+Decrypt a ciphertext `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `output` and `input` can point to the same memory.
+
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
+
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
+
+@returns 0 on succeess; 1 on failure.
+*/
+uint32_t
+Hacl_AEAD_Chacha20Poly1305_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_AEAD_Chacha20Poly1305_H_DEFINED
+#endif
diff --git a/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.h b/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.h
new file mode 100644
index 00000000..de26c907
--- /dev/null
+++ b/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.h
@@ -0,0 +1,104 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_AEAD_Chacha20Poly1305_Simd128_H
+#define __Hacl_AEAD_Chacha20Poly1305_Simd128_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Chacha20_Vec128.h"
+
+/**
+Encrypt a message `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+*/
+void
+Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
+);
+
+/**
+Decrypt a ciphertext `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
+
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
+
+@returns 0 on succeess; 1 on failure.
+*/
+uint32_t
+Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_AEAD_Chacha20Poly1305_Simd128_H_DEFINED
+#endif
diff --git a/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.h b/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.h
new file mode 100644
index 00000000..0abcdc59
--- /dev/null
+++ b/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.h
@@ -0,0 +1,104 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_AEAD_Chacha20Poly1305_Simd256_H
+#define __Hacl_AEAD_Chacha20Poly1305_Simd256_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Chacha20_Vec256.h"
+
+/**
+Encrypt a message `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+*/
+void
+Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
+);
+
+/**
+Decrypt a ciphertext `input` with key `key`.
+
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
+
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
+
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
+
+@returns 0 on succeess; 1 on failure.
+*/
+uint32_t
+Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_AEAD_Chacha20Poly1305_Simd256_H_DEFINED
+#endif
diff --git a/include/msvc/Hacl_Chacha20Poly1305_128.h b/include/msvc/Hacl_Chacha20Poly1305_128.h
deleted file mode 100644
index 630fab93..00000000
--- a/include/msvc/Hacl_Chacha20Poly1305_128.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Chacha20Poly1305_128_H
-#define __Hacl_Chacha20Poly1305_128_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Poly1305_128.h"
-#include "Hacl_Chacha20_Vec128.h"
-
-/**
-Encrypt a message `m` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
-*/
-void
-Hacl_Chacha20Poly1305_128_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-/**
-Decrypt a ciphertext `cipher` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
-
-@returns 0 on succeess; 1 on failure.
-*/
-uint32_t
-Hacl_Chacha20Poly1305_128_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Chacha20Poly1305_128_H_DEFINED
-#endif
diff --git a/include/msvc/Hacl_Chacha20Poly1305_256.h b/include/msvc/Hacl_Chacha20Poly1305_256.h
deleted file mode 100644
index ff0f2e60..00000000
--- a/include/msvc/Hacl_Chacha20Poly1305_256.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Chacha20Poly1305_256_H
-#define __Hacl_Chacha20Poly1305_256_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Poly1305_256.h"
-#include "Hacl_Chacha20_Vec256.h"
-
-/**
-Encrypt a message `m` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
-*/
-void
-Hacl_Chacha20Poly1305_256_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-/**
-Decrypt a ciphertext `cipher` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
-
-@returns 0 on succeess; 1 on failure.
-*/
-uint32_t
-Hacl_Chacha20Poly1305_256_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Chacha20Poly1305_256_H_DEFINED
-#endif
diff --git a/include/msvc/Hacl_Chacha20Poly1305_32.h b/include/msvc/Hacl_Chacha20Poly1305_32.h
deleted file mode 100644
index 624e29fb..00000000
--- a/include/msvc/Hacl_Chacha20Poly1305_32.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Chacha20Poly1305_32_H
-#define __Hacl_Chacha20Poly1305_32_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Poly1305_32.h"
-#include "Hacl_Chacha20.h"
-
-/**
-Encrypt a message `m` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
-*/
-void
-Hacl_Chacha20Poly1305_32_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-/**
-Decrypt a ciphertext `cipher` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
-
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
-
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
-
-@returns 0 on succeess; 1 on failure.
-*/
-uint32_t
-Hacl_Chacha20Poly1305_32_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
-);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Chacha20Poly1305_32_H_DEFINED
-#endif
diff --git a/include/msvc/Hacl_HMAC.h b/include/msvc/Hacl_HMAC.h
index 84dbedf5..e1dc04f2 100644
--- a/include/msvc/Hacl_HMAC.h
+++ b/include/msvc/Hacl_HMAC.h
@@ -37,7 +37,8 @@ extern "C" {
 
 #include "Hacl_Krmllib.h"
 #include "Hacl_Hash_SHA2.h"
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2s.h"
+#include "Hacl_Hash_Blake2b.h"
 
 /**
 Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.
@@ -46,7 +47,7 @@ The key can be any length and will be hashed if it is longer and padded if it is
 `dst` must point to 20 bytes of memory.
 */
 void
-Hacl_HMAC_legacy_compute_sha1(
+Hacl_HMAC_compute_sha1(
   uint8_t *dst,
   uint8_t *key,
   uint32_t key_len,
diff --git a/include/msvc/Hacl_HMAC_Blake2b_256.h b/include/msvc/Hacl_HMAC_Blake2b_256.h
index e94ba05f..d8f3e9e1 100644
--- a/include/msvc/Hacl_HMAC_Blake2b_256.h
+++ b/include/msvc/Hacl_HMAC_Blake2b_256.h
@@ -36,7 +36,7 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Krmllib.h"
-#include "Hacl_Hash_Blake2b_256.h"
+#include "Hacl_Hash_Blake2b_Simd256.h"
 
 /**
 Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.
diff --git a/include/msvc/Hacl_HMAC_Blake2s_128.h b/include/msvc/Hacl_HMAC_Blake2s_128.h
index 7f20343e..5ff79038 100644
--- a/include/msvc/Hacl_HMAC_Blake2s_128.h
+++ b/include/msvc/Hacl_HMAC_Blake2s_128.h
@@ -35,7 +35,7 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Hacl_Hash_Blake2s_128.h"
+#include "Hacl_Hash_Blake2s_Simd128.h"
 
 /**
 Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.
diff --git a/include/msvc/Hacl_HPKE_Curve51_CP128_SHA256.h b/include/msvc/Hacl_HPKE_Curve51_CP128_SHA256.h
index a768df6b..a46db470 100644
--- a/include/msvc/Hacl_HPKE_Curve51_CP128_SHA256.h
+++ b/include/msvc/Hacl_HPKE_Curve51_CP128_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP128_SHA256_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve51_CP128_SHA512.h b/include/msvc/Hacl_HPKE_Curve51_CP128_SHA512.h
index a4388707..89091754 100644
--- a/include/msvc/Hacl_HPKE_Curve51_CP128_SHA512.h
+++ b/include/msvc/Hacl_HPKE_Curve51_CP128_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP128_SHA512_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve51_CP256_SHA256.h b/include/msvc/Hacl_HPKE_Curve51_CP256_SHA256.h
index 37b26f6a..83ba2adb 100644
--- a/include/msvc/Hacl_HPKE_Curve51_CP256_SHA256.h
+++ b/include/msvc/Hacl_HPKE_Curve51_CP256_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP256_SHA256_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve51_CP256_SHA512.h b/include/msvc/Hacl_HPKE_Curve51_CP256_SHA512.h
index f7240a95..1a796ab7 100644
--- a/include/msvc/Hacl_HPKE_Curve51_CP256_SHA512.h
+++ b/include/msvc/Hacl_HPKE_Curve51_CP256_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP256_SHA512_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve51_CP32_SHA256.h b/include/msvc/Hacl_HPKE_Curve51_CP32_SHA256.h
index e48242e6..d249ba05 100644
--- a/include/msvc/Hacl_HPKE_Curve51_CP32_SHA256.h
+++ b/include/msvc/Hacl_HPKE_Curve51_CP32_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP32_SHA256_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve51_CP32_SHA512.h b/include/msvc/Hacl_HPKE_Curve51_CP32_SHA512.h
index 057f8769..ddc00da3 100644
--- a/include/msvc/Hacl_HPKE_Curve51_CP32_SHA512.h
+++ b/include/msvc/Hacl_HPKE_Curve51_CP32_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_51.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_Curve51_CP32_SHA512_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve64_CP128_SHA256.h b/include/msvc/Hacl_HPKE_Curve64_CP128_SHA256.h
index 1694a123..fda63e52 100644
--- a/include/msvc/Hacl_HPKE_Curve64_CP128_SHA256.h
+++ b/include/msvc/Hacl_HPKE_Curve64_CP128_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP128_SHA256_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve64_CP128_SHA512.h b/include/msvc/Hacl_HPKE_Curve64_CP128_SHA512.h
index 23f52f25..c8b06ca8 100644
--- a/include/msvc/Hacl_HPKE_Curve64_CP128_SHA512.h
+++ b/include/msvc/Hacl_HPKE_Curve64_CP128_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP128_SHA512_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve64_CP256_SHA256.h b/include/msvc/Hacl_HPKE_Curve64_CP256_SHA256.h
index 33d471bc..2da8dbcf 100644
--- a/include/msvc/Hacl_HPKE_Curve64_CP256_SHA256.h
+++ b/include/msvc/Hacl_HPKE_Curve64_CP256_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP256_SHA256_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve64_CP256_SHA512.h b/include/msvc/Hacl_HPKE_Curve64_CP256_SHA512.h
index d59c1ee4..87d919e1 100644
--- a/include/msvc/Hacl_HPKE_Curve64_CP256_SHA512.h
+++ b/include/msvc/Hacl_HPKE_Curve64_CP256_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP256_SHA512_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve64_CP32_SHA256.h b/include/msvc/Hacl_HPKE_Curve64_CP32_SHA256.h
index 5aaa07e1..bd4b9b59 100644
--- a/include/msvc/Hacl_HPKE_Curve64_CP32_SHA256.h
+++ b/include/msvc/Hacl_HPKE_Curve64_CP32_SHA256.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP32_SHA256_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_Curve64_CP32_SHA512.h b/include/msvc/Hacl_HPKE_Curve64_CP32_SHA512.h
index 594000f2..0d2bb8f0 100644
--- a/include/msvc/Hacl_HPKE_Curve64_CP32_SHA512.h
+++ b/include/msvc/Hacl_HPKE_Curve64_CP32_SHA512.h
@@ -38,7 +38,7 @@ extern "C" {
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
 #include "Hacl_Curve25519_64.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_Curve64_CP32_SHA512_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_P256_CP128_SHA256.h b/include/msvc/Hacl_HPKE_P256_CP128_SHA256.h
index 613fef83..c76a100d 100644
--- a/include/msvc/Hacl_HPKE_P256_CP128_SHA256.h
+++ b/include/msvc/Hacl_HPKE_P256_CP128_SHA256.h
@@ -37,7 +37,7 @@ extern "C" {
 
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
 uint32_t
 Hacl_HPKE_P256_CP128_SHA256_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_P256_CP256_SHA256.h b/include/msvc/Hacl_HPKE_P256_CP256_SHA256.h
index 6e74b1db..4a33eb8a 100644
--- a/include/msvc/Hacl_HPKE_P256_CP256_SHA256.h
+++ b/include/msvc/Hacl_HPKE_P256_CP256_SHA256.h
@@ -37,7 +37,7 @@ extern "C" {
 
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
 uint32_t
 Hacl_HPKE_P256_CP256_SHA256_setupBaseS(
diff --git a/include/msvc/Hacl_HPKE_P256_CP32_SHA256.h b/include/msvc/Hacl_HPKE_P256_CP32_SHA256.h
index 1f8679d4..2818abed 100644
--- a/include/msvc/Hacl_HPKE_P256_CP32_SHA256.h
+++ b/include/msvc/Hacl_HPKE_P256_CP32_SHA256.h
@@ -37,7 +37,7 @@ extern "C" {
 
 #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h"
 #include "Hacl_HKDF.h"
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
 uint32_t
 Hacl_HPKE_P256_CP32_SHA256_setupBaseS(
diff --git a/include/msvc/Hacl_Hash_Blake2.h b/include/msvc/Hacl_Hash_Blake2.h
deleted file mode 100644
index 3ee29015..00000000
--- a/include/msvc/Hacl_Hash_Blake2.h
+++ /dev/null
@@ -1,155 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Hash_Blake2_H
-#define __Hacl_Hash_Blake2_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Krmllib.h"
-
-void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn);
-
-void
-Hacl_Blake2b_32_blake2b_update_key(
-  uint64_t *wv,
-  uint64_t *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-);
-
-void
-Hacl_Blake2b_32_blake2b_update_multi(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks,
-  uint32_t nb
-);
-
-void
-Hacl_Blake2b_32_blake2b_update_last(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint32_t rem,
-  uint8_t *d
-);
-
-void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash);
-
-/**
-Write the BLAKE2b digest of message `d` using key `k` into `output`.
-
-@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2b_32_blake2b(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-);
-
-uint64_t *Hacl_Blake2b_32_blake2b_malloc(void);
-
-void Hacl_Blake2s_32_blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn);
-
-void
-Hacl_Blake2s_32_blake2s_update_key(
-  uint32_t *wv,
-  uint32_t *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-);
-
-void
-Hacl_Blake2s_32_blake2s_update_multi(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint8_t *blocks,
-  uint32_t nb
-);
-
-void
-Hacl_Blake2s_32_blake2s_update_last(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint32_t rem,
-  uint8_t *d
-);
-
-void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash);
-
-/**
-Write the BLAKE2s digest of message `d` using key `k` into `output`.
-
-@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2s_32_blake2s(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-);
-
-uint32_t *Hacl_Blake2s_32_blake2s_malloc(void);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Hash_Blake2_H_DEFINED
-#endif
diff --git a/include/msvc/Hacl_Streaming_Blake2b_256.h b/include/msvc/Hacl_Hash_Blake2b.h
similarity index 56%
rename from include/msvc/Hacl_Streaming_Blake2b_256.h
rename to include/msvc/Hacl_Hash_Blake2b.h
index 20e42d7c..414574f9 100644
--- a/include/msvc/Hacl_Streaming_Blake2b_256.h
+++ b/include/msvc/Hacl_Hash_Blake2b.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Blake2b_256_H
-#define __Hacl_Streaming_Blake2b_256_H
+#ifndef __Hacl_Hash_Blake2b_H
+#define __Hacl_Hash_Blake2b_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -37,67 +37,71 @@ extern "C" {
 
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_Krmllib.h"
-#include "Hacl_Hash_Blake2b_256.h"
 
-typedef struct Hacl_Streaming_Blake2b_256_blake2b_256_block_state_s
+typedef struct Hacl_Hash_Blake2b_block_state_t_s
 {
-  Lib_IntVector_Intrinsics_vec256 *fst;
-  Lib_IntVector_Intrinsics_vec256 *snd;
+  uint64_t *fst;
+  uint64_t *snd;
 }
-Hacl_Streaming_Blake2b_256_blake2b_256_block_state;
+Hacl_Hash_Blake2b_block_state_t;
 
-typedef struct Hacl_Streaming_Blake2b_256_blake2b_256_state_s
+typedef struct Hacl_Hash_Blake2b_state_t_s
 {
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state;
+  Hacl_Hash_Blake2b_block_state_t block_state;
   uint8_t *buf;
   uint64_t total_len;
 }
-Hacl_Streaming_Blake2b_256_blake2b_256_state;
+Hacl_Hash_Blake2b_state_t;
 
 /**
   State allocation function when there is no key
 */
-Hacl_Streaming_Blake2b_256_blake2b_256_state
-*Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in(void);
+Hacl_Hash_Blake2b_state_t *Hacl_Hash_Blake2b_malloc(void);
 
 /**
-  (Re-)initialization function when there is no key
+  Re-initialization function when there is no key
 */
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *s
-);
+void Hacl_Hash_Blake2b_reset(Hacl_Hash_Blake2b_state_t *state);
 
 /**
   Update function when there is no key; 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *p,
-  uint8_t *data,
-  uint32_t len
-);
+Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint32_t chunk_len);
 
 /**
   Finish function when there is no key
 */
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *p,
-  uint8_t *dst
-);
+void Hacl_Hash_Blake2b_digest(Hacl_Hash_Blake2b_state_t *state, uint8_t *output);
 
 /**
   Free state function when there is no key
 */
+void Hacl_Hash_Blake2b_free(Hacl_Hash_Blake2b_state_t *state);
+
+/**
+Write the BLAKE2b digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
 void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *s
+Hacl_Hash_Blake2b_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
 );
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Blake2b_256_H_DEFINED
+#define __Hacl_Hash_Blake2b_H_DEFINED
 #endif
diff --git a/include/msvc/Hacl_Hash_Blake2b_Simd256.h b/include/msvc/Hacl_Hash_Blake2b_Simd256.h
new file mode 100644
index 00000000..adddce66
--- /dev/null
+++ b/include/msvc/Hacl_Hash_Blake2b_Simd256.h
@@ -0,0 +1,113 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_Hash_Blake2b_Simd256_H
+#define __Hacl_Hash_Blake2b_Simd256_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Streaming_Types.h"
+#include "Hacl_Krmllib.h"
+#include "libintvector.h"
+
+typedef struct Hacl_Hash_Blake2b_Simd256_block_state_t_s
+{
+  Lib_IntVector_Intrinsics_vec256 *fst;
+  Lib_IntVector_Intrinsics_vec256 *snd;
+}
+Hacl_Hash_Blake2b_Simd256_block_state_t;
+
+typedef struct Hacl_Hash_Blake2b_Simd256_state_t_s
+{
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state;
+  uint8_t *buf;
+  uint64_t total_len;
+}
+Hacl_Hash_Blake2b_Simd256_state_t;
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2b_Simd256_state_t *Hacl_Hash_Blake2b_Simd256_malloc(void);
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2b_Simd256_reset(Hacl_Hash_Blake2b_Simd256_state_t *state);
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2b_Simd256_update(
+  Hacl_Hash_Blake2b_Simd256_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+);
+
+/**
+  Finish function when there is no key
+*/
+void
+Hacl_Hash_Blake2b_Simd256_digest(Hacl_Hash_Blake2b_Simd256_state_t *state, uint8_t *output);
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2b_Simd256_free(Hacl_Hash_Blake2b_Simd256_state_t *state);
+
+/**
+Write the BLAKE2b digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2b_Simd256_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_Hash_Blake2b_Simd256_H_DEFINED
+#endif
diff --git a/include/msvc/Hacl_Streaming_Blake2s_128.h b/include/msvc/Hacl_Hash_Blake2s.h
similarity index 56%
rename from include/msvc/Hacl_Streaming_Blake2s_128.h
rename to include/msvc/Hacl_Hash_Blake2s.h
index 60e209ff..2c0d7c5b 100644
--- a/include/msvc/Hacl_Streaming_Blake2s_128.h
+++ b/include/msvc/Hacl_Hash_Blake2s.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Blake2s_128_H
-#define __Hacl_Streaming_Blake2s_128_H
+#ifndef __Hacl_Hash_Blake2s_H
+#define __Hacl_Hash_Blake2s_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -36,67 +36,71 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Streaming_Types.h"
-#include "Hacl_Hash_Blake2s_128.h"
 
-typedef struct Hacl_Streaming_Blake2s_128_blake2s_128_block_state_s
+typedef struct Hacl_Hash_Blake2s_block_state_t_s
 {
-  Lib_IntVector_Intrinsics_vec128 *fst;
-  Lib_IntVector_Intrinsics_vec128 *snd;
+  uint32_t *fst;
+  uint32_t *snd;
 }
-Hacl_Streaming_Blake2s_128_blake2s_128_block_state;
+Hacl_Hash_Blake2s_block_state_t;
 
-typedef struct Hacl_Streaming_Blake2s_128_blake2s_128_state_s
+typedef struct Hacl_Hash_Blake2s_state_t_s
 {
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state;
+  Hacl_Hash_Blake2s_block_state_t block_state;
   uint8_t *buf;
   uint64_t total_len;
 }
-Hacl_Streaming_Blake2s_128_blake2s_128_state;
+Hacl_Hash_Blake2s_state_t;
 
 /**
   State allocation function when there is no key
 */
-Hacl_Streaming_Blake2s_128_blake2s_128_state
-*Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in(void);
+Hacl_Hash_Blake2s_state_t *Hacl_Hash_Blake2s_malloc(void);
 
 /**
-  (Re-)initialization function when there is no key
+  Re-initialization function when there is no key
 */
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *s
-);
+void Hacl_Hash_Blake2s_reset(Hacl_Hash_Blake2s_state_t *state);
 
 /**
   Update function when there is no key; 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *p,
-  uint8_t *data,
-  uint32_t len
-);
+Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint32_t chunk_len);
 
 /**
   Finish function when there is no key
 */
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *p,
-  uint8_t *dst
-);
+void Hacl_Hash_Blake2s_digest(Hacl_Hash_Blake2s_state_t *state, uint8_t *output);
 
 /**
   Free state function when there is no key
 */
+void Hacl_Hash_Blake2s_free(Hacl_Hash_Blake2s_state_t *state);
+
+/**
+Write the BLAKE2s digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
 void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *s
+Hacl_Hash_Blake2s_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
 );
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Blake2s_128_H_DEFINED
+#define __Hacl_Hash_Blake2s_H_DEFINED
 #endif
diff --git a/include/msvc/Hacl_Hash_Blake2s_Simd128.h b/include/msvc/Hacl_Hash_Blake2s_Simd128.h
new file mode 100644
index 00000000..6484005e
--- /dev/null
+++ b/include/msvc/Hacl_Hash_Blake2s_Simd128.h
@@ -0,0 +1,112 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __Hacl_Hash_Blake2s_Simd128_H
+#define __Hacl_Hash_Blake2s_Simd128_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "Hacl_Streaming_Types.h"
+#include "libintvector.h"
+
+typedef struct Hacl_Hash_Blake2s_Simd128_block_state_t_s
+{
+  Lib_IntVector_Intrinsics_vec128 *fst;
+  Lib_IntVector_Intrinsics_vec128 *snd;
+}
+Hacl_Hash_Blake2s_Simd128_block_state_t;
+
+typedef struct Hacl_Hash_Blake2s_Simd128_state_t_s
+{
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state;
+  uint8_t *buf;
+  uint64_t total_len;
+}
+Hacl_Hash_Blake2s_Simd128_state_t;
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2s_Simd128_state_t *Hacl_Hash_Blake2s_Simd128_malloc(void);
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2s_Simd128_reset(Hacl_Hash_Blake2s_Simd128_state_t *state);
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2s_Simd128_update(
+  Hacl_Hash_Blake2s_Simd128_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+);
+
+/**
+  Finish function when there is no key
+*/
+void
+Hacl_Hash_Blake2s_Simd128_digest(Hacl_Hash_Blake2s_Simd128_state_t *state, uint8_t *output);
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2s_Simd128_free(Hacl_Hash_Blake2s_Simd128_state_t *state);
+
+/**
+Write the BLAKE2s digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2s_Simd128_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __Hacl_Hash_Blake2s_Simd128_H_DEFINED
+#endif
diff --git a/include/msvc/Hacl_Hash_MD5.h b/include/msvc/Hacl_Hash_MD5.h
index dd4c75e0..db93d7d6 100644
--- a/include/msvc/Hacl_Hash_MD5.h
+++ b/include/msvc/Hacl_Hash_MD5.h
@@ -37,25 +37,25 @@ extern "C" {
 
 #include "Hacl_Streaming_Types.h"
 
-typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_MD5_state;
+typedef Hacl_Streaming_MD_state_32 Hacl_Hash_MD5_state_t;
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_create_in(void);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_malloc(void);
 
-void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_MD5_reset(Hacl_Streaming_MD_state_32 *state);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
+Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len);
 
-void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
+void Hacl_Hash_MD5_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
 
-void Hacl_Streaming_MD5_legacy_free(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_MD5_free(Hacl_Streaming_MD_state_32 *state);
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_state_32 *s0);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_copy(Hacl_Streaming_MD_state_32 *state);
 
-void Hacl_Streaming_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_MD5_hash(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/Hacl_Hash_SHA1.h b/include/msvc/Hacl_Hash_SHA1.h
index 2737b20f..19045440 100644
--- a/include/msvc/Hacl_Hash_SHA1.h
+++ b/include/msvc/Hacl_Hash_SHA1.h
@@ -37,25 +37,25 @@ extern "C" {
 
 #include "Hacl_Streaming_Types.h"
 
-typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA1_state;
+typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA1_state_t;
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_malloc(void);
 
-void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA1_reset(Hacl_Streaming_MD_state_32 *state);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
+Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len);
 
-void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
+void Hacl_Hash_SHA1_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
 
-void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA1_free(Hacl_Streaming_MD_state_32 *state);
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_copy(Hacl_Streaming_MD_state_32 *state);
 
-void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA1_hash(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/Hacl_Hash_SHA2.h b/include/msvc/Hacl_Hash_SHA2.h
index 8f98d878..d17eab94 100644
--- a/include/msvc/Hacl_Hash_SHA2.h
+++ b/include/msvc/Hacl_Hash_SHA2.h
@@ -38,19 +38,19 @@ extern "C" {
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_Krmllib.h"
 
-typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_224;
+typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_224;
 
-typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_256;
+typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_256;
 
-typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_384;
+typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_384;
 
-typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_512;
+typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_512;
 
 /**
 Allocate initial state for the SHA2_256 hash. The state is to be freed by
 calling `free_256`.
 */
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_256(void);
 
 /**
 Copies the state passed as argument into a newly allocated state (deep copy).
@@ -58,73 +58,73 @@ The state is to be freed by calling `free_256`. Cloning the state this way is
 useful, for instance, if your control-flow diverges and you need to feed
 more (different) data into the hash in each branch.
 */
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_copy_256(Hacl_Streaming_MD_state_32 *state);
 
 /**
 Reset an existing state to the initial hash state with empty data.
 */
-void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA2_reset_256(Hacl_Streaming_MD_state_32 *state);
 
 /**
 Feed an arbitrary amount of data into the hash. This function returns 0 for
 success, or 1 if the combined length of all of the data passed to `update_256`
-(since the last call to `init_256`) exceeds 2^61-1 bytes.
+(since the last call to `reset_256`) exceeds 2^61-1 bytes.
 
 This function is identical to the update function for SHA2_224.
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_256(
-  Hacl_Streaming_MD_state_32 *p,
+Hacl_Hash_SHA2_update_256(
+  Hacl_Streaming_MD_state_32 *state,
   uint8_t *input,
   uint32_t input_len
 );
 
 /**
-Write the resulting hash into `dst`, an array of 32 bytes. The state remains
-valid after a call to `finish_256`, meaning the user may feed more data into
-the hash via `update_256`. (The finish_256 function operates on an internal copy of
+Write the resulting hash into `output`, an array of 32 bytes. The state remains
+valid after a call to `digest_256`, meaning the user may feed more data into
+the hash via `update_256`. (The digest_256 function operates on an internal copy of
 the state and therefore does not invalidate the client-held state `p`.)
 */
-void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
+void Hacl_Hash_SHA2_digest_256(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
 
 /**
-Free a state allocated with `create_in_256`.
+Free a state allocated with `malloc_256`.
 
 This function is identical to the free function for SHA2_224.
 */
-void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA2_free_256(Hacl_Streaming_MD_state_32 *state);
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 32 bytes.
 */
-void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA2_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void);
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_224(void);
 
-void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s);
+void Hacl_Hash_SHA2_reset_224(Hacl_Streaming_MD_state_32 *state);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_224(
-  Hacl_Streaming_MD_state_32 *p,
+Hacl_Hash_SHA2_update_224(
+  Hacl_Streaming_MD_state_32 *state,
   uint8_t *input,
   uint32_t input_len
 );
 
 /**
-Write the resulting hash into `dst`, an array of 28 bytes. The state remains
-valid after a call to `finish_224`, meaning the user may feed more data into
+Write the resulting hash into `output`, an array of 28 bytes. The state remains
+valid after a call to `digest_224`, meaning the user may feed more data into
 the hash via `update_224`.
 */
-void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
+void Hacl_Hash_SHA2_digest_224(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
 
-void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p);
+void Hacl_Hash_SHA2_free_224(Hacl_Streaming_MD_state_32 *state);
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 28 bytes.
 */
-void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA2_hash_224(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void);
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_512(void);
 
 /**
 Copies the state passed as argument into a newly allocated state (deep copy).
@@ -132,68 +132,68 @@ The state is to be freed by calling `free_512`. Cloning the state this way is
 useful, for instance, if your control-flow diverges and you need to feed
 more (different) data into the hash in each branch.
 */
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0);
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_copy_512(Hacl_Streaming_MD_state_64 *state);
 
-void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s);
+void Hacl_Hash_SHA2_reset_512(Hacl_Streaming_MD_state_64 *state);
 
 /**
 Feed an arbitrary amount of data into the hash. This function returns 0 for
 success, or 1 if the combined length of all of the data passed to `update_512`
-(since the last call to `init_512`) exceeds 2^125-1 bytes.
+(since the last call to `reset_512`) exceeds 2^125-1 bytes.
 
 This function is identical to the update function for SHA2_384.
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_512(
-  Hacl_Streaming_MD_state_64 *p,
+Hacl_Hash_SHA2_update_512(
+  Hacl_Streaming_MD_state_64 *state,
   uint8_t *input,
   uint32_t input_len
 );
 
 /**
-Write the resulting hash into `dst`, an array of 64 bytes. The state remains
-valid after a call to `finish_512`, meaning the user may feed more data into
-the hash via `update_512`. (The finish_512 function operates on an internal copy of
+Write the resulting hash into `output`, an array of 64 bytes. The state remains
+valid after a call to `digest_512`, meaning the user may feed more data into
+the hash via `update_512`. (The digest_512 function operates on an internal copy of
 the state and therefore does not invalidate the client-held state `p`.)
 */
-void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst);
+void Hacl_Hash_SHA2_digest_512(Hacl_Streaming_MD_state_64 *state, uint8_t *output);
 
 /**
-Free a state allocated with `create_in_512`.
+Free a state allocated with `malloc_512`.
 
 This function is identical to the free function for SHA2_384.
 */
-void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s);
+void Hacl_Hash_SHA2_free_512(Hacl_Streaming_MD_state_64 *state);
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 64 bytes.
 */
-void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA2_hash_512(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void);
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_384(void);
 
-void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s);
+void Hacl_Hash_SHA2_reset_384(Hacl_Streaming_MD_state_64 *state);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_384(
-  Hacl_Streaming_MD_state_64 *p,
+Hacl_Hash_SHA2_update_384(
+  Hacl_Streaming_MD_state_64 *state,
   uint8_t *input,
   uint32_t input_len
 );
 
 /**
-Write the resulting hash into `dst`, an array of 48 bytes. The state remains
-valid after a call to `finish_384`, meaning the user may feed more data into
+Write the resulting hash into `output`, an array of 48 bytes. The state remains
+valid after a call to `digest_384`, meaning the user may feed more data into
 the hash via `update_384`.
 */
-void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst);
+void Hacl_Hash_SHA2_digest_384(Hacl_Streaming_MD_state_64 *state, uint8_t *output);
 
-void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p);
+void Hacl_Hash_SHA2_free_384(Hacl_Streaming_MD_state_64 *state);
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 48 bytes.
 */
-void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void Hacl_Hash_SHA2_hash_384(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/Hacl_Hash_SHA3.h b/include/msvc/Hacl_Hash_SHA3.h
index e2f5ff06..e09f8745 100644
--- a/include/msvc/Hacl_Hash_SHA3.h
+++ b/include/msvc/Hacl_Hash_SHA3.h
@@ -37,48 +37,48 @@ extern "C" {
 
 #include "Hacl_Streaming_Types.h"
 
-typedef struct Hacl_Streaming_Keccak_hash_buf_s
+typedef struct Hacl_Hash_SHA3_hash_buf_s
 {
   Spec_Hash_Definitions_hash_alg fst;
   uint64_t *snd;
 }
-Hacl_Streaming_Keccak_hash_buf;
+Hacl_Hash_SHA3_hash_buf;
 
-typedef struct Hacl_Streaming_Keccak_state_s
+typedef struct Hacl_Hash_SHA3_state_t_s
 {
-  Hacl_Streaming_Keccak_hash_buf block_state;
+  Hacl_Hash_SHA3_hash_buf block_state;
   uint8_t *buf;
   uint64_t total_len;
 }
-Hacl_Streaming_Keccak_state;
+Hacl_Hash_SHA3_state_t;
 
-Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s);
+Spec_Hash_Definitions_hash_alg Hacl_Hash_SHA3_get_alg(Hacl_Hash_SHA3_state_t *s);
 
-Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_hash_alg a);
+Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_hash_alg a);
 
-void Hacl_Streaming_Keccak_free(Hacl_Streaming_Keccak_state *s);
+void Hacl_Hash_SHA3_free(Hacl_Hash_SHA3_state_t *state);
 
-Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_copy(Hacl_Streaming_Keccak_state *s0);
+Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_copy(Hacl_Hash_SHA3_state_t *state);
 
-void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s);
+void Hacl_Hash_SHA3_reset(Hacl_Hash_SHA3_state_t *state);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint32_t len);
+Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t chunk_len);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_finish(Hacl_Streaming_Keccak_state *s, uint8_t *dst);
+Hacl_Hash_SHA3_digest(Hacl_Hash_SHA3_state_t *state, uint8_t *output);
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_squeeze(Hacl_Streaming_Keccak_state *s, uint8_t *dst, uint32_t l);
+Hacl_Hash_SHA3_squeeze(Hacl_Hash_SHA3_state_t *s, uint8_t *dst, uint32_t l);
 
-uint32_t Hacl_Streaming_Keccak_block_len(Hacl_Streaming_Keccak_state *s);
+uint32_t Hacl_Hash_SHA3_block_len(Hacl_Hash_SHA3_state_t *s);
 
-uint32_t Hacl_Streaming_Keccak_hash_len(Hacl_Streaming_Keccak_state *s);
+uint32_t Hacl_Hash_SHA3_hash_len(Hacl_Hash_SHA3_state_t *s);
 
-bool Hacl_Streaming_Keccak_is_shake(Hacl_Streaming_Keccak_state *s);
+bool Hacl_Hash_SHA3_is_shake(Hacl_Hash_SHA3_state_t *s);
 
 void
-Hacl_SHA3_shake128_hacl(
+Hacl_Hash_SHA3_shake128_hacl(
   uint32_t inputByteLen,
   uint8_t *input,
   uint32_t outputByteLen,
@@ -86,25 +86,25 @@ Hacl_SHA3_shake128_hacl(
 );
 
 void
-Hacl_SHA3_shake256_hacl(
+Hacl_Hash_SHA3_shake256_hacl(
   uint32_t inputByteLen,
   uint8_t *input,
   uint32_t outputByteLen,
   uint8_t *output
 );
 
-void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
+void Hacl_Hash_SHA3_sha3_224(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
+void Hacl_Hash_SHA3_sha3_256(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
+void Hacl_Hash_SHA3_sha3_384(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
+void Hacl_Hash_SHA3_sha3_512(uint8_t *output, uint8_t *input, uint32_t input_len);
 
-void Hacl_Impl_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s);
+void Hacl_Hash_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s);
 
 void
-Hacl_Impl_SHA3_squeeze(
+Hacl_Hash_SHA3_squeeze0(
   uint64_t *s,
   uint32_t rateInBytes,
   uint32_t outputByteLen,
@@ -112,7 +112,7 @@ Hacl_Impl_SHA3_squeeze(
 );
 
 void
-Hacl_Impl_SHA3_keccak(
+Hacl_Hash_SHA3_keccak(
   uint32_t rate,
   uint32_t capacity,
   uint32_t inputByteLen,
diff --git a/include/msvc/Hacl_IntTypes_Intrinsics.h b/include/msvc/Hacl_IntTypes_Intrinsics.h
index e2a193e9..c816b046 100644
--- a/include/msvc/Hacl_IntTypes_Intrinsics.h
+++ b/include/msvc/Hacl_IntTypes_Intrinsics.h
@@ -41,7 +41,7 @@ static inline uint32_t
 Hacl_IntTypes_Intrinsics_add_carry_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r)
 {
   uint64_t res = (uint64_t)x + (uint64_t)cin + (uint64_t)y;
-  uint32_t c = (uint32_t)(res >> (uint32_t)32U);
+  uint32_t c = (uint32_t)(res >> 32U);
   r[0U] = (uint32_t)res;
   return c;
 }
@@ -50,7 +50,7 @@ static inline uint32_t
 Hacl_IntTypes_Intrinsics_sub_borrow_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r)
 {
   uint64_t res = (uint64_t)x - (uint64_t)y - (uint64_t)cin;
-  uint32_t c = (uint32_t)(res >> (uint32_t)32U) & (uint32_t)1U;
+  uint32_t c = (uint32_t)(res >> 32U) & 1U;
   r[0U] = (uint32_t)res;
   return c;
 }
@@ -59,8 +59,7 @@ static inline uint64_t
 Hacl_IntTypes_Intrinsics_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r)
 {
   uint64_t res = x + cin + y;
-  uint64_t
-  c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & (uint64_t)1U;
+  uint64_t c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & 1ULL;
   r[0U] = res;
   return c;
 }
@@ -73,7 +72,7 @@ Hacl_IntTypes_Intrinsics_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y, ui
   c =
     ((FStar_UInt64_gte_mask(res, x) & ~FStar_UInt64_eq_mask(res, x))
     | (FStar_UInt64_eq_mask(res, x) & cin))
-    & (uint64_t)1U;
+    & 1ULL;
   r[0U] = res;
   return c;
 }
diff --git a/include/msvc/Hacl_IntTypes_Intrinsics_128.h b/include/msvc/Hacl_IntTypes_Intrinsics_128.h
index aa843a6c..d3008969 100644
--- a/include/msvc/Hacl_IntTypes_Intrinsics_128.h
+++ b/include/msvc/Hacl_IntTypes_Intrinsics_128.h
@@ -45,7 +45,7 @@ Hacl_IntTypes_Intrinsics_128_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y,
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_uint64_to_uint128(x),
         FStar_UInt128_uint64_to_uint128(cin)),
       FStar_UInt128_uint64_to_uint128(y));
-  uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U));
+  uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U));
   r[0U] = FStar_UInt128_uint128_to_uint64(res);
   return c;
 }
@@ -58,10 +58,7 @@ Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y
     FStar_UInt128_sub_mod(FStar_UInt128_sub_mod(FStar_UInt128_uint64_to_uint128(x),
         FStar_UInt128_uint64_to_uint128(y)),
       FStar_UInt128_uint64_to_uint128(cin));
-  uint64_t
-  c =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U))
-    & (uint64_t)1U;
+  uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)) & 1ULL;
   r[0U] = FStar_UInt128_uint128_to_uint64(res);
   return c;
 }
diff --git a/include/Hacl_Streaming_Poly1305_32.h b/include/msvc/Hacl_MAC_Poly1305.h
similarity index 67%
rename from include/Hacl_Streaming_Poly1305_32.h
rename to include/msvc/Hacl_MAC_Poly1305.h
index 88d1a513..95ac4be2 100644
--- a/include/Hacl_Streaming_Poly1305_32.h
+++ b/include/msvc/Hacl_MAC_Poly1305.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Poly1305_32_H
-#define __Hacl_Streaming_Poly1305_32_H
+#ifndef __Hacl_MAC_Poly1305_H
+#define __Hacl_MAC_Poly1305_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -36,43 +36,36 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Streaming_Types.h"
-#include "Hacl_Poly1305_32.h"
+#include "Hacl_Krmllib.h"
 
-typedef struct Hacl_Streaming_Poly1305_32_poly1305_32_state_s
+typedef struct Hacl_MAC_Poly1305_state_t_s
 {
   uint64_t *block_state;
   uint8_t *buf;
   uint64_t total_len;
   uint8_t *p_key;
 }
-Hacl_Streaming_Poly1305_32_poly1305_32_state;
+Hacl_MAC_Poly1305_state_t;
 
-Hacl_Streaming_Poly1305_32_poly1305_32_state *Hacl_Streaming_Poly1305_32_create_in(uint8_t *k);
+Hacl_MAC_Poly1305_state_t *Hacl_MAC_Poly1305_malloc(uint8_t *key);
 
-void
-Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_32_state *s);
+void Hacl_MAC_Poly1305_reset(Hacl_MAC_Poly1305_state_t *state, uint8_t *key);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_32_update(
-  Hacl_Streaming_Poly1305_32_poly1305_32_state *p,
-  uint8_t *data,
-  uint32_t len
-);
+Hacl_MAC_Poly1305_update(Hacl_MAC_Poly1305_state_t *state, uint8_t *chunk, uint32_t chunk_len);
 
-void
-Hacl_Streaming_Poly1305_32_finish(
-  Hacl_Streaming_Poly1305_32_poly1305_32_state *p,
-  uint8_t *dst
-);
+void Hacl_MAC_Poly1305_digest(Hacl_MAC_Poly1305_state_t *state, uint8_t *output);
 
-void Hacl_Streaming_Poly1305_32_free(Hacl_Streaming_Poly1305_32_poly1305_32_state *s);
+void Hacl_MAC_Poly1305_free(Hacl_MAC_Poly1305_state_t *state);
+
+void Hacl_MAC_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Poly1305_32_H_DEFINED
+#define __Hacl_MAC_Poly1305_H_DEFINED
 #endif
diff --git a/include/msvc/Hacl_Streaming_Poly1305_128.h b/include/msvc/Hacl_MAC_Poly1305_Simd128.h
similarity index 67%
rename from include/msvc/Hacl_Streaming_Poly1305_128.h
rename to include/msvc/Hacl_MAC_Poly1305_Simd128.h
index d6299052..9b69ebd4 100644
--- a/include/msvc/Hacl_Streaming_Poly1305_128.h
+++ b/include/msvc/Hacl_MAC_Poly1305_Simd128.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Poly1305_128_H
-#define __Hacl_Streaming_Poly1305_128_H
+#ifndef __Hacl_MAC_Poly1305_Simd128_H
+#define __Hacl_MAC_Poly1305_Simd128_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -36,44 +36,47 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Streaming_Types.h"
-#include "Hacl_Poly1305_128.h"
+#include "libintvector.h"
 
-typedef struct Hacl_Streaming_Poly1305_128_poly1305_128_state_s
+typedef struct Hacl_MAC_Poly1305_Simd128_state_t_s
 {
   Lib_IntVector_Intrinsics_vec128 *block_state;
   uint8_t *buf;
   uint64_t total_len;
   uint8_t *p_key;
 }
-Hacl_Streaming_Poly1305_128_poly1305_128_state;
+Hacl_MAC_Poly1305_Simd128_state_t;
 
-Hacl_Streaming_Poly1305_128_poly1305_128_state
-*Hacl_Streaming_Poly1305_128_create_in(uint8_t *k);
+Hacl_MAC_Poly1305_Simd128_state_t *Hacl_MAC_Poly1305_Simd128_malloc(uint8_t *key);
 
-void
-Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly1305_128_state *s);
+void Hacl_MAC_Poly1305_Simd128_reset(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *key);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_128_update(
-  Hacl_Streaming_Poly1305_128_poly1305_128_state *p,
-  uint8_t *data,
-  uint32_t len
+Hacl_MAC_Poly1305_Simd128_update(
+  Hacl_MAC_Poly1305_Simd128_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
 );
 
 void
-Hacl_Streaming_Poly1305_128_finish(
-  Hacl_Streaming_Poly1305_128_poly1305_128_state *p,
-  uint8_t *dst
-);
+Hacl_MAC_Poly1305_Simd128_digest(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *output);
+
+void Hacl_MAC_Poly1305_Simd128_free(Hacl_MAC_Poly1305_Simd128_state_t *state);
 
-void Hacl_Streaming_Poly1305_128_free(Hacl_Streaming_Poly1305_128_poly1305_128_state *s);
+void
+Hacl_MAC_Poly1305_Simd128_mac(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key
+);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Poly1305_128_H_DEFINED
+#define __Hacl_MAC_Poly1305_Simd128_H_DEFINED
 #endif
diff --git a/include/Hacl_Streaming_Poly1305_256.h b/include/msvc/Hacl_MAC_Poly1305_Simd256.h
similarity index 67%
rename from include/Hacl_Streaming_Poly1305_256.h
rename to include/msvc/Hacl_MAC_Poly1305_Simd256.h
index 689b837b..89f4a104 100644
--- a/include/Hacl_Streaming_Poly1305_256.h
+++ b/include/msvc/Hacl_MAC_Poly1305_Simd256.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Streaming_Poly1305_256_H
-#define __Hacl_Streaming_Poly1305_256_H
+#ifndef __Hacl_MAC_Poly1305_Simd256_H
+#define __Hacl_MAC_Poly1305_Simd256_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -36,44 +36,47 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Streaming_Types.h"
-#include "Hacl_Poly1305_256.h"
+#include "libintvector.h"
 
-typedef struct Hacl_Streaming_Poly1305_256_poly1305_256_state_s
+typedef struct Hacl_MAC_Poly1305_Simd256_state_t_s
 {
   Lib_IntVector_Intrinsics_vec256 *block_state;
   uint8_t *buf;
   uint64_t total_len;
   uint8_t *p_key;
 }
-Hacl_Streaming_Poly1305_256_poly1305_256_state;
+Hacl_MAC_Poly1305_Simd256_state_t;
 
-Hacl_Streaming_Poly1305_256_poly1305_256_state
-*Hacl_Streaming_Poly1305_256_create_in(uint8_t *k);
+Hacl_MAC_Poly1305_Simd256_state_t *Hacl_MAC_Poly1305_Simd256_malloc(uint8_t *key);
 
-void
-Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly1305_256_state *s);
+void Hacl_MAC_Poly1305_Simd256_reset(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *key);
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_256_update(
-  Hacl_Streaming_Poly1305_256_poly1305_256_state *p,
-  uint8_t *data,
-  uint32_t len
+Hacl_MAC_Poly1305_Simd256_update(
+  Hacl_MAC_Poly1305_Simd256_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
 );
 
 void
-Hacl_Streaming_Poly1305_256_finish(
-  Hacl_Streaming_Poly1305_256_poly1305_256_state *p,
-  uint8_t *dst
-);
+Hacl_MAC_Poly1305_Simd256_digest(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *output);
+
+void Hacl_MAC_Poly1305_Simd256_free(Hacl_MAC_Poly1305_Simd256_state_t *state);
 
-void Hacl_Streaming_Poly1305_256_free(Hacl_Streaming_Poly1305_256_poly1305_256_state *s);
+void
+Hacl_MAC_Poly1305_Simd256_mac(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key
+);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Streaming_Poly1305_256_H_DEFINED
+#define __Hacl_MAC_Poly1305_Simd256_H_DEFINED
 #endif
diff --git a/include/msvc/Hacl_NaCl.h b/include/msvc/Hacl_NaCl.h
index b7e91a4b..a3ca6804 100644
--- a/include/msvc/Hacl_NaCl.h
+++ b/include/msvc/Hacl_NaCl.h
@@ -36,7 +36,7 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Hacl_Salsa20.h"
-#include "Hacl_Poly1305_32.h"
+#include "Hacl_MAC_Poly1305.h"
 #include "Hacl_Curve25519_51.h"
 
 /**
diff --git a/include/msvc/Hacl_Poly1305_128.h b/include/msvc/Hacl_Poly1305_128.h
deleted file mode 100644
index 834d4a8a..00000000
--- a/include/msvc/Hacl_Poly1305_128.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Poly1305_128_H
-#define __Hacl_Poly1305_128_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "libintvector.h"
-
-typedef Lib_IntVector_Intrinsics_vec128 *Hacl_Poly1305_128_poly1305_ctx;
-
-void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key);
-
-void Hacl_Poly1305_128_poly1305_update1(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *text);
-
-void
-Hacl_Poly1305_128_poly1305_update(
-  Lib_IntVector_Intrinsics_vec128 *ctx,
-  uint32_t len,
-  uint8_t *text
-);
-
-void
-Hacl_Poly1305_128_poly1305_finish(
-  uint8_t *tag,
-  uint8_t *key,
-  Lib_IntVector_Intrinsics_vec128 *ctx
-);
-
-void Hacl_Poly1305_128_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Poly1305_128_H_DEFINED
-#endif
diff --git a/include/msvc/Hacl_Poly1305_32.h b/include/msvc/Hacl_Poly1305_32.h
deleted file mode 100644
index f3233b90..00000000
--- a/include/msvc/Hacl_Poly1305_32.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Poly1305_32_H
-#define __Hacl_Poly1305_32_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Krmllib.h"
-
-typedef uint64_t *Hacl_Poly1305_32_poly1305_ctx;
-
-void Hacl_Poly1305_32_poly1305_init(uint64_t *ctx, uint8_t *key);
-
-void Hacl_Poly1305_32_poly1305_update1(uint64_t *ctx, uint8_t *text);
-
-void Hacl_Poly1305_32_poly1305_update(uint64_t *ctx, uint32_t len, uint8_t *text);
-
-void Hacl_Poly1305_32_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx);
-
-void Hacl_Poly1305_32_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Poly1305_32_H_DEFINED
-#endif
diff --git a/include/msvc/Hacl_Streaming_Blake2.h b/include/msvc/Hacl_Streaming_Blake2.h
deleted file mode 100644
index bfb05e4f..00000000
--- a/include/msvc/Hacl_Streaming_Blake2.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#ifndef __Hacl_Streaming_Blake2_H
-#define __Hacl_Streaming_Blake2_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-#include "Hacl_Streaming_Types.h"
-#include "Hacl_Krmllib.h"
-#include "Hacl_Hash_Blake2.h"
-
-typedef struct Hacl_Streaming_Blake2_blake2s_32_block_state_s
-{
-  uint32_t *fst;
-  uint32_t *snd;
-}
-Hacl_Streaming_Blake2_blake2s_32_block_state;
-
-typedef struct Hacl_Streaming_Blake2_blake2b_32_block_state_s
-{
-  uint64_t *fst;
-  uint64_t *snd;
-}
-Hacl_Streaming_Blake2_blake2b_32_block_state;
-
-typedef struct Hacl_Streaming_Blake2_blake2s_32_state_s
-{
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state;
-  uint8_t *buf;
-  uint64_t total_len;
-}
-Hacl_Streaming_Blake2_blake2s_32_state;
-
-typedef struct Hacl_Streaming_Blake2_blake2b_32_state_s
-{
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state;
-  uint8_t *buf;
-  uint64_t total_len;
-}
-Hacl_Streaming_Blake2_blake2b_32_state;
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2_blake2s_32_state
-*Hacl_Streaming_Blake2_blake2s_32_no_key_create_in(void);
-
-/**
-  (Re-)initialization function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_32_state *s1);
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2_blake2s_32_no_key_update(
-  Hacl_Streaming_Blake2_blake2s_32_state *p,
-  uint8_t *data,
-  uint32_t len
-);
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2_blake2s_32_no_key_finish(
-  Hacl_Streaming_Blake2_blake2s_32_state *p,
-  uint8_t *dst
-);
-
-/**
-  Free state function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2s_32_no_key_free(Hacl_Streaming_Blake2_blake2s_32_state *s1);
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2_blake2b_32_state
-*Hacl_Streaming_Blake2_blake2b_32_no_key_create_in(void);
-
-/**
-  (Re)-initialization function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_32_state *s1);
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2_blake2b_32_no_key_update(
-  Hacl_Streaming_Blake2_blake2b_32_state *p,
-  uint8_t *data,
-  uint32_t len
-);
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2_blake2b_32_no_key_finish(
-  Hacl_Streaming_Blake2_blake2b_32_state *p,
-  uint8_t *dst
-);
-
-/**
-  Free state function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2b_32_no_key_free(Hacl_Streaming_Blake2_blake2b_32_state *s1);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Hacl_Streaming_Blake2_H_DEFINED
-#endif
diff --git a/include/msvc/internal/EverCrypt_HMAC.h b/include/msvc/internal/EverCrypt_HMAC.h
index 02986e6c..debea462 100644
--- a/include/msvc/internal/EverCrypt_HMAC.h
+++ b/include/msvc/internal/EverCrypt_HMAC.h
@@ -38,7 +38,9 @@ extern "C" {
 #include "internal/Hacl_Krmllib.h"
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b.h"
+#include "internal/Hacl_HMAC.h"
 #include "internal/EverCrypt_Hash.h"
 #include "../EverCrypt_HMAC.h"
 
diff --git a/include/msvc/internal/EverCrypt_Hash.h b/include/msvc/internal/EverCrypt_Hash.h
index c9417677..cd706161 100644
--- a/include/msvc/internal/EverCrypt_Hash.h
+++ b/include/msvc/internal/EverCrypt_Hash.h
@@ -41,11 +41,15 @@ extern "C" {
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
 #include "internal/Hacl_Hash_MD5.h"
+#include "internal/Hacl_Hash_Blake2s_Simd128.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b_Simd256.h"
+#include "internal/Hacl_Hash_Blake2b.h"
 #include "../EverCrypt_Hash.h"
 
 void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n);
 
-void EverCrypt_Hash_Incremental_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst);
+void EverCrypt_Hash_Incremental_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/internal/Hacl_Bignum.h b/include/msvc/internal/Hacl_Bignum.h
index 901a8dad..4b31236d 100644
--- a/include/msvc/internal/Hacl_Bignum.h
+++ b/include/msvc/internal/Hacl_Bignum.h
@@ -124,15 +124,6 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(
   uint32_t *res
 );
 
-void
-Hacl_Bignum_Montgomery_bn_mont_reduction_u32(
-  uint32_t len,
-  uint32_t *n,
-  uint32_t nInv,
-  uint32_t *c,
-  uint32_t *res
-);
-
 void
 Hacl_Bignum_Montgomery_bn_to_mont_u32(
   uint32_t len,
@@ -181,15 +172,6 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(
   uint64_t *res
 );
 
-void
-Hacl_Bignum_Montgomery_bn_mont_reduction_u64(
-  uint32_t len,
-  uint64_t *n,
-  uint64_t nInv,
-  uint64_t *c,
-  uint64_t *res
-);
-
 void
 Hacl_Bignum_Montgomery_bn_to_mont_u64(
   uint32_t len,
@@ -228,6 +210,24 @@ Hacl_Bignum_Montgomery_bn_mont_sqr_u64(
   uint64_t *resM
 );
 
+void
+Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(
+  uint32_t len,
+  uint32_t *n,
+  uint32_t nInv,
+  uint32_t *c,
+  uint32_t *res
+);
+
+void
+Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(
+  uint32_t len,
+  uint64_t *n,
+  uint64_t nInv,
+  uint64_t *c,
+  uint64_t *res
+);
+
 uint32_t
 Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32(
   uint32_t len,
diff --git a/include/msvc/internal/Hacl_Bignum25519_51.h b/include/msvc/internal/Hacl_Bignum25519_51.h
index 25a10503..4678f8a0 100644
--- a/include/msvc/internal/Hacl_Bignum25519_51.h
+++ b/include/msvc/internal/Hacl_Bignum25519_51.h
@@ -69,11 +69,11 @@ static inline void Hacl_Impl_Curve25519_Field51_fsub(uint64_t *out, uint64_t *f1
   uint64_t f23 = f2[3U];
   uint64_t f14 = f1[4U];
   uint64_t f24 = f2[4U];
-  out[0U] = f10 + (uint64_t)0x3fffffffffff68U - f20;
-  out[1U] = f11 + (uint64_t)0x3ffffffffffff8U - f21;
-  out[2U] = f12 + (uint64_t)0x3ffffffffffff8U - f22;
-  out[3U] = f13 + (uint64_t)0x3ffffffffffff8U - f23;
-  out[4U] = f14 + (uint64_t)0x3ffffffffffff8U - f24;
+  out[0U] = f10 + 0x3fffffffffff68ULL - f20;
+  out[1U] = f11 + 0x3ffffffffffff8ULL - f21;
+  out[2U] = f12 + 0x3ffffffffffff8ULL - f22;
+  out[3U] = f13 + 0x3ffffffffffff8ULL - f23;
+  out[4U] = f14 + 0x3ffffffffffff8ULL - f24;
 }
 
 static inline void
@@ -84,7 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul(
   FStar_UInt128_uint128 *uu___
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -95,10 +95,10 @@ Hacl_Impl_Curve25519_Field51_fmul(
   uint64_t f22 = f2[2U];
   uint64_t f23 = f2[3U];
   uint64_t f24 = f2[4U];
-  uint64_t tmp1 = f21 * (uint64_t)19U;
-  uint64_t tmp2 = f22 * (uint64_t)19U;
-  uint64_t tmp3 = f23 * (uint64_t)19U;
-  uint64_t tmp4 = f24 * (uint64_t)19U;
+  uint64_t tmp1 = f21 * 19ULL;
+  uint64_t tmp2 = f22 * 19ULL;
+  uint64_t tmp3 = f23 * 19ULL;
+  uint64_t tmp4 = f24 * 19ULL;
   FStar_UInt128_uint128 o00 = FStar_UInt128_mul_wide(f10, f20);
   FStar_UInt128_uint128 o10 = FStar_UInt128_mul_wide(f10, f21);
   FStar_UInt128_uint128 o20 = FStar_UInt128_mul_wide(f10, f22);
@@ -129,25 +129,24 @@ Hacl_Impl_Curve25519_Field51_fmul(
   FStar_UInt128_uint128 tmp_w2 = o24;
   FStar_UInt128_uint128 tmp_w3 = o34;
   FStar_UInt128_uint128 tmp_w4 = o44;
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp01 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp01 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w1, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp11 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp11 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w2, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp21 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp21 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w3, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp31 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp31 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w4, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp41 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp01 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp41 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp01 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t o0 = tmp0_;
   uint64_t o1 = tmp11 + c5;
   uint64_t o2 = tmp21;
@@ -168,7 +167,7 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   FStar_UInt128_uint128 *uu___
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -189,14 +188,14 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   uint64_t f42 = f2[7U];
   uint64_t f43 = f2[8U];
   uint64_t f44 = f2[9U];
-  uint64_t tmp11 = f21 * (uint64_t)19U;
-  uint64_t tmp12 = f22 * (uint64_t)19U;
-  uint64_t tmp13 = f23 * (uint64_t)19U;
-  uint64_t tmp14 = f24 * (uint64_t)19U;
-  uint64_t tmp21 = f41 * (uint64_t)19U;
-  uint64_t tmp22 = f42 * (uint64_t)19U;
-  uint64_t tmp23 = f43 * (uint64_t)19U;
-  uint64_t tmp24 = f44 * (uint64_t)19U;
+  uint64_t tmp11 = f21 * 19ULL;
+  uint64_t tmp12 = f22 * 19ULL;
+  uint64_t tmp13 = f23 * 19ULL;
+  uint64_t tmp14 = f24 * 19ULL;
+  uint64_t tmp21 = f41 * 19ULL;
+  uint64_t tmp22 = f42 * 19ULL;
+  uint64_t tmp23 = f43 * 19ULL;
+  uint64_t tmp24 = f44 * 19ULL;
   FStar_UInt128_uint128 o00 = FStar_UInt128_mul_wide(f10, f20);
   FStar_UInt128_uint128 o15 = FStar_UInt128_mul_wide(f10, f21);
   FStar_UInt128_uint128 o25 = FStar_UInt128_mul_wide(f10, f22);
@@ -257,49 +256,47 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   FStar_UInt128_uint128 tmp_w22 = o241;
   FStar_UInt128_uint128 tmp_w23 = o34;
   FStar_UInt128_uint128 tmp_w24 = o44;
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(tmp_w10, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w10, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w11, FStar_UInt128_uint64_to_uint128(c00));
-  uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w12, FStar_UInt128_uint64_to_uint128(c10));
-  uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w13, FStar_UInt128_uint64_to_uint128(c20));
-  uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w14, FStar_UInt128_uint64_to_uint128(c30));
-  uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp00 + c40 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c50 = l_4 >> (uint32_t)51U;
+  uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp00 + c40 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c50 = l_4 >> 51U;
   uint64_t o100 = tmp0_;
   uint64_t o112 = tmp10 + c50;
   uint64_t o122 = tmp20;
   uint64_t o132 = tmp30;
   uint64_t o142 = tmp40;
-  FStar_UInt128_uint128
-  l_5 = FStar_UInt128_add(tmp_w20, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, (uint32_t)51U));
+  FStar_UInt128_uint128 l_5 = FStar_UInt128_add(tmp_w20, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, 51U));
   FStar_UInt128_uint128 l_6 = FStar_UInt128_add(tmp_w21, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, (uint32_t)51U));
+  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, 51U));
   FStar_UInt128_uint128 l_7 = FStar_UInt128_add(tmp_w22, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, (uint32_t)51U));
+  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, 51U));
   FStar_UInt128_uint128 l_8 = FStar_UInt128_add(tmp_w23, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, (uint32_t)51U));
+  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, 51U));
   FStar_UInt128_uint128 l_9 = FStar_UInt128_add(tmp_w24, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, (uint32_t)51U));
-  uint64_t l_10 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_0 = l_10 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_10 >> (uint32_t)51U;
+  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, 51U));
+  uint64_t l_10 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_0 = l_10 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_10 >> 51U;
   uint64_t o200 = tmp0_0;
   uint64_t o212 = tmp1 + c5;
   uint64_t o222 = tmp2;
@@ -339,25 +336,24 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f
   FStar_UInt128_uint128 tmp_w2 = FStar_UInt128_mul_wide(f2, f12);
   FStar_UInt128_uint128 tmp_w3 = FStar_UInt128_mul_wide(f2, f13);
   FStar_UInt128_uint128 tmp_w4 = FStar_UInt128_mul_wide(f2, f14);
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w1, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w2, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w3, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w4, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t o0 = tmp0_;
   uint64_t o1 = tmp1 + c5;
   uint64_t o2 = tmp2;
@@ -373,18 +369,18 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint64_t f0 = f[0U];
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
   uint64_t f4 = f[4U];
-  uint64_t d0 = (uint64_t)2U * f0;
-  uint64_t d1 = (uint64_t)2U * f1;
-  uint64_t d2 = (uint64_t)38U * f2;
-  uint64_t d3 = (uint64_t)19U * f3;
-  uint64_t d419 = (uint64_t)19U * f4;
-  uint64_t d4 = (uint64_t)2U * d419;
+  uint64_t d0 = 2ULL * f0;
+  uint64_t d1 = 2ULL * f1;
+  uint64_t d2 = 38ULL * f2;
+  uint64_t d3 = 19ULL * f3;
+  uint64_t d419 = 19ULL * f4;
+  uint64_t d4 = 2ULL * d419;
   FStar_UInt128_uint128
   s0 =
     FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f0, f0),
@@ -415,25 +411,24 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint
   FStar_UInt128_uint128 o20 = s2;
   FStar_UInt128_uint128 o30 = s3;
   FStar_UInt128_uint128 o40 = s4;
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(o00, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(o00, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(o10, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(o20, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(o30, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(o40, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t o0 = tmp0_;
   uint64_t o1 = tmp1 + c5;
   uint64_t o2 = tmp2;
@@ -449,7 +444,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint64_t f10 = f[0U];
   uint64_t f11 = f[1U];
   uint64_t f12 = f[2U];
@@ -460,12 +455,12 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin
   uint64_t f22 = f[7U];
   uint64_t f23 = f[8U];
   uint64_t f24 = f[9U];
-  uint64_t d00 = (uint64_t)2U * f10;
-  uint64_t d10 = (uint64_t)2U * f11;
-  uint64_t d20 = (uint64_t)38U * f12;
-  uint64_t d30 = (uint64_t)19U * f13;
-  uint64_t d4190 = (uint64_t)19U * f14;
-  uint64_t d40 = (uint64_t)2U * d4190;
+  uint64_t d00 = 2ULL * f10;
+  uint64_t d10 = 2ULL * f11;
+  uint64_t d20 = 38ULL * f12;
+  uint64_t d30 = 19ULL * f13;
+  uint64_t d4190 = 19ULL * f14;
+  uint64_t d40 = 2ULL * d4190;
   FStar_UInt128_uint128
   s00 =
     FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f10, f10),
@@ -496,12 +491,12 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin
   FStar_UInt128_uint128 o120 = s20;
   FStar_UInt128_uint128 o130 = s30;
   FStar_UInt128_uint128 o140 = s40;
-  uint64_t d0 = (uint64_t)2U * f20;
-  uint64_t d1 = (uint64_t)2U * f21;
-  uint64_t d2 = (uint64_t)38U * f22;
-  uint64_t d3 = (uint64_t)19U * f23;
-  uint64_t d419 = (uint64_t)19U * f24;
-  uint64_t d4 = (uint64_t)2U * d419;
+  uint64_t d0 = 2ULL * f20;
+  uint64_t d1 = 2ULL * f21;
+  uint64_t d2 = 38ULL * f22;
+  uint64_t d3 = 19ULL * f23;
+  uint64_t d419 = 19ULL * f24;
+  uint64_t d4 = 2ULL * d419;
   FStar_UInt128_uint128
   s0 =
     FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f20, f20),
@@ -532,49 +527,47 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin
   FStar_UInt128_uint128 o220 = s2;
   FStar_UInt128_uint128 o230 = s3;
   FStar_UInt128_uint128 o240 = s4;
-  FStar_UInt128_uint128
-  l_ = FStar_UInt128_add(o100, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U));
+  FStar_UInt128_uint128 l_ = FStar_UInt128_add(o100, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL;
+  uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U));
   FStar_UInt128_uint128 l_0 = FStar_UInt128_add(o110, FStar_UInt128_uint64_to_uint128(c00));
-  uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U));
+  uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL;
+  uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U));
   FStar_UInt128_uint128 l_1 = FStar_UInt128_add(o120, FStar_UInt128_uint64_to_uint128(c10));
-  uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U));
+  uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL;
+  uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U));
   FStar_UInt128_uint128 l_2 = FStar_UInt128_add(o130, FStar_UInt128_uint64_to_uint128(c20));
-  uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U));
+  uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL;
+  uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U));
   FStar_UInt128_uint128 l_3 = FStar_UInt128_add(o140, FStar_UInt128_uint64_to_uint128(c30));
-  uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U));
-  uint64_t l_4 = tmp00 + c40 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c50 = l_4 >> (uint32_t)51U;
+  uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL;
+  uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U));
+  uint64_t l_4 = tmp00 + c40 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c50 = l_4 >> 51U;
   uint64_t o101 = tmp0_;
   uint64_t o111 = tmp10 + c50;
   uint64_t o121 = tmp20;
   uint64_t o131 = tmp30;
   uint64_t o141 = tmp40;
-  FStar_UInt128_uint128
-  l_5 = FStar_UInt128_add(o200, FStar_UInt128_uint64_to_uint128((uint64_t)0U));
-  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, (uint32_t)51U));
+  FStar_UInt128_uint128 l_5 = FStar_UInt128_add(o200, FStar_UInt128_uint64_to_uint128(0ULL));
+  uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & 0x7ffffffffffffULL;
+  uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, 51U));
   FStar_UInt128_uint128 l_6 = FStar_UInt128_add(o210, FStar_UInt128_uint64_to_uint128(c0));
-  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, (uint32_t)51U));
+  uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & 0x7ffffffffffffULL;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, 51U));
   FStar_UInt128_uint128 l_7 = FStar_UInt128_add(o220, FStar_UInt128_uint64_to_uint128(c1));
-  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, (uint32_t)51U));
+  uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & 0x7ffffffffffffULL;
+  uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, 51U));
   FStar_UInt128_uint128 l_8 = FStar_UInt128_add(o230, FStar_UInt128_uint64_to_uint128(c2));
-  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, (uint32_t)51U));
+  uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & 0x7ffffffffffffULL;
+  uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, 51U));
   FStar_UInt128_uint128 l_9 = FStar_UInt128_add(o240, FStar_UInt128_uint64_to_uint128(c3));
-  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, (uint32_t)51U));
-  uint64_t l_10 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_0 = l_10 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_10 >> (uint32_t)51U;
+  uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & 0x7ffffffffffffULL;
+  uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, 51U));
+  uint64_t l_10 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_0 = l_10 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_10 >> 51U;
   uint64_t o201 = tmp0_0;
   uint64_t o211 = tmp1 + c5;
   uint64_t o221 = tmp2;
@@ -609,49 +602,49 @@ static inline void Hacl_Impl_Curve25519_Field51_store_felem(uint64_t *u64s, uint
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
   uint64_t f4 = f[4U];
-  uint64_t l_ = f0 + (uint64_t)0U;
-  uint64_t tmp0 = l_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = l_ >> (uint32_t)51U;
+  uint64_t l_ = f0 + 0ULL;
+  uint64_t tmp0 = l_ & 0x7ffffffffffffULL;
+  uint64_t c0 = l_ >> 51U;
   uint64_t l_0 = f1 + c0;
-  uint64_t tmp1 = l_0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = l_0 >> (uint32_t)51U;
+  uint64_t tmp1 = l_0 & 0x7ffffffffffffULL;
+  uint64_t c1 = l_0 >> 51U;
   uint64_t l_1 = f2 + c1;
-  uint64_t tmp2 = l_1 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = l_1 >> (uint32_t)51U;
+  uint64_t tmp2 = l_1 & 0x7ffffffffffffULL;
+  uint64_t c2 = l_1 >> 51U;
   uint64_t l_2 = f3 + c2;
-  uint64_t tmp3 = l_2 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = l_2 >> (uint32_t)51U;
+  uint64_t tmp3 = l_2 & 0x7ffffffffffffULL;
+  uint64_t c3 = l_2 >> 51U;
   uint64_t l_3 = f4 + c3;
-  uint64_t tmp4 = l_3 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = l_3 >> (uint32_t)51U;
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = l_3 & 0x7ffffffffffffULL;
+  uint64_t c4 = l_3 >> 51U;
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t f01 = tmp0_;
   uint64_t f11 = tmp1 + c5;
   uint64_t f21 = tmp2;
   uint64_t f31 = tmp3;
   uint64_t f41 = tmp4;
-  uint64_t m0 = FStar_UInt64_gte_mask(f01, (uint64_t)0x7ffffffffffedU);
-  uint64_t m1 = FStar_UInt64_eq_mask(f11, (uint64_t)0x7ffffffffffffU);
-  uint64_t m2 = FStar_UInt64_eq_mask(f21, (uint64_t)0x7ffffffffffffU);
-  uint64_t m3 = FStar_UInt64_eq_mask(f31, (uint64_t)0x7ffffffffffffU);
-  uint64_t m4 = FStar_UInt64_eq_mask(f41, (uint64_t)0x7ffffffffffffU);
+  uint64_t m0 = FStar_UInt64_gte_mask(f01, 0x7ffffffffffedULL);
+  uint64_t m1 = FStar_UInt64_eq_mask(f11, 0x7ffffffffffffULL);
+  uint64_t m2 = FStar_UInt64_eq_mask(f21, 0x7ffffffffffffULL);
+  uint64_t m3 = FStar_UInt64_eq_mask(f31, 0x7ffffffffffffULL);
+  uint64_t m4 = FStar_UInt64_eq_mask(f41, 0x7ffffffffffffULL);
   uint64_t mask = (((m0 & m1) & m2) & m3) & m4;
-  uint64_t f0_ = f01 - (mask & (uint64_t)0x7ffffffffffedU);
-  uint64_t f1_ = f11 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f2_ = f21 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f3_ = f31 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f4_ = f41 - (mask & (uint64_t)0x7ffffffffffffU);
+  uint64_t f0_ = f01 - (mask & 0x7ffffffffffedULL);
+  uint64_t f1_ = f11 - (mask & 0x7ffffffffffffULL);
+  uint64_t f2_ = f21 - (mask & 0x7ffffffffffffULL);
+  uint64_t f3_ = f31 - (mask & 0x7ffffffffffffULL);
+  uint64_t f4_ = f41 - (mask & 0x7ffffffffffffULL);
   uint64_t f02 = f0_;
   uint64_t f12 = f1_;
   uint64_t f22 = f2_;
   uint64_t f32 = f3_;
   uint64_t f42 = f4_;
-  uint64_t o00 = f02 | f12 << (uint32_t)51U;
-  uint64_t o10 = f12 >> (uint32_t)13U | f22 << (uint32_t)38U;
-  uint64_t o20 = f22 >> (uint32_t)26U | f32 << (uint32_t)25U;
-  uint64_t o30 = f32 >> (uint32_t)39U | f42 << (uint32_t)12U;
+  uint64_t o00 = f02 | f12 << 51U;
+  uint64_t o10 = f12 >> 13U | f22 << 38U;
+  uint64_t o20 = f22 >> 26U | f32 << 25U;
+  uint64_t o30 = f32 >> 39U | f42 << 12U;
   uint64_t o0 = o00;
   uint64_t o1 = o10;
   uint64_t o2 = o20;
@@ -665,11 +658,11 @@ static inline void Hacl_Impl_Curve25519_Field51_store_felem(uint64_t *u64s, uint
 static inline void
 Hacl_Impl_Curve25519_Field51_cswap2(uint64_t bit, uint64_t *p1, uint64_t *p2)
 {
-  uint64_t mask = (uint64_t)0U - bit;
+  uint64_t mask = 0ULL - bit;
   KRML_MAYBE_FOR10(i,
-    (uint32_t)0U,
-    (uint32_t)10U,
-    (uint32_t)1U,
+    0U,
+    10U,
+    1U,
     uint64_t dummy = mask & (p1[i] ^ p2[i]);
     p1[i] = p1[i] ^ dummy;
     p2[i] = p2[i] ^ dummy;);
diff --git a/include/msvc/internal/Hacl_Bignum_Base.h b/include/msvc/internal/Hacl_Bignum_Base.h
index e4d35fe9..bafd4896 100644
--- a/include/msvc/internal/Hacl_Bignum_Base.h
+++ b/include/msvc/internal/Hacl_Bignum_Base.h
@@ -45,7 +45,7 @@ Hacl_Bignum_Base_mul_wide_add2_u32(uint32_t a, uint32_t b, uint32_t c_in, uint32
   uint32_t out0 = out[0U];
   uint64_t res = (uint64_t)a * (uint64_t)b + (uint64_t)c_in + (uint64_t)out0;
   out[0U] = (uint32_t)res;
-  return (uint32_t)(res >> (uint32_t)32U);
+  return (uint32_t)(res >> 32U);
 }
 
 static inline uint64_t
@@ -58,22 +58,22 @@ Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64
         FStar_UInt128_uint64_to_uint128(c_in)),
       FStar_UInt128_uint64_to_uint128(out0));
   out[0U] = FStar_UInt128_uint128_to_uint64(res);
-  return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U));
+  return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U));
 }
 
 static inline void
 Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint64_t *os = res;
-    uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;
   }
@@ -82,24 +82,24 @@ Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t *
 static inline void
 Hacl_Bignum_Convert_bn_to_bytes_be_uint64(uint32_t len, uint64_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store64_be(tmp + i * (uint32_t)8U, b[bnLen - i - (uint32_t)1U]);
+    store64_be(tmp + i * 8U, b[bnLen - i - 1U]);
   }
   memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t));
 }
 
 static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32_t *b)
 {
-  uint32_t priv = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t priv = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
-    uint32_t mask = FStar_UInt32_eq_mask(b[i], (uint32_t)0U);
+    uint32_t mask = FStar_UInt32_eq_mask(b[i], 0U);
     priv = (mask & priv) | (~mask & i);
   }
   return priv;
@@ -107,10 +107,10 @@ static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32
 
 static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64_t *b)
 {
-  uint64_t priv = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t priv = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
-    uint64_t mask = FStar_UInt64_eq_mask(b[i], (uint64_t)0U);
+    uint64_t mask = FStar_UInt64_eq_mask(b[i], 0ULL);
     priv = (mask & priv) | (~mask & (uint64_t)i);
   }
   return priv;
@@ -119,63 +119,63 @@ static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64
 static inline uint32_t
 Hacl_Bignum_Lib_bn_get_bits_u32(uint32_t len, uint32_t *b, uint32_t i, uint32_t l)
 {
-  uint32_t i1 = i / (uint32_t)32U;
-  uint32_t j = i % (uint32_t)32U;
+  uint32_t i1 = i / 32U;
+  uint32_t j = i % 32U;
   uint32_t p1 = b[i1] >> j;
   uint32_t ite;
-  if (i1 + (uint32_t)1U < len && (uint32_t)0U < j)
+  if (i1 + 1U < len && 0U < j)
   {
-    ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)32U - j);
+    ite = p1 | b[i1 + 1U] << (32U - j);
   }
   else
   {
     ite = p1;
   }
-  return ite & (((uint32_t)1U << l) - (uint32_t)1U);
+  return ite & ((1U << l) - 1U);
 }
 
 static inline uint64_t
 Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t l)
 {
-  uint32_t i1 = i / (uint32_t)64U;
-  uint32_t j = i % (uint32_t)64U;
+  uint32_t i1 = i / 64U;
+  uint32_t j = i % 64U;
   uint64_t p1 = b[i1] >> j;
   uint64_t ite;
-  if (i1 + (uint32_t)1U < len && (uint32_t)0U < j)
+  if (i1 + 1U < len && 0U < j)
   {
-    ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)64U - j);
+    ite = p1 | b[i1 + 1U] << (64U - j);
   }
   else
   {
     ite = p1;
   }
-  return ite & (((uint64_t)1U << l) - (uint64_t)1U);
+  return ite & ((1ULL << l) - 1ULL);
 }
 
 static inline uint32_t
 Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < aLen / 4U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i);
   }
-  for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+  for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
   {
     uint32_t t1 = a[i];
     uint32_t t2 = b[i];
@@ -188,27 +188,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b,
 static inline uint64_t
 Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+  uint64_t c = 0ULL;
+  for (uint32_t i = 0U; i < aLen / 4U; i++)
   {
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
-  for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+  for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
   {
     uint64_t t1 = a[i];
     uint64_t t2 = b[i];
@@ -221,27 +221,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b,
 static inline uint32_t
 Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < aLen / 4U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
-  for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+  for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
   {
     uint32_t t1 = a[i];
     uint32_t t2 = b[i];
@@ -254,27 +254,27 @@ Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b,
 static inline uint64_t
 Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+  uint64_t c = 0ULL;
+  for (uint32_t i = 0U; i < aLen / 4U; i++)
   {
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
-  for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+  for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
   {
     uint64_t t1 = a[i];
     uint64_t t2 = b[i];
@@ -294,27 +294,27 @@ Hacl_Bignum_Multiplication_bn_mul_u32(
 )
 {
   memset(res, 0U, (aLen + bLen) * sizeof (uint32_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++)
+  for (uint32_t i0 = 0U; i0 < bLen; i0++)
   {
     uint32_t bj = b[i0];
     uint32_t *res_j = res + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+    uint32_t c = 0U;
+    for (uint32_t i = 0U; i < aLen / 4U; i++)
     {
-      uint32_t a_i = a[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint32_t a_i = a[4U * i];
+      uint32_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i0);
-      uint32_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = a[4U * i + 1U];
+      uint32_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c, res_i1);
-      uint32_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = a[4U * i + 2U];
+      uint32_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c, res_i2);
-      uint32_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = a[4U * i + 3U];
+      uint32_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c, res_i);
     }
-    for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+    for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
     {
       uint32_t a_i = a[i];
       uint32_t *res_i = res_j + i;
@@ -335,27 +335,27 @@ Hacl_Bignum_Multiplication_bn_mul_u64(
 )
 {
   memset(res, 0U, (aLen + bLen) * sizeof (uint64_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++)
+  for (uint32_t i0 = 0U; i0 < bLen; i0++)
   {
     uint64_t bj = b[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < aLen / 4U; i++)
     {
-      uint64_t a_i = a[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = a[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = a[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = a[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = a[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
-    for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++)
+    for (uint32_t i = aLen / 4U * 4U; i < aLen; i++)
     {
       uint64_t a_i = a[i];
       uint64_t *res_i = res_j + i;
@@ -370,28 +370,28 @@ static inline void
 Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
 {
   memset(res, 0U, (aLen + aLen) * sizeof (uint32_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++)
+  for (uint32_t i0 = 0U; i0 < aLen; i0++)
   {
     uint32_t *ab = a;
     uint32_t a_j = a[i0];
     uint32_t *res_j = res + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint32_t c = 0U;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint32_t a_i = ab[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint32_t a_i = ab[4U * i];
+      uint32_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i0);
-      uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = ab[4U * i + 1U];
+      uint32_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c, res_i1);
-      uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = ab[4U * i + 2U];
+      uint32_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c, res_i2);
-      uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = ab[4U * i + 3U];
+      uint32_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint32_t a_i = ab[i];
       uint32_t *res_i = res_j + i;
@@ -401,48 +401,48 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     res[i0 + i0] = r;
   }
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  KRML_MAYBE_UNUSED_VAR(c0);
   KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen);
   uint32_t *tmp = (uint32_t *)alloca((aLen + aLen) * sizeof (uint32_t));
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t));
-  for (uint32_t i = (uint32_t)0U; i < aLen; i++)
+  for (uint32_t i = 0U; i < aLen; i++)
   {
     uint64_t res1 = (uint64_t)a[i] * (uint64_t)a[i];
-    uint32_t hi = (uint32_t)(res1 >> (uint32_t)32U);
+    uint32_t hi = (uint32_t)(res1 >> 32U);
     uint32_t lo = (uint32_t)res1;
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;
   }
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline void
 Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
 {
   memset(res, 0U, (aLen + aLen) * sizeof (uint64_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++)
+  for (uint32_t i0 = 0U; i0 < aLen; i0++)
   {
     uint64_t *ab = a;
     uint64_t a_j = a[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = ab[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = ab[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = ab[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = ab[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint64_t a_i = ab[i];
       uint64_t *res_i = res_j + i;
@@ -452,20 +452,20 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     res[i0 + i0] = r;
   }
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  KRML_MAYBE_UNUSED_VAR(c0);
   KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen);
   uint64_t *tmp = (uint64_t *)alloca((aLen + aLen) * sizeof (uint64_t));
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < aLen; i++)
+  for (uint32_t i = 0U; i < aLen; i++)
   {
     FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U));
+    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U));
     uint64_t lo = FStar_UInt128_uint128_to_uint64(res1);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;
   }
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 #if defined(__cplusplus)
diff --git a/include/msvc/internal/Hacl_Bignum_K256.h b/include/msvc/internal/Hacl_Bignum_K256.h
index 59aff176..fe72fffe 100644
--- a/include/msvc/internal/Hacl_Bignum_K256.h
+++ b/include/msvc/internal/Hacl_Bignum_K256.h
@@ -45,13 +45,7 @@ static inline bool Hacl_K256_Field_is_felem_zero_vartime(uint64_t *f)
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
   uint64_t f4 = f[4U];
-  return
-    f0
-    == (uint64_t)0U
-    && f1 == (uint64_t)0U
-    && f2 == (uint64_t)0U
-    && f3 == (uint64_t)0U
-    && f4 == (uint64_t)0U;
+  return f0 == 0ULL && f1 == 0ULL && f2 == 0ULL && f3 == 0ULL && f4 == 0ULL;
 }
 
 static inline bool Hacl_K256_Field_is_felem_eq_vartime(uint64_t *f1, uint64_t *f2)
@@ -76,42 +70,42 @@ static inline bool Hacl_K256_Field_is_felem_lt_prime_minus_order_vartime(uint64_
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
   uint64_t f4 = f[4U];
-  if (f4 > (uint64_t)0U)
+  if (f4 > 0ULL)
   {
     return false;
   }
-  if (f3 > (uint64_t)0U)
+  if (f3 > 0ULL)
   {
     return false;
   }
-  if (f2 < (uint64_t)0x1455123U)
+  if (f2 < 0x1455123ULL)
   {
     return true;
   }
-  if (f2 > (uint64_t)0x1455123U)
+  if (f2 > 0x1455123ULL)
   {
     return false;
   }
-  if (f1 < (uint64_t)0x1950b75fc4402U)
+  if (f1 < 0x1950b75fc4402ULL)
   {
     return true;
   }
-  if (f1 > (uint64_t)0x1950b75fc4402U)
+  if (f1 > 0x1950b75fc4402ULL)
   {
     return false;
   }
-  return f0 < (uint64_t)0xda1722fc9baeeU;
+  return f0 < 0xda1722fc9baeeULL;
 }
 
 static inline void Hacl_K256_Field_load_felem(uint64_t *f, uint8_t *b)
 {
   uint64_t tmp[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = tmp;
-    uint8_t *bj = b + i * (uint32_t)8U;
+    uint8_t *bj = b + i * 8U;
     uint64_t u = load64_be(bj);
     uint64_t r = u;
     uint64_t x = r;
@@ -120,11 +114,11 @@ static inline void Hacl_K256_Field_load_felem(uint64_t *f, uint8_t *b)
   uint64_t s1 = tmp[2U];
   uint64_t s2 = tmp[1U];
   uint64_t s3 = tmp[0U];
-  uint64_t f00 = s0 & (uint64_t)0xfffffffffffffU;
-  uint64_t f10 = s0 >> (uint32_t)52U | (s1 & (uint64_t)0xffffffffffU) << (uint32_t)12U;
-  uint64_t f20 = s1 >> (uint32_t)40U | (s2 & (uint64_t)0xfffffffU) << (uint32_t)24U;
-  uint64_t f30 = s2 >> (uint32_t)28U | (s3 & (uint64_t)0xffffU) << (uint32_t)36U;
-  uint64_t f40 = s3 >> (uint32_t)16U;
+  uint64_t f00 = s0 & 0xfffffffffffffULL;
+  uint64_t f10 = s0 >> 52U | (s1 & 0xffffffffffULL) << 12U;
+  uint64_t f20 = s1 >> 40U | (s2 & 0xfffffffULL) << 24U;
+  uint64_t f30 = s2 >> 28U | (s3 & 0xffffULL) << 36U;
+  uint64_t f40 = s3 >> 16U;
   uint64_t f0 = f00;
   uint64_t f1 = f10;
   uint64_t f2 = f20;
@@ -148,11 +142,11 @@ static inline bool Hacl_K256_Field_load_felem_lt_prime_vartime(uint64_t *f, uint
   bool
   is_ge_p =
     f0
-    >= (uint64_t)0xffffefffffc2fU
-    && f1 == (uint64_t)0xfffffffffffffU
-    && f2 == (uint64_t)0xfffffffffffffU
-    && f3 == (uint64_t)0xfffffffffffffU
-    && f4 == (uint64_t)0xffffffffffffU;
+    >= 0xffffefffffc2fULL
+    && f1 == 0xfffffffffffffULL
+    && f2 == 0xfffffffffffffULL
+    && f3 == 0xfffffffffffffULL
+    && f4 == 0xffffffffffffULL;
   return !is_ge_p;
 }
 
@@ -164,10 +158,10 @@ static inline void Hacl_K256_Field_store_felem(uint8_t *b, uint64_t *f)
   uint64_t f20 = f[2U];
   uint64_t f30 = f[3U];
   uint64_t f4 = f[4U];
-  uint64_t o0 = f00 | f10 << (uint32_t)52U;
-  uint64_t o1 = f10 >> (uint32_t)12U | f20 << (uint32_t)40U;
-  uint64_t o2 = f20 >> (uint32_t)24U | f30 << (uint32_t)28U;
-  uint64_t o3 = f30 >> (uint32_t)36U | f4 << (uint32_t)16U;
+  uint64_t o0 = f00 | f10 << 52U;
+  uint64_t o1 = f10 >> 12U | f20 << 40U;
+  uint64_t o2 = f20 >> 24U | f30 << 28U;
+  uint64_t o3 = f30 >> 36U | f4 << 16U;
   uint64_t f0 = o0;
   uint64_t f1 = o1;
   uint64_t f2 = o2;
@@ -176,11 +170,7 @@ static inline void Hacl_K256_Field_store_felem(uint8_t *b, uint64_t *f)
   tmp[1U] = f2;
   tmp[2U] = f1;
   tmp[3U] = f0;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_be(b + i * (uint32_t)8U, tmp[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(b + i * 8U, tmp[i]););
 }
 
 static inline void Hacl_K256_Field_fmul_small_num(uint64_t *out, uint64_t *f, uint64_t num)
@@ -248,11 +238,11 @@ static inline void Hacl_K256_Field_fsub(uint64_t *out, uint64_t *f1, uint64_t *f
   uint64_t b2 = f2[2U];
   uint64_t b3 = f2[3U];
   uint64_t b4 = f2[4U];
-  uint64_t r00 = (uint64_t)9007190664804446U * x - b0;
-  uint64_t r10 = (uint64_t)9007199254740990U * x - b1;
-  uint64_t r20 = (uint64_t)9007199254740990U * x - b2;
-  uint64_t r30 = (uint64_t)9007199254740990U * x - b3;
-  uint64_t r40 = (uint64_t)562949953421310U * x - b4;
+  uint64_t r00 = 9007190664804446ULL * x - b0;
+  uint64_t r10 = 9007199254740990ULL * x - b1;
+  uint64_t r20 = 9007199254740990ULL * x - b2;
+  uint64_t r30 = 9007199254740990ULL * x - b3;
+  uint64_t r40 = 562949953421310ULL * x - b4;
   uint64_t r0 = r00;
   uint64_t r1 = r10;
   uint64_t r2 = r20;
@@ -287,7 +277,7 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
   uint64_t b2 = f2[2U];
   uint64_t b3 = f2[3U];
   uint64_t b4 = f2[4U];
-  uint64_t r = (uint64_t)0x1000003D10U;
+  uint64_t r = 0x1000003D10ULL;
   FStar_UInt128_uint128
   d0 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0,
@@ -298,9 +288,9 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
   FStar_UInt128_uint128 c0 = FStar_UInt128_mul_wide(a4, b4);
   FStar_UInt128_uint128
   d1 = FStar_UInt128_add_mod(d0, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(c0)));
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, (uint32_t)64U));
-  uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, (uint32_t)52U);
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, 64U));
+  uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, 52U);
   FStar_UInt128_uint128
   d3 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(d2,
@@ -309,12 +299,11 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
           FStar_UInt128_mul_wide(a2, b2)),
         FStar_UInt128_mul_wide(a3, b1)),
       FStar_UInt128_mul_wide(a4, b0));
-  FStar_UInt128_uint128
-  d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << (uint32_t)12U, c1));
-  uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, (uint32_t)52U);
-  uint64_t tx = t4 >> (uint32_t)48U;
-  uint64_t t4_ = t4 & (uint64_t)0xffffffffffffU;
+  FStar_UInt128_uint128 d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << 12U, c1));
+  uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, 52U);
+  uint64_t tx = t4 >> 48U;
+  uint64_t t4_ = t4 & 0xffffffffffffULL;
   FStar_UInt128_uint128 c2 = FStar_UInt128_mul_wide(a0, b0);
   FStar_UInt128_uint128
   d6 =
@@ -323,13 +312,12 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
           FStar_UInt128_mul_wide(a2, b3)),
         FStar_UInt128_mul_wide(a3, b2)),
       FStar_UInt128_mul_wide(a4, b1));
-  uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, (uint32_t)52U);
-  uint64_t u0_ = tx | u0 << (uint32_t)4U;
-  FStar_UInt128_uint128
-  c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> (uint32_t)4U));
-  uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, (uint32_t)52U);
+  uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, 52U);
+  uint64_t u0_ = tx | u0 << 4U;
+  FStar_UInt128_uint128 c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> 4U));
+  uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, 52U);
   FStar_UInt128_uint128
   c5 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(c4, FStar_UInt128_mul_wide(a0, b1)),
@@ -343,10 +331,10 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
   FStar_UInt128_uint128
   c6 =
     FStar_UInt128_add_mod(c5,
-      FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & (uint64_t)0xfffffffffffffU, r));
-  FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, (uint32_t)52U);
-  uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, (uint32_t)52U);
+      FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & 0xfffffffffffffULL, r));
+  FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, 52U);
+  uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, 52U);
   FStar_UInt128_uint128
   c8 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(c7,
@@ -359,16 +347,15 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f
       FStar_UInt128_mul_wide(a4, b3));
   FStar_UInt128_uint128
   c9 = FStar_UInt128_add_mod(c8, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(d10)));
-  uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, (uint32_t)64U));
-  uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, (uint32_t)52U);
+  uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, 64U));
+  uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, 52U);
   FStar_UInt128_uint128
   c11 =
-    FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10,
-        FStar_UInt128_mul_wide(r << (uint32_t)12U, d11)),
+    FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, FStar_UInt128_mul_wide(r << 12U, d11)),
       FStar_UInt128_uint64_to_uint128(t3));
-  uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & (uint64_t)0xfffffffffffffU;
-  uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, (uint32_t)52U));
+  uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & 0xfffffffffffffULL;
+  uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, 52U));
   uint64_t r4 = c12 + t4_;
   uint64_t f0 = r0;
   uint64_t f11 = r1;
@@ -389,43 +376,41 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f)
   uint64_t a2 = f[2U];
   uint64_t a3 = f[3U];
   uint64_t a4 = f[4U];
-  uint64_t r = (uint64_t)0x1000003D10U;
+  uint64_t r = 0x1000003D10ULL;
   FStar_UInt128_uint128
   d0 =
-    FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0 * (uint64_t)2U, a3),
-      FStar_UInt128_mul_wide(a1 * (uint64_t)2U, a2));
+    FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0 * 2ULL, a3),
+      FStar_UInt128_mul_wide(a1 * 2ULL, a2));
   FStar_UInt128_uint128 c0 = FStar_UInt128_mul_wide(a4, a4);
   FStar_UInt128_uint128
   d1 = FStar_UInt128_add_mod(d0, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(c0)));
-  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, (uint32_t)64U));
-  uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, (uint32_t)52U);
-  uint64_t a41 = a4 * (uint64_t)2U;
+  uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, 64U));
+  uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, 52U);
+  uint64_t a41 = a4 * 2ULL;
   FStar_UInt128_uint128
   d3 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(d2,
           FStar_UInt128_mul_wide(a0, a41)),
-        FStar_UInt128_mul_wide(a1 * (uint64_t)2U, a3)),
+        FStar_UInt128_mul_wide(a1 * 2ULL, a3)),
       FStar_UInt128_mul_wide(a2, a2));
-  FStar_UInt128_uint128
-  d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << (uint32_t)12U, c1));
-  uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, (uint32_t)52U);
-  uint64_t tx = t4 >> (uint32_t)48U;
-  uint64_t t4_ = t4 & (uint64_t)0xffffffffffffU;
+  FStar_UInt128_uint128 d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << 12U, c1));
+  uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, 52U);
+  uint64_t tx = t4 >> 48U;
+  uint64_t t4_ = t4 & 0xffffffffffffULL;
   FStar_UInt128_uint128 c2 = FStar_UInt128_mul_wide(a0, a0);
   FStar_UInt128_uint128
   d6 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(d5, FStar_UInt128_mul_wide(a1, a41)),
-      FStar_UInt128_mul_wide(a2 * (uint64_t)2U, a3));
-  uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, (uint32_t)52U);
-  uint64_t u0_ = tx | u0 << (uint32_t)4U;
-  FStar_UInt128_uint128
-  c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> (uint32_t)4U));
-  uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, (uint32_t)52U);
-  uint64_t a01 = a0 * (uint64_t)2U;
+      FStar_UInt128_mul_wide(a2 * 2ULL, a3));
+  uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, 52U);
+  uint64_t u0_ = tx | u0 << 4U;
+  FStar_UInt128_uint128 c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> 4U));
+  uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, 52U);
+  uint64_t a01 = a0 * 2ULL;
   FStar_UInt128_uint128 c5 = FStar_UInt128_add_mod(c4, FStar_UInt128_mul_wide(a01, a1));
   FStar_UInt128_uint128
   d8 =
@@ -434,10 +419,10 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f)
   FStar_UInt128_uint128
   c6 =
     FStar_UInt128_add_mod(c5,
-      FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & (uint64_t)0xfffffffffffffU, r));
-  FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, (uint32_t)52U);
-  uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, (uint32_t)52U);
+      FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & 0xfffffffffffffULL, r));
+  FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, 52U);
+  uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, 52U);
   FStar_UInt128_uint128
   c8 =
     FStar_UInt128_add_mod(FStar_UInt128_add_mod(c7, FStar_UInt128_mul_wide(a01, a2)),
@@ -445,16 +430,15 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f)
   FStar_UInt128_uint128 d10 = FStar_UInt128_add_mod(d9, FStar_UInt128_mul_wide(a3, a41));
   FStar_UInt128_uint128
   c9 = FStar_UInt128_add_mod(c8, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(d10)));
-  uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, (uint32_t)64U));
-  uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & (uint64_t)0xfffffffffffffU;
-  FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, (uint32_t)52U);
+  uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, 64U));
+  uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & 0xfffffffffffffULL;
+  FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, 52U);
   FStar_UInt128_uint128
   c11 =
-    FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10,
-        FStar_UInt128_mul_wide(r << (uint32_t)12U, d11)),
+    FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, FStar_UInt128_mul_wide(r << 12U, d11)),
       FStar_UInt128_uint64_to_uint128(t3));
-  uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & (uint64_t)0xfffffffffffffU;
-  uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, (uint32_t)52U));
+  uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & 0xfffffffffffffULL;
+  uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, 52U));
   uint64_t r4 = c12 + t4_;
   uint64_t f0 = r0;
   uint64_t f1 = r1;
@@ -475,23 +459,23 @@ static inline void Hacl_K256_Field_fnormalize_weak(uint64_t *out, uint64_t *f)
   uint64_t t2 = f[2U];
   uint64_t t3 = f[3U];
   uint64_t t4 = f[4U];
-  uint64_t x0 = t4 >> (uint32_t)48U;
-  uint64_t t410 = t4 & (uint64_t)0xffffffffffffU;
+  uint64_t x0 = t4 >> 48U;
+  uint64_t t410 = t4 & 0xffffffffffffULL;
   uint64_t x = x0;
   uint64_t t01 = t0;
   uint64_t t11 = t1;
   uint64_t t21 = t2;
   uint64_t t31 = t3;
   uint64_t t41 = t410;
-  uint64_t t02 = t01 + x * (uint64_t)0x1000003D1U;
-  uint64_t t12 = t11 + (t02 >> (uint32_t)52U);
-  uint64_t t03 = t02 & (uint64_t)0xfffffffffffffU;
-  uint64_t t22 = t21 + (t12 >> (uint32_t)52U);
-  uint64_t t13 = t12 & (uint64_t)0xfffffffffffffU;
-  uint64_t t32 = t31 + (t22 >> (uint32_t)52U);
-  uint64_t t23 = t22 & (uint64_t)0xfffffffffffffU;
-  uint64_t t42 = t41 + (t32 >> (uint32_t)52U);
-  uint64_t t33 = t32 & (uint64_t)0xfffffffffffffU;
+  uint64_t t02 = t01 + x * 0x1000003D1ULL;
+  uint64_t t12 = t11 + (t02 >> 52U);
+  uint64_t t03 = t02 & 0xfffffffffffffULL;
+  uint64_t t22 = t21 + (t12 >> 52U);
+  uint64_t t13 = t12 & 0xfffffffffffffULL;
+  uint64_t t32 = t31 + (t22 >> 52U);
+  uint64_t t23 = t22 & 0xfffffffffffffULL;
+  uint64_t t42 = t41 + (t32 >> 52U);
+  uint64_t t33 = t32 & 0xfffffffffffffULL;
   uint64_t f0 = t03;
   uint64_t f1 = t13;
   uint64_t f2 = t23;
@@ -511,59 +495,59 @@ static inline void Hacl_K256_Field_fnormalize(uint64_t *out, uint64_t *f)
   uint64_t f20 = f[2U];
   uint64_t f30 = f[3U];
   uint64_t f40 = f[4U];
-  uint64_t x0 = f40 >> (uint32_t)48U;
-  uint64_t t40 = f40 & (uint64_t)0xffffffffffffU;
+  uint64_t x0 = f40 >> 48U;
+  uint64_t t40 = f40 & 0xffffffffffffULL;
   uint64_t x1 = x0;
   uint64_t t00 = f00;
   uint64_t t10 = f10;
   uint64_t t20 = f20;
   uint64_t t30 = f30;
   uint64_t t42 = t40;
-  uint64_t t01 = t00 + x1 * (uint64_t)0x1000003D1U;
-  uint64_t t110 = t10 + (t01 >> (uint32_t)52U);
-  uint64_t t020 = t01 & (uint64_t)0xfffffffffffffU;
-  uint64_t t210 = t20 + (t110 >> (uint32_t)52U);
-  uint64_t t120 = t110 & (uint64_t)0xfffffffffffffU;
-  uint64_t t310 = t30 + (t210 >> (uint32_t)52U);
-  uint64_t t220 = t210 & (uint64_t)0xfffffffffffffU;
-  uint64_t t410 = t42 + (t310 >> (uint32_t)52U);
-  uint64_t t320 = t310 & (uint64_t)0xfffffffffffffU;
+  uint64_t t01 = t00 + x1 * 0x1000003D1ULL;
+  uint64_t t110 = t10 + (t01 >> 52U);
+  uint64_t t020 = t01 & 0xfffffffffffffULL;
+  uint64_t t210 = t20 + (t110 >> 52U);
+  uint64_t t120 = t110 & 0xfffffffffffffULL;
+  uint64_t t310 = t30 + (t210 >> 52U);
+  uint64_t t220 = t210 & 0xfffffffffffffULL;
+  uint64_t t410 = t42 + (t310 >> 52U);
+  uint64_t t320 = t310 & 0xfffffffffffffULL;
   uint64_t t0 = t020;
   uint64_t t1 = t120;
   uint64_t t2 = t220;
   uint64_t t3 = t320;
   uint64_t t4 = t410;
-  uint64_t x2 = t4 >> (uint32_t)48U;
-  uint64_t t411 = t4 & (uint64_t)0xffffffffffffU;
+  uint64_t x2 = t4 >> 48U;
+  uint64_t t411 = t4 & 0xffffffffffffULL;
   uint64_t x = x2;
   uint64_t r0 = t0;
   uint64_t r1 = t1;
   uint64_t r2 = t2;
   uint64_t r3 = t3;
   uint64_t r4 = t411;
-  uint64_t m4 = FStar_UInt64_eq_mask(r4, (uint64_t)0xffffffffffffU);
-  uint64_t m3 = FStar_UInt64_eq_mask(r3, (uint64_t)0xfffffffffffffU);
-  uint64_t m2 = FStar_UInt64_eq_mask(r2, (uint64_t)0xfffffffffffffU);
-  uint64_t m1 = FStar_UInt64_eq_mask(r1, (uint64_t)0xfffffffffffffU);
-  uint64_t m0 = FStar_UInt64_gte_mask(r0, (uint64_t)0xffffefffffc2fU);
+  uint64_t m4 = FStar_UInt64_eq_mask(r4, 0xffffffffffffULL);
+  uint64_t m3 = FStar_UInt64_eq_mask(r3, 0xfffffffffffffULL);
+  uint64_t m2 = FStar_UInt64_eq_mask(r2, 0xfffffffffffffULL);
+  uint64_t m1 = FStar_UInt64_eq_mask(r1, 0xfffffffffffffULL);
+  uint64_t m0 = FStar_UInt64_gte_mask(r0, 0xffffefffffc2fULL);
   uint64_t is_ge_p_m = (((m0 & m1) & m2) & m3) & m4;
-  uint64_t m_to_one = is_ge_p_m & (uint64_t)1U;
+  uint64_t m_to_one = is_ge_p_m & 1ULL;
   uint64_t x10 = m_to_one | x;
-  uint64_t t010 = r0 + x10 * (uint64_t)0x1000003D1U;
-  uint64_t t11 = r1 + (t010 >> (uint32_t)52U);
-  uint64_t t02 = t010 & (uint64_t)0xfffffffffffffU;
-  uint64_t t21 = r2 + (t11 >> (uint32_t)52U);
-  uint64_t t12 = t11 & (uint64_t)0xfffffffffffffU;
-  uint64_t t31 = r3 + (t21 >> (uint32_t)52U);
-  uint64_t t22 = t21 & (uint64_t)0xfffffffffffffU;
-  uint64_t t41 = r4 + (t31 >> (uint32_t)52U);
-  uint64_t t32 = t31 & (uint64_t)0xfffffffffffffU;
+  uint64_t t010 = r0 + x10 * 0x1000003D1ULL;
+  uint64_t t11 = r1 + (t010 >> 52U);
+  uint64_t t02 = t010 & 0xfffffffffffffULL;
+  uint64_t t21 = r2 + (t11 >> 52U);
+  uint64_t t12 = t11 & 0xfffffffffffffULL;
+  uint64_t t31 = r3 + (t21 >> 52U);
+  uint64_t t22 = t21 & 0xfffffffffffffULL;
+  uint64_t t41 = r4 + (t31 >> 52U);
+  uint64_t t32 = t31 & 0xfffffffffffffULL;
   uint64_t s0 = t02;
   uint64_t s1 = t12;
   uint64_t s2 = t22;
   uint64_t s3 = t32;
   uint64_t s4 = t41;
-  uint64_t t412 = s4 & (uint64_t)0xffffffffffffU;
+  uint64_t t412 = s4 & 0xffffffffffffULL;
   uint64_t k0 = s0;
   uint64_t k1 = s1;
   uint64_t k2 = s2;
@@ -590,11 +574,11 @@ static inline void Hacl_K256_Field_fnegate_conditional_vartime(uint64_t *f, bool
     uint64_t a2 = f[2U];
     uint64_t a3 = f[3U];
     uint64_t a4 = f[4U];
-    uint64_t r0 = (uint64_t)9007190664804446U - a0;
-    uint64_t r1 = (uint64_t)9007199254740990U - a1;
-    uint64_t r2 = (uint64_t)9007199254740990U - a2;
-    uint64_t r3 = (uint64_t)9007199254740990U - a3;
-    uint64_t r4 = (uint64_t)562949953421310U - a4;
+    uint64_t r0 = 9007190664804446ULL - a0;
+    uint64_t r1 = 9007199254740990ULL - a1;
+    uint64_t r2 = 9007199254740990ULL - a2;
+    uint64_t r3 = 9007199254740990ULL - a3;
+    uint64_t r4 = 562949953421310ULL - a4;
     uint64_t f0 = r0;
     uint64_t f1 = r1;
     uint64_t f2 = r2;
@@ -612,7 +596,7 @@ static inline void Hacl_K256_Field_fnegate_conditional_vartime(uint64_t *f, bool
 
 static inline void Hacl_Impl_K256_Finv_fsquare_times_in_place(uint64_t *out, uint32_t b)
 {
-  for (uint32_t i = (uint32_t)0U; i < b; i++)
+  for (uint32_t i = 0U; i < b; i++)
   {
     Hacl_K256_Field_fsqr(out, out);
   }
@@ -620,8 +604,8 @@ static inline void Hacl_Impl_K256_Finv_fsquare_times_in_place(uint64_t *out, uin
 
 static inline void Hacl_Impl_K256_Finv_fsquare_times(uint64_t *out, uint64_t *a, uint32_t b)
 {
-  memcpy(out, a, (uint32_t)5U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < b; i++)
+  memcpy(out, a, 5U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < b; i++)
   {
     Hacl_K256_Field_fsqr(out, out);
   }
@@ -633,29 +617,29 @@ static inline void Hacl_Impl_K256_Finv_fexp_223_23(uint64_t *out, uint64_t *x2,
   uint64_t x22[5U] = { 0U };
   uint64_t x44[5U] = { 0U };
   uint64_t x88[5U] = { 0U };
-  Hacl_Impl_K256_Finv_fsquare_times(x2, f, (uint32_t)1U);
+  Hacl_Impl_K256_Finv_fsquare_times(x2, f, 1U);
   Hacl_K256_Field_fmul(x2, x2, f);
-  Hacl_Impl_K256_Finv_fsquare_times(x3, x2, (uint32_t)1U);
+  Hacl_Impl_K256_Finv_fsquare_times(x3, x2, 1U);
   Hacl_K256_Field_fmul(x3, x3, f);
-  Hacl_Impl_K256_Finv_fsquare_times(out, x3, (uint32_t)3U);
+  Hacl_Impl_K256_Finv_fsquare_times(out, x3, 3U);
   Hacl_K256_Field_fmul(out, out, x3);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U);
   Hacl_K256_Field_fmul(out, out, x3);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U);
   Hacl_K256_Field_fmul(out, out, x2);
-  Hacl_Impl_K256_Finv_fsquare_times(x22, out, (uint32_t)11U);
+  Hacl_Impl_K256_Finv_fsquare_times(x22, out, 11U);
   Hacl_K256_Field_fmul(x22, x22, out);
-  Hacl_Impl_K256_Finv_fsquare_times(x44, x22, (uint32_t)22U);
+  Hacl_Impl_K256_Finv_fsquare_times(x44, x22, 22U);
   Hacl_K256_Field_fmul(x44, x44, x22);
-  Hacl_Impl_K256_Finv_fsquare_times(x88, x44, (uint32_t)44U);
+  Hacl_Impl_K256_Finv_fsquare_times(x88, x44, 44U);
   Hacl_K256_Field_fmul(x88, x88, x44);
-  Hacl_Impl_K256_Finv_fsquare_times(out, x88, (uint32_t)88U);
+  Hacl_Impl_K256_Finv_fsquare_times(out, x88, 88U);
   Hacl_K256_Field_fmul(out, out, x88);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)44U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 44U);
   Hacl_K256_Field_fmul(out, out, x44);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U);
   Hacl_K256_Field_fmul(out, out, x3);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)23U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 23U);
   Hacl_K256_Field_fmul(out, out, x22);
 }
 
@@ -663,11 +647,11 @@ static inline void Hacl_Impl_K256_Finv_finv(uint64_t *out, uint64_t *f)
 {
   uint64_t x2[5U] = { 0U };
   Hacl_Impl_K256_Finv_fexp_223_23(out, x2, f);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)5U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 5U);
   Hacl_K256_Field_fmul(out, out, f);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U);
   Hacl_K256_Field_fmul(out, out, x2);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U);
   Hacl_K256_Field_fmul(out, out, f);
 }
 
@@ -675,9 +659,9 @@ static inline void Hacl_Impl_K256_Finv_fsqrt(uint64_t *out, uint64_t *f)
 {
   uint64_t x2[5U] = { 0U };
   Hacl_Impl_K256_Finv_fexp_223_23(out, x2, f);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)6U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 6U);
   Hacl_K256_Field_fmul(out, out, x2);
-  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U);
+  Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U);
 }
 
 #if defined(__cplusplus)
diff --git a/include/msvc/internal/Hacl_Ed25519_PrecompTable.h b/include/msvc/internal/Hacl_Ed25519_PrecompTable.h
index 77d2244c..a20cd912 100644
--- a/include/msvc/internal/Hacl_Ed25519_PrecompTable.h
+++ b/include/msvc/internal/Hacl_Ed25519_PrecompTable.h
@@ -39,655 +39,491 @@ static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4[320U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)1738742601995546U, (uint64_t)1146398526822698U,
-    (uint64_t)2070867633025821U, (uint64_t)562264141797630U, (uint64_t)587772402128613U,
-    (uint64_t)1801439850948184U, (uint64_t)1351079888211148U, (uint64_t)450359962737049U,
-    (uint64_t)900719925474099U, (uint64_t)1801439850948198U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1841354044333475U,
-    (uint64_t)16398895984059U, (uint64_t)755974180946558U, (uint64_t)900171276175154U,
-    (uint64_t)1821297809914039U, (uint64_t)1661154287933054U, (uint64_t)284530020860578U,
-    (uint64_t)1390261174866914U, (uint64_t)1524110943907984U, (uint64_t)1045603498418422U,
-    (uint64_t)928651508580478U, (uint64_t)1383326941296346U, (uint64_t)961937908925785U,
-    (uint64_t)80455759693706U, (uint64_t)904734540352947U, (uint64_t)1507481815385608U,
-    (uint64_t)2223447444246085U, (uint64_t)1083941587175919U, (uint64_t)2059929906842505U,
-    (uint64_t)1581435440146976U, (uint64_t)782730187692425U, (uint64_t)9928394897574U,
-    (uint64_t)1539449519985236U, (uint64_t)1923587931078510U, (uint64_t)552919286076056U,
-    (uint64_t)376925408065760U, (uint64_t)447320488831784U, (uint64_t)1362918338468019U,
-    (uint64_t)1470031896696846U, (uint64_t)2189796996539902U, (uint64_t)1337552949959847U,
-    (uint64_t)1762287177775726U, (uint64_t)237994495816815U, (uint64_t)1277840395970544U,
-    (uint64_t)543972849007241U, (uint64_t)1224692671618814U, (uint64_t)162359533289271U,
-    (uint64_t)282240927125249U, (uint64_t)586909166382289U, (uint64_t)17726488197838U,
-    (uint64_t)377014554985659U, (uint64_t)1433835303052512U, (uint64_t)702061469493692U,
-    (uint64_t)1142253108318154U, (uint64_t)318297794307551U, (uint64_t)954362646308543U,
-    (uint64_t)517363881452320U, (uint64_t)1868013482130416U, (uint64_t)262562472373260U,
-    (uint64_t)902232853249919U, (uint64_t)2107343057055746U, (uint64_t)462368348619024U,
-    (uint64_t)1893758677092974U, (uint64_t)2177729767846389U, (uint64_t)2168532543559143U,
-    (uint64_t)443867094639821U, (uint64_t)730169342581022U, (uint64_t)1564589016879755U,
-    (uint64_t)51218195700649U, (uint64_t)76684578423745U, (uint64_t)560266272480743U,
-    (uint64_t)922517457707697U, (uint64_t)2066645939860874U, (uint64_t)1318277348414638U,
-    (uint64_t)1576726809084003U, (uint64_t)1817337608563665U, (uint64_t)1874240939237666U,
-    (uint64_t)754733726333910U, (uint64_t)97085310406474U, (uint64_t)751148364309235U,
-    (uint64_t)1622159695715187U, (uint64_t)1444098819684916U, (uint64_t)130920805558089U,
-    (uint64_t)1260449179085308U, (uint64_t)1860021740768461U, (uint64_t)110052860348509U,
-    (uint64_t)193830891643810U, (uint64_t)164148413933881U, (uint64_t)180017794795332U,
-    (uint64_t)1523506525254651U, (uint64_t)465981629225956U, (uint64_t)559733514964572U,
-    (uint64_t)1279624874416974U, (uint64_t)2026642326892306U, (uint64_t)1425156829982409U,
-    (uint64_t)2160936383793147U, (uint64_t)1061870624975247U, (uint64_t)2023497043036941U,
-    (uint64_t)117942212883190U, (uint64_t)490339622800774U, (uint64_t)1729931303146295U,
-    (uint64_t)422305932971074U, (uint64_t)529103152793096U, (uint64_t)1211973233775992U,
-    (uint64_t)721364955929681U, (uint64_t)1497674430438813U, (uint64_t)342545521275073U,
-    (uint64_t)2102107575279372U, (uint64_t)2108462244669966U, (uint64_t)1382582406064082U,
-    (uint64_t)2206396818383323U, (uint64_t)2109093268641147U, (uint64_t)10809845110983U,
-    (uint64_t)1605176920880099U, (uint64_t)744640650753946U, (uint64_t)1712758897518129U,
-    (uint64_t)373410811281809U, (uint64_t)648838265800209U, (uint64_t)813058095530999U,
-    (uint64_t)513987632620169U, (uint64_t)465516160703329U, (uint64_t)2136322186126330U,
-    (uint64_t)1979645899422932U, (uint64_t)1197131006470786U, (uint64_t)1467836664863979U,
-    (uint64_t)1340751381374628U, (uint64_t)1810066212667962U, (uint64_t)1009933588225499U,
-    (uint64_t)1106129188080873U, (uint64_t)1388980405213901U, (uint64_t)533719246598044U,
-    (uint64_t)1169435803073277U, (uint64_t)198920999285821U, (uint64_t)487492330629854U,
-    (uint64_t)1807093008537778U, (uint64_t)1540899012923865U, (uint64_t)2075080271659867U,
-    (uint64_t)1527990806921523U, (uint64_t)1323728742908002U, (uint64_t)1568595959608205U,
-    (uint64_t)1388032187497212U, (uint64_t)2026968840050568U, (uint64_t)1396591153295755U,
-    (uint64_t)820416950170901U, (uint64_t)520060313205582U, (uint64_t)2016404325094901U,
-    (uint64_t)1584709677868520U, (uint64_t)272161374469956U, (uint64_t)1567188603996816U,
-    (uint64_t)1986160530078221U, (uint64_t)553930264324589U, (uint64_t)1058426729027503U,
-    (uint64_t)8762762886675U, (uint64_t)2216098143382988U, (uint64_t)1835145266889223U,
-    (uint64_t)1712936431558441U, (uint64_t)1017009937844974U, (uint64_t)585361667812740U,
-    (uint64_t)2114711541628181U, (uint64_t)2238729632971439U, (uint64_t)121257546253072U,
-    (uint64_t)847154149018345U, (uint64_t)211972965476684U, (uint64_t)287499084460129U,
-    (uint64_t)2098247259180197U, (uint64_t)839070411583329U, (uint64_t)339551619574372U,
-    (uint64_t)1432951287640743U, (uint64_t)526481249498942U, (uint64_t)931991661905195U,
-    (uint64_t)1884279965674487U, (uint64_t)200486405604411U, (uint64_t)364173020594788U,
-    (uint64_t)518034455936955U, (uint64_t)1085564703965501U, (uint64_t)16030410467927U,
-    (uint64_t)604865933167613U, (uint64_t)1695298441093964U, (uint64_t)498856548116159U,
-    (uint64_t)2193030062787034U, (uint64_t)1706339802964179U, (uint64_t)1721199073493888U,
-    (uint64_t)820740951039755U, (uint64_t)1216053436896834U, (uint64_t)23954895815139U,
-    (uint64_t)1662515208920491U, (uint64_t)1705443427511899U, (uint64_t)1957928899570365U,
-    (uint64_t)1189636258255725U, (uint64_t)1795695471103809U, (uint64_t)1691191297654118U,
-    (uint64_t)282402585374360U, (uint64_t)460405330264832U, (uint64_t)63765529445733U,
-    (uint64_t)469763447404473U, (uint64_t)733607089694996U, (uint64_t)685410420186959U,
-    (uint64_t)1096682630419738U, (uint64_t)1162548510542362U, (uint64_t)1020949526456676U,
-    (uint64_t)1211660396870573U, (uint64_t)613126398222696U, (uint64_t)1117829165843251U,
-    (uint64_t)742432540886650U, (uint64_t)1483755088010658U, (uint64_t)942392007134474U,
-    (uint64_t)1447834130944107U, (uint64_t)489368274863410U, (uint64_t)23192985544898U,
-    (uint64_t)648442406146160U, (uint64_t)785438843373876U, (uint64_t)249464684645238U,
-    (uint64_t)170494608205618U, (uint64_t)335112827260550U, (uint64_t)1462050123162735U,
-    (uint64_t)1084803668439016U, (uint64_t)853459233600325U, (uint64_t)215777728187495U,
-    (uint64_t)1965759433526974U, (uint64_t)1349482894446537U, (uint64_t)694163317612871U,
-    (uint64_t)860536766165036U, (uint64_t)1178788094084321U, (uint64_t)1652739626626996U,
-    (uint64_t)2115723946388185U, (uint64_t)1577204379094664U, (uint64_t)1083882859023240U,
-    (uint64_t)1768759143381635U, (uint64_t)1737180992507258U, (uint64_t)246054513922239U,
-    (uint64_t)577253134087234U, (uint64_t)356340280578042U, (uint64_t)1638917769925142U,
-    (uint64_t)223550348130103U, (uint64_t)470592666638765U, (uint64_t)22663573966996U,
-    (uint64_t)596552461152400U, (uint64_t)364143537069499U, (uint64_t)3942119457699U,
-    (uint64_t)107951982889287U, (uint64_t)1843471406713209U, (uint64_t)1625773041610986U,
-    (uint64_t)1466141092501702U, (uint64_t)1043024095021271U, (uint64_t)310429964047508U,
-    (uint64_t)98559121500372U, (uint64_t)152746933782868U, (uint64_t)259407205078261U,
-    (uint64_t)828123093322585U, (uint64_t)1576847274280091U, (uint64_t)1170871375757302U,
-    (uint64_t)1588856194642775U, (uint64_t)984767822341977U, (uint64_t)1141497997993760U,
-    (uint64_t)809325345150796U, (uint64_t)1879837728202511U, (uint64_t)201340910657893U,
-    (uint64_t)1079157558888483U, (uint64_t)1052373448588065U, (uint64_t)1732036202501778U,
-    (uint64_t)2105292670328445U, (uint64_t)679751387312402U, (uint64_t)1679682144926229U,
-    (uint64_t)1695823455818780U, (uint64_t)498852317075849U, (uint64_t)1786555067788433U,
-    (uint64_t)1670727545779425U, (uint64_t)117945875433544U, (uint64_t)407939139781844U,
-    (uint64_t)854632120023778U, (uint64_t)1413383148360437U, (uint64_t)286030901733673U,
-    (uint64_t)1207361858071196U, (uint64_t)461340408181417U, (uint64_t)1096919590360164U,
-    (uint64_t)1837594897475685U, (uint64_t)533755561544165U, (uint64_t)1638688042247712U,
-    (uint64_t)1431653684793005U, (uint64_t)1036458538873559U, (uint64_t)390822120341779U,
-    (uint64_t)1920929837111618U, (uint64_t)543426740024168U, (uint64_t)645751357799929U,
-    (uint64_t)2245025632994463U, (uint64_t)1550778638076452U, (uint64_t)223738153459949U,
-    (uint64_t)1337209385492033U, (uint64_t)1276967236456531U, (uint64_t)1463815821063071U,
-    (uint64_t)2070620870191473U, (uint64_t)1199170709413753U, (uint64_t)273230877394166U,
-    (uint64_t)1873264887608046U, (uint64_t)890877152910775U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 1738742601995546ULL, 1146398526822698ULL, 2070867633025821ULL,
+    562264141797630ULL, 587772402128613ULL, 1801439850948184ULL, 1351079888211148ULL,
+    450359962737049ULL, 900719925474099ULL, 1801439850948198ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    1841354044333475ULL, 16398895984059ULL, 755974180946558ULL, 900171276175154ULL,
+    1821297809914039ULL, 1661154287933054ULL, 284530020860578ULL, 1390261174866914ULL,
+    1524110943907984ULL, 1045603498418422ULL, 928651508580478ULL, 1383326941296346ULL,
+    961937908925785ULL, 80455759693706ULL, 904734540352947ULL, 1507481815385608ULL,
+    2223447444246085ULL, 1083941587175919ULL, 2059929906842505ULL, 1581435440146976ULL,
+    782730187692425ULL, 9928394897574ULL, 1539449519985236ULL, 1923587931078510ULL,
+    552919286076056ULL, 376925408065760ULL, 447320488831784ULL, 1362918338468019ULL,
+    1470031896696846ULL, 2189796996539902ULL, 1337552949959847ULL, 1762287177775726ULL,
+    237994495816815ULL, 1277840395970544ULL, 543972849007241ULL, 1224692671618814ULL,
+    162359533289271ULL, 282240927125249ULL, 586909166382289ULL, 17726488197838ULL,
+    377014554985659ULL, 1433835303052512ULL, 702061469493692ULL, 1142253108318154ULL,
+    318297794307551ULL, 954362646308543ULL, 517363881452320ULL, 1868013482130416ULL,
+    262562472373260ULL, 902232853249919ULL, 2107343057055746ULL, 462368348619024ULL,
+    1893758677092974ULL, 2177729767846389ULL, 2168532543559143ULL, 443867094639821ULL,
+    730169342581022ULL, 1564589016879755ULL, 51218195700649ULL, 76684578423745ULL,
+    560266272480743ULL, 922517457707697ULL, 2066645939860874ULL, 1318277348414638ULL,
+    1576726809084003ULL, 1817337608563665ULL, 1874240939237666ULL, 754733726333910ULL,
+    97085310406474ULL, 751148364309235ULL, 1622159695715187ULL, 1444098819684916ULL,
+    130920805558089ULL, 1260449179085308ULL, 1860021740768461ULL, 110052860348509ULL,
+    193830891643810ULL, 164148413933881ULL, 180017794795332ULL, 1523506525254651ULL,
+    465981629225956ULL, 559733514964572ULL, 1279624874416974ULL, 2026642326892306ULL,
+    1425156829982409ULL, 2160936383793147ULL, 1061870624975247ULL, 2023497043036941ULL,
+    117942212883190ULL, 490339622800774ULL, 1729931303146295ULL, 422305932971074ULL,
+    529103152793096ULL, 1211973233775992ULL, 721364955929681ULL, 1497674430438813ULL,
+    342545521275073ULL, 2102107575279372ULL, 2108462244669966ULL, 1382582406064082ULL,
+    2206396818383323ULL, 2109093268641147ULL, 10809845110983ULL, 1605176920880099ULL,
+    744640650753946ULL, 1712758897518129ULL, 373410811281809ULL, 648838265800209ULL,
+    813058095530999ULL, 513987632620169ULL, 465516160703329ULL, 2136322186126330ULL,
+    1979645899422932ULL, 1197131006470786ULL, 1467836664863979ULL, 1340751381374628ULL,
+    1810066212667962ULL, 1009933588225499ULL, 1106129188080873ULL, 1388980405213901ULL,
+    533719246598044ULL, 1169435803073277ULL, 198920999285821ULL, 487492330629854ULL,
+    1807093008537778ULL, 1540899012923865ULL, 2075080271659867ULL, 1527990806921523ULL,
+    1323728742908002ULL, 1568595959608205ULL, 1388032187497212ULL, 2026968840050568ULL,
+    1396591153295755ULL, 820416950170901ULL, 520060313205582ULL, 2016404325094901ULL,
+    1584709677868520ULL, 272161374469956ULL, 1567188603996816ULL, 1986160530078221ULL,
+    553930264324589ULL, 1058426729027503ULL, 8762762886675ULL, 2216098143382988ULL,
+    1835145266889223ULL, 1712936431558441ULL, 1017009937844974ULL, 585361667812740ULL,
+    2114711541628181ULL, 2238729632971439ULL, 121257546253072ULL, 847154149018345ULL,
+    211972965476684ULL, 287499084460129ULL, 2098247259180197ULL, 839070411583329ULL,
+    339551619574372ULL, 1432951287640743ULL, 526481249498942ULL, 931991661905195ULL,
+    1884279965674487ULL, 200486405604411ULL, 364173020594788ULL, 518034455936955ULL,
+    1085564703965501ULL, 16030410467927ULL, 604865933167613ULL, 1695298441093964ULL,
+    498856548116159ULL, 2193030062787034ULL, 1706339802964179ULL, 1721199073493888ULL,
+    820740951039755ULL, 1216053436896834ULL, 23954895815139ULL, 1662515208920491ULL,
+    1705443427511899ULL, 1957928899570365ULL, 1189636258255725ULL, 1795695471103809ULL,
+    1691191297654118ULL, 282402585374360ULL, 460405330264832ULL, 63765529445733ULL,
+    469763447404473ULL, 733607089694996ULL, 685410420186959ULL, 1096682630419738ULL,
+    1162548510542362ULL, 1020949526456676ULL, 1211660396870573ULL, 613126398222696ULL,
+    1117829165843251ULL, 742432540886650ULL, 1483755088010658ULL, 942392007134474ULL,
+    1447834130944107ULL, 489368274863410ULL, 23192985544898ULL, 648442406146160ULL,
+    785438843373876ULL, 249464684645238ULL, 170494608205618ULL, 335112827260550ULL,
+    1462050123162735ULL, 1084803668439016ULL, 853459233600325ULL, 215777728187495ULL,
+    1965759433526974ULL, 1349482894446537ULL, 694163317612871ULL, 860536766165036ULL,
+    1178788094084321ULL, 1652739626626996ULL, 2115723946388185ULL, 1577204379094664ULL,
+    1083882859023240ULL, 1768759143381635ULL, 1737180992507258ULL, 246054513922239ULL,
+    577253134087234ULL, 356340280578042ULL, 1638917769925142ULL, 223550348130103ULL,
+    470592666638765ULL, 22663573966996ULL, 596552461152400ULL, 364143537069499ULL, 3942119457699ULL,
+    107951982889287ULL, 1843471406713209ULL, 1625773041610986ULL, 1466141092501702ULL,
+    1043024095021271ULL, 310429964047508ULL, 98559121500372ULL, 152746933782868ULL,
+    259407205078261ULL, 828123093322585ULL, 1576847274280091ULL, 1170871375757302ULL,
+    1588856194642775ULL, 984767822341977ULL, 1141497997993760ULL, 809325345150796ULL,
+    1879837728202511ULL, 201340910657893ULL, 1079157558888483ULL, 1052373448588065ULL,
+    1732036202501778ULL, 2105292670328445ULL, 679751387312402ULL, 1679682144926229ULL,
+    1695823455818780ULL, 498852317075849ULL, 1786555067788433ULL, 1670727545779425ULL,
+    117945875433544ULL, 407939139781844ULL, 854632120023778ULL, 1413383148360437ULL,
+    286030901733673ULL, 1207361858071196ULL, 461340408181417ULL, 1096919590360164ULL,
+    1837594897475685ULL, 533755561544165ULL, 1638688042247712ULL, 1431653684793005ULL,
+    1036458538873559ULL, 390822120341779ULL, 1920929837111618ULL, 543426740024168ULL,
+    645751357799929ULL, 2245025632994463ULL, 1550778638076452ULL, 223738153459949ULL,
+    1337209385492033ULL, 1276967236456531ULL, 1463815821063071ULL, 2070620870191473ULL,
+    1199170709413753ULL, 273230877394166ULL, 1873264887608046ULL, 890877152910775ULL
   };
 
 static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_g_pow2_64_table_w4[320U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)13559344787725U, (uint64_t)2051621493703448U,
-    (uint64_t)1947659315640708U, (uint64_t)626856790370168U, (uint64_t)1592804284034836U,
-    (uint64_t)1781728767459187U, (uint64_t)278818420518009U, (uint64_t)2038030359908351U,
-    (uint64_t)910625973862690U, (uint64_t)471887343142239U, (uint64_t)1298543306606048U,
-    (uint64_t)794147365642417U, (uint64_t)129968992326749U, (uint64_t)523140861678572U,
-    (uint64_t)1166419653909231U, (uint64_t)2009637196928390U, (uint64_t)1288020222395193U,
-    (uint64_t)1007046974985829U, (uint64_t)208981102651386U, (uint64_t)2074009315253380U,
-    (uint64_t)1564056062071967U, (uint64_t)276822668750618U, (uint64_t)206621292512572U,
-    (uint64_t)470304361809269U, (uint64_t)895215438398493U, (uint64_t)1527859053868686U,
-    (uint64_t)1624967223409369U, (uint64_t)811821865979736U, (uint64_t)350450534838340U,
-    (uint64_t)219143807921807U, (uint64_t)507994540371254U, (uint64_t)986513794574720U,
-    (uint64_t)1142661369967121U, (uint64_t)621278293399257U, (uint64_t)556189161519781U,
-    (uint64_t)351964007865066U, (uint64_t)2011573453777822U, (uint64_t)1367125527151537U,
-    (uint64_t)1691316722438196U, (uint64_t)731328817345164U, (uint64_t)1284781192709232U,
-    (uint64_t)478439299539269U, (uint64_t)204842178076429U, (uint64_t)2085125369913651U,
-    (uint64_t)1980773492792985U, (uint64_t)1480264409524940U, (uint64_t)688389585376233U,
-    (uint64_t)612962643526972U, (uint64_t)165595382536676U, (uint64_t)1850300069212263U,
-    (uint64_t)1176357203491551U, (uint64_t)1880164984292321U, (uint64_t)10786153104736U,
-    (uint64_t)1242293560510203U, (uint64_t)1358399951884084U, (uint64_t)1901358796610357U,
-    (uint64_t)1385092558795806U, (uint64_t)1734893785311348U, (uint64_t)2046201851951191U,
-    (uint64_t)1233811309557352U, (uint64_t)1531160168656129U, (uint64_t)1543287181303358U,
-    (uint64_t)516121446374119U, (uint64_t)723422668089935U, (uint64_t)1228176774959679U,
-    (uint64_t)1598014722726267U, (uint64_t)1630810326658412U, (uint64_t)1343833067463760U,
-    (uint64_t)1024397964362099U, (uint64_t)1157142161346781U, (uint64_t)56422174971792U,
-    (uint64_t)544901687297092U, (uint64_t)1291559028869009U, (uint64_t)1336918672345120U,
-    (uint64_t)1390874603281353U, (uint64_t)1127199512010904U, (uint64_t)992644979940964U,
-    (uint64_t)1035213479783573U, (uint64_t)36043651196100U, (uint64_t)1220961519321221U,
-    (uint64_t)1348190007756977U, (uint64_t)579420200329088U, (uint64_t)1703819961008985U,
-    (uint64_t)1993919213460047U, (uint64_t)2225080008232251U, (uint64_t)392785893702372U,
-    (uint64_t)464312521482632U, (uint64_t)1224525362116057U, (uint64_t)810394248933036U,
-    (uint64_t)932513521649107U, (uint64_t)592314953488703U, (uint64_t)586334603791548U,
-    (uint64_t)1310888126096549U, (uint64_t)650842674074281U, (uint64_t)1596447001791059U,
-    (uint64_t)2086767406328284U, (uint64_t)1866377645879940U, (uint64_t)1721604362642743U,
-    (uint64_t)738502322566890U, (uint64_t)1851901097729689U, (uint64_t)1158347571686914U,
-    (uint64_t)2023626733470827U, (uint64_t)329625404653699U, (uint64_t)563555875598551U,
-    (uint64_t)516554588079177U, (uint64_t)1134688306104598U, (uint64_t)186301198420809U,
-    (uint64_t)1339952213563300U, (uint64_t)643605614625891U, (uint64_t)1947505332718043U,
-    (uint64_t)1722071694852824U, (uint64_t)601679570440694U, (uint64_t)1821275721236351U,
-    (uint64_t)1808307842870389U, (uint64_t)1654165204015635U, (uint64_t)1457334100715245U,
-    (uint64_t)217784948678349U, (uint64_t)1820622417674817U, (uint64_t)1946121178444661U,
-    (uint64_t)597980757799332U, (uint64_t)1745271227710764U, (uint64_t)2010952890941980U,
-    (uint64_t)339811849696648U, (uint64_t)1066120666993872U, (uint64_t)261276166508990U,
-    (uint64_t)323098645774553U, (uint64_t)207454744271283U, (uint64_t)941448672977675U,
-    (uint64_t)71890920544375U, (uint64_t)840849789313357U, (uint64_t)1223996070717926U,
-    (uint64_t)196832550853408U, (uint64_t)115986818309231U, (uint64_t)1586171527267675U,
-    (uint64_t)1666169080973450U, (uint64_t)1456454731176365U, (uint64_t)44467854369003U,
-    (uint64_t)2149656190691480U, (uint64_t)283446383597589U, (uint64_t)2040542647729974U,
-    (uint64_t)305705593840224U, (uint64_t)475315822269791U, (uint64_t)648133452550632U,
-    (uint64_t)169218658835720U, (uint64_t)24960052338251U, (uint64_t)938907951346766U,
-    (uint64_t)425970950490510U, (uint64_t)1037622011013183U, (uint64_t)1026882082708180U,
-    (uint64_t)1635699409504916U, (uint64_t)1644776942870488U, (uint64_t)2151820331175914U,
-    (uint64_t)824120674069819U, (uint64_t)835744976610113U, (uint64_t)1991271032313190U,
-    (uint64_t)96507354724855U, (uint64_t)400645405133260U, (uint64_t)343728076650825U,
-    (uint64_t)1151585441385566U, (uint64_t)1403339955333520U, (uint64_t)230186314139774U,
-    (uint64_t)1736248861506714U, (uint64_t)1010804378904572U, (uint64_t)1394932289845636U,
-    (uint64_t)1901351256960852U, (uint64_t)2187471430089807U, (uint64_t)1003853262342670U,
-    (uint64_t)1327743396767461U, (uint64_t)1465160415991740U, (uint64_t)366625359144534U,
-    (uint64_t)1534791405247604U, (uint64_t)1790905930250187U, (uint64_t)1255484115292738U,
-    (uint64_t)2223291365520443U, (uint64_t)210967717407408U, (uint64_t)26722916813442U,
-    (uint64_t)1919574361907910U, (uint64_t)468825088280256U, (uint64_t)2230011775946070U,
-    (uint64_t)1628365642214479U, (uint64_t)568871869234932U, (uint64_t)1066987968780488U,
-    (uint64_t)1692242903745558U, (uint64_t)1678903997328589U, (uint64_t)214262165888021U,
-    (uint64_t)1929686748607204U, (uint64_t)1790138967989670U, (uint64_t)1790261616022076U,
-    (uint64_t)1559824537553112U, (uint64_t)1230364591311358U, (uint64_t)147531939886346U,
-    (uint64_t)1528207085815487U, (uint64_t)477957922927292U, (uint64_t)285670243881618U,
-    (uint64_t)264430080123332U, (uint64_t)1163108160028611U, (uint64_t)373201522147371U,
-    (uint64_t)34903775270979U, (uint64_t)1750870048600662U, (uint64_t)1319328308741084U,
-    (uint64_t)1547548634278984U, (uint64_t)1691259592202927U, (uint64_t)2247758037259814U,
-    (uint64_t)329611399953677U, (uint64_t)1385555496268877U, (uint64_t)2242438354031066U,
-    (uint64_t)1329523854843632U, (uint64_t)399895373846055U, (uint64_t)678005703193452U,
-    (uint64_t)1496357700997771U, (uint64_t)71909969781942U, (uint64_t)1515391418612349U,
-    (uint64_t)470110837888178U, (uint64_t)1981307309417466U, (uint64_t)1259888737412276U,
-    (uint64_t)669991710228712U, (uint64_t)1048546834514303U, (uint64_t)1678323291295512U,
-    (uint64_t)2172033978088071U, (uint64_t)1529278455500556U, (uint64_t)901984601941894U,
-    (uint64_t)780867622403807U, (uint64_t)550105677282793U, (uint64_t)975860231176136U,
-    (uint64_t)525188281689178U, (uint64_t)49966114807992U, (uint64_t)1776449263836645U,
-    (uint64_t)267851776380338U, (uint64_t)2225969494054620U, (uint64_t)2016794225789822U,
-    (uint64_t)1186108678266608U, (uint64_t)1023083271408882U, (uint64_t)1119289418565906U,
-    (uint64_t)1248185897348801U, (uint64_t)1846081539082697U, (uint64_t)23756429626075U,
-    (uint64_t)1441999021105403U, (uint64_t)724497586552825U, (uint64_t)1287761623605379U,
-    (uint64_t)685303359654224U, (uint64_t)2217156930690570U, (uint64_t)163769288918347U,
-    (uint64_t)1098423278284094U, (uint64_t)1391470723006008U, (uint64_t)570700152353516U,
-    (uint64_t)744804507262556U, (uint64_t)2200464788609495U, (uint64_t)624141899161992U,
-    (uint64_t)2249570166275684U, (uint64_t)378706441983561U, (uint64_t)122486379999375U,
-    (uint64_t)430741162798924U, (uint64_t)113847463452574U, (uint64_t)266250457840685U,
-    (uint64_t)2120743625072743U, (uint64_t)222186221043927U, (uint64_t)1964290018305582U,
-    (uint64_t)1435278008132477U, (uint64_t)1670867456663734U, (uint64_t)2009989552599079U,
-    (uint64_t)1348024113448744U, (uint64_t)1158423886300455U, (uint64_t)1356467152691569U,
-    (uint64_t)306943042363674U, (uint64_t)926879628664255U, (uint64_t)1349295689598324U,
-    (uint64_t)725558330071205U, (uint64_t)536569987519948U, (uint64_t)116436990335366U,
-    (uint64_t)1551888573800376U, (uint64_t)2044698345945451U, (uint64_t)104279940291311U,
-    (uint64_t)251526570943220U, (uint64_t)754735828122925U, (uint64_t)33448073576361U,
-    (uint64_t)994605876754543U, (uint64_t)546007584022006U, (uint64_t)2217332798409487U,
-    (uint64_t)706477052561591U, (uint64_t)131174619428653U, (uint64_t)2148698284087243U,
-    (uint64_t)239290486205186U, (uint64_t)2161325796952184U, (uint64_t)1713452845607994U,
-    (uint64_t)1297861562938913U, (uint64_t)1779539876828514U, (uint64_t)1926559018603871U,
-    (uint64_t)296485747893968U, (uint64_t)1859208206640686U, (uint64_t)538513979002718U,
-    (uint64_t)103998826506137U, (uint64_t)2025375396538469U, (uint64_t)1370680785701206U,
-    (uint64_t)1698557311253840U, (uint64_t)1411096399076595U, (uint64_t)2132580530813677U,
-    (uint64_t)2071564345845035U, (uint64_t)498581428556735U, (uint64_t)1136010486691371U,
-    (uint64_t)1927619356993146U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 13559344787725ULL, 2051621493703448ULL, 1947659315640708ULL,
+    626856790370168ULL, 1592804284034836ULL, 1781728767459187ULL, 278818420518009ULL,
+    2038030359908351ULL, 910625973862690ULL, 471887343142239ULL, 1298543306606048ULL,
+    794147365642417ULL, 129968992326749ULL, 523140861678572ULL, 1166419653909231ULL,
+    2009637196928390ULL, 1288020222395193ULL, 1007046974985829ULL, 208981102651386ULL,
+    2074009315253380ULL, 1564056062071967ULL, 276822668750618ULL, 206621292512572ULL,
+    470304361809269ULL, 895215438398493ULL, 1527859053868686ULL, 1624967223409369ULL,
+    811821865979736ULL, 350450534838340ULL, 219143807921807ULL, 507994540371254ULL,
+    986513794574720ULL, 1142661369967121ULL, 621278293399257ULL, 556189161519781ULL,
+    351964007865066ULL, 2011573453777822ULL, 1367125527151537ULL, 1691316722438196ULL,
+    731328817345164ULL, 1284781192709232ULL, 478439299539269ULL, 204842178076429ULL,
+    2085125369913651ULL, 1980773492792985ULL, 1480264409524940ULL, 688389585376233ULL,
+    612962643526972ULL, 165595382536676ULL, 1850300069212263ULL, 1176357203491551ULL,
+    1880164984292321ULL, 10786153104736ULL, 1242293560510203ULL, 1358399951884084ULL,
+    1901358796610357ULL, 1385092558795806ULL, 1734893785311348ULL, 2046201851951191ULL,
+    1233811309557352ULL, 1531160168656129ULL, 1543287181303358ULL, 516121446374119ULL,
+    723422668089935ULL, 1228176774959679ULL, 1598014722726267ULL, 1630810326658412ULL,
+    1343833067463760ULL, 1024397964362099ULL, 1157142161346781ULL, 56422174971792ULL,
+    544901687297092ULL, 1291559028869009ULL, 1336918672345120ULL, 1390874603281353ULL,
+    1127199512010904ULL, 992644979940964ULL, 1035213479783573ULL, 36043651196100ULL,
+    1220961519321221ULL, 1348190007756977ULL, 579420200329088ULL, 1703819961008985ULL,
+    1993919213460047ULL, 2225080008232251ULL, 392785893702372ULL, 464312521482632ULL,
+    1224525362116057ULL, 810394248933036ULL, 932513521649107ULL, 592314953488703ULL,
+    586334603791548ULL, 1310888126096549ULL, 650842674074281ULL, 1596447001791059ULL,
+    2086767406328284ULL, 1866377645879940ULL, 1721604362642743ULL, 738502322566890ULL,
+    1851901097729689ULL, 1158347571686914ULL, 2023626733470827ULL, 329625404653699ULL,
+    563555875598551ULL, 516554588079177ULL, 1134688306104598ULL, 186301198420809ULL,
+    1339952213563300ULL, 643605614625891ULL, 1947505332718043ULL, 1722071694852824ULL,
+    601679570440694ULL, 1821275721236351ULL, 1808307842870389ULL, 1654165204015635ULL,
+    1457334100715245ULL, 217784948678349ULL, 1820622417674817ULL, 1946121178444661ULL,
+    597980757799332ULL, 1745271227710764ULL, 2010952890941980ULL, 339811849696648ULL,
+    1066120666993872ULL, 261276166508990ULL, 323098645774553ULL, 207454744271283ULL,
+    941448672977675ULL, 71890920544375ULL, 840849789313357ULL, 1223996070717926ULL,
+    196832550853408ULL, 115986818309231ULL, 1586171527267675ULL, 1666169080973450ULL,
+    1456454731176365ULL, 44467854369003ULL, 2149656190691480ULL, 283446383597589ULL,
+    2040542647729974ULL, 305705593840224ULL, 475315822269791ULL, 648133452550632ULL,
+    169218658835720ULL, 24960052338251ULL, 938907951346766ULL, 425970950490510ULL,
+    1037622011013183ULL, 1026882082708180ULL, 1635699409504916ULL, 1644776942870488ULL,
+    2151820331175914ULL, 824120674069819ULL, 835744976610113ULL, 1991271032313190ULL,
+    96507354724855ULL, 400645405133260ULL, 343728076650825ULL, 1151585441385566ULL,
+    1403339955333520ULL, 230186314139774ULL, 1736248861506714ULL, 1010804378904572ULL,
+    1394932289845636ULL, 1901351256960852ULL, 2187471430089807ULL, 1003853262342670ULL,
+    1327743396767461ULL, 1465160415991740ULL, 366625359144534ULL, 1534791405247604ULL,
+    1790905930250187ULL, 1255484115292738ULL, 2223291365520443ULL, 210967717407408ULL,
+    26722916813442ULL, 1919574361907910ULL, 468825088280256ULL, 2230011775946070ULL,
+    1628365642214479ULL, 568871869234932ULL, 1066987968780488ULL, 1692242903745558ULL,
+    1678903997328589ULL, 214262165888021ULL, 1929686748607204ULL, 1790138967989670ULL,
+    1790261616022076ULL, 1559824537553112ULL, 1230364591311358ULL, 147531939886346ULL,
+    1528207085815487ULL, 477957922927292ULL, 285670243881618ULL, 264430080123332ULL,
+    1163108160028611ULL, 373201522147371ULL, 34903775270979ULL, 1750870048600662ULL,
+    1319328308741084ULL, 1547548634278984ULL, 1691259592202927ULL, 2247758037259814ULL,
+    329611399953677ULL, 1385555496268877ULL, 2242438354031066ULL, 1329523854843632ULL,
+    399895373846055ULL, 678005703193452ULL, 1496357700997771ULL, 71909969781942ULL,
+    1515391418612349ULL, 470110837888178ULL, 1981307309417466ULL, 1259888737412276ULL,
+    669991710228712ULL, 1048546834514303ULL, 1678323291295512ULL, 2172033978088071ULL,
+    1529278455500556ULL, 901984601941894ULL, 780867622403807ULL, 550105677282793ULL,
+    975860231176136ULL, 525188281689178ULL, 49966114807992ULL, 1776449263836645ULL,
+    267851776380338ULL, 2225969494054620ULL, 2016794225789822ULL, 1186108678266608ULL,
+    1023083271408882ULL, 1119289418565906ULL, 1248185897348801ULL, 1846081539082697ULL,
+    23756429626075ULL, 1441999021105403ULL, 724497586552825ULL, 1287761623605379ULL,
+    685303359654224ULL, 2217156930690570ULL, 163769288918347ULL, 1098423278284094ULL,
+    1391470723006008ULL, 570700152353516ULL, 744804507262556ULL, 2200464788609495ULL,
+    624141899161992ULL, 2249570166275684ULL, 378706441983561ULL, 122486379999375ULL,
+    430741162798924ULL, 113847463452574ULL, 266250457840685ULL, 2120743625072743ULL,
+    222186221043927ULL, 1964290018305582ULL, 1435278008132477ULL, 1670867456663734ULL,
+    2009989552599079ULL, 1348024113448744ULL, 1158423886300455ULL, 1356467152691569ULL,
+    306943042363674ULL, 926879628664255ULL, 1349295689598324ULL, 725558330071205ULL,
+    536569987519948ULL, 116436990335366ULL, 1551888573800376ULL, 2044698345945451ULL,
+    104279940291311ULL, 251526570943220ULL, 754735828122925ULL, 33448073576361ULL,
+    994605876754543ULL, 546007584022006ULL, 2217332798409487ULL, 706477052561591ULL,
+    131174619428653ULL, 2148698284087243ULL, 239290486205186ULL, 2161325796952184ULL,
+    1713452845607994ULL, 1297861562938913ULL, 1779539876828514ULL, 1926559018603871ULL,
+    296485747893968ULL, 1859208206640686ULL, 538513979002718ULL, 103998826506137ULL,
+    2025375396538469ULL, 1370680785701206ULL, 1698557311253840ULL, 1411096399076595ULL,
+    2132580530813677ULL, 2071564345845035ULL, 498581428556735ULL, 1136010486691371ULL,
+    1927619356993146ULL
   };
 
 static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_g_pow2_128_table_w4[320U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)557549315715710U, (uint64_t)196756086293855U,
-    (uint64_t)846062225082495U, (uint64_t)1865068224838092U, (uint64_t)991112090754908U,
-    (uint64_t)522916421512828U, (uint64_t)2098523346722375U, (uint64_t)1135633221747012U,
-    (uint64_t)858420432114866U, (uint64_t)186358544306082U, (uint64_t)1044420411868480U,
-    (uint64_t)2080052304349321U, (uint64_t)557301814716724U, (uint64_t)1305130257814057U,
-    (uint64_t)2126012765451197U, (uint64_t)1441004402875101U, (uint64_t)353948968859203U,
-    (uint64_t)470765987164835U, (uint64_t)1507675957683570U, (uint64_t)1086650358745097U,
-    (uint64_t)1911913434398388U, (uint64_t)66086091117182U, (uint64_t)1137511952425971U,
-    (uint64_t)36958263512141U, (uint64_t)2193310025325256U, (uint64_t)1085191426269045U,
-    (uint64_t)1232148267909446U, (uint64_t)1449894406170117U, (uint64_t)1241416717139557U,
-    (uint64_t)1940876999212868U, (uint64_t)829758415918121U, (uint64_t)309608450373449U,
-    (uint64_t)2228398547683851U, (uint64_t)1580623271960188U, (uint64_t)1675601502456740U,
-    (uint64_t)1360363115493548U, (uint64_t)1098397313096815U, (uint64_t)1809255384359797U,
-    (uint64_t)1458261916834384U, (uint64_t)210682545649705U, (uint64_t)1606836641068115U,
-    (uint64_t)1230478270405318U, (uint64_t)1843192771547802U, (uint64_t)1794596343564051U,
-    (uint64_t)229060710252162U, (uint64_t)2169742775467181U, (uint64_t)701467067318072U,
-    (uint64_t)696018499035555U, (uint64_t)521051885339807U, (uint64_t)158329567901874U,
-    (uint64_t)740426481832143U, (uint64_t)1369811177301441U, (uint64_t)503351589084015U,
-    (uint64_t)1781114827942261U, (uint64_t)1650493549693035U, (uint64_t)2174562418345156U,
-    (uint64_t)456517194809244U, (uint64_t)2052761522121179U, (uint64_t)2233342271123682U,
-    (uint64_t)1445872925177435U, (uint64_t)1131882576902813U, (uint64_t)220765848055241U,
-    (uint64_t)1280259961403769U, (uint64_t)1581497080160712U, (uint64_t)1477441080108824U,
-    (uint64_t)218428165202767U, (uint64_t)1970598141278907U, (uint64_t)643366736173069U,
-    (uint64_t)2167909426804014U, (uint64_t)834993711408259U, (uint64_t)1922437166463212U,
-    (uint64_t)1900036281472252U, (uint64_t)513794844386304U, (uint64_t)1297904164900114U,
-    (uint64_t)1147626295373268U, (uint64_t)1910101606251299U, (uint64_t)182933838633381U,
-    (uint64_t)806229530787362U, (uint64_t)155511666433200U, (uint64_t)290522463375462U,
-    (uint64_t)534373523491751U, (uint64_t)1302938814480515U, (uint64_t)1664979184120445U,
-    (uint64_t)304235649499423U, (uint64_t)339284524318609U, (uint64_t)1881717946973483U,
-    (uint64_t)1670802286833842U, (uint64_t)2223637120675737U, (uint64_t)135818919485814U,
-    (uint64_t)1144856572842792U, (uint64_t)2234981613434386U, (uint64_t)963917024969826U,
-    (uint64_t)402275378284993U, (uint64_t)141532417412170U, (uint64_t)921537468739387U,
-    (uint64_t)963905069722607U, (uint64_t)1405442890733358U, (uint64_t)1567763927164655U,
-    (uint64_t)1664776329195930U, (uint64_t)2095924165508507U, (uint64_t)994243110271379U,
-    (uint64_t)1243925610609353U, (uint64_t)1029845815569727U, (uint64_t)1001968867985629U,
-    (uint64_t)170368934002484U, (uint64_t)1100906131583801U, (uint64_t)1825190326449569U,
-    (uint64_t)1462285121182096U, (uint64_t)1545240767016377U, (uint64_t)797859025652273U,
-    (uint64_t)1062758326657530U, (uint64_t)1125600735118266U, (uint64_t)739325756774527U,
-    (uint64_t)1420144485966996U, (uint64_t)1915492743426702U, (uint64_t)752968196344993U,
-    (uint64_t)882156396938351U, (uint64_t)1909097048763227U, (uint64_t)849058590685611U,
-    (uint64_t)840754951388500U, (uint64_t)1832926948808323U, (uint64_t)2023317100075297U,
-    (uint64_t)322382745442827U, (uint64_t)1569741341737601U, (uint64_t)1678986113194987U,
-    (uint64_t)757598994581938U, (uint64_t)29678659580705U, (uint64_t)1239680935977986U,
-    (uint64_t)1509239427168474U, (uint64_t)1055981929287006U, (uint64_t)1894085471158693U,
-    (uint64_t)916486225488490U, (uint64_t)642168890366120U, (uint64_t)300453362620010U,
-    (uint64_t)1858797242721481U, (uint64_t)2077989823177130U, (uint64_t)510228455273334U,
-    (uint64_t)1473284798689270U, (uint64_t)5173934574301U, (uint64_t)765285232030050U,
-    (uint64_t)1007154707631065U, (uint64_t)1862128712885972U, (uint64_t)168873464821340U,
-    (uint64_t)1967853269759318U, (uint64_t)1489896018263031U, (uint64_t)592451806166369U,
-    (uint64_t)1242298565603883U, (uint64_t)1838918921339058U, (uint64_t)697532763910695U,
-    (uint64_t)294335466239059U, (uint64_t)135687058387449U, (uint64_t)2133734403874176U,
-    (uint64_t)2121911143127699U, (uint64_t)20222476737364U, (uint64_t)1200824626476747U,
-    (uint64_t)1397731736540791U, (uint64_t)702378430231418U, (uint64_t)59059527640068U,
-    (uint64_t)460992547183981U, (uint64_t)1016125857842765U, (uint64_t)1273530839608957U,
-    (uint64_t)96724128829301U, (uint64_t)1313433042425233U, (uint64_t)3543822857227U,
-    (uint64_t)761975685357118U, (uint64_t)110417360745248U, (uint64_t)1079634164577663U,
-    (uint64_t)2044574510020457U, (uint64_t)338709058603120U, (uint64_t)94541336042799U,
-    (uint64_t)127963233585039U, (uint64_t)94427896272258U, (uint64_t)1143501979342182U,
-    (uint64_t)1217958006212230U, (uint64_t)2153887831492134U, (uint64_t)1519219513255575U,
-    (uint64_t)251793195454181U, (uint64_t)392517349345200U, (uint64_t)1507033011868881U,
-    (uint64_t)2208494254670752U, (uint64_t)1364389582694359U, (uint64_t)2214069430728063U,
-    (uint64_t)1272814257105752U, (uint64_t)741450148906352U, (uint64_t)1105776675555685U,
-    (uint64_t)824447222014984U, (uint64_t)528745219306376U, (uint64_t)589427609121575U,
-    (uint64_t)1501786838809155U, (uint64_t)379067373073147U, (uint64_t)184909476589356U,
-    (uint64_t)1346887560616185U, (uint64_t)1932023742314082U, (uint64_t)1633302311869264U,
-    (uint64_t)1685314821133069U, (uint64_t)1836610282047884U, (uint64_t)1595571594397150U,
-    (uint64_t)615441688872198U, (uint64_t)1926435616702564U, (uint64_t)235632180396480U,
-    (uint64_t)1051918343571810U, (uint64_t)2150570051687050U, (uint64_t)879198845408738U,
-    (uint64_t)1443966275205464U, (uint64_t)481362545245088U, (uint64_t)512807443532642U,
-    (uint64_t)641147578283480U, (uint64_t)1594276116945596U, (uint64_t)1844812743300602U,
-    (uint64_t)2044559316019485U, (uint64_t)202620777969020U, (uint64_t)852992984136302U,
-    (uint64_t)1500869642692910U, (uint64_t)1085216217052457U, (uint64_t)1736294372259758U,
-    (uint64_t)2009666354486552U, (uint64_t)1262389020715248U, (uint64_t)1166527705256867U,
-    (uint64_t)1409917450806036U, (uint64_t)1705819160057637U, (uint64_t)1116901782584378U,
-    (uint64_t)1278460472285473U, (uint64_t)257879811360157U, (uint64_t)40314007176886U,
-    (uint64_t)701309846749639U, (uint64_t)1380457676672777U, (uint64_t)631519782380272U,
-    (uint64_t)1196339573466793U, (uint64_t)955537708940017U, (uint64_t)532725633381530U,
-    (uint64_t)641190593731833U, (uint64_t)7214357153807U, (uint64_t)481922072107983U,
-    (uint64_t)1634886189207352U, (uint64_t)1247659758261633U, (uint64_t)1655809614786430U,
-    (uint64_t)43105797900223U, (uint64_t)76205809912607U, (uint64_t)1936575107455823U,
-    (uint64_t)1107927314642236U, (uint64_t)2199986333469333U, (uint64_t)802974829322510U,
-    (uint64_t)718173128143482U, (uint64_t)539385184235615U, (uint64_t)2075693785611221U,
-    (uint64_t)953281147333690U, (uint64_t)1623571637172587U, (uint64_t)655274535022250U,
-    (uint64_t)1568078078819021U, (uint64_t)101142125049712U, (uint64_t)1488441673350881U,
-    (uint64_t)1457969561944515U, (uint64_t)1492622544287712U, (uint64_t)2041460689280803U,
-    (uint64_t)1961848091392887U, (uint64_t)461003520846938U, (uint64_t)934728060399807U,
-    (uint64_t)117723291519705U, (uint64_t)1027773762863526U, (uint64_t)56765304991567U,
-    (uint64_t)2184028379550479U, (uint64_t)1768767711894030U, (uint64_t)1304432068983172U,
-    (uint64_t)498080974452325U, (uint64_t)2134905654858163U, (uint64_t)1446137427202647U,
-    (uint64_t)551613831549590U, (uint64_t)680288767054205U, (uint64_t)1278113339140386U,
-    (uint64_t)378149431842614U, (uint64_t)80520494426960U, (uint64_t)2080985256348782U,
-    (uint64_t)673432591799820U, (uint64_t)739189463724560U, (uint64_t)1847191452197509U,
-    (uint64_t)527737312871602U, (uint64_t)477609358840073U, (uint64_t)1891633072677946U,
-    (uint64_t)1841456828278466U, (uint64_t)2242502936489002U, (uint64_t)524791829362709U,
-    (uint64_t)276648168514036U, (uint64_t)991706903257619U, (uint64_t)512580228297906U,
-    (uint64_t)1216855104975946U, (uint64_t)67030930303149U, (uint64_t)769593945208213U,
-    (uint64_t)2048873385103577U, (uint64_t)455635274123107U, (uint64_t)2077404927176696U,
-    (uint64_t)1803539634652306U, (uint64_t)1837579953843417U, (uint64_t)1564240068662828U,
-    (uint64_t)1964310918970435U, (uint64_t)832822906252492U, (uint64_t)1516044634195010U,
-    (uint64_t)770571447506889U, (uint64_t)602215152486818U, (uint64_t)1760828333136947U,
-    (uint64_t)730156776030376U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 557549315715710ULL, 196756086293855ULL, 846062225082495ULL,
+    1865068224838092ULL, 991112090754908ULL, 522916421512828ULL, 2098523346722375ULL,
+    1135633221747012ULL, 858420432114866ULL, 186358544306082ULL, 1044420411868480ULL,
+    2080052304349321ULL, 557301814716724ULL, 1305130257814057ULL, 2126012765451197ULL,
+    1441004402875101ULL, 353948968859203ULL, 470765987164835ULL, 1507675957683570ULL,
+    1086650358745097ULL, 1911913434398388ULL, 66086091117182ULL, 1137511952425971ULL,
+    36958263512141ULL, 2193310025325256ULL, 1085191426269045ULL, 1232148267909446ULL,
+    1449894406170117ULL, 1241416717139557ULL, 1940876999212868ULL, 829758415918121ULL,
+    309608450373449ULL, 2228398547683851ULL, 1580623271960188ULL, 1675601502456740ULL,
+    1360363115493548ULL, 1098397313096815ULL, 1809255384359797ULL, 1458261916834384ULL,
+    210682545649705ULL, 1606836641068115ULL, 1230478270405318ULL, 1843192771547802ULL,
+    1794596343564051ULL, 229060710252162ULL, 2169742775467181ULL, 701467067318072ULL,
+    696018499035555ULL, 521051885339807ULL, 158329567901874ULL, 740426481832143ULL,
+    1369811177301441ULL, 503351589084015ULL, 1781114827942261ULL, 1650493549693035ULL,
+    2174562418345156ULL, 456517194809244ULL, 2052761522121179ULL, 2233342271123682ULL,
+    1445872925177435ULL, 1131882576902813ULL, 220765848055241ULL, 1280259961403769ULL,
+    1581497080160712ULL, 1477441080108824ULL, 218428165202767ULL, 1970598141278907ULL,
+    643366736173069ULL, 2167909426804014ULL, 834993711408259ULL, 1922437166463212ULL,
+    1900036281472252ULL, 513794844386304ULL, 1297904164900114ULL, 1147626295373268ULL,
+    1910101606251299ULL, 182933838633381ULL, 806229530787362ULL, 155511666433200ULL,
+    290522463375462ULL, 534373523491751ULL, 1302938814480515ULL, 1664979184120445ULL,
+    304235649499423ULL, 339284524318609ULL, 1881717946973483ULL, 1670802286833842ULL,
+    2223637120675737ULL, 135818919485814ULL, 1144856572842792ULL, 2234981613434386ULL,
+    963917024969826ULL, 402275378284993ULL, 141532417412170ULL, 921537468739387ULL,
+    963905069722607ULL, 1405442890733358ULL, 1567763927164655ULL, 1664776329195930ULL,
+    2095924165508507ULL, 994243110271379ULL, 1243925610609353ULL, 1029845815569727ULL,
+    1001968867985629ULL, 170368934002484ULL, 1100906131583801ULL, 1825190326449569ULL,
+    1462285121182096ULL, 1545240767016377ULL, 797859025652273ULL, 1062758326657530ULL,
+    1125600735118266ULL, 739325756774527ULL, 1420144485966996ULL, 1915492743426702ULL,
+    752968196344993ULL, 882156396938351ULL, 1909097048763227ULL, 849058590685611ULL,
+    840754951388500ULL, 1832926948808323ULL, 2023317100075297ULL, 322382745442827ULL,
+    1569741341737601ULL, 1678986113194987ULL, 757598994581938ULL, 29678659580705ULL,
+    1239680935977986ULL, 1509239427168474ULL, 1055981929287006ULL, 1894085471158693ULL,
+    916486225488490ULL, 642168890366120ULL, 300453362620010ULL, 1858797242721481ULL,
+    2077989823177130ULL, 510228455273334ULL, 1473284798689270ULL, 5173934574301ULL,
+    765285232030050ULL, 1007154707631065ULL, 1862128712885972ULL, 168873464821340ULL,
+    1967853269759318ULL, 1489896018263031ULL, 592451806166369ULL, 1242298565603883ULL,
+    1838918921339058ULL, 697532763910695ULL, 294335466239059ULL, 135687058387449ULL,
+    2133734403874176ULL, 2121911143127699ULL, 20222476737364ULL, 1200824626476747ULL,
+    1397731736540791ULL, 702378430231418ULL, 59059527640068ULL, 460992547183981ULL,
+    1016125857842765ULL, 1273530839608957ULL, 96724128829301ULL, 1313433042425233ULL,
+    3543822857227ULL, 761975685357118ULL, 110417360745248ULL, 1079634164577663ULL,
+    2044574510020457ULL, 338709058603120ULL, 94541336042799ULL, 127963233585039ULL,
+    94427896272258ULL, 1143501979342182ULL, 1217958006212230ULL, 2153887831492134ULL,
+    1519219513255575ULL, 251793195454181ULL, 392517349345200ULL, 1507033011868881ULL,
+    2208494254670752ULL, 1364389582694359ULL, 2214069430728063ULL, 1272814257105752ULL,
+    741450148906352ULL, 1105776675555685ULL, 824447222014984ULL, 528745219306376ULL,
+    589427609121575ULL, 1501786838809155ULL, 379067373073147ULL, 184909476589356ULL,
+    1346887560616185ULL, 1932023742314082ULL, 1633302311869264ULL, 1685314821133069ULL,
+    1836610282047884ULL, 1595571594397150ULL, 615441688872198ULL, 1926435616702564ULL,
+    235632180396480ULL, 1051918343571810ULL, 2150570051687050ULL, 879198845408738ULL,
+    1443966275205464ULL, 481362545245088ULL, 512807443532642ULL, 641147578283480ULL,
+    1594276116945596ULL, 1844812743300602ULL, 2044559316019485ULL, 202620777969020ULL,
+    852992984136302ULL, 1500869642692910ULL, 1085216217052457ULL, 1736294372259758ULL,
+    2009666354486552ULL, 1262389020715248ULL, 1166527705256867ULL, 1409917450806036ULL,
+    1705819160057637ULL, 1116901782584378ULL, 1278460472285473ULL, 257879811360157ULL,
+    40314007176886ULL, 701309846749639ULL, 1380457676672777ULL, 631519782380272ULL,
+    1196339573466793ULL, 955537708940017ULL, 532725633381530ULL, 641190593731833ULL,
+    7214357153807ULL, 481922072107983ULL, 1634886189207352ULL, 1247659758261633ULL,
+    1655809614786430ULL, 43105797900223ULL, 76205809912607ULL, 1936575107455823ULL,
+    1107927314642236ULL, 2199986333469333ULL, 802974829322510ULL, 718173128143482ULL,
+    539385184235615ULL, 2075693785611221ULL, 953281147333690ULL, 1623571637172587ULL,
+    655274535022250ULL, 1568078078819021ULL, 101142125049712ULL, 1488441673350881ULL,
+    1457969561944515ULL, 1492622544287712ULL, 2041460689280803ULL, 1961848091392887ULL,
+    461003520846938ULL, 934728060399807ULL, 117723291519705ULL, 1027773762863526ULL,
+    56765304991567ULL, 2184028379550479ULL, 1768767711894030ULL, 1304432068983172ULL,
+    498080974452325ULL, 2134905654858163ULL, 1446137427202647ULL, 551613831549590ULL,
+    680288767054205ULL, 1278113339140386ULL, 378149431842614ULL, 80520494426960ULL,
+    2080985256348782ULL, 673432591799820ULL, 739189463724560ULL, 1847191452197509ULL,
+    527737312871602ULL, 477609358840073ULL, 1891633072677946ULL, 1841456828278466ULL,
+    2242502936489002ULL, 524791829362709ULL, 276648168514036ULL, 991706903257619ULL,
+    512580228297906ULL, 1216855104975946ULL, 67030930303149ULL, 769593945208213ULL,
+    2048873385103577ULL, 455635274123107ULL, 2077404927176696ULL, 1803539634652306ULL,
+    1837579953843417ULL, 1564240068662828ULL, 1964310918970435ULL, 832822906252492ULL,
+    1516044634195010ULL, 770571447506889ULL, 602215152486818ULL, 1760828333136947ULL,
+    730156776030376ULL
   };
 
 static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_g_pow2_192_table_w4[320U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)1129953239743101U, (uint64_t)1240339163956160U,
-    (uint64_t)61002583352401U, (uint64_t)2017604552196030U, (uint64_t)1576867829229863U,
-    (uint64_t)1508654942849389U, (uint64_t)270111619664077U, (uint64_t)1253097517254054U,
-    (uint64_t)721798270973250U, (uint64_t)161923365415298U, (uint64_t)828530877526011U,
-    (uint64_t)1494851059386763U, (uint64_t)662034171193976U, (uint64_t)1315349646974670U,
-    (uint64_t)2199229517308806U, (uint64_t)497078277852673U, (uint64_t)1310507715989956U,
-    (uint64_t)1881315714002105U, (uint64_t)2214039404983803U, (uint64_t)1331036420272667U,
-    (uint64_t)296286697520787U, (uint64_t)1179367922639127U, (uint64_t)25348441419697U,
-    (uint64_t)2200984961703188U, (uint64_t)150893128908291U, (uint64_t)1978614888570852U,
-    (uint64_t)1539657347172046U, (uint64_t)553810196523619U, (uint64_t)246017573977646U,
-    (uint64_t)1440448985385485U, (uint64_t)346049108099981U, (uint64_t)601166606218546U,
-    (uint64_t)855822004151713U, (uint64_t)1957521326383188U, (uint64_t)1114240380430887U,
-    (uint64_t)1349639675122048U, (uint64_t)957375954499040U, (uint64_t)111551795360136U,
-    (uint64_t)618586733648988U, (uint64_t)490708840688866U, (uint64_t)1267002049697314U,
-    (uint64_t)1130723224930028U, (uint64_t)215603029480828U, (uint64_t)1277138555414710U,
-    (uint64_t)1556750324971322U, (uint64_t)1407903521793741U, (uint64_t)1836836546590749U,
-    (uint64_t)576500297444199U, (uint64_t)2074707599091135U, (uint64_t)1826239864380012U,
-    (uint64_t)1935365705983312U, (uint64_t)239501825683682U, (uint64_t)1594236669034980U,
-    (uint64_t)1283078975055301U, (uint64_t)856745636255925U, (uint64_t)1342128647959981U,
-    (uint64_t)945216428379689U, (uint64_t)938746202496410U, (uint64_t)105775123333919U,
-    (uint64_t)1379852610117266U, (uint64_t)1770216827500275U, (uint64_t)1016017267535704U,
-    (uint64_t)1902885522469532U, (uint64_t)994184703730489U, (uint64_t)2227487538793763U,
-    (uint64_t)53155967096055U, (uint64_t)1264120808114350U, (uint64_t)1334928769376729U,
-    (uint64_t)393911808079997U, (uint64_t)826229239481845U, (uint64_t)1827903006733192U,
-    (uint64_t)1449283706008465U, (uint64_t)1258040415217849U, (uint64_t)1641484112868370U,
-    (uint64_t)1140150841968176U, (uint64_t)391113338021313U, (uint64_t)162138667815833U,
-    (uint64_t)742204396566060U, (uint64_t)110709233440557U, (uint64_t)90179377432917U,
-    (uint64_t)530511949644489U, (uint64_t)911568635552279U, (uint64_t)135869304780166U,
-    (uint64_t)617719999563692U, (uint64_t)1802525001631319U, (uint64_t)1836394639510490U,
-    (uint64_t)1862739456475085U, (uint64_t)1378284444664288U, (uint64_t)1617882529391756U,
-    (uint64_t)876124429891172U, (uint64_t)1147654641445091U, (uint64_t)1476943370400542U,
-    (uint64_t)688601222759067U, (uint64_t)2120281968990205U, (uint64_t)1387113236912611U,
-    (uint64_t)2125245820685788U, (uint64_t)1030674016350092U, (uint64_t)1594684598654247U,
-    (uint64_t)1165939511879820U, (uint64_t)271499323244173U, (uint64_t)546587254515484U,
-    (uint64_t)945603425742936U, (uint64_t)1242252568170226U, (uint64_t)561598728058142U,
-    (uint64_t)604827091794712U, (uint64_t)19869753585186U, (uint64_t)565367744708915U,
-    (uint64_t)536755754533603U, (uint64_t)1767258313589487U, (uint64_t)907952975936127U,
-    (uint64_t)292851652613937U, (uint64_t)163573546237963U, (uint64_t)837601408384564U,
-    (uint64_t)591996990118301U, (uint64_t)2126051747693057U, (uint64_t)182247548824566U,
-    (uint64_t)908369044122868U, (uint64_t)1335442699947273U, (uint64_t)2234292296528612U,
-    (uint64_t)689537529333034U, (uint64_t)2174778663790714U, (uint64_t)1011407643592667U,
-    (uint64_t)1856130618715473U, (uint64_t)1557437221651741U, (uint64_t)2250285407006102U,
-    (uint64_t)1412384213410827U, (uint64_t)1428042038612456U, (uint64_t)962709733973660U,
-    (uint64_t)313995703125919U, (uint64_t)1844969155869325U, (uint64_t)787716782673657U,
-    (uint64_t)622504542173478U, (uint64_t)930119043384654U, (uint64_t)2128870043952488U,
-    (uint64_t)537781531479523U, (uint64_t)1556666269904940U, (uint64_t)417333635741346U,
-    (uint64_t)1986743846438415U, (uint64_t)877620478041197U, (uint64_t)2205624582983829U,
-    (uint64_t)595260668884488U, (uint64_t)2025159350373157U, (uint64_t)2091659716088235U,
-    (uint64_t)1423634716596391U, (uint64_t)653686638634080U, (uint64_t)1972388399989956U,
-    (uint64_t)795575741798014U, (uint64_t)889240107997846U, (uint64_t)1446156876910732U,
-    (uint64_t)1028507012221776U, (uint64_t)1071697574586478U, (uint64_t)1689630411899691U,
-    (uint64_t)604092816502174U, (uint64_t)1909917373896122U, (uint64_t)1602544877643837U,
-    (uint64_t)1227177032923867U, (uint64_t)62684197535630U, (uint64_t)186146290753883U,
-    (uint64_t)414449055316766U, (uint64_t)1560555880866750U, (uint64_t)157579947096755U,
-    (uint64_t)230526795502384U, (uint64_t)1197673369665894U, (uint64_t)593779215869037U,
-    (uint64_t)214638834474097U, (uint64_t)1796344443484478U, (uint64_t)493550548257317U,
-    (uint64_t)1628442824033694U, (uint64_t)1410811655893495U, (uint64_t)1009361960995171U,
-    (uint64_t)604736219740352U, (uint64_t)392445928555351U, (uint64_t)1254295770295706U,
-    (uint64_t)1958074535046128U, (uint64_t)508699942241019U, (uint64_t)739405911261325U,
-    (uint64_t)1678760393882409U, (uint64_t)517763708545996U, (uint64_t)640040257898722U,
-    (uint64_t)384966810872913U, (uint64_t)407454748380128U, (uint64_t)152604679407451U,
-    (uint64_t)185102854927662U, (uint64_t)1448175503649595U, (uint64_t)100328519208674U,
-    (uint64_t)1153263667012830U, (uint64_t)1643926437586490U, (uint64_t)609632142834154U,
-    (uint64_t)980984004749261U, (uint64_t)855290732258779U, (uint64_t)2186022163021506U,
-    (uint64_t)1254052618626070U, (uint64_t)1850030517182611U, (uint64_t)162348933090207U,
-    (uint64_t)1948712273679932U, (uint64_t)1331832516262191U, (uint64_t)1219400369175863U,
-    (uint64_t)89689036937483U, (uint64_t)1554886057235815U, (uint64_t)1520047528432789U,
-    (uint64_t)81263957652811U, (uint64_t)146612464257008U, (uint64_t)2207945627164163U,
-    (uint64_t)919846660682546U, (uint64_t)1925694087906686U, (uint64_t)2102027292388012U,
-    (uint64_t)887992003198635U, (uint64_t)1817924871537027U, (uint64_t)746660005584342U,
-    (uint64_t)753757153275525U, (uint64_t)91394270908699U, (uint64_t)511837226544151U,
-    (uint64_t)736341543649373U, (uint64_t)1256371121466367U, (uint64_t)1977778299551813U,
-    (uint64_t)817915174462263U, (uint64_t)1602323381418035U, (uint64_t)190035164572930U,
-    (uint64_t)603796401391181U, (uint64_t)2152666873671669U, (uint64_t)1813900316324112U,
-    (uint64_t)1292622433358041U, (uint64_t)888439870199892U, (uint64_t)978918155071994U,
-    (uint64_t)534184417909805U, (uint64_t)466460084317313U, (uint64_t)1275223140288685U,
-    (uint64_t)786407043883517U, (uint64_t)1620520623925754U, (uint64_t)1753625021290269U,
-    (uint64_t)751937175104525U, (uint64_t)905301961820613U, (uint64_t)697059847245437U,
-    (uint64_t)584919033981144U, (uint64_t)1272165506533156U, (uint64_t)1532180021450866U,
-    (uint64_t)1901407354005301U, (uint64_t)1421319720492586U, (uint64_t)2179081609765456U,
-    (uint64_t)2193253156667632U, (uint64_t)1080248329608584U, (uint64_t)2158422436462066U,
-    (uint64_t)759167597017850U, (uint64_t)545759071151285U, (uint64_t)641600428493698U,
-    (uint64_t)943791424499848U, (uint64_t)469571542427864U, (uint64_t)951117845222467U,
-    (uint64_t)1780538594373407U, (uint64_t)614611122040309U, (uint64_t)1354826131886963U,
-    (uint64_t)221898131992340U, (uint64_t)1145699723916219U, (uint64_t)798735379961769U,
-    (uint64_t)1843560518208287U, (uint64_t)1424523160161545U, (uint64_t)205549016574779U,
-    (uint64_t)2239491587362749U, (uint64_t)1918363582399888U, (uint64_t)1292183072788455U,
-    (uint64_t)1783513123192567U, (uint64_t)1584027954317205U, (uint64_t)1890421443925740U,
-    (uint64_t)1718459319874929U, (uint64_t)1522091040748809U, (uint64_t)399467600667219U,
-    (uint64_t)1870973059066576U, (uint64_t)287514433150348U, (uint64_t)1397845311152885U,
-    (uint64_t)1880440629872863U, (uint64_t)709302939340341U, (uint64_t)1813571361109209U,
-    (uint64_t)86598795876860U, (uint64_t)1146964554310612U, (uint64_t)1590956584862432U,
-    (uint64_t)2097004628155559U, (uint64_t)656227622102390U, (uint64_t)1808500445541891U,
-    (uint64_t)958336726523135U, (uint64_t)2007604569465975U, (uint64_t)313504950390997U,
-    (uint64_t)1399686004953620U, (uint64_t)1759732788465234U, (uint64_t)1562539721055836U,
-    (uint64_t)1575722765016293U, (uint64_t)793318366641259U, (uint64_t)443876859384887U,
-    (uint64_t)547308921989704U, (uint64_t)636698687503328U, (uint64_t)2179175835287340U,
-    (uint64_t)498333551718258U, (uint64_t)932248760026176U, (uint64_t)1612395686304653U,
-    (uint64_t)2179774103745626U, (uint64_t)1359658123541018U, (uint64_t)171488501802442U,
-    (uint64_t)1625034951791350U, (uint64_t)520196922773633U, (uint64_t)1873787546341877U,
-    (uint64_t)303457823885368U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 1129953239743101ULL, 1240339163956160ULL, 61002583352401ULL,
+    2017604552196030ULL, 1576867829229863ULL, 1508654942849389ULL, 270111619664077ULL,
+    1253097517254054ULL, 721798270973250ULL, 161923365415298ULL, 828530877526011ULL,
+    1494851059386763ULL, 662034171193976ULL, 1315349646974670ULL, 2199229517308806ULL,
+    497078277852673ULL, 1310507715989956ULL, 1881315714002105ULL, 2214039404983803ULL,
+    1331036420272667ULL, 296286697520787ULL, 1179367922639127ULL, 25348441419697ULL,
+    2200984961703188ULL, 150893128908291ULL, 1978614888570852ULL, 1539657347172046ULL,
+    553810196523619ULL, 246017573977646ULL, 1440448985385485ULL, 346049108099981ULL,
+    601166606218546ULL, 855822004151713ULL, 1957521326383188ULL, 1114240380430887ULL,
+    1349639675122048ULL, 957375954499040ULL, 111551795360136ULL, 618586733648988ULL,
+    490708840688866ULL, 1267002049697314ULL, 1130723224930028ULL, 215603029480828ULL,
+    1277138555414710ULL, 1556750324971322ULL, 1407903521793741ULL, 1836836546590749ULL,
+    576500297444199ULL, 2074707599091135ULL, 1826239864380012ULL, 1935365705983312ULL,
+    239501825683682ULL, 1594236669034980ULL, 1283078975055301ULL, 856745636255925ULL,
+    1342128647959981ULL, 945216428379689ULL, 938746202496410ULL, 105775123333919ULL,
+    1379852610117266ULL, 1770216827500275ULL, 1016017267535704ULL, 1902885522469532ULL,
+    994184703730489ULL, 2227487538793763ULL, 53155967096055ULL, 1264120808114350ULL,
+    1334928769376729ULL, 393911808079997ULL, 826229239481845ULL, 1827903006733192ULL,
+    1449283706008465ULL, 1258040415217849ULL, 1641484112868370ULL, 1140150841968176ULL,
+    391113338021313ULL, 162138667815833ULL, 742204396566060ULL, 110709233440557ULL,
+    90179377432917ULL, 530511949644489ULL, 911568635552279ULL, 135869304780166ULL,
+    617719999563692ULL, 1802525001631319ULL, 1836394639510490ULL, 1862739456475085ULL,
+    1378284444664288ULL, 1617882529391756ULL, 876124429891172ULL, 1147654641445091ULL,
+    1476943370400542ULL, 688601222759067ULL, 2120281968990205ULL, 1387113236912611ULL,
+    2125245820685788ULL, 1030674016350092ULL, 1594684598654247ULL, 1165939511879820ULL,
+    271499323244173ULL, 546587254515484ULL, 945603425742936ULL, 1242252568170226ULL,
+    561598728058142ULL, 604827091794712ULL, 19869753585186ULL, 565367744708915ULL,
+    536755754533603ULL, 1767258313589487ULL, 907952975936127ULL, 292851652613937ULL,
+    163573546237963ULL, 837601408384564ULL, 591996990118301ULL, 2126051747693057ULL,
+    182247548824566ULL, 908369044122868ULL, 1335442699947273ULL, 2234292296528612ULL,
+    689537529333034ULL, 2174778663790714ULL, 1011407643592667ULL, 1856130618715473ULL,
+    1557437221651741ULL, 2250285407006102ULL, 1412384213410827ULL, 1428042038612456ULL,
+    962709733973660ULL, 313995703125919ULL, 1844969155869325ULL, 787716782673657ULL,
+    622504542173478ULL, 930119043384654ULL, 2128870043952488ULL, 537781531479523ULL,
+    1556666269904940ULL, 417333635741346ULL, 1986743846438415ULL, 877620478041197ULL,
+    2205624582983829ULL, 595260668884488ULL, 2025159350373157ULL, 2091659716088235ULL,
+    1423634716596391ULL, 653686638634080ULL, 1972388399989956ULL, 795575741798014ULL,
+    889240107997846ULL, 1446156876910732ULL, 1028507012221776ULL, 1071697574586478ULL,
+    1689630411899691ULL, 604092816502174ULL, 1909917373896122ULL, 1602544877643837ULL,
+    1227177032923867ULL, 62684197535630ULL, 186146290753883ULL, 414449055316766ULL,
+    1560555880866750ULL, 157579947096755ULL, 230526795502384ULL, 1197673369665894ULL,
+    593779215869037ULL, 214638834474097ULL, 1796344443484478ULL, 493550548257317ULL,
+    1628442824033694ULL, 1410811655893495ULL, 1009361960995171ULL, 604736219740352ULL,
+    392445928555351ULL, 1254295770295706ULL, 1958074535046128ULL, 508699942241019ULL,
+    739405911261325ULL, 1678760393882409ULL, 517763708545996ULL, 640040257898722ULL,
+    384966810872913ULL, 407454748380128ULL, 152604679407451ULL, 185102854927662ULL,
+    1448175503649595ULL, 100328519208674ULL, 1153263667012830ULL, 1643926437586490ULL,
+    609632142834154ULL, 980984004749261ULL, 855290732258779ULL, 2186022163021506ULL,
+    1254052618626070ULL, 1850030517182611ULL, 162348933090207ULL, 1948712273679932ULL,
+    1331832516262191ULL, 1219400369175863ULL, 89689036937483ULL, 1554886057235815ULL,
+    1520047528432789ULL, 81263957652811ULL, 146612464257008ULL, 2207945627164163ULL,
+    919846660682546ULL, 1925694087906686ULL, 2102027292388012ULL, 887992003198635ULL,
+    1817924871537027ULL, 746660005584342ULL, 753757153275525ULL, 91394270908699ULL,
+    511837226544151ULL, 736341543649373ULL, 1256371121466367ULL, 1977778299551813ULL,
+    817915174462263ULL, 1602323381418035ULL, 190035164572930ULL, 603796401391181ULL,
+    2152666873671669ULL, 1813900316324112ULL, 1292622433358041ULL, 888439870199892ULL,
+    978918155071994ULL, 534184417909805ULL, 466460084317313ULL, 1275223140288685ULL,
+    786407043883517ULL, 1620520623925754ULL, 1753625021290269ULL, 751937175104525ULL,
+    905301961820613ULL, 697059847245437ULL, 584919033981144ULL, 1272165506533156ULL,
+    1532180021450866ULL, 1901407354005301ULL, 1421319720492586ULL, 2179081609765456ULL,
+    2193253156667632ULL, 1080248329608584ULL, 2158422436462066ULL, 759167597017850ULL,
+    545759071151285ULL, 641600428493698ULL, 943791424499848ULL, 469571542427864ULL,
+    951117845222467ULL, 1780538594373407ULL, 614611122040309ULL, 1354826131886963ULL,
+    221898131992340ULL, 1145699723916219ULL, 798735379961769ULL, 1843560518208287ULL,
+    1424523160161545ULL, 205549016574779ULL, 2239491587362749ULL, 1918363582399888ULL,
+    1292183072788455ULL, 1783513123192567ULL, 1584027954317205ULL, 1890421443925740ULL,
+    1718459319874929ULL, 1522091040748809ULL, 399467600667219ULL, 1870973059066576ULL,
+    287514433150348ULL, 1397845311152885ULL, 1880440629872863ULL, 709302939340341ULL,
+    1813571361109209ULL, 86598795876860ULL, 1146964554310612ULL, 1590956584862432ULL,
+    2097004628155559ULL, 656227622102390ULL, 1808500445541891ULL, 958336726523135ULL,
+    2007604569465975ULL, 313504950390997ULL, 1399686004953620ULL, 1759732788465234ULL,
+    1562539721055836ULL, 1575722765016293ULL, 793318366641259ULL, 443876859384887ULL,
+    547308921989704ULL, 636698687503328ULL, 2179175835287340ULL, 498333551718258ULL,
+    932248760026176ULL, 1612395686304653ULL, 2179774103745626ULL, 1359658123541018ULL,
+    171488501802442ULL, 1625034951791350ULL, 520196922773633ULL, 1873787546341877ULL,
+    303457823885368ULL
   };
 
 static const
 uint64_t
 Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5[640U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)1738742601995546U, (uint64_t)1146398526822698U,
-    (uint64_t)2070867633025821U, (uint64_t)562264141797630U, (uint64_t)587772402128613U,
-    (uint64_t)1801439850948184U, (uint64_t)1351079888211148U, (uint64_t)450359962737049U,
-    (uint64_t)900719925474099U, (uint64_t)1801439850948198U, (uint64_t)1U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1841354044333475U,
-    (uint64_t)16398895984059U, (uint64_t)755974180946558U, (uint64_t)900171276175154U,
-    (uint64_t)1821297809914039U, (uint64_t)1661154287933054U, (uint64_t)284530020860578U,
-    (uint64_t)1390261174866914U, (uint64_t)1524110943907984U, (uint64_t)1045603498418422U,
-    (uint64_t)928651508580478U, (uint64_t)1383326941296346U, (uint64_t)961937908925785U,
-    (uint64_t)80455759693706U, (uint64_t)904734540352947U, (uint64_t)1507481815385608U,
-    (uint64_t)2223447444246085U, (uint64_t)1083941587175919U, (uint64_t)2059929906842505U,
-    (uint64_t)1581435440146976U, (uint64_t)782730187692425U, (uint64_t)9928394897574U,
-    (uint64_t)1539449519985236U, (uint64_t)1923587931078510U, (uint64_t)552919286076056U,
-    (uint64_t)376925408065760U, (uint64_t)447320488831784U, (uint64_t)1362918338468019U,
-    (uint64_t)1470031896696846U, (uint64_t)2189796996539902U, (uint64_t)1337552949959847U,
-    (uint64_t)1762287177775726U, (uint64_t)237994495816815U, (uint64_t)1277840395970544U,
-    (uint64_t)543972849007241U, (uint64_t)1224692671618814U, (uint64_t)162359533289271U,
-    (uint64_t)282240927125249U, (uint64_t)586909166382289U, (uint64_t)17726488197838U,
-    (uint64_t)377014554985659U, (uint64_t)1433835303052512U, (uint64_t)702061469493692U,
-    (uint64_t)1142253108318154U, (uint64_t)318297794307551U, (uint64_t)954362646308543U,
-    (uint64_t)517363881452320U, (uint64_t)1868013482130416U, (uint64_t)262562472373260U,
-    (uint64_t)902232853249919U, (uint64_t)2107343057055746U, (uint64_t)462368348619024U,
-    (uint64_t)1893758677092974U, (uint64_t)2177729767846389U, (uint64_t)2168532543559143U,
-    (uint64_t)443867094639821U, (uint64_t)730169342581022U, (uint64_t)1564589016879755U,
-    (uint64_t)51218195700649U, (uint64_t)76684578423745U, (uint64_t)560266272480743U,
-    (uint64_t)922517457707697U, (uint64_t)2066645939860874U, (uint64_t)1318277348414638U,
-    (uint64_t)1576726809084003U, (uint64_t)1817337608563665U, (uint64_t)1874240939237666U,
-    (uint64_t)754733726333910U, (uint64_t)97085310406474U, (uint64_t)751148364309235U,
-    (uint64_t)1622159695715187U, (uint64_t)1444098819684916U, (uint64_t)130920805558089U,
-    (uint64_t)1260449179085308U, (uint64_t)1860021740768461U, (uint64_t)110052860348509U,
-    (uint64_t)193830891643810U, (uint64_t)164148413933881U, (uint64_t)180017794795332U,
-    (uint64_t)1523506525254651U, (uint64_t)465981629225956U, (uint64_t)559733514964572U,
-    (uint64_t)1279624874416974U, (uint64_t)2026642326892306U, (uint64_t)1425156829982409U,
-    (uint64_t)2160936383793147U, (uint64_t)1061870624975247U, (uint64_t)2023497043036941U,
-    (uint64_t)117942212883190U, (uint64_t)490339622800774U, (uint64_t)1729931303146295U,
-    (uint64_t)422305932971074U, (uint64_t)529103152793096U, (uint64_t)1211973233775992U,
-    (uint64_t)721364955929681U, (uint64_t)1497674430438813U, (uint64_t)342545521275073U,
-    (uint64_t)2102107575279372U, (uint64_t)2108462244669966U, (uint64_t)1382582406064082U,
-    (uint64_t)2206396818383323U, (uint64_t)2109093268641147U, (uint64_t)10809845110983U,
-    (uint64_t)1605176920880099U, (uint64_t)744640650753946U, (uint64_t)1712758897518129U,
-    (uint64_t)373410811281809U, (uint64_t)648838265800209U, (uint64_t)813058095530999U,
-    (uint64_t)513987632620169U, (uint64_t)465516160703329U, (uint64_t)2136322186126330U,
-    (uint64_t)1979645899422932U, (uint64_t)1197131006470786U, (uint64_t)1467836664863979U,
-    (uint64_t)1340751381374628U, (uint64_t)1810066212667962U, (uint64_t)1009933588225499U,
-    (uint64_t)1106129188080873U, (uint64_t)1388980405213901U, (uint64_t)533719246598044U,
-    (uint64_t)1169435803073277U, (uint64_t)198920999285821U, (uint64_t)487492330629854U,
-    (uint64_t)1807093008537778U, (uint64_t)1540899012923865U, (uint64_t)2075080271659867U,
-    (uint64_t)1527990806921523U, (uint64_t)1323728742908002U, (uint64_t)1568595959608205U,
-    (uint64_t)1388032187497212U, (uint64_t)2026968840050568U, (uint64_t)1396591153295755U,
-    (uint64_t)820416950170901U, (uint64_t)520060313205582U, (uint64_t)2016404325094901U,
-    (uint64_t)1584709677868520U, (uint64_t)272161374469956U, (uint64_t)1567188603996816U,
-    (uint64_t)1986160530078221U, (uint64_t)553930264324589U, (uint64_t)1058426729027503U,
-    (uint64_t)8762762886675U, (uint64_t)2216098143382988U, (uint64_t)1835145266889223U,
-    (uint64_t)1712936431558441U, (uint64_t)1017009937844974U, (uint64_t)585361667812740U,
-    (uint64_t)2114711541628181U, (uint64_t)2238729632971439U, (uint64_t)121257546253072U,
-    (uint64_t)847154149018345U, (uint64_t)211972965476684U, (uint64_t)287499084460129U,
-    (uint64_t)2098247259180197U, (uint64_t)839070411583329U, (uint64_t)339551619574372U,
-    (uint64_t)1432951287640743U, (uint64_t)526481249498942U, (uint64_t)931991661905195U,
-    (uint64_t)1884279965674487U, (uint64_t)200486405604411U, (uint64_t)364173020594788U,
-    (uint64_t)518034455936955U, (uint64_t)1085564703965501U, (uint64_t)16030410467927U,
-    (uint64_t)604865933167613U, (uint64_t)1695298441093964U, (uint64_t)498856548116159U,
-    (uint64_t)2193030062787034U, (uint64_t)1706339802964179U, (uint64_t)1721199073493888U,
-    (uint64_t)820740951039755U, (uint64_t)1216053436896834U, (uint64_t)23954895815139U,
-    (uint64_t)1662515208920491U, (uint64_t)1705443427511899U, (uint64_t)1957928899570365U,
-    (uint64_t)1189636258255725U, (uint64_t)1795695471103809U, (uint64_t)1691191297654118U,
-    (uint64_t)282402585374360U, (uint64_t)460405330264832U, (uint64_t)63765529445733U,
-    (uint64_t)469763447404473U, (uint64_t)733607089694996U, (uint64_t)685410420186959U,
-    (uint64_t)1096682630419738U, (uint64_t)1162548510542362U, (uint64_t)1020949526456676U,
-    (uint64_t)1211660396870573U, (uint64_t)613126398222696U, (uint64_t)1117829165843251U,
-    (uint64_t)742432540886650U, (uint64_t)1483755088010658U, (uint64_t)942392007134474U,
-    (uint64_t)1447834130944107U, (uint64_t)489368274863410U, (uint64_t)23192985544898U,
-    (uint64_t)648442406146160U, (uint64_t)785438843373876U, (uint64_t)249464684645238U,
-    (uint64_t)170494608205618U, (uint64_t)335112827260550U, (uint64_t)1462050123162735U,
-    (uint64_t)1084803668439016U, (uint64_t)853459233600325U, (uint64_t)215777728187495U,
-    (uint64_t)1965759433526974U, (uint64_t)1349482894446537U, (uint64_t)694163317612871U,
-    (uint64_t)860536766165036U, (uint64_t)1178788094084321U, (uint64_t)1652739626626996U,
-    (uint64_t)2115723946388185U, (uint64_t)1577204379094664U, (uint64_t)1083882859023240U,
-    (uint64_t)1768759143381635U, (uint64_t)1737180992507258U, (uint64_t)246054513922239U,
-    (uint64_t)577253134087234U, (uint64_t)356340280578042U, (uint64_t)1638917769925142U,
-    (uint64_t)223550348130103U, (uint64_t)470592666638765U, (uint64_t)22663573966996U,
-    (uint64_t)596552461152400U, (uint64_t)364143537069499U, (uint64_t)3942119457699U,
-    (uint64_t)107951982889287U, (uint64_t)1843471406713209U, (uint64_t)1625773041610986U,
-    (uint64_t)1466141092501702U, (uint64_t)1043024095021271U, (uint64_t)310429964047508U,
-    (uint64_t)98559121500372U, (uint64_t)152746933782868U, (uint64_t)259407205078261U,
-    (uint64_t)828123093322585U, (uint64_t)1576847274280091U, (uint64_t)1170871375757302U,
-    (uint64_t)1588856194642775U, (uint64_t)984767822341977U, (uint64_t)1141497997993760U,
-    (uint64_t)809325345150796U, (uint64_t)1879837728202511U, (uint64_t)201340910657893U,
-    (uint64_t)1079157558888483U, (uint64_t)1052373448588065U, (uint64_t)1732036202501778U,
-    (uint64_t)2105292670328445U, (uint64_t)679751387312402U, (uint64_t)1679682144926229U,
-    (uint64_t)1695823455818780U, (uint64_t)498852317075849U, (uint64_t)1786555067788433U,
-    (uint64_t)1670727545779425U, (uint64_t)117945875433544U, (uint64_t)407939139781844U,
-    (uint64_t)854632120023778U, (uint64_t)1413383148360437U, (uint64_t)286030901733673U,
-    (uint64_t)1207361858071196U, (uint64_t)461340408181417U, (uint64_t)1096919590360164U,
-    (uint64_t)1837594897475685U, (uint64_t)533755561544165U, (uint64_t)1638688042247712U,
-    (uint64_t)1431653684793005U, (uint64_t)1036458538873559U, (uint64_t)390822120341779U,
-    (uint64_t)1920929837111618U, (uint64_t)543426740024168U, (uint64_t)645751357799929U,
-    (uint64_t)2245025632994463U, (uint64_t)1550778638076452U, (uint64_t)223738153459949U,
-    (uint64_t)1337209385492033U, (uint64_t)1276967236456531U, (uint64_t)1463815821063071U,
-    (uint64_t)2070620870191473U, (uint64_t)1199170709413753U, (uint64_t)273230877394166U,
-    (uint64_t)1873264887608046U, (uint64_t)890877152910775U, (uint64_t)983226445635730U,
-    (uint64_t)44873798519521U, (uint64_t)697147127512130U, (uint64_t)961631038239304U,
-    (uint64_t)709966160696826U, (uint64_t)1706677689540366U, (uint64_t)502782733796035U,
-    (uint64_t)812545535346033U, (uint64_t)1693622521296452U, (uint64_t)1955813093002510U,
-    (uint64_t)1259937612881362U, (uint64_t)1873032503803559U, (uint64_t)1140330566016428U,
-    (uint64_t)1675726082440190U, (uint64_t)60029928909786U, (uint64_t)170335608866763U,
-    (uint64_t)766444312315022U, (uint64_t)2025049511434113U, (uint64_t)2200845622430647U,
-    (uint64_t)1201269851450408U, (uint64_t)590071752404907U, (uint64_t)1400995030286946U,
-    (uint64_t)2152637413853822U, (uint64_t)2108495473841983U, (uint64_t)3855406710349U,
-    (uint64_t)1726137673168580U, (uint64_t)51004317200100U, (uint64_t)1749082328586939U,
-    (uint64_t)1704088976144558U, (uint64_t)1977318954775118U, (uint64_t)2062602253162400U,
-    (uint64_t)948062503217479U, (uint64_t)361953965048030U, (uint64_t)1528264887238440U,
-    (uint64_t)62582552172290U, (uint64_t)2241602163389280U, (uint64_t)156385388121765U,
-    (uint64_t)2124100319761492U, (uint64_t)388928050571382U, (uint64_t)1556123596922727U,
-    (uint64_t)979310669812384U, (uint64_t)113043855206104U, (uint64_t)2023223924825469U,
-    (uint64_t)643651703263034U, (uint64_t)2234446903655540U, (uint64_t)1577241261424997U,
-    (uint64_t)860253174523845U, (uint64_t)1691026473082448U, (uint64_t)1091672764933872U,
-    (uint64_t)1957463109756365U, (uint64_t)530699502660193U, (uint64_t)349587141723569U,
-    (uint64_t)674661681919563U, (uint64_t)1633727303856240U, (uint64_t)708909037922144U,
-    (uint64_t)2160722508518119U, (uint64_t)1302188051602540U, (uint64_t)976114603845777U,
-    (uint64_t)120004758721939U, (uint64_t)1681630708873780U, (uint64_t)622274095069244U,
-    (uint64_t)1822346309016698U, (uint64_t)1100921177951904U, (uint64_t)2216952659181677U,
-    (uint64_t)1844020550362490U, (uint64_t)1976451368365774U, (uint64_t)1321101422068822U,
-    (uint64_t)1189859436282668U, (uint64_t)2008801879735257U, (uint64_t)2219413454333565U,
-    (uint64_t)424288774231098U, (uint64_t)359793146977912U, (uint64_t)270293357948703U,
-    (uint64_t)587226003677000U, (uint64_t)1482071926139945U, (uint64_t)1419630774650359U,
-    (uint64_t)1104739070570175U, (uint64_t)1662129023224130U, (uint64_t)1609203612533411U,
-    (uint64_t)1250932720691980U, (uint64_t)95215711818495U, (uint64_t)498746909028150U,
-    (uint64_t)158151296991874U, (uint64_t)1201379988527734U, (uint64_t)561599945143989U,
-    (uint64_t)2211577425617888U, (uint64_t)2166577612206324U, (uint64_t)1057590354233512U,
-    (uint64_t)1968123280416769U, (uint64_t)1316586165401313U, (uint64_t)762728164447634U,
-    (uint64_t)2045395244316047U, (uint64_t)1531796898725716U, (uint64_t)315385971670425U,
-    (uint64_t)1109421039396756U, (uint64_t)2183635256408562U, (uint64_t)1896751252659461U,
-    (uint64_t)840236037179080U, (uint64_t)796245792277211U, (uint64_t)508345890111193U,
-    (uint64_t)1275386465287222U, (uint64_t)513560822858784U, (uint64_t)1784735733120313U,
-    (uint64_t)1346467478899695U, (uint64_t)601125231208417U, (uint64_t)701076661112726U,
-    (uint64_t)1841998436455089U, (uint64_t)1156768600940434U, (uint64_t)1967853462343221U,
-    (uint64_t)2178318463061452U, (uint64_t)481885520752741U, (uint64_t)675262828640945U,
-    (uint64_t)1033539418596582U, (uint64_t)1743329872635846U, (uint64_t)159322641251283U,
-    (uint64_t)1573076470127113U, (uint64_t)954827619308195U, (uint64_t)778834750662635U,
-    (uint64_t)619912782122617U, (uint64_t)515681498488209U, (uint64_t)1675866144246843U,
-    (uint64_t)811716020969981U, (uint64_t)1125515272217398U, (uint64_t)1398917918287342U,
-    (uint64_t)1301680949183175U, (uint64_t)726474739583734U, (uint64_t)587246193475200U,
-    (uint64_t)1096581582611864U, (uint64_t)1469911826213486U, (uint64_t)1990099711206364U,
-    (uint64_t)1256496099816508U, (uint64_t)2019924615195672U, (uint64_t)1251232456707555U,
-    (uint64_t)2042971196009755U, (uint64_t)214061878479265U, (uint64_t)115385726395472U,
-    (uint64_t)1677875239524132U, (uint64_t)756888883383540U, (uint64_t)1153862117756233U,
-    (uint64_t)503391530851096U, (uint64_t)946070017477513U, (uint64_t)1878319040542579U,
-    (uint64_t)1101349418586920U, (uint64_t)793245696431613U, (uint64_t)397920495357645U,
-    (uint64_t)2174023872951112U, (uint64_t)1517867915189593U, (uint64_t)1829855041462995U,
-    (uint64_t)1046709983503619U, (uint64_t)424081940711857U, (uint64_t)2112438073094647U,
-    (uint64_t)1504338467349861U, (uint64_t)2244574127374532U, (uint64_t)2136937537441911U,
-    (uint64_t)1741150838990304U, (uint64_t)25894628400571U, (uint64_t)512213526781178U,
-    (uint64_t)1168384260796379U, (uint64_t)1424607682379833U, (uint64_t)938677789731564U,
-    (uint64_t)872882241891896U, (uint64_t)1713199397007700U, (uint64_t)1410496326218359U,
-    (uint64_t)854379752407031U, (uint64_t)465141611727634U, (uint64_t)315176937037857U,
-    (uint64_t)1020115054571233U, (uint64_t)1856290111077229U, (uint64_t)2028366269898204U,
-    (uint64_t)1432980880307543U, (uint64_t)469932710425448U, (uint64_t)581165267592247U,
-    (uint64_t)496399148156603U, (uint64_t)2063435226705903U, (uint64_t)2116841086237705U,
-    (uint64_t)498272567217048U, (uint64_t)1829438076967906U, (uint64_t)1573925801278491U,
-    (uint64_t)460763576329867U, (uint64_t)1705264723728225U, (uint64_t)999514866082412U,
-    (uint64_t)29635061779362U, (uint64_t)1884233592281020U, (uint64_t)1449755591461338U,
-    (uint64_t)42579292783222U, (uint64_t)1869504355369200U, (uint64_t)495506004805251U,
-    (uint64_t)264073104888427U, (uint64_t)2088880861028612U, (uint64_t)104646456386576U,
-    (uint64_t)1258445191399967U, (uint64_t)1348736801545799U, (uint64_t)2068276361286613U,
-    (uint64_t)884897216646374U, (uint64_t)922387476801376U, (uint64_t)1043886580402805U,
-    (uint64_t)1240883498470831U, (uint64_t)1601554651937110U, (uint64_t)804382935289482U,
-    (uint64_t)512379564477239U, (uint64_t)1466384519077032U, (uint64_t)1280698500238386U,
-    (uint64_t)211303836685749U, (uint64_t)2081725624793803U, (uint64_t)545247644516879U,
-    (uint64_t)215313359330384U, (uint64_t)286479751145614U, (uint64_t)2213650281751636U,
-    (uint64_t)2164927945999874U, (uint64_t)2072162991540882U, (uint64_t)1443769115444779U,
-    (uint64_t)1581473274363095U, (uint64_t)434633875922699U, (uint64_t)340456055781599U,
-    (uint64_t)373043091080189U, (uint64_t)839476566531776U, (uint64_t)1856706858509978U,
-    (uint64_t)931616224909153U, (uint64_t)1888181317414065U, (uint64_t)213654322650262U,
-    (uint64_t)1161078103416244U, (uint64_t)1822042328851513U, (uint64_t)915817709028812U,
-    (uint64_t)1828297056698188U, (uint64_t)1212017130909403U, (uint64_t)60258343247333U,
-    (uint64_t)342085800008230U, (uint64_t)930240559508270U, (uint64_t)1549884999174952U,
-    (uint64_t)809895264249462U, (uint64_t)184726257947682U, (uint64_t)1157065433504828U,
-    (uint64_t)1209999630381477U, (uint64_t)999920399374391U, (uint64_t)1714770150788163U,
-    (uint64_t)2026130985413228U, (uint64_t)506776632883140U, (uint64_t)1349042668246528U,
-    (uint64_t)1937232292976967U, (uint64_t)942302637530730U, (uint64_t)160211904766226U,
-    (uint64_t)1042724500438571U, (uint64_t)212454865139142U, (uint64_t)244104425172642U,
-    (uint64_t)1376990622387496U, (uint64_t)76126752421227U, (uint64_t)1027540886376422U,
-    (uint64_t)1912210655133026U, (uint64_t)13410411589575U, (uint64_t)1475856708587773U,
-    (uint64_t)615563352691682U, (uint64_t)1446629324872644U, (uint64_t)1683670301784014U,
-    (uint64_t)1049873327197127U, (uint64_t)1826401704084838U, (uint64_t)2032577048760775U,
-    (uint64_t)1922203607878853U, (uint64_t)836708788764806U, (uint64_t)2193084654695012U,
-    (uint64_t)1342923183256659U, (uint64_t)849356986294271U, (uint64_t)1228863973965618U,
-    (uint64_t)94886161081867U, (uint64_t)1423288430204892U, (uint64_t)2016167528707016U,
-    (uint64_t)1633187660972877U, (uint64_t)1550621242301752U, (uint64_t)340630244512994U,
-    (uint64_t)2103577710806901U, (uint64_t)221625016538931U, (uint64_t)421544147350960U,
-    (uint64_t)580428704555156U, (uint64_t)1479831381265617U, (uint64_t)518057926544698U,
-    (uint64_t)955027348790630U, (uint64_t)1326749172561598U, (uint64_t)1118304625755967U,
-    (uint64_t)1994005916095176U, (uint64_t)1799757332780663U, (uint64_t)751343129396941U,
-    (uint64_t)1468672898746144U, (uint64_t)1451689964451386U, (uint64_t)755070293921171U,
-    (uint64_t)904857405877052U, (uint64_t)1276087530766984U, (uint64_t)403986562858511U,
-    (uint64_t)1530661255035337U, (uint64_t)1644972908910502U, (uint64_t)1370170080438957U,
-    (uint64_t)139839536695744U, (uint64_t)909930462436512U, (uint64_t)1899999215356933U,
-    (uint64_t)635992381064566U, (uint64_t)788740975837654U, (uint64_t)224241231493695U,
-    (uint64_t)1267090030199302U, (uint64_t)998908061660139U, (uint64_t)1784537499699278U,
-    (uint64_t)859195370018706U, (uint64_t)1953966091439379U, (uint64_t)2189271820076010U,
-    (uint64_t)2039067059943978U, (uint64_t)1526694380855202U, (uint64_t)2040321513194941U,
-    (uint64_t)329922071218689U, (uint64_t)1953032256401326U, (uint64_t)989631424403521U,
-    (uint64_t)328825014934242U, (uint64_t)9407151397696U, (uint64_t)63551373671268U,
-    (uint64_t)1624728632895792U, (uint64_t)1608324920739262U, (uint64_t)1178239350351945U,
-    (uint64_t)1198077399579702U, (uint64_t)277620088676229U, (uint64_t)1775359437312528U,
-    (uint64_t)1653558177737477U, (uint64_t)1652066043408850U, (uint64_t)1063359889686622U,
-    (uint64_t)1975063804860653U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 1738742601995546ULL, 1146398526822698ULL, 2070867633025821ULL,
+    562264141797630ULL, 587772402128613ULL, 1801439850948184ULL, 1351079888211148ULL,
+    450359962737049ULL, 900719925474099ULL, 1801439850948198ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    1841354044333475ULL, 16398895984059ULL, 755974180946558ULL, 900171276175154ULL,
+    1821297809914039ULL, 1661154287933054ULL, 284530020860578ULL, 1390261174866914ULL,
+    1524110943907984ULL, 1045603498418422ULL, 928651508580478ULL, 1383326941296346ULL,
+    961937908925785ULL, 80455759693706ULL, 904734540352947ULL, 1507481815385608ULL,
+    2223447444246085ULL, 1083941587175919ULL, 2059929906842505ULL, 1581435440146976ULL,
+    782730187692425ULL, 9928394897574ULL, 1539449519985236ULL, 1923587931078510ULL,
+    552919286076056ULL, 376925408065760ULL, 447320488831784ULL, 1362918338468019ULL,
+    1470031896696846ULL, 2189796996539902ULL, 1337552949959847ULL, 1762287177775726ULL,
+    237994495816815ULL, 1277840395970544ULL, 543972849007241ULL, 1224692671618814ULL,
+    162359533289271ULL, 282240927125249ULL, 586909166382289ULL, 17726488197838ULL,
+    377014554985659ULL, 1433835303052512ULL, 702061469493692ULL, 1142253108318154ULL,
+    318297794307551ULL, 954362646308543ULL, 517363881452320ULL, 1868013482130416ULL,
+    262562472373260ULL, 902232853249919ULL, 2107343057055746ULL, 462368348619024ULL,
+    1893758677092974ULL, 2177729767846389ULL, 2168532543559143ULL, 443867094639821ULL,
+    730169342581022ULL, 1564589016879755ULL, 51218195700649ULL, 76684578423745ULL,
+    560266272480743ULL, 922517457707697ULL, 2066645939860874ULL, 1318277348414638ULL,
+    1576726809084003ULL, 1817337608563665ULL, 1874240939237666ULL, 754733726333910ULL,
+    97085310406474ULL, 751148364309235ULL, 1622159695715187ULL, 1444098819684916ULL,
+    130920805558089ULL, 1260449179085308ULL, 1860021740768461ULL, 110052860348509ULL,
+    193830891643810ULL, 164148413933881ULL, 180017794795332ULL, 1523506525254651ULL,
+    465981629225956ULL, 559733514964572ULL, 1279624874416974ULL, 2026642326892306ULL,
+    1425156829982409ULL, 2160936383793147ULL, 1061870624975247ULL, 2023497043036941ULL,
+    117942212883190ULL, 490339622800774ULL, 1729931303146295ULL, 422305932971074ULL,
+    529103152793096ULL, 1211973233775992ULL, 721364955929681ULL, 1497674430438813ULL,
+    342545521275073ULL, 2102107575279372ULL, 2108462244669966ULL, 1382582406064082ULL,
+    2206396818383323ULL, 2109093268641147ULL, 10809845110983ULL, 1605176920880099ULL,
+    744640650753946ULL, 1712758897518129ULL, 373410811281809ULL, 648838265800209ULL,
+    813058095530999ULL, 513987632620169ULL, 465516160703329ULL, 2136322186126330ULL,
+    1979645899422932ULL, 1197131006470786ULL, 1467836664863979ULL, 1340751381374628ULL,
+    1810066212667962ULL, 1009933588225499ULL, 1106129188080873ULL, 1388980405213901ULL,
+    533719246598044ULL, 1169435803073277ULL, 198920999285821ULL, 487492330629854ULL,
+    1807093008537778ULL, 1540899012923865ULL, 2075080271659867ULL, 1527990806921523ULL,
+    1323728742908002ULL, 1568595959608205ULL, 1388032187497212ULL, 2026968840050568ULL,
+    1396591153295755ULL, 820416950170901ULL, 520060313205582ULL, 2016404325094901ULL,
+    1584709677868520ULL, 272161374469956ULL, 1567188603996816ULL, 1986160530078221ULL,
+    553930264324589ULL, 1058426729027503ULL, 8762762886675ULL, 2216098143382988ULL,
+    1835145266889223ULL, 1712936431558441ULL, 1017009937844974ULL, 585361667812740ULL,
+    2114711541628181ULL, 2238729632971439ULL, 121257546253072ULL, 847154149018345ULL,
+    211972965476684ULL, 287499084460129ULL, 2098247259180197ULL, 839070411583329ULL,
+    339551619574372ULL, 1432951287640743ULL, 526481249498942ULL, 931991661905195ULL,
+    1884279965674487ULL, 200486405604411ULL, 364173020594788ULL, 518034455936955ULL,
+    1085564703965501ULL, 16030410467927ULL, 604865933167613ULL, 1695298441093964ULL,
+    498856548116159ULL, 2193030062787034ULL, 1706339802964179ULL, 1721199073493888ULL,
+    820740951039755ULL, 1216053436896834ULL, 23954895815139ULL, 1662515208920491ULL,
+    1705443427511899ULL, 1957928899570365ULL, 1189636258255725ULL, 1795695471103809ULL,
+    1691191297654118ULL, 282402585374360ULL, 460405330264832ULL, 63765529445733ULL,
+    469763447404473ULL, 733607089694996ULL, 685410420186959ULL, 1096682630419738ULL,
+    1162548510542362ULL, 1020949526456676ULL, 1211660396870573ULL, 613126398222696ULL,
+    1117829165843251ULL, 742432540886650ULL, 1483755088010658ULL, 942392007134474ULL,
+    1447834130944107ULL, 489368274863410ULL, 23192985544898ULL, 648442406146160ULL,
+    785438843373876ULL, 249464684645238ULL, 170494608205618ULL, 335112827260550ULL,
+    1462050123162735ULL, 1084803668439016ULL, 853459233600325ULL, 215777728187495ULL,
+    1965759433526974ULL, 1349482894446537ULL, 694163317612871ULL, 860536766165036ULL,
+    1178788094084321ULL, 1652739626626996ULL, 2115723946388185ULL, 1577204379094664ULL,
+    1083882859023240ULL, 1768759143381635ULL, 1737180992507258ULL, 246054513922239ULL,
+    577253134087234ULL, 356340280578042ULL, 1638917769925142ULL, 223550348130103ULL,
+    470592666638765ULL, 22663573966996ULL, 596552461152400ULL, 364143537069499ULL, 3942119457699ULL,
+    107951982889287ULL, 1843471406713209ULL, 1625773041610986ULL, 1466141092501702ULL,
+    1043024095021271ULL, 310429964047508ULL, 98559121500372ULL, 152746933782868ULL,
+    259407205078261ULL, 828123093322585ULL, 1576847274280091ULL, 1170871375757302ULL,
+    1588856194642775ULL, 984767822341977ULL, 1141497997993760ULL, 809325345150796ULL,
+    1879837728202511ULL, 201340910657893ULL, 1079157558888483ULL, 1052373448588065ULL,
+    1732036202501778ULL, 2105292670328445ULL, 679751387312402ULL, 1679682144926229ULL,
+    1695823455818780ULL, 498852317075849ULL, 1786555067788433ULL, 1670727545779425ULL,
+    117945875433544ULL, 407939139781844ULL, 854632120023778ULL, 1413383148360437ULL,
+    286030901733673ULL, 1207361858071196ULL, 461340408181417ULL, 1096919590360164ULL,
+    1837594897475685ULL, 533755561544165ULL, 1638688042247712ULL, 1431653684793005ULL,
+    1036458538873559ULL, 390822120341779ULL, 1920929837111618ULL, 543426740024168ULL,
+    645751357799929ULL, 2245025632994463ULL, 1550778638076452ULL, 223738153459949ULL,
+    1337209385492033ULL, 1276967236456531ULL, 1463815821063071ULL, 2070620870191473ULL,
+    1199170709413753ULL, 273230877394166ULL, 1873264887608046ULL, 890877152910775ULL,
+    983226445635730ULL, 44873798519521ULL, 697147127512130ULL, 961631038239304ULL,
+    709966160696826ULL, 1706677689540366ULL, 502782733796035ULL, 812545535346033ULL,
+    1693622521296452ULL, 1955813093002510ULL, 1259937612881362ULL, 1873032503803559ULL,
+    1140330566016428ULL, 1675726082440190ULL, 60029928909786ULL, 170335608866763ULL,
+    766444312315022ULL, 2025049511434113ULL, 2200845622430647ULL, 1201269851450408ULL,
+    590071752404907ULL, 1400995030286946ULL, 2152637413853822ULL, 2108495473841983ULL,
+    3855406710349ULL, 1726137673168580ULL, 51004317200100ULL, 1749082328586939ULL,
+    1704088976144558ULL, 1977318954775118ULL, 2062602253162400ULL, 948062503217479ULL,
+    361953965048030ULL, 1528264887238440ULL, 62582552172290ULL, 2241602163389280ULL,
+    156385388121765ULL, 2124100319761492ULL, 388928050571382ULL, 1556123596922727ULL,
+    979310669812384ULL, 113043855206104ULL, 2023223924825469ULL, 643651703263034ULL,
+    2234446903655540ULL, 1577241261424997ULL, 860253174523845ULL, 1691026473082448ULL,
+    1091672764933872ULL, 1957463109756365ULL, 530699502660193ULL, 349587141723569ULL,
+    674661681919563ULL, 1633727303856240ULL, 708909037922144ULL, 2160722508518119ULL,
+    1302188051602540ULL, 976114603845777ULL, 120004758721939ULL, 1681630708873780ULL,
+    622274095069244ULL, 1822346309016698ULL, 1100921177951904ULL, 2216952659181677ULL,
+    1844020550362490ULL, 1976451368365774ULL, 1321101422068822ULL, 1189859436282668ULL,
+    2008801879735257ULL, 2219413454333565ULL, 424288774231098ULL, 359793146977912ULL,
+    270293357948703ULL, 587226003677000ULL, 1482071926139945ULL, 1419630774650359ULL,
+    1104739070570175ULL, 1662129023224130ULL, 1609203612533411ULL, 1250932720691980ULL,
+    95215711818495ULL, 498746909028150ULL, 158151296991874ULL, 1201379988527734ULL,
+    561599945143989ULL, 2211577425617888ULL, 2166577612206324ULL, 1057590354233512ULL,
+    1968123280416769ULL, 1316586165401313ULL, 762728164447634ULL, 2045395244316047ULL,
+    1531796898725716ULL, 315385971670425ULL, 1109421039396756ULL, 2183635256408562ULL,
+    1896751252659461ULL, 840236037179080ULL, 796245792277211ULL, 508345890111193ULL,
+    1275386465287222ULL, 513560822858784ULL, 1784735733120313ULL, 1346467478899695ULL,
+    601125231208417ULL, 701076661112726ULL, 1841998436455089ULL, 1156768600940434ULL,
+    1967853462343221ULL, 2178318463061452ULL, 481885520752741ULL, 675262828640945ULL,
+    1033539418596582ULL, 1743329872635846ULL, 159322641251283ULL, 1573076470127113ULL,
+    954827619308195ULL, 778834750662635ULL, 619912782122617ULL, 515681498488209ULL,
+    1675866144246843ULL, 811716020969981ULL, 1125515272217398ULL, 1398917918287342ULL,
+    1301680949183175ULL, 726474739583734ULL, 587246193475200ULL, 1096581582611864ULL,
+    1469911826213486ULL, 1990099711206364ULL, 1256496099816508ULL, 2019924615195672ULL,
+    1251232456707555ULL, 2042971196009755ULL, 214061878479265ULL, 115385726395472ULL,
+    1677875239524132ULL, 756888883383540ULL, 1153862117756233ULL, 503391530851096ULL,
+    946070017477513ULL, 1878319040542579ULL, 1101349418586920ULL, 793245696431613ULL,
+    397920495357645ULL, 2174023872951112ULL, 1517867915189593ULL, 1829855041462995ULL,
+    1046709983503619ULL, 424081940711857ULL, 2112438073094647ULL, 1504338467349861ULL,
+    2244574127374532ULL, 2136937537441911ULL, 1741150838990304ULL, 25894628400571ULL,
+    512213526781178ULL, 1168384260796379ULL, 1424607682379833ULL, 938677789731564ULL,
+    872882241891896ULL, 1713199397007700ULL, 1410496326218359ULL, 854379752407031ULL,
+    465141611727634ULL, 315176937037857ULL, 1020115054571233ULL, 1856290111077229ULL,
+    2028366269898204ULL, 1432980880307543ULL, 469932710425448ULL, 581165267592247ULL,
+    496399148156603ULL, 2063435226705903ULL, 2116841086237705ULL, 498272567217048ULL,
+    1829438076967906ULL, 1573925801278491ULL, 460763576329867ULL, 1705264723728225ULL,
+    999514866082412ULL, 29635061779362ULL, 1884233592281020ULL, 1449755591461338ULL,
+    42579292783222ULL, 1869504355369200ULL, 495506004805251ULL, 264073104888427ULL,
+    2088880861028612ULL, 104646456386576ULL, 1258445191399967ULL, 1348736801545799ULL,
+    2068276361286613ULL, 884897216646374ULL, 922387476801376ULL, 1043886580402805ULL,
+    1240883498470831ULL, 1601554651937110ULL, 804382935289482ULL, 512379564477239ULL,
+    1466384519077032ULL, 1280698500238386ULL, 211303836685749ULL, 2081725624793803ULL,
+    545247644516879ULL, 215313359330384ULL, 286479751145614ULL, 2213650281751636ULL,
+    2164927945999874ULL, 2072162991540882ULL, 1443769115444779ULL, 1581473274363095ULL,
+    434633875922699ULL, 340456055781599ULL, 373043091080189ULL, 839476566531776ULL,
+    1856706858509978ULL, 931616224909153ULL, 1888181317414065ULL, 213654322650262ULL,
+    1161078103416244ULL, 1822042328851513ULL, 915817709028812ULL, 1828297056698188ULL,
+    1212017130909403ULL, 60258343247333ULL, 342085800008230ULL, 930240559508270ULL,
+    1549884999174952ULL, 809895264249462ULL, 184726257947682ULL, 1157065433504828ULL,
+    1209999630381477ULL, 999920399374391ULL, 1714770150788163ULL, 2026130985413228ULL,
+    506776632883140ULL, 1349042668246528ULL, 1937232292976967ULL, 942302637530730ULL,
+    160211904766226ULL, 1042724500438571ULL, 212454865139142ULL, 244104425172642ULL,
+    1376990622387496ULL, 76126752421227ULL, 1027540886376422ULL, 1912210655133026ULL,
+    13410411589575ULL, 1475856708587773ULL, 615563352691682ULL, 1446629324872644ULL,
+    1683670301784014ULL, 1049873327197127ULL, 1826401704084838ULL, 2032577048760775ULL,
+    1922203607878853ULL, 836708788764806ULL, 2193084654695012ULL, 1342923183256659ULL,
+    849356986294271ULL, 1228863973965618ULL, 94886161081867ULL, 1423288430204892ULL,
+    2016167528707016ULL, 1633187660972877ULL, 1550621242301752ULL, 340630244512994ULL,
+    2103577710806901ULL, 221625016538931ULL, 421544147350960ULL, 580428704555156ULL,
+    1479831381265617ULL, 518057926544698ULL, 955027348790630ULL, 1326749172561598ULL,
+    1118304625755967ULL, 1994005916095176ULL, 1799757332780663ULL, 751343129396941ULL,
+    1468672898746144ULL, 1451689964451386ULL, 755070293921171ULL, 904857405877052ULL,
+    1276087530766984ULL, 403986562858511ULL, 1530661255035337ULL, 1644972908910502ULL,
+    1370170080438957ULL, 139839536695744ULL, 909930462436512ULL, 1899999215356933ULL,
+    635992381064566ULL, 788740975837654ULL, 224241231493695ULL, 1267090030199302ULL,
+    998908061660139ULL, 1784537499699278ULL, 859195370018706ULL, 1953966091439379ULL,
+    2189271820076010ULL, 2039067059943978ULL, 1526694380855202ULL, 2040321513194941ULL,
+    329922071218689ULL, 1953032256401326ULL, 989631424403521ULL, 328825014934242ULL,
+    9407151397696ULL, 63551373671268ULL, 1624728632895792ULL, 1608324920739262ULL,
+    1178239350351945ULL, 1198077399579702ULL, 277620088676229ULL, 1775359437312528ULL,
+    1653558177737477ULL, 1652066043408850ULL, 1063359889686622ULL, 1975063804860653ULL
   };
 
 #if defined(__cplusplus)
diff --git a/include/msvc/internal/Hacl_Frodo_KEM.h b/include/msvc/internal/Hacl_Frodo_KEM.h
index 61574981..6a1ece49 100644
--- a/include/msvc/internal/Hacl_Frodo_KEM.h
+++ b/include/msvc/internal/Hacl_Frodo_KEM.h
@@ -55,22 +55,22 @@ Hacl_Keccak_shake128_4x(
   uint8_t *output3
 )
 {
-  Hacl_SHA3_shake128_hacl(input_len, input0, output_len, output0);
-  Hacl_SHA3_shake128_hacl(input_len, input1, output_len, output1);
-  Hacl_SHA3_shake128_hacl(input_len, input2, output_len, output2);
-  Hacl_SHA3_shake128_hacl(input_len, input3, output_len, output3);
+  Hacl_Hash_SHA3_shake128_hacl(input_len, input0, output_len, output0);
+  Hacl_Hash_SHA3_shake128_hacl(input_len, input1, output_len, output1);
+  Hacl_Hash_SHA3_shake128_hacl(input_len, input2, output_len, output2);
+  Hacl_Hash_SHA3_shake128_hacl(input_len, input3, output_len, output3);
 }
 
 static inline void
 Hacl_Impl_Matrix_mod_pow2(uint32_t n1, uint32_t n2, uint32_t logq, uint16_t *a)
 {
-  if (logq < (uint32_t)16U)
+  if (logq < 16U)
   {
-    for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+    for (uint32_t i0 = 0U; i0 < n1; i0++)
     {
-      for (uint32_t i = (uint32_t)0U; i < n2; i++)
+      for (uint32_t i = 0U; i < n2; i++)
       {
-        a[i0 * n2 + i] = a[i0 * n2 + i] & (((uint16_t)1U << logq) - (uint16_t)1U);
+        a[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] & ((1U << logq) - 1U);
       }
     }
     return;
@@ -80,11 +80,11 @@ Hacl_Impl_Matrix_mod_pow2(uint32_t n1, uint32_t n2, uint32_t logq, uint16_t *a)
 static inline void
 Hacl_Impl_Matrix_matrix_add(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i = (uint32_t)0U; i < n2; i++)
+    for (uint32_t i = 0U; i < n2; i++)
     {
-      a[i0 * n2 + i] = a[i0 * n2 + i] + b[i0 * n2 + i];
+      a[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] + (uint32_t)b[i0 * n2 + i];
     }
   }
 }
@@ -92,11 +92,11 @@ Hacl_Impl_Matrix_matrix_add(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 static inline void
 Hacl_Impl_Matrix_matrix_sub(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i = (uint32_t)0U; i < n2; i++)
+    for (uint32_t i = 0U; i < n2; i++)
     {
-      b[i0 * n2 + i] = a[i0 * n2 + i] - b[i0 * n2 + i];
+      b[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] - (uint32_t)b[i0 * n2 + i];
     }
   }
 }
@@ -111,17 +111,17 @@ Hacl_Impl_Matrix_matrix_mul(
   uint16_t *c
 )
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n3; i1++)
+    for (uint32_t i1 = 0U; i1 < n3; i1++)
     {
-      uint16_t res = (uint16_t)0U;
-      for (uint32_t i = (uint32_t)0U; i < n2; i++)
+      uint16_t res = 0U;
+      for (uint32_t i = 0U; i < n2; i++)
       {
         uint16_t aij = a[i0 * n2 + i];
         uint16_t bjk = b[i * n3 + i1];
         uint16_t res0 = res;
-        res = res0 + aij * bjk;
+        res = (uint32_t)res0 + (uint32_t)aij * (uint32_t)bjk;
       }
       c[i0 * n3 + i1] = res;
     }
@@ -138,17 +138,17 @@ Hacl_Impl_Matrix_matrix_mul_s(
   uint16_t *c
 )
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n3; i1++)
+    for (uint32_t i1 = 0U; i1 < n3; i1++)
     {
-      uint16_t res = (uint16_t)0U;
-      for (uint32_t i = (uint32_t)0U; i < n2; i++)
+      uint16_t res = 0U;
+      for (uint32_t i = 0U; i < n2; i++)
       {
         uint16_t aij = a[i0 * n2 + i];
         uint16_t bjk = b[i1 * n2 + i];
         uint16_t res0 = res;
-        res = res0 + aij * bjk;
+        res = (uint32_t)res0 + (uint32_t)aij * (uint32_t)bjk;
       }
       c[i0 * n3 + i1] = res;
     }
@@ -158,11 +158,11 @@ Hacl_Impl_Matrix_matrix_mul_s(
 static inline uint16_t
 Hacl_Impl_Matrix_matrix_eq(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 {
-  uint16_t res = (uint16_t)0xFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++)
+  uint16_t res = 0xFFFFU;
+  for (uint32_t i = 0U; i < n1 * n2; i++)
   {
     uint16_t uu____0 = FStar_UInt16_eq_mask(a[i], b[i]);
-    res = uu____0 & res;
+    res = (uint32_t)uu____0 & (uint32_t)res;
   }
   uint16_t r = res;
   return r;
@@ -171,19 +171,19 @@ Hacl_Impl_Matrix_matrix_eq(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b)
 static inline void
 Hacl_Impl_Matrix_matrix_to_lbytes(uint32_t n1, uint32_t n2, uint16_t *m, uint8_t *res)
 {
-  for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++)
+  for (uint32_t i = 0U; i < n1 * n2; i++)
   {
-    store16_le(res + (uint32_t)2U * i, m[i]);
+    store16_le(res + 2U * i, m[i]);
   }
 }
 
 static inline void
 Hacl_Impl_Matrix_matrix_from_lbytes(uint32_t n1, uint32_t n2, uint8_t *b, uint16_t *res)
 {
-  for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++)
+  for (uint32_t i = 0U; i < n1 * n2; i++)
   {
     uint16_t *os = res;
-    uint16_t u = load16_le(b + (uint32_t)2U * i);
+    uint16_t u = load16_le(b + 2U * i);
     uint16_t x = u;
     os[i] = x;
   }
@@ -192,53 +192,53 @@ Hacl_Impl_Matrix_matrix_from_lbytes(uint32_t n1, uint32_t n2, uint8_t *b, uint16
 static inline void
 Hacl_Impl_Frodo_Gen_frodo_gen_matrix_shake_4x(uint32_t n, uint8_t *seed, uint16_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint8_t), (uint32_t)8U * n);
-  uint8_t *r = (uint8_t *)alloca((uint32_t)8U * n * sizeof (uint8_t));
-  memset(r, 0U, (uint32_t)8U * n * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), 8U * n);
+  uint8_t *r = (uint8_t *)alloca(8U * n * sizeof (uint8_t));
+  memset(r, 0U, 8U * n * sizeof (uint8_t));
   uint8_t tmp_seed[72U] = { 0U };
-  memcpy(tmp_seed + (uint32_t)2U, seed, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(tmp_seed + (uint32_t)20U, seed, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(tmp_seed + (uint32_t)38U, seed, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(tmp_seed + (uint32_t)56U, seed, (uint32_t)16U * sizeof (uint8_t));
+  memcpy(tmp_seed + 2U, seed, 16U * sizeof (uint8_t));
+  memcpy(tmp_seed + 20U, seed, 16U * sizeof (uint8_t));
+  memcpy(tmp_seed + 38U, seed, 16U * sizeof (uint8_t));
+  memcpy(tmp_seed + 56U, seed, 16U * sizeof (uint8_t));
   memset(res, 0U, n * n * sizeof (uint16_t));
-  for (uint32_t i = (uint32_t)0U; i < n / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < n / 4U; i++)
   {
-    uint8_t *r0 = r + (uint32_t)0U * n;
-    uint8_t *r1 = r + (uint32_t)2U * n;
-    uint8_t *r2 = r + (uint32_t)4U * n;
-    uint8_t *r3 = r + (uint32_t)6U * n;
+    uint8_t *r0 = r + 0U * n;
+    uint8_t *r1 = r + 2U * n;
+    uint8_t *r2 = r + 4U * n;
+    uint8_t *r3 = r + 6U * n;
     uint8_t *tmp_seed0 = tmp_seed;
-    uint8_t *tmp_seed1 = tmp_seed + (uint32_t)18U;
-    uint8_t *tmp_seed2 = tmp_seed + (uint32_t)36U;
-    uint8_t *tmp_seed3 = tmp_seed + (uint32_t)54U;
-    store16_le(tmp_seed0, (uint16_t)((uint32_t)4U * i + (uint32_t)0U));
-    store16_le(tmp_seed1, (uint16_t)((uint32_t)4U * i + (uint32_t)1U));
-    store16_le(tmp_seed2, (uint16_t)((uint32_t)4U * i + (uint32_t)2U));
-    store16_le(tmp_seed3, (uint16_t)((uint32_t)4U * i + (uint32_t)3U));
-    Hacl_Keccak_shake128_4x((uint32_t)18U,
+    uint8_t *tmp_seed1 = tmp_seed + 18U;
+    uint8_t *tmp_seed2 = tmp_seed + 36U;
+    uint8_t *tmp_seed3 = tmp_seed + 54U;
+    store16_le(tmp_seed0, (uint16_t)(4U * i + 0U));
+    store16_le(tmp_seed1, (uint16_t)(4U * i + 1U));
+    store16_le(tmp_seed2, (uint16_t)(4U * i + 2U));
+    store16_le(tmp_seed3, (uint16_t)(4U * i + 3U));
+    Hacl_Keccak_shake128_4x(18U,
       tmp_seed0,
       tmp_seed1,
       tmp_seed2,
       tmp_seed3,
-      (uint32_t)2U * n,
+      2U * n,
       r0,
       r1,
       r2,
       r3);
-    for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++)
+    for (uint32_t i0 = 0U; i0 < n; i0++)
     {
-      uint8_t *resij0 = r0 + i0 * (uint32_t)2U;
-      uint8_t *resij1 = r1 + i0 * (uint32_t)2U;
-      uint8_t *resij2 = r2 + i0 * (uint32_t)2U;
-      uint8_t *resij3 = r3 + i0 * (uint32_t)2U;
+      uint8_t *resij0 = r0 + i0 * 2U;
+      uint8_t *resij1 = r1 + i0 * 2U;
+      uint8_t *resij2 = r2 + i0 * 2U;
+      uint8_t *resij3 = r3 + i0 * 2U;
       uint16_t u = load16_le(resij0);
-      res[((uint32_t)4U * i + (uint32_t)0U) * n + i0] = u;
+      res[(4U * i + 0U) * n + i0] = u;
       uint16_t u0 = load16_le(resij1);
-      res[((uint32_t)4U * i + (uint32_t)1U) * n + i0] = u0;
+      res[(4U * i + 1U) * n + i0] = u0;
       uint16_t u1 = load16_le(resij2);
-      res[((uint32_t)4U * i + (uint32_t)2U) * n + i0] = u1;
+      res[(4U * i + 2U) * n + i0] = u1;
       uint16_t u2 = load16_le(resij3);
-      res[((uint32_t)4U * i + (uint32_t)3U) * n + i0] = u2;
+      res[(4U * i + 3U) * n + i0] = u2;
     }
   }
 }
@@ -270,27 +270,19 @@ static const
 uint16_t
 Hacl_Impl_Frodo_Params_cdf_table640[13U] =
   {
-    (uint16_t)4643U, (uint16_t)13363U, (uint16_t)20579U, (uint16_t)25843U, (uint16_t)29227U,
-    (uint16_t)31145U, (uint16_t)32103U, (uint16_t)32525U, (uint16_t)32689U, (uint16_t)32745U,
-    (uint16_t)32762U, (uint16_t)32766U, (uint16_t)32767U
+    4643U, 13363U, 20579U, 25843U, 29227U, 31145U, 32103U, 32525U, 32689U, 32745U, 32762U, 32766U,
+    32767U
   };
 
 static const
 uint16_t
 Hacl_Impl_Frodo_Params_cdf_table976[11U] =
-  {
-    (uint16_t)5638U, (uint16_t)15915U, (uint16_t)23689U, (uint16_t)28571U, (uint16_t)31116U,
-    (uint16_t)32217U, (uint16_t)32613U, (uint16_t)32731U, (uint16_t)32760U, (uint16_t)32766U,
-    (uint16_t)32767U
-  };
+  { 5638U, 15915U, 23689U, 28571U, 31116U, 32217U, 32613U, 32731U, 32760U, 32766U, 32767U };
 
 static const
 uint16_t
 Hacl_Impl_Frodo_Params_cdf_table1344[7U] =
-  {
-    (uint16_t)9142U, (uint16_t)23462U, (uint16_t)30338U, (uint16_t)32361U, (uint16_t)32725U,
-    (uint16_t)32765U, (uint16_t)32767U
-  };
+  { 9142U, 23462U, 30338U, 32361U, 32725U, 32765U, 32767U };
 
 static inline void
 Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(
@@ -301,26 +293,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(
 )
 {
   memset(res, 0U, n1 * n2 * sizeof (uint16_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++)
+    for (uint32_t i1 = 0U; i1 < n2; i1++)
     {
-      uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1);
+      uint8_t *resij = r + 2U * (n2 * i0 + i1);
       uint16_t u = load16_le(resij);
       uint16_t uu____0 = u;
-      uint16_t prnd = uu____0 >> (uint32_t)1U;
-      uint16_t sign = uu____0 & (uint16_t)1U;
-      uint16_t sample = (uint16_t)0U;
-      uint32_t bound = (uint32_t)12U;
-      for (uint32_t i = (uint32_t)0U; i < bound; i++)
+      uint16_t prnd = (uint32_t)uu____0 >> 1U;
+      uint16_t sign = (uint32_t)uu____0 & 1U;
+      uint16_t sample = 0U;
+      uint32_t bound = 12U;
+      for (uint32_t i = 0U; i < bound; i++)
       {
         uint16_t sample0 = sample;
         uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table640[i];
-        uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U;
-        sample = samplei + sample0;
+        uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U;
+        sample = (uint32_t)samplei + (uint32_t)sample0;
       }
       uint16_t sample0 = sample;
-      res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign;
+      res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign;
     }
   }
 }
@@ -334,26 +326,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(
 )
 {
   memset(res, 0U, n1 * n2 * sizeof (uint16_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++)
+    for (uint32_t i1 = 0U; i1 < n2; i1++)
     {
-      uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1);
+      uint8_t *resij = r + 2U * (n2 * i0 + i1);
       uint16_t u = load16_le(resij);
       uint16_t uu____0 = u;
-      uint16_t prnd = uu____0 >> (uint32_t)1U;
-      uint16_t sign = uu____0 & (uint16_t)1U;
-      uint16_t sample = (uint16_t)0U;
-      uint32_t bound = (uint32_t)12U;
-      for (uint32_t i = (uint32_t)0U; i < bound; i++)
+      uint16_t prnd = (uint32_t)uu____0 >> 1U;
+      uint16_t sign = (uint32_t)uu____0 & 1U;
+      uint16_t sample = 0U;
+      uint32_t bound = 12U;
+      for (uint32_t i = 0U; i < bound; i++)
       {
         uint16_t sample0 = sample;
         uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table640[i];
-        uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U;
-        sample = samplei + sample0;
+        uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U;
+        sample = (uint32_t)samplei + (uint32_t)sample0;
       }
       uint16_t sample0 = sample;
-      res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign;
+      res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign;
     }
   }
 }
@@ -367,26 +359,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(
 )
 {
   memset(res, 0U, n1 * n2 * sizeof (uint16_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++)
+    for (uint32_t i1 = 0U; i1 < n2; i1++)
     {
-      uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1);
+      uint8_t *resij = r + 2U * (n2 * i0 + i1);
       uint16_t u = load16_le(resij);
       uint16_t uu____0 = u;
-      uint16_t prnd = uu____0 >> (uint32_t)1U;
-      uint16_t sign = uu____0 & (uint16_t)1U;
-      uint16_t sample = (uint16_t)0U;
-      uint32_t bound = (uint32_t)10U;
-      for (uint32_t i = (uint32_t)0U; i < bound; i++)
+      uint16_t prnd = (uint32_t)uu____0 >> 1U;
+      uint16_t sign = (uint32_t)uu____0 & 1U;
+      uint16_t sample = 0U;
+      uint32_t bound = 10U;
+      for (uint32_t i = 0U; i < bound; i++)
       {
         uint16_t sample0 = sample;
         uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table976[i];
-        uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U;
-        sample = samplei + sample0;
+        uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U;
+        sample = (uint32_t)samplei + (uint32_t)sample0;
       }
       uint16_t sample0 = sample;
-      res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign;
+      res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign;
     }
   }
 }
@@ -400,26 +392,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(
 )
 {
   memset(res, 0U, n1 * n2 * sizeof (uint16_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++)
+  for (uint32_t i0 = 0U; i0 < n1; i0++)
   {
-    for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++)
+    for (uint32_t i1 = 0U; i1 < n2; i1++)
     {
-      uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1);
+      uint8_t *resij = r + 2U * (n2 * i0 + i1);
       uint16_t u = load16_le(resij);
       uint16_t uu____0 = u;
-      uint16_t prnd = uu____0 >> (uint32_t)1U;
-      uint16_t sign = uu____0 & (uint16_t)1U;
-      uint16_t sample = (uint16_t)0U;
-      uint32_t bound = (uint32_t)6U;
-      for (uint32_t i = (uint32_t)0U; i < bound; i++)
+      uint16_t prnd = (uint32_t)uu____0 >> 1U;
+      uint16_t sign = (uint32_t)uu____0 & 1U;
+      uint16_t sample = 0U;
+      uint32_t bound = 6U;
+      for (uint32_t i = 0U; i < bound; i++)
       {
         uint16_t sample0 = sample;
         uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table1344[i];
-        uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U;
-        sample = samplei + sample0;
+        uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U;
+        sample = (uint32_t)samplei + (uint32_t)sample0;
       }
       uint16_t sample0 = sample;
-      res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign;
+      res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign;
     }
   }
 }
@@ -435,39 +427,34 @@ Hacl_Impl_Frodo_Pack_frodo_pack(
   uint8_t *res
 )
 {
-  uint32_t n = n1 * n2 / (uint32_t)8U;
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  uint32_t n = n1 * n2 / 8U;
+  for (uint32_t i = 0U; i < n; i++)
   {
-    uint16_t *a1 = a + (uint32_t)8U * i;
+    uint16_t *a1 = a + 8U * i;
     uint8_t *r = res + d * i;
-    uint16_t maskd = (uint16_t)((uint32_t)1U << d) - (uint16_t)1U;
+    uint16_t maskd = (uint32_t)(uint16_t)(1U << d) - 1U;
     uint8_t v16[16U] = { 0U };
-    uint16_t a0 = a1[0U] & maskd;
-    uint16_t a11 = a1[1U] & maskd;
-    uint16_t a2 = a1[2U] & maskd;
-    uint16_t a3 = a1[3U] & maskd;
-    uint16_t a4 = a1[4U] & maskd;
-    uint16_t a5 = a1[5U] & maskd;
-    uint16_t a6 = a1[6U] & maskd;
-    uint16_t a7 = a1[7U] & maskd;
+    uint16_t a0 = (uint32_t)a1[0U] & (uint32_t)maskd;
+    uint16_t a11 = (uint32_t)a1[1U] & (uint32_t)maskd;
+    uint16_t a2 = (uint32_t)a1[2U] & (uint32_t)maskd;
+    uint16_t a3 = (uint32_t)a1[3U] & (uint32_t)maskd;
+    uint16_t a4 = (uint32_t)a1[4U] & (uint32_t)maskd;
+    uint16_t a5 = (uint32_t)a1[5U] & (uint32_t)maskd;
+    uint16_t a6 = (uint32_t)a1[6U] & (uint32_t)maskd;
+    uint16_t a7 = (uint32_t)a1[7U] & (uint32_t)maskd;
     FStar_UInt128_uint128
     templong =
       FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a0),
-                      (uint32_t)7U * d),
-                    FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a11),
-                      (uint32_t)6U * d)),
-                  FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a2),
-                    (uint32_t)5U * d)),
-                FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a3),
-                  (uint32_t)4U * d)),
-              FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a4),
-                (uint32_t)3U * d)),
-            FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a5),
-              (uint32_t)2U * d)),
-          FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a6), (uint32_t)1U * d)),
-        FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a7), (uint32_t)0U * d));
+                      7U * d),
+                    FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a11), 6U * d)),
+                  FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a2), 5U * d)),
+                FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a3), 4U * d)),
+              FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a4), 3U * d)),
+            FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a5), 2U * d)),
+          FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a6), 1U * d)),
+        FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a7), 0U * d));
     store128_be(v16, templong);
-    uint8_t *src = v16 + (uint32_t)16U - d;
+    uint8_t *src = v16 + 16U - d;
     memcpy(r, src, d * sizeof (uint8_t));
   }
 }
@@ -481,48 +468,48 @@ Hacl_Impl_Frodo_Pack_frodo_unpack(
   uint16_t *res
 )
 {
-  uint32_t n = n1 * n2 / (uint32_t)8U;
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  uint32_t n = n1 * n2 / 8U;
+  for (uint32_t i = 0U; i < n; i++)
   {
     uint8_t *b1 = b + d * i;
-    uint16_t *r = res + (uint32_t)8U * i;
-    uint16_t maskd = (uint16_t)((uint32_t)1U << d) - (uint16_t)1U;
+    uint16_t *r = res + 8U * i;
+    uint16_t maskd = (uint32_t)(uint16_t)(1U << d) - 1U;
     uint8_t src[16U] = { 0U };
-    memcpy(src + (uint32_t)16U - d, b1, d * sizeof (uint8_t));
+    memcpy(src + 16U - d, b1, d * sizeof (uint8_t));
     FStar_UInt128_uint128 u = load128_be(src);
     FStar_UInt128_uint128 templong = u;
     r[0U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)7U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          7U * d))
+      & (uint32_t)maskd;
     r[1U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)6U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          6U * d))
+      & (uint32_t)maskd;
     r[2U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)5U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          5U * d))
+      & (uint32_t)maskd;
     r[3U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)4U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          4U * d))
+      & (uint32_t)maskd;
     r[4U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)3U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          3U * d))
+      & (uint32_t)maskd;
     r[5U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)2U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          2U * d))
+      & (uint32_t)maskd;
     r[6U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)1U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          1U * d))
+      & (uint32_t)maskd;
     r[7U] =
-      (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
-          (uint32_t)0U * d))
-      & maskd;
+      (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong,
+          0U * d))
+      & (uint32_t)maskd;
   }
 }
 
@@ -535,7 +522,7 @@ Hacl_Impl_Frodo_Encode_frodo_key_encode(
   uint16_t *res
 )
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++)
+  for (uint32_t i0 = 0U; i0 < n; i0++)
   {
     uint8_t v8[8U] = { 0U };
     uint8_t *chunk = a + i0 * b;
@@ -544,11 +531,11 @@ Hacl_Impl_Frodo_Encode_frodo_key_encode(
     uint64_t x = u;
     uint64_t x0 = x;
     KRML_MAYBE_FOR8(i,
-      (uint32_t)0U,
-      (uint32_t)8U,
-      (uint32_t)1U,
-      uint64_t rk = x0 >> b * i & (((uint64_t)1U << b) - (uint64_t)1U);
-      res[i0 * n + i] = (uint16_t)rk << (logq - b););
+      0U,
+      8U,
+      1U,
+      uint64_t rk = x0 >> b * i & ((1ULL << b) - 1ULL);
+      res[i0 * n + i] = (uint32_t)(uint16_t)rk << (logq - b););
   }
 }
 
@@ -561,16 +548,16 @@ Hacl_Impl_Frodo_Encode_frodo_key_decode(
   uint8_t *res
 )
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++)
+  for (uint32_t i0 = 0U; i0 < n; i0++)
   {
-    uint64_t templong = (uint64_t)0U;
+    uint64_t templong = 0ULL;
     KRML_MAYBE_FOR8(i,
-      (uint32_t)0U,
-      (uint32_t)8U,
-      (uint32_t)1U,
+      0U,
+      8U,
+      1U,
       uint16_t aik = a[i0 * n + i];
-      uint16_t res1 = (aik + ((uint16_t)1U << (logq - b - (uint32_t)1U))) >> (logq - b);
-      templong = templong | (uint64_t)(res1 & (((uint16_t)1U << b) - (uint16_t)1U)) << b * i;);
+      uint16_t res1 = (((uint32_t)aik + (1U << (logq - b - 1U))) & 0xFFFFU) >> (logq - b);
+      templong = templong | (uint64_t)((uint32_t)res1 & ((1U << b) - 1U)) << b * i;);
     uint64_t templong0 = templong;
     uint8_t v8[8U] = { 0U };
     store64_le(v8, templong0);
diff --git a/include/internal/Hacl_Hash_Blake2.h b/include/msvc/internal/Hacl_HMAC.h
similarity index 82%
rename from include/internal/Hacl_Hash_Blake2.h
rename to include/msvc/internal/Hacl_HMAC.h
index 8f308bd9..ad344c4c 100644
--- a/include/internal/Hacl_Hash_Blake2.h
+++ b/include/msvc/internal/Hacl_HMAC.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __internal_Hacl_Hash_Blake2_H
-#define __internal_Hacl_Hash_Blake2_H
+#ifndef __internal_Hacl_HMAC_H
+#define __internal_Hacl_HMAC_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,8 +35,12 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "internal/Hacl_Impl_Blake2_Constants.h"
-#include "../Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Krmllib.h"
+#include "internal/Hacl_Hash_SHA2.h"
+#include "internal/Hacl_Hash_SHA1.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b.h"
+#include "../Hacl_HMAC.h"
 
 typedef struct K___uint32_t_uint32_t_s
 {
@@ -49,5 +53,5 @@ K___uint32_t_uint32_t;
 }
 #endif
 
-#define __internal_Hacl_Hash_Blake2_H_DEFINED
+#define __internal_Hacl_HMAC_H_DEFINED
 #endif
diff --git a/include/msvc/internal/Hacl_Hash_Blake2b.h b/include/msvc/internal/Hacl_Hash_Blake2b.h
new file mode 100644
index 00000000..21689d60
--- /dev/null
+++ b/include/msvc/internal/Hacl_Hash_Blake2b.h
@@ -0,0 +1,70 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __internal_Hacl_Hash_Blake2b_H
+#define __internal_Hacl_Hash_Blake2b_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "../Hacl_Hash_Blake2b.h"
+
+void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn);
+
+void
+Hacl_Hash_Blake2b_update_multi(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks,
+  uint32_t nb
+);
+
+void
+Hacl_Hash_Blake2b_update_last(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint32_t rem,
+  uint8_t *d
+);
+
+void Hacl_Hash_Blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __internal_Hacl_Hash_Blake2b_H_DEFINED
+#endif
diff --git a/include/msvc/Hacl_Hash_Blake2b_256.h b/include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h
similarity index 61%
rename from include/msvc/Hacl_Hash_Blake2b_256.h
rename to include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h
index 2379fd75..4cc07869 100644
--- a/include/msvc/Hacl_Hash_Blake2b_256.h
+++ b/include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Hash_Blake2b_256_H
-#define __Hacl_Hash_Blake2b_256_H
+#ifndef __internal_Hacl_Hash_Blake2b_Simd256_H
+#define __internal_Hacl_Hash_Blake2b_Simd256_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,23 +35,15 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Hacl_Krmllib.h"
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "../Hacl_Hash_Blake2b_Simd256.h"
 #include "libintvector.h"
 
 void
-Hacl_Blake2b_256_blake2b_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn);
+Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn);
 
 void
-Hacl_Blake2b_256_blake2b_update_key(
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-);
-
-void
-Hacl_Blake2b_256_blake2b_update_multi(
+Hacl_Hash_Blake2b_Simd256_update_multi(
   uint32_t len,
   Lib_IntVector_Intrinsics_vec256 *wv,
   Lib_IntVector_Intrinsics_vec256 *hash,
@@ -61,7 +53,7 @@ Hacl_Blake2b_256_blake2b_update_multi(
 );
 
 void
-Hacl_Blake2b_256_blake2b_update_last(
+Hacl_Hash_Blake2b_Simd256_update_last(
   uint32_t len,
   Lib_IntVector_Intrinsics_vec256 *wv,
   Lib_IntVector_Intrinsics_vec256 *hash,
@@ -71,49 +63,29 @@ Hacl_Blake2b_256_blake2b_update_last(
 );
 
 void
-Hacl_Blake2b_256_blake2b_finish(
+Hacl_Hash_Blake2b_Simd256_finish(
   uint32_t nn,
   uint8_t *output,
   Lib_IntVector_Intrinsics_vec256 *hash
 );
 
-/**
-Write the BLAKE2b digest of message `d` using key `k` into `output`.
-
-@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2b_256_blake2b(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-);
-
 void
-Hacl_Blake2b_256_load_state256b_from_state32(
+Hacl_Hash_Blake2b_Simd256_load_state256b_from_state32(
   Lib_IntVector_Intrinsics_vec256 *st,
   uint64_t *st32
 );
 
 void
-Hacl_Blake2b_256_store_state256b_to_state32(
+Hacl_Hash_Blake2b_Simd256_store_state256b_to_state32(
   uint64_t *st32,
   Lib_IntVector_Intrinsics_vec256 *st
 );
 
-Lib_IntVector_Intrinsics_vec256 *Hacl_Blake2b_256_blake2b_malloc(void);
+Lib_IntVector_Intrinsics_vec256 *Hacl_Hash_Blake2b_Simd256_malloc_with_key(void);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Hash_Blake2b_256_H_DEFINED
+#define __internal_Hacl_Hash_Blake2b_Simd256_H_DEFINED
 #endif
diff --git a/include/msvc/internal/Hacl_Hash_Blake2s.h b/include/msvc/internal/Hacl_Hash_Blake2s.h
new file mode 100644
index 00000000..f814aa95
--- /dev/null
+++ b/include/msvc/internal/Hacl_Hash_Blake2s.h
@@ -0,0 +1,70 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#ifndef __internal_Hacl_Hash_Blake2s_H
+#define __internal_Hacl_Hash_Blake2s_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <string.h>
+#include "krml/internal/types.h"
+#include "krml/lowstar_endianness.h"
+#include "krml/internal/target.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "../Hacl_Hash_Blake2s.h"
+
+void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn);
+
+void
+Hacl_Hash_Blake2s_update_multi(
+  uint32_t len,
+  uint32_t *wv,
+  uint32_t *hash,
+  uint64_t prev,
+  uint8_t *blocks,
+  uint32_t nb
+);
+
+void
+Hacl_Hash_Blake2s_update_last(
+  uint32_t len,
+  uint32_t *wv,
+  uint32_t *hash,
+  uint64_t prev,
+  uint32_t rem,
+  uint8_t *d
+);
+
+void Hacl_Hash_Blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __internal_Hacl_Hash_Blake2s_H_DEFINED
+#endif
diff --git a/include/Hacl_Hash_Blake2s_128.h b/include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h
similarity index 61%
rename from include/Hacl_Hash_Blake2s_128.h
rename to include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h
index 2af827cd..0589aec5 100644
--- a/include/Hacl_Hash_Blake2s_128.h
+++ b/include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Hash_Blake2s_128_H
-#define __Hacl_Hash_Blake2s_128_H
+#ifndef __internal_Hacl_Hash_Blake2s_Simd128_H
+#define __internal_Hacl_Hash_Blake2s_Simd128_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,22 +35,15 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "../Hacl_Hash_Blake2s_Simd128.h"
 #include "libintvector.h"
 
 void
-Hacl_Blake2s_128_blake2s_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn);
+Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn);
 
 void
-Hacl_Blake2s_128_blake2s_update_key(
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-);
-
-void
-Hacl_Blake2s_128_blake2s_update_multi(
+Hacl_Hash_Blake2s_Simd128_update_multi(
   uint32_t len,
   Lib_IntVector_Intrinsics_vec128 *wv,
   Lib_IntVector_Intrinsics_vec128 *hash,
@@ -60,7 +53,7 @@ Hacl_Blake2s_128_blake2s_update_multi(
 );
 
 void
-Hacl_Blake2s_128_blake2s_update_last(
+Hacl_Hash_Blake2s_Simd128_update_last(
   uint32_t len,
   Lib_IntVector_Intrinsics_vec128 *wv,
   Lib_IntVector_Intrinsics_vec128 *hash,
@@ -70,49 +63,29 @@ Hacl_Blake2s_128_blake2s_update_last(
 );
 
 void
-Hacl_Blake2s_128_blake2s_finish(
+Hacl_Hash_Blake2s_Simd128_finish(
   uint32_t nn,
   uint8_t *output,
   Lib_IntVector_Intrinsics_vec128 *hash
 );
 
-/**
-Write the BLAKE2s digest of message `d` using key `k` into `output`.
-
-@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2s_128_blake2s(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-);
-
 void
-Hacl_Blake2s_128_store_state128s_to_state32(
+Hacl_Hash_Blake2s_Simd128_store_state128s_to_state32(
   uint32_t *st32,
   Lib_IntVector_Intrinsics_vec128 *st
 );
 
 void
-Hacl_Blake2s_128_load_state128s_from_state32(
+Hacl_Hash_Blake2s_Simd128_load_state128s_from_state32(
   Lib_IntVector_Intrinsics_vec128 *st,
   uint32_t *st32
 );
 
-Lib_IntVector_Intrinsics_vec128 *Hacl_Blake2s_128_blake2s_malloc(void);
+Lib_IntVector_Intrinsics_vec128 *Hacl_Hash_Blake2s_Simd128_malloc_with_key(void);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Hash_Blake2s_128_H_DEFINED
+#define __internal_Hacl_Hash_Blake2s_Simd128_H_DEFINED
 #endif
diff --git a/include/msvc/internal/Hacl_Hash_MD5.h b/include/msvc/internal/Hacl_Hash_MD5.h
index 7fd567f3..dd77aaf1 100644
--- a/include/msvc/internal/Hacl_Hash_MD5.h
+++ b/include/msvc/internal/Hacl_Hash_MD5.h
@@ -37,21 +37,16 @@ extern "C" {
 
 #include "../Hacl_Hash_MD5.h"
 
-void Hacl_Hash_Core_MD5_legacy_init(uint32_t *s);
+void Hacl_Hash_MD5_init(uint32_t *s);
 
-void Hacl_Hash_Core_MD5_legacy_finish(uint32_t *s, uint8_t *dst);
+void Hacl_Hash_MD5_finish(uint32_t *s, uint8_t *dst);
 
-void Hacl_Hash_MD5_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
+void Hacl_Hash_MD5_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
 
 void
-Hacl_Hash_MD5_legacy_update_last(
-  uint32_t *s,
-  uint64_t prev_len,
-  uint8_t *input,
-  uint32_t input_len
-);
-
-void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
+Hacl_Hash_MD5_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len);
+
+void Hacl_Hash_MD5_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/internal/Hacl_Hash_SHA1.h b/include/msvc/internal/Hacl_Hash_SHA1.h
index 72cf492c..ed53be55 100644
--- a/include/msvc/internal/Hacl_Hash_SHA1.h
+++ b/include/msvc/internal/Hacl_Hash_SHA1.h
@@ -37,21 +37,16 @@ extern "C" {
 
 #include "../Hacl_Hash_SHA1.h"
 
-void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s);
+void Hacl_Hash_SHA1_init(uint32_t *s);
 
-void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst);
+void Hacl_Hash_SHA1_finish(uint32_t *s, uint8_t *dst);
 
-void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
+void Hacl_Hash_SHA1_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
 
 void
-Hacl_Hash_SHA1_legacy_update_last(
-  uint32_t *s,
-  uint64_t prev_len,
-  uint8_t *input,
-  uint32_t input_len
-);
-
-void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
+Hacl_Hash_SHA1_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len);
+
+void Hacl_Hash_SHA1_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len);
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/internal/Hacl_Hash_SHA2.h b/include/msvc/internal/Hacl_Hash_SHA2.h
index bbffdc50..7dade3f3 100644
--- a/include/msvc/internal/Hacl_Hash_SHA2.h
+++ b/include/msvc/internal/Hacl_Hash_SHA2.h
@@ -40,141 +40,121 @@ extern "C" {
 
 static const
 uint32_t
-Hacl_Impl_SHA2_Generic_h224[8U] =
+Hacl_Hash_SHA2_h224[8U] =
   {
-    (uint32_t)0xc1059ed8U, (uint32_t)0x367cd507U, (uint32_t)0x3070dd17U, (uint32_t)0xf70e5939U,
-    (uint32_t)0xffc00b31U, (uint32_t)0x68581511U, (uint32_t)0x64f98fa7U, (uint32_t)0xbefa4fa4U
+    0xc1059ed8U, 0x367cd507U, 0x3070dd17U, 0xf70e5939U, 0xffc00b31U, 0x68581511U, 0x64f98fa7U,
+    0xbefa4fa4U
   };
 
 static const
 uint32_t
-Hacl_Impl_SHA2_Generic_h256[8U] =
+Hacl_Hash_SHA2_h256[8U] =
   {
-    (uint32_t)0x6a09e667U, (uint32_t)0xbb67ae85U, (uint32_t)0x3c6ef372U, (uint32_t)0xa54ff53aU,
-    (uint32_t)0x510e527fU, (uint32_t)0x9b05688cU, (uint32_t)0x1f83d9abU, (uint32_t)0x5be0cd19U
+    0x6a09e667U, 0xbb67ae85U, 0x3c6ef372U, 0xa54ff53aU, 0x510e527fU, 0x9b05688cU, 0x1f83d9abU,
+    0x5be0cd19U
   };
 
 static const
 uint64_t
-Hacl_Impl_SHA2_Generic_h384[8U] =
+Hacl_Hash_SHA2_h384[8U] =
   {
-    (uint64_t)0xcbbb9d5dc1059ed8U, (uint64_t)0x629a292a367cd507U, (uint64_t)0x9159015a3070dd17U,
-    (uint64_t)0x152fecd8f70e5939U, (uint64_t)0x67332667ffc00b31U, (uint64_t)0x8eb44a8768581511U,
-    (uint64_t)0xdb0c2e0d64f98fa7U, (uint64_t)0x47b5481dbefa4fa4U
+    0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL,
+    0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL
   };
 
 static const
 uint64_t
-Hacl_Impl_SHA2_Generic_h512[8U] =
+Hacl_Hash_SHA2_h512[8U] =
   {
-    (uint64_t)0x6a09e667f3bcc908U, (uint64_t)0xbb67ae8584caa73bU, (uint64_t)0x3c6ef372fe94f82bU,
-    (uint64_t)0xa54ff53a5f1d36f1U, (uint64_t)0x510e527fade682d1U, (uint64_t)0x9b05688c2b3e6c1fU,
-    (uint64_t)0x1f83d9abfb41bd6bU, (uint64_t)0x5be0cd19137e2179U
+    0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
+    0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
   };
 
 static const
 uint32_t
-Hacl_Impl_SHA2_Generic_k224_256[64U] =
+Hacl_Hash_SHA2_k224_256[64U] =
   {
-    (uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, (uint32_t)0xe9b5dba5U,
-    (uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U,
-    (uint32_t)0xd807aa98U, (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U,
-    (uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, (uint32_t)0xc19bf174U,
-    (uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU,
-    (uint32_t)0x2de92c6fU, (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU,
-    (uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, (uint32_t)0xbf597fc7U,
-    (uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, (uint32_t)0x06ca6351U, (uint32_t)0x14292967U,
-    (uint32_t)0x27b70a85U, (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U,
-    (uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, (uint32_t)0x92722c85U,
-    (uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U,
-    (uint32_t)0xd192e819U, (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U,
-    (uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, (uint32_t)0x34b0bcb5U,
-    (uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U,
-    (uint32_t)0x748f82eeU, (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U,
-    (uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, (uint32_t)0xc67178f2U
+    0x428a2f98U, 0x71374491U, 0xb5c0fbcfU, 0xe9b5dba5U, 0x3956c25bU, 0x59f111f1U, 0x923f82a4U,
+    0xab1c5ed5U, 0xd807aa98U, 0x12835b01U, 0x243185beU, 0x550c7dc3U, 0x72be5d74U, 0x80deb1feU,
+    0x9bdc06a7U, 0xc19bf174U, 0xe49b69c1U, 0xefbe4786U, 0x0fc19dc6U, 0x240ca1ccU, 0x2de92c6fU,
+    0x4a7484aaU, 0x5cb0a9dcU, 0x76f988daU, 0x983e5152U, 0xa831c66dU, 0xb00327c8U, 0xbf597fc7U,
+    0xc6e00bf3U, 0xd5a79147U, 0x06ca6351U, 0x14292967U, 0x27b70a85U, 0x2e1b2138U, 0x4d2c6dfcU,
+    0x53380d13U, 0x650a7354U, 0x766a0abbU, 0x81c2c92eU, 0x92722c85U, 0xa2bfe8a1U, 0xa81a664bU,
+    0xc24b8b70U, 0xc76c51a3U, 0xd192e819U, 0xd6990624U, 0xf40e3585U, 0x106aa070U, 0x19a4c116U,
+    0x1e376c08U, 0x2748774cU, 0x34b0bcb5U, 0x391c0cb3U, 0x4ed8aa4aU, 0x5b9cca4fU, 0x682e6ff3U,
+    0x748f82eeU, 0x78a5636fU, 0x84c87814U, 0x8cc70208U, 0x90befffaU, 0xa4506cebU, 0xbef9a3f7U,
+    0xc67178f2U
   };
 
 static const
 uint64_t
-Hacl_Impl_SHA2_Generic_k384_512[80U] =
+Hacl_Hash_SHA2_k384_512[80U] =
   {
-    (uint64_t)0x428a2f98d728ae22U, (uint64_t)0x7137449123ef65cdU, (uint64_t)0xb5c0fbcfec4d3b2fU,
-    (uint64_t)0xe9b5dba58189dbbcU, (uint64_t)0x3956c25bf348b538U, (uint64_t)0x59f111f1b605d019U,
-    (uint64_t)0x923f82a4af194f9bU, (uint64_t)0xab1c5ed5da6d8118U, (uint64_t)0xd807aa98a3030242U,
-    (uint64_t)0x12835b0145706fbeU, (uint64_t)0x243185be4ee4b28cU, (uint64_t)0x550c7dc3d5ffb4e2U,
-    (uint64_t)0x72be5d74f27b896fU, (uint64_t)0x80deb1fe3b1696b1U, (uint64_t)0x9bdc06a725c71235U,
-    (uint64_t)0xc19bf174cf692694U, (uint64_t)0xe49b69c19ef14ad2U, (uint64_t)0xefbe4786384f25e3U,
-    (uint64_t)0x0fc19dc68b8cd5b5U, (uint64_t)0x240ca1cc77ac9c65U, (uint64_t)0x2de92c6f592b0275U,
-    (uint64_t)0x4a7484aa6ea6e483U, (uint64_t)0x5cb0a9dcbd41fbd4U, (uint64_t)0x76f988da831153b5U,
-    (uint64_t)0x983e5152ee66dfabU, (uint64_t)0xa831c66d2db43210U, (uint64_t)0xb00327c898fb213fU,
-    (uint64_t)0xbf597fc7beef0ee4U, (uint64_t)0xc6e00bf33da88fc2U, (uint64_t)0xd5a79147930aa725U,
-    (uint64_t)0x06ca6351e003826fU, (uint64_t)0x142929670a0e6e70U, (uint64_t)0x27b70a8546d22ffcU,
-    (uint64_t)0x2e1b21385c26c926U, (uint64_t)0x4d2c6dfc5ac42aedU, (uint64_t)0x53380d139d95b3dfU,
-    (uint64_t)0x650a73548baf63deU, (uint64_t)0x766a0abb3c77b2a8U, (uint64_t)0x81c2c92e47edaee6U,
-    (uint64_t)0x92722c851482353bU, (uint64_t)0xa2bfe8a14cf10364U, (uint64_t)0xa81a664bbc423001U,
-    (uint64_t)0xc24b8b70d0f89791U, (uint64_t)0xc76c51a30654be30U, (uint64_t)0xd192e819d6ef5218U,
-    (uint64_t)0xd69906245565a910U, (uint64_t)0xf40e35855771202aU, (uint64_t)0x106aa07032bbd1b8U,
-    (uint64_t)0x19a4c116b8d2d0c8U, (uint64_t)0x1e376c085141ab53U, (uint64_t)0x2748774cdf8eeb99U,
-    (uint64_t)0x34b0bcb5e19b48a8U, (uint64_t)0x391c0cb3c5c95a63U, (uint64_t)0x4ed8aa4ae3418acbU,
-    (uint64_t)0x5b9cca4f7763e373U, (uint64_t)0x682e6ff3d6b2b8a3U, (uint64_t)0x748f82ee5defb2fcU,
-    (uint64_t)0x78a5636f43172f60U, (uint64_t)0x84c87814a1f0ab72U, (uint64_t)0x8cc702081a6439ecU,
-    (uint64_t)0x90befffa23631e28U, (uint64_t)0xa4506cebde82bde9U, (uint64_t)0xbef9a3f7b2c67915U,
-    (uint64_t)0xc67178f2e372532bU, (uint64_t)0xca273eceea26619cU, (uint64_t)0xd186b8c721c0c207U,
-    (uint64_t)0xeada7dd6cde0eb1eU, (uint64_t)0xf57d4f7fee6ed178U, (uint64_t)0x06f067aa72176fbaU,
-    (uint64_t)0x0a637dc5a2c898a6U, (uint64_t)0x113f9804bef90daeU, (uint64_t)0x1b710b35131c471bU,
-    (uint64_t)0x28db77f523047d84U, (uint64_t)0x32caab7b40c72493U, (uint64_t)0x3c9ebe0a15c9bebcU,
-    (uint64_t)0x431d67c49c100d4cU, (uint64_t)0x4cc5d4becb3e42b6U, (uint64_t)0x597f299cfc657e2aU,
-    (uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U
+    0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+    0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+    0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+    0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+    0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+    0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+    0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+    0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+    0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+    0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+    0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+    0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+    0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+    0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+    0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+    0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+    0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+    0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+    0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+    0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
   };
 
-void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash);
+void Hacl_Hash_SHA2_sha256_init(uint32_t *hash);
 
-void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st);
+void Hacl_Hash_SHA2_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st);
 
 void
-Hacl_SHA2_Scalar32_sha256_update_last(
-  uint64_t totlen,
-  uint32_t len,
-  uint8_t *b,
-  uint32_t *hash
-);
+Hacl_Hash_SHA2_sha256_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *hash);
 
-void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h);
+void Hacl_Hash_SHA2_sha256_finish(uint32_t *st, uint8_t *h);
 
-void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash);
+void Hacl_Hash_SHA2_sha224_init(uint32_t *hash);
 
 void
-Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st);
+Hacl_Hash_SHA2_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st);
 
-void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h);
+void Hacl_Hash_SHA2_sha224_finish(uint32_t *st, uint8_t *h);
 
-void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash);
+void Hacl_Hash_SHA2_sha512_init(uint64_t *hash);
 
-void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
+void Hacl_Hash_SHA2_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
 
 void
-Hacl_SHA2_Scalar32_sha512_update_last(
+Hacl_Hash_SHA2_sha512_update_last(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
   uint8_t *b,
   uint64_t *hash
 );
 
-void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h);
+void Hacl_Hash_SHA2_sha512_finish(uint64_t *st, uint8_t *h);
 
-void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash);
+void Hacl_Hash_SHA2_sha384_init(uint64_t *hash);
 
-void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
+void Hacl_Hash_SHA2_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
 
 void
-Hacl_SHA2_Scalar32_sha384_update_last(
+Hacl_Hash_SHA2_sha384_update_last(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
   uint8_t *b,
   uint64_t *st
 );
 
-void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h);
+void Hacl_Hash_SHA2_sha384_finish(uint64_t *st, uint8_t *h);
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/internal/Hacl_Hash_SHA3.h b/include/msvc/internal/Hacl_Hash_SHA3.h
index 6f53d37c..1c8129fb 100644
--- a/include/msvc/internal/Hacl_Hash_SHA3.h
+++ b/include/msvc/internal/Hacl_Hash_SHA3.h
@@ -53,9 +53,9 @@ Hacl_Hash_SHA3_update_last_sha3(
   uint32_t input_len
 );
 
-void Hacl_Impl_SHA3_state_permute(uint64_t *s);
+void Hacl_Hash_SHA3_state_permute(uint64_t *s);
 
-void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s);
+void Hacl_Hash_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s);
 
 #if defined(__cplusplus)
 }
diff --git a/include/msvc/internal/Hacl_Impl_Blake2_Constants.h b/include/msvc/internal/Hacl_Impl_Blake2_Constants.h
index 185317ba..aedc2486 100644
--- a/include/msvc/internal/Hacl_Impl_Blake2_Constants.h
+++ b/include/msvc/internal/Hacl_Impl_Blake2_Constants.h
@@ -37,52 +37,32 @@ extern "C" {
 
 static const
 uint32_t
-Hacl_Impl_Blake2_Constants_sigmaTable[160U] =
+Hacl_Hash_Blake2s_sigmaTable[160U] =
   {
-    (uint32_t)0U, (uint32_t)1U, (uint32_t)2U, (uint32_t)3U, (uint32_t)4U, (uint32_t)5U,
-    (uint32_t)6U, (uint32_t)7U, (uint32_t)8U, (uint32_t)9U, (uint32_t)10U, (uint32_t)11U,
-    (uint32_t)12U, (uint32_t)13U, (uint32_t)14U, (uint32_t)15U, (uint32_t)14U, (uint32_t)10U,
-    (uint32_t)4U, (uint32_t)8U, (uint32_t)9U, (uint32_t)15U, (uint32_t)13U, (uint32_t)6U,
-    (uint32_t)1U, (uint32_t)12U, (uint32_t)0U, (uint32_t)2U, (uint32_t)11U, (uint32_t)7U,
-    (uint32_t)5U, (uint32_t)3U, (uint32_t)11U, (uint32_t)8U, (uint32_t)12U, (uint32_t)0U,
-    (uint32_t)5U, (uint32_t)2U, (uint32_t)15U, (uint32_t)13U, (uint32_t)10U, (uint32_t)14U,
-    (uint32_t)3U, (uint32_t)6U, (uint32_t)7U, (uint32_t)1U, (uint32_t)9U, (uint32_t)4U,
-    (uint32_t)7U, (uint32_t)9U, (uint32_t)3U, (uint32_t)1U, (uint32_t)13U, (uint32_t)12U,
-    (uint32_t)11U, (uint32_t)14U, (uint32_t)2U, (uint32_t)6U, (uint32_t)5U, (uint32_t)10U,
-    (uint32_t)4U, (uint32_t)0U, (uint32_t)15U, (uint32_t)8U, (uint32_t)9U, (uint32_t)0U,
-    (uint32_t)5U, (uint32_t)7U, (uint32_t)2U, (uint32_t)4U, (uint32_t)10U, (uint32_t)15U,
-    (uint32_t)14U, (uint32_t)1U, (uint32_t)11U, (uint32_t)12U, (uint32_t)6U, (uint32_t)8U,
-    (uint32_t)3U, (uint32_t)13U, (uint32_t)2U, (uint32_t)12U, (uint32_t)6U, (uint32_t)10U,
-    (uint32_t)0U, (uint32_t)11U, (uint32_t)8U, (uint32_t)3U, (uint32_t)4U, (uint32_t)13U,
-    (uint32_t)7U, (uint32_t)5U, (uint32_t)15U, (uint32_t)14U, (uint32_t)1U, (uint32_t)9U,
-    (uint32_t)12U, (uint32_t)5U, (uint32_t)1U, (uint32_t)15U, (uint32_t)14U, (uint32_t)13U,
-    (uint32_t)4U, (uint32_t)10U, (uint32_t)0U, (uint32_t)7U, (uint32_t)6U, (uint32_t)3U,
-    (uint32_t)9U, (uint32_t)2U, (uint32_t)8U, (uint32_t)11U, (uint32_t)13U, (uint32_t)11U,
-    (uint32_t)7U, (uint32_t)14U, (uint32_t)12U, (uint32_t)1U, (uint32_t)3U, (uint32_t)9U,
-    (uint32_t)5U, (uint32_t)0U, (uint32_t)15U, (uint32_t)4U, (uint32_t)8U, (uint32_t)6U,
-    (uint32_t)2U, (uint32_t)10U, (uint32_t)6U, (uint32_t)15U, (uint32_t)14U, (uint32_t)9U,
-    (uint32_t)11U, (uint32_t)3U, (uint32_t)0U, (uint32_t)8U, (uint32_t)12U, (uint32_t)2U,
-    (uint32_t)13U, (uint32_t)7U, (uint32_t)1U, (uint32_t)4U, (uint32_t)10U, (uint32_t)5U,
-    (uint32_t)10U, (uint32_t)2U, (uint32_t)8U, (uint32_t)4U, (uint32_t)7U, (uint32_t)6U,
-    (uint32_t)1U, (uint32_t)5U, (uint32_t)15U, (uint32_t)11U, (uint32_t)9U, (uint32_t)14U,
-    (uint32_t)3U, (uint32_t)12U, (uint32_t)13U
+    0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 14U, 10U, 4U, 8U, 9U, 15U,
+    13U, 6U, 1U, 12U, 0U, 2U, 11U, 7U, 5U, 3U, 11U, 8U, 12U, 0U, 5U, 2U, 15U, 13U, 10U, 14U, 3U, 6U,
+    7U, 1U, 9U, 4U, 7U, 9U, 3U, 1U, 13U, 12U, 11U, 14U, 2U, 6U, 5U, 10U, 4U, 0U, 15U, 8U, 9U, 0U,
+    5U, 7U, 2U, 4U, 10U, 15U, 14U, 1U, 11U, 12U, 6U, 8U, 3U, 13U, 2U, 12U, 6U, 10U, 0U, 11U, 8U, 3U,
+    4U, 13U, 7U, 5U, 15U, 14U, 1U, 9U, 12U, 5U, 1U, 15U, 14U, 13U, 4U, 10U, 0U, 7U, 6U, 3U, 9U, 2U,
+    8U, 11U, 13U, 11U, 7U, 14U, 12U, 1U, 3U, 9U, 5U, 0U, 15U, 4U, 8U, 6U, 2U, 10U, 6U, 15U, 14U, 9U,
+    11U, 3U, 0U, 8U, 12U, 2U, 13U, 7U, 1U, 4U, 10U, 5U, 10U, 2U, 8U, 4U, 7U, 6U, 1U, 5U, 15U, 11U,
+    9U, 14U, 3U, 12U, 13U
   };
 
 static const
 uint32_t
-Hacl_Impl_Blake2_Constants_ivTable_S[8U] =
+Hacl_Hash_Blake2s_ivTable_S[8U] =
   {
-    (uint32_t)0x6A09E667U, (uint32_t)0xBB67AE85U, (uint32_t)0x3C6EF372U, (uint32_t)0xA54FF53AU,
-    (uint32_t)0x510E527FU, (uint32_t)0x9B05688CU, (uint32_t)0x1F83D9ABU, (uint32_t)0x5BE0CD19U
+    0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU, 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU,
+    0x5BE0CD19U
   };
 
 static const
 uint64_t
-Hacl_Impl_Blake2_Constants_ivTable_B[8U] =
+Hacl_Hash_Blake2s_ivTable_B[8U] =
   {
-    (uint64_t)0x6A09E667F3BCC908U, (uint64_t)0xBB67AE8584CAA73BU, (uint64_t)0x3C6EF372FE94F82BU,
-    (uint64_t)0xA54FF53A5F1D36F1U, (uint64_t)0x510E527FADE682D1U, (uint64_t)0x9B05688C2B3E6C1FU,
-    (uint64_t)0x1F83D9ABFB41BD6BU, (uint64_t)0x5BE0CD19137E2179U
+    0x6A09E667F3BCC908ULL, 0xBB67AE8584CAA73BULL, 0x3C6EF372FE94F82BULL, 0xA54FF53A5F1D36F1ULL,
+    0x510E527FADE682D1ULL, 0x9B05688C2B3E6C1FULL, 0x1F83D9ABFB41BD6BULL, 0x5BE0CD19137E2179ULL
   };
 
 #if defined(__cplusplus)
diff --git a/include/msvc/internal/Hacl_Impl_FFDHE_Constants.h b/include/msvc/internal/Hacl_Impl_FFDHE_Constants.h
index c746c411..80cbdd52 100644
--- a/include/msvc/internal/Hacl_Impl_FFDHE_Constants.h
+++ b/include/msvc/internal/Hacl_Impl_FFDHE_Constants.h
@@ -35,528 +35,265 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_g2[1U] = { (uint8_t)0x02U };
+static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_g2[1U] = { 0x02U };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p2048[256U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x28U,
-    (uint8_t)0x5CU, (uint8_t)0x97U, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x28U, 0x5CU,
+    0x97U, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU
   };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p3072[384U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU,
-    (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU,
-    (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U,
-    (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U,
-    (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U,
-    (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U,
-    (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU,
-    (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU,
-    (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U,
-    (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U,
-    (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU,
-    (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U,
-    (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U,
-    (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU,
-    (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU,
-    (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU,
-    (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU,
-    (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U,
-    (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU,
-    (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU,
-    (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U,
-    (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU,
-    (uint8_t)0x66U, (uint8_t)0xC6U, (uint8_t)0x2EU, (uint8_t)0x37U, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU,
+    0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU,
+    0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU,
+    0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U,
+    0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU,
+    0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U,
+    0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU,
+    0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U,
+    0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U,
+    0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU,
+    0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0xC6U, 0x2EU, 0x37U, 0xFFU,
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU
   };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p4096[512U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU,
-    (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU,
-    (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U,
-    (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U,
-    (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U,
-    (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U,
-    (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU,
-    (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU,
-    (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U,
-    (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U,
-    (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU,
-    (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U,
-    (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U,
-    (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU,
-    (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU,
-    (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU,
-    (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU,
-    (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U,
-    (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU,
-    (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU,
-    (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U,
-    (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU,
-    (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU,
-    (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU,
-    (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U,
-    (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U,
-    (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U,
-    (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U,
-    (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U,
-    (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U,
-    (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU,
-    (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U,
-    (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U,
-    (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U,
-    (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U,
-    (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU,
-    (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U,
-    (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U,
-    (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U,
-    (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU,
-    (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U,
-    (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U,
-    (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU,
-    (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x65U, (uint8_t)0x5FU, (uint8_t)0x6AU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU,
+    0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU,
+    0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU,
+    0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U,
+    0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU,
+    0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U,
+    0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU,
+    0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U,
+    0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U,
+    0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU,
+    0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU,
+    0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U,
+    0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU,
+    0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU,
+    0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU,
+    0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U,
+    0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU,
+    0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U,
+    0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU,
+    0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U,
+    0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x65U, 0x5FU, 0x6AU, 0xFFU, 0xFFU, 0xFFU,
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU
   };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p6144[768U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU,
-    (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU,
-    (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U,
-    (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U,
-    (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U,
-    (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U,
-    (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU,
-    (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU,
-    (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U,
-    (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U,
-    (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU,
-    (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U,
-    (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U,
-    (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU,
-    (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU,
-    (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU,
-    (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU,
-    (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U,
-    (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU,
-    (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU,
-    (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U,
-    (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU,
-    (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU,
-    (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU,
-    (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U,
-    (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U,
-    (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U,
-    (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U,
-    (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U,
-    (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U,
-    (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU,
-    (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U,
-    (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U,
-    (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U,
-    (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U,
-    (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU,
-    (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U,
-    (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U,
-    (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U,
-    (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU,
-    (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U,
-    (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U,
-    (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU,
-    (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x0DU, (uint8_t)0xD9U, (uint8_t)0x02U,
-    (uint8_t)0x0BU, (uint8_t)0xFDU, (uint8_t)0x64U, (uint8_t)0xB6U, (uint8_t)0x45U, (uint8_t)0x03U,
-    (uint8_t)0x6CU, (uint8_t)0x7AU, (uint8_t)0x4EU, (uint8_t)0x67U, (uint8_t)0x7DU, (uint8_t)0x2CU,
-    (uint8_t)0x38U, (uint8_t)0x53U, (uint8_t)0x2AU, (uint8_t)0x3AU, (uint8_t)0x23U, (uint8_t)0xBAU,
-    (uint8_t)0x44U, (uint8_t)0x42U, (uint8_t)0xCAU, (uint8_t)0xF5U, (uint8_t)0x3EU, (uint8_t)0xA6U,
-    (uint8_t)0x3BU, (uint8_t)0xB4U, (uint8_t)0x54U, (uint8_t)0x32U, (uint8_t)0x9BU, (uint8_t)0x76U,
-    (uint8_t)0x24U, (uint8_t)0xC8U, (uint8_t)0x91U, (uint8_t)0x7BU, (uint8_t)0xDDU, (uint8_t)0x64U,
-    (uint8_t)0xB1U, (uint8_t)0xC0U, (uint8_t)0xFDU, (uint8_t)0x4CU, (uint8_t)0xB3U, (uint8_t)0x8EU,
-    (uint8_t)0x8CU, (uint8_t)0x33U, (uint8_t)0x4CU, (uint8_t)0x70U, (uint8_t)0x1CU, (uint8_t)0x3AU,
-    (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x06U, (uint8_t)0x57U, (uint8_t)0xFCU, (uint8_t)0xCFU,
-    (uint8_t)0xECU, (uint8_t)0x71U, (uint8_t)0x9BU, (uint8_t)0x1FU, (uint8_t)0x5CU, (uint8_t)0x3EU,
-    (uint8_t)0x4EU, (uint8_t)0x46U, (uint8_t)0x04U, (uint8_t)0x1FU, (uint8_t)0x38U, (uint8_t)0x81U,
-    (uint8_t)0x47U, (uint8_t)0xFBU, (uint8_t)0x4CU, (uint8_t)0xFDU, (uint8_t)0xB4U, (uint8_t)0x77U,
-    (uint8_t)0xA5U, (uint8_t)0x24U, (uint8_t)0x71U, (uint8_t)0xF7U, (uint8_t)0xA9U, (uint8_t)0xA9U,
-    (uint8_t)0x69U, (uint8_t)0x10U, (uint8_t)0xB8U, (uint8_t)0x55U, (uint8_t)0x32U, (uint8_t)0x2EU,
-    (uint8_t)0xDBU, (uint8_t)0x63U, (uint8_t)0x40U, (uint8_t)0xD8U, (uint8_t)0xA0U, (uint8_t)0x0EU,
-    (uint8_t)0xF0U, (uint8_t)0x92U, (uint8_t)0x35U, (uint8_t)0x05U, (uint8_t)0x11U, (uint8_t)0xE3U,
-    (uint8_t)0x0AU, (uint8_t)0xBEU, (uint8_t)0xC1U, (uint8_t)0xFFU, (uint8_t)0xF9U, (uint8_t)0xE3U,
-    (uint8_t)0xA2U, (uint8_t)0x6EU, (uint8_t)0x7FU, (uint8_t)0xB2U, (uint8_t)0x9FU, (uint8_t)0x8CU,
-    (uint8_t)0x18U, (uint8_t)0x30U, (uint8_t)0x23U, (uint8_t)0xC3U, (uint8_t)0x58U, (uint8_t)0x7EU,
-    (uint8_t)0x38U, (uint8_t)0xDAU, (uint8_t)0x00U, (uint8_t)0x77U, (uint8_t)0xD9U, (uint8_t)0xB4U,
-    (uint8_t)0x76U, (uint8_t)0x3EU, (uint8_t)0x4EU, (uint8_t)0x4BU, (uint8_t)0x94U, (uint8_t)0xB2U,
-    (uint8_t)0xBBU, (uint8_t)0xC1U, (uint8_t)0x94U, (uint8_t)0xC6U, (uint8_t)0x65U, (uint8_t)0x1EU,
-    (uint8_t)0x77U, (uint8_t)0xCAU, (uint8_t)0xF9U, (uint8_t)0x92U, (uint8_t)0xEEU, (uint8_t)0xAAU,
-    (uint8_t)0xC0U, (uint8_t)0x23U, (uint8_t)0x2AU, (uint8_t)0x28U, (uint8_t)0x1BU, (uint8_t)0xF6U,
-    (uint8_t)0xB3U, (uint8_t)0xA7U, (uint8_t)0x39U, (uint8_t)0xC1U, (uint8_t)0x22U, (uint8_t)0x61U,
-    (uint8_t)0x16U, (uint8_t)0x82U, (uint8_t)0x0AU, (uint8_t)0xE8U, (uint8_t)0xDBU, (uint8_t)0x58U,
-    (uint8_t)0x47U, (uint8_t)0xA6U, (uint8_t)0x7CU, (uint8_t)0xBEU, (uint8_t)0xF9U, (uint8_t)0xC9U,
-    (uint8_t)0x09U, (uint8_t)0x1BU, (uint8_t)0x46U, (uint8_t)0x2DU, (uint8_t)0x53U, (uint8_t)0x8CU,
-    (uint8_t)0xD7U, (uint8_t)0x2BU, (uint8_t)0x03U, (uint8_t)0x74U, (uint8_t)0x6AU, (uint8_t)0xE7U,
-    (uint8_t)0x7FU, (uint8_t)0x5EU, (uint8_t)0x62U, (uint8_t)0x29U, (uint8_t)0x2CU, (uint8_t)0x31U,
-    (uint8_t)0x15U, (uint8_t)0x62U, (uint8_t)0xA8U, (uint8_t)0x46U, (uint8_t)0x50U, (uint8_t)0x5DU,
-    (uint8_t)0xC8U, (uint8_t)0x2DU, (uint8_t)0xB8U, (uint8_t)0x54U, (uint8_t)0x33U, (uint8_t)0x8AU,
-    (uint8_t)0xE4U, (uint8_t)0x9FU, (uint8_t)0x52U, (uint8_t)0x35U, (uint8_t)0xC9U, (uint8_t)0x5BU,
-    (uint8_t)0x91U, (uint8_t)0x17U, (uint8_t)0x8CU, (uint8_t)0xCFU, (uint8_t)0x2DU, (uint8_t)0xD5U,
-    (uint8_t)0xCAU, (uint8_t)0xCEU, (uint8_t)0xF4U, (uint8_t)0x03U, (uint8_t)0xECU, (uint8_t)0x9DU,
-    (uint8_t)0x18U, (uint8_t)0x10U, (uint8_t)0xC6U, (uint8_t)0x27U, (uint8_t)0x2BU, (uint8_t)0x04U,
-    (uint8_t)0x5BU, (uint8_t)0x3BU, (uint8_t)0x71U, (uint8_t)0xF9U, (uint8_t)0xDCU, (uint8_t)0x6BU,
-    (uint8_t)0x80U, (uint8_t)0xD6U, (uint8_t)0x3FU, (uint8_t)0xDDU, (uint8_t)0x4AU, (uint8_t)0x8EU,
-    (uint8_t)0x9AU, (uint8_t)0xDBU, (uint8_t)0x1EU, (uint8_t)0x69U, (uint8_t)0x62U, (uint8_t)0xA6U,
-    (uint8_t)0x95U, (uint8_t)0x26U, (uint8_t)0xD4U, (uint8_t)0x31U, (uint8_t)0x61U, (uint8_t)0xC1U,
-    (uint8_t)0xA4U, (uint8_t)0x1DU, (uint8_t)0x57U, (uint8_t)0x0DU, (uint8_t)0x79U, (uint8_t)0x38U,
-    (uint8_t)0xDAU, (uint8_t)0xD4U, (uint8_t)0xA4U, (uint8_t)0x0EU, (uint8_t)0x32U, (uint8_t)0x9CU,
-    (uint8_t)0xD0U, (uint8_t)0xE4U, (uint8_t)0x0EU, (uint8_t)0x65U, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU,
+    0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU,
+    0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU,
+    0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U,
+    0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU,
+    0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U,
+    0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU,
+    0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U,
+    0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U,
+    0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU,
+    0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU,
+    0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U,
+    0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU,
+    0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU,
+    0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU,
+    0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U,
+    0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU,
+    0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U,
+    0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU,
+    0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U,
+    0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x0DU, 0xD9U, 0x02U, 0x0BU, 0xFDU, 0x64U,
+    0xB6U, 0x45U, 0x03U, 0x6CU, 0x7AU, 0x4EU, 0x67U, 0x7DU, 0x2CU, 0x38U, 0x53U, 0x2AU, 0x3AU,
+    0x23U, 0xBAU, 0x44U, 0x42U, 0xCAU, 0xF5U, 0x3EU, 0xA6U, 0x3BU, 0xB4U, 0x54U, 0x32U, 0x9BU,
+    0x76U, 0x24U, 0xC8U, 0x91U, 0x7BU, 0xDDU, 0x64U, 0xB1U, 0xC0U, 0xFDU, 0x4CU, 0xB3U, 0x8EU,
+    0x8CU, 0x33U, 0x4CU, 0x70U, 0x1CU, 0x3AU, 0xCDU, 0xADU, 0x06U, 0x57U, 0xFCU, 0xCFU, 0xECU,
+    0x71U, 0x9BU, 0x1FU, 0x5CU, 0x3EU, 0x4EU, 0x46U, 0x04U, 0x1FU, 0x38U, 0x81U, 0x47U, 0xFBU,
+    0x4CU, 0xFDU, 0xB4U, 0x77U, 0xA5U, 0x24U, 0x71U, 0xF7U, 0xA9U, 0xA9U, 0x69U, 0x10U, 0xB8U,
+    0x55U, 0x32U, 0x2EU, 0xDBU, 0x63U, 0x40U, 0xD8U, 0xA0U, 0x0EU, 0xF0U, 0x92U, 0x35U, 0x05U,
+    0x11U, 0xE3U, 0x0AU, 0xBEU, 0xC1U, 0xFFU, 0xF9U, 0xE3U, 0xA2U, 0x6EU, 0x7FU, 0xB2U, 0x9FU,
+    0x8CU, 0x18U, 0x30U, 0x23U, 0xC3U, 0x58U, 0x7EU, 0x38U, 0xDAU, 0x00U, 0x77U, 0xD9U, 0xB4U,
+    0x76U, 0x3EU, 0x4EU, 0x4BU, 0x94U, 0xB2U, 0xBBU, 0xC1U, 0x94U, 0xC6U, 0x65U, 0x1EU, 0x77U,
+    0xCAU, 0xF9U, 0x92U, 0xEEU, 0xAAU, 0xC0U, 0x23U, 0x2AU, 0x28U, 0x1BU, 0xF6U, 0xB3U, 0xA7U,
+    0x39U, 0xC1U, 0x22U, 0x61U, 0x16U, 0x82U, 0x0AU, 0xE8U, 0xDBU, 0x58U, 0x47U, 0xA6U, 0x7CU,
+    0xBEU, 0xF9U, 0xC9U, 0x09U, 0x1BU, 0x46U, 0x2DU, 0x53U, 0x8CU, 0xD7U, 0x2BU, 0x03U, 0x74U,
+    0x6AU, 0xE7U, 0x7FU, 0x5EU, 0x62U, 0x29U, 0x2CU, 0x31U, 0x15U, 0x62U, 0xA8U, 0x46U, 0x50U,
+    0x5DU, 0xC8U, 0x2DU, 0xB8U, 0x54U, 0x33U, 0x8AU, 0xE4U, 0x9FU, 0x52U, 0x35U, 0xC9U, 0x5BU,
+    0x91U, 0x17U, 0x8CU, 0xCFU, 0x2DU, 0xD5U, 0xCAU, 0xCEU, 0xF4U, 0x03U, 0xECU, 0x9DU, 0x18U,
+    0x10U, 0xC6U, 0x27U, 0x2BU, 0x04U, 0x5BU, 0x3BU, 0x71U, 0xF9U, 0xDCU, 0x6BU, 0x80U, 0xD6U,
+    0x3FU, 0xDDU, 0x4AU, 0x8EU, 0x9AU, 0xDBU, 0x1EU, 0x69U, 0x62U, 0xA6U, 0x95U, 0x26U, 0xD4U,
+    0x31U, 0x61U, 0xC1U, 0xA4U, 0x1DU, 0x57U, 0x0DU, 0x79U, 0x38U, 0xDAU, 0xD4U, 0xA4U, 0x0EU,
+    0x32U, 0x9CU, 0xD0U, 0xE4U, 0x0EU, 0x65U, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU,
+    0xFFU
   };
 
 static const
 uint8_t
 Hacl_Impl_FFDHE_Constants_ffdhe_p8192[1024U] =
   {
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U,
-    (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU,
-    (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U,
-    (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU,
-    (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U,
-    (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U,
-    (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U,
-    (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU,
-    (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U,
-    (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU,
-    (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U,
-    (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U,
-    (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U,
-    (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U,
-    (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U,
-    (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U,
-    (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU,
-    (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U,
-    (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U,
-    (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU,
-    (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U,
-    (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U,
-    (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU,
-    (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U,
-    (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U,
-    (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U,
-    (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U,
-    (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU,
-    (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U,
-    (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U,
-    (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U,
-    (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U,
-    (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U,
-    (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU,
-    (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U,
-    (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U,
-    (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U,
-    (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U,
-    (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU,
-    (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU,
-    (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU,
-    (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U,
-    (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U,
-    (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U,
-    (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U,
-    (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU,
-    (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU,
-    (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U,
-    (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U,
-    (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU,
-    (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U,
-    (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U,
-    (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU,
-    (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU,
-    (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU,
-    (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU,
-    (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U,
-    (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU,
-    (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU,
-    (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U,
-    (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU,
-    (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU,
-    (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU,
-    (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U,
-    (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U,
-    (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U,
-    (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U,
-    (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U,
-    (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U,
-    (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU,
-    (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U,
-    (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U,
-    (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U,
-    (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U,
-    (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU,
-    (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U,
-    (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U,
-    (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U,
-    (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU,
-    (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U,
-    (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U,
-    (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU,
-    (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x0DU, (uint8_t)0xD9U, (uint8_t)0x02U,
-    (uint8_t)0x0BU, (uint8_t)0xFDU, (uint8_t)0x64U, (uint8_t)0xB6U, (uint8_t)0x45U, (uint8_t)0x03U,
-    (uint8_t)0x6CU, (uint8_t)0x7AU, (uint8_t)0x4EU, (uint8_t)0x67U, (uint8_t)0x7DU, (uint8_t)0x2CU,
-    (uint8_t)0x38U, (uint8_t)0x53U, (uint8_t)0x2AU, (uint8_t)0x3AU, (uint8_t)0x23U, (uint8_t)0xBAU,
-    (uint8_t)0x44U, (uint8_t)0x42U, (uint8_t)0xCAU, (uint8_t)0xF5U, (uint8_t)0x3EU, (uint8_t)0xA6U,
-    (uint8_t)0x3BU, (uint8_t)0xB4U, (uint8_t)0x54U, (uint8_t)0x32U, (uint8_t)0x9BU, (uint8_t)0x76U,
-    (uint8_t)0x24U, (uint8_t)0xC8U, (uint8_t)0x91U, (uint8_t)0x7BU, (uint8_t)0xDDU, (uint8_t)0x64U,
-    (uint8_t)0xB1U, (uint8_t)0xC0U, (uint8_t)0xFDU, (uint8_t)0x4CU, (uint8_t)0xB3U, (uint8_t)0x8EU,
-    (uint8_t)0x8CU, (uint8_t)0x33U, (uint8_t)0x4CU, (uint8_t)0x70U, (uint8_t)0x1CU, (uint8_t)0x3AU,
-    (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x06U, (uint8_t)0x57U, (uint8_t)0xFCU, (uint8_t)0xCFU,
-    (uint8_t)0xECU, (uint8_t)0x71U, (uint8_t)0x9BU, (uint8_t)0x1FU, (uint8_t)0x5CU, (uint8_t)0x3EU,
-    (uint8_t)0x4EU, (uint8_t)0x46U, (uint8_t)0x04U, (uint8_t)0x1FU, (uint8_t)0x38U, (uint8_t)0x81U,
-    (uint8_t)0x47U, (uint8_t)0xFBU, (uint8_t)0x4CU, (uint8_t)0xFDU, (uint8_t)0xB4U, (uint8_t)0x77U,
-    (uint8_t)0xA5U, (uint8_t)0x24U, (uint8_t)0x71U, (uint8_t)0xF7U, (uint8_t)0xA9U, (uint8_t)0xA9U,
-    (uint8_t)0x69U, (uint8_t)0x10U, (uint8_t)0xB8U, (uint8_t)0x55U, (uint8_t)0x32U, (uint8_t)0x2EU,
-    (uint8_t)0xDBU, (uint8_t)0x63U, (uint8_t)0x40U, (uint8_t)0xD8U, (uint8_t)0xA0U, (uint8_t)0x0EU,
-    (uint8_t)0xF0U, (uint8_t)0x92U, (uint8_t)0x35U, (uint8_t)0x05U, (uint8_t)0x11U, (uint8_t)0xE3U,
-    (uint8_t)0x0AU, (uint8_t)0xBEU, (uint8_t)0xC1U, (uint8_t)0xFFU, (uint8_t)0xF9U, (uint8_t)0xE3U,
-    (uint8_t)0xA2U, (uint8_t)0x6EU, (uint8_t)0x7FU, (uint8_t)0xB2U, (uint8_t)0x9FU, (uint8_t)0x8CU,
-    (uint8_t)0x18U, (uint8_t)0x30U, (uint8_t)0x23U, (uint8_t)0xC3U, (uint8_t)0x58U, (uint8_t)0x7EU,
-    (uint8_t)0x38U, (uint8_t)0xDAU, (uint8_t)0x00U, (uint8_t)0x77U, (uint8_t)0xD9U, (uint8_t)0xB4U,
-    (uint8_t)0x76U, (uint8_t)0x3EU, (uint8_t)0x4EU, (uint8_t)0x4BU, (uint8_t)0x94U, (uint8_t)0xB2U,
-    (uint8_t)0xBBU, (uint8_t)0xC1U, (uint8_t)0x94U, (uint8_t)0xC6U, (uint8_t)0x65U, (uint8_t)0x1EU,
-    (uint8_t)0x77U, (uint8_t)0xCAU, (uint8_t)0xF9U, (uint8_t)0x92U, (uint8_t)0xEEU, (uint8_t)0xAAU,
-    (uint8_t)0xC0U, (uint8_t)0x23U, (uint8_t)0x2AU, (uint8_t)0x28U, (uint8_t)0x1BU, (uint8_t)0xF6U,
-    (uint8_t)0xB3U, (uint8_t)0xA7U, (uint8_t)0x39U, (uint8_t)0xC1U, (uint8_t)0x22U, (uint8_t)0x61U,
-    (uint8_t)0x16U, (uint8_t)0x82U, (uint8_t)0x0AU, (uint8_t)0xE8U, (uint8_t)0xDBU, (uint8_t)0x58U,
-    (uint8_t)0x47U, (uint8_t)0xA6U, (uint8_t)0x7CU, (uint8_t)0xBEU, (uint8_t)0xF9U, (uint8_t)0xC9U,
-    (uint8_t)0x09U, (uint8_t)0x1BU, (uint8_t)0x46U, (uint8_t)0x2DU, (uint8_t)0x53U, (uint8_t)0x8CU,
-    (uint8_t)0xD7U, (uint8_t)0x2BU, (uint8_t)0x03U, (uint8_t)0x74U, (uint8_t)0x6AU, (uint8_t)0xE7U,
-    (uint8_t)0x7FU, (uint8_t)0x5EU, (uint8_t)0x62U, (uint8_t)0x29U, (uint8_t)0x2CU, (uint8_t)0x31U,
-    (uint8_t)0x15U, (uint8_t)0x62U, (uint8_t)0xA8U, (uint8_t)0x46U, (uint8_t)0x50U, (uint8_t)0x5DU,
-    (uint8_t)0xC8U, (uint8_t)0x2DU, (uint8_t)0xB8U, (uint8_t)0x54U, (uint8_t)0x33U, (uint8_t)0x8AU,
-    (uint8_t)0xE4U, (uint8_t)0x9FU, (uint8_t)0x52U, (uint8_t)0x35U, (uint8_t)0xC9U, (uint8_t)0x5BU,
-    (uint8_t)0x91U, (uint8_t)0x17U, (uint8_t)0x8CU, (uint8_t)0xCFU, (uint8_t)0x2DU, (uint8_t)0xD5U,
-    (uint8_t)0xCAU, (uint8_t)0xCEU, (uint8_t)0xF4U, (uint8_t)0x03U, (uint8_t)0xECU, (uint8_t)0x9DU,
-    (uint8_t)0x18U, (uint8_t)0x10U, (uint8_t)0xC6U, (uint8_t)0x27U, (uint8_t)0x2BU, (uint8_t)0x04U,
-    (uint8_t)0x5BU, (uint8_t)0x3BU, (uint8_t)0x71U, (uint8_t)0xF9U, (uint8_t)0xDCU, (uint8_t)0x6BU,
-    (uint8_t)0x80U, (uint8_t)0xD6U, (uint8_t)0x3FU, (uint8_t)0xDDU, (uint8_t)0x4AU, (uint8_t)0x8EU,
-    (uint8_t)0x9AU, (uint8_t)0xDBU, (uint8_t)0x1EU, (uint8_t)0x69U, (uint8_t)0x62U, (uint8_t)0xA6U,
-    (uint8_t)0x95U, (uint8_t)0x26U, (uint8_t)0xD4U, (uint8_t)0x31U, (uint8_t)0x61U, (uint8_t)0xC1U,
-    (uint8_t)0xA4U, (uint8_t)0x1DU, (uint8_t)0x57U, (uint8_t)0x0DU, (uint8_t)0x79U, (uint8_t)0x38U,
-    (uint8_t)0xDAU, (uint8_t)0xD4U, (uint8_t)0xA4U, (uint8_t)0x0EU, (uint8_t)0x32U, (uint8_t)0x9CU,
-    (uint8_t)0xCFU, (uint8_t)0xF4U, (uint8_t)0x6AU, (uint8_t)0xAAU, (uint8_t)0x36U, (uint8_t)0xADU,
-    (uint8_t)0x00U, (uint8_t)0x4CU, (uint8_t)0xF6U, (uint8_t)0x00U, (uint8_t)0xC8U, (uint8_t)0x38U,
-    (uint8_t)0x1EU, (uint8_t)0x42U, (uint8_t)0x5AU, (uint8_t)0x31U, (uint8_t)0xD9U, (uint8_t)0x51U,
-    (uint8_t)0xAEU, (uint8_t)0x64U, (uint8_t)0xFDU, (uint8_t)0xB2U, (uint8_t)0x3FU, (uint8_t)0xCEU,
-    (uint8_t)0xC9U, (uint8_t)0x50U, (uint8_t)0x9DU, (uint8_t)0x43U, (uint8_t)0x68U, (uint8_t)0x7FU,
-    (uint8_t)0xEBU, (uint8_t)0x69U, (uint8_t)0xEDU, (uint8_t)0xD1U, (uint8_t)0xCCU, (uint8_t)0x5EU,
-    (uint8_t)0x0BU, (uint8_t)0x8CU, (uint8_t)0xC3U, (uint8_t)0xBDU, (uint8_t)0xF6U, (uint8_t)0x4BU,
-    (uint8_t)0x10U, (uint8_t)0xEFU, (uint8_t)0x86U, (uint8_t)0xB6U, (uint8_t)0x31U, (uint8_t)0x42U,
-    (uint8_t)0xA3U, (uint8_t)0xABU, (uint8_t)0x88U, (uint8_t)0x29U, (uint8_t)0x55U, (uint8_t)0x5BU,
-    (uint8_t)0x2FU, (uint8_t)0x74U, (uint8_t)0x7CU, (uint8_t)0x93U, (uint8_t)0x26U, (uint8_t)0x65U,
-    (uint8_t)0xCBU, (uint8_t)0x2CU, (uint8_t)0x0FU, (uint8_t)0x1CU, (uint8_t)0xC0U, (uint8_t)0x1BU,
-    (uint8_t)0xD7U, (uint8_t)0x02U, (uint8_t)0x29U, (uint8_t)0x38U, (uint8_t)0x88U, (uint8_t)0x39U,
-    (uint8_t)0xD2U, (uint8_t)0xAFU, (uint8_t)0x05U, (uint8_t)0xE4U, (uint8_t)0x54U, (uint8_t)0x50U,
-    (uint8_t)0x4AU, (uint8_t)0xC7U, (uint8_t)0x8BU, (uint8_t)0x75U, (uint8_t)0x82U, (uint8_t)0x82U,
-    (uint8_t)0x28U, (uint8_t)0x46U, (uint8_t)0xC0U, (uint8_t)0xBAU, (uint8_t)0x35U, (uint8_t)0xC3U,
-    (uint8_t)0x5FU, (uint8_t)0x5CU, (uint8_t)0x59U, (uint8_t)0x16U, (uint8_t)0x0CU, (uint8_t)0xC0U,
-    (uint8_t)0x46U, (uint8_t)0xFDU, (uint8_t)0x82U, (uint8_t)0x51U, (uint8_t)0x54U, (uint8_t)0x1FU,
-    (uint8_t)0xC6U, (uint8_t)0x8CU, (uint8_t)0x9CU, (uint8_t)0x86U, (uint8_t)0xB0U, (uint8_t)0x22U,
-    (uint8_t)0xBBU, (uint8_t)0x70U, (uint8_t)0x99U, (uint8_t)0x87U, (uint8_t)0x6AU, (uint8_t)0x46U,
-    (uint8_t)0x0EU, (uint8_t)0x74U, (uint8_t)0x51U, (uint8_t)0xA8U, (uint8_t)0xA9U, (uint8_t)0x31U,
-    (uint8_t)0x09U, (uint8_t)0x70U, (uint8_t)0x3FU, (uint8_t)0xEEU, (uint8_t)0x1CU, (uint8_t)0x21U,
-    (uint8_t)0x7EU, (uint8_t)0x6CU, (uint8_t)0x38U, (uint8_t)0x26U, (uint8_t)0xE5U, (uint8_t)0x2CU,
-    (uint8_t)0x51U, (uint8_t)0xAAU, (uint8_t)0x69U, (uint8_t)0x1EU, (uint8_t)0x0EU, (uint8_t)0x42U,
-    (uint8_t)0x3CU, (uint8_t)0xFCU, (uint8_t)0x99U, (uint8_t)0xE9U, (uint8_t)0xE3U, (uint8_t)0x16U,
-    (uint8_t)0x50U, (uint8_t)0xC1U, (uint8_t)0x21U, (uint8_t)0x7BU, (uint8_t)0x62U, (uint8_t)0x48U,
-    (uint8_t)0x16U, (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x9AU, (uint8_t)0x95U, (uint8_t)0xF9U,
-    (uint8_t)0xD5U, (uint8_t)0xB8U, (uint8_t)0x01U, (uint8_t)0x94U, (uint8_t)0x88U, (uint8_t)0xD9U,
-    (uint8_t)0xC0U, (uint8_t)0xA0U, (uint8_t)0xA1U, (uint8_t)0xFEU, (uint8_t)0x30U, (uint8_t)0x75U,
-    (uint8_t)0xA5U, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0x31U, (uint8_t)0x83U, (uint8_t)0xF8U,
-    (uint8_t)0x1DU, (uint8_t)0x4AU, (uint8_t)0x3FU, (uint8_t)0x2FU, (uint8_t)0xA4U, (uint8_t)0x57U,
-    (uint8_t)0x1EU, (uint8_t)0xFCU, (uint8_t)0x8CU, (uint8_t)0xE0U, (uint8_t)0xBAU, (uint8_t)0x8AU,
-    (uint8_t)0x4FU, (uint8_t)0xE8U, (uint8_t)0xB6U, (uint8_t)0x85U, (uint8_t)0x5DU, (uint8_t)0xFEU,
-    (uint8_t)0x72U, (uint8_t)0xB0U, (uint8_t)0xA6U, (uint8_t)0x6EU, (uint8_t)0xDEU, (uint8_t)0xD2U,
-    (uint8_t)0xFBU, (uint8_t)0xABU, (uint8_t)0xFBU, (uint8_t)0xE5U, (uint8_t)0x8AU, (uint8_t)0x30U,
-    (uint8_t)0xFAU, (uint8_t)0xFAU, (uint8_t)0xBEU, (uint8_t)0x1CU, (uint8_t)0x5DU, (uint8_t)0x71U,
-    (uint8_t)0xA8U, (uint8_t)0x7EU, (uint8_t)0x2FU, (uint8_t)0x74U, (uint8_t)0x1EU, (uint8_t)0xF8U,
-    (uint8_t)0xC1U, (uint8_t)0xFEU, (uint8_t)0x86U, (uint8_t)0xFEU, (uint8_t)0xA6U, (uint8_t)0xBBU,
-    (uint8_t)0xFDU, (uint8_t)0xE5U, (uint8_t)0x30U, (uint8_t)0x67U, (uint8_t)0x7FU, (uint8_t)0x0DU,
-    (uint8_t)0x97U, (uint8_t)0xD1U, (uint8_t)0x1DU, (uint8_t)0x49U, (uint8_t)0xF7U, (uint8_t)0xA8U,
-    (uint8_t)0x44U, (uint8_t)0x3DU, (uint8_t)0x08U, (uint8_t)0x22U, (uint8_t)0xE5U, (uint8_t)0x06U,
-    (uint8_t)0xA9U, (uint8_t)0xF4U, (uint8_t)0x61U, (uint8_t)0x4EU, (uint8_t)0x01U, (uint8_t)0x1EU,
-    (uint8_t)0x2AU, (uint8_t)0x94U, (uint8_t)0x83U, (uint8_t)0x8FU, (uint8_t)0xF8U, (uint8_t)0x8CU,
-    (uint8_t)0xD6U, (uint8_t)0x8CU, (uint8_t)0x8BU, (uint8_t)0xB7U, (uint8_t)0xC5U, (uint8_t)0xC6U,
-    (uint8_t)0x42U, (uint8_t)0x4CU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU,
-    (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU
+    0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U,
+    0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U,
+    0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U,
+    0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U,
+    0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U,
+    0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U,
+    0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U,
+    0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U,
+    0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U,
+    0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU,
+    0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U,
+    0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U,
+    0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU,
+    0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U,
+    0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU,
+    0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U,
+    0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU,
+    0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U,
+    0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU,
+    0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU,
+    0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU,
+    0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U,
+    0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU,
+    0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U,
+    0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU,
+    0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U,
+    0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U,
+    0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU,
+    0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU,
+    0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U,
+    0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU,
+    0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU,
+    0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU,
+    0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U,
+    0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU,
+    0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U,
+    0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU,
+    0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U,
+    0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x0DU, 0xD9U, 0x02U, 0x0BU, 0xFDU, 0x64U,
+    0xB6U, 0x45U, 0x03U, 0x6CU, 0x7AU, 0x4EU, 0x67U, 0x7DU, 0x2CU, 0x38U, 0x53U, 0x2AU, 0x3AU,
+    0x23U, 0xBAU, 0x44U, 0x42U, 0xCAU, 0xF5U, 0x3EU, 0xA6U, 0x3BU, 0xB4U, 0x54U, 0x32U, 0x9BU,
+    0x76U, 0x24U, 0xC8U, 0x91U, 0x7BU, 0xDDU, 0x64U, 0xB1U, 0xC0U, 0xFDU, 0x4CU, 0xB3U, 0x8EU,
+    0x8CU, 0x33U, 0x4CU, 0x70U, 0x1CU, 0x3AU, 0xCDU, 0xADU, 0x06U, 0x57U, 0xFCU, 0xCFU, 0xECU,
+    0x71U, 0x9BU, 0x1FU, 0x5CU, 0x3EU, 0x4EU, 0x46U, 0x04U, 0x1FU, 0x38U, 0x81U, 0x47U, 0xFBU,
+    0x4CU, 0xFDU, 0xB4U, 0x77U, 0xA5U, 0x24U, 0x71U, 0xF7U, 0xA9U, 0xA9U, 0x69U, 0x10U, 0xB8U,
+    0x55U, 0x32U, 0x2EU, 0xDBU, 0x63U, 0x40U, 0xD8U, 0xA0U, 0x0EU, 0xF0U, 0x92U, 0x35U, 0x05U,
+    0x11U, 0xE3U, 0x0AU, 0xBEU, 0xC1U, 0xFFU, 0xF9U, 0xE3U, 0xA2U, 0x6EU, 0x7FU, 0xB2U, 0x9FU,
+    0x8CU, 0x18U, 0x30U, 0x23U, 0xC3U, 0x58U, 0x7EU, 0x38U, 0xDAU, 0x00U, 0x77U, 0xD9U, 0xB4U,
+    0x76U, 0x3EU, 0x4EU, 0x4BU, 0x94U, 0xB2U, 0xBBU, 0xC1U, 0x94U, 0xC6U, 0x65U, 0x1EU, 0x77U,
+    0xCAU, 0xF9U, 0x92U, 0xEEU, 0xAAU, 0xC0U, 0x23U, 0x2AU, 0x28U, 0x1BU, 0xF6U, 0xB3U, 0xA7U,
+    0x39U, 0xC1U, 0x22U, 0x61U, 0x16U, 0x82U, 0x0AU, 0xE8U, 0xDBU, 0x58U, 0x47U, 0xA6U, 0x7CU,
+    0xBEU, 0xF9U, 0xC9U, 0x09U, 0x1BU, 0x46U, 0x2DU, 0x53U, 0x8CU, 0xD7U, 0x2BU, 0x03U, 0x74U,
+    0x6AU, 0xE7U, 0x7FU, 0x5EU, 0x62U, 0x29U, 0x2CU, 0x31U, 0x15U, 0x62U, 0xA8U, 0x46U, 0x50U,
+    0x5DU, 0xC8U, 0x2DU, 0xB8U, 0x54U, 0x33U, 0x8AU, 0xE4U, 0x9FU, 0x52U, 0x35U, 0xC9U, 0x5BU,
+    0x91U, 0x17U, 0x8CU, 0xCFU, 0x2DU, 0xD5U, 0xCAU, 0xCEU, 0xF4U, 0x03U, 0xECU, 0x9DU, 0x18U,
+    0x10U, 0xC6U, 0x27U, 0x2BU, 0x04U, 0x5BU, 0x3BU, 0x71U, 0xF9U, 0xDCU, 0x6BU, 0x80U, 0xD6U,
+    0x3FU, 0xDDU, 0x4AU, 0x8EU, 0x9AU, 0xDBU, 0x1EU, 0x69U, 0x62U, 0xA6U, 0x95U, 0x26U, 0xD4U,
+    0x31U, 0x61U, 0xC1U, 0xA4U, 0x1DU, 0x57U, 0x0DU, 0x79U, 0x38U, 0xDAU, 0xD4U, 0xA4U, 0x0EU,
+    0x32U, 0x9CU, 0xCFU, 0xF4U, 0x6AU, 0xAAU, 0x36U, 0xADU, 0x00U, 0x4CU, 0xF6U, 0x00U, 0xC8U,
+    0x38U, 0x1EU, 0x42U, 0x5AU, 0x31U, 0xD9U, 0x51U, 0xAEU, 0x64U, 0xFDU, 0xB2U, 0x3FU, 0xCEU,
+    0xC9U, 0x50U, 0x9DU, 0x43U, 0x68U, 0x7FU, 0xEBU, 0x69U, 0xEDU, 0xD1U, 0xCCU, 0x5EU, 0x0BU,
+    0x8CU, 0xC3U, 0xBDU, 0xF6U, 0x4BU, 0x10U, 0xEFU, 0x86U, 0xB6U, 0x31U, 0x42U, 0xA3U, 0xABU,
+    0x88U, 0x29U, 0x55U, 0x5BU, 0x2FU, 0x74U, 0x7CU, 0x93U, 0x26U, 0x65U, 0xCBU, 0x2CU, 0x0FU,
+    0x1CU, 0xC0U, 0x1BU, 0xD7U, 0x02U, 0x29U, 0x38U, 0x88U, 0x39U, 0xD2U, 0xAFU, 0x05U, 0xE4U,
+    0x54U, 0x50U, 0x4AU, 0xC7U, 0x8BU, 0x75U, 0x82U, 0x82U, 0x28U, 0x46U, 0xC0U, 0xBAU, 0x35U,
+    0xC3U, 0x5FU, 0x5CU, 0x59U, 0x16U, 0x0CU, 0xC0U, 0x46U, 0xFDU, 0x82U, 0x51U, 0x54U, 0x1FU,
+    0xC6U, 0x8CU, 0x9CU, 0x86U, 0xB0U, 0x22U, 0xBBU, 0x70U, 0x99U, 0x87U, 0x6AU, 0x46U, 0x0EU,
+    0x74U, 0x51U, 0xA8U, 0xA9U, 0x31U, 0x09U, 0x70U, 0x3FU, 0xEEU, 0x1CU, 0x21U, 0x7EU, 0x6CU,
+    0x38U, 0x26U, 0xE5U, 0x2CU, 0x51U, 0xAAU, 0x69U, 0x1EU, 0x0EU, 0x42U, 0x3CU, 0xFCU, 0x99U,
+    0xE9U, 0xE3U, 0x16U, 0x50U, 0xC1U, 0x21U, 0x7BU, 0x62U, 0x48U, 0x16U, 0xCDU, 0xADU, 0x9AU,
+    0x95U, 0xF9U, 0xD5U, 0xB8U, 0x01U, 0x94U, 0x88U, 0xD9U, 0xC0U, 0xA0U, 0xA1U, 0xFEU, 0x30U,
+    0x75U, 0xA5U, 0x77U, 0xE2U, 0x31U, 0x83U, 0xF8U, 0x1DU, 0x4AU, 0x3FU, 0x2FU, 0xA4U, 0x57U,
+    0x1EU, 0xFCU, 0x8CU, 0xE0U, 0xBAU, 0x8AU, 0x4FU, 0xE8U, 0xB6U, 0x85U, 0x5DU, 0xFEU, 0x72U,
+    0xB0U, 0xA6U, 0x6EU, 0xDEU, 0xD2U, 0xFBU, 0xABU, 0xFBU, 0xE5U, 0x8AU, 0x30U, 0xFAU, 0xFAU,
+    0xBEU, 0x1CU, 0x5DU, 0x71U, 0xA8U, 0x7EU, 0x2FU, 0x74U, 0x1EU, 0xF8U, 0xC1U, 0xFEU, 0x86U,
+    0xFEU, 0xA6U, 0xBBU, 0xFDU, 0xE5U, 0x30U, 0x67U, 0x7FU, 0x0DU, 0x97U, 0xD1U, 0x1DU, 0x49U,
+    0xF7U, 0xA8U, 0x44U, 0x3DU, 0x08U, 0x22U, 0xE5U, 0x06U, 0xA9U, 0xF4U, 0x61U, 0x4EU, 0x01U,
+    0x1EU, 0x2AU, 0x94U, 0x83U, 0x8FU, 0xF8U, 0x8CU, 0xD6U, 0x8CU, 0x8BU, 0xB7U, 0xC5U, 0xC6U,
+    0x42U, 0x4CU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU
   };
 
 #if defined(__cplusplus)
diff --git a/include/msvc/internal/Hacl_K256_PrecompTable.h b/include/msvc/internal/Hacl_K256_PrecompTable.h
index 26bdfa1f..ff15f1c9 100644
--- a/include/msvc/internal/Hacl_K256_PrecompTable.h
+++ b/include/msvc/internal/Hacl_K256_PrecompTable.h
@@ -39,498 +39,378 @@ static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_basepoint_table_w4[240U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)705178180786072U,
-    (uint64_t)3855836460717471U, (uint64_t)4089131105950716U, (uint64_t)3301581525494108U,
-    (uint64_t)133858670344668U, (uint64_t)2199641648059576U, (uint64_t)1278080618437060U,
-    (uint64_t)3959378566518708U, (uint64_t)3455034269351872U, (uint64_t)79417610544803U,
-    (uint64_t)1U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)1282049064345544U, (uint64_t)971732600440099U, (uint64_t)1014594595727339U,
-    (uint64_t)4392159187541980U, (uint64_t)268327875692285U, (uint64_t)2411661712280539U,
-    (uint64_t)1092576199280126U, (uint64_t)4328619610718051U, (uint64_t)3535440816471627U,
-    (uint64_t)95182251488556U, (uint64_t)1893725512243753U, (uint64_t)3619861457111820U,
-    (uint64_t)879374960417905U, (uint64_t)2868056058129113U, (uint64_t)273195291893682U,
-    (uint64_t)2044797305960112U, (uint64_t)2357106853933780U, (uint64_t)3563112438336058U,
-    (uint64_t)2430811541762558U, (uint64_t)106443809495428U, (uint64_t)2231357633909668U,
-    (uint64_t)3641705835951936U, (uint64_t)80642569314189U, (uint64_t)2254841882373268U,
-    (uint64_t)149848031966573U, (uint64_t)2304615661367764U, (uint64_t)2410957403736446U,
-    (uint64_t)2712754805859804U, (uint64_t)2440183877540536U, (uint64_t)99784623895865U,
-    (uint64_t)3667773127482758U, (uint64_t)1354899394473308U, (uint64_t)3636602998800808U,
-    (uint64_t)2709296679846364U, (uint64_t)7253362091963U, (uint64_t)3585950735562744U,
-    (uint64_t)935775991758415U, (uint64_t)4108078106735201U, (uint64_t)556081800336307U,
-    (uint64_t)229585977163057U, (uint64_t)4055594186679801U, (uint64_t)1767681004944933U,
-    (uint64_t)1432634922083242U, (uint64_t)534935602949197U, (uint64_t)251753159522567U,
-    (uint64_t)2846474078499321U, (uint64_t)4488649590348702U, (uint64_t)2437476916025038U,
-    (uint64_t)3040577412822874U, (uint64_t)79405234918614U, (uint64_t)3030621226551508U,
-    (uint64_t)2801117003929806U, (uint64_t)1642927515498422U, (uint64_t)2802725079726297U,
-    (uint64_t)8472780626107U, (uint64_t)866068070352655U, (uint64_t)188080768545106U,
-    (uint64_t)2152119998903058U, (uint64_t)3391239985029665U, (uint64_t)23820026013564U,
-    (uint64_t)2965064154891949U, (uint64_t)1846516097921398U, (uint64_t)4418379948133146U,
-    (uint64_t)3137755426942400U, (uint64_t)47705291301781U, (uint64_t)4278533051105665U,
-    (uint64_t)3453643211214931U, (uint64_t)3379734319145156U, (uint64_t)3762442192097039U,
-    (uint64_t)40243003528694U, (uint64_t)4063448994211201U, (uint64_t)5697015368785U,
-    (uint64_t)1006545411838613U, (uint64_t)4242291693755210U, (uint64_t)135184629190512U,
-    (uint64_t)264898689131035U, (uint64_t)611796474823597U, (uint64_t)3255382250029089U,
-    (uint64_t)3490429246984696U, (uint64_t)236558595864362U, (uint64_t)2055934691551704U,
-    (uint64_t)1487711670114502U, (uint64_t)1823930698221632U, (uint64_t)2130937287438472U,
-    (uint64_t)154610053389779U, (uint64_t)2746573287023216U, (uint64_t)2430987262221221U,
-    (uint64_t)1668741642878689U, (uint64_t)904982541243977U, (uint64_t)56087343124948U,
-    (uint64_t)393905062353536U, (uint64_t)412681877350188U, (uint64_t)3153602040979977U,
-    (uint64_t)4466820876224989U, (uint64_t)146579165617857U, (uint64_t)2628741216508991U,
-    (uint64_t)747994231529806U, (uint64_t)750506569317681U, (uint64_t)1887492790748779U,
-    (uint64_t)35259008682771U, (uint64_t)2085116434894208U, (uint64_t)543291398921711U,
-    (uint64_t)1144362007901552U, (uint64_t)679305136036846U, (uint64_t)141090902244489U,
-    (uint64_t)632480954474859U, (uint64_t)2384513102652591U, (uint64_t)2225529790159790U,
-    (uint64_t)692258664851625U, (uint64_t)198681843567699U, (uint64_t)2397092587228181U,
-    (uint64_t)145862822166614U, (uint64_t)196976540479452U, (uint64_t)3321831130141455U,
-    (uint64_t)69266673089832U, (uint64_t)4469644227342284U, (uint64_t)3899271145504796U,
-    (uint64_t)1261890974076660U, (uint64_t)525357673886694U, (uint64_t)182135997828583U,
-    (uint64_t)4292760618810332U, (uint64_t)3404186545541683U, (uint64_t)312297386688768U,
-    (uint64_t)204377466824608U, (uint64_t)230900767857952U, (uint64_t)3871485172339693U,
-    (uint64_t)779449329662955U, (uint64_t)978655822464694U, (uint64_t)2278252139594027U,
-    (uint64_t)104641527040382U, (uint64_t)3528840153625765U, (uint64_t)4484699080275273U,
-    (uint64_t)1463971951102316U, (uint64_t)4013910812844749U, (uint64_t)228915589433620U,
-    (uint64_t)1209641433482461U, (uint64_t)4043178788774759U, (uint64_t)3008668238856634U,
-    (uint64_t)1448425089071412U, (uint64_t)26269719725037U, (uint64_t)3330785027545223U,
-    (uint64_t)852657975349259U, (uint64_t)227245054466105U, (uint64_t)1534632353984777U,
-    (uint64_t)207715098574660U, (uint64_t)3209837527352280U, (uint64_t)4051688046309066U,
-    (uint64_t)3839009590725955U, (uint64_t)1321506437398842U, (uint64_t)68340219159928U,
-    (uint64_t)1806950276956275U, (uint64_t)3923908055275295U, (uint64_t)743963253393575U,
-    (uint64_t)42162407478783U, (uint64_t)261334584474610U, (uint64_t)3728224928885214U,
-    (uint64_t)4004701081842869U, (uint64_t)709043201644674U, (uint64_t)4267294249150171U,
-    (uint64_t)255540582975025U, (uint64_t)875490593722211U, (uint64_t)796393708218375U,
-    (uint64_t)14774425627956U, (uint64_t)1500040516752097U, (uint64_t)141076627721678U,
-    (uint64_t)2634539368480628U, (uint64_t)1106488853550103U, (uint64_t)2346231921151930U,
-    (uint64_t)897108283954283U, (uint64_t)64616679559843U, (uint64_t)400244949840943U,
-    (uint64_t)1731263826831733U, (uint64_t)1649996579904651U, (uint64_t)3643693449640761U,
-    (uint64_t)172543068638991U, (uint64_t)329537981097182U, (uint64_t)2029799860802869U,
-    (uint64_t)4377737515208862U, (uint64_t)29103311051334U, (uint64_t)265583594111499U,
-    (uint64_t)3798074876561255U, (uint64_t)184749333259352U, (uint64_t)3117395073661801U,
-    (uint64_t)3695784565008833U, (uint64_t)64282709896721U, (uint64_t)1618968913246422U,
-    (uint64_t)3185235128095257U, (uint64_t)3288745068118692U, (uint64_t)1963818603508782U,
-    (uint64_t)281054350739495U, (uint64_t)1658639050810346U, (uint64_t)3061097601679552U,
-    (uint64_t)3023781433263746U, (uint64_t)2770283391242475U, (uint64_t)144508864751908U,
-    (uint64_t)173576288079856U, (uint64_t)46114579547054U, (uint64_t)1679480127300211U,
-    (uint64_t)1683062051644007U, (uint64_t)117183826129323U, (uint64_t)1894068608117440U,
-    (uint64_t)3846899838975733U, (uint64_t)4289279019496192U, (uint64_t)176995887914031U,
-    (uint64_t)78074942938713U, (uint64_t)454207263265292U, (uint64_t)972683614054061U,
-    (uint64_t)808474205144361U, (uint64_t)942703935951735U, (uint64_t)134460241077887U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    705178180786072ULL, 3855836460717471ULL, 4089131105950716ULL, 3301581525494108ULL,
+    133858670344668ULL, 2199641648059576ULL, 1278080618437060ULL, 3959378566518708ULL,
+    3455034269351872ULL, 79417610544803ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1282049064345544ULL,
+    971732600440099ULL, 1014594595727339ULL, 4392159187541980ULL, 268327875692285ULL,
+    2411661712280539ULL, 1092576199280126ULL, 4328619610718051ULL, 3535440816471627ULL,
+    95182251488556ULL, 1893725512243753ULL, 3619861457111820ULL, 879374960417905ULL,
+    2868056058129113ULL, 273195291893682ULL, 2044797305960112ULL, 2357106853933780ULL,
+    3563112438336058ULL, 2430811541762558ULL, 106443809495428ULL, 2231357633909668ULL,
+    3641705835951936ULL, 80642569314189ULL, 2254841882373268ULL, 149848031966573ULL,
+    2304615661367764ULL, 2410957403736446ULL, 2712754805859804ULL, 2440183877540536ULL,
+    99784623895865ULL, 3667773127482758ULL, 1354899394473308ULL, 3636602998800808ULL,
+    2709296679846364ULL, 7253362091963ULL, 3585950735562744ULL, 935775991758415ULL,
+    4108078106735201ULL, 556081800336307ULL, 229585977163057ULL, 4055594186679801ULL,
+    1767681004944933ULL, 1432634922083242ULL, 534935602949197ULL, 251753159522567ULL,
+    2846474078499321ULL, 4488649590348702ULL, 2437476916025038ULL, 3040577412822874ULL,
+    79405234918614ULL, 3030621226551508ULL, 2801117003929806ULL, 1642927515498422ULL,
+    2802725079726297ULL, 8472780626107ULL, 866068070352655ULL, 188080768545106ULL,
+    2152119998903058ULL, 3391239985029665ULL, 23820026013564ULL, 2965064154891949ULL,
+    1846516097921398ULL, 4418379948133146ULL, 3137755426942400ULL, 47705291301781ULL,
+    4278533051105665ULL, 3453643211214931ULL, 3379734319145156ULL, 3762442192097039ULL,
+    40243003528694ULL, 4063448994211201ULL, 5697015368785ULL, 1006545411838613ULL,
+    4242291693755210ULL, 135184629190512ULL, 264898689131035ULL, 611796474823597ULL,
+    3255382250029089ULL, 3490429246984696ULL, 236558595864362ULL, 2055934691551704ULL,
+    1487711670114502ULL, 1823930698221632ULL, 2130937287438472ULL, 154610053389779ULL,
+    2746573287023216ULL, 2430987262221221ULL, 1668741642878689ULL, 904982541243977ULL,
+    56087343124948ULL, 393905062353536ULL, 412681877350188ULL, 3153602040979977ULL,
+    4466820876224989ULL, 146579165617857ULL, 2628741216508991ULL, 747994231529806ULL,
+    750506569317681ULL, 1887492790748779ULL, 35259008682771ULL, 2085116434894208ULL,
+    543291398921711ULL, 1144362007901552ULL, 679305136036846ULL, 141090902244489ULL,
+    632480954474859ULL, 2384513102652591ULL, 2225529790159790ULL, 692258664851625ULL,
+    198681843567699ULL, 2397092587228181ULL, 145862822166614ULL, 196976540479452ULL,
+    3321831130141455ULL, 69266673089832ULL, 4469644227342284ULL, 3899271145504796ULL,
+    1261890974076660ULL, 525357673886694ULL, 182135997828583ULL, 4292760618810332ULL,
+    3404186545541683ULL, 312297386688768ULL, 204377466824608ULL, 230900767857952ULL,
+    3871485172339693ULL, 779449329662955ULL, 978655822464694ULL, 2278252139594027ULL,
+    104641527040382ULL, 3528840153625765ULL, 4484699080275273ULL, 1463971951102316ULL,
+    4013910812844749ULL, 228915589433620ULL, 1209641433482461ULL, 4043178788774759ULL,
+    3008668238856634ULL, 1448425089071412ULL, 26269719725037ULL, 3330785027545223ULL,
+    852657975349259ULL, 227245054466105ULL, 1534632353984777ULL, 207715098574660ULL,
+    3209837527352280ULL, 4051688046309066ULL, 3839009590725955ULL, 1321506437398842ULL,
+    68340219159928ULL, 1806950276956275ULL, 3923908055275295ULL, 743963253393575ULL,
+    42162407478783ULL, 261334584474610ULL, 3728224928885214ULL, 4004701081842869ULL,
+    709043201644674ULL, 4267294249150171ULL, 255540582975025ULL, 875490593722211ULL,
+    796393708218375ULL, 14774425627956ULL, 1500040516752097ULL, 141076627721678ULL,
+    2634539368480628ULL, 1106488853550103ULL, 2346231921151930ULL, 897108283954283ULL,
+    64616679559843ULL, 400244949840943ULL, 1731263826831733ULL, 1649996579904651ULL,
+    3643693449640761ULL, 172543068638991ULL, 329537981097182ULL, 2029799860802869ULL,
+    4377737515208862ULL, 29103311051334ULL, 265583594111499ULL, 3798074876561255ULL,
+    184749333259352ULL, 3117395073661801ULL, 3695784565008833ULL, 64282709896721ULL,
+    1618968913246422ULL, 3185235128095257ULL, 3288745068118692ULL, 1963818603508782ULL,
+    281054350739495ULL, 1658639050810346ULL, 3061097601679552ULL, 3023781433263746ULL,
+    2770283391242475ULL, 144508864751908ULL, 173576288079856ULL, 46114579547054ULL,
+    1679480127300211ULL, 1683062051644007ULL, 117183826129323ULL, 1894068608117440ULL,
+    3846899838975733ULL, 4289279019496192ULL, 176995887914031ULL, 78074942938713ULL,
+    454207263265292ULL, 972683614054061ULL, 808474205144361ULL, 942703935951735ULL,
+    134460241077887ULL
   };
 
 static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_g_pow2_64_table_w4[240U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)4496295042185355U,
-    (uint64_t)3125448202219451U, (uint64_t)1239608518490046U, (uint64_t)2687445637493112U,
-    (uint64_t)77979604880139U, (uint64_t)3360310474215011U, (uint64_t)1216410458165163U,
-    (uint64_t)177901593587973U, (uint64_t)3209978938104985U, (uint64_t)118285133003718U,
-    (uint64_t)434519962075150U, (uint64_t)1114612377498854U, (uint64_t)3488596944003813U,
-    (uint64_t)450716531072892U, (uint64_t)66044973203836U, (uint64_t)2822827191156652U,
-    (uint64_t)2417714248626059U, (uint64_t)2173117567943U, (uint64_t)961513119252459U,
-    (uint64_t)233852556538333U, (uint64_t)3014783730323962U, (uint64_t)2955192634004574U,
-    (uint64_t)580546524951282U, (uint64_t)2982973948711252U, (uint64_t)226295722018730U,
-    (uint64_t)26457116218543U, (uint64_t)3401523493637663U, (uint64_t)2597746825024790U,
-    (uint64_t)1789211180483113U, (uint64_t)155862365823427U, (uint64_t)4056806876632134U,
-    (uint64_t)1742291745730568U, (uint64_t)3527759000626890U, (uint64_t)3740578471192596U,
-    (uint64_t)177295097700537U, (uint64_t)1533961415657770U, (uint64_t)4305228982382487U,
-    (uint64_t)4069090871282711U, (uint64_t)4090877481646667U, (uint64_t)220939617041498U,
-    (uint64_t)2057548127959588U, (uint64_t)45185623103252U, (uint64_t)2871963270423449U,
-    (uint64_t)3312974792248749U, (uint64_t)8710601879528U, (uint64_t)570612225194540U,
-    (uint64_t)2045632925323972U, (uint64_t)1263913878297555U, (uint64_t)1294592284757719U,
-    (uint64_t)238067747295054U, (uint64_t)1576659948829386U, (uint64_t)2315159636629917U,
-    (uint64_t)3624867787891655U, (uint64_t)647628266663887U, (uint64_t)75788399640253U,
-    (uint64_t)710811707847797U, (uint64_t)130020650130128U, (uint64_t)1975045425972589U,
-    (uint64_t)136351545314094U, (uint64_t)229292031212337U, (uint64_t)1061471455264148U,
-    (uint64_t)3281312694184822U, (uint64_t)1692442293921797U, (uint64_t)4171008525509513U,
-    (uint64_t)275424696197549U, (uint64_t)1170296303921965U, (uint64_t)4154092952807735U,
-    (uint64_t)4371262070870741U, (uint64_t)835769811036496U, (uint64_t)275812646528189U,
-    (uint64_t)4006745785521764U, (uint64_t)1965172239781114U, (uint64_t)4121055644916429U,
-    (uint64_t)3578995380229569U, (uint64_t)169798870760022U, (uint64_t)1834234783016431U,
-    (uint64_t)3186919121688538U, (uint64_t)1894269993170652U, (uint64_t)868603832348691U,
-    (uint64_t)110978471368876U, (uint64_t)1659296605881532U, (uint64_t)3257830829309297U,
-    (uint64_t)3381509832701119U, (uint64_t)4016163121121296U, (uint64_t)265240263496294U,
-    (uint64_t)4411285343933251U, (uint64_t)728746770806400U, (uint64_t)1767819098558739U,
-    (uint64_t)3002081480892841U, (uint64_t)96312133241935U, (uint64_t)468184501392107U,
-    (uint64_t)2061529496271208U, (uint64_t)801565111628867U, (uint64_t)3380678576799273U,
-    (uint64_t)121814978170941U, (uint64_t)3340363319165433U, (uint64_t)2764604325746928U,
-    (uint64_t)4475755976431968U, (uint64_t)3678073419927081U, (uint64_t)237001357924061U,
-    (uint64_t)4110487014553450U, (uint64_t)442517757833404U, (uint64_t)3976758767423859U,
-    (uint64_t)2559863799262476U, (uint64_t)178144664279213U, (uint64_t)2488702171798051U,
-    (uint64_t)4292079598620208U, (uint64_t)1642918280217329U, (uint64_t)3694920319798108U,
-    (uint64_t)111735528281657U, (uint64_t)2904433967156033U, (uint64_t)4391518032143166U,
-    (uint64_t)3018885875516259U, (uint64_t)3730342681447122U, (uint64_t)10320273322750U,
-    (uint64_t)555845881555519U, (uint64_t)58355404017985U, (uint64_t)379009359053696U,
-    (uint64_t)450317203955503U, (uint64_t)271063299686173U, (uint64_t)910340241794202U,
-    (uint64_t)4145234574853890U, (uint64_t)2059755654702755U, (uint64_t)626530377112246U,
-    (uint64_t)188918989156857U, (uint64_t)3316657461542117U, (uint64_t)778033563170765U,
-    (uint64_t)3568562306532187U, (uint64_t)2888619469733481U, (uint64_t)4364919962337U,
-    (uint64_t)4095057288587059U, (uint64_t)2275461355379988U, (uint64_t)1507422995910897U,
-    (uint64_t)3737691697116252U, (uint64_t)28779913258578U, (uint64_t)131453301647952U,
-    (uint64_t)3613515597508469U, (uint64_t)2389606941441321U, (uint64_t)2135459302594806U,
-    (uint64_t)105517262484263U, (uint64_t)2973432939331401U, (uint64_t)3447096622477885U,
-    (uint64_t)684654106536844U, (uint64_t)2815198316729695U, (uint64_t)280303067216071U,
-    (uint64_t)1841014812927024U, (uint64_t)1181026273060917U, (uint64_t)4092989148457730U,
-    (uint64_t)1381045116206278U, (uint64_t)112475725893965U, (uint64_t)2309144740156686U,
-    (uint64_t)1558825847609352U, (uint64_t)2008068002046292U, (uint64_t)3153511625856423U,
-    (uint64_t)38469701427673U, (uint64_t)4240572315518056U, (uint64_t)2295170987320580U,
-    (uint64_t)187734093837094U, (uint64_t)301041528077172U, (uint64_t)234553141005715U,
-    (uint64_t)4170513699279606U, (uint64_t)1600132848196146U, (uint64_t)3149113064155689U,
-    (uint64_t)2733255352600949U, (uint64_t)144915931419495U, (uint64_t)1221012073888926U,
-    (uint64_t)4395668111081710U, (uint64_t)2464799161496070U, (uint64_t)3664256125241313U,
-    (uint64_t)239705368981290U, (uint64_t)1415181408539490U, (uint64_t)2551836620449074U,
-    (uint64_t)3003106895689578U, (uint64_t)968947218886924U, (uint64_t)270781532362673U,
-    (uint64_t)2905980714350372U, (uint64_t)3246927349288975U, (uint64_t)2653377642686974U,
-    (uint64_t)1577457093418263U, (uint64_t)279488238785848U, (uint64_t)568335962564552U,
-    (uint64_t)4251365041645758U, (uint64_t)1257832559776007U, (uint64_t)2424022444243863U,
-    (uint64_t)261166122046343U, (uint64_t)4399874608082116U, (uint64_t)640509987891568U,
-    (uint64_t)3119706885332220U, (uint64_t)1990185416694007U, (uint64_t)119390098529341U,
-    (uint64_t)220106534694050U, (uint64_t)937225880034895U, (uint64_t)656288151358882U,
-    (uint64_t)1766967254772100U, (uint64_t)197900790969750U, (uint64_t)2992539221608875U,
-    (uint64_t)3960297171111858U, (uint64_t)3499202002925081U, (uint64_t)1103060980924705U,
-    (uint64_t)13670895919578U, (uint64_t)430132744187721U, (uint64_t)1206771838050953U,
-    (uint64_t)2474749300167198U, (uint64_t)296299539510780U, (uint64_t)61565517686436U,
-    (uint64_t)752778559080573U, (uint64_t)3049015829565410U, (uint64_t)3538647632527371U,
-    (uint64_t)1640473028662032U, (uint64_t)182488721849306U, (uint64_t)1234378482161516U,
-    (uint64_t)3736205988606381U, (uint64_t)2814216844344487U, (uint64_t)3877249891529557U,
-    (uint64_t)51681412928433U, (uint64_t)4275336620301239U, (uint64_t)3084074032750651U,
-    (uint64_t)42732308350456U, (uint64_t)3648603591552229U, (uint64_t)142450621701603U,
-    (uint64_t)4020045475009854U, (uint64_t)1050293952073054U, (uint64_t)1974773673079851U,
-    (uint64_t)1815515638724020U, (uint64_t)104845375825434U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    4496295042185355ULL, 3125448202219451ULL, 1239608518490046ULL, 2687445637493112ULL,
+    77979604880139ULL, 3360310474215011ULL, 1216410458165163ULL, 177901593587973ULL,
+    3209978938104985ULL, 118285133003718ULL, 434519962075150ULL, 1114612377498854ULL,
+    3488596944003813ULL, 450716531072892ULL, 66044973203836ULL, 2822827191156652ULL,
+    2417714248626059ULL, 2173117567943ULL, 961513119252459ULL, 233852556538333ULL,
+    3014783730323962ULL, 2955192634004574ULL, 580546524951282ULL, 2982973948711252ULL,
+    226295722018730ULL, 26457116218543ULL, 3401523493637663ULL, 2597746825024790ULL,
+    1789211180483113ULL, 155862365823427ULL, 4056806876632134ULL, 1742291745730568ULL,
+    3527759000626890ULL, 3740578471192596ULL, 177295097700537ULL, 1533961415657770ULL,
+    4305228982382487ULL, 4069090871282711ULL, 4090877481646667ULL, 220939617041498ULL,
+    2057548127959588ULL, 45185623103252ULL, 2871963270423449ULL, 3312974792248749ULL,
+    8710601879528ULL, 570612225194540ULL, 2045632925323972ULL, 1263913878297555ULL,
+    1294592284757719ULL, 238067747295054ULL, 1576659948829386ULL, 2315159636629917ULL,
+    3624867787891655ULL, 647628266663887ULL, 75788399640253ULL, 710811707847797ULL,
+    130020650130128ULL, 1975045425972589ULL, 136351545314094ULL, 229292031212337ULL,
+    1061471455264148ULL, 3281312694184822ULL, 1692442293921797ULL, 4171008525509513ULL,
+    275424696197549ULL, 1170296303921965ULL, 4154092952807735ULL, 4371262070870741ULL,
+    835769811036496ULL, 275812646528189ULL, 4006745785521764ULL, 1965172239781114ULL,
+    4121055644916429ULL, 3578995380229569ULL, 169798870760022ULL, 1834234783016431ULL,
+    3186919121688538ULL, 1894269993170652ULL, 868603832348691ULL, 110978471368876ULL,
+    1659296605881532ULL, 3257830829309297ULL, 3381509832701119ULL, 4016163121121296ULL,
+    265240263496294ULL, 4411285343933251ULL, 728746770806400ULL, 1767819098558739ULL,
+    3002081480892841ULL, 96312133241935ULL, 468184501392107ULL, 2061529496271208ULL,
+    801565111628867ULL, 3380678576799273ULL, 121814978170941ULL, 3340363319165433ULL,
+    2764604325746928ULL, 4475755976431968ULL, 3678073419927081ULL, 237001357924061ULL,
+    4110487014553450ULL, 442517757833404ULL, 3976758767423859ULL, 2559863799262476ULL,
+    178144664279213ULL, 2488702171798051ULL, 4292079598620208ULL, 1642918280217329ULL,
+    3694920319798108ULL, 111735528281657ULL, 2904433967156033ULL, 4391518032143166ULL,
+    3018885875516259ULL, 3730342681447122ULL, 10320273322750ULL, 555845881555519ULL,
+    58355404017985ULL, 379009359053696ULL, 450317203955503ULL, 271063299686173ULL,
+    910340241794202ULL, 4145234574853890ULL, 2059755654702755ULL, 626530377112246ULL,
+    188918989156857ULL, 3316657461542117ULL, 778033563170765ULL, 3568562306532187ULL,
+    2888619469733481ULL, 4364919962337ULL, 4095057288587059ULL, 2275461355379988ULL,
+    1507422995910897ULL, 3737691697116252ULL, 28779913258578ULL, 131453301647952ULL,
+    3613515597508469ULL, 2389606941441321ULL, 2135459302594806ULL, 105517262484263ULL,
+    2973432939331401ULL, 3447096622477885ULL, 684654106536844ULL, 2815198316729695ULL,
+    280303067216071ULL, 1841014812927024ULL, 1181026273060917ULL, 4092989148457730ULL,
+    1381045116206278ULL, 112475725893965ULL, 2309144740156686ULL, 1558825847609352ULL,
+    2008068002046292ULL, 3153511625856423ULL, 38469701427673ULL, 4240572315518056ULL,
+    2295170987320580ULL, 187734093837094ULL, 301041528077172ULL, 234553141005715ULL,
+    4170513699279606ULL, 1600132848196146ULL, 3149113064155689ULL, 2733255352600949ULL,
+    144915931419495ULL, 1221012073888926ULL, 4395668111081710ULL, 2464799161496070ULL,
+    3664256125241313ULL, 239705368981290ULL, 1415181408539490ULL, 2551836620449074ULL,
+    3003106895689578ULL, 968947218886924ULL, 270781532362673ULL, 2905980714350372ULL,
+    3246927349288975ULL, 2653377642686974ULL, 1577457093418263ULL, 279488238785848ULL,
+    568335962564552ULL, 4251365041645758ULL, 1257832559776007ULL, 2424022444243863ULL,
+    261166122046343ULL, 4399874608082116ULL, 640509987891568ULL, 3119706885332220ULL,
+    1990185416694007ULL, 119390098529341ULL, 220106534694050ULL, 937225880034895ULL,
+    656288151358882ULL, 1766967254772100ULL, 197900790969750ULL, 2992539221608875ULL,
+    3960297171111858ULL, 3499202002925081ULL, 1103060980924705ULL, 13670895919578ULL,
+    430132744187721ULL, 1206771838050953ULL, 2474749300167198ULL, 296299539510780ULL,
+    61565517686436ULL, 752778559080573ULL, 3049015829565410ULL, 3538647632527371ULL,
+    1640473028662032ULL, 182488721849306ULL, 1234378482161516ULL, 3736205988606381ULL,
+    2814216844344487ULL, 3877249891529557ULL, 51681412928433ULL, 4275336620301239ULL,
+    3084074032750651ULL, 42732308350456ULL, 3648603591552229ULL, 142450621701603ULL,
+    4020045475009854ULL, 1050293952073054ULL, 1974773673079851ULL, 1815515638724020ULL,
+    104845375825434ULL
   };
 
 static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_g_pow2_128_table_w4[240U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1277614565900951U,
-    (uint64_t)378671684419493U, (uint64_t)3176260448102880U, (uint64_t)1575691435565077U,
-    (uint64_t)167304528382180U, (uint64_t)2600787765776588U, (uint64_t)7497946149293U,
-    (uint64_t)2184272641272202U, (uint64_t)2200235265236628U, (uint64_t)265969268774814U,
-    (uint64_t)1913228635640715U, (uint64_t)2831959046949342U, (uint64_t)888030405442963U,
-    (uint64_t)1817092932985033U, (uint64_t)101515844997121U, (uint64_t)3309468394859588U,
-    (uint64_t)3965334773689948U, (uint64_t)1945272965790738U, (uint64_t)4450939211427964U,
-    (uint64_t)211349698782702U, (uint64_t)2085160302160079U, (uint64_t)212812506072603U,
-    (uint64_t)3646122434511764U, (uint64_t)1711405092320514U, (uint64_t)95160920508464U,
-    (uint64_t)1677683368518073U, (uint64_t)4384656939250953U, (uint64_t)3548591046529893U,
-    (uint64_t)1683233536091384U, (uint64_t)105919586159941U, (uint64_t)1941416002726455U,
-    (uint64_t)246264372248216U, (uint64_t)3063044110922228U, (uint64_t)3772292170415825U,
-    (uint64_t)222933374989815U, (uint64_t)2417211163452935U, (uint64_t)2018230365573200U,
-    (uint64_t)1985974538911047U, (uint64_t)1387197705332739U, (uint64_t)186400825584956U,
-    (uint64_t)2469330487750329U, (uint64_t)1291983813301638U, (uint64_t)333416733706302U,
-    (uint64_t)3413315564261070U, (uint64_t)189444777569683U, (uint64_t)1062005622360420U,
-    (uint64_t)1800197715938740U, (uint64_t)3693110992551647U, (uint64_t)626990328941945U,
-    (uint64_t)40998857100520U, (uint64_t)3921983552805085U, (uint64_t)1016632437340656U,
-    (uint64_t)4016615929950878U, (uint64_t)2682554586771281U, (uint64_t)7043555162389U,
-    (uint64_t)3333819830676567U, (uint64_t)4120091964944036U, (uint64_t)1960788263484015U,
-    (uint64_t)1642145656273304U, (uint64_t)252814075789128U, (uint64_t)3085777342821357U,
-    (uint64_t)4166637997604052U, (uint64_t)1339401689756469U, (uint64_t)845938529607551U,
-    (uint64_t)223351828189283U, (uint64_t)1148648705186890U, (uint64_t)1230525014760605U,
-    (uint64_t)1869739475126720U, (uint64_t)4193966261205530U, (uint64_t)175684010336013U,
-    (uint64_t)4476719358931508U, (uint64_t)4209547487457638U, (uint64_t)2197536411673724U,
-    (uint64_t)3010838433412303U, (uint64_t)169318997251483U, (uint64_t)49493868302162U,
-    (uint64_t)3594601099078584U, (uint64_t)3662420905445942U, (uint64_t)3606544932233685U,
-    (uint64_t)270643652662165U, (uint64_t)180681786228544U, (uint64_t)2095882682308564U,
-    (uint64_t)813484483841391U, (uint64_t)1622665392824698U, (uint64_t)113821770225137U,
-    (uint64_t)3075432444115417U, (uint64_t)716502989978722U, (uint64_t)2304779892217245U,
-    (uint64_t)1760144151770127U, (uint64_t)235719156963938U, (uint64_t)3180013070471143U,
-    (uint64_t)1331027634540579U, (uint64_t)552273022992392U, (uint64_t)2858693077461887U,
-    (uint64_t)197914407731510U, (uint64_t)187252310910959U, (uint64_t)4160637171377125U,
-    (uint64_t)3225059526713298U, (uint64_t)2574558217383978U, (uint64_t)249695600622489U,
-    (uint64_t)364988742814327U, (uint64_t)4245298536326258U, (uint64_t)1812464706589342U,
-    (uint64_t)2734857123772998U, (uint64_t)120105577124628U, (uint64_t)160179251271109U,
-    (uint64_t)3604555733307834U, (uint64_t)150380003195715U, (uint64_t)1574304909935121U,
-    (uint64_t)142190285600761U, (uint64_t)1835385847725651U, (uint64_t)3168087139615901U,
-    (uint64_t)3201434861713736U, (uint64_t)741757984537760U, (uint64_t)163585009419543U,
-    (uint64_t)3837997981109783U, (uint64_t)3771946407870997U, (uint64_t)2867641360295452U,
-    (uint64_t)3097548691501578U, (uint64_t)124624912142104U, (uint64_t)2729896088769328U,
-    (uint64_t)1087786827035225U, (uint64_t)3934000813818614U, (uint64_t)1176792318645055U,
-    (uint64_t)125311882169270U, (uint64_t)3530709439299502U, (uint64_t)1561477829834527U,
-    (uint64_t)3927894570196761U, (uint64_t)3957765307669212U, (uint64_t)105720519513730U,
-    (uint64_t)3758969845816997U, (uint64_t)2738320452287300U, (uint64_t)2380753632109507U,
-    (uint64_t)2762090901149075U, (uint64_t)123455059136515U, (uint64_t)4222807813169807U,
-    (uint64_t)118064783651432U, (uint64_t)2877694712254934U, (uint64_t)3535027426396448U,
-    (uint64_t)100175663703417U, (uint64_t)3287921121213155U, (uint64_t)4497246481824206U,
-    (uint64_t)1960809949007025U, (uint64_t)3236854264159102U, (uint64_t)35028112623717U,
-    (uint64_t)338838627913273U, (uint64_t)2827531947914645U, (uint64_t)4231826783810670U,
-    (uint64_t)1082490106100389U, (uint64_t)13267544387448U, (uint64_t)4249975884259105U,
-    (uint64_t)2844862161652484U, (uint64_t)262742197948971U, (uint64_t)3525653802457116U,
-    (uint64_t)269963889261701U, (uint64_t)3690062482117102U, (uint64_t)675413453822147U,
-    (uint64_t)2170937868437574U, (uint64_t)2367632187022010U, (uint64_t)214032802409445U,
-    (uint64_t)2054007379612477U, (uint64_t)3558050826739009U, (uint64_t)266827184752634U,
-    (uint64_t)1946520293291195U, (uint64_t)238087872386556U, (uint64_t)490056555385700U,
-    (uint64_t)794405769357386U, (uint64_t)3886901294859702U, (uint64_t)3120414548626348U,
-    (uint64_t)84316625221136U, (uint64_t)223073962531835U, (uint64_t)4280846460577631U,
-    (uint64_t)344296282849308U, (uint64_t)3522116652699457U, (uint64_t)171817232053075U,
-    (uint64_t)3296636283062273U, (uint64_t)3587303364425579U, (uint64_t)1033485783633331U,
-    (uint64_t)3686984130812906U, (uint64_t)268290803650477U, (uint64_t)2803988215834467U,
-    (uint64_t)3821246410529720U, (uint64_t)1077722388925870U, (uint64_t)4187137036866164U,
-    (uint64_t)104696540795905U, (uint64_t)998770003854764U, (uint64_t)3960768137535019U,
-    (uint64_t)4293792474919135U, (uint64_t)3251297981727034U, (uint64_t)192479028790101U,
-    (uint64_t)1175880869349935U, (uint64_t)3506949259311937U, (uint64_t)2161711516160714U,
-    (uint64_t)2506820922270187U, (uint64_t)131002200661047U, (uint64_t)3532399477339994U,
-    (uint64_t)2515815721228719U, (uint64_t)4274974119021502U, (uint64_t)265752394510924U,
-    (uint64_t)163144272153395U, (uint64_t)2824260010502991U, (uint64_t)517077012665142U,
-    (uint64_t)602987073882924U, (uint64_t)2939630061751780U, (uint64_t)59211609557440U,
-    (uint64_t)963423614549333U, (uint64_t)495476232754434U, (uint64_t)94274496109103U,
-    (uint64_t)2245136222990187U, (uint64_t)185414764872288U, (uint64_t)2266067668609289U,
-    (uint64_t)3873978896235927U, (uint64_t)4428283513152105U, (uint64_t)3881481480259312U,
-    (uint64_t)207746202010862U, (uint64_t)1609437858011364U, (uint64_t)477585758421515U,
-    (uint64_t)3850430788664649U, (uint64_t)2682299074459173U, (uint64_t)149439089751274U,
-    (uint64_t)3665760243877698U, (uint64_t)1356661512658931U, (uint64_t)1675903262368322U,
-    (uint64_t)3355649228050892U, (uint64_t)99772108898412U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    1277614565900951ULL, 378671684419493ULL, 3176260448102880ULL, 1575691435565077ULL,
+    167304528382180ULL, 2600787765776588ULL, 7497946149293ULL, 2184272641272202ULL,
+    2200235265236628ULL, 265969268774814ULL, 1913228635640715ULL, 2831959046949342ULL,
+    888030405442963ULL, 1817092932985033ULL, 101515844997121ULL, 3309468394859588ULL,
+    3965334773689948ULL, 1945272965790738ULL, 4450939211427964ULL, 211349698782702ULL,
+    2085160302160079ULL, 212812506072603ULL, 3646122434511764ULL, 1711405092320514ULL,
+    95160920508464ULL, 1677683368518073ULL, 4384656939250953ULL, 3548591046529893ULL,
+    1683233536091384ULL, 105919586159941ULL, 1941416002726455ULL, 246264372248216ULL,
+    3063044110922228ULL, 3772292170415825ULL, 222933374989815ULL, 2417211163452935ULL,
+    2018230365573200ULL, 1985974538911047ULL, 1387197705332739ULL, 186400825584956ULL,
+    2469330487750329ULL, 1291983813301638ULL, 333416733706302ULL, 3413315564261070ULL,
+    189444777569683ULL, 1062005622360420ULL, 1800197715938740ULL, 3693110992551647ULL,
+    626990328941945ULL, 40998857100520ULL, 3921983552805085ULL, 1016632437340656ULL,
+    4016615929950878ULL, 2682554586771281ULL, 7043555162389ULL, 3333819830676567ULL,
+    4120091964944036ULL, 1960788263484015ULL, 1642145656273304ULL, 252814075789128ULL,
+    3085777342821357ULL, 4166637997604052ULL, 1339401689756469ULL, 845938529607551ULL,
+    223351828189283ULL, 1148648705186890ULL, 1230525014760605ULL, 1869739475126720ULL,
+    4193966261205530ULL, 175684010336013ULL, 4476719358931508ULL, 4209547487457638ULL,
+    2197536411673724ULL, 3010838433412303ULL, 169318997251483ULL, 49493868302162ULL,
+    3594601099078584ULL, 3662420905445942ULL, 3606544932233685ULL, 270643652662165ULL,
+    180681786228544ULL, 2095882682308564ULL, 813484483841391ULL, 1622665392824698ULL,
+    113821770225137ULL, 3075432444115417ULL, 716502989978722ULL, 2304779892217245ULL,
+    1760144151770127ULL, 235719156963938ULL, 3180013070471143ULL, 1331027634540579ULL,
+    552273022992392ULL, 2858693077461887ULL, 197914407731510ULL, 187252310910959ULL,
+    4160637171377125ULL, 3225059526713298ULL, 2574558217383978ULL, 249695600622489ULL,
+    364988742814327ULL, 4245298536326258ULL, 1812464706589342ULL, 2734857123772998ULL,
+    120105577124628ULL, 160179251271109ULL, 3604555733307834ULL, 150380003195715ULL,
+    1574304909935121ULL, 142190285600761ULL, 1835385847725651ULL, 3168087139615901ULL,
+    3201434861713736ULL, 741757984537760ULL, 163585009419543ULL, 3837997981109783ULL,
+    3771946407870997ULL, 2867641360295452ULL, 3097548691501578ULL, 124624912142104ULL,
+    2729896088769328ULL, 1087786827035225ULL, 3934000813818614ULL, 1176792318645055ULL,
+    125311882169270ULL, 3530709439299502ULL, 1561477829834527ULL, 3927894570196761ULL,
+    3957765307669212ULL, 105720519513730ULL, 3758969845816997ULL, 2738320452287300ULL,
+    2380753632109507ULL, 2762090901149075ULL, 123455059136515ULL, 4222807813169807ULL,
+    118064783651432ULL, 2877694712254934ULL, 3535027426396448ULL, 100175663703417ULL,
+    3287921121213155ULL, 4497246481824206ULL, 1960809949007025ULL, 3236854264159102ULL,
+    35028112623717ULL, 338838627913273ULL, 2827531947914645ULL, 4231826783810670ULL,
+    1082490106100389ULL, 13267544387448ULL, 4249975884259105ULL, 2844862161652484ULL,
+    262742197948971ULL, 3525653802457116ULL, 269963889261701ULL, 3690062482117102ULL,
+    675413453822147ULL, 2170937868437574ULL, 2367632187022010ULL, 214032802409445ULL,
+    2054007379612477ULL, 3558050826739009ULL, 266827184752634ULL, 1946520293291195ULL,
+    238087872386556ULL, 490056555385700ULL, 794405769357386ULL, 3886901294859702ULL,
+    3120414548626348ULL, 84316625221136ULL, 223073962531835ULL, 4280846460577631ULL,
+    344296282849308ULL, 3522116652699457ULL, 171817232053075ULL, 3296636283062273ULL,
+    3587303364425579ULL, 1033485783633331ULL, 3686984130812906ULL, 268290803650477ULL,
+    2803988215834467ULL, 3821246410529720ULL, 1077722388925870ULL, 4187137036866164ULL,
+    104696540795905ULL, 998770003854764ULL, 3960768137535019ULL, 4293792474919135ULL,
+    3251297981727034ULL, 192479028790101ULL, 1175880869349935ULL, 3506949259311937ULL,
+    2161711516160714ULL, 2506820922270187ULL, 131002200661047ULL, 3532399477339994ULL,
+    2515815721228719ULL, 4274974119021502ULL, 265752394510924ULL, 163144272153395ULL,
+    2824260010502991ULL, 517077012665142ULL, 602987073882924ULL, 2939630061751780ULL,
+    59211609557440ULL, 963423614549333ULL, 495476232754434ULL, 94274496109103ULL,
+    2245136222990187ULL, 185414764872288ULL, 2266067668609289ULL, 3873978896235927ULL,
+    4428283513152105ULL, 3881481480259312ULL, 207746202010862ULL, 1609437858011364ULL,
+    477585758421515ULL, 3850430788664649ULL, 2682299074459173ULL, 149439089751274ULL,
+    3665760243877698ULL, 1356661512658931ULL, 1675903262368322ULL, 3355649228050892ULL,
+    99772108898412ULL
   };
 
 static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_g_pow2_192_table_w4[240U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)34056422761564U,
-    (uint64_t)3315864838337811U, (uint64_t)3797032336888745U, (uint64_t)2580641850480806U,
-    (uint64_t)208048944042500U, (uint64_t)1233795288689421U, (uint64_t)1048795233382631U,
-    (uint64_t)646545158071530U, (uint64_t)1816025742137285U, (uint64_t)12245672982162U,
-    (uint64_t)2119364213800870U, (uint64_t)2034960311715107U, (uint64_t)3172697815804487U,
-    (uint64_t)4185144850224160U, (uint64_t)2792055915674U, (uint64_t)795534452139321U,
-    (uint64_t)3647836177838185U, (uint64_t)2681403398797991U, (uint64_t)3149264270306207U,
-    (uint64_t)278704080615511U, (uint64_t)2752552368344718U, (uint64_t)1363840972378818U,
-    (uint64_t)1877521512083293U, (uint64_t)1862111388059470U, (uint64_t)36200324115014U,
-    (uint64_t)4183622899327217U, (uint64_t)747381675363076U, (uint64_t)2772916395314624U,
-    (uint64_t)833767013119965U, (uint64_t)246274452928088U, (uint64_t)1526238021297781U,
-    (uint64_t)3327534966022747U, (uint64_t)1169012581910517U, (uint64_t)4430894603030025U,
-    (uint64_t)149242742442115U, (uint64_t)1002569704307172U, (uint64_t)2763252093432365U,
-    (uint64_t)3037748497732938U, (uint64_t)2329811173939457U, (uint64_t)270769113180752U,
-    (uint64_t)4344092461623432U, (uint64_t)892200524589382U, (uint64_t)2511418516713970U,
-    (uint64_t)103575031265398U, (uint64_t)183736033430252U, (uint64_t)583003071257308U,
-    (uint64_t)3357167344738425U, (uint64_t)4038099763242651U, (uint64_t)1776250620957255U,
-    (uint64_t)51334115864192U, (uint64_t)2616405698969611U, (uint64_t)1196364755910565U,
-    (uint64_t)3135228056210500U, (uint64_t)533729417611761U, (uint64_t)86564351229326U,
-    (uint64_t)98936129527281U, (uint64_t)4425305036630677U, (uint64_t)2980296390253408U,
-    (uint64_t)2487091677325739U, (uint64_t)10501977234280U, (uint64_t)1805646499831077U,
-    (uint64_t)3120615962395477U, (uint64_t)3634629685307533U, (uint64_t)3009632755291436U,
-    (uint64_t)16794051906523U, (uint64_t)2465481597883214U, (uint64_t)211492787490403U,
-    (uint64_t)1120942867046103U, (uint64_t)486438308572108U, (uint64_t)76058986271771U,
-    (uint64_t)2435216584587357U, (uint64_t)3076359381968283U, (uint64_t)1071594491489655U,
-    (uint64_t)3148707450339154U, (uint64_t)249332205737851U, (uint64_t)4171051176626809U,
-    (uint64_t)3165176227956388U, (uint64_t)2400901591835233U, (uint64_t)1435783621333022U,
-    (uint64_t)20312753440321U, (uint64_t)1767293887448005U, (uint64_t)685150647587522U,
-    (uint64_t)2957187934449906U, (uint64_t)382661319140439U, (uint64_t)177583591139601U,
-    (uint64_t)2083572648630743U, (uint64_t)1083410277889419U, (uint64_t)4267902097868310U,
-    (uint64_t)679989918385081U, (uint64_t)123155311554032U, (uint64_t)2830267662472020U,
-    (uint64_t)4476040509735924U, (uint64_t)526697201585144U, (uint64_t)3465306430573135U,
-    (uint64_t)2296616218591U, (uint64_t)1270626872734279U, (uint64_t)1049740198790549U,
-    (uint64_t)4197567214843444U, (uint64_t)1962225231320591U, (uint64_t)186125026796856U,
-    (uint64_t)737027567341142U, (uint64_t)4364616098174U, (uint64_t)3618884818756660U,
-    (uint64_t)1236837563717668U, (uint64_t)162873772439548U, (uint64_t)3081542470065122U,
-    (uint64_t)910331750163991U, (uint64_t)2110498143869827U, (uint64_t)3208473121852657U,
-    (uint64_t)94687786224509U, (uint64_t)4113309027567819U, (uint64_t)4272179438357536U,
-    (uint64_t)1857418654076140U, (uint64_t)1672678841741004U, (uint64_t)94482160248411U,
-    (uint64_t)1928652436799020U, (uint64_t)1750866462381515U, (uint64_t)4048060485672270U,
-    (uint64_t)4006680581258587U, (uint64_t)14850434761312U, (uint64_t)2828734997081648U,
-    (uint64_t)1975589525873972U, (uint64_t)3724347738416009U, (uint64_t)597163266689736U,
-    (uint64_t)14568362978551U, (uint64_t)2203865455839744U, (uint64_t)2237034958890595U,
-    (uint64_t)1863572986731818U, (uint64_t)2329774560279041U, (uint64_t)245105447642201U,
-    (uint64_t)2179697447864822U, (uint64_t)1769609498189882U, (uint64_t)1916950746430931U,
-    (uint64_t)847019613787312U, (uint64_t)163210606565100U, (uint64_t)3658248417400062U,
-    (uint64_t)717138296045881U, (uint64_t)42531212306121U, (uint64_t)1040915917097532U,
-    (uint64_t)77364489101310U, (uint64_t)539253504015590U, (uint64_t)732690726289841U,
-    (uint64_t)3401622034697806U, (uint64_t)2864593278358513U, (uint64_t)142611941887017U,
-    (uint64_t)536364617506702U, (uint64_t)845071859974284U, (uint64_t)4461787417089721U,
-    (uint64_t)2633811871939723U, (uint64_t)113619731985610U, (uint64_t)2535870015489566U,
-    (uint64_t)2146224665077830U, (uint64_t)2593725534662047U, (uint64_t)1332349537449710U,
-    (uint64_t)153375287068096U, (uint64_t)3689977177165276U, (uint64_t)3631865615314120U,
-    (uint64_t)184644878348929U, (uint64_t)2220481726602813U, (uint64_t)204002551273091U,
-    (uint64_t)3022560051766785U, (uint64_t)3125940458001213U, (uint64_t)4258299086906325U,
-    (uint64_t)1072471915162030U, (uint64_t)2797562724530U, (uint64_t)3974298156223059U,
-    (uint64_t)1624778551002554U, (uint64_t)3490703864485971U, (uint64_t)2533877484212458U,
-    (uint64_t)176107782538555U, (uint64_t)4275987398312137U, (uint64_t)4397120757693722U,
-    (uint64_t)3001292763847390U, (uint64_t)1556490837621310U, (uint64_t)70442953037671U,
-    (uint64_t)1558915972545974U, (uint64_t)744724505252845U, (uint64_t)2697230204313363U,
-    (uint64_t)3495671924212144U, (uint64_t)95744296878924U, (uint64_t)1508848630912047U,
-    (uint64_t)4163599342850968U, (uint64_t)1234988733935901U, (uint64_t)3789722472212706U,
-    (uint64_t)219522007052022U, (uint64_t)2106597506701262U, (uint64_t)3231115099832239U,
-    (uint64_t)1296436890593905U, (uint64_t)1016795619587656U, (uint64_t)231150565033388U,
-    (uint64_t)4205501688458754U, (uint64_t)2271569140386062U, (uint64_t)3421769599058157U,
-    (uint64_t)4118408853784554U, (uint64_t)276709341465173U, (uint64_t)2681340614854362U,
-    (uint64_t)2514413365628788U, (uint64_t)62294545067341U, (uint64_t)277610220069365U,
-    (uint64_t)252463150123799U, (uint64_t)2547353593759399U, (uint64_t)1857438147448607U,
-    (uint64_t)2964811969681256U, (uint64_t)3303706463835387U, (uint64_t)248936570980853U,
-    (uint64_t)3208982702478009U, (uint64_t)2518671051730787U, (uint64_t)727433853033835U,
-    (uint64_t)1290389308223446U, (uint64_t)220742793981035U, (uint64_t)3851225361654709U,
-    (uint64_t)2307489307934273U, (uint64_t)1151710489948266U, (uint64_t)289775285210516U,
-    (uint64_t)222685002397295U, (uint64_t)1222117478082108U, (uint64_t)2822029169395728U,
-    (uint64_t)1172146252219882U, (uint64_t)2626108105510259U, (uint64_t)209803527887167U,
-    (uint64_t)2718831919953281U, (uint64_t)4348638387588593U, (uint64_t)3761438313263183U,
-    (uint64_t)13169515318095U, (uint64_t)212893621229476U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    34056422761564ULL, 3315864838337811ULL, 3797032336888745ULL, 2580641850480806ULL,
+    208048944042500ULL, 1233795288689421ULL, 1048795233382631ULL, 646545158071530ULL,
+    1816025742137285ULL, 12245672982162ULL, 2119364213800870ULL, 2034960311715107ULL,
+    3172697815804487ULL, 4185144850224160ULL, 2792055915674ULL, 795534452139321ULL,
+    3647836177838185ULL, 2681403398797991ULL, 3149264270306207ULL, 278704080615511ULL,
+    2752552368344718ULL, 1363840972378818ULL, 1877521512083293ULL, 1862111388059470ULL,
+    36200324115014ULL, 4183622899327217ULL, 747381675363076ULL, 2772916395314624ULL,
+    833767013119965ULL, 246274452928088ULL, 1526238021297781ULL, 3327534966022747ULL,
+    1169012581910517ULL, 4430894603030025ULL, 149242742442115ULL, 1002569704307172ULL,
+    2763252093432365ULL, 3037748497732938ULL, 2329811173939457ULL, 270769113180752ULL,
+    4344092461623432ULL, 892200524589382ULL, 2511418516713970ULL, 103575031265398ULL,
+    183736033430252ULL, 583003071257308ULL, 3357167344738425ULL, 4038099763242651ULL,
+    1776250620957255ULL, 51334115864192ULL, 2616405698969611ULL, 1196364755910565ULL,
+    3135228056210500ULL, 533729417611761ULL, 86564351229326ULL, 98936129527281ULL,
+    4425305036630677ULL, 2980296390253408ULL, 2487091677325739ULL, 10501977234280ULL,
+    1805646499831077ULL, 3120615962395477ULL, 3634629685307533ULL, 3009632755291436ULL,
+    16794051906523ULL, 2465481597883214ULL, 211492787490403ULL, 1120942867046103ULL,
+    486438308572108ULL, 76058986271771ULL, 2435216584587357ULL, 3076359381968283ULL,
+    1071594491489655ULL, 3148707450339154ULL, 249332205737851ULL, 4171051176626809ULL,
+    3165176227956388ULL, 2400901591835233ULL, 1435783621333022ULL, 20312753440321ULL,
+    1767293887448005ULL, 685150647587522ULL, 2957187934449906ULL, 382661319140439ULL,
+    177583591139601ULL, 2083572648630743ULL, 1083410277889419ULL, 4267902097868310ULL,
+    679989918385081ULL, 123155311554032ULL, 2830267662472020ULL, 4476040509735924ULL,
+    526697201585144ULL, 3465306430573135ULL, 2296616218591ULL, 1270626872734279ULL,
+    1049740198790549ULL, 4197567214843444ULL, 1962225231320591ULL, 186125026796856ULL,
+    737027567341142ULL, 4364616098174ULL, 3618884818756660ULL, 1236837563717668ULL,
+    162873772439548ULL, 3081542470065122ULL, 910331750163991ULL, 2110498143869827ULL,
+    3208473121852657ULL, 94687786224509ULL, 4113309027567819ULL, 4272179438357536ULL,
+    1857418654076140ULL, 1672678841741004ULL, 94482160248411ULL, 1928652436799020ULL,
+    1750866462381515ULL, 4048060485672270ULL, 4006680581258587ULL, 14850434761312ULL,
+    2828734997081648ULL, 1975589525873972ULL, 3724347738416009ULL, 597163266689736ULL,
+    14568362978551ULL, 2203865455839744ULL, 2237034958890595ULL, 1863572986731818ULL,
+    2329774560279041ULL, 245105447642201ULL, 2179697447864822ULL, 1769609498189882ULL,
+    1916950746430931ULL, 847019613787312ULL, 163210606565100ULL, 3658248417400062ULL,
+    717138296045881ULL, 42531212306121ULL, 1040915917097532ULL, 77364489101310ULL,
+    539253504015590ULL, 732690726289841ULL, 3401622034697806ULL, 2864593278358513ULL,
+    142611941887017ULL, 536364617506702ULL, 845071859974284ULL, 4461787417089721ULL,
+    2633811871939723ULL, 113619731985610ULL, 2535870015489566ULL, 2146224665077830ULL,
+    2593725534662047ULL, 1332349537449710ULL, 153375287068096ULL, 3689977177165276ULL,
+    3631865615314120ULL, 184644878348929ULL, 2220481726602813ULL, 204002551273091ULL,
+    3022560051766785ULL, 3125940458001213ULL, 4258299086906325ULL, 1072471915162030ULL,
+    2797562724530ULL, 3974298156223059ULL, 1624778551002554ULL, 3490703864485971ULL,
+    2533877484212458ULL, 176107782538555ULL, 4275987398312137ULL, 4397120757693722ULL,
+    3001292763847390ULL, 1556490837621310ULL, 70442953037671ULL, 1558915972545974ULL,
+    744724505252845ULL, 2697230204313363ULL, 3495671924212144ULL, 95744296878924ULL,
+    1508848630912047ULL, 4163599342850968ULL, 1234988733935901ULL, 3789722472212706ULL,
+    219522007052022ULL, 2106597506701262ULL, 3231115099832239ULL, 1296436890593905ULL,
+    1016795619587656ULL, 231150565033388ULL, 4205501688458754ULL, 2271569140386062ULL,
+    3421769599058157ULL, 4118408853784554ULL, 276709341465173ULL, 2681340614854362ULL,
+    2514413365628788ULL, 62294545067341ULL, 277610220069365ULL, 252463150123799ULL,
+    2547353593759399ULL, 1857438147448607ULL, 2964811969681256ULL, 3303706463835387ULL,
+    248936570980853ULL, 3208982702478009ULL, 2518671051730787ULL, 727433853033835ULL,
+    1290389308223446ULL, 220742793981035ULL, 3851225361654709ULL, 2307489307934273ULL,
+    1151710489948266ULL, 289775285210516ULL, 222685002397295ULL, 1222117478082108ULL,
+    2822029169395728ULL, 1172146252219882ULL, 2626108105510259ULL, 209803527887167ULL,
+    2718831919953281ULL, 4348638387588593ULL, 3761438313263183ULL, 13169515318095ULL,
+    212893621229476ULL
   };
 
 static const
 uint64_t
 Hacl_K256_PrecompTable_precomp_basepoint_table_w5[480U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)705178180786072U,
-    (uint64_t)3855836460717471U, (uint64_t)4089131105950716U, (uint64_t)3301581525494108U,
-    (uint64_t)133858670344668U, (uint64_t)2199641648059576U, (uint64_t)1278080618437060U,
-    (uint64_t)3959378566518708U, (uint64_t)3455034269351872U, (uint64_t)79417610544803U,
-    (uint64_t)1U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U,
-    (uint64_t)1282049064345544U, (uint64_t)971732600440099U, (uint64_t)1014594595727339U,
-    (uint64_t)4392159187541980U, (uint64_t)268327875692285U, (uint64_t)2411661712280539U,
-    (uint64_t)1092576199280126U, (uint64_t)4328619610718051U, (uint64_t)3535440816471627U,
-    (uint64_t)95182251488556U, (uint64_t)1893725512243753U, (uint64_t)3619861457111820U,
-    (uint64_t)879374960417905U, (uint64_t)2868056058129113U, (uint64_t)273195291893682U,
-    (uint64_t)2044797305960112U, (uint64_t)2357106853933780U, (uint64_t)3563112438336058U,
-    (uint64_t)2430811541762558U, (uint64_t)106443809495428U, (uint64_t)2231357633909668U,
-    (uint64_t)3641705835951936U, (uint64_t)80642569314189U, (uint64_t)2254841882373268U,
-    (uint64_t)149848031966573U, (uint64_t)2304615661367764U, (uint64_t)2410957403736446U,
-    (uint64_t)2712754805859804U, (uint64_t)2440183877540536U, (uint64_t)99784623895865U,
-    (uint64_t)3667773127482758U, (uint64_t)1354899394473308U, (uint64_t)3636602998800808U,
-    (uint64_t)2709296679846364U, (uint64_t)7253362091963U, (uint64_t)3585950735562744U,
-    (uint64_t)935775991758415U, (uint64_t)4108078106735201U, (uint64_t)556081800336307U,
-    (uint64_t)229585977163057U, (uint64_t)4055594186679801U, (uint64_t)1767681004944933U,
-    (uint64_t)1432634922083242U, (uint64_t)534935602949197U, (uint64_t)251753159522567U,
-    (uint64_t)2846474078499321U, (uint64_t)4488649590348702U, (uint64_t)2437476916025038U,
-    (uint64_t)3040577412822874U, (uint64_t)79405234918614U, (uint64_t)3030621226551508U,
-    (uint64_t)2801117003929806U, (uint64_t)1642927515498422U, (uint64_t)2802725079726297U,
-    (uint64_t)8472780626107U, (uint64_t)866068070352655U, (uint64_t)188080768545106U,
-    (uint64_t)2152119998903058U, (uint64_t)3391239985029665U, (uint64_t)23820026013564U,
-    (uint64_t)2965064154891949U, (uint64_t)1846516097921398U, (uint64_t)4418379948133146U,
-    (uint64_t)3137755426942400U, (uint64_t)47705291301781U, (uint64_t)4278533051105665U,
-    (uint64_t)3453643211214931U, (uint64_t)3379734319145156U, (uint64_t)3762442192097039U,
-    (uint64_t)40243003528694U, (uint64_t)4063448994211201U, (uint64_t)5697015368785U,
-    (uint64_t)1006545411838613U, (uint64_t)4242291693755210U, (uint64_t)135184629190512U,
-    (uint64_t)264898689131035U, (uint64_t)611796474823597U, (uint64_t)3255382250029089U,
-    (uint64_t)3490429246984696U, (uint64_t)236558595864362U, (uint64_t)2055934691551704U,
-    (uint64_t)1487711670114502U, (uint64_t)1823930698221632U, (uint64_t)2130937287438472U,
-    (uint64_t)154610053389779U, (uint64_t)2746573287023216U, (uint64_t)2430987262221221U,
-    (uint64_t)1668741642878689U, (uint64_t)904982541243977U, (uint64_t)56087343124948U,
-    (uint64_t)393905062353536U, (uint64_t)412681877350188U, (uint64_t)3153602040979977U,
-    (uint64_t)4466820876224989U, (uint64_t)146579165617857U, (uint64_t)2628741216508991U,
-    (uint64_t)747994231529806U, (uint64_t)750506569317681U, (uint64_t)1887492790748779U,
-    (uint64_t)35259008682771U, (uint64_t)2085116434894208U, (uint64_t)543291398921711U,
-    (uint64_t)1144362007901552U, (uint64_t)679305136036846U, (uint64_t)141090902244489U,
-    (uint64_t)632480954474859U, (uint64_t)2384513102652591U, (uint64_t)2225529790159790U,
-    (uint64_t)692258664851625U, (uint64_t)198681843567699U, (uint64_t)2397092587228181U,
-    (uint64_t)145862822166614U, (uint64_t)196976540479452U, (uint64_t)3321831130141455U,
-    (uint64_t)69266673089832U, (uint64_t)4469644227342284U, (uint64_t)3899271145504796U,
-    (uint64_t)1261890974076660U, (uint64_t)525357673886694U, (uint64_t)182135997828583U,
-    (uint64_t)4292760618810332U, (uint64_t)3404186545541683U, (uint64_t)312297386688768U,
-    (uint64_t)204377466824608U, (uint64_t)230900767857952U, (uint64_t)3871485172339693U,
-    (uint64_t)779449329662955U, (uint64_t)978655822464694U, (uint64_t)2278252139594027U,
-    (uint64_t)104641527040382U, (uint64_t)3528840153625765U, (uint64_t)4484699080275273U,
-    (uint64_t)1463971951102316U, (uint64_t)4013910812844749U, (uint64_t)228915589433620U,
-    (uint64_t)1209641433482461U, (uint64_t)4043178788774759U, (uint64_t)3008668238856634U,
-    (uint64_t)1448425089071412U, (uint64_t)26269719725037U, (uint64_t)3330785027545223U,
-    (uint64_t)852657975349259U, (uint64_t)227245054466105U, (uint64_t)1534632353984777U,
-    (uint64_t)207715098574660U, (uint64_t)3209837527352280U, (uint64_t)4051688046309066U,
-    (uint64_t)3839009590725955U, (uint64_t)1321506437398842U, (uint64_t)68340219159928U,
-    (uint64_t)1806950276956275U, (uint64_t)3923908055275295U, (uint64_t)743963253393575U,
-    (uint64_t)42162407478783U, (uint64_t)261334584474610U, (uint64_t)3728224928885214U,
-    (uint64_t)4004701081842869U, (uint64_t)709043201644674U, (uint64_t)4267294249150171U,
-    (uint64_t)255540582975025U, (uint64_t)875490593722211U, (uint64_t)796393708218375U,
-    (uint64_t)14774425627956U, (uint64_t)1500040516752097U, (uint64_t)141076627721678U,
-    (uint64_t)2634539368480628U, (uint64_t)1106488853550103U, (uint64_t)2346231921151930U,
-    (uint64_t)897108283954283U, (uint64_t)64616679559843U, (uint64_t)400244949840943U,
-    (uint64_t)1731263826831733U, (uint64_t)1649996579904651U, (uint64_t)3643693449640761U,
-    (uint64_t)172543068638991U, (uint64_t)329537981097182U, (uint64_t)2029799860802869U,
-    (uint64_t)4377737515208862U, (uint64_t)29103311051334U, (uint64_t)265583594111499U,
-    (uint64_t)3798074876561255U, (uint64_t)184749333259352U, (uint64_t)3117395073661801U,
-    (uint64_t)3695784565008833U, (uint64_t)64282709896721U, (uint64_t)1618968913246422U,
-    (uint64_t)3185235128095257U, (uint64_t)3288745068118692U, (uint64_t)1963818603508782U,
-    (uint64_t)281054350739495U, (uint64_t)1658639050810346U, (uint64_t)3061097601679552U,
-    (uint64_t)3023781433263746U, (uint64_t)2770283391242475U, (uint64_t)144508864751908U,
-    (uint64_t)173576288079856U, (uint64_t)46114579547054U, (uint64_t)1679480127300211U,
-    (uint64_t)1683062051644007U, (uint64_t)117183826129323U, (uint64_t)1894068608117440U,
-    (uint64_t)3846899838975733U, (uint64_t)4289279019496192U, (uint64_t)176995887914031U,
-    (uint64_t)78074942938713U, (uint64_t)454207263265292U, (uint64_t)972683614054061U,
-    (uint64_t)808474205144361U, (uint64_t)942703935951735U, (uint64_t)134460241077887U,
-    (uint64_t)2104196179349630U, (uint64_t)501632371208418U, (uint64_t)1666838991431177U,
-    (uint64_t)445606193139838U, (uint64_t)73704603396096U, (uint64_t)3140284774064777U,
-    (uint64_t)1356066420820179U, (uint64_t)227054159419281U, (uint64_t)1847611229198687U,
-    (uint64_t)82327838827660U, (uint64_t)3704027573265803U, (uint64_t)1585260489220244U,
-    (uint64_t)4404647914931933U, (uint64_t)2424649827425515U, (uint64_t)206821944206116U,
-    (uint64_t)1508635776287972U, (uint64_t)1933584575629676U, (uint64_t)1903635423783032U,
-    (uint64_t)4193642165165650U, (uint64_t)234321074690644U, (uint64_t)210406774251925U,
-    (uint64_t)1965845668185599U, (uint64_t)3059839433804731U, (uint64_t)1933300510683631U,
-    (uint64_t)150696600689211U, (uint64_t)4069293682158567U, (uint64_t)4346344602660044U,
-    (uint64_t)312200249664561U, (uint64_t)2495020807621840U, (uint64_t)1912707714385U,
-    (uint64_t)299345978159762U, (uint64_t)1164752722686920U, (uint64_t)225322433710338U,
-    (uint64_t)3128747381283759U, (uint64_t)275659067815583U, (uint64_t)1489671057429039U,
-    (uint64_t)1567693343342676U, (uint64_t)921672046098071U, (uint64_t)3707418899384085U,
-    (uint64_t)54646424931593U, (uint64_t)4026733380127147U, (uint64_t)2933435393699231U,
-    (uint64_t)3356593659521967U, (uint64_t)3637750749325529U, (uint64_t)232939412379045U,
-    (uint64_t)2298399636043069U, (uint64_t)270361546063041U, (uint64_t)2523933572551420U,
-    (uint64_t)3456896091572950U, (uint64_t)185447004732850U, (uint64_t)429322937697821U,
-    (uint64_t)2579704215668222U, (uint64_t)695065378803349U, (uint64_t)3987916247731243U,
-    (uint64_t)255159546348233U, (uint64_t)3057777929921282U, (uint64_t)1608970699916312U,
-    (uint64_t)1902369623063807U, (uint64_t)1413619643652777U, (uint64_t)94983996321227U,
-    (uint64_t)2832873179548050U, (uint64_t)4335430233622555U, (uint64_t)1559023976028843U,
-    (uint64_t)3297181988648895U, (uint64_t)100072021232323U, (uint64_t)2124984034109675U,
-    (uint64_t)4501252835618918U, (uint64_t)2053336899483297U, (uint64_t)638807226463876U,
-    (uint64_t)278445213600634U, (uint64_t)2311236445660555U, (uint64_t)303317664040012U,
-    (uint64_t)2659353858089024U, (uint64_t)3598827423980130U, (uint64_t)176059343827873U,
-    (uint64_t)3891639526275437U, (uint64_t)252823982819463U, (uint64_t)3404823300622345U,
-    (uint64_t)2758370772497456U, (uint64_t)91397496598783U, (uint64_t)2248661144141892U,
-    (uint64_t)491087075271969U, (uint64_t)1786344894571315U, (uint64_t)452497694885923U,
-    (uint64_t)34039628873357U, (uint64_t)2116503165025197U, (uint64_t)4436733709429923U,
-    (uint64_t)3045800776819238U, (uint64_t)1385518906078375U, (uint64_t)110495603336764U,
-    (uint64_t)4051447296249587U, (uint64_t)1103557421498625U, (uint64_t)1840785058439622U,
-    (uint64_t)425322753992314U, (uint64_t)98330046771676U, (uint64_t)365407468686431U,
-    (uint64_t)2611246859977123U, (uint64_t)3050253933135339U, (uint64_t)1006482220896688U,
-    (uint64_t)166818196428389U, (uint64_t)3415236093104372U, (uint64_t)1762308883882288U,
-    (uint64_t)1327828123094558U, (uint64_t)3403946425556706U, (uint64_t)96503464455441U,
-    (uint64_t)3893015304031471U, (uint64_t)3740839477490397U, (uint64_t)2411470812852231U,
-    (uint64_t)940927462436211U, (uint64_t)163825285911099U, (uint64_t)1622441495640386U,
-    (uint64_t)850224095680266U, (uint64_t)76199085900939U, (uint64_t)1941852365144042U,
-    (uint64_t)140326673652807U, (uint64_t)3161611011249524U, (uint64_t)317297150009965U,
-    (uint64_t)2145053259340619U, (uint64_t)2180498176457552U, (uint64_t)38457740506224U,
-    (uint64_t)394174899129468U, (uint64_t)2687474560485245U, (uint64_t)1542175980184516U,
-    (uint64_t)1628502671124819U, (uint64_t)48477401124385U, (uint64_t)4474181600025082U,
-    (uint64_t)2142747956365708U, (uint64_t)1638299432475478U, (uint64_t)2005869320353249U,
-    (uint64_t)112292630760956U, (uint64_t)1887521965171588U, (uint64_t)457587531429696U,
-    (uint64_t)840994209504042U, (uint64_t)4268060856325798U, (uint64_t)195597993440388U,
-    (uint64_t)4148484749020338U, (uint64_t)2074885000909672U, (uint64_t)2309839019263165U,
-    (uint64_t)2087616209681024U, (uint64_t)257214370719966U, (uint64_t)2331363508376581U,
-    (uint64_t)1233124357504711U, (uint64_t)2849542202650296U, (uint64_t)3790982825325736U,
-    (uint64_t)13381453503890U, (uint64_t)1665246594531069U, (uint64_t)4165624287443904U,
-    (uint64_t)3418759698027493U, (uint64_t)2118493255117399U, (uint64_t)136249206366067U,
-    (uint64_t)4064050233283309U, (uint64_t)1368779887911300U, (uint64_t)4370550759530269U,
-    (uint64_t)66992990631341U, (uint64_t)84442368922270U, (uint64_t)2139322635321394U,
-    (uint64_t)2076163483726795U, (uint64_t)657097866349103U, (uint64_t)2095579409488071U,
-    (uint64_t)226525774791341U, (uint64_t)4445744257665359U, (uint64_t)2035752839278107U,
-    (uint64_t)1998242662838304U, (uint64_t)1601548415521694U, (uint64_t)151297684296198U,
-    (uint64_t)1350963039017303U, (uint64_t)2624916349548281U, (uint64_t)2018863259670197U,
-    (uint64_t)2717274357461290U, (uint64_t)94024796961533U, (uint64_t)711335520409111U,
-    (uint64_t)4322093765820263U, (uint64_t)2041650358174649U, (uint64_t)3439791603157577U,
-    (uint64_t)179292018616267U, (uint64_t)2436436921286669U, (uint64_t)3905268797208340U,
-    (uint64_t)2829194895162985U, (uint64_t)1355175382191543U, (uint64_t)55128779761539U,
-    (uint64_t)2648428998786922U, (uint64_t)869805912573515U, (uint64_t)3706708942847864U,
-    (uint64_t)2785288916584667U, (uint64_t)37156862850147U, (uint64_t)1422245336293228U,
-    (uint64_t)4497066058933021U, (uint64_t)85588912978349U, (uint64_t)2616252221194611U,
-    (uint64_t)53506393720989U, (uint64_t)3727539190732644U, (uint64_t)872132446545237U,
-    (uint64_t)933583590986077U, (uint64_t)3794591170581203U, (uint64_t)167875550514069U,
-    (uint64_t)2267466834993297U, (uint64_t)3072652681756816U, (uint64_t)2108499037430803U,
-    (uint64_t)1606735192928366U, (uint64_t)72339568815255U, (uint64_t)3258484260684219U,
-    (uint64_t)3277927277719855U, (uint64_t)2459560373011535U, (uint64_t)1672794293294033U,
-    (uint64_t)227460934880669U, (uint64_t)3702454405413705U, (uint64_t)106168148441676U,
-    (uint64_t)1356617643071159U, (uint64_t)3280896569942762U, (uint64_t)142618711614302U,
-    (uint64_t)4291782740862057U, (uint64_t)4141020884874235U, (uint64_t)3720787221267125U,
-    (uint64_t)552884940089351U, (uint64_t)174626154407180U, (uint64_t)972071013326540U,
-    (uint64_t)4458530419931903U, (uint64_t)4435168973822858U, (uint64_t)1902967548748411U,
-    (uint64_t)53007977605840U, (uint64_t)2453997334323925U, (uint64_t)3653077937283262U,
-    (uint64_t)850660265046356U, (uint64_t)312721924805450U, (uint64_t)268503679240683U,
-    (uint64_t)256960167714122U, (uint64_t)1474492507858350U, (uint64_t)2456345526438488U,
-    (uint64_t)3686029507160255U, (uint64_t)279158933010398U, (uint64_t)3646946293948063U,
-    (uint64_t)704477527214036U, (uint64_t)3387744169891031U, (uint64_t)3772622670980241U,
-    (uint64_t)136368897543304U, (uint64_t)3744894052577607U, (uint64_t)1976007214443430U,
-    (uint64_t)2090045379763451U, (uint64_t)968565474458988U, (uint64_t)234295114806066U
+    0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
+    705178180786072ULL, 3855836460717471ULL, 4089131105950716ULL, 3301581525494108ULL,
+    133858670344668ULL, 2199641648059576ULL, 1278080618437060ULL, 3959378566518708ULL,
+    3455034269351872ULL, 79417610544803ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1282049064345544ULL,
+    971732600440099ULL, 1014594595727339ULL, 4392159187541980ULL, 268327875692285ULL,
+    2411661712280539ULL, 1092576199280126ULL, 4328619610718051ULL, 3535440816471627ULL,
+    95182251488556ULL, 1893725512243753ULL, 3619861457111820ULL, 879374960417905ULL,
+    2868056058129113ULL, 273195291893682ULL, 2044797305960112ULL, 2357106853933780ULL,
+    3563112438336058ULL, 2430811541762558ULL, 106443809495428ULL, 2231357633909668ULL,
+    3641705835951936ULL, 80642569314189ULL, 2254841882373268ULL, 149848031966573ULL,
+    2304615661367764ULL, 2410957403736446ULL, 2712754805859804ULL, 2440183877540536ULL,
+    99784623895865ULL, 3667773127482758ULL, 1354899394473308ULL, 3636602998800808ULL,
+    2709296679846364ULL, 7253362091963ULL, 3585950735562744ULL, 935775991758415ULL,
+    4108078106735201ULL, 556081800336307ULL, 229585977163057ULL, 4055594186679801ULL,
+    1767681004944933ULL, 1432634922083242ULL, 534935602949197ULL, 251753159522567ULL,
+    2846474078499321ULL, 4488649590348702ULL, 2437476916025038ULL, 3040577412822874ULL,
+    79405234918614ULL, 3030621226551508ULL, 2801117003929806ULL, 1642927515498422ULL,
+    2802725079726297ULL, 8472780626107ULL, 866068070352655ULL, 188080768545106ULL,
+    2152119998903058ULL, 3391239985029665ULL, 23820026013564ULL, 2965064154891949ULL,
+    1846516097921398ULL, 4418379948133146ULL, 3137755426942400ULL, 47705291301781ULL,
+    4278533051105665ULL, 3453643211214931ULL, 3379734319145156ULL, 3762442192097039ULL,
+    40243003528694ULL, 4063448994211201ULL, 5697015368785ULL, 1006545411838613ULL,
+    4242291693755210ULL, 135184629190512ULL, 264898689131035ULL, 611796474823597ULL,
+    3255382250029089ULL, 3490429246984696ULL, 236558595864362ULL, 2055934691551704ULL,
+    1487711670114502ULL, 1823930698221632ULL, 2130937287438472ULL, 154610053389779ULL,
+    2746573287023216ULL, 2430987262221221ULL, 1668741642878689ULL, 904982541243977ULL,
+    56087343124948ULL, 393905062353536ULL, 412681877350188ULL, 3153602040979977ULL,
+    4466820876224989ULL, 146579165617857ULL, 2628741216508991ULL, 747994231529806ULL,
+    750506569317681ULL, 1887492790748779ULL, 35259008682771ULL, 2085116434894208ULL,
+    543291398921711ULL, 1144362007901552ULL, 679305136036846ULL, 141090902244489ULL,
+    632480954474859ULL, 2384513102652591ULL, 2225529790159790ULL, 692258664851625ULL,
+    198681843567699ULL, 2397092587228181ULL, 145862822166614ULL, 196976540479452ULL,
+    3321831130141455ULL, 69266673089832ULL, 4469644227342284ULL, 3899271145504796ULL,
+    1261890974076660ULL, 525357673886694ULL, 182135997828583ULL, 4292760618810332ULL,
+    3404186545541683ULL, 312297386688768ULL, 204377466824608ULL, 230900767857952ULL,
+    3871485172339693ULL, 779449329662955ULL, 978655822464694ULL, 2278252139594027ULL,
+    104641527040382ULL, 3528840153625765ULL, 4484699080275273ULL, 1463971951102316ULL,
+    4013910812844749ULL, 228915589433620ULL, 1209641433482461ULL, 4043178788774759ULL,
+    3008668238856634ULL, 1448425089071412ULL, 26269719725037ULL, 3330785027545223ULL,
+    852657975349259ULL, 227245054466105ULL, 1534632353984777ULL, 207715098574660ULL,
+    3209837527352280ULL, 4051688046309066ULL, 3839009590725955ULL, 1321506437398842ULL,
+    68340219159928ULL, 1806950276956275ULL, 3923908055275295ULL, 743963253393575ULL,
+    42162407478783ULL, 261334584474610ULL, 3728224928885214ULL, 4004701081842869ULL,
+    709043201644674ULL, 4267294249150171ULL, 255540582975025ULL, 875490593722211ULL,
+    796393708218375ULL, 14774425627956ULL, 1500040516752097ULL, 141076627721678ULL,
+    2634539368480628ULL, 1106488853550103ULL, 2346231921151930ULL, 897108283954283ULL,
+    64616679559843ULL, 400244949840943ULL, 1731263826831733ULL, 1649996579904651ULL,
+    3643693449640761ULL, 172543068638991ULL, 329537981097182ULL, 2029799860802869ULL,
+    4377737515208862ULL, 29103311051334ULL, 265583594111499ULL, 3798074876561255ULL,
+    184749333259352ULL, 3117395073661801ULL, 3695784565008833ULL, 64282709896721ULL,
+    1618968913246422ULL, 3185235128095257ULL, 3288745068118692ULL, 1963818603508782ULL,
+    281054350739495ULL, 1658639050810346ULL, 3061097601679552ULL, 3023781433263746ULL,
+    2770283391242475ULL, 144508864751908ULL, 173576288079856ULL, 46114579547054ULL,
+    1679480127300211ULL, 1683062051644007ULL, 117183826129323ULL, 1894068608117440ULL,
+    3846899838975733ULL, 4289279019496192ULL, 176995887914031ULL, 78074942938713ULL,
+    454207263265292ULL, 972683614054061ULL, 808474205144361ULL, 942703935951735ULL,
+    134460241077887ULL, 2104196179349630ULL, 501632371208418ULL, 1666838991431177ULL,
+    445606193139838ULL, 73704603396096ULL, 3140284774064777ULL, 1356066420820179ULL,
+    227054159419281ULL, 1847611229198687ULL, 82327838827660ULL, 3704027573265803ULL,
+    1585260489220244ULL, 4404647914931933ULL, 2424649827425515ULL, 206821944206116ULL,
+    1508635776287972ULL, 1933584575629676ULL, 1903635423783032ULL, 4193642165165650ULL,
+    234321074690644ULL, 210406774251925ULL, 1965845668185599ULL, 3059839433804731ULL,
+    1933300510683631ULL, 150696600689211ULL, 4069293682158567ULL, 4346344602660044ULL,
+    312200249664561ULL, 2495020807621840ULL, 1912707714385ULL, 299345978159762ULL,
+    1164752722686920ULL, 225322433710338ULL, 3128747381283759ULL, 275659067815583ULL,
+    1489671057429039ULL, 1567693343342676ULL, 921672046098071ULL, 3707418899384085ULL,
+    54646424931593ULL, 4026733380127147ULL, 2933435393699231ULL, 3356593659521967ULL,
+    3637750749325529ULL, 232939412379045ULL, 2298399636043069ULL, 270361546063041ULL,
+    2523933572551420ULL, 3456896091572950ULL, 185447004732850ULL, 429322937697821ULL,
+    2579704215668222ULL, 695065378803349ULL, 3987916247731243ULL, 255159546348233ULL,
+    3057777929921282ULL, 1608970699916312ULL, 1902369623063807ULL, 1413619643652777ULL,
+    94983996321227ULL, 2832873179548050ULL, 4335430233622555ULL, 1559023976028843ULL,
+    3297181988648895ULL, 100072021232323ULL, 2124984034109675ULL, 4501252835618918ULL,
+    2053336899483297ULL, 638807226463876ULL, 278445213600634ULL, 2311236445660555ULL,
+    303317664040012ULL, 2659353858089024ULL, 3598827423980130ULL, 176059343827873ULL,
+    3891639526275437ULL, 252823982819463ULL, 3404823300622345ULL, 2758370772497456ULL,
+    91397496598783ULL, 2248661144141892ULL, 491087075271969ULL, 1786344894571315ULL,
+    452497694885923ULL, 34039628873357ULL, 2116503165025197ULL, 4436733709429923ULL,
+    3045800776819238ULL, 1385518906078375ULL, 110495603336764ULL, 4051447296249587ULL,
+    1103557421498625ULL, 1840785058439622ULL, 425322753992314ULL, 98330046771676ULL,
+    365407468686431ULL, 2611246859977123ULL, 3050253933135339ULL, 1006482220896688ULL,
+    166818196428389ULL, 3415236093104372ULL, 1762308883882288ULL, 1327828123094558ULL,
+    3403946425556706ULL, 96503464455441ULL, 3893015304031471ULL, 3740839477490397ULL,
+    2411470812852231ULL, 940927462436211ULL, 163825285911099ULL, 1622441495640386ULL,
+    850224095680266ULL, 76199085900939ULL, 1941852365144042ULL, 140326673652807ULL,
+    3161611011249524ULL, 317297150009965ULL, 2145053259340619ULL, 2180498176457552ULL,
+    38457740506224ULL, 394174899129468ULL, 2687474560485245ULL, 1542175980184516ULL,
+    1628502671124819ULL, 48477401124385ULL, 4474181600025082ULL, 2142747956365708ULL,
+    1638299432475478ULL, 2005869320353249ULL, 112292630760956ULL, 1887521965171588ULL,
+    457587531429696ULL, 840994209504042ULL, 4268060856325798ULL, 195597993440388ULL,
+    4148484749020338ULL, 2074885000909672ULL, 2309839019263165ULL, 2087616209681024ULL,
+    257214370719966ULL, 2331363508376581ULL, 1233124357504711ULL, 2849542202650296ULL,
+    3790982825325736ULL, 13381453503890ULL, 1665246594531069ULL, 4165624287443904ULL,
+    3418759698027493ULL, 2118493255117399ULL, 136249206366067ULL, 4064050233283309ULL,
+    1368779887911300ULL, 4370550759530269ULL, 66992990631341ULL, 84442368922270ULL,
+    2139322635321394ULL, 2076163483726795ULL, 657097866349103ULL, 2095579409488071ULL,
+    226525774791341ULL, 4445744257665359ULL, 2035752839278107ULL, 1998242662838304ULL,
+    1601548415521694ULL, 151297684296198ULL, 1350963039017303ULL, 2624916349548281ULL,
+    2018863259670197ULL, 2717274357461290ULL, 94024796961533ULL, 711335520409111ULL,
+    4322093765820263ULL, 2041650358174649ULL, 3439791603157577ULL, 179292018616267ULL,
+    2436436921286669ULL, 3905268797208340ULL, 2829194895162985ULL, 1355175382191543ULL,
+    55128779761539ULL, 2648428998786922ULL, 869805912573515ULL, 3706708942847864ULL,
+    2785288916584667ULL, 37156862850147ULL, 1422245336293228ULL, 4497066058933021ULL,
+    85588912978349ULL, 2616252221194611ULL, 53506393720989ULL, 3727539190732644ULL,
+    872132446545237ULL, 933583590986077ULL, 3794591170581203ULL, 167875550514069ULL,
+    2267466834993297ULL, 3072652681756816ULL, 2108499037430803ULL, 1606735192928366ULL,
+    72339568815255ULL, 3258484260684219ULL, 3277927277719855ULL, 2459560373011535ULL,
+    1672794293294033ULL, 227460934880669ULL, 3702454405413705ULL, 106168148441676ULL,
+    1356617643071159ULL, 3280896569942762ULL, 142618711614302ULL, 4291782740862057ULL,
+    4141020884874235ULL, 3720787221267125ULL, 552884940089351ULL, 174626154407180ULL,
+    972071013326540ULL, 4458530419931903ULL, 4435168973822858ULL, 1902967548748411ULL,
+    53007977605840ULL, 2453997334323925ULL, 3653077937283262ULL, 850660265046356ULL,
+    312721924805450ULL, 268503679240683ULL, 256960167714122ULL, 1474492507858350ULL,
+    2456345526438488ULL, 3686029507160255ULL, 279158933010398ULL, 3646946293948063ULL,
+    704477527214036ULL, 3387744169891031ULL, 3772622670980241ULL, 136368897543304ULL,
+    3744894052577607ULL, 1976007214443430ULL, 2090045379763451ULL, 968565474458988ULL,
+    234295114806066ULL
   };
 
 #if defined(__cplusplus)
diff --git a/include/internal/Hacl_Poly1305_256.h b/include/msvc/internal/Hacl_MAC_Poly1305.h
similarity index 77%
rename from include/internal/Hacl_Poly1305_256.h
rename to include/msvc/internal/Hacl_MAC_Poly1305.h
index 21d78b16..29e1734a 100644
--- a/include/internal/Hacl_Poly1305_256.h
+++ b/include/msvc/internal/Hacl_MAC_Poly1305.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __internal_Hacl_Poly1305_256_H
-#define __internal_Hacl_Poly1305_256_H
+#ifndef __internal_Hacl_MAC_Poly1305_H
+#define __internal_Hacl_MAC_Poly1305_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,21 +35,15 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "../Hacl_Poly1305_256.h"
-#include "libintvector.h"
+#include "../Hacl_MAC_Poly1305.h"
 
-void
-Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b);
+void Hacl_MAC_Poly1305_poly1305_init(uint64_t *ctx, uint8_t *key);
 
-void
-Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
-  Lib_IntVector_Intrinsics_vec256 *out,
-  Lib_IntVector_Intrinsics_vec256 *p
-);
+void Hacl_MAC_Poly1305_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#define __internal_Hacl_Poly1305_256_H_DEFINED
+#define __internal_Hacl_MAC_Poly1305_H_DEFINED
 #endif
diff --git a/include/Hacl_Poly1305_128.h b/include/msvc/internal/Hacl_MAC_Poly1305_Simd128.h
similarity index 72%
rename from include/Hacl_Poly1305_128.h
rename to include/msvc/internal/Hacl_MAC_Poly1305_Simd128.h
index 834d4a8a..fe120e43 100644
--- a/include/Hacl_Poly1305_128.h
+++ b/include/msvc/internal/Hacl_MAC_Poly1305_Simd128.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Poly1305_128_H
-#define __Hacl_Poly1305_128_H
+#ifndef __internal_Hacl_MAC_Poly1305_Simd128_H
+#define __internal_Hacl_MAC_Poly1305_Simd128_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,33 +35,30 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
+#include "../Hacl_MAC_Poly1305_Simd128.h"
 #include "libintvector.h"
 
-typedef Lib_IntVector_Intrinsics_vec128 *Hacl_Poly1305_128_poly1305_ctx;
-
-void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key);
-
-void Hacl_Poly1305_128_poly1305_update1(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *text);
+void Hacl_MAC_Poly1305_Simd128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b);
 
 void
-Hacl_Poly1305_128_poly1305_update(
-  Lib_IntVector_Intrinsics_vec128 *ctx,
-  uint32_t len,
-  uint8_t *text
+Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize(
+  Lib_IntVector_Intrinsics_vec128 *out,
+  Lib_IntVector_Intrinsics_vec128 *p
 );
 
 void
-Hacl_Poly1305_128_poly1305_finish(
+Hacl_MAC_Poly1305_Simd128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key);
+
+void
+Hacl_MAC_Poly1305_Simd128_poly1305_finish(
   uint8_t *tag,
   uint8_t *key,
   Lib_IntVector_Intrinsics_vec128 *ctx
 );
 
-void Hacl_Poly1305_128_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key);
-
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Poly1305_128_H_DEFINED
+#define __internal_Hacl_MAC_Poly1305_Simd128_H_DEFINED
 #endif
diff --git a/include/msvc/Hacl_Poly1305_256.h b/include/msvc/internal/Hacl_MAC_Poly1305_Simd256.h
similarity index 72%
rename from include/msvc/Hacl_Poly1305_256.h
rename to include/msvc/internal/Hacl_MAC_Poly1305_Simd256.h
index 9d1ae8c3..7bf106c1 100644
--- a/include/msvc/Hacl_Poly1305_256.h
+++ b/include/msvc/internal/Hacl_MAC_Poly1305_Simd256.h
@@ -23,8 +23,8 @@
  */
 
 
-#ifndef __Hacl_Poly1305_256_H
-#define __Hacl_Poly1305_256_H
+#ifndef __internal_Hacl_MAC_Poly1305_Simd256_H
+#define __internal_Hacl_MAC_Poly1305_Simd256_H
 
 #if defined(__cplusplus)
 extern "C" {
@@ -35,33 +35,30 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
+#include "../Hacl_MAC_Poly1305_Simd256.h"
 #include "libintvector.h"
 
-typedef Lib_IntVector_Intrinsics_vec256 *Hacl_Poly1305_256_poly1305_ctx;
-
-void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key);
-
-void Hacl_Poly1305_256_poly1305_update1(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *text);
+void Hacl_MAC_Poly1305_Simd256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b);
 
 void
-Hacl_Poly1305_256_poly1305_update(
-  Lib_IntVector_Intrinsics_vec256 *ctx,
-  uint32_t len,
-  uint8_t *text
+Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize(
+  Lib_IntVector_Intrinsics_vec256 *out,
+  Lib_IntVector_Intrinsics_vec256 *p
 );
 
 void
-Hacl_Poly1305_256_poly1305_finish(
+Hacl_MAC_Poly1305_Simd256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key);
+
+void
+Hacl_MAC_Poly1305_Simd256_poly1305_finish(
   uint8_t *tag,
   uint8_t *key,
   Lib_IntVector_Intrinsics_vec256 *ctx
 );
 
-void Hacl_Poly1305_256_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key);
-
 #if defined(__cplusplus)
 }
 #endif
 
-#define __Hacl_Poly1305_256_H_DEFINED
+#define __internal_Hacl_MAC_Poly1305_Simd256_H_DEFINED
 #endif
diff --git a/include/msvc/internal/Hacl_P256_PrecompTable.h b/include/msvc/internal/Hacl_P256_PrecompTable.h
index f185c2be..c852ef8c 100644
--- a/include/msvc/internal/Hacl_P256_PrecompTable.h
+++ b/include/msvc/internal/Hacl_P256_PrecompTable.h
@@ -39,476 +39,360 @@ static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_basepoint_table_w4[192U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U,
-    (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U,
-    (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U,
-    (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U,
-    (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U,
-    (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U,
-    (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U,
-    (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U,
-    (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U,
-    (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U,
-    (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U,
-    (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U,
-    (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U,
-    (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U,
-    (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U,
-    (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U,
-    (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U,
-    (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U,
-    (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U,
-    (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U,
-    (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U,
-    (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U,
-    (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U,
-    (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U,
-    (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U,
-    (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U,
-    (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U,
-    (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U,
-    (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U,
-    (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U,
-    (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U,
-    (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U,
-    (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U,
-    (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U,
-    (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U,
-    (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U,
-    (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U,
-    (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U,
-    (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U,
-    (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U,
-    (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U,
-    (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U,
-    (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U,
-    (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U,
-    (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U,
-    (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U,
-    (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U,
-    (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U,
-    (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U,
-    (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U,
-    (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U,
-    (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U,
-    (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U,
-    (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U,
-    (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U,
-    (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U,
-    (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U,
-    (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U,
-    (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U,
-    (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U,
-    (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U,
-    (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U,
-    (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U,
-    (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U,
-    (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U,
-    (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U,
-    (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U,
-    (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 8784043285714375740ULL, 8483257759279461889ULL, 8789745728267363600ULL,
+    1770019616739251654ULL, 15992936863339206154ULL, 10037038012062884956ULL,
+    15197544864945402661ULL, 9615747158586711429ULL, 1ULL, 18446744069414584320ULL,
+    18446744073709551615ULL, 4294967294ULL, 10634854829044225757ULL, 351552716085025155ULL,
+    10645315080955407736ULL, 3609262091244858135ULL, 15760741698986874125ULL,
+    14936374388219697827ULL, 15751360096993017895ULL, 18012233706239762398ULL,
+    1993877568177495041ULL, 10345888787846536528ULL, 7746511691117935375ULL,
+    14517043990409914413ULL, 14122549297570634151ULL, 16934610359517083771ULL,
+    5724511325497097418ULL, 8983432969107448705ULL, 2687429970334080245ULL, 16525396802810050288ULL,
+    7602596488871585854ULL, 4813919589149203084ULL, 7680395813780804519ULL, 6687709583048023590ULL,
+    18086445169104142027ULL, 9637814708330203929ULL, 14785108459960679090ULL,
+    3838023279095023581ULL, 3555615526157830307ULL, 5177066488380472871ULL, 18218186719108038403ULL,
+    16281556341699656105ULL, 1524227924561461191ULL, 4148060517641909597ULL, 2858290374115363433ULL,
+    8942772026334130620ULL, 3034451298319885113ULL, 8447866036736640940ULL, 11204933433076256578ULL,
+    18333595740249588297ULL, 8259597024804538246ULL, 9539734295777539786ULL, 9797290423046626413ULL,
+    5777303437849646537ULL, 8739356909899132020ULL, 14815960973766782158ULL,
+    15286581798204509801ULL, 17597362577777019682ULL, 13259283710820519742ULL,
+    10501322996899164670ULL, 1221138904338319642ULL, 14586685489551951885ULL, 895326705426031212ULL,
+    14398171728560617847ULL, 9592550823745097391ULL, 17240998489162206026ULL,
+    8085479283308189196ULL, 14844657737893882826ULL, 15923425394150618234ULL,
+    2997808084773249525ULL, 494323555453660587ULL, 1215695327517794764ULL, 9476207381098391690ULL,
+    7480789678419122995ULL, 15212230329321082489ULL, 436189395349576388ULL, 17377474396456660834ULL,
+    15237013929655017939ULL, 11444428846883781676ULL, 5112749694521428575ULL, 950829367509872073ULL,
+    17665036182057559519ULL, 17205133339690002313ULL, 16233765170251334549ULL,
+    10122775683257972591ULL, 3352514236455632420ULL, 9143148522359954691ULL, 601191684005658860ULL,
+    13398772186646349998ULL, 15512696600132928431ULL, 9128416073728948653ULL,
+    11233051033546138578ULL, 6769345682610122833ULL, 10823233224575054288ULL,
+    9997725227559980175ULL, 6733425642852897415ULL, 16302206918151466066ULL, 1669330822143265921ULL,
+    2661645605036546002ULL, 17182558479745802165ULL, 1165082692376932040ULL, 9470595929011488359ULL,
+    6142147329285324932ULL, 4829075085998111287ULL, 10231370681107338930ULL, 9591876895322495239ULL,
+    10316468561384076618ULL, 11592503647238064235ULL, 13395813606055179632ULL,
+    511127033980815508ULL, 12434976573147649880ULL, 3425094795384359127ULL, 6816971736303023445ULL,
+    15444670609021139344ULL, 9464349818322082360ULL, 16178216413042376883ULL,
+    9595540370774317348ULL, 7229365182662875710ULL, 4601177649460012843ULL, 5455046447382487090ULL,
+    10854066421606187521ULL, 15913416821879788071ULL, 2297365362023460173ULL,
+    2603252216454941350ULL, 6768791943870490934ULL, 15705936687122754810ULL, 9537096567546600694ULL,
+    17580538144855035062ULL, 4496542856965746638ULL, 8444341625922124942ULL,
+    12191263903636183168ULL, 17427332907535974165ULL, 14307569739254103736ULL,
+    13900598742063266169ULL, 7176996424355977650ULL, 5709008170379717479ULL,
+    14471312052264549092ULL, 1464519909491759867ULL, 3328154641049602121ULL,
+    13020349337171136774ULL, 2772166279972051938ULL, 10854476939425975292ULL,
+    1967189930534630940ULL, 2802919076529341959ULL, 14792226094833519208ULL,
+    14675640928566522177ULL, 14838974364643800837ULL, 17631460696099549980ULL,
+    17434186275364935469ULL, 2665648200587705473ULL, 13202122464492564051ULL,
+    7576287350918073341ULL, 2272206013910186424ULL, 14558761641743937843ULL, 5675729149929979729ULL,
+    9043135187561613166ULL, 11750149293830589225ULL, 740555197954307911ULL, 9871738005087190699ULL,
+    17178667634283502053ULL, 18046255991533013265ULL, 4458222096988430430ULL,
+    8452427758526311627ULL, 13825286929656615266ULL, 13956286357198391218ULL,
+    15875692916799995079ULL, 10634895319157013920ULL, 13230116118036304207ULL,
+    8795317393614625606ULL, 7001710806858862020ULL, 7949746088586183478ULL, 14677556044923602317ULL,
+    11184023437485843904ULL, 11215864722023085094ULL, 6444464081471519014ULL,
+    1706241174022415217ULL, 8243975633057550613ULL, 15502902453836085864ULL, 3799182188594003953ULL,
+    3538840175098724094ULL
   };
 
 static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_g_pow2_64_table_w4[192U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1499621593102562565U,
-    (uint64_t)16692369783039433128U, (uint64_t)15337520135922861848U,
-    (uint64_t)5455737214495366228U, (uint64_t)17827017231032529600U,
-    (uint64_t)12413621606240782649U, (uint64_t)2290483008028286132U,
-    (uint64_t)15752017553340844820U, (uint64_t)4846430910634234874U,
-    (uint64_t)10861682798464583253U, (uint64_t)15404737222404363049U, (uint64_t)363586619281562022U,
-    (uint64_t)9866710912401645115U, (uint64_t)1162548847543228595U, (uint64_t)7649967190445130486U,
-    (uint64_t)5212340432230915749U, (uint64_t)7572620550182916491U, (uint64_t)14876145112448665096U,
-    (uint64_t)2063227348838176167U, (uint64_t)3519435548295415847U, (uint64_t)8390400282019023103U,
-    (uint64_t)17666843593163037841U, (uint64_t)9450204148816496323U, (uint64_t)8483374507652916768U,
-    (uint64_t)6254661047265818424U, (uint64_t)16382127809582285023U, (uint64_t)125359443771153172U,
-    (uint64_t)1374336701588437897U, (uint64_t)11362596098420127726U, (uint64_t)2101654420738681387U,
-    (uint64_t)12772780342444840510U, (uint64_t)12546934328908550060U,
-    (uint64_t)8331880412333790397U, (uint64_t)11687262051473819904U, (uint64_t)8926848496503457587U,
-    (uint64_t)9603974142010467857U, (uint64_t)13199952163826973175U, (uint64_t)2189856264898797734U,
-    (uint64_t)11356074861870267226U, (uint64_t)2027714896422561895U, (uint64_t)5261606367808050149U,
-    (uint64_t)153855954337762312U, (uint64_t)6375919692894573986U, (uint64_t)12364041207536146533U,
-    (uint64_t)1891896010455057160U, (uint64_t)1568123795087313171U, (uint64_t)18138710056556660101U,
-    (uint64_t)6004886947510047736U, (uint64_t)4811859325589542932U, (uint64_t)3618763430148954981U,
-    (uint64_t)11434521746258554122U, (uint64_t)10086341535864049427U,
-    (uint64_t)8073421629570399570U, (uint64_t)12680586148814729338U, (uint64_t)9619958020761569612U,
-    (uint64_t)15827203580658384478U, (uint64_t)12832694810937550406U,
-    (uint64_t)14977975484447400910U, (uint64_t)5478002389061063653U,
-    (uint64_t)14731136312639060880U, (uint64_t)4317867687275472033U, (uint64_t)6642650962855259884U,
-    (uint64_t)2514254944289495285U, (uint64_t)14231405641534478436U, (uint64_t)4045448346091518946U,
-    (uint64_t)8985477013445972471U, (uint64_t)8869039454457032149U, (uint64_t)4356978486208692970U,
-    (uint64_t)10805288613335538577U, (uint64_t)12832353127812502042U,
-    (uint64_t)4576590051676547490U, (uint64_t)6728053735138655107U, (uint64_t)17814206719173206184U,
-    (uint64_t)79790138573994940U, (uint64_t)17920293215101822267U, (uint64_t)13422026625585728864U,
-    (uint64_t)5018058010492547271U, (uint64_t)110232326023384102U, (uint64_t)10834264070056942976U,
-    (uint64_t)15222249086119088588U, (uint64_t)15119439519142044997U,
-    (uint64_t)11655511970063167313U, (uint64_t)1614477029450566107U, (uint64_t)3619322817271059794U,
-    (uint64_t)9352862040415412867U, (uint64_t)14017522553242747074U,
-    (uint64_t)13138513643674040327U, (uint64_t)3610195242889455765U, (uint64_t)8371069193996567291U,
-    (uint64_t)12670227996544662654U, (uint64_t)1205961025092146303U,
-    (uint64_t)13106709934003962112U, (uint64_t)4350113471327723407U,
-    (uint64_t)15060941403739680459U, (uint64_t)13639127647823205030U,
-    (uint64_t)10790943339357725715U, (uint64_t)498760574280648264U, (uint64_t)17922071907832082887U,
-    (uint64_t)15122670976670152145U, (uint64_t)6275027991110214322U, (uint64_t)7250912847491816402U,
-    (uint64_t)15206617260142982380U, (uint64_t)3385668313694152877U,
-    (uint64_t)17522479771766801905U, (uint64_t)2965919117476170655U, (uint64_t)1553238516603269404U,
-    (uint64_t)5820770015631050991U, (uint64_t)4999445222232605348U, (uint64_t)9245650860833717444U,
-    (uint64_t)1508811811724230728U, (uint64_t)5190684913765614385U, (uint64_t)15692927070934536166U,
-    (uint64_t)12981978499190500902U, (uint64_t)5143491963193394698U, (uint64_t)7705698092144084129U,
-    (uint64_t)581120653055084783U, (uint64_t)13886552864486459714U, (uint64_t)6290301270652587255U,
-    (uint64_t)8663431529954393128U, (uint64_t)17033405846475472443U, (uint64_t)5206780355442651635U,
-    (uint64_t)12580364474736467688U, (uint64_t)17934601912005283310U,
-    (uint64_t)15119491731028933652U, (uint64_t)17848231399859044858U,
-    (uint64_t)4427673319524919329U, (uint64_t)2673607337074368008U, (uint64_t)14034876464294699949U,
-    (uint64_t)10938948975420813697U, (uint64_t)15202340615298669183U,
-    (uint64_t)5496603454069431071U, (uint64_t)2486526142064906845U, (uint64_t)4507882119510526802U,
-    (uint64_t)13888151172411390059U, (uint64_t)15049027856908071726U,
-    (uint64_t)9667231543181973158U, (uint64_t)6406671575277563202U, (uint64_t)3395801050331215139U,
-    (uint64_t)9813607433539108308U, (uint64_t)2681417728820980381U, (uint64_t)18407064643927113994U,
-    (uint64_t)7707177692113485527U, (uint64_t)14218149384635317074U, (uint64_t)3658668346206375919U,
-    (uint64_t)15404713991002362166U, (uint64_t)10152074687696195207U,
-    (uint64_t)10926946599582128139U, (uint64_t)16907298600007085320U,
-    (uint64_t)16544287219664720279U, (uint64_t)11007075933432813205U,
-    (uint64_t)8652245965145713599U, (uint64_t)7857626748965990384U, (uint64_t)5602306604520095870U,
-    (uint64_t)2525139243938658618U, (uint64_t)14405696176872077447U,
-    (uint64_t)18432270482137885332U, (uint64_t)9913880809120071177U,
-    (uint64_t)16896141737831216972U, (uint64_t)7484791498211214829U,
-    (uint64_t)15635259968266497469U, (uint64_t)8495118537612215624U, (uint64_t)4915477980562575356U,
-    (uint64_t)16453519279754924350U, (uint64_t)14462108244565406969U,
-    (uint64_t)14837837755237096687U, (uint64_t)14130171078892575346U,
-    (uint64_t)15423793222528491497U, (uint64_t)5460399262075036084U,
-    (uint64_t)16085440580308415349U, (uint64_t)26873200736954488U, (uint64_t)5603655807457499550U,
-    (uint64_t)3342202915871129617U, (uint64_t)1604413932150236626U, (uint64_t)9684226585089458974U,
-    (uint64_t)1213229904006618539U, (uint64_t)6782978662408837236U, (uint64_t)11197029877749307372U,
-    (uint64_t)14085968786551657744U, (uint64_t)17352273610494009342U,
-    (uint64_t)7876582961192434984U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 1499621593102562565ULL, 16692369783039433128ULL,
+    15337520135922861848ULL, 5455737214495366228ULL, 17827017231032529600ULL,
+    12413621606240782649ULL, 2290483008028286132ULL, 15752017553340844820ULL,
+    4846430910634234874ULL, 10861682798464583253ULL, 15404737222404363049ULL, 363586619281562022ULL,
+    9866710912401645115ULL, 1162548847543228595ULL, 7649967190445130486ULL, 5212340432230915749ULL,
+    7572620550182916491ULL, 14876145112448665096ULL, 2063227348838176167ULL, 3519435548295415847ULL,
+    8390400282019023103ULL, 17666843593163037841ULL, 9450204148816496323ULL, 8483374507652916768ULL,
+    6254661047265818424ULL, 16382127809582285023ULL, 125359443771153172ULL, 1374336701588437897ULL,
+    11362596098420127726ULL, 2101654420738681387ULL, 12772780342444840510ULL,
+    12546934328908550060ULL, 8331880412333790397ULL, 11687262051473819904ULL,
+    8926848496503457587ULL, 9603974142010467857ULL, 13199952163826973175ULL, 2189856264898797734ULL,
+    11356074861870267226ULL, 2027714896422561895ULL, 5261606367808050149ULL, 153855954337762312ULL,
+    6375919692894573986ULL, 12364041207536146533ULL, 1891896010455057160ULL, 1568123795087313171ULL,
+    18138710056556660101ULL, 6004886947510047736ULL, 4811859325589542932ULL, 3618763430148954981ULL,
+    11434521746258554122ULL, 10086341535864049427ULL, 8073421629570399570ULL,
+    12680586148814729338ULL, 9619958020761569612ULL, 15827203580658384478ULL,
+    12832694810937550406ULL, 14977975484447400910ULL, 5478002389061063653ULL,
+    14731136312639060880ULL, 4317867687275472033ULL, 6642650962855259884ULL, 2514254944289495285ULL,
+    14231405641534478436ULL, 4045448346091518946ULL, 8985477013445972471ULL, 8869039454457032149ULL,
+    4356978486208692970ULL, 10805288613335538577ULL, 12832353127812502042ULL,
+    4576590051676547490ULL, 6728053735138655107ULL, 17814206719173206184ULL, 79790138573994940ULL,
+    17920293215101822267ULL, 13422026625585728864ULL, 5018058010492547271ULL, 110232326023384102ULL,
+    10834264070056942976ULL, 15222249086119088588ULL, 15119439519142044997ULL,
+    11655511970063167313ULL, 1614477029450566107ULL, 3619322817271059794ULL, 9352862040415412867ULL,
+    14017522553242747074ULL, 13138513643674040327ULL, 3610195242889455765ULL,
+    8371069193996567291ULL, 12670227996544662654ULL, 1205961025092146303ULL,
+    13106709934003962112ULL, 4350113471327723407ULL, 15060941403739680459ULL,
+    13639127647823205030ULL, 10790943339357725715ULL, 498760574280648264ULL,
+    17922071907832082887ULL, 15122670976670152145ULL, 6275027991110214322ULL,
+    7250912847491816402ULL, 15206617260142982380ULL, 3385668313694152877ULL,
+    17522479771766801905ULL, 2965919117476170655ULL, 1553238516603269404ULL, 5820770015631050991ULL,
+    4999445222232605348ULL, 9245650860833717444ULL, 1508811811724230728ULL, 5190684913765614385ULL,
+    15692927070934536166ULL, 12981978499190500902ULL, 5143491963193394698ULL,
+    7705698092144084129ULL, 581120653055084783ULL, 13886552864486459714ULL, 6290301270652587255ULL,
+    8663431529954393128ULL, 17033405846475472443ULL, 5206780355442651635ULL,
+    12580364474736467688ULL, 17934601912005283310ULL, 15119491731028933652ULL,
+    17848231399859044858ULL, 4427673319524919329ULL, 2673607337074368008ULL,
+    14034876464294699949ULL, 10938948975420813697ULL, 15202340615298669183ULL,
+    5496603454069431071ULL, 2486526142064906845ULL, 4507882119510526802ULL, 13888151172411390059ULL,
+    15049027856908071726ULL, 9667231543181973158ULL, 6406671575277563202ULL, 3395801050331215139ULL,
+    9813607433539108308ULL, 2681417728820980381ULL, 18407064643927113994ULL, 7707177692113485527ULL,
+    14218149384635317074ULL, 3658668346206375919ULL, 15404713991002362166ULL,
+    10152074687696195207ULL, 10926946599582128139ULL, 16907298600007085320ULL,
+    16544287219664720279ULL, 11007075933432813205ULL, 8652245965145713599ULL,
+    7857626748965990384ULL, 5602306604520095870ULL, 2525139243938658618ULL, 14405696176872077447ULL,
+    18432270482137885332ULL, 9913880809120071177ULL, 16896141737831216972ULL,
+    7484791498211214829ULL, 15635259968266497469ULL, 8495118537612215624ULL, 4915477980562575356ULL,
+    16453519279754924350ULL, 14462108244565406969ULL, 14837837755237096687ULL,
+    14130171078892575346ULL, 15423793222528491497ULL, 5460399262075036084ULL,
+    16085440580308415349ULL, 26873200736954488ULL, 5603655807457499550ULL, 3342202915871129617ULL,
+    1604413932150236626ULL, 9684226585089458974ULL, 1213229904006618539ULL, 6782978662408837236ULL,
+    11197029877749307372ULL, 14085968786551657744ULL, 17352273610494009342ULL,
+    7876582961192434984ULL
   };
 
 static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_g_pow2_128_table_w4[192U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)14619254753077084366U,
-    (uint64_t)13913835116514008593U, (uint64_t)15060744674088488145U,
-    (uint64_t)17668414598203068685U, (uint64_t)10761169236902342334U,
-    (uint64_t)15467027479157446221U, (uint64_t)14989185522423469618U,
-    (uint64_t)14354539272510107003U, (uint64_t)14298211796392133693U,
-    (uint64_t)13270323784253711450U, (uint64_t)13380964971965046957U,
-    (uint64_t)8686204248456909699U, (uint64_t)17434630286744937066U, (uint64_t)1355903775279084720U,
-    (uint64_t)7554695053550308662U, (uint64_t)11354971222741863570U, (uint64_t)564601613420749879U,
-    (uint64_t)8466325837259054896U, (uint64_t)10752965181772434263U,
-    (uint64_t)11405876547368426319U, (uint64_t)13791894568738930940U,
-    (uint64_t)8230587134406354675U, (uint64_t)12415514098722758608U,
-    (uint64_t)18414183046995786744U, (uint64_t)15508000368227372870U,
-    (uint64_t)5781062464627999307U, (uint64_t)15339429052219195590U,
-    (uint64_t)16038703753810741903U, (uint64_t)9587718938298980714U, (uint64_t)4822658817952386407U,
-    (uint64_t)1376351024833260660U, (uint64_t)1120174910554766702U, (uint64_t)1730170933262569274U,
-    (uint64_t)5187428548444533500U, (uint64_t)16242053503368957131U, (uint64_t)3036811119519868279U,
-    (uint64_t)1760267587958926638U, (uint64_t)170244572981065185U, (uint64_t)8063080791967388171U,
-    (uint64_t)4824892826607692737U, (uint64_t)16286391083472040552U,
-    (uint64_t)11945158615253358747U, (uint64_t)14096887760410224200U,
-    (uint64_t)1613720831904557039U, (uint64_t)14316966673761197523U,
-    (uint64_t)17411006201485445341U, (uint64_t)8112301506943158801U, (uint64_t)2069889233927989984U,
-    (uint64_t)10082848378277483927U, (uint64_t)3609691194454404430U, (uint64_t)6110437205371933689U,
-    (uint64_t)9769135977342231601U, (uint64_t)11977962151783386478U,
-    (uint64_t)18088718692559983573U, (uint64_t)11741637975753055U, (uint64_t)11110390325701582190U,
-    (uint64_t)1341402251566067019U, (uint64_t)3028229550849726478U, (uint64_t)10438984083997451310U,
-    (uint64_t)12730851885100145709U, (uint64_t)11524169532089894189U,
-    (uint64_t)4523375903229602674U, (uint64_t)2028602258037385622U, (uint64_t)17082839063089388410U,
-    (uint64_t)6103921364634113167U, (uint64_t)17066180888225306102U,
-    (uint64_t)11395680486707876195U, (uint64_t)10952892272443345484U,
-    (uint64_t)8792831960605859401U, (uint64_t)14194485427742325139U,
-    (uint64_t)15146020821144305250U, (uint64_t)1654766014957123343U, (uint64_t)7955526243090948551U,
-    (uint64_t)3989277566080493308U, (uint64_t)12229385116397931231U,
-    (uint64_t)13430548930727025562U, (uint64_t)3434892688179800602U, (uint64_t)8431998794645622027U,
-    (uint64_t)12132530981596299272U, (uint64_t)2289461608863966999U,
-    (uint64_t)18345870950201487179U, (uint64_t)13517947207801901576U,
-    (uint64_t)5213113244172561159U, (uint64_t)17632986594098340879U, (uint64_t)4405251818133148856U,
-    (uint64_t)11783009269435447793U, (uint64_t)9332138983770046035U,
-    (uint64_t)12863411548922539505U, (uint64_t)3717030292816178224U,
-    (uint64_t)10026078446427137374U, (uint64_t)11167295326594317220U,
-    (uint64_t)12425328773141588668U, (uint64_t)5760335125172049352U, (uint64_t)9016843701117277863U,
-    (uint64_t)5657892835694680172U, (uint64_t)11025130589305387464U, (uint64_t)1368484957977406173U,
-    (uint64_t)17361351345281258834U, (uint64_t)1907113641956152700U,
-    (uint64_t)16439233413531427752U, (uint64_t)5893322296986588932U,
-    (uint64_t)14000206906171746627U, (uint64_t)14979266987545792900U,
-    (uint64_t)6926291766898221120U, (uint64_t)7162023296083360752U, (uint64_t)14762747553625382529U,
-    (uint64_t)12610831658612406849U, (uint64_t)10462926899548715515U,
-    (uint64_t)4794017723140405312U, (uint64_t)5234438200490163319U, (uint64_t)8019519110339576320U,
-    (uint64_t)7194604241290530100U, (uint64_t)12626770134810813246U,
-    (uint64_t)10793074474236419890U, (uint64_t)11323224347913978783U,
-    (uint64_t)16831128015895380245U, (uint64_t)18323094195124693378U,
-    (uint64_t)2361097165281567692U, (uint64_t)15755578675014279498U,
-    (uint64_t)14289876470325854580U, (uint64_t)12856787656093616839U,
-    (uint64_t)3578928531243900594U, (uint64_t)3847532758790503699U, (uint64_t)8377953190224748743U,
-    (uint64_t)3314546646092744596U, (uint64_t)800810188859334358U, (uint64_t)4626344124229343596U,
-    (uint64_t)6620381605850876621U, (uint64_t)11422073570955989527U,
-    (uint64_t)12676813626484814469U, (uint64_t)16725029886764122240U,
-    (uint64_t)16648497372773830008U, (uint64_t)9135702594931291048U,
-    (uint64_t)16080949688826680333U, (uint64_t)11528096561346602947U,
-    (uint64_t)2632498067099740984U, (uint64_t)11583842699108800714U, (uint64_t)8378404864573610526U,
-    (uint64_t)1076560261627788534U, (uint64_t)13836015994325032828U,
-    (uint64_t)11234295937817067909U, (uint64_t)5893659808396722708U,
-    (uint64_t)11277421142886984364U, (uint64_t)8968549037166726491U,
-    (uint64_t)14841374331394032822U, (uint64_t)9967344773947889341U, (uint64_t)8799244393578496085U,
-    (uint64_t)5094686877301601410U, (uint64_t)8780316747074726862U, (uint64_t)9119697306829835718U,
-    (uint64_t)15381243327921855368U, (uint64_t)2686250164449435196U,
-    (uint64_t)16466917280442198358U, (uint64_t)13791704489163125216U,
-    (uint64_t)16955859337117924272U, (uint64_t)17112836394923783642U,
-    (uint64_t)4639176427338618063U, (uint64_t)16770029310141094964U,
-    (uint64_t)11049953922966416185U, (uint64_t)12012669590884098968U,
-    (uint64_t)4859326885929417214U, (uint64_t)896380084392586061U, (uint64_t)7153028362977034008U,
-    (uint64_t)10540021163316263301U, (uint64_t)9318277998512936585U,
-    (uint64_t)18344496977694796523U, (uint64_t)11374737400567645494U,
-    (uint64_t)17158800051138212954U, (uint64_t)18343197867863253153U,
-    (uint64_t)18204799297967861226U, (uint64_t)15798973531606348828U,
-    (uint64_t)9870158263408310459U, (uint64_t)17578869832774612627U, (uint64_t)8395748875822696932U,
-    (uint64_t)15310679007370670872U, (uint64_t)11205576736030808860U,
-    (uint64_t)10123429210002838967U, (uint64_t)5910544144088393959U,
-    (uint64_t)14016615653353687369U, (uint64_t)11191676704772957822U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 14619254753077084366ULL, 13913835116514008593ULL,
+    15060744674088488145ULL, 17668414598203068685ULL, 10761169236902342334ULL,
+    15467027479157446221ULL, 14989185522423469618ULL, 14354539272510107003ULL,
+    14298211796392133693ULL, 13270323784253711450ULL, 13380964971965046957ULL,
+    8686204248456909699ULL, 17434630286744937066ULL, 1355903775279084720ULL, 7554695053550308662ULL,
+    11354971222741863570ULL, 564601613420749879ULL, 8466325837259054896ULL, 10752965181772434263ULL,
+    11405876547368426319ULL, 13791894568738930940ULL, 8230587134406354675ULL,
+    12415514098722758608ULL, 18414183046995786744ULL, 15508000368227372870ULL,
+    5781062464627999307ULL, 15339429052219195590ULL, 16038703753810741903ULL,
+    9587718938298980714ULL, 4822658817952386407ULL, 1376351024833260660ULL, 1120174910554766702ULL,
+    1730170933262569274ULL, 5187428548444533500ULL, 16242053503368957131ULL, 3036811119519868279ULL,
+    1760267587958926638ULL, 170244572981065185ULL, 8063080791967388171ULL, 4824892826607692737ULL,
+    16286391083472040552ULL, 11945158615253358747ULL, 14096887760410224200ULL,
+    1613720831904557039ULL, 14316966673761197523ULL, 17411006201485445341ULL,
+    8112301506943158801ULL, 2069889233927989984ULL, 10082848378277483927ULL, 3609691194454404430ULL,
+    6110437205371933689ULL, 9769135977342231601ULL, 11977962151783386478ULL,
+    18088718692559983573ULL, 11741637975753055ULL, 11110390325701582190ULL, 1341402251566067019ULL,
+    3028229550849726478ULL, 10438984083997451310ULL, 12730851885100145709ULL,
+    11524169532089894189ULL, 4523375903229602674ULL, 2028602258037385622ULL,
+    17082839063089388410ULL, 6103921364634113167ULL, 17066180888225306102ULL,
+    11395680486707876195ULL, 10952892272443345484ULL, 8792831960605859401ULL,
+    14194485427742325139ULL, 15146020821144305250ULL, 1654766014957123343ULL,
+    7955526243090948551ULL, 3989277566080493308ULL, 12229385116397931231ULL,
+    13430548930727025562ULL, 3434892688179800602ULL, 8431998794645622027ULL,
+    12132530981596299272ULL, 2289461608863966999ULL, 18345870950201487179ULL,
+    13517947207801901576ULL, 5213113244172561159ULL, 17632986594098340879ULL,
+    4405251818133148856ULL, 11783009269435447793ULL, 9332138983770046035ULL,
+    12863411548922539505ULL, 3717030292816178224ULL, 10026078446427137374ULL,
+    11167295326594317220ULL, 12425328773141588668ULL, 5760335125172049352ULL,
+    9016843701117277863ULL, 5657892835694680172ULL, 11025130589305387464ULL, 1368484957977406173ULL,
+    17361351345281258834ULL, 1907113641956152700ULL, 16439233413531427752ULL,
+    5893322296986588932ULL, 14000206906171746627ULL, 14979266987545792900ULL,
+    6926291766898221120ULL, 7162023296083360752ULL, 14762747553625382529ULL,
+    12610831658612406849ULL, 10462926899548715515ULL, 4794017723140405312ULL,
+    5234438200490163319ULL, 8019519110339576320ULL, 7194604241290530100ULL, 12626770134810813246ULL,
+    10793074474236419890ULL, 11323224347913978783ULL, 16831128015895380245ULL,
+    18323094195124693378ULL, 2361097165281567692ULL, 15755578675014279498ULL,
+    14289876470325854580ULL, 12856787656093616839ULL, 3578928531243900594ULL,
+    3847532758790503699ULL, 8377953190224748743ULL, 3314546646092744596ULL, 800810188859334358ULL,
+    4626344124229343596ULL, 6620381605850876621ULL, 11422073570955989527ULL,
+    12676813626484814469ULL, 16725029886764122240ULL, 16648497372773830008ULL,
+    9135702594931291048ULL, 16080949688826680333ULL, 11528096561346602947ULL,
+    2632498067099740984ULL, 11583842699108800714ULL, 8378404864573610526ULL, 1076560261627788534ULL,
+    13836015994325032828ULL, 11234295937817067909ULL, 5893659808396722708ULL,
+    11277421142886984364ULL, 8968549037166726491ULL, 14841374331394032822ULL,
+    9967344773947889341ULL, 8799244393578496085ULL, 5094686877301601410ULL, 8780316747074726862ULL,
+    9119697306829835718ULL, 15381243327921855368ULL, 2686250164449435196ULL,
+    16466917280442198358ULL, 13791704489163125216ULL, 16955859337117924272ULL,
+    17112836394923783642ULL, 4639176427338618063ULL, 16770029310141094964ULL,
+    11049953922966416185ULL, 12012669590884098968ULL, 4859326885929417214ULL, 896380084392586061ULL,
+    7153028362977034008ULL, 10540021163316263301ULL, 9318277998512936585ULL,
+    18344496977694796523ULL, 11374737400567645494ULL, 17158800051138212954ULL,
+    18343197867863253153ULL, 18204799297967861226ULL, 15798973531606348828ULL,
+    9870158263408310459ULL, 17578869832774612627ULL, 8395748875822696932ULL,
+    15310679007370670872ULL, 11205576736030808860ULL, 10123429210002838967ULL,
+    5910544144088393959ULL, 14016615653353687369ULL, 11191676704772957822ULL
   };
 
 static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_g_pow2_192_table_w4[192U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)7870395003430845958U,
-    (uint64_t)18001862936410067720U, (uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U,
-    (uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U, (uint64_t)7139806720777708306U,
-    (uint64_t)8253938546650739833U, (uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U,
-    (uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U, (uint64_t)8392845221328116213U,
-    (uint64_t)14630296398338540788U, (uint64_t)4268947906723414372U, (uint64_t)9231207002243517909U,
-    (uint64_t)14261219637616504262U, (uint64_t)7786881626982345356U,
-    (uint64_t)11412720751765882139U, (uint64_t)14119585051365330009U,
-    (uint64_t)15281626286521302128U, (uint64_t)6350171933454266732U,
-    (uint64_t)16559468304937127866U, (uint64_t)13200760478271693417U,
-    (uint64_t)6733381546280350776U, (uint64_t)3801404890075189193U, (uint64_t)2741036364686993903U,
-    (uint64_t)3218612940540174008U, (uint64_t)10894914335165419505U,
-    (uint64_t)11862941430149998362U, (uint64_t)4223151729402839584U, (uint64_t)2913215088487087887U,
-    (uint64_t)14562168920104952953U, (uint64_t)2170089393468287453U,
-    (uint64_t)10520900655016579352U, (uint64_t)7040362608949989273U, (uint64_t)8376510559381705307U,
-    (uint64_t)9142237200448131532U, (uint64_t)5696859948123854080U, (uint64_t)925422306716081180U,
-    (uint64_t)11155545953469186421U, (uint64_t)1888208646862572812U,
-    (uint64_t)11151095998248845721U, (uint64_t)15793503271680275267U,
-    (uint64_t)7729877044494854851U, (uint64_t)6235134673193032913U, (uint64_t)7364280682182401564U,
-    (uint64_t)5479679373325519985U, (uint64_t)17966037684582301763U,
-    (uint64_t)14140891609330279185U, (uint64_t)5814744449740463867U, (uint64_t)5652588426712591652U,
-    (uint64_t)774745682988690912U, (uint64_t)13228255573220500373U, (uint64_t)11949122068786859397U,
-    (uint64_t)8021166392900770376U, (uint64_t)7994323710948720063U, (uint64_t)9924618472877849977U,
-    (uint64_t)17618517523141194266U, (uint64_t)2750424097794401714U,
-    (uint64_t)15481749570715253207U, (uint64_t)14646964509921760497U,
-    (uint64_t)1037442848094301355U, (uint64_t)6295995947389299132U, (uint64_t)16915049722317579514U,
-    (uint64_t)10493877400992990313U, (uint64_t)18391008753060553521U, (uint64_t)483942209623707598U,
-    (uint64_t)2017775662838016613U, (uint64_t)5933251998459363553U, (uint64_t)11789135019970707407U,
-    (uint64_t)5484123723153268336U, (uint64_t)13246954648848484954U, (uint64_t)4774374393926023505U,
-    (uint64_t)14863995618704457336U, (uint64_t)13220153167104973625U,
-    (uint64_t)5988445485312390826U, (uint64_t)17580359464028944682U, (uint64_t)7297100131969874771U,
-    (uint64_t)379931507867989375U, (uint64_t)10927113096513421444U, (uint64_t)17688881974428340857U,
-    (uint64_t)4259872578781463333U, (uint64_t)8573076295966784472U, (uint64_t)16389829450727275032U,
-    (uint64_t)1667243868963568259U, (uint64_t)17730726848925960919U,
-    (uint64_t)11408899874569778008U, (uint64_t)3576527582023272268U,
-    (uint64_t)16492920640224231656U, (uint64_t)7906130545972460130U,
-    (uint64_t)13878604278207681266U, (uint64_t)41446695125652041U, (uint64_t)8891615271337333503U,
-    (uint64_t)2594537723613594470U, (uint64_t)7699579176995770924U, (uint64_t)147458463055730655U,
-    (uint64_t)12120406862739088406U, (uint64_t)12044892493010567063U,
-    (uint64_t)8554076749615475136U, (uint64_t)1005097692260929999U, (uint64_t)2687202654471188715U,
-    (uint64_t)9457588752176879209U, (uint64_t)17472884880062444019U, (uint64_t)9792097892056020166U,
-    (uint64_t)2525246678512797150U, (uint64_t)15958903035313115662U,
-    (uint64_t)11336038170342247032U, (uint64_t)11560342382835141123U,
-    (uint64_t)6212009033479929024U, (uint64_t)8214308203775021229U, (uint64_t)8475469210070503698U,
-    (uint64_t)13287024123485719563U, (uint64_t)12956951963817520723U,
-    (uint64_t)10693035819908470465U, (uint64_t)11375478788224786725U,
-    (uint64_t)16934625208487120398U, (uint64_t)10094585729115874495U,
-    (uint64_t)2763884524395905776U, (uint64_t)13535890148969964883U,
-    (uint64_t)13514657411765064358U, (uint64_t)9903074440788027562U,
-    (uint64_t)17324720726421199990U, (uint64_t)2273931039117368789U, (uint64_t)3442641041506157854U,
-    (uint64_t)1119853641236409612U, (uint64_t)12037070344296077989U, (uint64_t)581736433335671746U,
-    (uint64_t)6019150647054369174U, (uint64_t)14864096138068789375U, (uint64_t)6652995210998318662U,
-    (uint64_t)12773883697029175304U, (uint64_t)12751275631451845119U,
-    (uint64_t)11449095003038250478U, (uint64_t)1025805267334366480U, (uint64_t)2764432500300815015U,
-    (uint64_t)18274564429002844381U, (uint64_t)10445634195592600351U,
-    (uint64_t)11814099592837202735U, (uint64_t)5006796893679120289U, (uint64_t)6908397253997261914U,
-    (uint64_t)13266696965302879279U, (uint64_t)7768715053015037430U, (uint64_t)3569923738654785686U,
-    (uint64_t)5844853453464857549U, (uint64_t)1837340805629559110U, (uint64_t)1034657624388283114U,
-    (uint64_t)711244516069456460U, (uint64_t)12519286026957934814U, (uint64_t)2613464944620837619U,
-    (uint64_t)10003023321338286213U, (uint64_t)7291332092642881376U, (uint64_t)9832199564117004897U,
-    (uint64_t)3280736694860799890U, (uint64_t)6416452202849179874U, (uint64_t)7326961381798642069U,
-    (uint64_t)8435688798040635029U, (uint64_t)16630141263910982958U,
-    (uint64_t)17222635514422533318U, (uint64_t)9482787389178881499U, (uint64_t)836561194658263905U,
-    (uint64_t)3405319043337616649U, (uint64_t)2786146577568026518U, (uint64_t)7625483685691626321U,
-    (uint64_t)6728084875304656716U, (uint64_t)1140997959232544268U, (uint64_t)12847384827606303792U,
-    (uint64_t)1719121337754572070U, (uint64_t)12863589482936438532U, (uint64_t)3880712899640530862U,
-    (uint64_t)2748456882813671564U, (uint64_t)4775988900044623019U, (uint64_t)8937847374382191162U,
-    (uint64_t)3767367347172252295U, (uint64_t)13468672401049388646U,
-    (uint64_t)14359032216842397576U, (uint64_t)2002555958685443975U,
-    (uint64_t)16488678606651526810U, (uint64_t)11826135409597474760U,
-    (uint64_t)15296495673182508601U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 7870395003430845958ULL, 18001862936410067720ULL, 8006461232116967215ULL,
+    5921313779532424762ULL, 10702113371959864307ULL, 8070517410642379879ULL, 7139806720777708306ULL,
+    8253938546650739833ULL, 17490482834545705718ULL, 1065249776797037500ULL, 5018258455937968775ULL,
+    14100621120178668337ULL, 8392845221328116213ULL, 14630296398338540788ULL,
+    4268947906723414372ULL, 9231207002243517909ULL, 14261219637616504262ULL, 7786881626982345356ULL,
+    11412720751765882139ULL, 14119585051365330009ULL, 15281626286521302128ULL,
+    6350171933454266732ULL, 16559468304937127866ULL, 13200760478271693417ULL,
+    6733381546280350776ULL, 3801404890075189193ULL, 2741036364686993903ULL, 3218612940540174008ULL,
+    10894914335165419505ULL, 11862941430149998362ULL, 4223151729402839584ULL,
+    2913215088487087887ULL, 14562168920104952953ULL, 2170089393468287453ULL,
+    10520900655016579352ULL, 7040362608949989273ULL, 8376510559381705307ULL, 9142237200448131532ULL,
+    5696859948123854080ULL, 925422306716081180ULL, 11155545953469186421ULL, 1888208646862572812ULL,
+    11151095998248845721ULL, 15793503271680275267ULL, 7729877044494854851ULL,
+    6235134673193032913ULL, 7364280682182401564ULL, 5479679373325519985ULL, 17966037684582301763ULL,
+    14140891609330279185ULL, 5814744449740463867ULL, 5652588426712591652ULL, 774745682988690912ULL,
+    13228255573220500373ULL, 11949122068786859397ULL, 8021166392900770376ULL,
+    7994323710948720063ULL, 9924618472877849977ULL, 17618517523141194266ULL, 2750424097794401714ULL,
+    15481749570715253207ULL, 14646964509921760497ULL, 1037442848094301355ULL,
+    6295995947389299132ULL, 16915049722317579514ULL, 10493877400992990313ULL,
+    18391008753060553521ULL, 483942209623707598ULL, 2017775662838016613ULL, 5933251998459363553ULL,
+    11789135019970707407ULL, 5484123723153268336ULL, 13246954648848484954ULL,
+    4774374393926023505ULL, 14863995618704457336ULL, 13220153167104973625ULL,
+    5988445485312390826ULL, 17580359464028944682ULL, 7297100131969874771ULL, 379931507867989375ULL,
+    10927113096513421444ULL, 17688881974428340857ULL, 4259872578781463333ULL,
+    8573076295966784472ULL, 16389829450727275032ULL, 1667243868963568259ULL,
+    17730726848925960919ULL, 11408899874569778008ULL, 3576527582023272268ULL,
+    16492920640224231656ULL, 7906130545972460130ULL, 13878604278207681266ULL, 41446695125652041ULL,
+    8891615271337333503ULL, 2594537723613594470ULL, 7699579176995770924ULL, 147458463055730655ULL,
+    12120406862739088406ULL, 12044892493010567063ULL, 8554076749615475136ULL,
+    1005097692260929999ULL, 2687202654471188715ULL, 9457588752176879209ULL, 17472884880062444019ULL,
+    9792097892056020166ULL, 2525246678512797150ULL, 15958903035313115662ULL,
+    11336038170342247032ULL, 11560342382835141123ULL, 6212009033479929024ULL,
+    8214308203775021229ULL, 8475469210070503698ULL, 13287024123485719563ULL,
+    12956951963817520723ULL, 10693035819908470465ULL, 11375478788224786725ULL,
+    16934625208487120398ULL, 10094585729115874495ULL, 2763884524395905776ULL,
+    13535890148969964883ULL, 13514657411765064358ULL, 9903074440788027562ULL,
+    17324720726421199990ULL, 2273931039117368789ULL, 3442641041506157854ULL, 1119853641236409612ULL,
+    12037070344296077989ULL, 581736433335671746ULL, 6019150647054369174ULL, 14864096138068789375ULL,
+    6652995210998318662ULL, 12773883697029175304ULL, 12751275631451845119ULL,
+    11449095003038250478ULL, 1025805267334366480ULL, 2764432500300815015ULL,
+    18274564429002844381ULL, 10445634195592600351ULL, 11814099592837202735ULL,
+    5006796893679120289ULL, 6908397253997261914ULL, 13266696965302879279ULL, 7768715053015037430ULL,
+    3569923738654785686ULL, 5844853453464857549ULL, 1837340805629559110ULL, 1034657624388283114ULL,
+    711244516069456460ULL, 12519286026957934814ULL, 2613464944620837619ULL, 10003023321338286213ULL,
+    7291332092642881376ULL, 9832199564117004897ULL, 3280736694860799890ULL, 6416452202849179874ULL,
+    7326961381798642069ULL, 8435688798040635029ULL, 16630141263910982958ULL,
+    17222635514422533318ULL, 9482787389178881499ULL, 836561194658263905ULL, 3405319043337616649ULL,
+    2786146577568026518ULL, 7625483685691626321ULL, 6728084875304656716ULL, 1140997959232544268ULL,
+    12847384827606303792ULL, 1719121337754572070ULL, 12863589482936438532ULL,
+    3880712899640530862ULL, 2748456882813671564ULL, 4775988900044623019ULL, 8937847374382191162ULL,
+    3767367347172252295ULL, 13468672401049388646ULL, 14359032216842397576ULL,
+    2002555958685443975ULL, 16488678606651526810ULL, 11826135409597474760ULL,
+    15296495673182508601ULL
   };
 
 static const
 uint64_t
 Hacl_P256_PrecompTable_precomp_basepoint_table_w5[384U] =
   {
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U,
-    (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U,
-    (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U,
-    (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U,
-    (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U,
-    (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U,
-    (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U,
-    (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U,
-    (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U,
-    (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U,
-    (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U,
-    (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U,
-    (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U,
-    (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U,
-    (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U,
-    (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U,
-    (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U,
-    (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U,
-    (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U,
-    (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U,
-    (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U,
-    (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U,
-    (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U,
-    (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U,
-    (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U,
-    (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U,
-    (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U,
-    (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U,
-    (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U,
-    (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U,
-    (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U,
-    (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U,
-    (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U,
-    (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U,
-    (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U,
-    (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U,
-    (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U,
-    (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U,
-    (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U,
-    (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U,
-    (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U,
-    (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U,
-    (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U,
-    (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U,
-    (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U,
-    (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U,
-    (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U,
-    (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U,
-    (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U,
-    (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U,
-    (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U,
-    (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U,
-    (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U,
-    (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U,
-    (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U,
-    (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U,
-    (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U,
-    (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U,
-    (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U,
-    (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U,
-    (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U,
-    (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U,
-    (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U,
-    (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U,
-    (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U,
-    (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U,
-    (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U,
-    (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U,
-    (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U,
-    (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U,
-    (uint64_t)13240193491554624643U, (uint64_t)12365034249541329920U,
-    (uint64_t)2924326828590977357U, (uint64_t)5687195797140589099U, (uint64_t)16880427227292834531U,
-    (uint64_t)9691471435758991112U, (uint64_t)16642385273732487288U,
-    (uint64_t)12173806747523009914U, (uint64_t)13142722756877876849U,
-    (uint64_t)8370377548305121979U, (uint64_t)17988526053752025426U, (uint64_t)4818750752684100334U,
-    (uint64_t)5669241919350361655U, (uint64_t)4964810303238518540U, (uint64_t)16709712747671533191U,
-    (uint64_t)4461414404267448242U, (uint64_t)3971798785139504238U, (uint64_t)6276818948740422136U,
-    (uint64_t)1426735892164275762U, (uint64_t)7943622674892418919U, (uint64_t)9864274225563929680U,
-    (uint64_t)57815533745003233U, (uint64_t)10893588105168960233U, (uint64_t)15739162732907069535U,
-    (uint64_t)3923866849462073470U, (uint64_t)12279826158399226875U, (uint64_t)1533015761334846582U,
-    (uint64_t)15860156818568437510U, (uint64_t)8252625373831297988U, (uint64_t)9666953804812706358U,
-    (uint64_t)8767785238646914634U, (uint64_t)14382179044941403551U,
-    (uint64_t)10401039907264254245U, (uint64_t)8584860003763157350U, (uint64_t)3120462679504470266U,
-    (uint64_t)8670255778748340069U, (uint64_t)5313789577940369984U, (uint64_t)16977072364454789224U,
-    (uint64_t)12199578693972188324U, (uint64_t)18211098771672599237U,
-    (uint64_t)12868831556008795030U, (uint64_t)5310155061431048194U,
-    (uint64_t)18114153238435112606U, (uint64_t)14482365809278304512U,
-    (uint64_t)12520721662723001511U, (uint64_t)405943624021143002U, (uint64_t)8146944101507657423U,
-    (uint64_t)181739317780393495U, (uint64_t)81743892273670099U, (uint64_t)14759561962550473930U,
-    (uint64_t)4592623849546992939U, (uint64_t)6916440441743449719U, (uint64_t)1304610503530809833U,
-    (uint64_t)5464930909232486441U, (uint64_t)15414883617496224671U, (uint64_t)8129283345256790U,
-    (uint64_t)18294252198413739489U, (uint64_t)17394115281884857288U,
-    (uint64_t)7808348415224731235U, (uint64_t)13195566655747230608U, (uint64_t)8568194219353949094U,
-    (uint64_t)15329813048672122440U, (uint64_t)9604275495885785744U, (uint64_t)1577712551205219835U,
-    (uint64_t)15964209008022052790U, (uint64_t)15087297920782098160U,
-    (uint64_t)3946031512438511898U, (uint64_t)10050061168984440631U,
-    (uint64_t)11382452014533138316U, (uint64_t)6313670788911952792U,
-    (uint64_t)12015989229696164014U, (uint64_t)5946702628076168852U, (uint64_t)5219995658774362841U,
-    (uint64_t)12230141881068377972U, (uint64_t)12361195202673441956U,
-    (uint64_t)4732862275653856711U, (uint64_t)17221430380805252370U,
-    (uint64_t)15397525953897375810U, (uint64_t)16557437297239563045U,
-    (uint64_t)10101683801868971351U, (uint64_t)1402611372245592868U, (uint64_t)1931806383735563658U,
-    (uint64_t)10991705207471512479U, (uint64_t)861333583207471392U, (uint64_t)15207766844626322355U,
-    (uint64_t)9224628129811432393U, (uint64_t)3497069567089055613U, (uint64_t)11956632757898590316U,
-    (uint64_t)8733729372586312960U, (uint64_t)18091521051714930927U, (uint64_t)77582787724373283U,
-    (uint64_t)9922437373519669237U, (uint64_t)3079321456325704615U, (uint64_t)12171198408512478457U,
-    (uint64_t)17179130884012147596U, (uint64_t)6839115479620367181U, (uint64_t)4421032569964105406U,
-    (uint64_t)10353331468657256053U, (uint64_t)17400988720335968824U,
-    (uint64_t)17138855889417480540U, (uint64_t)4507980080381370611U,
-    (uint64_t)10703175719793781886U, (uint64_t)12598516658725890426U,
-    (uint64_t)8353463412173898932U, (uint64_t)17703029389228422404U, (uint64_t)9313111267107226233U,
-    (uint64_t)5441322942995154196U, (uint64_t)8952817660034465484U, (uint64_t)17571113341183703118U,
-    (uint64_t)7375087953801067019U, (uint64_t)13381466302076453648U, (uint64_t)3218165271423914596U,
-    (uint64_t)16956372157249382685U, (uint64_t)509080090049418841U, (uint64_t)13374233893294084913U,
-    (uint64_t)2988537624204297086U, (uint64_t)4979195832939384620U, (uint64_t)3803931594068976394U,
-    (uint64_t)10731535883829627646U, (uint64_t)12954845047607194278U,
-    (uint64_t)10494298062560667399U, (uint64_t)4967351022190213065U,
-    (uint64_t)13391917938145756456U, (uint64_t)951370484866918160U, (uint64_t)13531334179067685307U,
-    (uint64_t)12868421357919390599U, (uint64_t)15918857042998130258U,
-    (uint64_t)17769743831936974016U, (uint64_t)7137921979260368809U,
-    (uint64_t)12461369180685892062U, (uint64_t)827476514081935199U, (uint64_t)15107282134224767230U,
-    (uint64_t)10084765752802805748U, (uint64_t)3303739059392464407U,
-    (uint64_t)17859532612136591428U, (uint64_t)10949414770405040164U,
-    (uint64_t)12838613589371008785U, (uint64_t)5554397169231540728U,
-    (uint64_t)18375114572169624408U, (uint64_t)15649286703242390139U,
-    (uint64_t)2957281557463706877U, (uint64_t)14000350446219393213U,
-    (uint64_t)14355199721749620351U, (uint64_t)2730856240099299695U,
-    (uint64_t)17528131000714705752U, (uint64_t)2537498525883536360U, (uint64_t)6121058967084509393U,
-    (uint64_t)16897667060435514221U, (uint64_t)12367869599571112440U,
-    (uint64_t)3388831797050807508U, (uint64_t)16791449724090982798U, (uint64_t)2673426123453294928U,
-    (uint64_t)11369313542384405846U, (uint64_t)15641960333586432634U,
-    (uint64_t)15080962589658958379U, (uint64_t)7747943772340226569U, (uint64_t)8075023376199159152U,
-    (uint64_t)8485093027378306528U, (uint64_t)13503706844122243648U, (uint64_t)8401961362938086226U,
-    (uint64_t)8125426002124226402U, (uint64_t)9005399361407785203U, (uint64_t)6847968030066906634U,
-    (uint64_t)11934937736309295197U, (uint64_t)5116750888594772351U, (uint64_t)2817039227179245227U,
-    (uint64_t)17724206901239332980U, (uint64_t)4985702708254058578U, (uint64_t)5786345435756642871U,
-    (uint64_t)17772527414940936938U, (uint64_t)1201320251272957006U,
-    (uint64_t)15787430120324348129U, (uint64_t)6305488781359965661U,
-    (uint64_t)12423900845502858433U, (uint64_t)17485949424202277720U,
-    (uint64_t)2062237315546855852U, (uint64_t)10353639467860902375U, (uint64_t)2315398490451287299U,
-    (uint64_t)15394572894814882621U, (uint64_t)232866113801165640U, (uint64_t)7413443736109338926U,
-    (uint64_t)902719806551551191U, (uint64_t)16568853118619045174U, (uint64_t)14202214862428279177U,
-    (uint64_t)11719595395278861192U, (uint64_t)5890053236389907647U, (uint64_t)9996196494965833627U,
-    (uint64_t)12967056942364782577U, (uint64_t)9034128755157395787U,
-    (uint64_t)17898204904710512655U, (uint64_t)8229373445062993977U,
-    (uint64_t)13580036169519833644U
+    0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL,
+    0ULL, 0ULL, 0ULL, 0ULL, 8784043285714375740ULL, 8483257759279461889ULL, 8789745728267363600ULL,
+    1770019616739251654ULL, 15992936863339206154ULL, 10037038012062884956ULL,
+    15197544864945402661ULL, 9615747158586711429ULL, 1ULL, 18446744069414584320ULL,
+    18446744073709551615ULL, 4294967294ULL, 10634854829044225757ULL, 351552716085025155ULL,
+    10645315080955407736ULL, 3609262091244858135ULL, 15760741698986874125ULL,
+    14936374388219697827ULL, 15751360096993017895ULL, 18012233706239762398ULL,
+    1993877568177495041ULL, 10345888787846536528ULL, 7746511691117935375ULL,
+    14517043990409914413ULL, 14122549297570634151ULL, 16934610359517083771ULL,
+    5724511325497097418ULL, 8983432969107448705ULL, 2687429970334080245ULL, 16525396802810050288ULL,
+    7602596488871585854ULL, 4813919589149203084ULL, 7680395813780804519ULL, 6687709583048023590ULL,
+    18086445169104142027ULL, 9637814708330203929ULL, 14785108459960679090ULL,
+    3838023279095023581ULL, 3555615526157830307ULL, 5177066488380472871ULL, 18218186719108038403ULL,
+    16281556341699656105ULL, 1524227924561461191ULL, 4148060517641909597ULL, 2858290374115363433ULL,
+    8942772026334130620ULL, 3034451298319885113ULL, 8447866036736640940ULL, 11204933433076256578ULL,
+    18333595740249588297ULL, 8259597024804538246ULL, 9539734295777539786ULL, 9797290423046626413ULL,
+    5777303437849646537ULL, 8739356909899132020ULL, 14815960973766782158ULL,
+    15286581798204509801ULL, 17597362577777019682ULL, 13259283710820519742ULL,
+    10501322996899164670ULL, 1221138904338319642ULL, 14586685489551951885ULL, 895326705426031212ULL,
+    14398171728560617847ULL, 9592550823745097391ULL, 17240998489162206026ULL,
+    8085479283308189196ULL, 14844657737893882826ULL, 15923425394150618234ULL,
+    2997808084773249525ULL, 494323555453660587ULL, 1215695327517794764ULL, 9476207381098391690ULL,
+    7480789678419122995ULL, 15212230329321082489ULL, 436189395349576388ULL, 17377474396456660834ULL,
+    15237013929655017939ULL, 11444428846883781676ULL, 5112749694521428575ULL, 950829367509872073ULL,
+    17665036182057559519ULL, 17205133339690002313ULL, 16233765170251334549ULL,
+    10122775683257972591ULL, 3352514236455632420ULL, 9143148522359954691ULL, 601191684005658860ULL,
+    13398772186646349998ULL, 15512696600132928431ULL, 9128416073728948653ULL,
+    11233051033546138578ULL, 6769345682610122833ULL, 10823233224575054288ULL,
+    9997725227559980175ULL, 6733425642852897415ULL, 16302206918151466066ULL, 1669330822143265921ULL,
+    2661645605036546002ULL, 17182558479745802165ULL, 1165082692376932040ULL, 9470595929011488359ULL,
+    6142147329285324932ULL, 4829075085998111287ULL, 10231370681107338930ULL, 9591876895322495239ULL,
+    10316468561384076618ULL, 11592503647238064235ULL, 13395813606055179632ULL,
+    511127033980815508ULL, 12434976573147649880ULL, 3425094795384359127ULL, 6816971736303023445ULL,
+    15444670609021139344ULL, 9464349818322082360ULL, 16178216413042376883ULL,
+    9595540370774317348ULL, 7229365182662875710ULL, 4601177649460012843ULL, 5455046447382487090ULL,
+    10854066421606187521ULL, 15913416821879788071ULL, 2297365362023460173ULL,
+    2603252216454941350ULL, 6768791943870490934ULL, 15705936687122754810ULL, 9537096567546600694ULL,
+    17580538144855035062ULL, 4496542856965746638ULL, 8444341625922124942ULL,
+    12191263903636183168ULL, 17427332907535974165ULL, 14307569739254103736ULL,
+    13900598742063266169ULL, 7176996424355977650ULL, 5709008170379717479ULL,
+    14471312052264549092ULL, 1464519909491759867ULL, 3328154641049602121ULL,
+    13020349337171136774ULL, 2772166279972051938ULL, 10854476939425975292ULL,
+    1967189930534630940ULL, 2802919076529341959ULL, 14792226094833519208ULL,
+    14675640928566522177ULL, 14838974364643800837ULL, 17631460696099549980ULL,
+    17434186275364935469ULL, 2665648200587705473ULL, 13202122464492564051ULL,
+    7576287350918073341ULL, 2272206013910186424ULL, 14558761641743937843ULL, 5675729149929979729ULL,
+    9043135187561613166ULL, 11750149293830589225ULL, 740555197954307911ULL, 9871738005087190699ULL,
+    17178667634283502053ULL, 18046255991533013265ULL, 4458222096988430430ULL,
+    8452427758526311627ULL, 13825286929656615266ULL, 13956286357198391218ULL,
+    15875692916799995079ULL, 10634895319157013920ULL, 13230116118036304207ULL,
+    8795317393614625606ULL, 7001710806858862020ULL, 7949746088586183478ULL, 14677556044923602317ULL,
+    11184023437485843904ULL, 11215864722023085094ULL, 6444464081471519014ULL,
+    1706241174022415217ULL, 8243975633057550613ULL, 15502902453836085864ULL, 3799182188594003953ULL,
+    3538840175098724094ULL, 13240193491554624643ULL, 12365034249541329920ULL,
+    2924326828590977357ULL, 5687195797140589099ULL, 16880427227292834531ULL, 9691471435758991112ULL,
+    16642385273732487288ULL, 12173806747523009914ULL, 13142722756877876849ULL,
+    8370377548305121979ULL, 17988526053752025426ULL, 4818750752684100334ULL, 5669241919350361655ULL,
+    4964810303238518540ULL, 16709712747671533191ULL, 4461414404267448242ULL, 3971798785139504238ULL,
+    6276818948740422136ULL, 1426735892164275762ULL, 7943622674892418919ULL, 9864274225563929680ULL,
+    57815533745003233ULL, 10893588105168960233ULL, 15739162732907069535ULL, 3923866849462073470ULL,
+    12279826158399226875ULL, 1533015761334846582ULL, 15860156818568437510ULL,
+    8252625373831297988ULL, 9666953804812706358ULL, 8767785238646914634ULL, 14382179044941403551ULL,
+    10401039907264254245ULL, 8584860003763157350ULL, 3120462679504470266ULL, 8670255778748340069ULL,
+    5313789577940369984ULL, 16977072364454789224ULL, 12199578693972188324ULL,
+    18211098771672599237ULL, 12868831556008795030ULL, 5310155061431048194ULL,
+    18114153238435112606ULL, 14482365809278304512ULL, 12520721662723001511ULL,
+    405943624021143002ULL, 8146944101507657423ULL, 181739317780393495ULL, 81743892273670099ULL,
+    14759561962550473930ULL, 4592623849546992939ULL, 6916440441743449719ULL, 1304610503530809833ULL,
+    5464930909232486441ULL, 15414883617496224671ULL, 8129283345256790ULL, 18294252198413739489ULL,
+    17394115281884857288ULL, 7808348415224731235ULL, 13195566655747230608ULL,
+    8568194219353949094ULL, 15329813048672122440ULL, 9604275495885785744ULL, 1577712551205219835ULL,
+    15964209008022052790ULL, 15087297920782098160ULL, 3946031512438511898ULL,
+    10050061168984440631ULL, 11382452014533138316ULL, 6313670788911952792ULL,
+    12015989229696164014ULL, 5946702628076168852ULL, 5219995658774362841ULL,
+    12230141881068377972ULL, 12361195202673441956ULL, 4732862275653856711ULL,
+    17221430380805252370ULL, 15397525953897375810ULL, 16557437297239563045ULL,
+    10101683801868971351ULL, 1402611372245592868ULL, 1931806383735563658ULL,
+    10991705207471512479ULL, 861333583207471392ULL, 15207766844626322355ULL, 9224628129811432393ULL,
+    3497069567089055613ULL, 11956632757898590316ULL, 8733729372586312960ULL,
+    18091521051714930927ULL, 77582787724373283ULL, 9922437373519669237ULL, 3079321456325704615ULL,
+    12171198408512478457ULL, 17179130884012147596ULL, 6839115479620367181ULL,
+    4421032569964105406ULL, 10353331468657256053ULL, 17400988720335968824ULL,
+    17138855889417480540ULL, 4507980080381370611ULL, 10703175719793781886ULL,
+    12598516658725890426ULL, 8353463412173898932ULL, 17703029389228422404ULL,
+    9313111267107226233ULL, 5441322942995154196ULL, 8952817660034465484ULL, 17571113341183703118ULL,
+    7375087953801067019ULL, 13381466302076453648ULL, 3218165271423914596ULL,
+    16956372157249382685ULL, 509080090049418841ULL, 13374233893294084913ULL, 2988537624204297086ULL,
+    4979195832939384620ULL, 3803931594068976394ULL, 10731535883829627646ULL,
+    12954845047607194278ULL, 10494298062560667399ULL, 4967351022190213065ULL,
+    13391917938145756456ULL, 951370484866918160ULL, 13531334179067685307ULL,
+    12868421357919390599ULL, 15918857042998130258ULL, 17769743831936974016ULL,
+    7137921979260368809ULL, 12461369180685892062ULL, 827476514081935199ULL, 15107282134224767230ULL,
+    10084765752802805748ULL, 3303739059392464407ULL, 17859532612136591428ULL,
+    10949414770405040164ULL, 12838613589371008785ULL, 5554397169231540728ULL,
+    18375114572169624408ULL, 15649286703242390139ULL, 2957281557463706877ULL,
+    14000350446219393213ULL, 14355199721749620351ULL, 2730856240099299695ULL,
+    17528131000714705752ULL, 2537498525883536360ULL, 6121058967084509393ULL,
+    16897667060435514221ULL, 12367869599571112440ULL, 3388831797050807508ULL,
+    16791449724090982798ULL, 2673426123453294928ULL, 11369313542384405846ULL,
+    15641960333586432634ULL, 15080962589658958379ULL, 7747943772340226569ULL,
+    8075023376199159152ULL, 8485093027378306528ULL, 13503706844122243648ULL, 8401961362938086226ULL,
+    8125426002124226402ULL, 9005399361407785203ULL, 6847968030066906634ULL, 11934937736309295197ULL,
+    5116750888594772351ULL, 2817039227179245227ULL, 17724206901239332980ULL, 4985702708254058578ULL,
+    5786345435756642871ULL, 17772527414940936938ULL, 1201320251272957006ULL,
+    15787430120324348129ULL, 6305488781359965661ULL, 12423900845502858433ULL,
+    17485949424202277720ULL, 2062237315546855852ULL, 10353639467860902375ULL,
+    2315398490451287299ULL, 15394572894814882621ULL, 232866113801165640ULL, 7413443736109338926ULL,
+    902719806551551191ULL, 16568853118619045174ULL, 14202214862428279177ULL,
+    11719595395278861192ULL, 5890053236389907647ULL, 9996196494965833627ULL,
+    12967056942364782577ULL, 9034128755157395787ULL, 17898204904710512655ULL,
+    8229373445062993977ULL, 13580036169519833644ULL
   };
 
 #if defined(__cplusplus)
diff --git a/include/msvc/internal/Hacl_SHA2_Types.h b/include/msvc/internal/Hacl_SHA2_Types.h
index 1e51a0f1..5a1eb668 100644
--- a/include/msvc/internal/Hacl_SHA2_Types.h
+++ b/include/msvc/internal/Hacl_SHA2_Types.h
@@ -35,68 +35,68 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_2p_s
+typedef struct Hacl_Hash_SHA2_uint8_2p_s
 {
   uint8_t *fst;
   uint8_t *snd;
 }
-Hacl_Impl_SHA2_Types_uint8_2p;
+Hacl_Hash_SHA2_uint8_2p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_3p_s
+typedef struct Hacl_Hash_SHA2_uint8_3p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_2p snd;
+  Hacl_Hash_SHA2_uint8_2p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_3p;
+Hacl_Hash_SHA2_uint8_3p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_4p_s
+typedef struct Hacl_Hash_SHA2_uint8_4p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_3p snd;
+  Hacl_Hash_SHA2_uint8_3p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_4p;
+Hacl_Hash_SHA2_uint8_4p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_5p_s
+typedef struct Hacl_Hash_SHA2_uint8_5p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_4p snd;
+  Hacl_Hash_SHA2_uint8_4p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_5p;
+Hacl_Hash_SHA2_uint8_5p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_6p_s
+typedef struct Hacl_Hash_SHA2_uint8_6p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_5p snd;
+  Hacl_Hash_SHA2_uint8_5p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_6p;
+Hacl_Hash_SHA2_uint8_6p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_7p_s
+typedef struct Hacl_Hash_SHA2_uint8_7p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_6p snd;
+  Hacl_Hash_SHA2_uint8_6p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_7p;
+Hacl_Hash_SHA2_uint8_7p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_8p_s
+typedef struct Hacl_Hash_SHA2_uint8_8p_s
 {
   uint8_t *fst;
-  Hacl_Impl_SHA2_Types_uint8_7p snd;
+  Hacl_Hash_SHA2_uint8_7p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_8p;
+Hacl_Hash_SHA2_uint8_8p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_2x4p_s
+typedef struct Hacl_Hash_SHA2_uint8_2x4p_s
 {
-  Hacl_Impl_SHA2_Types_uint8_4p fst;
-  Hacl_Impl_SHA2_Types_uint8_4p snd;
+  Hacl_Hash_SHA2_uint8_4p fst;
+  Hacl_Hash_SHA2_uint8_4p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_2x4p;
+Hacl_Hash_SHA2_uint8_2x4p;
 
-typedef struct Hacl_Impl_SHA2_Types_uint8_2x8p_s
+typedef struct Hacl_Hash_SHA2_uint8_2x8p_s
 {
-  Hacl_Impl_SHA2_Types_uint8_8p fst;
-  Hacl_Impl_SHA2_Types_uint8_8p snd;
+  Hacl_Hash_SHA2_uint8_8p fst;
+  Hacl_Hash_SHA2_uint8_8p snd;
 }
-Hacl_Impl_SHA2_Types_uint8_2x8p;
+Hacl_Hash_SHA2_uint8_2x8p;
 
 #if defined(__cplusplus)
 }
diff --git a/info.txt b/info.txt
index af3dbf98..a34b82c2 100644
--- a/info.txt
+++ b/info.txt
@@ -1,5 +1,5 @@
 The code was generated with the following toolchain.
-F* version: bc622701c668f6b4092760879372968265d4a4e1
-KaRaMeL version: 7cffd27cfefbd220e986e561e8d350f043609f76
-HACL* version: 1b30697fc2b0d8d5e2f541eccfd3fb52b45b905c
+F* version: 6e23042e74555544267731295b7d382c86edc574
+Karamel version: a7be2a7c43eca637ceb57fe8f3ffd16fc6627ebd
+HACL* version: ae5d839c2e1fa95055b618cda60aeb1c486c720c
 Vale version: 0.3.19
diff --git a/js/api.js b/js/api.js
index bd8c6c0d..5ad3bdde 100644
--- a/js/api.js
+++ b/js/api.js
@@ -217,9 +217,9 @@ var HaclWasm = (function() {
   // We defined a few WASM-specific "compile-time macros".
   var my_imports = {
     EverCrypt_TargetConfig: (mem) => ({
-      hacl_can_compile_vale: 0,
-      hacl_can_compile_vec128: 0,
-      hacl_can_compile_vec256: 0,
+      HACL_CAN_COMPILE_VALE: 0,
+      HACL_CAN_COMPILE_VEC128: 0,
+      HACL_CAN_COMPILE_VEC256: 0,
       has_vec128_not_avx: () => false,
       has_vec256_not_avx2: () => false,
     }),
diff --git a/js/api.json b/js/api.json
index eec09b22..f6fa0e60 100644
--- a/js/api.json
+++ b/js/api.json
@@ -110,31 +110,40 @@
     }
   },
   "Chacha20Poly1305": {
-    "aead_encrypt": {
-      "module": "Hacl_Chacha20Poly1305_32",
-      "name": "aead_encrypt",
-      "args": [{
-          "name": "key",
-          "kind": "input",
+    "encrypt": {
+      "module": "Hacl_AEAD_Chacha20Poly1305",
+      "name": "encrypt",
+      "args": [
+        {
+          "name": "ciphertext",
+          "kind": "output",
           "type": "buffer",
-          "size": 32,
-          "interface_index": 0,
+          "size": "len",
           "tests": [
-              "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"
+              "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116"
           ]
         },
         {
-          "name": "nonce",
+          "name": "mac",
+          "kind": "output",
+          "type": "buffer",
+          "size": 16,
+          "tests": [
+              "1ae10b594f09e26a7e902ecbd0600691"
+          ]
+        },
+        {
+          "name": "plaintext",
           "kind": "input",
           "type": "buffer",
-          "size": 12,
-          "interface_index": 1,
+          "size": "len",
+          "interface_index": 0,
           "tests": [
-              "070000004041424344454647"
+              "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
           ]
         },
         {
-          "name": "alen",
+          "name": "len",
           "kind": "input",
           "type": "uint32"
         },
@@ -143,42 +152,34 @@
           "kind": "input",
           "type": "buffer",
           "size": "alen",
-          "interface_index": 2,
+          "interface_index": 1,
           "tests": [
               "50515253c0c1c2c3c4c5c6c7"
           ]
         },
         {
-          "name": "len",
+          "name": "alen",
           "kind": "input",
           "type": "uint32"
         },
         {
-          "name": "plaintext",
+          "name": "key",
           "kind": "input",
           "type": "buffer",
-          "size": "len",
-          "interface_index": 3,
-          "tests": [
-              "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
-          ]
-        },
-        {
-          "name": "ciphertext",
-          "kind": "output",
-          "type": "buffer",
-          "size": "len",
+          "size": 32,
+          "interface_index": 2,
           "tests": [
-              "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116"
+              "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"
           ]
         },
         {
-          "name": "mac",
-          "kind": "output",
+          "name": "nonce",
+          "kind": "input",
           "type": "buffer",
-          "size": 16,
+          "size": 12,
+          "interface_index": 3,
           "tests": [
-              "1ae10b594f09e26a7e902ecbd0600691"
+              "070000004041424344454647"
           ]
         }
       ],
@@ -186,31 +187,31 @@
         "type": "void"
       }
     },
-    "aead_decrypt": {
-      "module": "Hacl_Chacha20Poly1305_32",
-      "name": "aead_decrypt",
-      "args": [{
-          "name": "key",
-          "kind": "input",
+    "decrypt": {
+      "module": "Hacl_AEAD_Chacha20Poly1305",
+      "name": "decrypt",
+      "args": [
+        {
+          "name": "plaintext",
+          "kind": "output",
           "type": "buffer",
-          "size": 32,
-          "interface_index": 0,
+          "size": "len",
           "tests": [
-              "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"
+              "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
           ]
         },
         {
-          "name": "nonce",
+          "name": "ciphertext",
           "kind": "input",
           "type": "buffer",
-          "size": 12,
-          "interface_index": 1,
+          "size": "len",
+          "interface_index": 0,
           "tests": [
-              "070000004041424344454647"
+              "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116"
           ]
         },
         {
-          "name": "alen",
+          "name": "len",
           "kind": "input",
           "type": "uint32"
         },
@@ -219,33 +220,34 @@
           "kind": "input",
           "type": "buffer",
           "size": "alen",
-          "interface_index": 2,
+          "interface_index": 1,
           "tests": [
               "50515253c0c1c2c3c4c5c6c7"
           ]
         },
         {
-          "name": "len",
+          "name": "alen",
           "kind": "input",
           "type": "uint32"
         },
         {
-          "name": "plaintext",
-          "kind": "output",
+          "name": "key",
+          "kind": "input",
           "type": "buffer",
-          "size": "len",
+          "size": 32,
+          "interface_index": 2,
           "tests": [
-              "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
+              "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"
           ]
         },
         {
-          "name": "ciphertext",
+          "name": "nonce",
           "kind": "input",
           "type": "buffer",
-          "size": "len",
+          "size": 12,
           "interface_index": 3,
           "tests": [
-              "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116"
+              "070000004041424344454647"
           ]
         },
         {
@@ -407,9 +409,19 @@
   "SHA2": {
     "hash_512": {
       "module": "Hacl_Hash_SHA2",
-      "custom_module_name": true,
-      "name": "Hacl_Streaming_SHA2_hash_512",
+      "name": "hash_512",
       "args": [{
+          "name": "output",
+          "kind": "output",
+          "type": "buffer",
+          "size": 64,
+          "tests": [
+              "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f",
+              "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
+              "204a8fc6dda82f0a0ced7beb8e08a41657c16ef468b228a8279be331a703c33596fd15c13b1b07f9aa1d3bea57789ca031ad85c7a71dd70354ec631238ca3445",
+              "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909"
+          ]
+        }, {
           "name": "input",
           "kind": "input",
           "type": "buffer",
@@ -421,23 +433,10 @@
               "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
               "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475"
           ]
-        },
-        {
+        }, {
           "name": "input_len",
           "kind": "input",
           "type": "uint32"
-        },
-        {
-          "name": "hash",
-          "kind": "output",
-          "type": "buffer",
-          "size": 64,
-          "tests": [
-              "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f",
-              "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
-              "204a8fc6dda82f0a0ced7beb8e08a41657c16ef468b228a8279be331a703c33596fd15c13b1b07f9aa1d3bea57789ca031ad85c7a71dd70354ec631238ca3445",
-              "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909"
-          ]
         }
       ],
       "return": {
@@ -446,9 +445,19 @@
     },
     "hash_384": {
       "module": "Hacl_Hash_SHA2",
-      "custom_module_name": true,
-      "name": "Hacl_Streaming_SHA2_hash_384",
+      "name": "hash_384",
       "args": [{
+          "name": "hash",
+          "kind": "output",
+          "type": "buffer",
+          "size": 48,
+          "tests": [
+              "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7",
+              "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b",
+              "3391fdddfc8dc7393707a65b1b4709397cf8b1d162af05abfe8f450de5f36bc6b0455a8520bc4e6f5fe95b1fe3c8452b",
+              "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039"
+          ]
+        }, {
           "name": "input",
           "kind": "input",
           "type": "buffer",
@@ -460,23 +469,10 @@
               "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
               "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475"
           ]
-        },
-        {
+        }, {
           "name": "input_len",
           "kind": "input",
           "type": "uint32"
-        },
-        {
-          "name": "hash",
-          "kind": "output",
-          "type": "buffer",
-          "size": 48,
-          "tests": [
-              "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7",
-              "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b",
-              "3391fdddfc8dc7393707a65b1b4709397cf8b1d162af05abfe8f450de5f36bc6b0455a8520bc4e6f5fe95b1fe3c8452b",
-              "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039"
-          ]
         }
       ],
       "return": {
@@ -485,9 +481,19 @@
     },
     "hash_256": {
       "module": "Hacl_Hash_SHA2",
-      "custom_module_name": true,
-      "name": "Hacl_Streaming_SHA2_hash_256",
+      "name": "hash_256",
       "args": [{
+          "name": "hash",
+          "kind": "output",
+          "type": "buffer",
+          "size": 32,
+          "tests": [
+              "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
+              "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+              "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
+              "cf5b16a778af8380036ce59e7b0492370b249b11e8f07a51afac45037afee9d1"
+          ]
+        }, {
           "name": "input",
           "kind": "input",
           "type": "buffer",
@@ -499,23 +505,10 @@
               "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
               "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475"
           ]
-        },
-        {
+        }, {
           "name": "input_len",
           "kind": "input",
           "type": "uint32"
-        },
-        {
-          "name": "hash",
-          "kind": "output",
-          "type": "buffer",
-          "size": 32,
-          "tests": [
-              "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
-              "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
-              "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
-              "cf5b16a778af8380036ce59e7b0492370b249b11e8f07a51afac45037afee9d1"
-          ]
         }
       ],
       "return": {
@@ -525,18 +518,10 @@
   },
   "Blake2": {
     "blake2b": {
-      "module": "Hacl_Hash_Blake2",
+      "module": "Hacl_Hash_Blake2b",
       "custom_module_name": true,
-      "name": "Hacl_Blake2b_32_blake2b",
+      "name": "Hacl_Hash_Blake2b_hash_with_key",
       "args": [{
-          "type": "uint32",
-          "kind": "input",
-          "name": "output_len",
-          "interface_index": 0,
-          "tests": [
-            64, 64
-          ]
-        }, {
           "name": "output",
           "kind": "output",
           "type": "buffer",
@@ -545,26 +530,28 @@
               "ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923",
               "e47bb6f20fbf14984f72a4c3cd9f3dc0d38928e536733ba7c5b153c71546584b7371f9b7070777b9a0947703409650fd04cfc9a5d561f99ed134ef262b03db94"
           ]
-        },
-        {
+        }, {
           "type": "uint32",
           "kind": "input",
-          "name": "data_len"
+          "name": "output_len",
+          "interface_index": 0,
+          "tests": [
+            64, 64
+          ]
         }, {
-          "name": "data",
+          "name": "input",
           "kind": "input",
           "type": "buffer",
-          "size": "data_len",
+          "size": "input_len",
           "interface_index": 1,
           "tests": [
               "616263",
               "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
           ]
-        },
-        {
+        }, {
           "type": "uint32",
           "kind": "input",
-          "name": "key_len"
+          "name": "input_len"
         }, {
           "name": "key",
           "kind": "input",
@@ -575,6 +562,10 @@
               "",
               "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
           ]
+        }, {
+          "type": "uint32",
+          "kind": "input",
+          "name": "key_len"
         }
       ],
       "return": {
@@ -582,21 +573,10 @@
       }
     },
     "blake2s": {
-      "module": "Hacl_Hash_Blake2",
+      "module": "Hacl_Hash_Blake2s",
       "custom_module_name": true,
-      "name": "Hacl_Blake2s_32_blake2s",
+      "name": "Hacl_Hash_Blake2s_hash_with_key",
       "args": [{
-          "type": "uint32",
-          "kind": "input",
-          "name": "output_len",
-          "interface_index": 0,
-          "tests": [
-              32,
-              32,
-              32,
-              32
-          ]
-        }, {
           "name": "output",
           "kind": "output",
           "type": "buffer",
@@ -607,16 +587,22 @@
               "3fb735061abc519dfe979e54c1ee5bfad0a9d858b3315bad34bde999efd724dd",
               "d12bf3732ef4af5c22fa90356af8fc50fcb40f8f2ea5c8594737a3b3d5abdbd7"
           ]
-        },
-        {
+        }, {
           "type": "uint32",
           "kind": "input",
-          "name": "data_len"
+          "name": "output_len",
+          "interface_index": 0,
+          "tests": [
+              32,
+              32,
+              32,
+              32
+          ]
         }, {
-          "name": "data",
+          "name": "input",
           "kind": "input",
           "type": "buffer",
-          "size": "data_len",
+          "size": "input_len",
           "interface_index": 1,
           "tests": [
               "616263",
@@ -624,11 +610,10 @@
               "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe",
               "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fa"
           ]
-        },
-        {
+        }, {
           "type": "uint32",
           "kind": "input",
-          "name": "key_len"
+          "name": "input_len"
         }, {
           "name": "key",
           "kind": "input",
@@ -641,6 +626,10 @@
               "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
               "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
           ]
+	}, {
+          "type": "uint32",
+          "kind": "input",
+          "name": "key_len"
         }
       ],
       "return": {
@@ -652,27 +641,10 @@
     "hash_512": {
       "module": "Hacl_Hash_SHA3",
       "custom_module_name": true,
-      "name": "Hacl_SHA3_sha3_512",
-      "args": [{
-          "name": "input_len",
-          "kind": "input",
-          "type": "uint32"
-        },
-        {
-          "name": "input",
-          "kind": "input",
-          "type": "buffer",
-          "size": "input_len",
-          "interface_index": 0,
-          "tests": [
-              "",
-              "616263",
-              "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
-              "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475"
-          ]
-        },
+      "name": "Hacl_Hash_SHA3_sha3_512",
+      "args": [
         {
-          "name": "hash",
+          "name": "output",
           "kind": "output",
           "type": "buffer",
           "size": 64,
@@ -682,22 +654,7 @@
               "04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e",
               "afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185"
           ]
-        }
-      ],
-      "return": {
-        "type": "void"
-      }
-    },
-    "hash_384": {
-      "module": "Hacl_Hash_SHA3",
-      "custom_module_name": true,
-      "name": "Hacl_SHA3_sha3_384",
-      "args": [{
-          "name": "input_len",
-          "kind": "input",
-          "type": "uint32"
-        },
-        {
+        }, {
           "name": "input",
           "kind": "input",
           "type": "buffer",
@@ -709,7 +666,21 @@
               "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
               "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475"
           ]
-        },
+        }, {
+          "name": "input_len",
+          "kind": "input",
+          "type": "uint32"
+	}
+      ],
+      "return": {
+        "type": "void"
+      }
+    },
+    "hash_384": {
+      "module": "Hacl_Hash_SHA3",
+      "custom_module_name": true,
+      "name": "Hacl_Hash_SHA3_sha3_384",
+      "args": [
         {
           "name": "hash",
           "kind": "output",
@@ -721,22 +692,7 @@
               "991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22",
               "79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7"
           ]
-        }
-      ],
-      "return": {
-        "type": "void"
-      }
-    },
-    "hash_256": {
-      "module": "Hacl_Hash_SHA3",
-      "custom_module_name": true,
-      "name": "Hacl_SHA3_sha3_256",
-      "args": [{
-          "name": "input_len",
-          "kind": "input",
-          "type": "uint32"
-        },
-        {
+	}, {
           "name": "input",
           "kind": "input",
           "type": "buffer",
@@ -748,7 +704,21 @@
               "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
               "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475"
           ]
-        },
+        }, {
+          "name": "input_len",
+          "kind": "input",
+          "type": "uint32"
+        }
+      ],
+      "return": {
+        "type": "void"
+      }
+    },
+    "hash_256": {
+      "module": "Hacl_Hash_SHA3",
+      "custom_module_name": true,
+      "name": "Hacl_Hash_SHA3_sha3_256",
+      "args": [
         {
           "name": "hash",
           "kind": "output",
@@ -760,22 +730,7 @@
               "41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376",
               "916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18"
           ]
-        }
-      ],
-      "return": {
-        "type": "void"
-      }
-    },
-    "hash_224": {
-      "module": "Hacl_Hash_SHA3",
-      "custom_module_name": true,
-      "name": "Hacl_SHA3_sha3_224",
-      "args": [{
-          "name": "input_len",
-          "kind": "input",
-          "type": "uint32"
-        },
-        {
+        }, {
           "name": "input",
           "kind": "input",
           "type": "buffer",
@@ -787,7 +742,21 @@
               "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
               "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475"
           ]
-        },
+        },{
+          "name": "input_len",
+          "kind": "input",
+          "type": "uint32"
+        }
+      ],
+      "return": {
+        "type": "void"
+      }
+    },
+    "hash_224": {
+      "module": "Hacl_Hash_SHA3",
+      "custom_module_name": true,
+      "name": "Hacl_Hash_SHA3_sha3_224",
+      "args": [
         {
           "name": "hash",
           "kind": "output",
@@ -799,7 +768,23 @@
               "8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33",
               "543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc"
           ]
-        }
+        }, {
+          "name": "input",
+          "kind": "input",
+          "type": "buffer",
+          "size": "input_len",
+          "interface_index": 0,
+          "tests": [
+              "",
+              "616263",
+              "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
+              "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475"
+          ]
+        }, {
+          "name": "input_len",
+          "kind": "input",
+          "type": "uint32"
+	}
       ],
       "return": {
         "type": "void"
@@ -807,8 +792,7 @@
     },
     "keccak": {
       "module": "Hacl_Hash_SHA3",
-      "name": "Hacl_Impl_SHA3_keccak",
-      "custom_module_name": true,
+      "name": "keccak",
       "args": [{
           "name": "rate",
           "kind": "input",
@@ -3694,7 +3678,7 @@
       "args": [{
           "name": "state",
           "kind": "input",
-          "type": "EverCrypt_Hash_Incremental_hash_state",
+          "type": "EverCrypt_Hash_Incremental_state_t",
           "interface_index": 0,
           "tests": [
           ]
@@ -3706,10 +3690,10 @@
         ]
       }
     },
-    "create": {
+    "malloc": {
       "module": "EverCrypt_Hash",
       "custom_module_name": true,
-      "name": "EverCrypt_Hash_Incremental_create_in",
+      "name": "EverCrypt_Hash_Incremental_malloc",
       "args": [{
           "name": "hash_alg",
           "kind": "input",
@@ -3721,7 +3705,7 @@
       ],
       "return": {
         "kind": "layout",
-        "type": "EverCrypt_Hash_Incremental_hash_state",
+        "type": "EverCrypt_Hash_Incremental_state_t",
         "tests": [
         ]
       }
@@ -3733,7 +3717,7 @@
       "args": [{
           "name": "state",
           "kind": "output",
-          "type": "EverCrypt_Hash_Incremental_hash_state",
+          "type": "EverCrypt_Hash_Incremental_state_t",
           "interface_index": 0,
           "tests": [
           ]
@@ -3757,14 +3741,14 @@
         ]
       }
     },
-    "finish": {
+    "digest": {
       "module": "EverCrypt_Hash",
       "custom_module_name": true,
-      "name": "EverCrypt_Hash_Incremental_finish",
+      "name": "EverCrypt_Hash_Incremental_digest",
       "args": [{
           "name": "state",
           "kind": "input",
-          "type": "EverCrypt_Hash_Incremental_hash_state",
+          "type": "EverCrypt_Hash_Incremental_state_t",
           "interface_index": 0,
           "tests": [
           ]
diff --git a/js/test.html b/js/test.html
index 6f5c40c8..a93dfdb3 100644
--- a/js/test.html
+++ b/js/test.html
@@ -5,7 +5,7 @@
     <meta charset="utf-8">
     <title>KaRaMeL main driver</title>
     <script type="application/javascript">
-      var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "LowStar", "Hacl_Impl_Blake2_Constants", "Hacl_Hash_Base", "Hacl_Hash_Blake2", "Hacl_Hash_MD5", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "EverCrypt_TargetConfig", "EverCrypt_EverCrypt", "Vale", "Hacl_Streaming", "EverCrypt_Hash", "Hacl_SHA3", "Hacl_Chacha20", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_Ed25519", "Hacl_Poly1305_32", "Hacl_NaCl", "Hacl_P256", "Hacl_HMAC", "Hacl_HKDF", "Hacl_Chacha20Poly1305_32", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Steel_Reference", "Hacl_GenericField32", "Hacl_Bignum256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_Bignum64", "Hacl_EC_Ed25519"];
+      var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "LowStar", "Hacl_Impl_Blake2_Constants", "Hacl_Hash_Base", "Hacl_Hash_Blake2b", "Hacl_Hash_Blake2s", "Hacl_Hash_MD5", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "EverCrypt_TargetConfig", "EverCrypt_EverCrypt", "Vale", "Hacl_Streaming", "EverCrypt_Hash", "Hacl_Hash_SHA3", "Hacl_Chacha20", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_Ed25519", "Hacl_MAC_Poly1305", "Hacl_NaCl", "Hacl_P256", "Hacl_HMAC", "Hacl_HKDF", "Hacl_AEAD_Chacha20Poly1305", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Steel_Reference", "Hacl_GenericField32", "Hacl_Bignum256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_Bignum64", "Hacl_EC_Ed25519"];
       var my_print = msg =>
         document.getElementById("terminal").appendChild(
           document.createTextNode(msg + "\n"));
diff --git a/js/test3.js b/js/test3.js
index 0cf41f46..bf6e2f3d 100644
--- a/js/test3.js
+++ b/js/test3.js
@@ -38,7 +38,7 @@ const SHA2_256 = 1;
 
 function testEverCryptHash(Hacl) {
   let err, s;
-  s = Hacl.EverCrypt_Hash.create(SHA2_256);
+  s = Hacl.EverCrypt_Hash.malloc(SHA2_256);
   assert (Hacl.EverCrypt_Hash.alg_of_state(s) == SHA2_256);
   console.log("STEP 1", s, Hacl.EverCrypt_Hash.alg_of_state(s));
 
@@ -46,7 +46,7 @@ function testEverCryptHash(Hacl) {
   assert (err == 0);
   console.log("STEP 2", err, s);
 
-  let [ digest ] = Hacl.EverCrypt_Hash.finish(s);
+  let [ digest ] = Hacl.EverCrypt_Hash.digest(s);
   assert (buf2hex(digest) == "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9");
   console.log("STEP 3", digest);
 }
@@ -65,9 +65,10 @@ let modules = [
   "Hacl_Hash_SHA1",
   "Hacl_Hash_SHA2",
   "Hacl_Impl_Blake2_Constants",
-  "Hacl_Hash_Blake2",
-  "Hacl_Hash_Blake2s_128",
-  "Hacl_Hash_Blake2b_256",
+  "Hacl_Hash_Blake2b",
+  "Hacl_Hash_Blake2s",
+  "Hacl_Hash_Blake2s_Simd128",
+  "Hacl_Hash_Blake2b_Simd256",
   "Hacl_Hash_SHA3",
   "Vale",
   "EverCrypt",
diff --git a/karamel/include/krml/internal/builtin.h b/karamel/include/krml/internal/builtin.h
index 53ea9040..6098f30b 100644
--- a/karamel/include/krml/internal/builtin.h
+++ b/karamel/include/krml/internal/builtin.h
@@ -7,6 +7,8 @@
 /* For alloca, when using KaRaMeL's -falloca */
 #if (defined(_WIN32) || defined(_WIN64))
 #  include <malloc.h>
+#elif (defined(sun))
+#  include <alloca.h>
 #endif
 
 /* If some globals need to be initialized before the main, then karamel will
diff --git a/karamel/include/krml/internal/target.h b/karamel/include/krml/internal/target.h
index 4903d224..d4252a10 100644
--- a/karamel/include/krml/internal/target.h
+++ b/karamel/include/krml/internal/target.h
@@ -57,6 +57,10 @@
 #  define KRML_HOST_IGNORE(x) (void)(x)
 #endif
 
+#ifndef KRML_MAYBE_UNUSED_VAR
+#  define KRML_MAYBE_UNUSED_VAR(x) KRML_HOST_IGNORE(x)
+#endif
+
 #ifndef KRML_MAYBE_UNUSED
 #  if defined(__GNUC__)
 #    define KRML_MAYBE_UNUSED __attribute__((unused))
diff --git a/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h b/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h
index 4bf0a34a..9e4e2290 100644
--- a/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h
+++ b/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h
@@ -15,7 +15,7 @@
 
 static inline uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
 {
-  return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
+  return (a ^ ((a ^ b) | ((a - b) ^ b))) >> 63U;
 }
 
 static inline uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b)
@@ -118,7 +118,7 @@ static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a
   return lit;
 }
 
-static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U;
+static uint32_t FStar_UInt128_u32_64 = 64U;
 
 static inline uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
 {
@@ -134,7 +134,7 @@ FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
 static inline FStar_UInt128_uint128
 FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
 {
-  if (s == (uint32_t)0U)
+  if (s == 0U)
   {
     return a;
   }
@@ -151,7 +151,7 @@ static inline FStar_UInt128_uint128
 FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s)
 {
   FStar_UInt128_uint128 lit;
-  lit.low = (uint64_t)0U;
+  lit.low = 0ULL;
   lit.high = a.low << (s - FStar_UInt128_u32_64);
   return lit;
 }
@@ -183,7 +183,7 @@ FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
 static inline FStar_UInt128_uint128
 FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
 {
-  if (s == (uint32_t)0U)
+  if (s == 0U)
   {
     return a;
   }
@@ -201,7 +201,7 @@ FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s)
 {
   FStar_UInt128_uint128 lit;
   lit.low = a.high >> (s - FStar_UInt128_u32_64);
-  lit.high = (uint64_t)0U;
+  lit.high = 0ULL;
   return lit;
 }
 
@@ -269,7 +269,7 @@ static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a)
 {
   FStar_UInt128_uint128 lit;
   lit.low = a;
-  lit.high = (uint64_t)0U;
+  lit.high = 0ULL;
   return lit;
 }
 
@@ -280,10 +280,10 @@ static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a)
 
 static inline uint64_t FStar_UInt128_u64_mod_32(uint64_t a)
 {
-  return a & (uint64_t)0xffffffffU;
+  return a & 0xffffffffULL;
 }
 
-static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U;
+static uint32_t FStar_UInt128_u32_32 = 32U;
 
 static inline uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo)
 {
diff --git a/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h b/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
index 84356c61..56a2454f 100644
--- a/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
+++ b/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
@@ -35,10 +35,10 @@ extern uint32_t FStar_UInt64_n_minus_one;
 static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
 {
   uint64_t x = a ^ b;
-  uint64_t minus_x = ~x + (uint64_t)1U;
+  uint64_t minus_x = ~x + 1ULL;
   uint64_t x_or_minus_x = x | minus_x;
-  uint64_t xnx = x_or_minus_x >> (uint32_t)63U;
-  return xnx - (uint64_t)1U;
+  uint64_t xnx = x_or_minus_x >> 63U;
+  return xnx - 1ULL;
 }
 
 static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
@@ -50,8 +50,8 @@ static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
   uint64_t x_sub_y_xor_y = x_sub_y ^ y;
   uint64_t q = x_xor_y | x_sub_y_xor_y;
   uint64_t x_xor_q = x ^ q;
-  uint64_t x_xor_q_ = x_xor_q >> (uint32_t)63U;
-  return x_xor_q_ - (uint64_t)1U;
+  uint64_t x_xor_q_ = x_xor_q >> 63U;
+  return x_xor_q_ - 1ULL;
 }
 
 extern Prims_string FStar_UInt64_to_string(uint64_t uu___);
@@ -83,10 +83,10 @@ extern uint32_t FStar_UInt32_n_minus_one;
 static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
 {
   uint32_t x = a ^ b;
-  uint32_t minus_x = ~x + (uint32_t)1U;
+  uint32_t minus_x = ~x + 1U;
   uint32_t x_or_minus_x = x | minus_x;
-  uint32_t xnx = x_or_minus_x >> (uint32_t)31U;
-  return xnx - (uint32_t)1U;
+  uint32_t xnx = x_or_minus_x >> 31U;
+  return xnx - 1U;
 }
 
 static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
@@ -98,8 +98,8 @@ static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
   uint32_t x_sub_y_xor_y = x_sub_y ^ y;
   uint32_t q = x_xor_y | x_sub_y_xor_y;
   uint32_t x_xor_q = x ^ q;
-  uint32_t x_xor_q_ = x_xor_q >> (uint32_t)31U;
-  return x_xor_q_ - (uint32_t)1U;
+  uint32_t x_xor_q_ = x_xor_q >> 31U;
+  return x_xor_q_ - 1U;
 }
 
 extern Prims_string FStar_UInt32_to_string(uint32_t uu___);
@@ -130,24 +130,24 @@ extern uint32_t FStar_UInt16_n_minus_one;
 
 static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
 {
-  uint16_t x = a ^ b;
-  uint16_t minus_x = ~x + (uint16_t)1U;
-  uint16_t x_or_minus_x = x | minus_x;
-  uint16_t xnx = x_or_minus_x >> (uint32_t)15U;
-  return xnx - (uint16_t)1U;
+  uint16_t x = (uint32_t)a ^ (uint32_t)b;
+  uint16_t minus_x = (uint32_t)~x + 1U;
+  uint16_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x;
+  uint16_t xnx = (uint32_t)x_or_minus_x >> 15U;
+  return (uint32_t)xnx - 1U;
 }
 
 static KRML_NOINLINE uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
 {
   uint16_t x = a;
   uint16_t y = b;
-  uint16_t x_xor_y = x ^ y;
-  uint16_t x_sub_y = x - y;
-  uint16_t x_sub_y_xor_y = x_sub_y ^ y;
-  uint16_t q = x_xor_y | x_sub_y_xor_y;
-  uint16_t x_xor_q = x ^ q;
-  uint16_t x_xor_q_ = x_xor_q >> (uint32_t)15U;
-  return x_xor_q_ - (uint16_t)1U;
+  uint16_t x_xor_y = (uint32_t)x ^ (uint32_t)y;
+  uint16_t x_sub_y = (uint32_t)x - (uint32_t)y;
+  uint16_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y;
+  uint16_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y;
+  uint16_t x_xor_q = (uint32_t)x ^ (uint32_t)q;
+  uint16_t x_xor_q_ = (uint32_t)x_xor_q >> 15U;
+  return (uint32_t)x_xor_q_ - 1U;
 }
 
 extern Prims_string FStar_UInt16_to_string(uint16_t uu___);
@@ -178,24 +178,24 @@ extern uint32_t FStar_UInt8_n_minus_one;
 
 static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
 {
-  uint8_t x = a ^ b;
-  uint8_t minus_x = ~x + (uint8_t)1U;
-  uint8_t x_or_minus_x = x | minus_x;
-  uint8_t xnx = x_or_minus_x >> (uint32_t)7U;
-  return xnx - (uint8_t)1U;
+  uint8_t x = (uint32_t)a ^ (uint32_t)b;
+  uint8_t minus_x = (uint32_t)~x + 1U;
+  uint8_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x;
+  uint8_t xnx = (uint32_t)x_or_minus_x >> 7U;
+  return (uint32_t)xnx - 1U;
 }
 
 static KRML_NOINLINE uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
 {
   uint8_t x = a;
   uint8_t y = b;
-  uint8_t x_xor_y = x ^ y;
-  uint8_t x_sub_y = x - y;
-  uint8_t x_sub_y_xor_y = x_sub_y ^ y;
-  uint8_t q = x_xor_y | x_sub_y_xor_y;
-  uint8_t x_xor_q = x ^ q;
-  uint8_t x_xor_q_ = x_xor_q >> (uint32_t)7U;
-  return x_xor_q_ - (uint8_t)1U;
+  uint8_t x_xor_y = (uint32_t)x ^ (uint32_t)y;
+  uint8_t x_sub_y = (uint32_t)x - (uint32_t)y;
+  uint8_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y;
+  uint8_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y;
+  uint8_t x_xor_q = (uint32_t)x ^ (uint32_t)q;
+  uint8_t x_xor_q_ = (uint32_t)x_xor_q >> 7U;
+  return (uint32_t)x_xor_q_ - 1U;
 }
 
 extern Prims_string FStar_UInt8_to_string(uint8_t uu___);
diff --git a/karamel/krmllib/dist/minimal/Makefile.basic b/karamel/krmllib/dist/minimal/Makefile.basic
new file mode 100644
index 00000000..8e39de6d
--- /dev/null
+++ b/karamel/krmllib/dist/minimal/Makefile.basic
@@ -0,0 +1,56 @@
+# A basic Makefile that KaRaMeL copies in the output directory; this is not
+# guaranteed to work and will only work well for very simple projects. This
+# Makefile uses:
+# - the custom C files passed to your krml invocation
+# - the custom C flags passed to your krml invocation
+# - the -o option passed to your krml invocation
+
+include Makefile.include
+
+ifeq (,$(KRML_HOME))
+  $(error please define KRML_HOME to point to the root of your KaRaMeL git checkout)
+endif
+
+CFLAGS 	+= -I. -I $(KRML_HOME)/include -I $(KRML_HOME)/krmllib/dist/minimal
+CFLAGS 	+= -Wall -Wextra -Werror -std=c11 \
+  -Wno-unknown-warning-option \
+  -Wno-infinite-recursion \
+  -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE
+ifeq ($(OS),Windows_NT)
+CFLAGS 	+= -D__USE_MINGW_ANSI_STDIO
+else
+CFLAGS 	+= -fPIC
+endif
+CFLAGS 	+= $(USER_CFLAGS)
+
+SOURCES += $(ALL_C_FILES) $(USER_C_FILES)
+ifneq (,$(BLACKLIST))
+  SOURCES := $(filter-out $(BLACKLIST),$(SOURCES))
+endif
+OBJS 	+= $(patsubst %.c,%.o,$(SOURCES))
+
+all: $(USER_TARGET)
+
+$(USER_TARGET): $(OBJS)
+
+AR ?= ar
+
+%.a:
+	$(AR) cr $@ $^
+
+%.exe:
+	$(CC) $(CFLAGS) -o $@ $^ $(KRML_HOME)/krmllib/dist/generic/libkrmllib.a
+
+%.so:
+	$(CC) $(CFLAGS) -shared -o $@ $^
+
+%.d: %.c
+	@set -e; rm -f $@; \
+	  $(CC) -MM -MG $(CFLAGS) $< > $@.$$$$; \
+	  sed 's,\($(notdir $*)\)\.o[ :]*,$(dir $@)\1.o $@ : ,g' < $@.$$$$ > $@; \
+	  rm -f $@.$$$$
+
+include $(patsubst %.c,%.d,$(SOURCES))
+
+clean:
+	rm -rf *.o *.d $(USER_TARGET)
diff --git a/karamel/krmllib/dist/minimal/Makefile.include b/karamel/krmllib/dist/minimal/Makefile.include
new file mode 100644
index 00000000..ad532171
--- /dev/null
+++ b/karamel/krmllib/dist/minimal/Makefile.include
@@ -0,0 +1,5 @@
+USER_TARGET=libkrmllib.a
+USER_CFLAGS=
+USER_C_FILES=fstar_uint128.c
+ALL_C_FILES=
+ALL_H_FILES=FStar_UInt128.h FStar_UInt_8_16_32_64.h LowStar_Endianness.h
diff --git a/karamel/krmllib/dist/minimal/libkrmllib.def b/karamel/krmllib/dist/minimal/libkrmllib.def
new file mode 100644
index 00000000..c4ab8e38
--- /dev/null
+++ b/karamel/krmllib/dist/minimal/libkrmllib.def
@@ -0,0 +1,11 @@
+LIBRARY libkrmllib
+
+EXPORTS
+  FStar_UInt64_eq_mask
+  FStar_UInt64_gte_mask
+  FStar_UInt32_eq_mask
+  FStar_UInt32_gte_mask
+  FStar_UInt16_eq_mask
+  FStar_UInt16_gte_mask
+  FStar_UInt8_eq_mask
+  FStar_UInt8_gte_mask
diff --git a/ocaml/Makefile b/ocaml/Makefile
index 9c7227d4..87826c50 100644
--- a/ocaml/Makefile
+++ b/ocaml/Makefile
@@ -89,14 +89,13 @@ BLOCKLIST=Hacl_HPKE_Curve51_CP256_SHA512.c \
 			Hacl_HPKE_Curve64_CP256_SHA256.c \
 			Hacl_HPKE_Curve64_CP32_SHA512.c
 ifeq (,$(TOOLCHAIN_CAN_COMPILE_VEC128))
-BLOCKLIST+=Hacl_Chacha20Poly1305_128.c Hacl_Poly1305_128.c \
-			Hacl_Hash_Blake2s_128.c Hacl_Streaming_Blake2s_128.c
+BLOCKLIST+=Hacl_AEAD_Chacha20Poly1305_Simd128.c Hacl_MAC_Poly1305_Simd128.c \
+			Hacl_Hash_Blake2s_Simd128.c
 endif
 ifeq (,$(TOOLCHAIN_CAN_COMPILE_VEC256))
-BLOCKLIST+=Hacl_Bignum256.c Hacl_Chacha20Poly1305_256.c Hacl_Chacha20_Vec256.c \
+BLOCKLIST+=Hacl_Bignum256.c Hacl_AEAD_Chacha20Poly1305_Simd256.c Hacl_Chacha20_Vec256.c \
 			Hacl_HKDF_Blake2b_256.c Hacl_HMAC_Blake2b_256.c \
-			Hacl_Hash_Blake2b_256.c Hacl_Poly1305_256.c Hacl_SHA2_Vec256.c \
-			Hacl_Streaming_Blake2b_256.c Hacl_Streaming_Poly1305_256.c \
+			Hacl_Hash_Blake2b_Simd256.c Hacl_MAC_Poly1305_Simd256.c Hacl_SHA2_Vec256.c \
 			Hacl_GenericField64.c Hacl_Bignum4096.c Hacl_Bignum64.c # These all link against 256-bit bignum
 endif
 ifeq (,$(TOOLCHAIN_CAN_COMPILE_VALE))
diff --git a/ocaml/ctypes.depend b/ocaml/ctypes.depend
index 31393b5e..065ce5eb 100644
--- a/ocaml/ctypes.depend
+++ b/ocaml/ctypes.depend
@@ -1,4 +1,4 @@
-CTYPES_DEPS=lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Blake2_stubs.cmx lib/Hacl_Hash_Blake2_bindings.cmx lib/Hacl_Hash_Blake2b_256_stubs.cmx lib/Hacl_Hash_Blake2b_256_bindings.cmx lib/Hacl_Hash_Blake2s_128_stubs.cmx lib/Hacl_Hash_Blake2s_128_bindings.cmx lib/Hacl_Hash_SHA3_stubs.cmx lib/Hacl_Hash_SHA3_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_Poly1305_32_stubs.cmx lib/Hacl_Poly1305_32_bindings.cmx lib/Hacl_Poly1305_128_stubs.cmx lib/Hacl_Poly1305_128_bindings.cmx lib/Hacl_Poly1305_256_stubs.cmx lib/Hacl_Poly1305_256_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_128_stubs.cmx lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_Chacha20Poly1305_256_stubs.cmx lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_32_stubs.cmx lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_Streaming_Poly1305_32_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_Streaming_Blake2_stubs.cmx lib/Hacl_Streaming_Blake2_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx 
+CTYPES_DEPS=lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Blake2b_stubs.cmx lib/Hacl_Hash_Blake2b_bindings.cmx lib/Hacl_Hash_Blake2s_stubs.cmx lib/Hacl_Hash_Blake2s_bindings.cmx lib/Hacl_Hash_Blake2b_Simd256_stubs.cmx lib/Hacl_Hash_Blake2b_Simd256_bindings.cmx lib/Hacl_Hash_Blake2s_Simd128_stubs.cmx lib/Hacl_Hash_Blake2s_Simd128_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_Hash_SHA3_stubs.cmx lib/Hacl_Hash_SHA3_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_MAC_Poly1305_stubs.cmx lib/Hacl_MAC_Poly1305_bindings.cmx lib/Hacl_AEAD_Chacha20Poly1305_stubs.cmx lib/Hacl_AEAD_Chacha20Poly1305_bindings.cmx lib/Hacl_MAC_Poly1305_Simd128_stubs.cmx lib/Hacl_MAC_Poly1305_Simd128_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_AEAD_Chacha20Poly1305_Simd128_stubs.cmx lib/Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.cmx lib/Hacl_MAC_Poly1305_Simd256_stubs.cmx lib/Hacl_MAC_Poly1305_Simd256_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_AEAD_Chacha20Poly1305_Simd256_stubs.cmx lib/Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx 
 lib/Hacl_Streaming_Types_bindings.cmx: 
 lib/Hacl_Streaming_Types_bindings.cmo: 
 lib_gen/Hacl_Streaming_Types_gen.cmx: lib/Hacl_Streaming_Types_bindings.cmx
@@ -7,42 +7,58 @@ lib/Hacl_Spec_bindings.cmx:
 lib/Hacl_Spec_bindings.cmo: 
 lib_gen/Hacl_Spec_gen.cmx: lib/Hacl_Spec_bindings.cmx
 lib_gen/Hacl_Spec_gen.exe: lib/Hacl_Spec_bindings.cmx lib_gen/Hacl_Spec_gen.cmx 
-lib/Hacl_Hash_Blake2_bindings.cmx: 
-lib/Hacl_Hash_Blake2_bindings.cmo: 
-lib_gen/Hacl_Hash_Blake2_gen.cmx: lib/Hacl_Hash_Blake2_bindings.cmx
-lib_gen/Hacl_Hash_Blake2_gen.exe: lib/Hacl_Hash_Blake2_bindings.cmx lib_gen/Hacl_Hash_Blake2_gen.cmx 
-lib/Hacl_Hash_Blake2b_256_bindings.cmx: 
-lib/Hacl_Hash_Blake2b_256_bindings.cmo: 
-lib_gen/Hacl_Hash_Blake2b_256_gen.cmx: lib/Hacl_Hash_Blake2b_256_bindings.cmx
-lib_gen/Hacl_Hash_Blake2b_256_gen.exe: lib/Hacl_Hash_Blake2b_256_bindings.cmx lib_gen/Hacl_Hash_Blake2b_256_gen.cmx 
-lib/Hacl_Hash_Blake2s_128_bindings.cmx: 
-lib/Hacl_Hash_Blake2s_128_bindings.cmo: 
-lib_gen/Hacl_Hash_Blake2s_128_gen.cmx: lib/Hacl_Hash_Blake2s_128_bindings.cmx
-lib_gen/Hacl_Hash_Blake2s_128_gen.exe: lib/Hacl_Hash_Blake2s_128_bindings.cmx lib_gen/Hacl_Hash_Blake2s_128_gen.cmx 
-lib/Hacl_Hash_SHA3_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
-lib/Hacl_Hash_SHA3_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
-lib_gen/Hacl_Hash_SHA3_gen.cmx: lib/Hacl_Hash_SHA3_bindings.cmx
-lib_gen/Hacl_Hash_SHA3_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Hash_SHA3_bindings.cmx lib_gen/Hacl_Hash_SHA3_gen.cmx 
+lib/Hacl_Hash_Blake2b_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
+lib/Hacl_Hash_Blake2b_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
+lib_gen/Hacl_Hash_Blake2b_gen.cmx: lib/Hacl_Hash_Blake2b_bindings.cmx
+lib_gen/Hacl_Hash_Blake2b_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Hash_Blake2b_bindings.cmx lib_gen/Hacl_Hash_Blake2b_gen.cmx 
+lib/Hacl_Hash_Blake2s_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
+lib/Hacl_Hash_Blake2s_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
+lib_gen/Hacl_Hash_Blake2s_gen.cmx: lib/Hacl_Hash_Blake2s_bindings.cmx
+lib_gen/Hacl_Hash_Blake2s_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Hash_Blake2s_bindings.cmx lib_gen/Hacl_Hash_Blake2s_gen.cmx 
+lib/Hacl_Hash_Blake2b_Simd256_bindings.cmx: 
+lib/Hacl_Hash_Blake2b_Simd256_bindings.cmo: 
+lib_gen/Hacl_Hash_Blake2b_Simd256_gen.cmx: lib/Hacl_Hash_Blake2b_Simd256_bindings.cmx
+lib_gen/Hacl_Hash_Blake2b_Simd256_gen.exe: lib/Hacl_Hash_Blake2b_Simd256_bindings.cmx lib_gen/Hacl_Hash_Blake2b_Simd256_gen.cmx 
+lib/Hacl_Hash_Blake2s_Simd128_bindings.cmx: 
+lib/Hacl_Hash_Blake2s_Simd128_bindings.cmo: 
+lib_gen/Hacl_Hash_Blake2s_Simd128_gen.cmx: lib/Hacl_Hash_Blake2s_Simd128_bindings.cmx
+lib_gen/Hacl_Hash_Blake2s_Simd128_gen.exe: lib/Hacl_Hash_Blake2s_Simd128_bindings.cmx lib_gen/Hacl_Hash_Blake2s_Simd128_gen.cmx 
 lib/Hacl_Hash_Base_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
 lib/Hacl_Hash_Base_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
 lib_gen/Hacl_Hash_Base_gen.cmx: lib/Hacl_Hash_Base_bindings.cmx
 lib_gen/Hacl_Hash_Base_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Hash_Base_bindings.cmx lib_gen/Hacl_Hash_Base_gen.cmx 
-lib/Hacl_Hash_MD5_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
-lib/Hacl_Hash_MD5_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
-lib_gen/Hacl_Hash_MD5_gen.cmx: lib/Hacl_Hash_MD5_bindings.cmx
-lib_gen/Hacl_Hash_MD5_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Hash_MD5_bindings.cmx lib_gen/Hacl_Hash_MD5_gen.cmx 
 lib/Hacl_Hash_SHA1_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
 lib/Hacl_Hash_SHA1_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
 lib_gen/Hacl_Hash_SHA1_gen.cmx: lib/Hacl_Hash_SHA1_bindings.cmx
 lib_gen/Hacl_Hash_SHA1_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Hash_SHA1_bindings.cmx lib_gen/Hacl_Hash_SHA1_gen.cmx 
-lib/Hacl_SHA2_Types_bindings.cmx: 
-lib/Hacl_SHA2_Types_bindings.cmo: 
-lib_gen/Hacl_SHA2_Types_gen.cmx: lib/Hacl_SHA2_Types_bindings.cmx
-lib_gen/Hacl_SHA2_Types_gen.exe: lib/Hacl_SHA2_Types_bindings.cmx lib_gen/Hacl_SHA2_Types_gen.cmx 
 lib/Hacl_Hash_SHA2_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
 lib/Hacl_Hash_SHA2_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
 lib_gen/Hacl_Hash_SHA2_gen.cmx: lib/Hacl_Hash_SHA2_bindings.cmx
 lib_gen/Hacl_Hash_SHA2_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Hash_SHA2_bindings.cmx lib_gen/Hacl_Hash_SHA2_gen.cmx 
+lib/Hacl_HMAC_bindings.cmx: 
+lib/Hacl_HMAC_bindings.cmo: 
+lib_gen/Hacl_HMAC_gen.cmx: lib/Hacl_HMAC_bindings.cmx
+lib_gen/Hacl_HMAC_gen.exe: lib/Hacl_HMAC_bindings.cmx lib_gen/Hacl_HMAC_gen.cmx 
+lib/Hacl_HMAC_Blake2s_128_bindings.cmx: 
+lib/Hacl_HMAC_Blake2s_128_bindings.cmo: 
+lib_gen/Hacl_HMAC_Blake2s_128_gen.cmx: lib/Hacl_HMAC_Blake2s_128_bindings.cmx
+lib_gen/Hacl_HMAC_Blake2s_128_gen.exe: lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib_gen/Hacl_HMAC_Blake2s_128_gen.cmx 
+lib/Hacl_HMAC_Blake2b_256_bindings.cmx: 
+lib/Hacl_HMAC_Blake2b_256_bindings.cmo: 
+lib_gen/Hacl_HMAC_Blake2b_256_gen.cmx: lib/Hacl_HMAC_Blake2b_256_bindings.cmx
+lib_gen/Hacl_HMAC_Blake2b_256_gen.exe: lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib_gen/Hacl_HMAC_Blake2b_256_gen.cmx 
+lib/Hacl_Hash_SHA3_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
+lib/Hacl_Hash_SHA3_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
+lib_gen/Hacl_Hash_SHA3_gen.cmx: lib/Hacl_Hash_SHA3_bindings.cmx
+lib_gen/Hacl_Hash_SHA3_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Hash_SHA3_bindings.cmx lib_gen/Hacl_Hash_SHA3_gen.cmx 
+lib/Hacl_Hash_MD5_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
+lib/Hacl_Hash_MD5_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
+lib_gen/Hacl_Hash_MD5_gen.cmx: lib/Hacl_Hash_MD5_bindings.cmx
+lib_gen/Hacl_Hash_MD5_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Hash_MD5_bindings.cmx lib_gen/Hacl_Hash_MD5_gen.cmx 
+lib/Hacl_SHA2_Types_bindings.cmx: 
+lib/Hacl_SHA2_Types_bindings.cmo: 
+lib_gen/Hacl_SHA2_Types_gen.cmx: lib/Hacl_SHA2_Types_bindings.cmx
+lib_gen/Hacl_SHA2_Types_gen.exe: lib/Hacl_SHA2_Types_bindings.cmx lib_gen/Hacl_SHA2_Types_gen.cmx 
 lib/EverCrypt_Error_bindings.cmx: 
 lib/EverCrypt_Error_bindings.cmo: 
 lib_gen/EverCrypt_Error_gen.cmx: lib/EverCrypt_Error_bindings.cmx
@@ -83,22 +99,42 @@ lib/Hacl_Curve25519_51_bindings.cmx:
 lib/Hacl_Curve25519_51_bindings.cmo: 
 lib_gen/Hacl_Curve25519_51_gen.cmx: lib/Hacl_Curve25519_51_bindings.cmx
 lib_gen/Hacl_Curve25519_51_gen.exe: lib/Hacl_Curve25519_51_bindings.cmx lib_gen/Hacl_Curve25519_51_gen.cmx 
+lib/Hacl_MAC_Poly1305_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
+lib/Hacl_MAC_Poly1305_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
+lib_gen/Hacl_MAC_Poly1305_gen.cmx: lib/Hacl_MAC_Poly1305_bindings.cmx
+lib_gen/Hacl_MAC_Poly1305_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_MAC_Poly1305_bindings.cmx lib_gen/Hacl_MAC_Poly1305_gen.cmx 
+lib/Hacl_AEAD_Chacha20Poly1305_bindings.cmx: 
+lib/Hacl_AEAD_Chacha20Poly1305_bindings.cmo: 
+lib_gen/Hacl_AEAD_Chacha20Poly1305_gen.cmx: lib/Hacl_AEAD_Chacha20Poly1305_bindings.cmx
+lib_gen/Hacl_AEAD_Chacha20Poly1305_gen.exe: lib/Hacl_AEAD_Chacha20Poly1305_bindings.cmx lib_gen/Hacl_AEAD_Chacha20Poly1305_gen.cmx 
+lib/Hacl_MAC_Poly1305_Simd128_bindings.cmx: 
+lib/Hacl_MAC_Poly1305_Simd128_bindings.cmo: 
+lib_gen/Hacl_MAC_Poly1305_Simd128_gen.cmx: lib/Hacl_MAC_Poly1305_Simd128_bindings.cmx
+lib_gen/Hacl_MAC_Poly1305_Simd128_gen.exe: lib/Hacl_MAC_Poly1305_Simd128_bindings.cmx lib_gen/Hacl_MAC_Poly1305_Simd128_gen.cmx 
+lib/Hacl_Chacha20_Vec128_bindings.cmx: 
+lib/Hacl_Chacha20_Vec128_bindings.cmo: 
+lib_gen/Hacl_Chacha20_Vec128_gen.cmx: lib/Hacl_Chacha20_Vec128_bindings.cmx
+lib_gen/Hacl_Chacha20_Vec128_gen.exe: lib/Hacl_Chacha20_Vec128_bindings.cmx lib_gen/Hacl_Chacha20_Vec128_gen.cmx 
+lib/Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.cmx: 
+lib/Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.cmo: 
+lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd128_gen.cmx: lib/Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.cmx
+lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd128_gen.exe: lib/Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.cmx lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd128_gen.cmx 
+lib/Hacl_MAC_Poly1305_Simd256_bindings.cmx: 
+lib/Hacl_MAC_Poly1305_Simd256_bindings.cmo: 
+lib_gen/Hacl_MAC_Poly1305_Simd256_gen.cmx: lib/Hacl_MAC_Poly1305_Simd256_bindings.cmx
+lib_gen/Hacl_MAC_Poly1305_Simd256_gen.exe: lib/Hacl_MAC_Poly1305_Simd256_bindings.cmx lib_gen/Hacl_MAC_Poly1305_Simd256_gen.cmx 
+lib/Hacl_Chacha20_Vec256_bindings.cmx: 
+lib/Hacl_Chacha20_Vec256_bindings.cmo: 
+lib_gen/Hacl_Chacha20_Vec256_gen.cmx: lib/Hacl_Chacha20_Vec256_bindings.cmx
+lib_gen/Hacl_Chacha20_Vec256_gen.exe: lib/Hacl_Chacha20_Vec256_bindings.cmx lib_gen/Hacl_Chacha20_Vec256_gen.cmx 
+lib/Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.cmx: 
+lib/Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.cmo: 
+lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd256_gen.cmx: lib/Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.cmx
+lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd256_gen.exe: lib/Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.cmx lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd256_gen.cmx 
 lib/Hacl_Ed25519_bindings.cmx: 
 lib/Hacl_Ed25519_bindings.cmo: 
 lib_gen/Hacl_Ed25519_gen.cmx: lib/Hacl_Ed25519_bindings.cmx
 lib_gen/Hacl_Ed25519_gen.exe: lib/Hacl_Ed25519_bindings.cmx lib_gen/Hacl_Ed25519_gen.cmx 
-lib/Hacl_Poly1305_32_bindings.cmx: 
-lib/Hacl_Poly1305_32_bindings.cmo: 
-lib_gen/Hacl_Poly1305_32_gen.cmx: lib/Hacl_Poly1305_32_bindings.cmx
-lib_gen/Hacl_Poly1305_32_gen.exe: lib/Hacl_Poly1305_32_bindings.cmx lib_gen/Hacl_Poly1305_32_gen.cmx 
-lib/Hacl_Poly1305_128_bindings.cmx: 
-lib/Hacl_Poly1305_128_bindings.cmo: 
-lib_gen/Hacl_Poly1305_128_gen.cmx: lib/Hacl_Poly1305_128_bindings.cmx
-lib_gen/Hacl_Poly1305_128_gen.exe: lib/Hacl_Poly1305_128_bindings.cmx lib_gen/Hacl_Poly1305_128_gen.cmx 
-lib/Hacl_Poly1305_256_bindings.cmx: 
-lib/Hacl_Poly1305_256_bindings.cmo: 
-lib_gen/Hacl_Poly1305_256_gen.cmx: lib/Hacl_Poly1305_256_bindings.cmx
-lib_gen/Hacl_Poly1305_256_gen.exe: lib/Hacl_Poly1305_256_bindings.cmx lib_gen/Hacl_Poly1305_256_gen.cmx 
 lib/Hacl_NaCl_bindings.cmx: 
 lib/Hacl_NaCl_bindings.cmo: 
 lib_gen/Hacl_NaCl_gen.cmx: lib/Hacl_NaCl_bindings.cmx
@@ -143,18 +179,6 @@ lib/Hacl_Frodo640_bindings.cmx:
 lib/Hacl_Frodo640_bindings.cmo: 
 lib_gen/Hacl_Frodo640_gen.cmx: lib/Hacl_Frodo640_bindings.cmx
 lib_gen/Hacl_Frodo640_gen.exe: lib/Hacl_Frodo640_bindings.cmx lib_gen/Hacl_Frodo640_gen.cmx 
-lib/Hacl_Chacha20_Vec128_bindings.cmx: 
-lib/Hacl_Chacha20_Vec128_bindings.cmo: 
-lib_gen/Hacl_Chacha20_Vec128_gen.cmx: lib/Hacl_Chacha20_Vec128_bindings.cmx
-lib_gen/Hacl_Chacha20_Vec128_gen.exe: lib/Hacl_Chacha20_Vec128_bindings.cmx lib_gen/Hacl_Chacha20_Vec128_gen.cmx 
-lib/Hacl_Chacha20Poly1305_128_bindings.cmx: 
-lib/Hacl_Chacha20Poly1305_128_bindings.cmo: 
-lib_gen/Hacl_Chacha20Poly1305_128_gen.cmx: lib/Hacl_Chacha20Poly1305_128_bindings.cmx
-lib_gen/Hacl_Chacha20Poly1305_128_gen.exe: lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib_gen/Hacl_Chacha20Poly1305_128_gen.cmx 
-lib/Hacl_HMAC_bindings.cmx: 
-lib/Hacl_HMAC_bindings.cmo: 
-lib_gen/Hacl_HMAC_gen.cmx: lib/Hacl_HMAC_bindings.cmx
-lib_gen/Hacl_HMAC_gen.exe: lib/Hacl_HMAC_bindings.cmx lib_gen/Hacl_HMAC_gen.cmx 
 lib/Hacl_HKDF_bindings.cmx: 
 lib/Hacl_HKDF_bindings.cmo: 
 lib_gen/Hacl_HKDF_gen.cmx: lib/Hacl_HKDF_bindings.cmx
@@ -219,14 +243,6 @@ lib/EverCrypt_Curve25519_bindings.cmx:
 lib/EverCrypt_Curve25519_bindings.cmo: 
 lib_gen/EverCrypt_Curve25519_gen.cmx: lib/EverCrypt_Curve25519_bindings.cmx
 lib_gen/EverCrypt_Curve25519_gen.exe: lib/EverCrypt_Curve25519_bindings.cmx lib_gen/EverCrypt_Curve25519_gen.cmx 
-lib/Hacl_Chacha20_Vec256_bindings.cmx: 
-lib/Hacl_Chacha20_Vec256_bindings.cmo: 
-lib_gen/Hacl_Chacha20_Vec256_gen.cmx: lib/Hacl_Chacha20_Vec256_bindings.cmx
-lib_gen/Hacl_Chacha20_Vec256_gen.exe: lib/Hacl_Chacha20_Vec256_bindings.cmx lib_gen/Hacl_Chacha20_Vec256_gen.cmx 
-lib/Hacl_Chacha20Poly1305_256_bindings.cmx: 
-lib/Hacl_Chacha20Poly1305_256_bindings.cmo: 
-lib_gen/Hacl_Chacha20Poly1305_256_gen.cmx: lib/Hacl_Chacha20Poly1305_256_bindings.cmx
-lib_gen/Hacl_Chacha20Poly1305_256_gen.exe: lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib_gen/Hacl_Chacha20Poly1305_256_gen.cmx 
 lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx 
 lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo 
 lib_gen/Hacl_HPKE_Curve51_CP256_SHA512_gen.cmx: lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx
@@ -235,10 +251,6 @@ lib/Hacl_Frodo976_bindings.cmx:
 lib/Hacl_Frodo976_bindings.cmo: 
 lib_gen/Hacl_Frodo976_gen.cmx: lib/Hacl_Frodo976_bindings.cmx
 lib_gen/Hacl_Frodo976_gen.exe: lib/Hacl_Frodo976_bindings.cmx lib_gen/Hacl_Frodo976_gen.cmx 
-lib/Hacl_HMAC_Blake2s_128_bindings.cmx: 
-lib/Hacl_HMAC_Blake2s_128_bindings.cmo: 
-lib_gen/Hacl_HMAC_Blake2s_128_gen.cmx: lib/Hacl_HMAC_Blake2s_128_bindings.cmx
-lib_gen/Hacl_HMAC_Blake2s_128_gen.exe: lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib_gen/Hacl_HMAC_Blake2s_128_gen.cmx 
 lib/Hacl_HKDF_Blake2s_128_bindings.cmx: 
 lib/Hacl_HKDF_Blake2s_128_bindings.cmo: 
 lib_gen/Hacl_HKDF_Blake2s_128_gen.cmx: lib/Hacl_HKDF_Blake2s_128_bindings.cmx
@@ -275,10 +287,6 @@ lib/Hacl_SHA2_Vec128_bindings.cmx:
 lib/Hacl_SHA2_Vec128_bindings.cmo: 
 lib_gen/Hacl_SHA2_Vec128_gen.cmx: lib/Hacl_SHA2_Vec128_bindings.cmx
 lib_gen/Hacl_SHA2_Vec128_gen.exe: lib/Hacl_SHA2_Vec128_bindings.cmx lib_gen/Hacl_SHA2_Vec128_gen.cmx 
-lib/Hacl_Chacha20Poly1305_32_bindings.cmx: 
-lib/Hacl_Chacha20Poly1305_32_bindings.cmo: 
-lib_gen/Hacl_Chacha20Poly1305_32_gen.cmx: lib/Hacl_Chacha20Poly1305_32_bindings.cmx
-lib_gen/Hacl_Chacha20Poly1305_32_gen.exe: lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib_gen/Hacl_Chacha20Poly1305_32_gen.cmx 
 lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx 
 lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo 
 lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.cmx: lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx
@@ -291,18 +299,10 @@ lib/EverCrypt_Poly1305_bindings.cmx:
 lib/EverCrypt_Poly1305_bindings.cmo: 
 lib_gen/EverCrypt_Poly1305_gen.cmx: lib/EverCrypt_Poly1305_bindings.cmx
 lib_gen/EverCrypt_Poly1305_gen.exe: lib/EverCrypt_Poly1305_bindings.cmx lib_gen/EverCrypt_Poly1305_gen.cmx 
-lib/Hacl_Streaming_Poly1305_32_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
-lib/Hacl_Streaming_Poly1305_32_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
-lib_gen/Hacl_Streaming_Poly1305_32_gen.cmx: lib/Hacl_Streaming_Poly1305_32_bindings.cmx
-lib_gen/Hacl_Streaming_Poly1305_32_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib_gen/Hacl_Streaming_Poly1305_32_gen.cmx 
 lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx 
 lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo 
 lib_gen/Hacl_HPKE_Curve51_CP32_SHA512_gen.cmx: lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx
 lib_gen/Hacl_HPKE_Curve51_CP32_SHA512_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib_gen/Hacl_HPKE_Curve51_CP32_SHA512_gen.cmx 
-lib/Hacl_Streaming_Blake2_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx 
-lib/Hacl_Streaming_Blake2_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo 
-lib_gen/Hacl_Streaming_Blake2_gen.cmx: lib/Hacl_Streaming_Blake2_bindings.cmx
-lib_gen/Hacl_Streaming_Blake2_gen.exe: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_c_stubs.o lib/Hacl_Streaming_Blake2_bindings.cmx lib_gen/Hacl_Streaming_Blake2_gen.cmx 
 lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx 
 lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo 
 lib_gen/Hacl_HPKE_P256_CP256_SHA256_gen.cmx: lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx
@@ -319,10 +319,6 @@ lib/Hacl_Frodo64_bindings.cmx:
 lib/Hacl_Frodo64_bindings.cmo: 
 lib_gen/Hacl_Frodo64_gen.cmx: lib/Hacl_Frodo64_bindings.cmx
 lib_gen/Hacl_Frodo64_gen.exe: lib/Hacl_Frodo64_bindings.cmx lib_gen/Hacl_Frodo64_gen.cmx 
-lib/Hacl_HMAC_Blake2b_256_bindings.cmx: 
-lib/Hacl_HMAC_Blake2b_256_bindings.cmo: 
-lib_gen/Hacl_HMAC_Blake2b_256_gen.cmx: lib/Hacl_HMAC_Blake2b_256_bindings.cmx
-lib_gen/Hacl_HMAC_Blake2b_256_gen.exe: lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib_gen/Hacl_HMAC_Blake2b_256_gen.cmx 
 lib/Hacl_HKDF_Blake2b_256_bindings.cmx: 
 lib/Hacl_HKDF_Blake2b_256_bindings.cmo: 
 lib_gen/Hacl_HKDF_Blake2b_256_gen.cmx: lib/Hacl_HKDF_Blake2b_256_bindings.cmx
diff --git a/ocaml/hacl-star-raw.opam b/ocaml/hacl-star-raw.opam
index f1f606c0..abe9a3ad 100644
--- a/ocaml/hacl-star-raw.opam
+++ b/ocaml/hacl-star-raw.opam
@@ -29,8 +29,8 @@ available: [
   (os = "freebsd" | os-family != "bsd")
 ]
 build: [
-  [make "-C" "hacl-star-raw" "build-c"]
-  [make "-C" "hacl-star-raw" "build-bindings"]
+  [make "-C" "hacl-star-raw" "build-c" "-j" jobs]
+  [make "-C" "hacl-star-raw" "build-bindings" "-j" jobs]
 ]
 install: [
   [make "-C" "hacl-star-raw" "install"]
diff --git a/ocaml/hacl-star/EverCrypt.ml b/ocaml/hacl-star/EverCrypt.ml
index cae71efa..93b3e764 100644
--- a/ocaml/hacl-star/EverCrypt.ml
+++ b/ocaml/hacl-star/EverCrypt.ml
@@ -114,8 +114,8 @@ module Chacha20_Poly1305 : Chacha20_Poly1305 =
     (* EverCrypt already performs these runtime checks so all `reqs` attributes in
      * this file are empty since there is no need to do them here. *)
     let reqs = []
-    let encrypt = EverCrypt_Chacha20Poly1305.everCrypt_Chacha20Poly1305_aead_encrypt
-    let decrypt = EverCrypt_Chacha20Poly1305.everCrypt_Chacha20Poly1305_aead_decrypt
+    let encrypt key iv ad_size ad pt_size pt ct tag = EverCrypt_Chacha20Poly1305.everCrypt_Chacha20Poly1305_aead_encrypt ct tag pt pt_size ad ad_size key iv
+    let decrypt key iv ad_size ad pt_size pt ct tag = EverCrypt_Chacha20Poly1305.everCrypt_Chacha20Poly1305_aead_decrypt pt ct pt_size ad ad_size key iv tag
   end)
 
 module Curve25519 : Curve25519 =
@@ -146,15 +146,14 @@ module Hash = struct
       everCrypt_Hash_Incremental_hash (alg_definition alg) (C.ctypes_buf digest) (C.ctypes_buf msg) (C.size_uint32 msg)
     let finish ~st:(alg, t) ~digest =
       assert (C.size digest = digest_len alg);
-      everCrypt_Hash_Incremental_finish t (C.ctypes_buf digest)
+      everCrypt_Hash_Incremental_digest t (C.ctypes_buf digest)
   end
   (* TODO: get rid of the `alg` here by using `alg_of_state` *)
-  type t = alg * everCrypt_Hash_Incremental_hash_state Ctypes_static.ptr
+  type t = alg * everCrypt_Hash_Incremental_state_t Ctypes_static.ptr
   let init ~alg =
     Lazy.force at_exit_full_major;
     let alg_spec = alg_definition alg in
-    let st = everCrypt_Hash_Incremental_create_in alg_spec in
-    everCrypt_Hash_Incremental_init st;
+    let st = everCrypt_Hash_Incremental_malloc alg_spec in
     Gc.finalise everCrypt_Hash_Incremental_free st;
     alg, st
   let update ~st:(_alg, t) ~msg =
@@ -195,7 +194,7 @@ end
 module Poly1305 : MAC =
   Make_Poly1305 (struct
     let reqs = []
-    let mac dst data_len data key = EverCrypt_Poly1305.everCrypt_Poly1305_poly1305 dst data data_len key
+    let mac dst data_len data key = EverCrypt_Poly1305.everCrypt_Poly1305_mac dst data data_len key
 end)
 
 module HKDF = struct
diff --git a/ocaml/hacl-star/Hacl.ml b/ocaml/hacl-star/Hacl.ml
index d63206f7..63f713bd 100644
--- a/ocaml/hacl-star/Hacl.ml
+++ b/ocaml/hacl-star/Hacl.ml
@@ -10,30 +10,29 @@ module C = CBytes
 type bytes = CBytes.t
 
 module Lib_RandomBuffer_System = Lib_RandomBuffer_System_bindings.Bindings(Lib_RandomBuffer_System_stubs)
-module Hacl_Chacha20Poly1305_32 = Hacl_Chacha20Poly1305_32_bindings.Bindings(Hacl_Chacha20Poly1305_32_stubs)
+module Hacl_AEAD_Chacha20Poly1305 = Hacl_AEAD_Chacha20Poly1305_bindings.Bindings(Hacl_AEAD_Chacha20Poly1305_stubs)
 module Hacl_Curve25519_51 = Hacl_Curve25519_51_bindings.Bindings(Hacl_Curve25519_51_stubs)
 module Hacl_Ed25519 = Hacl_Ed25519_bindings.Bindings(Hacl_Ed25519_stubs)
 module Hacl_Hash_SHA3 = Hacl_Hash_SHA3_bindings.Bindings(Hacl_Hash_SHA3_stubs)
 module Hacl_HMAC = Hacl_HMAC_bindings.Bindings(Hacl_HMAC_stubs)
-module Hacl_Poly1305_32 = Hacl_Poly1305_32_bindings.Bindings(Hacl_Poly1305_32_stubs)
+module Hacl_MAC_Poly1305 = Hacl_MAC_Poly1305_bindings.Bindings(Hacl_MAC_Poly1305_stubs)
 module Hacl_HKDF = Hacl_HKDF_bindings.Bindings(Hacl_HKDF_stubs)
 module Hacl_NaCl = Hacl_NaCl_bindings.Bindings(Hacl_NaCl_stubs)
-module Hacl_Hash_Blake2 = Hacl_Hash_Blake2_bindings.Bindings(Hacl_Hash_Blake2_stubs)
-module Hacl_Blake2b_32 = Hacl_Hash_Blake2
-module Hacl_Blake2s_32 = Hacl_Hash_Blake2
+module Hacl_Hash_Blake2b = Hacl_Hash_Blake2b_bindings.Bindings(Hacl_Hash_Blake2b_stubs)
+module Hacl_Hash_Blake2s = Hacl_Hash_Blake2s_bindings.Bindings(Hacl_Hash_Blake2s_stubs)
 module Hacl_P256 = Hacl_P256_bindings.Bindings(Hacl_P256_stubs)
 module Hacl_K256 = Hacl_K256_ECDSA_bindings.Bindings(Hacl_K256_ECDSA_stubs)
 
 #ifdef HACL_CAN_COMPILE_VEC128
-module Hacl_Chacha20Poly1305_128 = Hacl_Chacha20Poly1305_128_bindings.Bindings(Hacl_Chacha20Poly1305_128_stubs)
-module Hacl_Poly1305_128 = Hacl_Poly1305_128_bindings.Bindings(Hacl_Poly1305_128_stubs)
-module Hacl_Blake2s_128 = Hacl_Hash_Blake2s_128_bindings.Bindings(Hacl_Hash_Blake2s_128_stubs)
+module Hacl_AEAD_Chacha20Poly1305_Simd128 = Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.Bindings(Hacl_AEAD_Chacha20Poly1305_Simd128_stubs)
+module Hacl_MAC_Poly1305_Simd128 = Hacl_MAC_Poly1305_Simd128_bindings.Bindings(Hacl_MAC_Poly1305_Simd128_stubs)
+module Hacl_Hash_Blake2s_Simd128 = Hacl_Hash_Blake2s_Simd128_bindings.Bindings(Hacl_Hash_Blake2s_Simd128_stubs)
 #endif
 
 #ifdef HACL_CAN_COMPILE_VEC256
-module Hacl_Chacha20Poly1305_256 = Hacl_Chacha20Poly1305_256_bindings.Bindings(Hacl_Chacha20Poly1305_256_stubs)
-module Hacl_Poly1305_256 = Hacl_Poly1305_256_bindings.Bindings(Hacl_Poly1305_256_stubs)
-module Hacl_Blake2b_256 = Hacl_Hash_Blake2b_256_bindings.Bindings(Hacl_Hash_Blake2b_256_stubs)
+module Hacl_AEAD_Chacha20Poly1305_256 = Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.Bindings(Hacl_AEAD_Chacha20Poly1305_Simd256_stubs)
+module Hacl_MAC_Poly1305_Simd256 = Hacl_MAC_Poly1305_Simd256_bindings.Bindings(Hacl_MAC_Poly1305_Simd256_stubs)
+module Hacl_Hash_Blake2b_Simd256 = Hacl_Hash_Blake2b_Simd256_bindings.Bindings(Hacl_Hash_Blake2b_Simd256_stubs)
 #endif
 
 #ifdef HACL_CAN_COMPILE_VALE
@@ -56,8 +55,8 @@ end
 module Chacha20_Poly1305_32 : Chacha20_Poly1305 =
   Make_Chacha20_Poly1305 (struct
     let reqs = []
-    let encrypt = Hacl_Chacha20Poly1305_32.hacl_Chacha20Poly1305_32_aead_encrypt
-    let decrypt = Hacl_Chacha20Poly1305_32.hacl_Chacha20Poly1305_32_aead_decrypt
+    let encrypt = Hacl_AEAD_Chacha20Poly1305.hacl_AEAD_Chacha20Poly1305_encrypt
+    let decrypt = Hacl_AEAD_Chacha20Poly1305.hacl_AEAD_Chacha20Poly1305_decrypt
   end)
 
 module Curve25519_51 : Curve25519 =
@@ -80,49 +79,49 @@ module Ed25519 : EdDSA =
 module SHA2_224 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = Agile HashDefs.SHA2_224
-    let hash = Hacl_Hash.hacl_Streaming_SHA2_hash_224
+    let hash = Hacl_Hash.hacl_Hash_SHA2_hash_224
 end)
 
 module SHA2_256 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = Agile HashDefs.SHA2_256
-    let hash = Hacl_Hash.hacl_Streaming_SHA2_hash_256
+    let hash = Hacl_Hash.hacl_Hash_SHA2_hash_256
 end)
 
 module SHA2_384 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = Agile HashDefs.SHA2_384
-    let hash = Hacl_Hash.hacl_Streaming_SHA2_hash_384
+    let hash = Hacl_Hash.hacl_Hash_SHA2_hash_384
 end)
 
 module SHA2_512 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = Agile HashDefs.SHA2_512
-    let hash = Hacl_Hash.hacl_Streaming_SHA2_hash_512
+    let hash = Hacl_Hash.hacl_Hash_SHA2_hash_512
 end)
 
 module SHA3_224 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = SHA3_224
-    let hash input input_len output = Hacl_Hash_SHA3.hacl_SHA3_sha3_224 input_len input output
+    let hash = Hacl_Hash_SHA3.hacl_Hash_SHA3_sha3_224
 end)
 
 module SHA3_256 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = SHA3_256
-    let hash input input_len output = Hacl_Hash_SHA3.hacl_SHA3_sha3_256 input_len input output
+    let hash= Hacl_Hash_SHA3.hacl_Hash_SHA3_sha3_256
 end)
 
 module SHA3_384 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = SHA3_384
-    let hash input input_len output = Hacl_Hash_SHA3.hacl_SHA3_sha3_384 input_len input output
+    let hash = Hacl_Hash_SHA3.hacl_Hash_SHA3_sha3_384
 end)
 
 module SHA3_512 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = SHA3_512
-    let hash input input_len output = Hacl_Hash_SHA3.hacl_SHA3_sha3_512 input_len input output
+    let hash = Hacl_Hash_SHA3.hacl_Hash_SHA3_sha3_512
 end)
 
 module Keccak = struct
@@ -130,17 +129,17 @@ module Keccak = struct
     let shake128 ~msg ~digest =
       (* Hacl.SHA3.shake128_hacl *)
       assert (C.disjoint msg digest);
-      Hacl_Hash_SHA3.hacl_SHA3_shake128_hacl (C.size_uint32 msg) (C.ctypes_buf msg) (C.size_uint32 digest) (C.ctypes_buf digest)
+      Hacl_Hash_SHA3.hacl_Hash_SHA3_shake128_hacl (C.size_uint32 msg) (C.ctypes_buf msg) (C.size_uint32 digest) (C.ctypes_buf digest)
     let shake256 ~msg ~digest =
       (* Hacl.SHA3.shake256_hacl *)
       assert (C.disjoint msg digest);
-      Hacl_Hash_SHA3.hacl_SHA3_shake256_hacl (C.size_uint32 msg) (C.ctypes_buf msg) (C.size_uint32 digest) (C.ctypes_buf digest)
+      Hacl_Hash_SHA3.hacl_Hash_SHA3_shake256_hacl (C.size_uint32 msg) (C.ctypes_buf msg) (C.size_uint32 digest) (C.ctypes_buf digest)
     let keccak ~rate ~capacity ~suffix ~msg ~digest =
       (* Hacl.Impl.SHA3.keccak *)
       assert (rate mod 8 = 0 && rate / 8 > 0 && rate <= 1600);
       assert (capacity + rate = 1600);
       assert (C.disjoint msg digest);
-      Hacl_Hash_SHA3.hacl_Impl_SHA3_keccak (UInt32.of_int rate) (UInt32.of_int capacity) (C.size_uint32 msg) (C.ctypes_buf msg) (UInt8.of_int suffix) (C.size_uint32 digest) (C.ctypes_buf digest)
+      Hacl_Hash_SHA3.hacl_Hash_SHA3_keccak (UInt32.of_int rate) (UInt32.of_int capacity) (C.size_uint32 msg) (C.ctypes_buf msg) (UInt8.of_int suffix) (C.size_uint32 digest) (C.ctypes_buf digest)
   end
   let shake128 ~msg ~size =
     let digest = C.make size in
@@ -159,13 +158,13 @@ end
 module SHA1 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = Agile HashDefs.(Legacy SHA1)
-    let hash = Hacl_Hash.hacl_Hash_SHA1_legacy_hash
+    let hash = Hacl_Hash.hacl_Hash_SHA1_hash
 end) [@@deprecated]
 
 module MD5 : HashFunction =
   Make_HashFunction (struct
     let hash_alg = Agile HashDefs.(Legacy MD5)
-    let hash = Hacl_Hash.hacl_Hash_MD5_legacy_hash
+    let hash = Hacl_Hash.hacl_Hash_MD5_hash
 end) [@@deprecated]
 
 module HMAC_SHA2_256 : MAC =
@@ -198,10 +197,10 @@ module HMAC_BLAKE2s : MAC =
     let mac = Hacl_HMAC.hacl_HMAC_compute_blake2s_32
 end)
 
-module Poly1305_32 : MAC =
+module Poly1305 : MAC =
   Make_Poly1305 (struct
     let reqs = []
-    let mac = Hacl_Poly1305_32.hacl_Poly1305_32_poly1305_mac
+    let mac = fun output input_len input key -> Hacl_MAC_Poly1305.hacl_MAC_Poly1305_mac output input input_len key
 end)
 
 module HKDF_SHA2_256 : HKDF =
@@ -627,36 +626,36 @@ module K256 = struct
       None
 end
 
-module Blake2b_32 : Blake2 =
+module Blake2b : Blake2 =
   Make_Blake2b (struct
     let reqs = []
-    let blake2b = Hacl_Blake2b_32.hacl_Blake2b_32_blake2b
+    let blake2b = Hacl_Hash_Blake2b.hacl_Hash_Blake2b_hash_with_key
   end)
 
-module Blake2s_32 : Blake2 =
+module Blake2s : Blake2 =
   Make_Blake2s (struct
     let reqs = []
-    let blake2s = Hacl_Blake2s_32.hacl_Blake2s_32_blake2s
+    let blake2s = Hacl_Hash_Blake2s.hacl_Hash_Blake2s_hash_with_key
   end)
 
 #ifdef HACL_CAN_COMPILE_VEC128
 module Chacha20_Poly1305_128 : Chacha20_Poly1305 =
   Make_Chacha20_Poly1305 (struct
     let reqs = [VEC128]
-    let encrypt = Hacl_Chacha20Poly1305_128.hacl_Chacha20Poly1305_128_aead_encrypt
-    let decrypt = Hacl_Chacha20Poly1305_128.hacl_Chacha20Poly1305_128_aead_decrypt
+    let encrypt = Hacl_AEAD_Chacha20Poly1305_Simd128.hacl_AEAD_Chacha20Poly1305_Simd128_encrypt
+    let decrypt = Hacl_AEAD_Chacha20Poly1305_Simd128.hacl_AEAD_Chacha20Poly1305_Simd128_decrypt
   end)
 
-module Poly1305_128 : MAC =
+module Poly1305_Simd128 : MAC =
   Make_Poly1305 (struct
     let reqs = [VEC128]
-    let mac = Hacl_Poly1305_128.hacl_Poly1305_128_poly1305_mac
+    let mac = fun output input_len input key -> Hacl_MAC_Poly1305_Simd128.hacl_MAC_Poly1305_Simd128_mac output input input_len key
 end)
 
-module Blake2s_128 : Blake2 =
+module Blake2s_Simd128 : Blake2 =
   Make_Blake2s (struct
     let reqs = [VEC128]
-    let blake2s = Hacl_Blake2s_128.hacl_Blake2s_128_blake2s
+    let blake2s = Hacl_Hash_Blake2s_Simd128.hacl_Hash_Blake2s_Simd128_hash_with_key
   end)
 #else
 module Chacha20_Poly1305_128 : Chacha20_Poly1305 =
@@ -672,7 +671,7 @@ module Poly1305_128 : MAC =
     let mac _ _ _ = failwith "Not implemented on this platform"
 end)
 
-module Blake2s_128 : Blake2 =
+module Blake2s_Simd128 : Blake2 =
   Make_Blake2s (struct
     let reqs = [VEC128]
     let blake2s _ _ _ = failwith "Not implemented on this platform"
@@ -683,20 +682,20 @@ module Blake2s_128 : Blake2 =
 module Chacha20_Poly1305_256 : Chacha20_Poly1305 =
   Make_Chacha20_Poly1305 (struct
     let reqs = [VEC256]
-    let encrypt = Hacl_Chacha20Poly1305_256.hacl_Chacha20Poly1305_256_aead_encrypt
-    let decrypt = Hacl_Chacha20Poly1305_256.hacl_Chacha20Poly1305_256_aead_decrypt
+    let encrypt = Hacl_AEAD_Chacha20Poly1305_256.hacl_AEAD_Chacha20Poly1305_Simd256_encrypt
+    let decrypt = Hacl_AEAD_Chacha20Poly1305_256.hacl_AEAD_Chacha20Poly1305_Simd256_decrypt
   end)
 
-module Poly1305_256 : MAC =
+module Poly1305_Simd256 : MAC =
   Make_Poly1305 (struct
       let reqs = [VEC256]
-    let mac = Hacl_Poly1305_256.hacl_Poly1305_256_poly1305_mac
+    let mac = fun output input_len input key -> Hacl_MAC_Poly1305_Simd256.hacl_MAC_Poly1305_Simd256_mac output input input_len key
 end)
 
-module Blake2b_256 : Blake2 =
+module Blake2b_Simd256 : Blake2 =
   Make_Blake2b (struct
     let reqs = [VEC256]
-    let blake2b = Hacl_Blake2b_256.hacl_Blake2b_256_blake2b
+    let blake2b = Hacl_Hash_Blake2b_Simd256.hacl_Hash_Blake2b_Simd256_hash_with_key
   end)
 #else
 module Chacha20_Poly1305_256 : Chacha20_Poly1305 =
@@ -706,13 +705,13 @@ module Chacha20_Poly1305_256 : Chacha20_Poly1305 =
     let decrypt _ _ _ _ _ _ = failwith "Not implemented on this platform"
   end)
 
-module Poly1305_256 : MAC =
+module Poly1305_Simd256 : MAC =
   Make_Poly1305 (struct
       let reqs = [VEC256]
     let mac _ _ _ = failwith "Not implemented on this platform"
 end)
 
-module Blake2b_256 : Blake2 =
+module Blake2b_Simd256 : Blake2 =
   Make_Blake2b (struct
     let reqs = [VEC256]
     let blake2b _ _ _ = failwith "Not implemented on this platform"
diff --git a/ocaml/hacl-star/Hacl.mli b/ocaml/hacl-star/Hacl.mli
index a87e9691..72c0db59 100644
--- a/ocaml/hacl-star/Hacl.mli
+++ b/ocaml/hacl-star/Hacl.mli
@@ -442,16 +442,16 @@ end
     - BLAKE2s, optimised for 8- to 32-bit architectures
 *)
 
-module Blake2b_32 : Blake2
+module Blake2b : Blake2
 (** Portable BLAKE2b implementation *)
 
-module Blake2b_256 : Blake2
+module Blake2b_Simd256 : Blake2
 (** Vectorized BLAKE2b implementation, requiring {{!AutoConfig2.VEC256} 256-bit vector support} *)
 
-module Blake2s_32 : Blake2
+module Blake2s : Blake2
 (** Portable BLAKE2s implementation *)
 
-module Blake2s_128 : Blake2
+module Blake2s_Simd128 : Blake2
 (** Vectorized BLAKE2s implementation, requiring {{!AutoConfig2.VEC128} 128-bit vector support} *)
 
 (** {2 Legacy (deprecated)}
@@ -498,13 +498,13 @@ module HMAC_BLAKE2s : MAC
 
 (** {2 Poly1305} *)
 
-module Poly1305_32 : MAC
+module Poly1305 : MAC
 (** Portable C implementation of Poly1305 *)
 
-module Poly1305_128 : MAC
+module Poly1305_Simd128 : MAC
 (** Vectorized C implementation of Poly1305 that runs on platforms with {{!AutoConfig2.VEC128} 128-bit vector support} *)
 
-module Poly1305_256 : MAC
+module Poly1305_Simd256 : MAC
 (** Vectorized C implementation of Poly1305 that runs on platforms with {{!AutoConfig2.VEC256} 256-bit vector support} *)
 
 
diff --git a/ocaml/hacl-star/SharedDefs.ml b/ocaml/hacl-star/SharedDefs.ml
index 08bb9e5b..d1d30cf1 100644
--- a/ocaml/hacl-star/SharedDefs.ml
+++ b/ocaml/hacl-star/SharedDefs.ml
@@ -46,7 +46,8 @@ module Hacl_Hash = struct
   include Hacl_Hash_MD5_bindings.Bindings(Hacl_Hash_MD5_stubs)
   include Hacl_Hash_SHA1_bindings.Bindings(Hacl_Hash_SHA1_stubs)
   include Hacl_Hash_SHA2_bindings.Bindings(Hacl_Hash_SHA2_stubs)
-  include Hacl_Hash_Blake2_bindings.Bindings(Hacl_Hash_Blake2_stubs)
+  include Hacl_Hash_Blake2b_bindings.Bindings(Hacl_Hash_Blake2b_stubs)
+  include Hacl_Hash_Blake2s_bindings.Bindings(Hacl_Hash_Blake2s_stubs)
 end
 module Hacl_Spec = Hacl_Spec_bindings.Bindings(Hacl_Spec_stubs)
 module Hacl_Streaming_Types = Hacl_Streaming_Types_bindings.Bindings(Hacl_Streaming_Types_stubs)
diff --git a/ocaml/hacl-star/SharedFunctors.ml b/ocaml/hacl-star/SharedFunctors.ml
index 05cb5d3c..0d4de6c9 100644
--- a/ocaml/hacl-star/SharedFunctors.ml
+++ b/ocaml/hacl-star/SharedFunctors.ml
@@ -8,7 +8,7 @@ let check_reqs = List.iter (fun x -> assert (has_feature x))
 module Make_Chacha20_Poly1305_generic (C: Buffer)
     (Impl : sig
        val reqs : feature list
-       val encrypt : C.buf -> C.buf -> uint32 -> C.buf -> uint32 -> C.buf -> C.buf -> C.buf -> unit
+       val encrypt : C.buf -> C.buf -> C.buf -> uint32 -> C.buf -> uint32 -> C.buf -> C.buf -> unit
        val decrypt : C.buf -> C.buf -> uint32 -> C.buf -> uint32 -> C.buf -> C.buf -> C.buf -> uint32
      end)
 = struct
@@ -28,15 +28,15 @@ module Make_Chacha20_Poly1305_generic (C: Buffer)
       assert (C.disjoint iv tag);
       assert (C.disjoint ct tag);
       assert (C.disjoint ad ct);
-      Impl.encrypt (C.ctypes_buf key) (C.ctypes_buf iv) (C.size_uint32 ad) (C.ctypes_buf ad)
-        (C.size_uint32 pt) (C.ctypes_buf pt) (C.ctypes_buf ct) (C.ctypes_buf tag)
+      Impl.encrypt (C.ctypes_buf ct) (C.ctypes_buf tag) (C.ctypes_buf pt) (C.size_uint32 pt)
+        (C.ctypes_buf ad) (C.size_uint32 ad) (C.ctypes_buf key) (C.ctypes_buf iv)
     let decrypt ~key ~iv ~ad ~ct ~tag ~pt =
       check_reqs Impl.reqs;
       (* code/chacha20poly1305/Hacl.Impl.Chacha20Poly1305.aead_decrypt_st *)
       check_sizes ~alg ~iv_len:(C.size iv) ~tag_len:(C.size tag)
         ~ad_len:(C.size ad)~pt_len:(C.size pt) ~ct_len:(C.size ct);
-      let result = Impl.decrypt (C.ctypes_buf key) (C.ctypes_buf iv) (C.size_uint32 ad) (C.ctypes_buf ad)
-          (C.size_uint32 pt) (C.ctypes_buf pt) (C.ctypes_buf ct) (C.ctypes_buf tag)
+      let result = Impl.decrypt (C.ctypes_buf pt) (C.ctypes_buf ct) (C.size_uint32 pt) (C.ctypes_buf ad)
+          (C.size_uint32 ad) (C.ctypes_buf key) (C.ctypes_buf iv) (C.ctypes_buf tag)
       in
       UInt32.to_int result = 0
   end
@@ -178,7 +178,7 @@ type all_hash_alg =
 module Make_HashFunction_generic (C: Buffer)
     (Impl : sig
        val hash_alg : all_hash_alg
-       val hash : C.buf -> uint32 -> C.buf -> unit
+       val hash : C.buf -> C.buf -> uint32 -> unit
      end)
 = struct
   type bytes = C.t
@@ -193,7 +193,7 @@ module Make_HashFunction_generic (C: Buffer)
       check_max_buffer_len (C.size msg);
       assert (C.size digest = digest_len Impl.hash_alg);
       assert (C.disjoint msg digest);
-      Impl.hash (C.ctypes_buf msg) (C.size_uint32 msg) (C.ctypes_buf digest)
+      Impl.hash (C.ctypes_buf digest) (C.ctypes_buf msg) (C.size_uint32 msg)
   end
   let hash msg =
     let digest = C.make (digest_len Impl.hash_alg) in
@@ -330,7 +330,7 @@ end
 module Make_Blake2b_generic (C: Buffer)
     (Impl : sig
        val reqs : feature list
-       val blake2b : uint32 -> C.buf -> uint32 -> C.buf -> uint32 -> C.buf -> unit
+       val blake2b : C.buf -> uint32 -> C.buf -> uint32 -> C.buf -> uint32 -> unit
      end)
 = struct
   type bytes = C.t
@@ -344,7 +344,7 @@ module Make_Blake2b_generic (C: Buffer)
       assert (C.disjoint key msg);
       assert (C.disjoint key digest);
       assert (C.disjoint msg digest);
-      Impl.blake2b (C.size_uint32 digest) (C.ctypes_buf digest) (C.size_uint32 msg) (C.ctypes_buf msg) (C.size_uint32 key) (C.ctypes_buf key)
+      Impl.blake2b (C.ctypes_buf digest) (C.size_uint32 digest) (C.ctypes_buf msg) (C.size_uint32 msg) (C.ctypes_buf key) (C.size_uint32 key)
   end
   let hash ?(key = C.empty) msg size =
     assert (size > 0 && size <= 64);
@@ -356,7 +356,7 @@ end
 module Make_Blake2s_generic (C: Buffer)
     (Impl : sig
        val reqs : feature list
-       val blake2s : uint32 -> C.buf -> uint32 -> C.buf -> uint32 -> C.buf -> unit
+       val blake2s : C.buf -> uint32 -> C.buf -> uint32 -> C.buf -> uint32 -> unit
      end)
 = struct
   type bytes = C.t
@@ -370,7 +370,7 @@ module Make_Blake2s_generic (C: Buffer)
       assert (C.disjoint key msg);
       assert (C.disjoint key digest);
       assert (C.disjoint msg digest);
-      Impl.blake2s (C.size_uint32 digest) (C.ctypes_buf digest) (C.size_uint32 msg) (C.ctypes_buf msg) (C.size_uint32 key) (C.ctypes_buf key)
+      Impl.blake2s (C.ctypes_buf digest) (C.size_uint32 digest) (C.ctypes_buf msg) (C.size_uint32 msg) (C.ctypes_buf key) (C.size_uint32 key)
   end
   let hash ?(key = C.empty) msg size =
     assert (size > 0 && size <= 32);
diff --git a/ocaml/hacl-star/tests/hash_test.ml b/ocaml/hacl-star/tests/hash_test.ml
index 94b3733c..f27d779c 100644
--- a/ocaml/hacl-star/tests/hash_test.ml
+++ b/ocaml/hacl-star/tests/hash_test.ml
@@ -338,16 +338,16 @@ let _ =
   test_nonagile "Hacl" test_sha1 Hacl.SHA1.hash Hacl.SHA1.Noalloc.hash;
   test_nonagile "Hacl" test_md5 Hacl.MD5.hash Hacl.MD5.Noalloc.hash;
 
-  let module Tests = MakeBlake2Tests (Hacl.Blake2b_32) in
+  let module Tests = MakeBlake2Tests (Hacl.Blake2b) in
   Tests.run_tests "BLAKE2b_32" blake2b_keyed_tests [];
 
-  let module Tests = MakeBlake2Tests (Hacl.Blake2b_256) in
+  let module Tests = MakeBlake2Tests (Hacl.Blake2b_Simd256) in
   Tests.run_tests "BLAKE2b_256" blake2b_keyed_tests [VEC256];
 
-  let module Tests = MakeBlake2Tests (Hacl.Blake2s_32) in
+  let module Tests = MakeBlake2Tests (Hacl.Blake2s) in
   Tests.run_tests "BLAKE2s_32" blake2s_keyed_tests [];
 
-  let module Tests = MakeBlake2Tests (Hacl.Blake2s_128) in
+  let module Tests = MakeBlake2Tests (Hacl.Blake2s_Simd128) in
   Tests.run_tests "BLAKE2s_128" blake2s_keyed_tests [VEC128];
 
   test_keccak ();
diff --git a/ocaml/hacl-star/tests/poly1305_test.ml b/ocaml/hacl-star/tests/poly1305_test.ml
index dc6e4b61..f1da2b22 100644
--- a/ocaml/hacl-star/tests/poly1305_test.ml
+++ b/ocaml/hacl-star/tests/poly1305_test.ml
@@ -52,13 +52,13 @@ end
 let _ =
   List.iter validate_test tests;
 
-  let module Tests = MakeTests (Hacl.Poly1305_32) in
+  let module Tests = MakeTests (Hacl.Poly1305) in
   Tests.run_tests "Hacl.Poly1305_32" [];
 
-  let module Tests = MakeTests (Hacl.Poly1305_128) in
+  let module Tests = MakeTests (Hacl.Poly1305_Simd128) in
   Tests.run_tests "Hacl.Poly1305_128" [VEC128];
 
-  let module Tests = MakeTests (Hacl.Poly1305_256) in
+  let module Tests = MakeTests (Hacl.Poly1305_Simd256) in
   Tests.run_tests "Hacl.Poly1305_256" [VEC256];
 
   let module Tests = MakeTests (EverCrypt.Poly1305) in
diff --git a/ocaml/lib/EverCrypt_HMAC_bindings.ml b/ocaml/lib/EverCrypt_HMAC_bindings.ml
index c51a9899..b96d1d0c 100644
--- a/ocaml/lib/EverCrypt_HMAC_bindings.ml
+++ b/ocaml/lib/EverCrypt_HMAC_bindings.ml
@@ -13,7 +13,7 @@ module Bindings(F:Cstubs.FOREIGN) =
       typedef spec_Hash_Definitions_hash_alg "EverCrypt_HMAC_supported_alg"
     let everCrypt_HMAC_hash_256 =
       foreign "EverCrypt_HMAC_hash_256"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
     let everCrypt_HMAC_compute_sha1 =
       foreign "EverCrypt_HMAC_compute_sha1"
         (ocaml_bytes @->
diff --git a/ocaml/lib/EverCrypt_Hash_bindings.ml b/ocaml/lib/EverCrypt_Hash_bindings.ml
index 37b282cb..a22cfdab 100644
--- a/ocaml/lib/EverCrypt_Hash_bindings.ml
+++ b/ocaml/lib/EverCrypt_Hash_bindings.ml
@@ -33,45 +33,45 @@ module Bindings(F:Cstubs.FOREIGN) =
     let everCrypt_Hash_Incremental_hash_len =
       foreign "EverCrypt_Hash_Incremental_hash_len"
         (spec_Hash_Definitions_hash_alg @-> (returning uint32_t))
-    type everCrypt_Hash_Incremental_hash_state =
-      [ `everCrypt_Hash_Incremental_hash_state ] structure
-    let (everCrypt_Hash_Incremental_hash_state :
-      [ `everCrypt_Hash_Incremental_hash_state ] structure typ) =
-      structure "EverCrypt_Hash_Incremental_hash_state_s"
-    let everCrypt_Hash_Incremental_hash_state_block_state =
-      field everCrypt_Hash_Incremental_hash_state "block_state"
+    type everCrypt_Hash_Incremental_state_t =
+      [ `everCrypt_Hash_Incremental_state_t ] structure
+    let (everCrypt_Hash_Incremental_state_t :
+      [ `everCrypt_Hash_Incremental_state_t ] structure typ) =
+      structure "EverCrypt_Hash_Incremental_state_t_s"
+    let everCrypt_Hash_Incremental_state_t_block_state =
+      field everCrypt_Hash_Incremental_state_t "block_state"
         (ptr everCrypt_Hash_state_s)
-    let everCrypt_Hash_Incremental_hash_state_buf =
-      field everCrypt_Hash_Incremental_hash_state "buf" (ptr uint8_t)
-    let everCrypt_Hash_Incremental_hash_state_total_len =
-      field everCrypt_Hash_Incremental_hash_state "total_len" uint64_t
-    let _ = seal everCrypt_Hash_Incremental_hash_state
-    let everCrypt_Hash_Incremental_create_in =
-      foreign "EverCrypt_Hash_Incremental_create_in"
+    let everCrypt_Hash_Incremental_state_t_buf =
+      field everCrypt_Hash_Incremental_state_t "buf" (ptr uint8_t)
+    let everCrypt_Hash_Incremental_state_t_total_len =
+      field everCrypt_Hash_Incremental_state_t "total_len" uint64_t
+    let _ = seal everCrypt_Hash_Incremental_state_t
+    let everCrypt_Hash_Incremental_malloc =
+      foreign "EverCrypt_Hash_Incremental_malloc"
         (spec_Hash_Definitions_hash_alg @->
-           (returning (ptr everCrypt_Hash_Incremental_hash_state)))
-    let everCrypt_Hash_Incremental_init =
-      foreign "EverCrypt_Hash_Incremental_init"
-        ((ptr everCrypt_Hash_Incremental_hash_state) @-> (returning void))
+           (returning (ptr everCrypt_Hash_Incremental_state_t)))
+    let everCrypt_Hash_Incremental_reset =
+      foreign "EverCrypt_Hash_Incremental_reset"
+        ((ptr everCrypt_Hash_Incremental_state_t) @-> (returning void))
     let everCrypt_Hash_Incremental_update =
       foreign "EverCrypt_Hash_Incremental_update"
-        ((ptr everCrypt_Hash_Incremental_hash_state) @->
+        ((ptr everCrypt_Hash_Incremental_state_t) @->
            (ocaml_bytes @->
               (uint32_t @-> (returning everCrypt_Error_error_code))))
     let everCrypt_Hash_Incremental_alg_of_state =
       foreign "EverCrypt_Hash_Incremental_alg_of_state"
-        ((ptr everCrypt_Hash_Incremental_hash_state) @->
+        ((ptr everCrypt_Hash_Incremental_state_t) @->
            (returning spec_Hash_Definitions_hash_alg))
-    let everCrypt_Hash_Incremental_finish =
-      foreign "EverCrypt_Hash_Incremental_finish"
-        ((ptr everCrypt_Hash_Incremental_hash_state) @->
+    let everCrypt_Hash_Incremental_digest =
+      foreign "EverCrypt_Hash_Incremental_digest"
+        ((ptr everCrypt_Hash_Incremental_state_t) @->
            (ocaml_bytes @-> (returning void)))
     let everCrypt_Hash_Incremental_free =
       foreign "EverCrypt_Hash_Incremental_free"
-        ((ptr everCrypt_Hash_Incremental_hash_state) @-> (returning void))
+        ((ptr everCrypt_Hash_Incremental_state_t) @-> (returning void))
     let everCrypt_Hash_Incremental_hash_256 =
       foreign "EverCrypt_Hash_Incremental_hash_256"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
     let everCrypt_Hash_Incremental_hash =
       foreign "EverCrypt_Hash_Incremental_hash"
         (spec_Hash_Definitions_hash_alg @->
diff --git a/ocaml/lib/EverCrypt_Poly1305_bindings.ml b/ocaml/lib/EverCrypt_Poly1305_bindings.ml
index 9323b58e..e6904343 100644
--- a/ocaml/lib/EverCrypt_Poly1305_bindings.ml
+++ b/ocaml/lib/EverCrypt_Poly1305_bindings.ml
@@ -2,8 +2,8 @@ open Ctypes
 module Bindings(F:Cstubs.FOREIGN) =
   struct
     open F
-    let everCrypt_Poly1305_poly1305 =
-      foreign "EverCrypt_Poly1305_poly1305"
+    let everCrypt_Poly1305_mac =
+      foreign "EverCrypt_Poly1305_mac"
         (ocaml_bytes @->
            (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))))
   end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Chacha20Poly1305_128_bindings.ml b/ocaml/lib/Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.ml
similarity index 58%
rename from ocaml/lib/Hacl_Chacha20Poly1305_128_bindings.ml
rename to ocaml/lib/Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.ml
index 5ec259bc..2603d53b 100644
--- a/ocaml/lib/Hacl_Chacha20Poly1305_128_bindings.ml
+++ b/ocaml/lib/Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.ml
@@ -2,17 +2,17 @@ open Ctypes
 module Bindings(F:Cstubs.FOREIGN) =
   struct
     open F
-    let hacl_Chacha20Poly1305_128_aead_encrypt =
-      foreign "Hacl_Chacha20Poly1305_128_aead_encrypt"
+    let hacl_AEAD_Chacha20Poly1305_Simd128_encrypt =
+      foreign "Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt"
         (ocaml_bytes @->
            (ocaml_bytes @->
-              (uint32_t @->
-                 (ocaml_bytes @->
-                    (uint32_t @->
-                       (ocaml_bytes @->
+              (ocaml_bytes @->
+                 (uint32_t @->
+                    (ocaml_bytes @->
+                       (uint32_t @->
                           (ocaml_bytes @-> (ocaml_bytes @-> (returning void)))))))))
-    let hacl_Chacha20Poly1305_128_aead_decrypt =
-      foreign "Hacl_Chacha20Poly1305_128_aead_decrypt"
+    let hacl_AEAD_Chacha20Poly1305_Simd128_decrypt =
+      foreign "Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt"
         (ocaml_bytes @->
            (ocaml_bytes @->
               (uint32_t @->
diff --git a/ocaml/lib/Hacl_Chacha20Poly1305_256_bindings.ml b/ocaml/lib/Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.ml
similarity index 58%
rename from ocaml/lib/Hacl_Chacha20Poly1305_256_bindings.ml
rename to ocaml/lib/Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.ml
index 04c58d4e..13de7463 100644
--- a/ocaml/lib/Hacl_Chacha20Poly1305_256_bindings.ml
+++ b/ocaml/lib/Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.ml
@@ -2,17 +2,17 @@ open Ctypes
 module Bindings(F:Cstubs.FOREIGN) =
   struct
     open F
-    let hacl_Chacha20Poly1305_256_aead_encrypt =
-      foreign "Hacl_Chacha20Poly1305_256_aead_encrypt"
+    let hacl_AEAD_Chacha20Poly1305_Simd256_encrypt =
+      foreign "Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt"
         (ocaml_bytes @->
            (ocaml_bytes @->
-              (uint32_t @->
-                 (ocaml_bytes @->
-                    (uint32_t @->
-                       (ocaml_bytes @->
+              (ocaml_bytes @->
+                 (uint32_t @->
+                    (ocaml_bytes @->
+                       (uint32_t @->
                           (ocaml_bytes @-> (ocaml_bytes @-> (returning void)))))))))
-    let hacl_Chacha20Poly1305_256_aead_decrypt =
-      foreign "Hacl_Chacha20Poly1305_256_aead_decrypt"
+    let hacl_AEAD_Chacha20Poly1305_Simd256_decrypt =
+      foreign "Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt"
         (ocaml_bytes @->
            (ocaml_bytes @->
               (uint32_t @->
diff --git a/ocaml/lib/Hacl_Chacha20Poly1305_32_bindings.ml b/ocaml/lib/Hacl_AEAD_Chacha20Poly1305_bindings.ml
similarity index 60%
rename from ocaml/lib/Hacl_Chacha20Poly1305_32_bindings.ml
rename to ocaml/lib/Hacl_AEAD_Chacha20Poly1305_bindings.ml
index c90e1be4..b97f4991 100644
--- a/ocaml/lib/Hacl_Chacha20Poly1305_32_bindings.ml
+++ b/ocaml/lib/Hacl_AEAD_Chacha20Poly1305_bindings.ml
@@ -2,17 +2,17 @@ open Ctypes
 module Bindings(F:Cstubs.FOREIGN) =
   struct
     open F
-    let hacl_Chacha20Poly1305_32_aead_encrypt =
-      foreign "Hacl_Chacha20Poly1305_32_aead_encrypt"
+    let hacl_AEAD_Chacha20Poly1305_encrypt =
+      foreign "Hacl_AEAD_Chacha20Poly1305_encrypt"
         (ocaml_bytes @->
            (ocaml_bytes @->
-              (uint32_t @->
-                 (ocaml_bytes @->
-                    (uint32_t @->
-                       (ocaml_bytes @->
+              (ocaml_bytes @->
+                 (uint32_t @->
+                    (ocaml_bytes @->
+                       (uint32_t @->
                           (ocaml_bytes @-> (ocaml_bytes @-> (returning void)))))))))
-    let hacl_Chacha20Poly1305_32_aead_decrypt =
-      foreign "Hacl_Chacha20Poly1305_32_aead_decrypt"
+    let hacl_AEAD_Chacha20Poly1305_decrypt =
+      foreign "Hacl_AEAD_Chacha20Poly1305_decrypt"
         (ocaml_bytes @->
            (ocaml_bytes @->
               (uint32_t @->
diff --git a/ocaml/lib/Hacl_Bignum_bindings.ml b/ocaml/lib/Hacl_Bignum_bindings.ml
index 4674e2b4..0102681f 100644
--- a/ocaml/lib/Hacl_Bignum_bindings.ml
+++ b/ocaml/lib/Hacl_Bignum_bindings.ml
@@ -62,12 +62,6 @@ module Bindings(F:Cstubs.FOREIGN) =
         (uint32_t @->
            (uint32_t @->
               ((ptr uint32_t) @-> ((ptr uint32_t) @-> (returning void)))))
-    let hacl_Bignum_Montgomery_bn_mont_reduction_u32 =
-      foreign "Hacl_Bignum_Montgomery_bn_mont_reduction_u32"
-        (uint32_t @->
-           ((ptr uint32_t) @->
-              (uint32_t @->
-                 ((ptr uint32_t) @-> ((ptr uint32_t) @-> (returning void))))))
     let hacl_Bignum_Montgomery_bn_to_mont_u32 =
       foreign "Hacl_Bignum_Montgomery_bn_to_mont_u32"
         (uint32_t @->
@@ -102,12 +96,6 @@ module Bindings(F:Cstubs.FOREIGN) =
         (uint32_t @->
            (uint32_t @->
               ((ptr uint64_t) @-> ((ptr uint64_t) @-> (returning void)))))
-    let hacl_Bignum_Montgomery_bn_mont_reduction_u64 =
-      foreign "Hacl_Bignum_Montgomery_bn_mont_reduction_u64"
-        (uint32_t @->
-           ((ptr uint64_t) @->
-              (uint64_t @->
-                 ((ptr uint64_t) @-> ((ptr uint64_t) @-> (returning void))))))
     let hacl_Bignum_Montgomery_bn_to_mont_u64 =
       foreign "Hacl_Bignum_Montgomery_bn_to_mont_u64"
         (uint32_t @->
@@ -134,6 +122,18 @@ module Bindings(F:Cstubs.FOREIGN) =
            ((ptr uint64_t) @->
               (uint64_t @->
                  ((ptr uint64_t) @-> ((ptr uint64_t) @-> (returning void))))))
+    let hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32 =
+      foreign "Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32"
+        (uint32_t @->
+           ((ptr uint32_t) @->
+              (uint32_t @->
+                 ((ptr uint32_t) @-> ((ptr uint32_t) @-> (returning void))))))
+    let hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64 =
+      foreign "Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64"
+        (uint32_t @->
+           ((ptr uint64_t) @->
+              (uint64_t @->
+                 ((ptr uint64_t) @-> ((ptr uint64_t) @-> (returning void))))))
     let hacl_Bignum_Exponentiation_bn_check_mod_exp_u32 =
       foreign "Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32"
         (uint32_t @->
diff --git a/ocaml/lib/Hacl_HMAC_bindings.ml b/ocaml/lib/Hacl_HMAC_bindings.ml
index de5eb1aa..725d49b5 100644
--- a/ocaml/lib/Hacl_HMAC_bindings.ml
+++ b/ocaml/lib/Hacl_HMAC_bindings.ml
@@ -2,8 +2,8 @@ open Ctypes
 module Bindings(F:Cstubs.FOREIGN) =
   struct
     open F
-    let hacl_HMAC_legacy_compute_sha1 =
-      foreign "Hacl_HMAC_legacy_compute_sha1"
+    let hacl_HMAC_compute_sha1 =
+      foreign "Hacl_HMAC_compute_sha1"
         (ocaml_bytes @->
            (ocaml_bytes @->
               (uint32_t @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))))
diff --git a/ocaml/lib/Hacl_Hash_Blake2_bindings.ml b/ocaml/lib/Hacl_Hash_Blake2_bindings.ml
deleted file mode 100644
index 48b3e443..00000000
--- a/ocaml/lib/Hacl_Hash_Blake2_bindings.ml
+++ /dev/null
@@ -1,61 +0,0 @@
-open Ctypes
-module Bindings(F:Cstubs.FOREIGN) =
-  struct
-    open F
-    let hacl_Blake2b_32_blake2b_init =
-      foreign "Hacl_Blake2b_32_blake2b_init"
-        ((ptr uint64_t) @-> (uint32_t @-> (uint32_t @-> (returning void))))
-    let hacl_Blake2b_32_blake2b_update_key =
-      foreign "Hacl_Blake2b_32_blake2b_update_key"
-        ((ptr uint64_t) @->
-           ((ptr uint64_t) @->
-              (uint32_t @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))))
-    let hacl_Blake2b_32_blake2b_finish =
-      foreign "Hacl_Blake2b_32_blake2b_finish"
-        (uint32_t @-> (ocaml_bytes @-> ((ptr uint64_t) @-> (returning void))))
-    let hacl_Blake2b_32_blake2b =
-      foreign "Hacl_Blake2b_32_blake2b"
-        (uint32_t @->
-           (ocaml_bytes @->
-              (uint32_t @->
-                 (ocaml_bytes @->
-                    (uint32_t @-> (ocaml_bytes @-> (returning void)))))))
-    let hacl_Blake2b_32_blake2b_malloc =
-      foreign "Hacl_Blake2b_32_blake2b_malloc"
-        (void @-> (returning (ptr uint64_t)))
-    let hacl_Blake2s_32_blake2s_init =
-      foreign "Hacl_Blake2s_32_blake2s_init"
-        ((ptr uint32_t) @-> (uint32_t @-> (uint32_t @-> (returning void))))
-    let hacl_Blake2s_32_blake2s_update_key =
-      foreign "Hacl_Blake2s_32_blake2s_update_key"
-        ((ptr uint32_t) @->
-           ((ptr uint32_t) @->
-              (uint32_t @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))))
-    let hacl_Blake2s_32_blake2s_update_multi =
-      foreign "Hacl_Blake2s_32_blake2s_update_multi"
-        (uint32_t @->
-           ((ptr uint32_t) @->
-              ((ptr uint32_t) @->
-                 (uint64_t @->
-                    (ocaml_bytes @-> (uint32_t @-> (returning void)))))))
-    let hacl_Blake2s_32_blake2s_update_last =
-      foreign "Hacl_Blake2s_32_blake2s_update_last"
-        (uint32_t @->
-           ((ptr uint32_t) @->
-              ((ptr uint32_t) @->
-                 (uint64_t @->
-                    (uint32_t @-> (ocaml_bytes @-> (returning void)))))))
-    let hacl_Blake2s_32_blake2s_finish =
-      foreign "Hacl_Blake2s_32_blake2s_finish"
-        (uint32_t @-> (ocaml_bytes @-> ((ptr uint32_t) @-> (returning void))))
-    let hacl_Blake2s_32_blake2s =
-      foreign "Hacl_Blake2s_32_blake2s"
-        (uint32_t @->
-           (ocaml_bytes @->
-              (uint32_t @->
-                 (ocaml_bytes @->
-                    (uint32_t @-> (ocaml_bytes @-> (returning void)))))))
-    let hacl_Blake2s_32_blake2s_malloc =
-      foreign "Hacl_Blake2s_32_blake2s_malloc"
-        (void @-> (returning (ptr uint32_t)))
-  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_Blake2b_256_bindings.ml b/ocaml/lib/Hacl_Hash_Blake2b_256_bindings.ml
deleted file mode 100644
index 7bb65eaa..00000000
--- a/ocaml/lib/Hacl_Hash_Blake2b_256_bindings.ml
+++ /dev/null
@@ -1,12 +0,0 @@
-open Ctypes
-module Bindings(F:Cstubs.FOREIGN) =
-  struct
-    open F
-    let hacl_Blake2b_256_blake2b =
-      foreign "Hacl_Blake2b_256_blake2b"
-        (uint32_t @->
-           (ocaml_bytes @->
-              (uint32_t @->
-                 (ocaml_bytes @->
-                    (uint32_t @-> (ocaml_bytes @-> (returning void)))))))
-  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_Blake2b_Simd256_bindings.ml b/ocaml/lib/Hacl_Hash_Blake2b_Simd256_bindings.ml
new file mode 100644
index 00000000..e7ef20d8
--- /dev/null
+++ b/ocaml/lib/Hacl_Hash_Blake2b_Simd256_bindings.ml
@@ -0,0 +1,12 @@
+open Ctypes
+module Bindings(F:Cstubs.FOREIGN) =
+  struct
+    open F
+    let hacl_Hash_Blake2b_Simd256_hash_with_key =
+      foreign "Hacl_Hash_Blake2b_Simd256_hash_with_key"
+        (ocaml_bytes @->
+           (uint32_t @->
+              (ocaml_bytes @->
+                 (uint32_t @->
+                    (ocaml_bytes @-> (uint32_t @-> (returning void)))))))
+  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_Blake2b_bindings.ml b/ocaml/lib/Hacl_Hash_Blake2b_bindings.ml
new file mode 100644
index 00000000..75c75e90
--- /dev/null
+++ b/ocaml/lib/Hacl_Hash_Blake2b_bindings.ml
@@ -0,0 +1,61 @@
+open Ctypes
+module Bindings(F:Cstubs.FOREIGN) =
+  struct
+    open F
+    module Hacl_Streaming_Types_applied =
+      (Hacl_Streaming_Types_bindings.Bindings)(Hacl_Streaming_Types_stubs)
+    open Hacl_Streaming_Types_applied
+    let hacl_Hash_Blake2b_init =
+      foreign "Hacl_Hash_Blake2b_init"
+        ((ptr uint64_t) @-> (uint32_t @-> (uint32_t @-> (returning void))))
+    let hacl_Hash_Blake2b_finish =
+      foreign "Hacl_Hash_Blake2b_finish"
+        (uint32_t @-> (ocaml_bytes @-> ((ptr uint64_t) @-> (returning void))))
+    type hacl_Hash_Blake2b_block_state_t =
+      [ `hacl_Hash_Blake2b_block_state_t ] structure
+    let (hacl_Hash_Blake2b_block_state_t :
+      [ `hacl_Hash_Blake2b_block_state_t ] structure typ) =
+      structure "Hacl_Hash_Blake2b_block_state_t_s"
+    let hacl_Hash_Blake2b_block_state_t_fst =
+      field hacl_Hash_Blake2b_block_state_t "fst" (ptr uint64_t)
+    let hacl_Hash_Blake2b_block_state_t_snd =
+      field hacl_Hash_Blake2b_block_state_t "snd" (ptr uint64_t)
+    let _ = seal hacl_Hash_Blake2b_block_state_t
+    type hacl_Hash_Blake2b_state_t = [ `hacl_Hash_Blake2b_state_t ] structure
+    let (hacl_Hash_Blake2b_state_t :
+      [ `hacl_Hash_Blake2b_state_t ] structure typ) =
+      structure "Hacl_Hash_Blake2b_state_t_s"
+    let hacl_Hash_Blake2b_state_t_block_state =
+      field hacl_Hash_Blake2b_state_t "block_state"
+        hacl_Hash_Blake2b_block_state_t
+    let hacl_Hash_Blake2b_state_t_buf =
+      field hacl_Hash_Blake2b_state_t "buf" (ptr uint8_t)
+    let hacl_Hash_Blake2b_state_t_total_len =
+      field hacl_Hash_Blake2b_state_t "total_len" uint64_t
+    let _ = seal hacl_Hash_Blake2b_state_t
+    let hacl_Hash_Blake2b_malloc =
+      foreign "Hacl_Hash_Blake2b_malloc"
+        (void @-> (returning (ptr hacl_Hash_Blake2b_state_t)))
+    let hacl_Hash_Blake2b_reset =
+      foreign "Hacl_Hash_Blake2b_reset"
+        ((ptr hacl_Hash_Blake2b_state_t) @-> (returning void))
+    let hacl_Hash_Blake2b_update =
+      foreign "Hacl_Hash_Blake2b_update"
+        ((ptr hacl_Hash_Blake2b_state_t) @->
+           (ocaml_bytes @->
+              (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
+    let hacl_Hash_Blake2b_digest =
+      foreign "Hacl_Hash_Blake2b_digest"
+        ((ptr hacl_Hash_Blake2b_state_t) @->
+           (ocaml_bytes @-> (returning void)))
+    let hacl_Hash_Blake2b_free =
+      foreign "Hacl_Hash_Blake2b_free"
+        ((ptr hacl_Hash_Blake2b_state_t) @-> (returning void))
+    let hacl_Hash_Blake2b_hash_with_key =
+      foreign "Hacl_Hash_Blake2b_hash_with_key"
+        (ocaml_bytes @->
+           (uint32_t @->
+              (ocaml_bytes @->
+                 (uint32_t @->
+                    (ocaml_bytes @-> (uint32_t @-> (returning void)))))))
+  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_Blake2s_128_bindings.ml b/ocaml/lib/Hacl_Hash_Blake2s_128_bindings.ml
deleted file mode 100644
index 8d4efe39..00000000
--- a/ocaml/lib/Hacl_Hash_Blake2s_128_bindings.ml
+++ /dev/null
@@ -1,12 +0,0 @@
-open Ctypes
-module Bindings(F:Cstubs.FOREIGN) =
-  struct
-    open F
-    let hacl_Blake2s_128_blake2s =
-      foreign "Hacl_Blake2s_128_blake2s"
-        (uint32_t @->
-           (ocaml_bytes @->
-              (uint32_t @->
-                 (ocaml_bytes @->
-                    (uint32_t @-> (ocaml_bytes @-> (returning void)))))))
-  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_Blake2s_Simd128_bindings.ml b/ocaml/lib/Hacl_Hash_Blake2s_Simd128_bindings.ml
new file mode 100644
index 00000000..db4ff123
--- /dev/null
+++ b/ocaml/lib/Hacl_Hash_Blake2s_Simd128_bindings.ml
@@ -0,0 +1,12 @@
+open Ctypes
+module Bindings(F:Cstubs.FOREIGN) =
+  struct
+    open F
+    let hacl_Hash_Blake2s_Simd128_hash_with_key =
+      foreign "Hacl_Hash_Blake2s_Simd128_hash_with_key"
+        (ocaml_bytes @->
+           (uint32_t @->
+              (ocaml_bytes @->
+                 (uint32_t @->
+                    (ocaml_bytes @-> (uint32_t @-> (returning void)))))))
+  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_Blake2s_bindings.ml b/ocaml/lib/Hacl_Hash_Blake2s_bindings.ml
new file mode 100644
index 00000000..7f057689
--- /dev/null
+++ b/ocaml/lib/Hacl_Hash_Blake2s_bindings.ml
@@ -0,0 +1,75 @@
+open Ctypes
+module Bindings(F:Cstubs.FOREIGN) =
+  struct
+    open F
+    module Hacl_Streaming_Types_applied =
+      (Hacl_Streaming_Types_bindings.Bindings)(Hacl_Streaming_Types_stubs)
+    open Hacl_Streaming_Types_applied
+    let hacl_Hash_Blake2s_init =
+      foreign "Hacl_Hash_Blake2s_init"
+        ((ptr uint32_t) @-> (uint32_t @-> (uint32_t @-> (returning void))))
+    let hacl_Hash_Blake2s_update_multi =
+      foreign "Hacl_Hash_Blake2s_update_multi"
+        (uint32_t @->
+           ((ptr uint32_t) @->
+              ((ptr uint32_t) @->
+                 (uint64_t @->
+                    (ocaml_bytes @-> (uint32_t @-> (returning void)))))))
+    let hacl_Hash_Blake2s_update_last =
+      foreign "Hacl_Hash_Blake2s_update_last"
+        (uint32_t @->
+           ((ptr uint32_t) @->
+              ((ptr uint32_t) @->
+                 (uint64_t @->
+                    (uint32_t @-> (ocaml_bytes @-> (returning void)))))))
+    let hacl_Hash_Blake2s_finish =
+      foreign "Hacl_Hash_Blake2s_finish"
+        (uint32_t @-> (ocaml_bytes @-> ((ptr uint32_t) @-> (returning void))))
+    type hacl_Hash_Blake2s_block_state_t =
+      [ `hacl_Hash_Blake2s_block_state_t ] structure
+    let (hacl_Hash_Blake2s_block_state_t :
+      [ `hacl_Hash_Blake2s_block_state_t ] structure typ) =
+      structure "Hacl_Hash_Blake2s_block_state_t_s"
+    let hacl_Hash_Blake2s_block_state_t_fst =
+      field hacl_Hash_Blake2s_block_state_t "fst" (ptr uint32_t)
+    let hacl_Hash_Blake2s_block_state_t_snd =
+      field hacl_Hash_Blake2s_block_state_t "snd" (ptr uint32_t)
+    let _ = seal hacl_Hash_Blake2s_block_state_t
+    type hacl_Hash_Blake2s_state_t = [ `hacl_Hash_Blake2s_state_t ] structure
+    let (hacl_Hash_Blake2s_state_t :
+      [ `hacl_Hash_Blake2s_state_t ] structure typ) =
+      structure "Hacl_Hash_Blake2s_state_t_s"
+    let hacl_Hash_Blake2s_state_t_block_state =
+      field hacl_Hash_Blake2s_state_t "block_state"
+        hacl_Hash_Blake2s_block_state_t
+    let hacl_Hash_Blake2s_state_t_buf =
+      field hacl_Hash_Blake2s_state_t "buf" (ptr uint8_t)
+    let hacl_Hash_Blake2s_state_t_total_len =
+      field hacl_Hash_Blake2s_state_t "total_len" uint64_t
+    let _ = seal hacl_Hash_Blake2s_state_t
+    let hacl_Hash_Blake2s_malloc =
+      foreign "Hacl_Hash_Blake2s_malloc"
+        (void @-> (returning (ptr hacl_Hash_Blake2s_state_t)))
+    let hacl_Hash_Blake2s_reset =
+      foreign "Hacl_Hash_Blake2s_reset"
+        ((ptr hacl_Hash_Blake2s_state_t) @-> (returning void))
+    let hacl_Hash_Blake2s_update =
+      foreign "Hacl_Hash_Blake2s_update"
+        ((ptr hacl_Hash_Blake2s_state_t) @->
+           (ocaml_bytes @->
+              (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
+    let hacl_Hash_Blake2s_digest =
+      foreign "Hacl_Hash_Blake2s_digest"
+        ((ptr hacl_Hash_Blake2s_state_t) @->
+           (ocaml_bytes @-> (returning void)))
+    let hacl_Hash_Blake2s_free =
+      foreign "Hacl_Hash_Blake2s_free"
+        ((ptr hacl_Hash_Blake2s_state_t) @-> (returning void))
+    let hacl_Hash_Blake2s_hash_with_key =
+      foreign "Hacl_Hash_Blake2s_hash_with_key"
+        (ocaml_bytes @->
+           (uint32_t @->
+              (ocaml_bytes @->
+                 (uint32_t @->
+                    (ocaml_bytes @-> (uint32_t @-> (returning void)))))))
+  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_MD5_bindings.ml b/ocaml/lib/Hacl_Hash_MD5_bindings.ml
index 530cdfa6..9572f84d 100644
--- a/ocaml/lib/Hacl_Hash_MD5_bindings.ml
+++ b/ocaml/lib/Hacl_Hash_MD5_bindings.ml
@@ -5,48 +5,47 @@ module Bindings(F:Cstubs.FOREIGN) =
     module Hacl_Streaming_Types_applied =
       (Hacl_Streaming_Types_bindings.Bindings)(Hacl_Streaming_Types_stubs)
     open Hacl_Streaming_Types_applied
-    let hacl_Hash_Core_MD5_legacy_init =
-      foreign "Hacl_Hash_Core_MD5_legacy_init"
-        ((ptr uint32_t) @-> (returning void))
-    let hacl_Hash_Core_MD5_legacy_finish =
-      foreign "Hacl_Hash_Core_MD5_legacy_finish"
+    let hacl_Hash_MD5_init =
+      foreign "Hacl_Hash_MD5_init" ((ptr uint32_t) @-> (returning void))
+    let hacl_Hash_MD5_finish =
+      foreign "Hacl_Hash_MD5_finish"
         ((ptr uint32_t) @-> (ocaml_bytes @-> (returning void)))
-    let hacl_Hash_MD5_legacy_update_multi =
-      foreign "Hacl_Hash_MD5_legacy_update_multi"
+    let hacl_Hash_MD5_update_multi =
+      foreign "Hacl_Hash_MD5_update_multi"
         ((ptr uint32_t) @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
-    let hacl_Hash_MD5_legacy_update_last =
-      foreign "Hacl_Hash_MD5_legacy_update_last"
+    let hacl_Hash_MD5_update_last =
+      foreign "Hacl_Hash_MD5_update_last"
         ((ptr uint32_t) @->
            (uint64_t @-> (ocaml_bytes @-> (uint32_t @-> (returning void)))))
-    let hacl_Hash_MD5_legacy_hash =
-      foreign "Hacl_Hash_MD5_legacy_hash"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
-    type hacl_Streaming_MD5_state = hacl_Streaming_MD_state_32
-    let hacl_Streaming_MD5_state =
-      typedef hacl_Streaming_MD_state_32 "Hacl_Streaming_MD5_state"
-    let hacl_Streaming_MD5_legacy_create_in =
-      foreign "Hacl_Streaming_MD5_legacy_create_in"
+    let hacl_Hash_MD5_hash_oneshot =
+      foreign "Hacl_Hash_MD5_hash_oneshot"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
+    type hacl_Hash_MD5_state_t = hacl_Streaming_MD_state_32
+    let hacl_Hash_MD5_state_t =
+      typedef hacl_Streaming_MD_state_32 "Hacl_Hash_MD5_state_t"
+    let hacl_Hash_MD5_malloc =
+      foreign "Hacl_Hash_MD5_malloc"
         (void @-> (returning (ptr hacl_Streaming_MD_state_32)))
-    let hacl_Streaming_MD5_legacy_init =
-      foreign "Hacl_Streaming_MD5_legacy_init"
+    let hacl_Hash_MD5_reset =
+      foreign "Hacl_Hash_MD5_reset"
         ((ptr hacl_Streaming_MD_state_32) @-> (returning void))
-    let hacl_Streaming_MD5_legacy_update =
-      foreign "Hacl_Streaming_MD5_legacy_update"
+    let hacl_Hash_MD5_update =
+      foreign "Hacl_Hash_MD5_update"
         ((ptr hacl_Streaming_MD_state_32) @->
            (ocaml_bytes @->
               (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_MD5_legacy_finish =
-      foreign "Hacl_Streaming_MD5_legacy_finish"
+    let hacl_Hash_MD5_digest =
+      foreign "Hacl_Hash_MD5_digest"
         ((ptr hacl_Streaming_MD_state_32) @->
            (ocaml_bytes @-> (returning void)))
-    let hacl_Streaming_MD5_legacy_free =
-      foreign "Hacl_Streaming_MD5_legacy_free"
+    let hacl_Hash_MD5_free =
+      foreign "Hacl_Hash_MD5_free"
         ((ptr hacl_Streaming_MD_state_32) @-> (returning void))
-    let hacl_Streaming_MD5_legacy_copy =
-      foreign "Hacl_Streaming_MD5_legacy_copy"
+    let hacl_Hash_MD5_copy =
+      foreign "Hacl_Hash_MD5_copy"
         ((ptr hacl_Streaming_MD_state_32) @->
            (returning (ptr hacl_Streaming_MD_state_32)))
-    let hacl_Streaming_MD5_legacy_hash =
-      foreign "Hacl_Streaming_MD5_legacy_hash"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
+    let hacl_Hash_MD5_hash =
+      foreign "Hacl_Hash_MD5_hash"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
   end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_SHA1_bindings.ml b/ocaml/lib/Hacl_Hash_SHA1_bindings.ml
index ca151dd9..3e2a84fc 100644
--- a/ocaml/lib/Hacl_Hash_SHA1_bindings.ml
+++ b/ocaml/lib/Hacl_Hash_SHA1_bindings.ml
@@ -5,48 +5,47 @@ module Bindings(F:Cstubs.FOREIGN) =
     module Hacl_Streaming_Types_applied =
       (Hacl_Streaming_Types_bindings.Bindings)(Hacl_Streaming_Types_stubs)
     open Hacl_Streaming_Types_applied
-    let hacl_Hash_Core_SHA1_legacy_init =
-      foreign "Hacl_Hash_Core_SHA1_legacy_init"
-        ((ptr uint32_t) @-> (returning void))
-    let hacl_Hash_Core_SHA1_legacy_finish =
-      foreign "Hacl_Hash_Core_SHA1_legacy_finish"
+    let hacl_Hash_SHA1_init =
+      foreign "Hacl_Hash_SHA1_init" ((ptr uint32_t) @-> (returning void))
+    let hacl_Hash_SHA1_finish =
+      foreign "Hacl_Hash_SHA1_finish"
         ((ptr uint32_t) @-> (ocaml_bytes @-> (returning void)))
-    let hacl_Hash_SHA1_legacy_update_multi =
-      foreign "Hacl_Hash_SHA1_legacy_update_multi"
+    let hacl_Hash_SHA1_update_multi =
+      foreign "Hacl_Hash_SHA1_update_multi"
         ((ptr uint32_t) @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
-    let hacl_Hash_SHA1_legacy_update_last =
-      foreign "Hacl_Hash_SHA1_legacy_update_last"
+    let hacl_Hash_SHA1_update_last =
+      foreign "Hacl_Hash_SHA1_update_last"
         ((ptr uint32_t) @->
            (uint64_t @-> (ocaml_bytes @-> (uint32_t @-> (returning void)))))
-    let hacl_Hash_SHA1_legacy_hash =
-      foreign "Hacl_Hash_SHA1_legacy_hash"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
-    type hacl_Streaming_SHA1_state = hacl_Streaming_MD_state_32
-    let hacl_Streaming_SHA1_state =
-      typedef hacl_Streaming_MD_state_32 "Hacl_Streaming_SHA1_state"
-    let hacl_Streaming_SHA1_legacy_create_in =
-      foreign "Hacl_Streaming_SHA1_legacy_create_in"
+    let hacl_Hash_SHA1_hash_oneshot =
+      foreign "Hacl_Hash_SHA1_hash_oneshot"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
+    type hacl_Hash_SHA1_state_t = hacl_Streaming_MD_state_32
+    let hacl_Hash_SHA1_state_t =
+      typedef hacl_Streaming_MD_state_32 "Hacl_Hash_SHA1_state_t"
+    let hacl_Hash_SHA1_malloc =
+      foreign "Hacl_Hash_SHA1_malloc"
         (void @-> (returning (ptr hacl_Streaming_MD_state_32)))
-    let hacl_Streaming_SHA1_legacy_init =
-      foreign "Hacl_Streaming_SHA1_legacy_init"
+    let hacl_Hash_SHA1_reset =
+      foreign "Hacl_Hash_SHA1_reset"
         ((ptr hacl_Streaming_MD_state_32) @-> (returning void))
-    let hacl_Streaming_SHA1_legacy_update =
-      foreign "Hacl_Streaming_SHA1_legacy_update"
+    let hacl_Hash_SHA1_update =
+      foreign "Hacl_Hash_SHA1_update"
         ((ptr hacl_Streaming_MD_state_32) @->
            (ocaml_bytes @->
               (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_SHA1_legacy_finish =
-      foreign "Hacl_Streaming_SHA1_legacy_finish"
+    let hacl_Hash_SHA1_digest =
+      foreign "Hacl_Hash_SHA1_digest"
         ((ptr hacl_Streaming_MD_state_32) @->
            (ocaml_bytes @-> (returning void)))
-    let hacl_Streaming_SHA1_legacy_free =
-      foreign "Hacl_Streaming_SHA1_legacy_free"
+    let hacl_Hash_SHA1_free =
+      foreign "Hacl_Hash_SHA1_free"
         ((ptr hacl_Streaming_MD_state_32) @-> (returning void))
-    let hacl_Streaming_SHA1_legacy_copy =
-      foreign "Hacl_Streaming_SHA1_legacy_copy"
+    let hacl_Hash_SHA1_copy =
+      foreign "Hacl_Hash_SHA1_copy"
         ((ptr hacl_Streaming_MD_state_32) @->
            (returning (ptr hacl_Streaming_MD_state_32)))
-    let hacl_Streaming_SHA1_legacy_hash =
-      foreign "Hacl_Streaming_SHA1_legacy_hash"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
+    let hacl_Hash_SHA1_hash =
+      foreign "Hacl_Hash_SHA1_hash"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
   end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_SHA2_bindings.ml b/ocaml/lib/Hacl_Hash_SHA2_bindings.ml
index fca3d322..f0573724 100644
--- a/ocaml/lib/Hacl_Hash_SHA2_bindings.ml
+++ b/ocaml/lib/Hacl_Hash_SHA2_bindings.ml
@@ -5,151 +5,151 @@ module Bindings(F:Cstubs.FOREIGN) =
     module Hacl_Streaming_Types_applied =
       (Hacl_Streaming_Types_bindings.Bindings)(Hacl_Streaming_Types_stubs)
     open Hacl_Streaming_Types_applied
-    let hacl_SHA2_Scalar32_sha256_init =
-      foreign "Hacl_SHA2_Scalar32_sha256_init"
+    let hacl_Hash_SHA2_sha256_init =
+      foreign "Hacl_Hash_SHA2_sha256_init"
         ((ptr uint32_t) @-> (returning void))
-    let hacl_SHA2_Scalar32_sha256_update_nblocks =
-      foreign "Hacl_SHA2_Scalar32_sha256_update_nblocks"
+    let hacl_Hash_SHA2_sha256_update_nblocks =
+      foreign "Hacl_Hash_SHA2_sha256_update_nblocks"
         (uint32_t @-> (ocaml_bytes @-> ((ptr uint32_t) @-> (returning void))))
-    let hacl_SHA2_Scalar32_sha256_update_last =
-      foreign "Hacl_SHA2_Scalar32_sha256_update_last"
+    let hacl_Hash_SHA2_sha256_update_last =
+      foreign "Hacl_Hash_SHA2_sha256_update_last"
         (uint64_t @->
            (uint32_t @->
               (ocaml_bytes @-> ((ptr uint32_t) @-> (returning void)))))
-    let hacl_SHA2_Scalar32_sha256_finish =
-      foreign "Hacl_SHA2_Scalar32_sha256_finish"
+    let hacl_Hash_SHA2_sha256_finish =
+      foreign "Hacl_Hash_SHA2_sha256_finish"
         ((ptr uint32_t) @-> (ocaml_bytes @-> (returning void)))
-    let hacl_SHA2_Scalar32_sha224_init =
-      foreign "Hacl_SHA2_Scalar32_sha224_init"
+    let hacl_Hash_SHA2_sha224_init =
+      foreign "Hacl_Hash_SHA2_sha224_init"
         ((ptr uint32_t) @-> (returning void))
-    let hacl_SHA2_Scalar32_sha224_update_last =
-      foreign "Hacl_SHA2_Scalar32_sha224_update_last"
+    let hacl_Hash_SHA2_sha224_update_last =
+      foreign "Hacl_Hash_SHA2_sha224_update_last"
         (uint64_t @->
            (uint32_t @->
               (ocaml_bytes @-> ((ptr uint32_t) @-> (returning void)))))
-    let hacl_SHA2_Scalar32_sha224_finish =
-      foreign "Hacl_SHA2_Scalar32_sha224_finish"
+    let hacl_Hash_SHA2_sha224_finish =
+      foreign "Hacl_Hash_SHA2_sha224_finish"
         ((ptr uint32_t) @-> (ocaml_bytes @-> (returning void)))
-    let hacl_SHA2_Scalar32_sha512_init =
-      foreign "Hacl_SHA2_Scalar32_sha512_init"
+    let hacl_Hash_SHA2_sha512_init =
+      foreign "Hacl_Hash_SHA2_sha512_init"
         ((ptr uint64_t) @-> (returning void))
-    let hacl_SHA2_Scalar32_sha512_update_nblocks =
-      foreign "Hacl_SHA2_Scalar32_sha512_update_nblocks"
+    let hacl_Hash_SHA2_sha512_update_nblocks =
+      foreign "Hacl_Hash_SHA2_sha512_update_nblocks"
         (uint32_t @-> (ocaml_bytes @-> ((ptr uint64_t) @-> (returning void))))
-    let hacl_SHA2_Scalar32_sha512_finish =
-      foreign "Hacl_SHA2_Scalar32_sha512_finish"
+    let hacl_Hash_SHA2_sha512_finish =
+      foreign "Hacl_Hash_SHA2_sha512_finish"
         ((ptr uint64_t) @-> (ocaml_bytes @-> (returning void)))
-    let hacl_SHA2_Scalar32_sha384_init =
-      foreign "Hacl_SHA2_Scalar32_sha384_init"
+    let hacl_Hash_SHA2_sha384_init =
+      foreign "Hacl_Hash_SHA2_sha384_init"
         ((ptr uint64_t) @-> (returning void))
-    let hacl_SHA2_Scalar32_sha384_update_nblocks =
-      foreign "Hacl_SHA2_Scalar32_sha384_update_nblocks"
+    let hacl_Hash_SHA2_sha384_update_nblocks =
+      foreign "Hacl_Hash_SHA2_sha384_update_nblocks"
         (uint32_t @-> (ocaml_bytes @-> ((ptr uint64_t) @-> (returning void))))
-    let hacl_SHA2_Scalar32_sha384_finish =
-      foreign "Hacl_SHA2_Scalar32_sha384_finish"
+    let hacl_Hash_SHA2_sha384_finish =
+      foreign "Hacl_Hash_SHA2_sha384_finish"
         ((ptr uint64_t) @-> (ocaml_bytes @-> (returning void)))
-    type hacl_Streaming_SHA2_state_sha2_224 = hacl_Streaming_MD_state_32
-    let hacl_Streaming_SHA2_state_sha2_224 =
-      typedef hacl_Streaming_MD_state_32 "Hacl_Streaming_SHA2_state_sha2_224"
-    type hacl_Streaming_SHA2_state_sha2_256 = hacl_Streaming_MD_state_32
-    let hacl_Streaming_SHA2_state_sha2_256 =
-      typedef hacl_Streaming_MD_state_32 "Hacl_Streaming_SHA2_state_sha2_256"
-    type hacl_Streaming_SHA2_state_sha2_384 = hacl_Streaming_MD_state_64
-    let hacl_Streaming_SHA2_state_sha2_384 =
-      typedef hacl_Streaming_MD_state_64 "Hacl_Streaming_SHA2_state_sha2_384"
-    type hacl_Streaming_SHA2_state_sha2_512 = hacl_Streaming_MD_state_64
-    let hacl_Streaming_SHA2_state_sha2_512 =
-      typedef hacl_Streaming_MD_state_64 "Hacl_Streaming_SHA2_state_sha2_512"
-    let hacl_Streaming_SHA2_create_in_256 =
-      foreign "Hacl_Streaming_SHA2_create_in_256"
+    type hacl_Hash_SHA2_state_t_224 = hacl_Streaming_MD_state_32
+    let hacl_Hash_SHA2_state_t_224 =
+      typedef hacl_Streaming_MD_state_32 "Hacl_Hash_SHA2_state_t_224"
+    type hacl_Hash_SHA2_state_t_256 = hacl_Streaming_MD_state_32
+    let hacl_Hash_SHA2_state_t_256 =
+      typedef hacl_Streaming_MD_state_32 "Hacl_Hash_SHA2_state_t_256"
+    type hacl_Hash_SHA2_state_t_384 = hacl_Streaming_MD_state_64
+    let hacl_Hash_SHA2_state_t_384 =
+      typedef hacl_Streaming_MD_state_64 "Hacl_Hash_SHA2_state_t_384"
+    type hacl_Hash_SHA2_state_t_512 = hacl_Streaming_MD_state_64
+    let hacl_Hash_SHA2_state_t_512 =
+      typedef hacl_Streaming_MD_state_64 "Hacl_Hash_SHA2_state_t_512"
+    let hacl_Hash_SHA2_malloc_256 =
+      foreign "Hacl_Hash_SHA2_malloc_256"
         (void @-> (returning (ptr hacl_Streaming_MD_state_32)))
-    let hacl_Streaming_SHA2_copy_256 =
-      foreign "Hacl_Streaming_SHA2_copy_256"
+    let hacl_Hash_SHA2_copy_256 =
+      foreign "Hacl_Hash_SHA2_copy_256"
         ((ptr hacl_Streaming_MD_state_32) @->
            (returning (ptr hacl_Streaming_MD_state_32)))
-    let hacl_Streaming_SHA2_init_256 =
-      foreign "Hacl_Streaming_SHA2_init_256"
+    let hacl_Hash_SHA2_reset_256 =
+      foreign "Hacl_Hash_SHA2_reset_256"
         ((ptr hacl_Streaming_MD_state_32) @-> (returning void))
-    let hacl_Streaming_SHA2_update_256 =
-      foreign "Hacl_Streaming_SHA2_update_256"
+    let hacl_Hash_SHA2_update_256 =
+      foreign "Hacl_Hash_SHA2_update_256"
         ((ptr hacl_Streaming_MD_state_32) @->
            (ocaml_bytes @->
               (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_SHA2_finish_256 =
-      foreign "Hacl_Streaming_SHA2_finish_256"
+    let hacl_Hash_SHA2_digest_256 =
+      foreign "Hacl_Hash_SHA2_digest_256"
         ((ptr hacl_Streaming_MD_state_32) @->
            (ocaml_bytes @-> (returning void)))
-    let hacl_Streaming_SHA2_free_256 =
-      foreign "Hacl_Streaming_SHA2_free_256"
+    let hacl_Hash_SHA2_free_256 =
+      foreign "Hacl_Hash_SHA2_free_256"
         ((ptr hacl_Streaming_MD_state_32) @-> (returning void))
-    let hacl_Streaming_SHA2_hash_256 =
-      foreign "Hacl_Streaming_SHA2_hash_256"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
-    let hacl_Streaming_SHA2_create_in_224 =
-      foreign "Hacl_Streaming_SHA2_create_in_224"
+    let hacl_Hash_SHA2_hash_256 =
+      foreign "Hacl_Hash_SHA2_hash_256"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
+    let hacl_Hash_SHA2_malloc_224 =
+      foreign "Hacl_Hash_SHA2_malloc_224"
         (void @-> (returning (ptr hacl_Streaming_MD_state_32)))
-    let hacl_Streaming_SHA2_init_224 =
-      foreign "Hacl_Streaming_SHA2_init_224"
+    let hacl_Hash_SHA2_reset_224 =
+      foreign "Hacl_Hash_SHA2_reset_224"
         ((ptr hacl_Streaming_MD_state_32) @-> (returning void))
-    let hacl_Streaming_SHA2_update_224 =
-      foreign "Hacl_Streaming_SHA2_update_224"
+    let hacl_Hash_SHA2_update_224 =
+      foreign "Hacl_Hash_SHA2_update_224"
         ((ptr hacl_Streaming_MD_state_32) @->
            (ocaml_bytes @->
               (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_SHA2_finish_224 =
-      foreign "Hacl_Streaming_SHA2_finish_224"
+    let hacl_Hash_SHA2_digest_224 =
+      foreign "Hacl_Hash_SHA2_digest_224"
         ((ptr hacl_Streaming_MD_state_32) @->
            (ocaml_bytes @-> (returning void)))
-    let hacl_Streaming_SHA2_free_224 =
-      foreign "Hacl_Streaming_SHA2_free_224"
+    let hacl_Hash_SHA2_free_224 =
+      foreign "Hacl_Hash_SHA2_free_224"
         ((ptr hacl_Streaming_MD_state_32) @-> (returning void))
-    let hacl_Streaming_SHA2_hash_224 =
-      foreign "Hacl_Streaming_SHA2_hash_224"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
-    let hacl_Streaming_SHA2_create_in_512 =
-      foreign "Hacl_Streaming_SHA2_create_in_512"
+    let hacl_Hash_SHA2_hash_224 =
+      foreign "Hacl_Hash_SHA2_hash_224"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
+    let hacl_Hash_SHA2_malloc_512 =
+      foreign "Hacl_Hash_SHA2_malloc_512"
         (void @-> (returning (ptr hacl_Streaming_MD_state_64)))
-    let hacl_Streaming_SHA2_copy_512 =
-      foreign "Hacl_Streaming_SHA2_copy_512"
+    let hacl_Hash_SHA2_copy_512 =
+      foreign "Hacl_Hash_SHA2_copy_512"
         ((ptr hacl_Streaming_MD_state_64) @->
            (returning (ptr hacl_Streaming_MD_state_64)))
-    let hacl_Streaming_SHA2_init_512 =
-      foreign "Hacl_Streaming_SHA2_init_512"
+    let hacl_Hash_SHA2_reset_512 =
+      foreign "Hacl_Hash_SHA2_reset_512"
         ((ptr hacl_Streaming_MD_state_64) @-> (returning void))
-    let hacl_Streaming_SHA2_update_512 =
-      foreign "Hacl_Streaming_SHA2_update_512"
+    let hacl_Hash_SHA2_update_512 =
+      foreign "Hacl_Hash_SHA2_update_512"
         ((ptr hacl_Streaming_MD_state_64) @->
            (ocaml_bytes @->
               (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_SHA2_finish_512 =
-      foreign "Hacl_Streaming_SHA2_finish_512"
+    let hacl_Hash_SHA2_digest_512 =
+      foreign "Hacl_Hash_SHA2_digest_512"
         ((ptr hacl_Streaming_MD_state_64) @->
            (ocaml_bytes @-> (returning void)))
-    let hacl_Streaming_SHA2_free_512 =
-      foreign "Hacl_Streaming_SHA2_free_512"
+    let hacl_Hash_SHA2_free_512 =
+      foreign "Hacl_Hash_SHA2_free_512"
         ((ptr hacl_Streaming_MD_state_64) @-> (returning void))
-    let hacl_Streaming_SHA2_hash_512 =
-      foreign "Hacl_Streaming_SHA2_hash_512"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
-    let hacl_Streaming_SHA2_create_in_384 =
-      foreign "Hacl_Streaming_SHA2_create_in_384"
+    let hacl_Hash_SHA2_hash_512 =
+      foreign "Hacl_Hash_SHA2_hash_512"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
+    let hacl_Hash_SHA2_malloc_384 =
+      foreign "Hacl_Hash_SHA2_malloc_384"
         (void @-> (returning (ptr hacl_Streaming_MD_state_64)))
-    let hacl_Streaming_SHA2_init_384 =
-      foreign "Hacl_Streaming_SHA2_init_384"
+    let hacl_Hash_SHA2_reset_384 =
+      foreign "Hacl_Hash_SHA2_reset_384"
         ((ptr hacl_Streaming_MD_state_64) @-> (returning void))
-    let hacl_Streaming_SHA2_update_384 =
-      foreign "Hacl_Streaming_SHA2_update_384"
+    let hacl_Hash_SHA2_update_384 =
+      foreign "Hacl_Hash_SHA2_update_384"
         ((ptr hacl_Streaming_MD_state_64) @->
            (ocaml_bytes @->
               (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_SHA2_finish_384 =
-      foreign "Hacl_Streaming_SHA2_finish_384"
+    let hacl_Hash_SHA2_digest_384 =
+      foreign "Hacl_Hash_SHA2_digest_384"
         ((ptr hacl_Streaming_MD_state_64) @->
            (ocaml_bytes @-> (returning void)))
-    let hacl_Streaming_SHA2_free_384 =
-      foreign "Hacl_Streaming_SHA2_free_384"
+    let hacl_Hash_SHA2_free_384 =
+      foreign "Hacl_Hash_SHA2_free_384"
         ((ptr hacl_Streaming_MD_state_64) @-> (returning void))
-    let hacl_Streaming_SHA2_hash_384 =
-      foreign "Hacl_Streaming_SHA2_hash_384"
-        (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
+    let hacl_Hash_SHA2_hash_384 =
+      foreign "Hacl_Hash_SHA2_hash_384"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
   end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Hash_SHA3_bindings.ml b/ocaml/lib/Hacl_Hash_SHA3_bindings.ml
index 727bc345..45718cbd 100644
--- a/ocaml/lib/Hacl_Hash_SHA3_bindings.ml
+++ b/ocaml/lib/Hacl_Hash_SHA3_bindings.ml
@@ -15,106 +15,101 @@ module Bindings(F:Cstubs.FOREIGN) =
         (spec_Hash_Definitions_hash_alg @->
            ((ptr uint64_t) @->
               (ocaml_bytes @-> (uint32_t @-> (returning void)))))
-    type hacl_Streaming_Keccak_hash_buf =
-      [ `hacl_Streaming_Keccak_hash_buf ] structure
-    let (hacl_Streaming_Keccak_hash_buf :
-      [ `hacl_Streaming_Keccak_hash_buf ] structure typ) =
-      structure "Hacl_Streaming_Keccak_hash_buf_s"
-    let hacl_Streaming_Keccak_hash_buf_fst =
-      field hacl_Streaming_Keccak_hash_buf "fst"
-        spec_Hash_Definitions_hash_alg
-    let hacl_Streaming_Keccak_hash_buf_snd =
-      field hacl_Streaming_Keccak_hash_buf "snd" (ptr uint64_t)
-    let _ = seal hacl_Streaming_Keccak_hash_buf
-    type hacl_Streaming_Keccak_state =
-      [ `hacl_Streaming_Keccak_state ] structure
-    let (hacl_Streaming_Keccak_state :
-      [ `hacl_Streaming_Keccak_state ] structure typ) =
-      structure "Hacl_Streaming_Keccak_state_s"
-    let hacl_Streaming_Keccak_state_block_state =
-      field hacl_Streaming_Keccak_state "block_state"
-        hacl_Streaming_Keccak_hash_buf
-    let hacl_Streaming_Keccak_state_buf =
-      field hacl_Streaming_Keccak_state "buf" (ptr uint8_t)
-    let hacl_Streaming_Keccak_state_total_len =
-      field hacl_Streaming_Keccak_state "total_len" uint64_t
-    let _ = seal hacl_Streaming_Keccak_state
-    let hacl_Streaming_Keccak_get_alg =
-      foreign "Hacl_Streaming_Keccak_get_alg"
-        ((ptr hacl_Streaming_Keccak_state) @->
+    type hacl_Hash_SHA3_hash_buf = [ `hacl_Hash_SHA3_hash_buf ] structure
+    let (hacl_Hash_SHA3_hash_buf :
+      [ `hacl_Hash_SHA3_hash_buf ] structure typ) =
+      structure "Hacl_Hash_SHA3_hash_buf_s"
+    let hacl_Hash_SHA3_hash_buf_fst =
+      field hacl_Hash_SHA3_hash_buf "fst" spec_Hash_Definitions_hash_alg
+    let hacl_Hash_SHA3_hash_buf_snd =
+      field hacl_Hash_SHA3_hash_buf "snd" (ptr uint64_t)
+    let _ = seal hacl_Hash_SHA3_hash_buf
+    type hacl_Hash_SHA3_state_t = [ `hacl_Hash_SHA3_state_t ] structure
+    let (hacl_Hash_SHA3_state_t : [ `hacl_Hash_SHA3_state_t ] structure typ)
+      = structure "Hacl_Hash_SHA3_state_t_s"
+    let hacl_Hash_SHA3_state_t_block_state =
+      field hacl_Hash_SHA3_state_t "block_state" hacl_Hash_SHA3_hash_buf
+    let hacl_Hash_SHA3_state_t_buf =
+      field hacl_Hash_SHA3_state_t "buf" (ptr uint8_t)
+    let hacl_Hash_SHA3_state_t_total_len =
+      field hacl_Hash_SHA3_state_t "total_len" uint64_t
+    let _ = seal hacl_Hash_SHA3_state_t
+    let hacl_Hash_SHA3_get_alg =
+      foreign "Hacl_Hash_SHA3_get_alg"
+        ((ptr hacl_Hash_SHA3_state_t) @->
            (returning spec_Hash_Definitions_hash_alg))
-    let hacl_Streaming_Keccak_malloc =
-      foreign "Hacl_Streaming_Keccak_malloc"
+    let hacl_Hash_SHA3_malloc =
+      foreign "Hacl_Hash_SHA3_malloc"
         (spec_Hash_Definitions_hash_alg @->
-           (returning (ptr hacl_Streaming_Keccak_state)))
-    let hacl_Streaming_Keccak_free =
-      foreign "Hacl_Streaming_Keccak_free"
-        ((ptr hacl_Streaming_Keccak_state) @-> (returning void))
-    let hacl_Streaming_Keccak_copy =
-      foreign "Hacl_Streaming_Keccak_copy"
-        ((ptr hacl_Streaming_Keccak_state) @->
-           (returning (ptr hacl_Streaming_Keccak_state)))
-    let hacl_Streaming_Keccak_reset =
-      foreign "Hacl_Streaming_Keccak_reset"
-        ((ptr hacl_Streaming_Keccak_state) @-> (returning void))
-    let hacl_Streaming_Keccak_update =
-      foreign "Hacl_Streaming_Keccak_update"
-        ((ptr hacl_Streaming_Keccak_state) @->
+           (returning (ptr hacl_Hash_SHA3_state_t)))
+    let hacl_Hash_SHA3_free =
+      foreign "Hacl_Hash_SHA3_free"
+        ((ptr hacl_Hash_SHA3_state_t) @-> (returning void))
+    let hacl_Hash_SHA3_copy =
+      foreign "Hacl_Hash_SHA3_copy"
+        ((ptr hacl_Hash_SHA3_state_t) @->
+           (returning (ptr hacl_Hash_SHA3_state_t)))
+    let hacl_Hash_SHA3_reset =
+      foreign "Hacl_Hash_SHA3_reset"
+        ((ptr hacl_Hash_SHA3_state_t) @-> (returning void))
+    let hacl_Hash_SHA3_update =
+      foreign "Hacl_Hash_SHA3_update"
+        ((ptr hacl_Hash_SHA3_state_t) @->
            (ocaml_bytes @->
               (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_Keccak_finish =
-      foreign "Hacl_Streaming_Keccak_finish"
-        ((ptr hacl_Streaming_Keccak_state) @->
+    let hacl_Hash_SHA3_digest =
+      foreign "Hacl_Hash_SHA3_digest"
+        ((ptr hacl_Hash_SHA3_state_t) @->
            (ocaml_bytes @-> (returning hacl_Streaming_Types_error_code)))
-    let hacl_Streaming_Keccak_squeeze =
-      foreign "Hacl_Streaming_Keccak_squeeze"
-        ((ptr hacl_Streaming_Keccak_state) @->
+    let hacl_Hash_SHA3_squeeze =
+      foreign "Hacl_Hash_SHA3_squeeze"
+        ((ptr hacl_Hash_SHA3_state_t) @->
            (ocaml_bytes @->
               (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_Keccak_block_len =
-      foreign "Hacl_Streaming_Keccak_block_len"
-        ((ptr hacl_Streaming_Keccak_state) @-> (returning uint32_t))
-    let hacl_Streaming_Keccak_hash_len =
-      foreign "Hacl_Streaming_Keccak_hash_len"
-        ((ptr hacl_Streaming_Keccak_state) @-> (returning uint32_t))
-    let hacl_Streaming_Keccak_is_shake =
-      foreign "Hacl_Streaming_Keccak_is_shake"
-        ((ptr hacl_Streaming_Keccak_state) @-> (returning bool))
-    let hacl_SHA3_shake128_hacl =
-      foreign "Hacl_SHA3_shake128_hacl"
+    let hacl_Hash_SHA3_block_len =
+      foreign "Hacl_Hash_SHA3_block_len"
+        ((ptr hacl_Hash_SHA3_state_t) @-> (returning uint32_t))
+    let hacl_Hash_SHA3_hash_len =
+      foreign "Hacl_Hash_SHA3_hash_len"
+        ((ptr hacl_Hash_SHA3_state_t) @-> (returning uint32_t))
+    let hacl_Hash_SHA3_is_shake =
+      foreign "Hacl_Hash_SHA3_is_shake"
+        ((ptr hacl_Hash_SHA3_state_t) @-> (returning bool))
+    let hacl_Hash_SHA3_shake128_hacl =
+      foreign "Hacl_Hash_SHA3_shake128_hacl"
         (uint32_t @->
            (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))))
-    let hacl_SHA3_shake256_hacl =
-      foreign "Hacl_SHA3_shake256_hacl"
+    let hacl_Hash_SHA3_shake256_hacl =
+      foreign "Hacl_Hash_SHA3_shake256_hacl"
         (uint32_t @->
            (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))))
-    let hacl_SHA3_sha3_224 =
-      foreign "Hacl_SHA3_sha3_224"
-        (uint32_t @-> (ocaml_bytes @-> (ocaml_bytes @-> (returning void))))
-    let hacl_SHA3_sha3_256 =
-      foreign "Hacl_SHA3_sha3_256"
-        (uint32_t @-> (ocaml_bytes @-> (ocaml_bytes @-> (returning void))))
-    let hacl_SHA3_sha3_384 =
-      foreign "Hacl_SHA3_sha3_384"
-        (uint32_t @-> (ocaml_bytes @-> (ocaml_bytes @-> (returning void))))
-    let hacl_SHA3_sha3_512 =
-      foreign "Hacl_SHA3_sha3_512"
-        (uint32_t @-> (ocaml_bytes @-> (ocaml_bytes @-> (returning void))))
-    let hacl_Impl_SHA3_state_permute =
-      foreign "Hacl_Impl_SHA3_state_permute"
+    let hacl_Hash_SHA3_sha3_224 =
+      foreign "Hacl_Hash_SHA3_sha3_224"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
+    let hacl_Hash_SHA3_sha3_256 =
+      foreign "Hacl_Hash_SHA3_sha3_256"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
+    let hacl_Hash_SHA3_sha3_384 =
+      foreign "Hacl_Hash_SHA3_sha3_384"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
+    let hacl_Hash_SHA3_sha3_512 =
+      foreign "Hacl_Hash_SHA3_sha3_512"
+        (ocaml_bytes @-> (ocaml_bytes @-> (uint32_t @-> (returning void))))
+    let hacl_Hash_SHA3_state_permute =
+      foreign "Hacl_Hash_SHA3_state_permute"
         ((ptr uint64_t) @-> (returning void))
-    let hacl_Impl_SHA3_loadState =
-      foreign "Hacl_Impl_SHA3_loadState"
+    let hacl_Hash_SHA3_loadState =
+      foreign "Hacl_Hash_SHA3_loadState"
         (uint32_t @-> (ocaml_bytes @-> ((ptr uint64_t) @-> (returning void))))
-    let hacl_Impl_SHA3_absorb_inner =
-      foreign "Hacl_Impl_SHA3_absorb_inner"
+    let hacl_Hash_SHA3_absorb_inner =
+      foreign "Hacl_Hash_SHA3_absorb_inner"
         (uint32_t @-> (ocaml_bytes @-> ((ptr uint64_t) @-> (returning void))))
-    let hacl_Impl_SHA3_squeeze =
-      foreign "Hacl_Impl_SHA3_squeeze"
+    let hacl_Hash_SHA3_squeeze0 =
+      foreign "Hacl_Hash_SHA3_squeeze0"
         ((ptr uint64_t) @->
            (uint32_t @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))))
-    let hacl_Impl_SHA3_keccak =
-      foreign "Hacl_Impl_SHA3_keccak"
+    let hacl_Hash_SHA3_keccak =
+      foreign "Hacl_Hash_SHA3_keccak"
         (uint32_t @->
            (uint32_t @->
               (uint32_t @->
diff --git a/ocaml/lib/Hacl_MAC_Poly1305_Simd128_bindings.ml b/ocaml/lib/Hacl_MAC_Poly1305_Simd128_bindings.ml
new file mode 100644
index 00000000..df327a3d
--- /dev/null
+++ b/ocaml/lib/Hacl_MAC_Poly1305_Simd128_bindings.ml
@@ -0,0 +1,9 @@
+open Ctypes
+module Bindings(F:Cstubs.FOREIGN) =
+  struct
+    open F
+    let hacl_MAC_Poly1305_Simd128_mac =
+      foreign "Hacl_MAC_Poly1305_Simd128_mac"
+        (ocaml_bytes @->
+           (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))))
+  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_MAC_Poly1305_Simd256_bindings.ml b/ocaml/lib/Hacl_MAC_Poly1305_Simd256_bindings.ml
new file mode 100644
index 00000000..3f1cd147
--- /dev/null
+++ b/ocaml/lib/Hacl_MAC_Poly1305_Simd256_bindings.ml
@@ -0,0 +1,9 @@
+open Ctypes
+module Bindings(F:Cstubs.FOREIGN) =
+  struct
+    open F
+    let hacl_MAC_Poly1305_Simd256_mac =
+      foreign "Hacl_MAC_Poly1305_Simd256_mac"
+        (ocaml_bytes @->
+           (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))))
+  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_MAC_Poly1305_bindings.ml b/ocaml/lib/Hacl_MAC_Poly1305_bindings.ml
new file mode 100644
index 00000000..57414abf
--- /dev/null
+++ b/ocaml/lib/Hacl_MAC_Poly1305_bindings.ml
@@ -0,0 +1,51 @@
+open Ctypes
+module Bindings(F:Cstubs.FOREIGN) =
+  struct
+    open F
+    module Hacl_Streaming_Types_applied =
+      (Hacl_Streaming_Types_bindings.Bindings)(Hacl_Streaming_Types_stubs)
+    open Hacl_Streaming_Types_applied
+    let hacl_MAC_Poly1305_poly1305_init =
+      foreign "Hacl_MAC_Poly1305_poly1305_init"
+        ((ptr uint64_t) @-> (ocaml_bytes @-> (returning void)))
+    let hacl_MAC_Poly1305_poly1305_finish =
+      foreign "Hacl_MAC_Poly1305_poly1305_finish"
+        (ocaml_bytes @->
+           (ocaml_bytes @-> ((ptr uint64_t) @-> (returning void))))
+    type hacl_MAC_Poly1305_state_t = [ `hacl_MAC_Poly1305_state_t ] structure
+    let (hacl_MAC_Poly1305_state_t :
+      [ `hacl_MAC_Poly1305_state_t ] structure typ) =
+      structure "Hacl_MAC_Poly1305_state_t_s"
+    let hacl_MAC_Poly1305_state_t_block_state =
+      field hacl_MAC_Poly1305_state_t "block_state" (ptr uint64_t)
+    let hacl_MAC_Poly1305_state_t_buf =
+      field hacl_MAC_Poly1305_state_t "buf" (ptr uint8_t)
+    let hacl_MAC_Poly1305_state_t_total_len =
+      field hacl_MAC_Poly1305_state_t "total_len" uint64_t
+    let hacl_MAC_Poly1305_state_t_p_key =
+      field hacl_MAC_Poly1305_state_t "p_key" (ptr uint8_t)
+    let _ = seal hacl_MAC_Poly1305_state_t
+    let hacl_MAC_Poly1305_malloc =
+      foreign "Hacl_MAC_Poly1305_malloc"
+        (ocaml_bytes @-> (returning (ptr hacl_MAC_Poly1305_state_t)))
+    let hacl_MAC_Poly1305_reset =
+      foreign "Hacl_MAC_Poly1305_reset"
+        ((ptr hacl_MAC_Poly1305_state_t) @->
+           (ocaml_bytes @-> (returning void)))
+    let hacl_MAC_Poly1305_update =
+      foreign "Hacl_MAC_Poly1305_update"
+        ((ptr hacl_MAC_Poly1305_state_t) @->
+           (ocaml_bytes @->
+              (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
+    let hacl_MAC_Poly1305_digest =
+      foreign "Hacl_MAC_Poly1305_digest"
+        ((ptr hacl_MAC_Poly1305_state_t) @->
+           (ocaml_bytes @-> (returning void)))
+    let hacl_MAC_Poly1305_free =
+      foreign "Hacl_MAC_Poly1305_free"
+        ((ptr hacl_MAC_Poly1305_state_t) @-> (returning void))
+    let hacl_MAC_Poly1305_mac =
+      foreign "Hacl_MAC_Poly1305_mac"
+        (ocaml_bytes @->
+           (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))))
+  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Poly1305_128_bindings.ml b/ocaml/lib/Hacl_Poly1305_128_bindings.ml
deleted file mode 100644
index b78cd66f..00000000
--- a/ocaml/lib/Hacl_Poly1305_128_bindings.ml
+++ /dev/null
@@ -1,9 +0,0 @@
-open Ctypes
-module Bindings(F:Cstubs.FOREIGN) =
-  struct
-    open F
-    let hacl_Poly1305_128_poly1305_mac =
-      foreign "Hacl_Poly1305_128_poly1305_mac"
-        (ocaml_bytes @->
-           (uint32_t @-> (ocaml_bytes @-> (ocaml_bytes @-> (returning void)))))
-  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Poly1305_256_bindings.ml b/ocaml/lib/Hacl_Poly1305_256_bindings.ml
deleted file mode 100644
index 87707b80..00000000
--- a/ocaml/lib/Hacl_Poly1305_256_bindings.ml
+++ /dev/null
@@ -1,9 +0,0 @@
-open Ctypes
-module Bindings(F:Cstubs.FOREIGN) =
-  struct
-    open F
-    let hacl_Poly1305_256_poly1305_mac =
-      foreign "Hacl_Poly1305_256_poly1305_mac"
-        (ocaml_bytes @->
-           (uint32_t @-> (ocaml_bytes @-> (ocaml_bytes @-> (returning void)))))
-  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Poly1305_32_bindings.ml b/ocaml/lib/Hacl_Poly1305_32_bindings.ml
deleted file mode 100644
index fd0f78d6..00000000
--- a/ocaml/lib/Hacl_Poly1305_32_bindings.ml
+++ /dev/null
@@ -1,22 +0,0 @@
-open Ctypes
-module Bindings(F:Cstubs.FOREIGN) =
-  struct
-    open F
-    let hacl_Poly1305_32_poly1305_init =
-      foreign "Hacl_Poly1305_32_poly1305_init"
-        ((ptr uint64_t) @-> (ocaml_bytes @-> (returning void)))
-    let hacl_Poly1305_32_poly1305_update1 =
-      foreign "Hacl_Poly1305_32_poly1305_update1"
-        ((ptr uint64_t) @-> (ocaml_bytes @-> (returning void)))
-    let hacl_Poly1305_32_poly1305_update =
-      foreign "Hacl_Poly1305_32_poly1305_update"
-        ((ptr uint64_t) @-> (uint32_t @-> (ocaml_bytes @-> (returning void))))
-    let hacl_Poly1305_32_poly1305_finish =
-      foreign "Hacl_Poly1305_32_poly1305_finish"
-        (ocaml_bytes @->
-           (ocaml_bytes @-> ((ptr uint64_t) @-> (returning void))))
-    let hacl_Poly1305_32_poly1305_mac =
-      foreign "Hacl_Poly1305_32_poly1305_mac"
-        (ocaml_bytes @->
-           (uint32_t @-> (ocaml_bytes @-> (ocaml_bytes @-> (returning void)))))
-  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_SHA2_Types_bindings.ml b/ocaml/lib/Hacl_SHA2_Types_bindings.ml
index 2af3b87f..274f959d 100644
--- a/ocaml/lib/Hacl_SHA2_Types_bindings.ml
+++ b/ocaml/lib/Hacl_SHA2_Types_bindings.ml
@@ -2,98 +2,85 @@ open Ctypes
 module Bindings(F:Cstubs.FOREIGN) =
   struct
     open F
-    type hacl_Impl_SHA2_Types_uint8_2p =
-      [ `hacl_Impl_SHA2_Types_uint8_2p ] structure
-    let (hacl_Impl_SHA2_Types_uint8_2p :
-      [ `hacl_Impl_SHA2_Types_uint8_2p ] structure typ) =
-      structure "Hacl_Impl_SHA2_Types_uint8_2p_s"
-    let hacl_Impl_SHA2_Types_uint8_2p_fst =
-      field hacl_Impl_SHA2_Types_uint8_2p "fst" (ptr uint8_t)
-    let hacl_Impl_SHA2_Types_uint8_2p_snd =
-      field hacl_Impl_SHA2_Types_uint8_2p "snd" (ptr uint8_t)
-    let _ = seal hacl_Impl_SHA2_Types_uint8_2p
-    type hacl_Impl_SHA2_Types_uint8_3p =
-      [ `hacl_Impl_SHA2_Types_uint8_3p ] structure
-    let (hacl_Impl_SHA2_Types_uint8_3p :
-      [ `hacl_Impl_SHA2_Types_uint8_3p ] structure typ) =
-      structure "Hacl_Impl_SHA2_Types_uint8_3p_s"
-    let hacl_Impl_SHA2_Types_uint8_3p_fst =
-      field hacl_Impl_SHA2_Types_uint8_3p "fst" (ptr uint8_t)
-    let hacl_Impl_SHA2_Types_uint8_3p_snd =
-      field hacl_Impl_SHA2_Types_uint8_3p "snd" hacl_Impl_SHA2_Types_uint8_2p
-    let _ = seal hacl_Impl_SHA2_Types_uint8_3p
-    type hacl_Impl_SHA2_Types_uint8_4p =
-      [ `hacl_Impl_SHA2_Types_uint8_4p ] structure
-    let (hacl_Impl_SHA2_Types_uint8_4p :
-      [ `hacl_Impl_SHA2_Types_uint8_4p ] structure typ) =
-      structure "Hacl_Impl_SHA2_Types_uint8_4p_s"
-    let hacl_Impl_SHA2_Types_uint8_4p_fst =
-      field hacl_Impl_SHA2_Types_uint8_4p "fst" (ptr uint8_t)
-    let hacl_Impl_SHA2_Types_uint8_4p_snd =
-      field hacl_Impl_SHA2_Types_uint8_4p "snd" hacl_Impl_SHA2_Types_uint8_3p
-    let _ = seal hacl_Impl_SHA2_Types_uint8_4p
-    type hacl_Impl_SHA2_Types_uint8_5p =
-      [ `hacl_Impl_SHA2_Types_uint8_5p ] structure
-    let (hacl_Impl_SHA2_Types_uint8_5p :
-      [ `hacl_Impl_SHA2_Types_uint8_5p ] structure typ) =
-      structure "Hacl_Impl_SHA2_Types_uint8_5p_s"
-    let hacl_Impl_SHA2_Types_uint8_5p_fst =
-      field hacl_Impl_SHA2_Types_uint8_5p "fst" (ptr uint8_t)
-    let hacl_Impl_SHA2_Types_uint8_5p_snd =
-      field hacl_Impl_SHA2_Types_uint8_5p "snd" hacl_Impl_SHA2_Types_uint8_4p
-    let _ = seal hacl_Impl_SHA2_Types_uint8_5p
-    type hacl_Impl_SHA2_Types_uint8_6p =
-      [ `hacl_Impl_SHA2_Types_uint8_6p ] structure
-    let (hacl_Impl_SHA2_Types_uint8_6p :
-      [ `hacl_Impl_SHA2_Types_uint8_6p ] structure typ) =
-      structure "Hacl_Impl_SHA2_Types_uint8_6p_s"
-    let hacl_Impl_SHA2_Types_uint8_6p_fst =
-      field hacl_Impl_SHA2_Types_uint8_6p "fst" (ptr uint8_t)
-    let hacl_Impl_SHA2_Types_uint8_6p_snd =
-      field hacl_Impl_SHA2_Types_uint8_6p "snd" hacl_Impl_SHA2_Types_uint8_5p
-    let _ = seal hacl_Impl_SHA2_Types_uint8_6p
-    type hacl_Impl_SHA2_Types_uint8_7p =
-      [ `hacl_Impl_SHA2_Types_uint8_7p ] structure
-    let (hacl_Impl_SHA2_Types_uint8_7p :
-      [ `hacl_Impl_SHA2_Types_uint8_7p ] structure typ) =
-      structure "Hacl_Impl_SHA2_Types_uint8_7p_s"
-    let hacl_Impl_SHA2_Types_uint8_7p_fst =
-      field hacl_Impl_SHA2_Types_uint8_7p "fst" (ptr uint8_t)
-    let hacl_Impl_SHA2_Types_uint8_7p_snd =
-      field hacl_Impl_SHA2_Types_uint8_7p "snd" hacl_Impl_SHA2_Types_uint8_6p
-    let _ = seal hacl_Impl_SHA2_Types_uint8_7p
-    type hacl_Impl_SHA2_Types_uint8_8p =
-      [ `hacl_Impl_SHA2_Types_uint8_8p ] structure
-    let (hacl_Impl_SHA2_Types_uint8_8p :
-      [ `hacl_Impl_SHA2_Types_uint8_8p ] structure typ) =
-      structure "Hacl_Impl_SHA2_Types_uint8_8p_s"
-    let hacl_Impl_SHA2_Types_uint8_8p_fst =
-      field hacl_Impl_SHA2_Types_uint8_8p "fst" (ptr uint8_t)
-    let hacl_Impl_SHA2_Types_uint8_8p_snd =
-      field hacl_Impl_SHA2_Types_uint8_8p "snd" hacl_Impl_SHA2_Types_uint8_7p
-    let _ = seal hacl_Impl_SHA2_Types_uint8_8p
-    type hacl_Impl_SHA2_Types_uint8_2x4p =
-      [ `hacl_Impl_SHA2_Types_uint8_2x4p ] structure
-    let (hacl_Impl_SHA2_Types_uint8_2x4p :
-      [ `hacl_Impl_SHA2_Types_uint8_2x4p ] structure typ) =
-      structure "Hacl_Impl_SHA2_Types_uint8_2x4p_s"
-    let hacl_Impl_SHA2_Types_uint8_2x4p_fst =
-      field hacl_Impl_SHA2_Types_uint8_2x4p "fst"
-        hacl_Impl_SHA2_Types_uint8_4p
-    let hacl_Impl_SHA2_Types_uint8_2x4p_snd =
-      field hacl_Impl_SHA2_Types_uint8_2x4p "snd"
-        hacl_Impl_SHA2_Types_uint8_4p
-    let _ = seal hacl_Impl_SHA2_Types_uint8_2x4p
-    type hacl_Impl_SHA2_Types_uint8_2x8p =
-      [ `hacl_Impl_SHA2_Types_uint8_2x8p ] structure
-    let (hacl_Impl_SHA2_Types_uint8_2x8p :
-      [ `hacl_Impl_SHA2_Types_uint8_2x8p ] structure typ) =
-      structure "Hacl_Impl_SHA2_Types_uint8_2x8p_s"
-    let hacl_Impl_SHA2_Types_uint8_2x8p_fst =
-      field hacl_Impl_SHA2_Types_uint8_2x8p "fst"
-        hacl_Impl_SHA2_Types_uint8_8p
-    let hacl_Impl_SHA2_Types_uint8_2x8p_snd =
-      field hacl_Impl_SHA2_Types_uint8_2x8p "snd"
-        hacl_Impl_SHA2_Types_uint8_8p
-    let _ = seal hacl_Impl_SHA2_Types_uint8_2x8p
+    type hacl_Hash_SHA2_uint8_2p = [ `hacl_Hash_SHA2_uint8_2p ] structure
+    let (hacl_Hash_SHA2_uint8_2p :
+      [ `hacl_Hash_SHA2_uint8_2p ] structure typ) =
+      structure "Hacl_Hash_SHA2_uint8_2p_s"
+    let hacl_Hash_SHA2_uint8_2p_fst =
+      field hacl_Hash_SHA2_uint8_2p "fst" (ptr uint8_t)
+    let hacl_Hash_SHA2_uint8_2p_snd =
+      field hacl_Hash_SHA2_uint8_2p "snd" (ptr uint8_t)
+    let _ = seal hacl_Hash_SHA2_uint8_2p
+    type hacl_Hash_SHA2_uint8_3p = [ `hacl_Hash_SHA2_uint8_3p ] structure
+    let (hacl_Hash_SHA2_uint8_3p :
+      [ `hacl_Hash_SHA2_uint8_3p ] structure typ) =
+      structure "Hacl_Hash_SHA2_uint8_3p_s"
+    let hacl_Hash_SHA2_uint8_3p_fst =
+      field hacl_Hash_SHA2_uint8_3p "fst" (ptr uint8_t)
+    let hacl_Hash_SHA2_uint8_3p_snd =
+      field hacl_Hash_SHA2_uint8_3p "snd" hacl_Hash_SHA2_uint8_2p
+    let _ = seal hacl_Hash_SHA2_uint8_3p
+    type hacl_Hash_SHA2_uint8_4p = [ `hacl_Hash_SHA2_uint8_4p ] structure
+    let (hacl_Hash_SHA2_uint8_4p :
+      [ `hacl_Hash_SHA2_uint8_4p ] structure typ) =
+      structure "Hacl_Hash_SHA2_uint8_4p_s"
+    let hacl_Hash_SHA2_uint8_4p_fst =
+      field hacl_Hash_SHA2_uint8_4p "fst" (ptr uint8_t)
+    let hacl_Hash_SHA2_uint8_4p_snd =
+      field hacl_Hash_SHA2_uint8_4p "snd" hacl_Hash_SHA2_uint8_3p
+    let _ = seal hacl_Hash_SHA2_uint8_4p
+    type hacl_Hash_SHA2_uint8_5p = [ `hacl_Hash_SHA2_uint8_5p ] structure
+    let (hacl_Hash_SHA2_uint8_5p :
+      [ `hacl_Hash_SHA2_uint8_5p ] structure typ) =
+      structure "Hacl_Hash_SHA2_uint8_5p_s"
+    let hacl_Hash_SHA2_uint8_5p_fst =
+      field hacl_Hash_SHA2_uint8_5p "fst" (ptr uint8_t)
+    let hacl_Hash_SHA2_uint8_5p_snd =
+      field hacl_Hash_SHA2_uint8_5p "snd" hacl_Hash_SHA2_uint8_4p
+    let _ = seal hacl_Hash_SHA2_uint8_5p
+    type hacl_Hash_SHA2_uint8_6p = [ `hacl_Hash_SHA2_uint8_6p ] structure
+    let (hacl_Hash_SHA2_uint8_6p :
+      [ `hacl_Hash_SHA2_uint8_6p ] structure typ) =
+      structure "Hacl_Hash_SHA2_uint8_6p_s"
+    let hacl_Hash_SHA2_uint8_6p_fst =
+      field hacl_Hash_SHA2_uint8_6p "fst" (ptr uint8_t)
+    let hacl_Hash_SHA2_uint8_6p_snd =
+      field hacl_Hash_SHA2_uint8_6p "snd" hacl_Hash_SHA2_uint8_5p
+    let _ = seal hacl_Hash_SHA2_uint8_6p
+    type hacl_Hash_SHA2_uint8_7p = [ `hacl_Hash_SHA2_uint8_7p ] structure
+    let (hacl_Hash_SHA2_uint8_7p :
+      [ `hacl_Hash_SHA2_uint8_7p ] structure typ) =
+      structure "Hacl_Hash_SHA2_uint8_7p_s"
+    let hacl_Hash_SHA2_uint8_7p_fst =
+      field hacl_Hash_SHA2_uint8_7p "fst" (ptr uint8_t)
+    let hacl_Hash_SHA2_uint8_7p_snd =
+      field hacl_Hash_SHA2_uint8_7p "snd" hacl_Hash_SHA2_uint8_6p
+    let _ = seal hacl_Hash_SHA2_uint8_7p
+    type hacl_Hash_SHA2_uint8_8p = [ `hacl_Hash_SHA2_uint8_8p ] structure
+    let (hacl_Hash_SHA2_uint8_8p :
+      [ `hacl_Hash_SHA2_uint8_8p ] structure typ) =
+      structure "Hacl_Hash_SHA2_uint8_8p_s"
+    let hacl_Hash_SHA2_uint8_8p_fst =
+      field hacl_Hash_SHA2_uint8_8p "fst" (ptr uint8_t)
+    let hacl_Hash_SHA2_uint8_8p_snd =
+      field hacl_Hash_SHA2_uint8_8p "snd" hacl_Hash_SHA2_uint8_7p
+    let _ = seal hacl_Hash_SHA2_uint8_8p
+    type hacl_Hash_SHA2_uint8_2x4p = [ `hacl_Hash_SHA2_uint8_2x4p ] structure
+    let (hacl_Hash_SHA2_uint8_2x4p :
+      [ `hacl_Hash_SHA2_uint8_2x4p ] structure typ) =
+      structure "Hacl_Hash_SHA2_uint8_2x4p_s"
+    let hacl_Hash_SHA2_uint8_2x4p_fst =
+      field hacl_Hash_SHA2_uint8_2x4p "fst" hacl_Hash_SHA2_uint8_4p
+    let hacl_Hash_SHA2_uint8_2x4p_snd =
+      field hacl_Hash_SHA2_uint8_2x4p "snd" hacl_Hash_SHA2_uint8_4p
+    let _ = seal hacl_Hash_SHA2_uint8_2x4p
+    type hacl_Hash_SHA2_uint8_2x8p = [ `hacl_Hash_SHA2_uint8_2x8p ] structure
+    let (hacl_Hash_SHA2_uint8_2x8p :
+      [ `hacl_Hash_SHA2_uint8_2x8p ] structure typ) =
+      structure "Hacl_Hash_SHA2_uint8_2x8p_s"
+    let hacl_Hash_SHA2_uint8_2x8p_fst =
+      field hacl_Hash_SHA2_uint8_2x8p "fst" hacl_Hash_SHA2_uint8_8p
+    let hacl_Hash_SHA2_uint8_2x8p_snd =
+      field hacl_Hash_SHA2_uint8_2x8p "snd" hacl_Hash_SHA2_uint8_8p
+    let _ = seal hacl_Hash_SHA2_uint8_2x8p
   end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Streaming_Blake2_bindings.ml b/ocaml/lib/Hacl_Streaming_Blake2_bindings.ml
deleted file mode 100644
index b187f0c1..00000000
--- a/ocaml/lib/Hacl_Streaming_Blake2_bindings.ml
+++ /dev/null
@@ -1,90 +0,0 @@
-open Ctypes
-module Bindings(F:Cstubs.FOREIGN) =
-  struct
-    open F
-    module Hacl_Streaming_Types_applied =
-      (Hacl_Streaming_Types_bindings.Bindings)(Hacl_Streaming_Types_stubs)
-    open Hacl_Streaming_Types_applied
-    type hacl_Streaming_Blake2_blake2s_32_block_state =
-      [ `hacl_Streaming_Blake2_blake2s_32_block_state ] structure
-    let (hacl_Streaming_Blake2_blake2s_32_block_state :
-      [ `hacl_Streaming_Blake2_blake2s_32_block_state ] structure typ) =
-      structure "Hacl_Streaming_Blake2_blake2s_32_block_state_s"
-    let hacl_Streaming_Blake2_blake2s_32_block_state_fst =
-      field hacl_Streaming_Blake2_blake2s_32_block_state "fst" (ptr uint32_t)
-    let hacl_Streaming_Blake2_blake2s_32_block_state_snd =
-      field hacl_Streaming_Blake2_blake2s_32_block_state "snd" (ptr uint32_t)
-    let _ = seal hacl_Streaming_Blake2_blake2s_32_block_state
-    type hacl_Streaming_Blake2_blake2b_32_block_state =
-      [ `hacl_Streaming_Blake2_blake2b_32_block_state ] structure
-    let (hacl_Streaming_Blake2_blake2b_32_block_state :
-      [ `hacl_Streaming_Blake2_blake2b_32_block_state ] structure typ) =
-      structure "Hacl_Streaming_Blake2_blake2b_32_block_state_s"
-    let hacl_Streaming_Blake2_blake2b_32_block_state_fst =
-      field hacl_Streaming_Blake2_blake2b_32_block_state "fst" (ptr uint64_t)
-    let hacl_Streaming_Blake2_blake2b_32_block_state_snd =
-      field hacl_Streaming_Blake2_blake2b_32_block_state "snd" (ptr uint64_t)
-    let _ = seal hacl_Streaming_Blake2_blake2b_32_block_state
-    type hacl_Streaming_Blake2_blake2s_32_state =
-      [ `hacl_Streaming_Blake2_blake2s_32_state ] structure
-    let (hacl_Streaming_Blake2_blake2s_32_state :
-      [ `hacl_Streaming_Blake2_blake2s_32_state ] structure typ) =
-      structure "Hacl_Streaming_Blake2_blake2s_32_state_s"
-    let hacl_Streaming_Blake2_blake2s_32_state_block_state =
-      field hacl_Streaming_Blake2_blake2s_32_state "block_state"
-        hacl_Streaming_Blake2_blake2s_32_block_state
-    let hacl_Streaming_Blake2_blake2s_32_state_buf =
-      field hacl_Streaming_Blake2_blake2s_32_state "buf" (ptr uint8_t)
-    let hacl_Streaming_Blake2_blake2s_32_state_total_len =
-      field hacl_Streaming_Blake2_blake2s_32_state "total_len" uint64_t
-    let _ = seal hacl_Streaming_Blake2_blake2s_32_state
-    type hacl_Streaming_Blake2_blake2b_32_state =
-      [ `hacl_Streaming_Blake2_blake2b_32_state ] structure
-    let (hacl_Streaming_Blake2_blake2b_32_state :
-      [ `hacl_Streaming_Blake2_blake2b_32_state ] structure typ) =
-      structure "Hacl_Streaming_Blake2_blake2b_32_state_s"
-    let hacl_Streaming_Blake2_blake2b_32_state_block_state =
-      field hacl_Streaming_Blake2_blake2b_32_state "block_state"
-        hacl_Streaming_Blake2_blake2b_32_block_state
-    let hacl_Streaming_Blake2_blake2b_32_state_buf =
-      field hacl_Streaming_Blake2_blake2b_32_state "buf" (ptr uint8_t)
-    let hacl_Streaming_Blake2_blake2b_32_state_total_len =
-      field hacl_Streaming_Blake2_blake2b_32_state "total_len" uint64_t
-    let _ = seal hacl_Streaming_Blake2_blake2b_32_state
-    let hacl_Streaming_Blake2_blake2s_32_no_key_create_in =
-      foreign "Hacl_Streaming_Blake2_blake2s_32_no_key_create_in"
-        (void @-> (returning (ptr hacl_Streaming_Blake2_blake2s_32_state)))
-    let hacl_Streaming_Blake2_blake2s_32_no_key_init =
-      foreign "Hacl_Streaming_Blake2_blake2s_32_no_key_init"
-        ((ptr hacl_Streaming_Blake2_blake2s_32_state) @-> (returning void))
-    let hacl_Streaming_Blake2_blake2s_32_no_key_update =
-      foreign "Hacl_Streaming_Blake2_blake2s_32_no_key_update"
-        ((ptr hacl_Streaming_Blake2_blake2s_32_state) @->
-           (ocaml_bytes @->
-              (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_Blake2_blake2s_32_no_key_finish =
-      foreign "Hacl_Streaming_Blake2_blake2s_32_no_key_finish"
-        ((ptr hacl_Streaming_Blake2_blake2s_32_state) @->
-           (ocaml_bytes @-> (returning void)))
-    let hacl_Streaming_Blake2_blake2s_32_no_key_free =
-      foreign "Hacl_Streaming_Blake2_blake2s_32_no_key_free"
-        ((ptr hacl_Streaming_Blake2_blake2s_32_state) @-> (returning void))
-    let hacl_Streaming_Blake2_blake2b_32_no_key_create_in =
-      foreign "Hacl_Streaming_Blake2_blake2b_32_no_key_create_in"
-        (void @-> (returning (ptr hacl_Streaming_Blake2_blake2b_32_state)))
-    let hacl_Streaming_Blake2_blake2b_32_no_key_init =
-      foreign "Hacl_Streaming_Blake2_blake2b_32_no_key_init"
-        ((ptr hacl_Streaming_Blake2_blake2b_32_state) @-> (returning void))
-    let hacl_Streaming_Blake2_blake2b_32_no_key_update =
-      foreign "Hacl_Streaming_Blake2_blake2b_32_no_key_update"
-        ((ptr hacl_Streaming_Blake2_blake2b_32_state) @->
-           (ocaml_bytes @->
-              (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_Blake2_blake2b_32_no_key_finish =
-      foreign "Hacl_Streaming_Blake2_blake2b_32_no_key_finish"
-        ((ptr hacl_Streaming_Blake2_blake2b_32_state) @->
-           (ocaml_bytes @-> (returning void)))
-    let hacl_Streaming_Blake2_blake2b_32_no_key_free =
-      foreign "Hacl_Streaming_Blake2_blake2b_32_no_key_free"
-        ((ptr hacl_Streaming_Blake2_blake2b_32_state) @-> (returning void))
-  end
\ No newline at end of file
diff --git a/ocaml/lib/Hacl_Streaming_Poly1305_32_bindings.ml b/ocaml/lib/Hacl_Streaming_Poly1305_32_bindings.ml
deleted file mode 100644
index 19518351..00000000
--- a/ocaml/lib/Hacl_Streaming_Poly1305_32_bindings.ml
+++ /dev/null
@@ -1,46 +0,0 @@
-open Ctypes
-module Bindings(F:Cstubs.FOREIGN) =
-  struct
-    open F
-    module Hacl_Streaming_Types_applied =
-      (Hacl_Streaming_Types_bindings.Bindings)(Hacl_Streaming_Types_stubs)
-    open Hacl_Streaming_Types_applied
-    type hacl_Streaming_Poly1305_32_poly1305_32_state =
-      [ `hacl_Streaming_Poly1305_32_poly1305_32_state ] structure
-    let (hacl_Streaming_Poly1305_32_poly1305_32_state :
-      [ `hacl_Streaming_Poly1305_32_poly1305_32_state ] structure typ) =
-      structure "Hacl_Streaming_Poly1305_32_poly1305_32_state_s"
-    let hacl_Streaming_Poly1305_32_poly1305_32_state_block_state =
-      field hacl_Streaming_Poly1305_32_poly1305_32_state "block_state"
-        (ptr uint64_t)
-    let hacl_Streaming_Poly1305_32_poly1305_32_state_buf =
-      field hacl_Streaming_Poly1305_32_poly1305_32_state "buf" (ptr uint8_t)
-    let hacl_Streaming_Poly1305_32_poly1305_32_state_total_len =
-      field hacl_Streaming_Poly1305_32_poly1305_32_state "total_len" uint64_t
-    let hacl_Streaming_Poly1305_32_poly1305_32_state_p_key =
-      field hacl_Streaming_Poly1305_32_poly1305_32_state "p_key"
-        (ptr uint8_t)
-    let _ = seal hacl_Streaming_Poly1305_32_poly1305_32_state
-    let hacl_Streaming_Poly1305_32_create_in =
-      foreign "Hacl_Streaming_Poly1305_32_create_in"
-        (ocaml_bytes @->
-           (returning (ptr hacl_Streaming_Poly1305_32_poly1305_32_state)))
-    let hacl_Streaming_Poly1305_32_init =
-      foreign "Hacl_Streaming_Poly1305_32_init"
-        (ocaml_bytes @->
-           ((ptr hacl_Streaming_Poly1305_32_poly1305_32_state) @->
-              (returning void)))
-    let hacl_Streaming_Poly1305_32_update =
-      foreign "Hacl_Streaming_Poly1305_32_update"
-        ((ptr hacl_Streaming_Poly1305_32_poly1305_32_state) @->
-           (ocaml_bytes @->
-              (uint32_t @-> (returning hacl_Streaming_Types_error_code))))
-    let hacl_Streaming_Poly1305_32_finish =
-      foreign "Hacl_Streaming_Poly1305_32_finish"
-        ((ptr hacl_Streaming_Poly1305_32_poly1305_32_state) @->
-           (ocaml_bytes @-> (returning void)))
-    let hacl_Streaming_Poly1305_32_free =
-      foreign "Hacl_Streaming_Poly1305_32_free"
-        ((ptr hacl_Streaming_Poly1305_32_poly1305_32_state) @->
-           (returning void))
-  end
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd128_gen.ml b/ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd128_gen.ml
new file mode 100644
index 00000000..e91a1996
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd128_gen.ml
@@ -0,0 +1,10 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_AEAD_Chacha20Poly1305_Simd128_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_AEAD_Chacha20Poly1305_Simd128_c_stubs.c"));
+   Format.printf "#include \"Hacl_AEAD_Chacha20Poly1305_Simd128.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_AEAD_Chacha20Poly1305_Simd128_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd256_gen.ml b/ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd256_gen.ml
new file mode 100644
index 00000000..0bf3dcf1
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_Simd256_gen.ml
@@ -0,0 +1,10 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_AEAD_Chacha20Poly1305_Simd256_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_AEAD_Chacha20Poly1305_Simd256_c_stubs.c"));
+   Format.printf "#include \"Hacl_AEAD_Chacha20Poly1305_Simd256.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_AEAD_Chacha20Poly1305_Simd256_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_gen.ml b/ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_gen.ml
new file mode 100644
index 00000000..07d62b07
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_AEAD_Chacha20Poly1305_gen.ml
@@ -0,0 +1,10 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_AEAD_Chacha20Poly1305_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_AEAD_Chacha20Poly1305_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_AEAD_Chacha20Poly1305_c_stubs.c"));
+   Format.printf "#include \"Hacl_AEAD_Chacha20Poly1305.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_AEAD_Chacha20Poly1305_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Chacha20Poly1305_128_gen.ml b/ocaml/lib_gen/Hacl_Chacha20Poly1305_128_gen.ml
deleted file mode 100644
index c1173562..00000000
--- a/ocaml/lib_gen/Hacl_Chacha20Poly1305_128_gen.ml
+++ /dev/null
@@ -1,10 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Chacha20Poly1305_128_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Chacha20Poly1305_128_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Chacha20Poly1305_128_c_stubs.c"));
-   Format.printf "#include \"Hacl_Chacha20Poly1305_128.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Chacha20Poly1305_128_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Chacha20Poly1305_256_gen.ml b/ocaml/lib_gen/Hacl_Chacha20Poly1305_256_gen.ml
deleted file mode 100644
index 7fdddf83..00000000
--- a/ocaml/lib_gen/Hacl_Chacha20Poly1305_256_gen.ml
+++ /dev/null
@@ -1,10 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Chacha20Poly1305_256_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Chacha20Poly1305_256_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Chacha20Poly1305_256_c_stubs.c"));
-   Format.printf "#include \"Hacl_Chacha20Poly1305_256.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Chacha20Poly1305_256_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Chacha20Poly1305_32_gen.ml b/ocaml/lib_gen/Hacl_Chacha20Poly1305_32_gen.ml
deleted file mode 100644
index 9f5ef8dd..00000000
--- a/ocaml/lib_gen/Hacl_Chacha20Poly1305_32_gen.ml
+++ /dev/null
@@ -1,10 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Chacha20Poly1305_32_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Chacha20Poly1305_32_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Chacha20Poly1305_32_c_stubs.c"));
-   Format.printf "#include \"Hacl_Chacha20Poly1305_32.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Chacha20Poly1305_32_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_HMAC_gen.ml b/ocaml/lib_gen/Hacl_HMAC_gen.ml
index 4ab03a3d..51dcf35a 100644
--- a/ocaml/lib_gen/Hacl_HMAC_gen.ml
+++ b/ocaml/lib_gen/Hacl_HMAC_gen.ml
@@ -3,6 +3,7 @@ let _ =
      Cstubs.write_ml Format.std_formatter ~prefix:""
        (module Hacl_HMAC_bindings.Bindings));
     Format.set_formatter_out_channel (open_out_bin "lib/Hacl_HMAC_c_stubs.c"));
-   Format.printf "#include \"Hacl_HMAC.h\"\n");
+   Format.printf
+     "#include \"Hacl_HMAC.h\"\n#include \"internal/Hacl_HMAC.h\"\n");
   Cstubs.write_c Format.std_formatter ~prefix:""
     (module Hacl_HMAC_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Hash_Blake2_gen.ml b/ocaml/lib_gen/Hacl_Hash_Blake2_gen.ml
deleted file mode 100644
index 7e335472..00000000
--- a/ocaml/lib_gen/Hacl_Hash_Blake2_gen.ml
+++ /dev/null
@@ -1,11 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Hash_Blake2_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Hash_Blake2_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Hash_Blake2_c_stubs.c"));
-   Format.printf
-     "#include \"Hacl_Hash_Blake2.h\"\n#include \"internal/Hacl_Hash_Blake2.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Hash_Blake2_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Hash_Blake2b_256_gen.ml b/ocaml/lib_gen/Hacl_Hash_Blake2b_256_gen.ml
deleted file mode 100644
index a035fb8a..00000000
--- a/ocaml/lib_gen/Hacl_Hash_Blake2b_256_gen.ml
+++ /dev/null
@@ -1,10 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Hash_Blake2b_256_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Hash_Blake2b_256_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Hash_Blake2b_256_c_stubs.c"));
-   Format.printf "#include \"Hacl_Hash_Blake2b_256.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Hash_Blake2b_256_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Hash_Blake2b_Simd256_gen.ml b/ocaml/lib_gen/Hacl_Hash_Blake2b_Simd256_gen.ml
new file mode 100644
index 00000000..3e19420c
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_Hash_Blake2b_Simd256_gen.ml
@@ -0,0 +1,11 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_Hash_Blake2b_Simd256_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_Hash_Blake2b_Simd256_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_Hash_Blake2b_Simd256_c_stubs.c"));
+   Format.printf
+     "#include \"Hacl_Hash_Blake2b_Simd256.h\"\n#include \"internal/Hacl_Hash_Blake2b_Simd256.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_Hash_Blake2b_Simd256_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Hash_Blake2b_gen.ml b/ocaml/lib_gen/Hacl_Hash_Blake2b_gen.ml
new file mode 100644
index 00000000..ca1856d2
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_Hash_Blake2b_gen.ml
@@ -0,0 +1,11 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_Hash_Blake2b_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_Hash_Blake2b_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_Hash_Blake2b_c_stubs.c"));
+   Format.printf
+     "#include \"Hacl_Hash_Blake2b.h\"\n#include \"internal/Hacl_Hash_Blake2b.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_Hash_Blake2b_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Hash_Blake2s_128_gen.ml b/ocaml/lib_gen/Hacl_Hash_Blake2s_128_gen.ml
deleted file mode 100644
index fbf40aa6..00000000
--- a/ocaml/lib_gen/Hacl_Hash_Blake2s_128_gen.ml
+++ /dev/null
@@ -1,10 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Hash_Blake2s_128_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Hash_Blake2s_128_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Hash_Blake2s_128_c_stubs.c"));
-   Format.printf "#include \"Hacl_Hash_Blake2s_128.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Hash_Blake2s_128_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Hash_Blake2s_Simd128_gen.ml b/ocaml/lib_gen/Hacl_Hash_Blake2s_Simd128_gen.ml
new file mode 100644
index 00000000..f0ecc3bf
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_Hash_Blake2s_Simd128_gen.ml
@@ -0,0 +1,11 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_Hash_Blake2s_Simd128_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_Hash_Blake2s_Simd128_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_Hash_Blake2s_Simd128_c_stubs.c"));
+   Format.printf
+     "#include \"Hacl_Hash_Blake2s_Simd128.h\"\n#include \"internal/Hacl_Hash_Blake2s_Simd128.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_Hash_Blake2s_Simd128_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Hash_Blake2s_gen.ml b/ocaml/lib_gen/Hacl_Hash_Blake2s_gen.ml
new file mode 100644
index 00000000..b7b456b8
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_Hash_Blake2s_gen.ml
@@ -0,0 +1,11 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_Hash_Blake2s_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_Hash_Blake2s_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_Hash_Blake2s_c_stubs.c"));
+   Format.printf
+     "#include \"Hacl_Hash_Blake2s.h\"\n#include \"internal/Hacl_Hash_Blake2s.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_Hash_Blake2s_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_MAC_Poly1305_Simd128_gen.ml b/ocaml/lib_gen/Hacl_MAC_Poly1305_Simd128_gen.ml
new file mode 100644
index 00000000..62d120cf
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_MAC_Poly1305_Simd128_gen.ml
@@ -0,0 +1,11 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_MAC_Poly1305_Simd128_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_MAC_Poly1305_Simd128_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_MAC_Poly1305_Simd128_c_stubs.c"));
+   Format.printf
+     "#include \"Hacl_MAC_Poly1305_Simd128.h\"\n#include \"internal/Hacl_MAC_Poly1305_Simd128.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_MAC_Poly1305_Simd128_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_MAC_Poly1305_Simd256_gen.ml b/ocaml/lib_gen/Hacl_MAC_Poly1305_Simd256_gen.ml
new file mode 100644
index 00000000..8263ce60
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_MAC_Poly1305_Simd256_gen.ml
@@ -0,0 +1,11 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_MAC_Poly1305_Simd256_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_MAC_Poly1305_Simd256_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_MAC_Poly1305_Simd256_c_stubs.c"));
+   Format.printf
+     "#include \"Hacl_MAC_Poly1305_Simd256.h\"\n#include \"internal/Hacl_MAC_Poly1305_Simd256.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_MAC_Poly1305_Simd256_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_MAC_Poly1305_gen.ml b/ocaml/lib_gen/Hacl_MAC_Poly1305_gen.ml
new file mode 100644
index 00000000..5af31ea0
--- /dev/null
+++ b/ocaml/lib_gen/Hacl_MAC_Poly1305_gen.ml
@@ -0,0 +1,11 @@
+let _ =
+  (((Format.set_formatter_out_channel
+       (open_out_bin "lib/Hacl_MAC_Poly1305_stubs.ml");
+     Cstubs.write_ml Format.std_formatter ~prefix:""
+       (module Hacl_MAC_Poly1305_bindings.Bindings));
+    Format.set_formatter_out_channel
+      (open_out_bin "lib/Hacl_MAC_Poly1305_c_stubs.c"));
+   Format.printf
+     "#include \"Hacl_MAC_Poly1305.h\"\n#include \"internal/Hacl_MAC_Poly1305.h\"\n");
+  Cstubs.write_c Format.std_formatter ~prefix:""
+    (module Hacl_MAC_Poly1305_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Poly1305_128_gen.ml b/ocaml/lib_gen/Hacl_Poly1305_128_gen.ml
deleted file mode 100644
index baeebf3a..00000000
--- a/ocaml/lib_gen/Hacl_Poly1305_128_gen.ml
+++ /dev/null
@@ -1,11 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Poly1305_128_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Poly1305_128_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Poly1305_128_c_stubs.c"));
-   Format.printf
-     "#include \"Hacl_Poly1305_128.h\"\n#include \"internal/Hacl_Poly1305_128.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Poly1305_128_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Poly1305_256_gen.ml b/ocaml/lib_gen/Hacl_Poly1305_256_gen.ml
deleted file mode 100644
index 8eedeae7..00000000
--- a/ocaml/lib_gen/Hacl_Poly1305_256_gen.ml
+++ /dev/null
@@ -1,11 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Poly1305_256_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Poly1305_256_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Poly1305_256_c_stubs.c"));
-   Format.printf
-     "#include \"Hacl_Poly1305_256.h\"\n#include \"internal/Hacl_Poly1305_256.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Poly1305_256_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Poly1305_32_gen.ml b/ocaml/lib_gen/Hacl_Poly1305_32_gen.ml
deleted file mode 100644
index 5b31ff8c..00000000
--- a/ocaml/lib_gen/Hacl_Poly1305_32_gen.ml
+++ /dev/null
@@ -1,10 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Poly1305_32_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Poly1305_32_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Poly1305_32_c_stubs.c"));
-   Format.printf "#include \"Hacl_Poly1305_32.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Poly1305_32_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Streaming_Blake2_gen.ml b/ocaml/lib_gen/Hacl_Streaming_Blake2_gen.ml
deleted file mode 100644
index 037a92bd..00000000
--- a/ocaml/lib_gen/Hacl_Streaming_Blake2_gen.ml
+++ /dev/null
@@ -1,10 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Streaming_Blake2_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Streaming_Blake2_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Streaming_Blake2_c_stubs.c"));
-   Format.printf "#include \"Hacl_Streaming_Blake2.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Streaming_Blake2_bindings.Bindings)
\ No newline at end of file
diff --git a/ocaml/lib_gen/Hacl_Streaming_Poly1305_32_gen.ml b/ocaml/lib_gen/Hacl_Streaming_Poly1305_32_gen.ml
deleted file mode 100644
index 8ffcc67f..00000000
--- a/ocaml/lib_gen/Hacl_Streaming_Poly1305_32_gen.ml
+++ /dev/null
@@ -1,10 +0,0 @@
-let _ =
-  (((Format.set_formatter_out_channel
-       (open_out_bin "lib/Hacl_Streaming_Poly1305_32_stubs.ml");
-     Cstubs.write_ml Format.std_formatter ~prefix:""
-       (module Hacl_Streaming_Poly1305_32_bindings.Bindings));
-    Format.set_formatter_out_channel
-      (open_out_bin "lib/Hacl_Streaming_Poly1305_32_c_stubs.c"));
-   Format.printf "#include \"Hacl_Streaming_Poly1305_32.h\"\n");
-  Cstubs.write_c Format.std_formatter ~prefix:""
-    (module Hacl_Streaming_Poly1305_32_bindings.Bindings)
\ No newline at end of file
diff --git a/rust/hacl-sys/build.rs b/rust/hacl-sys/build.rs
index 6f953c1e..55f7393d 100644
--- a/rust/hacl-sys/build.rs
+++ b/rust/hacl-sys/build.rs
@@ -25,11 +25,8 @@ fn create_bindings(include_path: &Path, home_dir: &Path) {
         .allowlist_function("EverCrypt_HMAC_.*")
         .allowlist_function("Hacl_P256_.*")
         .allowlist_function("Hacl_RSAPSS_.*")
-        .allowlist_function("Hacl_SHA3_.*")
-        .allowlist_function("Hacl_Chacha20Poly1305_.*")
+        .allowlist_function("Hacl_AEAD_Chacha20Poly1305_.*")
         .allowlist_function("Hacl_Hash_.*")
-        .allowlist_function("Hacl_Streaming_.*")
-        .allowlist_function("Hacl_Blake2.*")
         .allowlist_function("Hacl_Curve25519_.*")
         .allowlist_function("Hacl_HKDF_.*")
         .allowlist_function("Hacl_HMAC_.*")
@@ -39,19 +36,18 @@ fn create_bindings(include_path: &Path, home_dir: &Path) {
         .allowlist_var("EverCrypt_Error_.*")
         .allowlist_var("Spec_.*")
         .allowlist_type("Spec_.*")
-        .allowlist_type("Hacl_Streaming_SHA2_state.*")
-        .allowlist_type("Hacl_Streaming_Keccak_state.*")
         .allowlist_type("Hacl_HMAC_DRBG_.*")
+        .allowlist_type("Hacl_Hash_.*")
         // Block everything we don't need or define ourselves.
         .blocklist_type("EverCrypt_AEAD_state_s.*")
         // These functions currently use FFI-unsafe u128
         .blocklist_type("FStar_UInt128_uint128")
-        .blocklist_function("Hacl_Streaming_SHA2_update_last_384")
-        .blocklist_function("Hacl_Streaming_SHA2_update_last_512")
-        .blocklist_function("Hacl_Blake2b_32_blake2b_update_multi")
-        .blocklist_function("Hacl_Blake2b_32_blake2b_update_last")
-        .blocklist_function("Hacl_Blake2b_256_blake2b_update_multi")
-        .blocklist_function("Hacl_Blake2b_256_blake2b_update_last")
+        .blocklist_function("Hacl_Hash_SHA2_update_last_384")
+        .blocklist_function("Hacl_Hash_SHA2_update_last_512")
+        .blocklist_function("Hacl_Hash_Blake2b_update_multi")
+        .blocklist_function("Hacl_Hash_Blake2b_update_last")
+        .blocklist_function("Hacl_Hash_Blake2b_Simd256_update_multi")
+        .blocklist_function("Hacl_Hash_Blake2b_Simd256_update_last")
         // Disable tests to avoid warnings and keep it portable
         .layout_tests(false)
         // Generate bindings
diff --git a/rust/hacl-sys/src/bindings/bindings.rs b/rust/hacl-sys/src/bindings/bindings.rs
index 5ac5a1bc..fd024e15 100644
--- a/rust/hacl-sys/src/bindings/bindings.rs
+++ b/rust/hacl-sys/src/bindings/bindings.rs
@@ -1,4 +1,4 @@
-/* automatically generated by rust-bindgen 0.65.1 */
+/* automatically generated by rust-bindgen 0.68.1 */
 
 pub const Spec_FFDHE_FFDHE2048: u32 = 0;
 pub const Spec_FFDHE_FFDHE3072: u32 = 1;
@@ -37,85 +37,81 @@ pub type Spec_FFDHE_ffdhe_alg = u8;
 pub type Spec_Agile_AEAD_alg = u8;
 pub type EverCrypt_Error_error_code = u8;
 extern "C" {
-    #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."]
-    pub fn Hacl_Chacha20Poly1305_32_aead_encrypt(
-        k: *mut u8,
-        n: *mut u8,
-        aadlen: u32,
-        aad: *mut u8,
-        mlen: u32,
-        m: *mut u8,
-        cipher: *mut u8,
-        mac: *mut u8,
+    #[doc = "Encrypt a message `input` with key `key`.\n\nThe arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.\n\n@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.\n@param tag Pointer to 16 bytes of memory where the mac is written to.\n@param input Pointer to `input_len` bytes of memory where the message is read from.\n@param input_len Length of the message.\n@param data Pointer to `data_len` bytes of memory where the associated data is read from.\n@param data_len Length of the associated data.\n@param key Pointer to 32 bytes of memory where the AEAD key is read from.\n@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from."]
+    pub fn Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(
+        output: *mut u8,
+        tag: *mut u8,
+        input: *mut u8,
+        input_len: u32,
+        data: *mut u8,
+        data_len: u32,
+        key: *mut u8,
+        nonce: *mut u8,
     );
 }
 extern "C" {
-    #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
-    pub fn Hacl_Chacha20Poly1305_32_aead_decrypt(
-        k: *mut u8,
-        n: *mut u8,
-        aadlen: u32,
-        aad: *mut u8,
-        mlen: u32,
-        m: *mut u8,
-        cipher: *mut u8,
-        mac: *mut u8,
+    #[doc = "Decrypt a ciphertext `input` with key `key`.\n\nThe arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.\nIf decryption fails, the array `output` remains unchanged and the function returns the error code 1.\n\n@param output Pointer to `input_len` bytes of memory where the message is written to.\n@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.\n@param input_len Length of the ciphertext.\n@param data Pointer to `data_len` bytes of memory where the associated data is read from.\n@param data_len Length of the associated data.\n@param key Pointer to 32 bytes of memory where the AEAD key is read from.\n@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param tag Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
+    pub fn Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(
+        output: *mut u8,
+        input: *mut u8,
+        input_len: u32,
+        data: *mut u8,
+        data_len: u32,
+        key: *mut u8,
+        nonce: *mut u8,
+        tag: *mut u8,
     ) -> u32;
 }
-pub type __m128i = [::std::os::raw::c_longlong; 2usize];
-pub type Lib_IntVector_Intrinsics_vec128 = __m128i;
-pub type __m256i = [::std::os::raw::c_longlong; 4usize];
-pub type Lib_IntVector_Intrinsics_vec256 = __m256i;
 extern "C" {
-    #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."]
-    pub fn Hacl_Chacha20Poly1305_256_aead_encrypt(
-        k: *mut u8,
-        n: *mut u8,
-        aadlen: u32,
-        aad: *mut u8,
-        mlen: u32,
-        m: *mut u8,
-        cipher: *mut u8,
-        mac: *mut u8,
+    #[doc = "Encrypt a message `input` with key `key`.\n\nThe arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.\n\n@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.\n@param tag Pointer to 16 bytes of memory where the mac is written to.\n@param input Pointer to `input_len` bytes of memory where the message is read from.\n@param input_len Length of the message.\n@param data Pointer to `data_len` bytes of memory where the associated data is read from.\n@param data_len Length of the associated data.\n@param key Pointer to 32 bytes of memory where the AEAD key is read from.\n@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from."]
+    pub fn Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(
+        output: *mut u8,
+        tag: *mut u8,
+        input: *mut u8,
+        input_len: u32,
+        data: *mut u8,
+        data_len: u32,
+        key: *mut u8,
+        nonce: *mut u8,
     );
 }
 extern "C" {
-    #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
-    pub fn Hacl_Chacha20Poly1305_256_aead_decrypt(
-        k: *mut u8,
-        n: *mut u8,
-        aadlen: u32,
-        aad: *mut u8,
-        mlen: u32,
-        m: *mut u8,
-        cipher: *mut u8,
-        mac: *mut u8,
+    #[doc = "Decrypt a ciphertext `input` with key `key`.\n\nThe arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.\nIf decryption fails, the array `output` remains unchanged and the function returns the error code 1.\n\n@param output Pointer to `input_len` bytes of memory where the message is written to.\n@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.\n@param input_len Length of the ciphertext.\n@param data Pointer to `data_len` bytes of memory where the associated data is read from.\n@param data_len Length of the associated data.\n@param key Pointer to 32 bytes of memory where the AEAD key is read from.\n@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param tag Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
+    pub fn Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(
+        output: *mut u8,
+        input: *mut u8,
+        input_len: u32,
+        data: *mut u8,
+        data_len: u32,
+        key: *mut u8,
+        nonce: *mut u8,
+        tag: *mut u8,
     ) -> u32;
 }
 extern "C" {
-    #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."]
-    pub fn Hacl_Chacha20Poly1305_128_aead_encrypt(
-        k: *mut u8,
-        n: *mut u8,
-        aadlen: u32,
-        aad: *mut u8,
-        mlen: u32,
-        m: *mut u8,
-        cipher: *mut u8,
-        mac: *mut u8,
+    #[doc = "Encrypt a message `input` with key `key`.\n\nThe arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.\n\n@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.\n@param tag Pointer to 16 bytes of memory where the mac is written to.\n@param input Pointer to `input_len` bytes of memory where the message is read from.\n@param input_len Length of the message.\n@param data Pointer to `data_len` bytes of memory where the associated data is read from.\n@param data_len Length of the associated data.\n@param key Pointer to 32 bytes of memory where the AEAD key is read from.\n@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from."]
+    pub fn Hacl_AEAD_Chacha20Poly1305_encrypt(
+        output: *mut u8,
+        tag: *mut u8,
+        input: *mut u8,
+        input_len: u32,
+        data: *mut u8,
+        data_len: u32,
+        key: *mut u8,
+        nonce: *mut u8,
     );
 }
 extern "C" {
-    #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
-    pub fn Hacl_Chacha20Poly1305_128_aead_decrypt(
-        k: *mut u8,
-        n: *mut u8,
-        aadlen: u32,
-        aad: *mut u8,
-        mlen: u32,
-        m: *mut u8,
-        cipher: *mut u8,
-        mac: *mut u8,
+    #[doc = "Decrypt a ciphertext `input` with key `key`.\n\nThe arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `output` and `input` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.\nIf decryption fails, the array `output` remains unchanged and the function returns the error code 1.\n\n@param output Pointer to `input_len` bytes of memory where the message is written to.\n@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.\n@param input_len Length of the ciphertext.\n@param data Pointer to `data_len` bytes of memory where the associated data is read from.\n@param data_len Length of the associated data.\n@param key Pointer to 32 bytes of memory where the AEAD key is read from.\n@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param tag Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
+    pub fn Hacl_AEAD_Chacha20Poly1305_decrypt(
+        output: *mut u8,
+        input: *mut u8,
+        input_len: u32,
+        data: *mut u8,
+        data_len: u32,
+        key: *mut u8,
+        nonce: *mut u8,
+        tag: *mut u8,
     ) -> u32;
 }
 extern "C" {
@@ -197,6 +193,7 @@ extern "C" {
     pub fn EverCrypt_AutoConfig2_has_vec256() -> bool;
 }
 extern "C" {
+    #[doc = "Both encryption and decryption require a state that holds the key.\nThe state may be reused as many times as desired."]
     pub fn EverCrypt_AEAD_uu___is_Ek(
         a: Spec_Agile_AEAD_alg,
         projectee: EverCrypt_AEAD_state_s,
@@ -463,123 +460,123 @@ pub struct Hacl_Streaming_MD_state_64_s {
     pub total_len: u64,
 }
 pub type Hacl_Streaming_MD_state_64 = Hacl_Streaming_MD_state_64_s;
-pub type Hacl_Streaming_SHA2_state_sha2_224 = Hacl_Streaming_MD_state_32;
-pub type Hacl_Streaming_SHA2_state_sha2_256 = Hacl_Streaming_MD_state_32;
-pub type Hacl_Streaming_SHA2_state_sha2_384 = Hacl_Streaming_MD_state_64;
-pub type Hacl_Streaming_SHA2_state_sha2_512 = Hacl_Streaming_MD_state_64;
+pub type Hacl_Hash_SHA2_state_t_224 = Hacl_Streaming_MD_state_32;
+pub type Hacl_Hash_SHA2_state_t_256 = Hacl_Streaming_MD_state_32;
+pub type Hacl_Hash_SHA2_state_t_384 = Hacl_Streaming_MD_state_64;
+pub type Hacl_Hash_SHA2_state_t_512 = Hacl_Streaming_MD_state_64;
 extern "C" {
     #[doc = "Allocate initial state for the SHA2_256 hash. The state is to be freed by\ncalling `free_256`."]
-    pub fn Hacl_Streaming_SHA2_create_in_256() -> *mut Hacl_Streaming_MD_state_32;
+    pub fn Hacl_Hash_SHA2_malloc_256() -> *mut Hacl_Streaming_MD_state_32;
 }
 extern "C" {
     #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_256`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."]
-    pub fn Hacl_Streaming_SHA2_copy_256(
-        s0: *mut Hacl_Streaming_MD_state_32,
+    pub fn Hacl_Hash_SHA2_copy_256(
+        state: *mut Hacl_Streaming_MD_state_32,
     ) -> *mut Hacl_Streaming_MD_state_32;
 }
 extern "C" {
     #[doc = "Reset an existing state to the initial hash state with empty data."]
-    pub fn Hacl_Streaming_SHA2_init_256(s: *mut Hacl_Streaming_MD_state_32);
+    pub fn Hacl_Hash_SHA2_reset_256(state: *mut Hacl_Streaming_MD_state_32);
 }
 extern "C" {
-    #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_256`\n(since the last call to `init_256`) exceeds 2^61-1 bytes.\n\nThis function is identical to the update function for SHA2_224."]
-    pub fn Hacl_Streaming_SHA2_update_256(
-        p: *mut Hacl_Streaming_MD_state_32,
+    #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_256`\n(since the last call to `reset_256`) exceeds 2^61-1 bytes.\n\nThis function is identical to the update function for SHA2_224."]
+    pub fn Hacl_Hash_SHA2_update_256(
+        state: *mut Hacl_Streaming_MD_state_32,
         input: *mut u8,
         input_len: u32,
     ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    #[doc = "Write the resulting hash into `dst`, an array of 32 bytes. The state remains\nvalid after a call to `finish_256`, meaning the user may feed more data into\nthe hash via `update_256`. (The finish_256 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"]
-    pub fn Hacl_Streaming_SHA2_finish_256(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8);
+    #[doc = "Write the resulting hash into `output`, an array of 32 bytes. The state remains\nvalid after a call to `digest_256`, meaning the user may feed more data into\nthe hash via `update_256`. (The digest_256 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"]
+    pub fn Hacl_Hash_SHA2_digest_256(state: *mut Hacl_Streaming_MD_state_32, output: *mut u8);
 }
 extern "C" {
-    #[doc = "Free a state allocated with `create_in_256`.\n\nThis function is identical to the free function for SHA2_224."]
-    pub fn Hacl_Streaming_SHA2_free_256(s: *mut Hacl_Streaming_MD_state_32);
+    #[doc = "Free a state allocated with `malloc_256`.\n\nThis function is identical to the free function for SHA2_224."]
+    pub fn Hacl_Hash_SHA2_free_256(state: *mut Hacl_Streaming_MD_state_32);
 }
 extern "C" {
-    #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes."]
-    pub fn Hacl_Streaming_SHA2_hash_256(input: *mut u8, input_len: u32, dst: *mut u8);
+    #[doc = "Hash `input`, of len `input_len`, into `output`, an array of 32 bytes."]
+    pub fn Hacl_Hash_SHA2_hash_256(output: *mut u8, input: *mut u8, input_len: u32);
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_create_in_224() -> *mut Hacl_Streaming_MD_state_32;
+    pub fn Hacl_Hash_SHA2_malloc_224() -> *mut Hacl_Streaming_MD_state_32;
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_init_224(s: *mut Hacl_Streaming_MD_state_32);
+    pub fn Hacl_Hash_SHA2_reset_224(state: *mut Hacl_Streaming_MD_state_32);
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_update_224(
-        p: *mut Hacl_Streaming_MD_state_32,
+    pub fn Hacl_Hash_SHA2_update_224(
+        state: *mut Hacl_Streaming_MD_state_32,
         input: *mut u8,
         input_len: u32,
     ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    #[doc = "Write the resulting hash into `dst`, an array of 28 bytes. The state remains\nvalid after a call to `finish_224`, meaning the user may feed more data into\nthe hash via `update_224`."]
-    pub fn Hacl_Streaming_SHA2_finish_224(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8);
+    #[doc = "Write the resulting hash into `output`, an array of 28 bytes. The state remains\nvalid after a call to `digest_224`, meaning the user may feed more data into\nthe hash via `update_224`."]
+    pub fn Hacl_Hash_SHA2_digest_224(state: *mut Hacl_Streaming_MD_state_32, output: *mut u8);
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_free_224(p: *mut Hacl_Streaming_MD_state_32);
+    pub fn Hacl_Hash_SHA2_free_224(state: *mut Hacl_Streaming_MD_state_32);
 }
 extern "C" {
-    #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes."]
-    pub fn Hacl_Streaming_SHA2_hash_224(input: *mut u8, input_len: u32, dst: *mut u8);
+    #[doc = "Hash `input`, of len `input_len`, into `output`, an array of 28 bytes."]
+    pub fn Hacl_Hash_SHA2_hash_224(output: *mut u8, input: *mut u8, input_len: u32);
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_create_in_512() -> *mut Hacl_Streaming_MD_state_64;
+    pub fn Hacl_Hash_SHA2_malloc_512() -> *mut Hacl_Streaming_MD_state_64;
 }
 extern "C" {
     #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_512`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."]
-    pub fn Hacl_Streaming_SHA2_copy_512(
-        s0: *mut Hacl_Streaming_MD_state_64,
+    pub fn Hacl_Hash_SHA2_copy_512(
+        state: *mut Hacl_Streaming_MD_state_64,
     ) -> *mut Hacl_Streaming_MD_state_64;
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_init_512(s: *mut Hacl_Streaming_MD_state_64);
+    pub fn Hacl_Hash_SHA2_reset_512(state: *mut Hacl_Streaming_MD_state_64);
 }
 extern "C" {
-    #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_512`\n(since the last call to `init_512`) exceeds 2^125-1 bytes.\n\nThis function is identical to the update function for SHA2_384."]
-    pub fn Hacl_Streaming_SHA2_update_512(
-        p: *mut Hacl_Streaming_MD_state_64,
+    #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_512`\n(since the last call to `reset_512`) exceeds 2^125-1 bytes.\n\nThis function is identical to the update function for SHA2_384."]
+    pub fn Hacl_Hash_SHA2_update_512(
+        state: *mut Hacl_Streaming_MD_state_64,
         input: *mut u8,
         input_len: u32,
     ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    #[doc = "Write the resulting hash into `dst`, an array of 64 bytes. The state remains\nvalid after a call to `finish_512`, meaning the user may feed more data into\nthe hash via `update_512`. (The finish_512 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"]
-    pub fn Hacl_Streaming_SHA2_finish_512(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8);
+    #[doc = "Write the resulting hash into `output`, an array of 64 bytes. The state remains\nvalid after a call to `digest_512`, meaning the user may feed more data into\nthe hash via `update_512`. (The digest_512 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"]
+    pub fn Hacl_Hash_SHA2_digest_512(state: *mut Hacl_Streaming_MD_state_64, output: *mut u8);
 }
 extern "C" {
-    #[doc = "Free a state allocated with `create_in_512`.\n\nThis function is identical to the free function for SHA2_384."]
-    pub fn Hacl_Streaming_SHA2_free_512(s: *mut Hacl_Streaming_MD_state_64);
+    #[doc = "Free a state allocated with `malloc_512`.\n\nThis function is identical to the free function for SHA2_384."]
+    pub fn Hacl_Hash_SHA2_free_512(state: *mut Hacl_Streaming_MD_state_64);
 }
 extern "C" {
-    #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes."]
-    pub fn Hacl_Streaming_SHA2_hash_512(input: *mut u8, input_len: u32, dst: *mut u8);
+    #[doc = "Hash `input`, of len `input_len`, into `output`, an array of 64 bytes."]
+    pub fn Hacl_Hash_SHA2_hash_512(output: *mut u8, input: *mut u8, input_len: u32);
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_create_in_384() -> *mut Hacl_Streaming_MD_state_64;
+    pub fn Hacl_Hash_SHA2_malloc_384() -> *mut Hacl_Streaming_MD_state_64;
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_init_384(s: *mut Hacl_Streaming_MD_state_64);
+    pub fn Hacl_Hash_SHA2_reset_384(state: *mut Hacl_Streaming_MD_state_64);
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_update_384(
-        p: *mut Hacl_Streaming_MD_state_64,
+    pub fn Hacl_Hash_SHA2_update_384(
+        state: *mut Hacl_Streaming_MD_state_64,
         input: *mut u8,
         input_len: u32,
     ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    #[doc = "Write the resulting hash into `dst`, an array of 48 bytes. The state remains\nvalid after a call to `finish_384`, meaning the user may feed more data into\nthe hash via `update_384`."]
-    pub fn Hacl_Streaming_SHA2_finish_384(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8);
+    #[doc = "Write the resulting hash into `output`, an array of 48 bytes. The state remains\nvalid after a call to `digest_384`, meaning the user may feed more data into\nthe hash via `update_384`."]
+    pub fn Hacl_Hash_SHA2_digest_384(state: *mut Hacl_Streaming_MD_state_64, output: *mut u8);
 }
 extern "C" {
-    pub fn Hacl_Streaming_SHA2_free_384(p: *mut Hacl_Streaming_MD_state_64);
+    pub fn Hacl_Hash_SHA2_free_384(state: *mut Hacl_Streaming_MD_state_64);
 }
 extern "C" {
-    #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes."]
-    pub fn Hacl_Streaming_SHA2_hash_384(input: *mut u8, input_len: u32, dst: *mut u8);
+    #[doc = "Hash `input`, of len `input_len`, into `output`, an array of 48 bytes."]
+    pub fn Hacl_Hash_SHA2_hash_384(output: *mut u8, input: *mut u8, input_len: u32);
 }
 extern "C" {
     #[doc = "Compute the public key from the private key.\n\nThe outparam `public_key`  points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]."]
@@ -664,84 +661,106 @@ extern "C" {
         ikmlen: u32,
     );
 }
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct Hacl_Hash_Blake2s_block_state_t_s {
+    pub fst: *mut u32,
+    pub snd: *mut u32,
+}
+pub type Hacl_Hash_Blake2s_block_state_t = Hacl_Hash_Blake2s_block_state_t_s;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct Hacl_Hash_Blake2s_state_t_s {
+    pub block_state: Hacl_Hash_Blake2s_block_state_t,
+    pub buf: *mut u8,
+    pub total_len: u64,
+}
+pub type Hacl_Hash_Blake2s_state_t = Hacl_Hash_Blake2s_state_t_s;
 extern "C" {
-    pub fn Hacl_Blake2b_32_blake2b_init(hash: *mut u64, kk: u32, nn: u32);
+    #[doc = "State allocation function when there is no key"]
+    pub fn Hacl_Hash_Blake2s_malloc() -> *mut Hacl_Hash_Blake2s_state_t;
 }
 extern "C" {
-    pub fn Hacl_Blake2b_32_blake2b_update_key(
-        wv: *mut u64,
-        hash: *mut u64,
-        kk: u32,
-        k: *mut u8,
-        ll: u32,
-    );
+    #[doc = "Re-initialization function when there is no key"]
+    pub fn Hacl_Hash_Blake2s_reset(state: *mut Hacl_Hash_Blake2s_state_t);
 }
 extern "C" {
-    pub fn Hacl_Blake2b_32_blake2b_finish(nn: u32, output: *mut u8, hash: *mut u64);
+    #[doc = "Update function when there is no key; 0 = success, 1 = max length exceeded"]
+    pub fn Hacl_Hash_Blake2s_update(
+        state: *mut Hacl_Hash_Blake2s_state_t,
+        chunk: *mut u8,
+        chunk_len: u32,
+    ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
-    pub fn Hacl_Blake2b_32_blake2b(
-        nn: u32,
+    #[doc = "Finish function when there is no key"]
+    pub fn Hacl_Hash_Blake2s_digest(state: *mut Hacl_Hash_Blake2s_state_t, output: *mut u8);
+}
+extern "C" {
+    #[doc = "Free state function when there is no key"]
+    pub fn Hacl_Hash_Blake2s_free(state: *mut Hacl_Hash_Blake2s_state_t);
+}
+extern "C" {
+    #[doc = "Write the BLAKE2s digest of message `input` using key `key` into `output`.\n\n@param output Pointer to `output_len` bytes of memory where the digest is written to.\n@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.\n@param input Pointer to `input_len` bytes of memory where the input message is read from.\n@param input_len Length of the input message.\n@param key Pointer to `key_len` bytes of memory where the key is read from.\n@param key_len Length of the key. Can be 0."]
+    pub fn Hacl_Hash_Blake2s_hash_with_key(
         output: *mut u8,
-        ll: u32,
-        d: *mut u8,
-        kk: u32,
-        k: *mut u8,
+        output_len: u32,
+        input: *mut u8,
+        input_len: u32,
+        key: *mut u8,
+        key_len: u32,
     );
 }
-extern "C" {
-    pub fn Hacl_Blake2b_32_blake2b_malloc() -> *mut u64;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct Hacl_Hash_Blake2b_block_state_t_s {
+    pub fst: *mut u64,
+    pub snd: *mut u64,
+}
+pub type Hacl_Hash_Blake2b_block_state_t = Hacl_Hash_Blake2b_block_state_t_s;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct Hacl_Hash_Blake2b_state_t_s {
+    pub block_state: Hacl_Hash_Blake2b_block_state_t,
+    pub buf: *mut u8,
+    pub total_len: u64,
 }
+pub type Hacl_Hash_Blake2b_state_t = Hacl_Hash_Blake2b_state_t_s;
 extern "C" {
-    pub fn Hacl_Blake2s_32_blake2s_init(hash: *mut u32, kk: u32, nn: u32);
+    #[doc = "State allocation function when there is no key"]
+    pub fn Hacl_Hash_Blake2b_malloc() -> *mut Hacl_Hash_Blake2b_state_t;
 }
 extern "C" {
-    pub fn Hacl_Blake2s_32_blake2s_update_key(
-        wv: *mut u32,
-        hash: *mut u32,
-        kk: u32,
-        k: *mut u8,
-        ll: u32,
-    );
+    #[doc = "Re-initialization function when there is no key"]
+    pub fn Hacl_Hash_Blake2b_reset(state: *mut Hacl_Hash_Blake2b_state_t);
 }
 extern "C" {
-    pub fn Hacl_Blake2s_32_blake2s_update_multi(
-        len: u32,
-        wv: *mut u32,
-        hash: *mut u32,
-        prev: u64,
-        blocks: *mut u8,
-        nb: u32,
-    );
+    #[doc = "Update function when there is no key; 0 = success, 1 = max length exceeded"]
+    pub fn Hacl_Hash_Blake2b_update(
+        state: *mut Hacl_Hash_Blake2b_state_t,
+        chunk: *mut u8,
+        chunk_len: u32,
+    ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    pub fn Hacl_Blake2s_32_blake2s_update_last(
-        len: u32,
-        wv: *mut u32,
-        hash: *mut u32,
-        prev: u64,
-        rem: u32,
-        d: *mut u8,
-    );
+    #[doc = "Finish function when there is no key"]
+    pub fn Hacl_Hash_Blake2b_digest(state: *mut Hacl_Hash_Blake2b_state_t, output: *mut u8);
 }
 extern "C" {
-    pub fn Hacl_Blake2s_32_blake2s_finish(nn: u32, output: *mut u8, hash: *mut u32);
+    #[doc = "Free state function when there is no key"]
+    pub fn Hacl_Hash_Blake2b_free(state: *mut Hacl_Hash_Blake2b_state_t);
 }
 extern "C" {
-    #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
-    pub fn Hacl_Blake2s_32_blake2s(
-        nn: u32,
+    #[doc = "Write the BLAKE2b digest of message `input` using key `key` into `output`.\n\n@param output Pointer to `output_len` bytes of memory where the digest is written to.\n@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.\n@param input Pointer to `input_len` bytes of memory where the input message is read from.\n@param input_len Length of the input message.\n@param key Pointer to `key_len` bytes of memory where the key is read from.\n@param key_len Length of the key. Can be 0."]
+    pub fn Hacl_Hash_Blake2b_hash_with_key(
         output: *mut u8,
-        ll: u32,
-        d: *mut u8,
-        kk: u32,
-        k: *mut u8,
+        output_len: u32,
+        input: *mut u8,
+        input_len: u32,
+        key: *mut u8,
+        key_len: u32,
     );
 }
-extern "C" {
-    pub fn Hacl_Blake2s_32_blake2s_malloc() -> *mut u32;
-}
 extern "C" {
     pub fn EverCrypt_HMAC_is_supported_alg(uu___: Spec_Hash_Definitions_hash_alg) -> bool;
 }
@@ -757,71 +776,66 @@ extern "C" {
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
-pub struct Hacl_Streaming_Keccak_hash_buf_s {
+pub struct Hacl_Hash_SHA3_hash_buf_s {
     pub fst: Spec_Hash_Definitions_hash_alg,
     pub snd: *mut u64,
 }
-pub type Hacl_Streaming_Keccak_hash_buf = Hacl_Streaming_Keccak_hash_buf_s;
+pub type Hacl_Hash_SHA3_hash_buf = Hacl_Hash_SHA3_hash_buf_s;
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
-pub struct Hacl_Streaming_Keccak_state_s {
-    pub block_state: Hacl_Streaming_Keccak_hash_buf,
+pub struct Hacl_Hash_SHA3_state_t_s {
+    pub block_state: Hacl_Hash_SHA3_hash_buf,
     pub buf: *mut u8,
     pub total_len: u64,
 }
-pub type Hacl_Streaming_Keccak_state = Hacl_Streaming_Keccak_state_s;
+pub type Hacl_Hash_SHA3_state_t = Hacl_Hash_SHA3_state_t_s;
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_get_alg(
-        s: *mut Hacl_Streaming_Keccak_state,
-    ) -> Spec_Hash_Definitions_hash_alg;
+    pub fn Hacl_Hash_SHA3_get_alg(s: *mut Hacl_Hash_SHA3_state_t)
+        -> Spec_Hash_Definitions_hash_alg;
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_malloc(
-        a: Spec_Hash_Definitions_hash_alg,
-    ) -> *mut Hacl_Streaming_Keccak_state;
+    pub fn Hacl_Hash_SHA3_malloc(a: Spec_Hash_Definitions_hash_alg) -> *mut Hacl_Hash_SHA3_state_t;
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_free(s: *mut Hacl_Streaming_Keccak_state);
+    pub fn Hacl_Hash_SHA3_free(state: *mut Hacl_Hash_SHA3_state_t);
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_copy(
-        s0: *mut Hacl_Streaming_Keccak_state,
-    ) -> *mut Hacl_Streaming_Keccak_state;
+    pub fn Hacl_Hash_SHA3_copy(state: *mut Hacl_Hash_SHA3_state_t) -> *mut Hacl_Hash_SHA3_state_t;
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_reset(s: *mut Hacl_Streaming_Keccak_state);
+    pub fn Hacl_Hash_SHA3_reset(state: *mut Hacl_Hash_SHA3_state_t);
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_update(
-        p: *mut Hacl_Streaming_Keccak_state,
-        data: *mut u8,
-        len: u32,
+    pub fn Hacl_Hash_SHA3_update(
+        state: *mut Hacl_Hash_SHA3_state_t,
+        chunk: *mut u8,
+        chunk_len: u32,
     ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_finish(
-        s: *mut Hacl_Streaming_Keccak_state,
-        dst: *mut u8,
+    pub fn Hacl_Hash_SHA3_digest(
+        state: *mut Hacl_Hash_SHA3_state_t,
+        output: *mut u8,
     ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_squeeze(
-        s: *mut Hacl_Streaming_Keccak_state,
+    pub fn Hacl_Hash_SHA3_squeeze(
+        s: *mut Hacl_Hash_SHA3_state_t,
         dst: *mut u8,
         l: u32,
     ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_block_len(s: *mut Hacl_Streaming_Keccak_state) -> u32;
+    pub fn Hacl_Hash_SHA3_block_len(s: *mut Hacl_Hash_SHA3_state_t) -> u32;
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_hash_len(s: *mut Hacl_Streaming_Keccak_state) -> u32;
+    pub fn Hacl_Hash_SHA3_hash_len(s: *mut Hacl_Hash_SHA3_state_t) -> u32;
 }
 extern "C" {
-    pub fn Hacl_Streaming_Keccak_is_shake(s: *mut Hacl_Streaming_Keccak_state) -> bool;
+    pub fn Hacl_Hash_SHA3_is_shake(s: *mut Hacl_Hash_SHA3_state_t) -> bool;
 }
 extern "C" {
-    pub fn Hacl_SHA3_shake128_hacl(
+    pub fn Hacl_Hash_SHA3_shake128_hacl(
         inputByteLen: u32,
         input: *mut u8,
         outputByteLen: u32,
@@ -829,7 +843,7 @@ extern "C" {
     );
 }
 extern "C" {
-    pub fn Hacl_SHA3_shake256_hacl(
+    pub fn Hacl_Hash_SHA3_shake256_hacl(
         inputByteLen: u32,
         input: *mut u8,
         outputByteLen: u32,
@@ -837,135 +851,149 @@ extern "C" {
     );
 }
 extern "C" {
-    pub fn Hacl_SHA3_sha3_224(inputByteLen: u32, input: *mut u8, output: *mut u8);
+    pub fn Hacl_Hash_SHA3_sha3_224(output: *mut u8, input: *mut u8, input_len: u32);
 }
 extern "C" {
-    pub fn Hacl_SHA3_sha3_256(inputByteLen: u32, input: *mut u8, output: *mut u8);
+    pub fn Hacl_Hash_SHA3_sha3_256(output: *mut u8, input: *mut u8, input_len: u32);
 }
 extern "C" {
-    pub fn Hacl_SHA3_sha3_384(inputByteLen: u32, input: *mut u8, output: *mut u8);
+    pub fn Hacl_Hash_SHA3_sha3_384(output: *mut u8, input: *mut u8, input_len: u32);
 }
 extern "C" {
-    pub fn Hacl_SHA3_sha3_512(inputByteLen: u32, input: *mut u8, output: *mut u8);
+    pub fn Hacl_Hash_SHA3_sha3_512(output: *mut u8, input: *mut u8, input_len: u32);
 }
 extern "C" {
-    pub fn Hacl_Blake2s_128_blake2s_init(
-        hash: *mut Lib_IntVector_Intrinsics_vec128,
-        kk: u32,
-        nn: u32,
-    );
+    pub fn Hacl_Hash_SHA3_absorb_inner(rateInBytes: u32, block: *mut u8, s: *mut u64);
 }
 extern "C" {
-    pub fn Hacl_Blake2s_128_blake2s_update_key(
-        wv: *mut Lib_IntVector_Intrinsics_vec128,
-        hash: *mut Lib_IntVector_Intrinsics_vec128,
-        kk: u32,
-        k: *mut u8,
-        ll: u32,
+    pub fn Hacl_Hash_SHA3_squeeze0(
+        s: *mut u64,
+        rateInBytes: u32,
+        outputByteLen: u32,
+        output: *mut u8,
     );
 }
 extern "C" {
-    pub fn Hacl_Blake2s_128_blake2s_update_multi(
-        len: u32,
-        wv: *mut Lib_IntVector_Intrinsics_vec128,
-        hash: *mut Lib_IntVector_Intrinsics_vec128,
-        prev: u64,
-        blocks: *mut u8,
-        nb: u32,
+    pub fn Hacl_Hash_SHA3_keccak(
+        rate: u32,
+        capacity: u32,
+        inputByteLen: u32,
+        input: *mut u8,
+        delimitedSuffix: u8,
+        outputByteLen: u32,
+        output: *mut u8,
     );
 }
+pub type __m128i = [::std::os::raw::c_longlong; 2usize];
+pub type Lib_IntVector_Intrinsics_vec128 = __m128i;
+pub type __m256i = [::std::os::raw::c_longlong; 4usize];
+pub type Lib_IntVector_Intrinsics_vec256 = __m256i;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct Hacl_Hash_Blake2s_Simd128_block_state_t_s {
+    pub fst: *mut Lib_IntVector_Intrinsics_vec128,
+    pub snd: *mut Lib_IntVector_Intrinsics_vec128,
+}
+pub type Hacl_Hash_Blake2s_Simd128_block_state_t = Hacl_Hash_Blake2s_Simd128_block_state_t_s;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct Hacl_Hash_Blake2s_Simd128_state_t_s {
+    pub block_state: Hacl_Hash_Blake2s_Simd128_block_state_t,
+    pub buf: *mut u8,
+    pub total_len: u64,
+}
+pub type Hacl_Hash_Blake2s_Simd128_state_t = Hacl_Hash_Blake2s_Simd128_state_t_s;
 extern "C" {
-    pub fn Hacl_Blake2s_128_blake2s_update_last(
-        len: u32,
-        wv: *mut Lib_IntVector_Intrinsics_vec128,
-        hash: *mut Lib_IntVector_Intrinsics_vec128,
-        prev: u64,
-        rem: u32,
-        d: *mut u8,
-    );
+    #[doc = "State allocation function when there is no key"]
+    pub fn Hacl_Hash_Blake2s_Simd128_malloc() -> *mut Hacl_Hash_Blake2s_Simd128_state_t;
 }
 extern "C" {
-    pub fn Hacl_Blake2s_128_blake2s_finish(
-        nn: u32,
-        output: *mut u8,
-        hash: *mut Lib_IntVector_Intrinsics_vec128,
-    );
+    #[doc = "Re-initialization function when there is no key"]
+    pub fn Hacl_Hash_Blake2s_Simd128_reset(state: *mut Hacl_Hash_Blake2s_Simd128_state_t);
+}
+extern "C" {
+    #[doc = "Update function when there is no key; 0 = success, 1 = max length exceeded"]
+    pub fn Hacl_Hash_Blake2s_Simd128_update(
+        state: *mut Hacl_Hash_Blake2s_Simd128_state_t,
+        chunk: *mut u8,
+        chunk_len: u32,
+    ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
-    pub fn Hacl_Blake2s_128_blake2s(
-        nn: u32,
+    #[doc = "Finish function when there is no key"]
+    pub fn Hacl_Hash_Blake2s_Simd128_digest(
+        state: *mut Hacl_Hash_Blake2s_Simd128_state_t,
         output: *mut u8,
-        ll: u32,
-        d: *mut u8,
-        kk: u32,
-        k: *mut u8,
     );
 }
 extern "C" {
-    pub fn Hacl_Blake2s_128_store_state128s_to_state32(
-        st32: *mut u32,
-        st: *mut Lib_IntVector_Intrinsics_vec128,
-    );
+    #[doc = "Free state function when there is no key"]
+    pub fn Hacl_Hash_Blake2s_Simd128_free(state: *mut Hacl_Hash_Blake2s_Simd128_state_t);
 }
 extern "C" {
-    pub fn Hacl_Blake2s_128_load_state128s_from_state32(
-        st: *mut Lib_IntVector_Intrinsics_vec128,
-        st32: *mut u32,
+    #[doc = "Write the BLAKE2s digest of message `input` using key `key` into `output`.\n\n@param output Pointer to `output_len` bytes of memory where the digest is written to.\n@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.\n@param input Pointer to `input_len` bytes of memory where the input message is read from.\n@param input_len Length of the input message.\n@param key Pointer to `key_len` bytes of memory where the key is read from.\n@param key_len Length of the key. Can be 0."]
+    pub fn Hacl_Hash_Blake2s_Simd128_hash_with_key(
+        output: *mut u8,
+        output_len: u32,
+        input: *mut u8,
+        input_len: u32,
+        key: *mut u8,
+        key_len: u32,
     );
 }
-extern "C" {
-    pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct Hacl_Hash_Blake2b_Simd256_block_state_t_s {
+    pub fst: *mut Lib_IntVector_Intrinsics_vec256,
+    pub snd: *mut Lib_IntVector_Intrinsics_vec256,
+}
+pub type Hacl_Hash_Blake2b_Simd256_block_state_t = Hacl_Hash_Blake2b_Simd256_block_state_t_s;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct Hacl_Hash_Blake2b_Simd256_state_t_s {
+    pub block_state: Hacl_Hash_Blake2b_Simd256_block_state_t,
+    pub buf: *mut u8,
+    pub total_len: u64,
 }
+pub type Hacl_Hash_Blake2b_Simd256_state_t = Hacl_Hash_Blake2b_Simd256_state_t_s;
 extern "C" {
-    pub fn Hacl_Blake2b_256_blake2b_init(
-        hash: *mut Lib_IntVector_Intrinsics_vec256,
-        kk: u32,
-        nn: u32,
-    );
+    #[doc = "State allocation function when there is no key"]
+    pub fn Hacl_Hash_Blake2b_Simd256_malloc() -> *mut Hacl_Hash_Blake2b_Simd256_state_t;
 }
 extern "C" {
-    pub fn Hacl_Blake2b_256_blake2b_update_key(
-        wv: *mut Lib_IntVector_Intrinsics_vec256,
-        hash: *mut Lib_IntVector_Intrinsics_vec256,
-        kk: u32,
-        k: *mut u8,
-        ll: u32,
-    );
+    #[doc = "Re-initialization function when there is no key"]
+    pub fn Hacl_Hash_Blake2b_Simd256_reset(state: *mut Hacl_Hash_Blake2b_Simd256_state_t);
 }
 extern "C" {
-    pub fn Hacl_Blake2b_256_blake2b_finish(
-        nn: u32,
-        output: *mut u8,
-        hash: *mut Lib_IntVector_Intrinsics_vec256,
-    );
+    #[doc = "Update function when there is no key; 0 = success, 1 = max length exceeded"]
+    pub fn Hacl_Hash_Blake2b_Simd256_update(
+        state: *mut Hacl_Hash_Blake2b_Simd256_state_t,
+        chunk: *mut u8,
+        chunk_len: u32,
+    ) -> Hacl_Streaming_Types_error_code;
 }
 extern "C" {
-    #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
-    pub fn Hacl_Blake2b_256_blake2b(
-        nn: u32,
+    #[doc = "Finish function when there is no key"]
+    pub fn Hacl_Hash_Blake2b_Simd256_digest(
+        state: *mut Hacl_Hash_Blake2b_Simd256_state_t,
         output: *mut u8,
-        ll: u32,
-        d: *mut u8,
-        kk: u32,
-        k: *mut u8,
     );
 }
 extern "C" {
-    pub fn Hacl_Blake2b_256_load_state256b_from_state32(
-        st: *mut Lib_IntVector_Intrinsics_vec256,
-        st32: *mut u64,
-    );
+    #[doc = "Free state function when there is no key"]
+    pub fn Hacl_Hash_Blake2b_Simd256_free(state: *mut Hacl_Hash_Blake2b_Simd256_state_t);
 }
 extern "C" {
-    pub fn Hacl_Blake2b_256_store_state256b_to_state32(
-        st32: *mut u64,
-        st: *mut Lib_IntVector_Intrinsics_vec256,
+    #[doc = "Write the BLAKE2b digest of message `input` using key `key` into `output`.\n\n@param output Pointer to `output_len` bytes of memory where the digest is written to.\n@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.\n@param input Pointer to `input_len` bytes of memory where the input message is read from.\n@param input_len Length of the input message.\n@param key Pointer to `key_len` bytes of memory where the key is read from.\n@param key_len Length of the key. Can be 0."]
+    pub fn Hacl_Hash_Blake2b_Simd256_hash_with_key(
+        output: *mut u8,
+        output_len: u32,
+        input: *mut u8,
+        input_len: u32,
+        key: *mut u8,
+        key_len: u32,
     );
 }
-extern "C" {
-    pub fn Hacl_Blake2b_256_blake2b_malloc() -> *mut Lib_IntVector_Intrinsics_vec256;
-}
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
 pub struct EverCrypt_Hash_state_s_s {
@@ -977,54 +1005,54 @@ extern "C" {
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
-pub struct EverCrypt_Hash_Incremental_hash_state_s {
+pub struct EverCrypt_Hash_Incremental_state_t_s {
     pub block_state: *mut EverCrypt_Hash_state_s,
     pub buf: *mut u8,
     pub total_len: u64,
 }
-pub type EverCrypt_Hash_Incremental_hash_state = EverCrypt_Hash_Incremental_hash_state_s;
+pub type EverCrypt_Hash_Incremental_state_t = EverCrypt_Hash_Incremental_state_t_s;
 extern "C" {
     #[doc = "Allocate initial state for the agile hash. The argument `a` stands for the\nchoice of algorithm (see Hacl_Spec.h). This API will automatically pick the most\nefficient implementation, provided you have called EverCrypt_AutoConfig2_init()\nbefore. The state is to be freed by calling `free`."]
-    pub fn EverCrypt_Hash_Incremental_create_in(
+    pub fn EverCrypt_Hash_Incremental_malloc(
         a: Spec_Hash_Definitions_hash_alg,
-    ) -> *mut EverCrypt_Hash_Incremental_hash_state;
+    ) -> *mut EverCrypt_Hash_Incremental_state_t;
 }
 extern "C" {
     #[doc = "Reset an existing state to the initial hash state with empty data."]
-    pub fn EverCrypt_Hash_Incremental_init(s: *mut EverCrypt_Hash_Incremental_hash_state);
+    pub fn EverCrypt_Hash_Incremental_reset(state: *mut EverCrypt_Hash_Incremental_state_t);
 }
 extern "C" {
     #[doc = "Feed an arbitrary amount of data into the hash. This function returns\nEverCrypt_Error_Success for success, or EverCrypt_Error_MaximumLengthExceeded if\nthe combined length of all of the data passed to `update` (since the last call\nto `init`) exceeds 2^61-1 bytes or 2^64-1 bytes, depending on the choice of\nalgorithm. Both limits are unlikely to be attained in practice."]
     pub fn EverCrypt_Hash_Incremental_update(
-        s: *mut EverCrypt_Hash_Incremental_hash_state,
-        data: *mut u8,
-        len: u32,
+        state: *mut EverCrypt_Hash_Incremental_state_t,
+        chunk: *mut u8,
+        chunk_len: u32,
     ) -> EverCrypt_Error_error_code;
 }
 extern "C" {
     #[doc = "Perform a run-time test to determine which algorithm was chosen for the given piece of state."]
     pub fn EverCrypt_Hash_Incremental_alg_of_state(
-        s: *mut EverCrypt_Hash_Incremental_hash_state,
+        s: *mut EverCrypt_Hash_Incremental_state_t,
     ) -> Spec_Hash_Definitions_hash_alg;
 }
 extern "C" {
-    #[doc = "Write the resulting hash into `dst`, an array whose length is\nalgorithm-specific. You can use the macros defined earlier in this file to\nallocate a destination buffer of the right length. The state remains valid after\na call to `finish`, meaning the user may feed more data into the hash via\n`update`. (The finish function operates on an internal copy of the state and\ntherefore does not invalidate the client-held state.)"]
-    pub fn EverCrypt_Hash_Incremental_finish(
-        s: *mut EverCrypt_Hash_Incremental_hash_state,
-        dst: *mut u8,
+    #[doc = "Write the resulting hash into `output`, an array whose length is\nalgorithm-specific. You can use the macros defined earlier in this file to\nallocate a destination buffer of the right length. The state remains valid after\na call to `digest`, meaning the user may feed more data into the hash via\n`update`. (The finish function operates on an internal copy of the state and\ntherefore does not invalidate the client-held state.)"]
+    pub fn EverCrypt_Hash_Incremental_digest(
+        state: *mut EverCrypt_Hash_Incremental_state_t,
+        output: *mut u8,
     );
 }
 extern "C" {
     #[doc = "Free a state previously allocated with `create_in`."]
-    pub fn EverCrypt_Hash_Incremental_free(s: *mut EverCrypt_Hash_Incremental_hash_state);
+    pub fn EverCrypt_Hash_Incremental_free(state: *mut EverCrypt_Hash_Incremental_state_t);
 }
 extern "C" {
-    #[doc = "Hash `input`, of len `len`, into `dst`, an array whose length is determined by\nyour choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined\nearlier in this file to allocate a destination buffer of the right length. This\nAPI will automatically pick the most efficient implementation, provided you have\ncalled EverCrypt_AutoConfig2_init() before."]
+    #[doc = "Hash `input`, of len `input_len`, into `output`, an array whose length is determined by\nyour choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined\nearlier in this file to allocate a destination buffer of the right length. This\nAPI will automatically pick the most efficient implementation, provided you have\ncalled EverCrypt_AutoConfig2_init() before."]
     pub fn EverCrypt_Hash_Incremental_hash(
         a: Spec_Hash_Definitions_hash_alg,
-        dst: *mut u8,
+        output: *mut u8,
         input: *mut u8,
-        len: u32,
+        input_len: u32,
     );
 }
 #[repr(C)]
@@ -1168,7 +1196,7 @@ extern "C" {
 }
 extern "C" {
     #[doc = "Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte.\n`dst` must point to 20 bytes of memory."]
-    pub fn Hacl_HMAC_legacy_compute_sha1(
+    pub fn Hacl_HMAC_compute_sha1(
         dst: *mut u8,
         key: *mut u8,
         key_len: u32,
@@ -1509,7 +1537,7 @@ extern "C" {
     ) -> bool;
 }
 extern "C" {
-    #[doc = "Sign a message `msg` and write the signature to `sgnt`.\n\n@param a Hash algorithm to use. Allowed values for `a` are ...\n Spec_Hash_Definitions_SHA2_256,\n Spec_Hash_Definitions_SHA2_384, and\n Spec_Hash_Definitions_SHA2_512.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param skey Pointer to secret key created by `Hacl_RSAPSS_new_rsapss_load_skey`.\n@param saltLen Length of salt.\n@param salt Pointer to `saltLen` bytes where the salt is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n@param sgnt Pointer to `ceil(modBits / 8)` bytes where the signature is written to.\n\n@return Returns true if and only if signing was successful."]
+    #[doc = "Sign a message `msg` and write the signature to `sgnt`.\n\n@param a Hash algorithm to use. Allowed values for `a` are ...\n- Spec_Hash_Definitions_SHA2_256,\n- Spec_Hash_Definitions_SHA2_384, and\n- Spec_Hash_Definitions_SHA2_512.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param skey Pointer to secret key created by `Hacl_RSAPSS_new_rsapss_load_skey`.\n@param saltLen Length of salt.\n@param salt Pointer to `saltLen` bytes where the salt is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n@param sgnt Pointer to `ceil(modBits / 8)` bytes where the signature is written to.\n\n@return Returns true if and only if signing was successful."]
     pub fn Hacl_RSAPSS_rsapss_sign(
         a: Spec_Hash_Definitions_hash_alg,
         modBits: u32,
@@ -1524,7 +1552,7 @@ extern "C" {
     ) -> bool;
 }
 extern "C" {
-    #[doc = "Verify the signature `sgnt` of a message `msg`.\n\n@param a Hash algorithm to use.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.\n@param saltLen Length of salt.\n@param sgntLen Length of signature.\n@param sgnt Pointer to `sgntLen` bytes where the signature is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n\n@return Returns true if and only if the signature is valid."]
+    #[doc = "Verify the signature `sgnt` of a message `msg`.\n\n@param a Hash algorithm to use. Allowed values for `a` are ...\n- Spec_Hash_Definitions_SHA2_256,\n- Spec_Hash_Definitions_SHA2_384, and\n- Spec_Hash_Definitions_SHA2_512.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.\n@param saltLen Length of salt.\n@param sgntLen Length of signature.\n@param sgnt Pointer to `sgntLen` bytes where the signature is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n\n@return Returns true if and only if the signature is valid."]
     pub fn Hacl_RSAPSS_rsapss_verify(
         a: Spec_Hash_Definitions_hash_alg,
         modBits: u32,
@@ -1538,7 +1566,7 @@ extern "C" {
     ) -> bool;
 }
 extern "C" {
-    #[doc = "Load a public key from key parts.\n\n@param modBits Count of bits in modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n\n@return Returns an allocated public key. Note: caller must take care to `free()` the created key."]
+    #[doc = "Load a public key from key parts.\n\n@param modBits Count of bits in modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.\n\n@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key."]
     pub fn Hacl_RSAPSS_new_rsapss_load_pkey(
         modBits: u32,
         eBits: u32,
@@ -1547,7 +1575,7 @@ extern "C" {
     ) -> *mut u64;
 }
 extern "C" {
-    #[doc = "Load a secret key from key parts.\n\n@param modBits Count of bits in modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.\n\n@return Returns an allocated secret key. Note: caller must take care to `free()` the created key."]
+    #[doc = "Load a secret key from key parts.\n\n@param modBits Count of bits in modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.\n@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.\n\n@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key."]
     pub fn Hacl_RSAPSS_new_rsapss_load_skey(
         modBits: u32,
         eBits: u32,
@@ -1558,7 +1586,7 @@ extern "C" {
     ) -> *mut u64;
 }
 extern "C" {
-    #[doc = "Sign a message `msg` and write the signature to `sgnt`.\n\n@param a Hash algorithm to use.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.\n@param saltLen Length of salt.\n@param salt Pointer to `saltLen` bytes where the salt is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n@param sgnt Pointer to `ceil(modBits / 8)` bytes where the signature is written to.\n\n@return Returns true if and only if signing was successful."]
+    #[doc = "Sign a message `msg` and write the signature to `sgnt`.\n\n@param a Hash algorithm to use. Allowed values for `a` are ...\n- Spec_Hash_Definitions_SHA2_256,\n- Spec_Hash_Definitions_SHA2_384, and\n- Spec_Hash_Definitions_SHA2_512.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.\n@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.\n@param saltLen Length of salt.\n@param salt Pointer to `saltLen` bytes where the salt is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n@param sgnt Pointer to `ceil(modBits / 8)` bytes where the signature is written to.\n\n@return Returns true if and only if signing was successful."]
     pub fn Hacl_RSAPSS_rsapss_skey_sign(
         a: Spec_Hash_Definitions_hash_alg,
         modBits: u32,
@@ -1575,7 +1603,7 @@ extern "C" {
     ) -> bool;
 }
 extern "C" {
-    #[doc = "Verify the signature `sgnt` of a message `msg`.\n\n@param a Hash algorithm to use.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n@param saltLen Length of salt.\n@param sgntLen Length of signature.\n@param sgnt Pointer to `sgntLen` bytes where the signature is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n\n@return Returns true if and only if the signature is valid."]
+    #[doc = "Verify the signature `sgnt` of a message `msg`.\n\n@param a Hash algorithm to use. Allowed values for `a` are ...\n- Spec_Hash_Definitions_SHA2_256,\n- Spec_Hash_Definitions_SHA2_384, and\n- Spec_Hash_Definitions_SHA2_512.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.\n@param saltLen Length of salt.\n@param sgntLen Length of signature.\n@param sgnt Pointer to `sgntLen` bytes where the signature is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n\n@return Returns true if and only if the signature is valid."]
     pub fn Hacl_RSAPSS_rsapss_pkey_verify(
         a: Spec_Hash_Definitions_hash_alg,
         modBits: u32,
diff --git a/rust/hacl-sys/wrapper.h b/rust/hacl-sys/wrapper.h
index 360697a7..ffa94ce2 100644
--- a/rust/hacl-sys/wrapper.h
+++ b/rust/hacl-sys/wrapper.h
@@ -9,7 +9,8 @@
 #include "hacl/Hacl_HKDF.h"
 #include "hacl/Hacl_HMAC.h"
 #include "hacl/Hacl_HMAC_DRBG.h"
-#include "hacl/Hacl_Hash_Blake2.h"
+#include "hacl/Hacl_Hash_Blake2b.h"
+#include "hacl/Hacl_Hash_Blake2s.h"
 #include "hacl/Hacl_Hash_SHA2.h"
 #include "hacl/Hacl_Hash_SHA3.h"
 #include "hacl/Hacl_P256.h"
diff --git a/rust/src/digest.rs b/rust/src/digest.rs
index d89474ec..b7fb06f8 100644
--- a/rust/src/digest.rs
+++ b/rust/src/digest.rs
@@ -277,7 +277,7 @@ const fn does_not_support_streaming(alg: Algorithm) -> bool {
 pub struct Digest {
     mode: Algorithm,
     finished: bool,
-    c_state: *mut EverCrypt_Hash_Incremental_hash_state,
+    c_state: *mut EverCrypt_Hash_Incremental_state_t,
 }
 
 impl Digest {
@@ -292,8 +292,8 @@ impl Digest {
             EverCrypt_AutoConfig2_init();
         }
 
-        let c_state: *mut EverCrypt_Hash_Incremental_hash_state =
-            unsafe { EverCrypt_Hash_Incremental_create_in(alg.into()) };
+        let c_state: *mut EverCrypt_Hash_Incremental_state_t =
+            unsafe { EverCrypt_Hash_Incremental_malloc(alg.into()) };
         Ok(Self {
             mode: alg,
             finished: false,
@@ -324,7 +324,7 @@ impl Digest {
         }
         let mut out = vec![0u8; digest_size(self.mode)];
         unsafe {
-            EverCrypt_Hash_Incremental_finish(self.c_state, out.as_mut_ptr());
+            EverCrypt_Hash_Incremental_digest(self.c_state, out.as_mut_ptr());
         }
         self.finished = true;
         Ok(out)
@@ -353,16 +353,16 @@ macro_rules! define_plain_digest {
 
             match $version {
                 Algorithm::Sha3_224 => unsafe {
-                    Hacl_SHA3_sha3_224(data.len() as u32, data.as_ptr() as _, out.as_mut_ptr())
+                    Hacl_Hash_SHA3_sha3_224(out.as_mut_ptr(), data.as_ptr() as _, data.len() as u32)
                 },
                 Algorithm::Sha3_256 => unsafe {
-                    Hacl_SHA3_sha3_256(data.len() as u32, data.as_ptr() as _, out.as_mut_ptr())
+                    Hacl_Hash_SHA3_sha3_256(out.as_mut_ptr(), data.as_ptr() as _, data.len() as u32)
                 },
                 Algorithm::Sha3_384 => unsafe {
-                    Hacl_SHA3_sha3_384(data.len() as u32, data.as_ptr() as _, out.as_mut_ptr())
+                    Hacl_Hash_SHA3_sha3_384(out.as_mut_ptr(), data.as_ptr() as _, data.len() as u32)
                 },
                 Algorithm::Sha3_512 => unsafe {
-                    Hacl_SHA3_sha3_512(data.len() as u32, data.as_ptr() as _, out.as_mut_ptr())
+                    Hacl_Hash_SHA3_sha3_512(out.as_mut_ptr(), data.as_ptr() as _, data.len() as u32)
                 },
                 _ => unsafe {
                     EverCrypt_Hash_Incremental_hash(
@@ -420,7 +420,7 @@ pub fn hash(alg: Algorithm, data: &[u8]) -> Vec<u8> {
 pub fn shake128<const BYTES: usize>(data: &[u8]) -> [u8; BYTES] {
     let mut out = [0u8; BYTES];
     unsafe {
-        Hacl_SHA3_shake128_hacl(
+        Hacl_Hash_SHA3_shake128_hacl(
             data.len() as u32,
             data.as_ptr() as _,
             BYTES as u32,
@@ -437,7 +437,7 @@ pub fn shake128<const BYTES: usize>(data: &[u8]) -> [u8; BYTES] {
 pub fn shake256<const BYTES: usize>(data: &[u8]) -> [u8; BYTES] {
     let mut out = [0u8; BYTES];
     unsafe {
-        Hacl_SHA3_shake256_hacl(
+        Hacl_Hash_SHA3_shake256_hacl(
             data.len() as u32,
             data.as_ptr() as _,
             BYTES as u32,
diff --git a/rust/src/hazmat/blake2.rs b/rust/src/hazmat/blake2.rs
index bb5908b6..9343d2eb 100644
--- a/rust/src/hazmat/blake2.rs
+++ b/rust/src/hazmat/blake2.rs
@@ -1,4 +1,4 @@
-use hacl_sys::{Hacl_Blake2b_32_blake2b, Hacl_Blake2s_32_blake2s};
+use hacl_sys::{Hacl_Hash_Blake2b_hash_with_key, Hacl_Hash_Blake2s_hash_with_key};
 
 /// BLAKE2b
 ///
@@ -13,13 +13,13 @@ pub fn blake2b<const LEN: usize>(payload: &[u8], key: &[u8]) -> [u8; LEN] {
     let nn = if LEN > 64 { 64u32 } else { LEN as u32 };
     let mut digest = [0u8; LEN];
     unsafe {
-        Hacl_Blake2b_32_blake2b(
-            nn,
+        Hacl_Hash_Blake2b_hash_with_key(
             digest.as_mut_ptr(),
-            payload.len() as u32,
+            nn,
             payload.as_ptr() as _,
-            key.len() as u32,
+            payload.len() as u32,
             key.as_ptr() as _,
+            key.len() as u32,
         )
     }
     digest
@@ -27,7 +27,7 @@ pub fn blake2b<const LEN: usize>(payload: &[u8], key: &[u8]) -> [u8; LEN] {
 
 #[cfg(simd256)]
 pub mod simd256 {
-    use hacl_sys::Hacl_Blake2b_256_blake2b;
+    use hacl_sys::Hacl_Hash_Blake2b_Simd256_hash_with_key;
 
     /// BLAKE2b
     ///
@@ -42,13 +42,13 @@ pub mod simd256 {
         let nn = if LEN > 64 { 64u32 } else { LEN as u32 };
         let mut digest = [0u8; LEN];
         unsafe {
-            Hacl_Blake2b_256_blake2b(
-                nn,
+            Hacl_Hash_Blake2b_Simd256_hash_with_key(
                 digest.as_mut_ptr(),
-                payload.len() as u32,
+                nn,
                 payload.as_ptr() as _,
-                key.len() as u32,
+                payload.len() as u32,
                 key.as_ptr() as _,
+                key.len() as u32,
             )
         }
         digest
@@ -68,13 +68,13 @@ pub fn blake2s<const LEN: usize>(payload: &[u8], key: &[u8]) -> [u8; LEN] {
     let nn = if LEN > 32 { 32u32 } else { LEN as u32 };
     let mut digest = [0u8; LEN];
     unsafe {
-        Hacl_Blake2s_32_blake2s(
-            nn,
+        Hacl_Hash_Blake2s_hash_with_key(
             digest.as_mut_ptr(),
-            payload.len() as u32,
+            nn,
             payload.as_ptr() as _,
-            key.len() as u32,
+            payload.len() as u32,
             key.as_ptr() as _,
+            key.len() as u32,
         )
     }
     digest
@@ -82,7 +82,7 @@ pub fn blake2s<const LEN: usize>(payload: &[u8], key: &[u8]) -> [u8; LEN] {
 
 #[cfg(simd128)]
 pub mod simd128 {
-    use hacl_sys::Hacl_Blake2s_128_blake2s;
+    use hacl_sys::Hacl_Hash_Blake2s_Simd128_hash_with_key;
 
     /// BLAKE2s
     ///
@@ -97,13 +97,13 @@ pub mod simd128 {
         let nn = if LEN > 64 { 64u32 } else { LEN as u32 };
         let mut digest = [0u8; LEN];
         unsafe {
-            Hacl_Blake2s_128_blake2s(
-                nn,
+            Hacl_Hash_Blake2s_Simd128_hash_with_key(
                 digest.as_mut_ptr(),
-                payload.len() as u32,
+                nn,
                 payload.as_ptr() as _,
-                key.len() as u32,
+                payload.len() as u32,
                 key.as_ptr() as _,
+                key.len() as u32,
             )
         }
         digest
diff --git a/rust/src/hazmat/chacha20_poly1305.rs b/rust/src/hazmat/chacha20_poly1305.rs
index 5a3f4128..c955f1d4 100644
--- a/rust/src/hazmat/chacha20_poly1305.rs
+++ b/rust/src/hazmat/chacha20_poly1305.rs
@@ -4,7 +4,7 @@
 //! The caller MUST ensure that the required hardware features are available
 //! before calling the functions.
 
-use hacl_sys::{Hacl_Chacha20Poly1305_32_aead_decrypt, Hacl_Chacha20Poly1305_32_aead_encrypt};
+use hacl_sys::{Hacl_AEAD_Chacha20Poly1305_decrypt, Hacl_AEAD_Chacha20Poly1305_encrypt};
 
 pub type Chacha20Key = [u8; 32];
 pub type Iv = [u8; 12];
@@ -22,15 +22,15 @@ pub enum Error {
 pub fn encrypt(key: &Chacha20Key, msg_ctxt: &mut [u8], iv: Iv, aad: &[u8]) -> Tag {
     let mut tag = Tag::default();
     unsafe {
-        Hacl_Chacha20Poly1305_32_aead_encrypt(
-            key.as_ptr() as _,
-            iv.as_ptr() as _,
-            aad.len() as u32,
-            aad.as_ptr() as _,
-            msg_ctxt.len() as u32,
-            msg_ctxt.as_ptr() as _,
+        Hacl_AEAD_Chacha20Poly1305_encrypt(
             msg_ctxt.as_mut_ptr(),
             tag.as_mut_ptr(),
+            msg_ctxt.as_ptr() as _,
+            msg_ctxt.len() as u32,
+            aad.as_ptr() as _,
+            aad.len() as u32,
+            key.as_ptr() as _,
+            iv.as_ptr() as _,
         );
     }
     tag
@@ -48,14 +48,14 @@ pub fn decrypt(
     tag: &Tag,
 ) -> Result<(), Error> {
     if unsafe {
-        Hacl_Chacha20Poly1305_32_aead_decrypt(
+        Hacl_AEAD_Chacha20Poly1305_decrypt(
+            ctxt_msg.as_mut_ptr(),
+            ctxt_msg.as_ptr() as _,
+            ctxt_msg.len() as u32,
+            aad.as_ptr() as _,
+            aad.len() as u32,
             key.as_ptr() as _,
             iv.as_ptr() as _,
-            aad.len() as u32,
-            aad.as_ptr() as _,
-            ctxt_msg.len() as u32,
-            ctxt_msg.as_ptr() as _,
-            ctxt_msg.as_mut_ptr(),
             tag.as_ptr() as _,
         ) == 0
     } {
@@ -69,7 +69,7 @@ pub fn decrypt(
 pub mod simd128 {
     use super::*;
     use hacl_sys::{
-        Hacl_Chacha20Poly1305_128_aead_decrypt, Hacl_Chacha20Poly1305_128_aead_encrypt,
+        Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt, Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt,
     };
 
     /// 128-bit SIMD encrypt.
@@ -82,15 +82,15 @@ pub mod simd128 {
     pub fn encrypt(key: &Chacha20Key, msg_ctxt: &mut [u8], iv: Iv, aad: &[u8]) -> Tag {
         let mut tag = Tag::default();
         unsafe {
-            Hacl_Chacha20Poly1305_128_aead_encrypt(
-                key.as_ptr() as _,
-                iv.as_ptr() as _,
-                aad.len() as u32,
-                aad.as_ptr() as _,
-                msg_ctxt.len() as u32,
-                msg_ctxt.as_ptr() as _,
+            Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(
                 msg_ctxt.as_mut_ptr(),
                 tag.as_mut_ptr(),
+                msg_ctxt.as_ptr() as _,
+                msg_ctxt.len() as u32,
+                aad.as_ptr() as _,
+                aad.len() as u32,
+                key.as_ptr() as _,
+                iv.as_ptr() as _,
             );
         }
         tag
@@ -111,14 +111,14 @@ pub mod simd128 {
         tag: &Tag,
     ) -> Result<(), Error> {
         if unsafe {
-            Hacl_Chacha20Poly1305_128_aead_decrypt(
+            Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(
+                ctxt_msg.as_mut_ptr(),
+                ctxt_msg.as_ptr() as _,
+                ctxt_msg.len() as u32,
+                aad.as_ptr() as _,
+                aad.len() as u32,
                 key.as_ptr() as _,
                 iv.as_ptr() as _,
-                aad.len() as u32,
-                aad.as_ptr() as _,
-                ctxt_msg.len() as u32,
-                ctxt_msg.as_ptr() as _,
-                ctxt_msg.as_mut_ptr(),
                 tag.as_ptr() as _,
             ) == 0
         } {
@@ -133,7 +133,7 @@ pub mod simd128 {
 pub mod simd256 {
     use super::*;
     use hacl_sys::{
-        Hacl_Chacha20Poly1305_256_aead_decrypt, Hacl_Chacha20Poly1305_256_aead_encrypt,
+        Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt, Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt,
     };
 
     /// 256-bit SIMD encrypt.
@@ -144,15 +144,15 @@ pub mod simd256 {
     pub fn encrypt(key: &Chacha20Key, msg_ctxt: &mut [u8], iv: Iv, aad: &[u8]) -> Tag {
         let mut tag = Tag::default();
         unsafe {
-            Hacl_Chacha20Poly1305_256_aead_encrypt(
-                key.as_ptr() as _,
-                iv.as_ptr() as _,
-                aad.len() as u32,
-                aad.as_ptr() as _,
-                msg_ctxt.len() as u32,
-                msg_ctxt.as_ptr() as _,
+            Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(
                 msg_ctxt.as_mut_ptr(),
                 tag.as_mut_ptr(),
+                msg_ctxt.as_ptr() as _,
+                msg_ctxt.len() as u32,
+                aad.as_ptr() as _,
+                aad.len() as u32,
+                key.as_ptr() as _,
+                iv.as_ptr() as _,
             );
         }
         tag
@@ -171,14 +171,14 @@ pub mod simd256 {
         tag: &Tag,
     ) -> Result<(), Error> {
         if unsafe {
-            Hacl_Chacha20Poly1305_256_aead_decrypt(
+            Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(
+                ctxt_msg.as_mut_ptr(),
+                ctxt_msg.as_ptr() as _,
+                ctxt_msg.len() as u32,
+                aad.as_ptr() as _,
+                aad.len() as u32,
                 key.as_ptr() as _,
                 iv.as_ptr() as _,
-                aad.len() as u32,
-                aad.as_ptr() as _,
-                ctxt_msg.len() as u32,
-                ctxt_msg.as_ptr() as _,
-                ctxt_msg.as_mut_ptr(),
                 tag.as_ptr() as _,
             ) == 0
         } {
diff --git a/rust/src/hazmat/hmac.rs b/rust/src/hazmat/hmac.rs
index 311231d5..70993afe 100644
--- a/rust/src/hazmat/hmac.rs
+++ b/rust/src/hazmat/hmac.rs
@@ -1,6 +1,6 @@
 use hacl_sys::{
     Hacl_HMAC_compute_sha2_256, Hacl_HMAC_compute_sha2_384, Hacl_HMAC_compute_sha2_512,
-    Hacl_HMAC_legacy_compute_sha1,
+    Hacl_HMAC_compute_sha1,
 };
 
 macro_rules! impl_hmac {
@@ -24,7 +24,7 @@ macro_rules! impl_hmac {
     };
 }
 
-impl_hmac!(sha1, Hacl_HMAC_legacy_compute_sha1, 20);
+impl_hmac!(sha1, Hacl_HMAC_compute_sha1, 20);
 impl_hmac!(sha2_256, Hacl_HMAC_compute_sha2_256, 32);
 impl_hmac!(sha2_384, Hacl_HMAC_compute_sha2_384, 48);
 impl_hmac!(sha2_512, Hacl_HMAC_compute_sha2_512, 64);
diff --git a/rust/src/hazmat/sha2.rs b/rust/src/hazmat/sha2.rs
index d21efa69..0ae997df 100644
--- a/rust/src/hazmat/sha2.rs
+++ b/rust/src/hazmat/sha2.rs
@@ -1,6 +1,6 @@
 use hacl_sys::{
-    Hacl_Streaming_SHA2_hash_224, Hacl_Streaming_SHA2_hash_256, Hacl_Streaming_SHA2_hash_384,
-    Hacl_Streaming_SHA2_hash_512,
+    Hacl_Hash_SHA2_hash_224, Hacl_Hash_SHA2_hash_256, Hacl_Hash_SHA2_hash_384,
+    Hacl_Hash_SHA2_hash_512,
 };
 
 /// SHA2 224
@@ -9,10 +9,10 @@ use hacl_sys::{
 pub fn sha224(payload: &[u8]) -> [u8; 28] {
     let mut digest = [0u8; 28];
     unsafe {
-        Hacl_Streaming_SHA2_hash_224(
+        Hacl_Hash_SHA2_hash_224(
+            digest.as_mut_ptr(),
             payload.as_ptr() as _,
             payload.len().try_into().unwrap(),
-            digest.as_mut_ptr(),
         );
     }
     digest
@@ -24,10 +24,10 @@ pub fn sha224(payload: &[u8]) -> [u8; 28] {
 pub fn sha256(payload: &[u8]) -> [u8; 32] {
     let mut digest = [0u8; 32];
     unsafe {
-        Hacl_Streaming_SHA2_hash_256(
+        Hacl_Hash_SHA2_hash_256(
+            digest.as_mut_ptr(),
             payload.as_ptr() as _,
             payload.len().try_into().unwrap(),
-            digest.as_mut_ptr(),
         );
     }
     digest
@@ -39,10 +39,10 @@ pub fn sha256(payload: &[u8]) -> [u8; 32] {
 pub fn sha384(payload: &[u8]) -> [u8; 48] {
     let mut digest = [0u8; 48];
     unsafe {
-        Hacl_Streaming_SHA2_hash_384(
+        Hacl_Hash_SHA2_hash_384(
+            digest.as_mut_ptr(),
             payload.as_ptr() as _,
             payload.len().try_into().unwrap(),
-            digest.as_mut_ptr(),
         );
     }
     digest
@@ -54,10 +54,10 @@ pub fn sha384(payload: &[u8]) -> [u8; 48] {
 pub fn sha512(payload: &[u8]) -> [u8; 64] {
     let mut digest = [0u8; 64];
     unsafe {
-        Hacl_Streaming_SHA2_hash_512(
+        Hacl_Hash_SHA2_hash_512(
+            digest.as_mut_ptr(),
             payload.as_ptr() as _,
             payload.len().try_into().unwrap(),
-            digest.as_mut_ptr(),
         );
     }
     digest
@@ -65,20 +65,18 @@ pub fn sha512(payload: &[u8]) -> [u8; 64] {
 
 pub mod streaming {
     use hacl_sys::{
-        Hacl_Streaming_SHA2_create_in_224, Hacl_Streaming_SHA2_create_in_256,
-        Hacl_Streaming_SHA2_create_in_384, Hacl_Streaming_SHA2_create_in_512,
-        Hacl_Streaming_SHA2_finish_224, Hacl_Streaming_SHA2_finish_256,
-        Hacl_Streaming_SHA2_finish_384, Hacl_Streaming_SHA2_finish_512,
-        Hacl_Streaming_SHA2_free_224, Hacl_Streaming_SHA2_free_256, Hacl_Streaming_SHA2_free_384,
-        Hacl_Streaming_SHA2_free_512, Hacl_Streaming_SHA2_init_224, Hacl_Streaming_SHA2_init_256,
-        Hacl_Streaming_SHA2_init_384, Hacl_Streaming_SHA2_init_512,
-        Hacl_Streaming_SHA2_state_sha2_224, Hacl_Streaming_SHA2_state_sha2_384,
-        Hacl_Streaming_SHA2_update_224, Hacl_Streaming_SHA2_update_256,
-        Hacl_Streaming_SHA2_update_384, Hacl_Streaming_SHA2_update_512,
+        Hacl_Hash_SHA2_digest_224, Hacl_Hash_SHA2_digest_256, Hacl_Hash_SHA2_digest_384,
+        Hacl_Hash_SHA2_digest_512, Hacl_Hash_SHA2_free_224, Hacl_Hash_SHA2_free_256,
+        Hacl_Hash_SHA2_free_384, Hacl_Hash_SHA2_free_512, Hacl_Hash_SHA2_malloc_224,
+        Hacl_Hash_SHA2_malloc_256, Hacl_Hash_SHA2_malloc_384, Hacl_Hash_SHA2_malloc_512,
+        Hacl_Hash_SHA2_reset_224, Hacl_Hash_SHA2_reset_256, Hacl_Hash_SHA2_reset_384,
+        Hacl_Hash_SHA2_reset_512, Hacl_Hash_SHA2_state_t_224, Hacl_Hash_SHA2_state_t_384,
+        Hacl_Hash_SHA2_update_224, Hacl_Hash_SHA2_update_256, Hacl_Hash_SHA2_update_384,
+        Hacl_Hash_SHA2_update_512,
     };
 
     macro_rules! impl_streaming {
-        ($name:ident, $digest_size:literal, $state:ty, $create:expr, $init:expr, $update:expr, $finish:expr, $free:expr) => {
+        ($name:ident, $digest_size:literal, $state:ty, $malloc:expr, $reset:expr, $update:expr, $digest:expr, $free:expr) => {
             pub struct $name {
                 state: *mut $state,
             }
@@ -87,9 +85,9 @@ pub mod streaming {
                 /// Initialize a new digest state.
                 pub fn new() -> $name {
                     let state = $name {
-                        state: unsafe { $create() },
+                        state: unsafe { $malloc() },
                     };
-                    unsafe { $init(state.state) };
+                    unsafe { $reset(state.state) };
                     state
                 }
 
@@ -111,7 +109,7 @@ pub mod streaming {
                     // But this way we force the borrow checker to do the right thing.
                     let mut digest = [0u8; $digest_size];
                     unsafe {
-                        $finish(self.state, digest.as_mut_ptr());
+                        $digest(self.state, digest.as_mut_ptr());
                     }
                     digest
                 }
@@ -128,44 +126,44 @@ pub mod streaming {
     impl_streaming!(
         Sha224,
         28,
-        Hacl_Streaming_SHA2_state_sha2_224,
-        Hacl_Streaming_SHA2_create_in_224,
-        Hacl_Streaming_SHA2_init_224,
-        Hacl_Streaming_SHA2_update_224,
-        Hacl_Streaming_SHA2_finish_224,
-        Hacl_Streaming_SHA2_free_224
+        Hacl_Hash_SHA2_state_t_224,
+        Hacl_Hash_SHA2_malloc_224,
+        Hacl_Hash_SHA2_reset_224,
+        Hacl_Hash_SHA2_update_224,
+        Hacl_Hash_SHA2_digest_224,
+        Hacl_Hash_SHA2_free_224
     );
 
     impl_streaming!(
         Sha256,
         32,
-        Hacl_Streaming_SHA2_state_sha2_224,
-        Hacl_Streaming_SHA2_create_in_256,
-        Hacl_Streaming_SHA2_init_256,
-        Hacl_Streaming_SHA2_update_256,
-        Hacl_Streaming_SHA2_finish_256,
-        Hacl_Streaming_SHA2_free_256
+        Hacl_Hash_SHA2_state_t_224,
+        Hacl_Hash_SHA2_malloc_256,
+        Hacl_Hash_SHA2_reset_256,
+        Hacl_Hash_SHA2_update_256,
+        Hacl_Hash_SHA2_digest_256,
+        Hacl_Hash_SHA2_free_256
     );
 
     impl_streaming!(
         Sha384,
         48,
-        Hacl_Streaming_SHA2_state_sha2_384,
-        Hacl_Streaming_SHA2_create_in_384,
-        Hacl_Streaming_SHA2_init_384,
-        Hacl_Streaming_SHA2_update_384,
-        Hacl_Streaming_SHA2_finish_384,
-        Hacl_Streaming_SHA2_free_384
+        Hacl_Hash_SHA2_state_t_384,
+        Hacl_Hash_SHA2_malloc_384,
+        Hacl_Hash_SHA2_reset_384,
+        Hacl_Hash_SHA2_update_384,
+        Hacl_Hash_SHA2_digest_384,
+        Hacl_Hash_SHA2_free_384
     );
 
     impl_streaming!(
         Sha512,
         64,
-        Hacl_Streaming_SHA2_state_sha2_384,
-        Hacl_Streaming_SHA2_create_in_512,
-        Hacl_Streaming_SHA2_init_512,
-        Hacl_Streaming_SHA2_update_512,
-        Hacl_Streaming_SHA2_finish_512,
-        Hacl_Streaming_SHA2_free_512
+        Hacl_Hash_SHA2_state_t_384,
+        Hacl_Hash_SHA2_malloc_512,
+        Hacl_Hash_SHA2_reset_512,
+        Hacl_Hash_SHA2_update_512,
+        Hacl_Hash_SHA2_digest_512,
+        Hacl_Hash_SHA2_free_512
     );
 }
diff --git a/rust/src/hazmat/sha3.rs b/rust/src/hazmat/sha3.rs
index 95abe082..c8ecc913 100644
--- a/rust/src/hazmat/sha3.rs
+++ b/rust/src/hazmat/sha3.rs
@@ -1,16 +1,16 @@
 use hacl_sys::{
-    Hacl_SHA3_sha3_224, Hacl_SHA3_sha3_256, Hacl_SHA3_sha3_384, Hacl_SHA3_sha3_512,
-    Hacl_SHA3_shake128_hacl, Hacl_SHA3_shake256_hacl,
+    Hacl_Hash_SHA3_sha3_224, Hacl_Hash_SHA3_sha3_256, Hacl_Hash_SHA3_sha3_384, Hacl_Hash_SHA3_sha3_512,
+    Hacl_Hash_SHA3_shake128_hacl, Hacl_Hash_SHA3_shake256_hacl,
 };
 
 /// SHA3 224
 pub fn sha224(payload: &[u8]) -> [u8; 28] {
     let mut digest = [0u8; 28];
     unsafe {
-        Hacl_SHA3_sha3_224(
-            payload.len().try_into().unwrap(),
-            payload.as_ptr() as _,
+        Hacl_Hash_SHA3_sha3_224(
             digest.as_mut_ptr(),
+            payload.as_ptr() as _,
+            payload.len().try_into().unwrap(),
         );
     }
     digest
@@ -20,10 +20,10 @@ pub fn sha224(payload: &[u8]) -> [u8; 28] {
 pub fn sha256(payload: &[u8]) -> [u8; 32] {
     let mut digest = [0u8; 32];
     unsafe {
-        Hacl_SHA3_sha3_256(
-            payload.len().try_into().unwrap(),
-            payload.as_ptr() as _,
+        Hacl_Hash_SHA3_sha3_256(
             digest.as_mut_ptr(),
+            payload.as_ptr() as _,
+            payload.len().try_into().unwrap(),
         );
     }
     digest
@@ -33,10 +33,10 @@ pub fn sha256(payload: &[u8]) -> [u8; 32] {
 pub fn sha384(payload: &[u8]) -> [u8; 48] {
     let mut digest = [0u8; 48];
     unsafe {
-        Hacl_SHA3_sha3_384(
-            payload.len().try_into().unwrap(),
-            payload.as_ptr() as _,
+        Hacl_Hash_SHA3_sha3_384(
             digest.as_mut_ptr(),
+            payload.as_ptr() as _,
+            payload.len().try_into().unwrap(),
         );
     }
     digest
@@ -46,10 +46,10 @@ pub fn sha384(payload: &[u8]) -> [u8; 48] {
 pub fn sha512(payload: &[u8]) -> [u8; 64] {
     let mut digest = [0u8; 64];
     unsafe {
-        Hacl_SHA3_sha3_512(
-            payload.len().try_into().unwrap(),
-            payload.as_ptr() as _,
+        Hacl_Hash_SHA3_sha3_512(
             digest.as_mut_ptr(),
+            payload.as_ptr() as _,
+            payload.len().try_into().unwrap(),
         );
     }
     digest
@@ -59,7 +59,7 @@ pub fn sha512(payload: &[u8]) -> [u8; 64] {
 pub fn shake128<const BYTES: usize>(data: &[u8]) -> [u8; BYTES] {
     let mut out = [0u8; BYTES];
     unsafe {
-        Hacl_SHA3_shake128_hacl(
+        Hacl_Hash_SHA3_shake128_hacl(
             data.len() as u32,
             data.as_ptr() as _,
             BYTES as u32,
@@ -76,7 +76,7 @@ pub fn shake128<const BYTES: usize>(data: &[u8]) -> [u8; BYTES] {
 pub fn shake256<const BYTES: usize>(data: &[u8]) -> [u8; BYTES] {
     let mut out = [0u8; BYTES];
     unsafe {
-        Hacl_SHA3_shake256_hacl(
+        Hacl_Hash_SHA3_shake256_hacl(
             data.len() as u32,
             data.as_ptr() as _,
             BYTES as u32,
diff --git a/src/EverCrypt_AEAD.c b/src/EverCrypt_AEAD.c
index d3a4ffbe..b0fb4826 100644
--- a/src/EverCrypt_AEAD.c
+++ b/src/EverCrypt_AEAD.c
@@ -46,8 +46,8 @@ The state may be reused as many times as desired.
 */
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee)
 {
-  KRML_HOST_IGNORE(a);
-  KRML_HOST_IGNORE(projectee);
+  KRML_MAYBE_UNUSED_VAR(a);
+  KRML_MAYBE_UNUSED_VAR(projectee);
   return true;
 }
 
@@ -86,11 +86,11 @@ Spec_Agile_AEAD_alg EverCrypt_AEAD_alg_of_state(EverCrypt_AEAD_state_s *s)
 static EverCrypt_Error_error_code
 create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
-  uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
+  uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
   EverCrypt_AEAD_state_s
   *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
   p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek });
-  memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(ek, k, 32U * sizeof (uint8_t));
   dst[0U] = p;
   return EverCrypt_Error_Success;
 }
@@ -98,8 +98,8 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
-  KRML_HOST_IGNORE(dst);
-  KRML_HOST_IGNORE(k);
+  KRML_MAYBE_UNUSED_VAR(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
   #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
@@ -108,11 +108,11 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
-    uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t));
+    uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC(480U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
-    uint8_t *hkeys_b = ek + (uint32_t)176U;
-    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b));
-    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b, hkeys_b));
+    uint8_t *hkeys_b = ek + 176U;
+    aes128_key_expansion(k, keys_b);
+    aes128_keyhash_init(keys_b, hkeys_b);
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek });
@@ -128,8 +128,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
-  KRML_HOST_IGNORE(dst);
-  KRML_HOST_IGNORE(k);
+  KRML_MAYBE_UNUSED_VAR(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
   #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
@@ -138,11 +138,11 @@ create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
-    uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t));
+    uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC(544U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
-    uint8_t *hkeys_b = ek + (uint32_t)240U;
-    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b));
-    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b, hkeys_b));
+    uint8_t *hkeys_b = ek + 240U;
+    aes256_key_expansion(k, keys_b);
+    aes256_keyhash_init(keys_b, hkeys_b);
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek });
@@ -208,115 +208,106 @@ encrypt_aes128_gcm(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(s);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(s);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
-  uint8_t *scratch_b = ek + (uint32_t)304U;
+  uint8_t *scratch_b = ek + 304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+  uint8_t *hkeys_b = ek1 + 176U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *plain_b_ = plain;
   uint8_t *out_b_ = cipher;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    plain + plain_len_,
-    (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+  memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+  if (len128x6 / 16ULL >= 18ULL)
   {
-    uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = plain_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-        (uint64_t)ad_len,
-        auth_num,
-        keys_b,
-        tmp_iv,
-        hkeys_b,
-        abytes_b,
-        in128x6_b,
-        out128x6_b,
-        len128x6_,
-        in128_b,
-        out128_b,
-        len128_num_,
-        inout_b,
-        (uint64_t)plain_len,
-        scratch_b1,
-        tag));
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    gcm128_encrypt_opt(auth_b_,
+      (uint64_t)ad_len,
+      auth_num,
+      keys_b,
+      tmp_iv,
+      hkeys_b,
+      abytes_b,
+      in128x6_b,
+      out128x6_b,
+      len128x6_,
+      in128_b,
+      out128_b,
+      len128_num_,
+      inout_b,
+      (uint64_t)plain_len,
+      scratch_b1,
+      tag);
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = plain_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = plain_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
-    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-        (uint64_t)ad_len,
-        auth_num,
-        keys_b,
-        tmp_iv,
-        hkeys_b,
-        abytes_b,
-        in128x6_b,
-        out128x6_b,
-        len128x6_,
-        in128_b,
-        out128_b,
-        len128_num_,
-        inout_b,
-        (uint64_t)plain_len,
-        scratch_b1,
-        tag));
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
+    gcm128_encrypt_opt(auth_b_,
+      (uint64_t)ad_len,
+      auth_num,
+      keys_b,
+      tmp_iv,
+      hkeys_b,
+      abytes_b,
+      in128x6_b,
+      out128x6_b,
+      len128x6_,
+      in128_b,
+      out128_b,
+      len128_num_,
+      inout_b,
+      (uint64_t)plain_len,
+      scratch_b1,
+      tag);
   }
-  memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
   return EverCrypt_Error_Success;
   #else
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n",
@@ -340,115 +331,106 @@ encrypt_aes256_gcm(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(s);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(s);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
-  uint8_t *scratch_b = ek + (uint32_t)368U;
+  uint8_t *scratch_b = ek + 368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+  uint8_t *hkeys_b = ek1 + 240U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *plain_b_ = plain;
   uint8_t *out_b_ = cipher;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    plain + plain_len_,
-    (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+  memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+  if (len128x6 / 16ULL >= 18ULL)
   {
-    uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = plain_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-        (uint64_t)ad_len,
-        auth_num,
-        keys_b,
-        tmp_iv,
-        hkeys_b,
-        abytes_b,
-        in128x6_b,
-        out128x6_b,
-        len128x6_,
-        in128_b,
-        out128_b,
-        len128_num_,
-        inout_b,
-        (uint64_t)plain_len,
-        scratch_b1,
-        tag));
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    gcm256_encrypt_opt(auth_b_,
+      (uint64_t)ad_len,
+      auth_num,
+      keys_b,
+      tmp_iv,
+      hkeys_b,
+      abytes_b,
+      in128x6_b,
+      out128x6_b,
+      len128x6_,
+      in128_b,
+      out128_b,
+      len128_num_,
+      inout_b,
+      (uint64_t)plain_len,
+      scratch_b1,
+      tag);
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = plain_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = plain_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
-    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-        (uint64_t)ad_len,
-        auth_num,
-        keys_b,
-        tmp_iv,
-        hkeys_b,
-        abytes_b,
-        in128x6_b,
-        out128x6_b,
-        len128x6_,
-        in128_b,
-        out128_b,
-        len128_num_,
-        inout_b,
-        (uint64_t)plain_len,
-        scratch_b1,
-        tag));
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
+    gcm256_encrypt_opt(auth_b_,
+      (uint64_t)ad_len,
+      auth_num,
+      keys_b,
+      tmp_iv,
+      hkeys_b,
+      abytes_b,
+      in128x6_b,
+      out128x6_b,
+      len128x6_,
+      in128_b,
+      out128_b,
+      len128_num_,
+      inout_b,
+      (uint64_t)plain_len,
+      scratch_b1,
+      tag);
   }
-  memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
   return EverCrypt_Error_Success;
   #else
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n",
@@ -510,7 +492,7 @@ EverCrypt_AEAD_encrypt(
       }
     case Spec_Cipher_Expansion_Hacl_CHACHA20:
       {
-        if (iv_len != (uint32_t)12U)
+        if (iv_len != 12U)
         {
           return EverCrypt_Error_InvalidIVLength;
         }
@@ -546,124 +528,115 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
-  uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
-  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
+  uint8_t *hkeys_b0 = ek + 176U;
+  aes128_key_expansion(k, keys_b0);
+  aes128_keyhash_init(keys_b0, hkeys_b0);
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
   {
     KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
-  else if (iv_len == (uint32_t)0U)
+  else if (iv_len == 0U)
   {
     KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
     uint8_t *ek0 = (*s).ek;
-    uint8_t *scratch_b = ek0 + (uint32_t)304U;
+    uint8_t *scratch_b = ek0 + 304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
-    uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+    uint8_t *hkeys_b = ek1 + 176U;
     uint8_t tmp_iv[16U] = { 0U };
-    uint32_t len = iv_len / (uint32_t)16U;
-    uint32_t bytes_len = len * (uint32_t)16U;
+    uint32_t len = iv_len / 16U;
+    uint32_t bytes_len = len * 16U;
     uint8_t *iv_b = iv;
-    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-        (uint64_t)iv_len,
-        (uint64_t)len,
-        tmp_iv,
-        tmp_iv,
-        hkeys_b));
+    memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+    compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
     uint8_t *inout_b = scratch_b;
-    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-    uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *abytes_b = scratch_b + 16U;
+    uint8_t *scratch_b1 = scratch_b + 32U;
+    uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
     uint8_t *plain_b_ = plain;
     uint8_t *out_b_ = cipher;
     uint8_t *auth_b_ = ad;
-    memcpy(inout_b,
-      plain + plain_len_,
-      (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    memcpy(abytes_b,
-      ad + auth_len_,
-      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-    if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+    memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+    memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+    if (len128x6 / 16ULL >= 18ULL)
     {
-      uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
       uint8_t *in128x6_b = plain_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
       uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-          (uint64_t)ad_len,
-          auth_num,
-          keys_b,
-          tmp_iv,
-          hkeys_b,
-          abytes_b,
-          in128x6_b,
-          out128x6_b,
-          len128x6_,
-          in128_b,
-          out128_b,
-          len128_num_,
-          inout_b,
-          (uint64_t)plain_len,
-          scratch_b1,
-          tag));
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128x6_ = len128x6 / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      gcm128_encrypt_opt(auth_b_,
+        (uint64_t)ad_len,
+        auth_num,
+        keys_b,
+        tmp_iv,
+        hkeys_b,
+        abytes_b,
+        in128x6_b,
+        out128x6_b,
+        len128x6_,
+        in128_b,
+        out128_b,
+        len128_num_,
+        inout_b,
+        (uint64_t)plain_len,
+        scratch_b1,
+        tag);
     }
     else
     {
-      uint32_t len128x61 = (uint32_t)0U;
-      uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+      uint32_t len128x61 = 0U;
+      uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
       uint8_t *in128x6_b = plain_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = plain_b_ + len128x61;
       uint8_t *out128_b = out_b_ + len128x61;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t len128x6_ = (uint64_t)0U;
-      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-          (uint64_t)ad_len,
-          auth_num,
-          keys_b,
-          tmp_iv,
-          hkeys_b,
-          abytes_b,
-          in128x6_b,
-          out128x6_b,
-          len128x6_,
-          in128_b,
-          out128_b,
-          len128_num_,
-          inout_b,
-          (uint64_t)plain_len,
-          scratch_b1,
-          tag));
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      uint64_t len128x6_ = 0ULL;
+      gcm128_encrypt_opt(auth_b_,
+        (uint64_t)ad_len,
+        auth_num,
+        keys_b,
+        tmp_iv,
+        hkeys_b,
+        abytes_b,
+        in128x6_b,
+        out128x6_b,
+        len128x6_,
+        in128_b,
+        out128_b,
+        len128_num_,
+        inout_b,
+        (uint64_t)plain_len,
+        scratch_b1,
+        tag);
     }
-    memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+    memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
       inout_b,
-      (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+      (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
     KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
@@ -697,124 +670,115 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
-  uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
-  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
+  uint8_t *hkeys_b0 = ek + 240U;
+  aes256_key_expansion(k, keys_b0);
+  aes256_keyhash_init(keys_b0, hkeys_b0);
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
   {
     KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
-  else if (iv_len == (uint32_t)0U)
+  else if (iv_len == 0U)
   {
     KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
     uint8_t *ek0 = (*s).ek;
-    uint8_t *scratch_b = ek0 + (uint32_t)368U;
+    uint8_t *scratch_b = ek0 + 368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
-    uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+    uint8_t *hkeys_b = ek1 + 240U;
     uint8_t tmp_iv[16U] = { 0U };
-    uint32_t len = iv_len / (uint32_t)16U;
-    uint32_t bytes_len = len * (uint32_t)16U;
+    uint32_t len = iv_len / 16U;
+    uint32_t bytes_len = len * 16U;
     uint8_t *iv_b = iv;
-    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-        (uint64_t)iv_len,
-        (uint64_t)len,
-        tmp_iv,
-        tmp_iv,
-        hkeys_b));
+    memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+    compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
     uint8_t *inout_b = scratch_b;
-    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-    uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *abytes_b = scratch_b + 16U;
+    uint8_t *scratch_b1 = scratch_b + 32U;
+    uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
     uint8_t *plain_b_ = plain;
     uint8_t *out_b_ = cipher;
     uint8_t *auth_b_ = ad;
-    memcpy(inout_b,
-      plain + plain_len_,
-      (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    memcpy(abytes_b,
-      ad + auth_len_,
-      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-    if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+    memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+    memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+    if (len128x6 / 16ULL >= 18ULL)
     {
-      uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
       uint8_t *in128x6_b = plain_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
       uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-          (uint64_t)ad_len,
-          auth_num,
-          keys_b,
-          tmp_iv,
-          hkeys_b,
-          abytes_b,
-          in128x6_b,
-          out128x6_b,
-          len128x6_,
-          in128_b,
-          out128_b,
-          len128_num_,
-          inout_b,
-          (uint64_t)plain_len,
-          scratch_b1,
-          tag));
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128x6_ = len128x6 / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      gcm256_encrypt_opt(auth_b_,
+        (uint64_t)ad_len,
+        auth_num,
+        keys_b,
+        tmp_iv,
+        hkeys_b,
+        abytes_b,
+        in128x6_b,
+        out128x6_b,
+        len128x6_,
+        in128_b,
+        out128_b,
+        len128_num_,
+        inout_b,
+        (uint64_t)plain_len,
+        scratch_b1,
+        tag);
     }
     else
     {
-      uint32_t len128x61 = (uint32_t)0U;
-      uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+      uint32_t len128x61 = 0U;
+      uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
       uint8_t *in128x6_b = plain_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = plain_b_ + len128x61;
       uint8_t *out128_b = out_b_ + len128x61;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t len128x6_ = (uint64_t)0U;
-      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-          (uint64_t)ad_len,
-          auth_num,
-          keys_b,
-          tmp_iv,
-          hkeys_b,
-          abytes_b,
-          in128x6_b,
-          out128x6_b,
-          len128x6_,
-          in128_b,
-          out128_b,
-          len128_num_,
-          inout_b,
-          (uint64_t)plain_len,
-          scratch_b1,
-          tag));
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      uint64_t len128x6_ = 0ULL;
+      gcm256_encrypt_opt(auth_b_,
+        (uint64_t)ad_len,
+        auth_num,
+        keys_b,
+        tmp_iv,
+        hkeys_b,
+        abytes_b,
+        in128x6_b,
+        out128x6_b,
+        len128x6_,
+        in128_b,
+        out128_b,
+        len128_num_,
+        inout_b,
+        (uint64_t)plain_len,
+        scratch_b1,
+        tag);
     }
-    memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+    memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
       inout_b,
-      (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+      (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
     KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
@@ -840,15 +804,15 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -859,112 +823,103 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   {
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
-    uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
-    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
+    uint8_t *hkeys_b0 = ek + 176U;
+    aes128_key_expansion(k, keys_b0);
+    aes128_keyhash_init(keys_b0, hkeys_b0);
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
-    else if (iv_len == (uint32_t)0U)
+    else if (iv_len == 0U)
     {
       KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
       uint8_t *ek0 = (*s).ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)304U;
+      uint8_t *scratch_b = ek0 + 304U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+      uint8_t *hkeys_b = ek1 + 176U;
       uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
+      uint32_t len = iv_len / 16U;
+      uint32_t bytes_len = len * 16U;
       uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-          (uint64_t)iv_len,
-          (uint64_t)len,
-          tmp_iv,
-          tmp_iv,
-          hkeys_b));
+      memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+      compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
       uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+      uint8_t *abytes_b = scratch_b + 16U;
+      uint8_t *scratch_b1 = scratch_b + 32U;
+      uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
       uint8_t *plain_b_ = plain;
       uint8_t *out_b_ = cipher;
       uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        plain + plain_len_,
-        (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+      memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+      memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+      uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+      if (len128x6 / 16ULL >= 18ULL)
       {
-        uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+        uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
         uint8_t *in128x6_b = plain_b_;
         uint8_t *out128x6_b = out_b_;
         uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
         uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)plain_len,
-            scratch_b1,
-            tag));
+        uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+        uint64_t len128x6_ = len128x6 / 16ULL;
+        uint64_t len128_num_ = len128_num / 16ULL;
+        gcm128_encrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)plain_len,
+          scratch_b1,
+          tag);
       }
       else
       {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+        uint32_t len128x61 = 0U;
+        uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
         uint8_t *in128x6_b = plain_b_;
         uint8_t *out128x6_b = out_b_;
         uint8_t *in128_b = plain_b_ + len128x61;
         uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)plain_len,
-            scratch_b1,
-            tag));
+        uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+        uint64_t len128_num_ = len128_num / 16ULL;
+        uint64_t len128x6_ = 0ULL;
+        gcm128_encrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)plain_len,
+          scratch_b1,
+          tag);
       }
-      memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+      memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
         inout_b,
-        (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+        (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
       KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
@@ -988,15 +943,15 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -1007,112 +962,103 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   {
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
-    uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
-    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
+    uint8_t *hkeys_b0 = ek + 240U;
+    aes256_key_expansion(k, keys_b0);
+    aes256_keyhash_init(keys_b0, hkeys_b0);
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
-    else if (iv_len == (uint32_t)0U)
+    else if (iv_len == 0U)
     {
       KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
       uint8_t *ek0 = (*s).ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)368U;
+      uint8_t *scratch_b = ek0 + 368U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+      uint8_t *hkeys_b = ek1 + 240U;
       uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
+      uint32_t len = iv_len / 16U;
+      uint32_t bytes_len = len * 16U;
       uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-          (uint64_t)iv_len,
-          (uint64_t)len,
-          tmp_iv,
-          tmp_iv,
-          hkeys_b));
+      memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+      compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
       uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+      uint8_t *abytes_b = scratch_b + 16U;
+      uint8_t *scratch_b1 = scratch_b + 32U;
+      uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
       uint8_t *plain_b_ = plain;
       uint8_t *out_b_ = cipher;
       uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        plain + plain_len_,
-        (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+      memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+      memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+      uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+      if (len128x6 / 16ULL >= 18ULL)
       {
-        uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+        uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
         uint8_t *in128x6_b = plain_b_;
         uint8_t *out128x6_b = out_b_;
         uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
         uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)plain_len,
-            scratch_b1,
-            tag));
+        uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+        uint64_t len128x6_ = len128x6 / 16ULL;
+        uint64_t len128_num_ = len128_num / 16ULL;
+        gcm256_encrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)plain_len,
+          scratch_b1,
+          tag);
       }
       else
       {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+        uint32_t len128x61 = 0U;
+        uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
         uint8_t *in128x6_b = plain_b_;
         uint8_t *out128x6_b = out_b_;
         uint8_t *in128_b = plain_b_ + len128x61;
         uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)plain_len,
-            scratch_b1,
-            tag));
+        uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+        uint64_t len128_num_ = len128_num / 16ULL;
+        uint64_t len128x6_ = 0ULL;
+        gcm256_encrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)plain_len,
+          scratch_b1,
+          tag);
       }
-      memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+      memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
         inout_b,
-        (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+        (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
       KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
@@ -1136,10 +1082,10 @@ EverCrypt_AEAD_encrypt_expand_chacha20_poly1305(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(iv_len);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
   uint8_t ek[32U] = { 0U };
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek };
-  memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(ek, k, 32U * sizeof (uint8_t));
   EverCrypt_AEAD_state_s *s = &p;
   uint8_t *ek0 = (*s).ek;
   EverCrypt_Chacha20Poly1305_aead_encrypt(ek0, iv, ad_len, ad, plain_len, plain, cipher, tag);
@@ -1222,66 +1168,57 @@ decrypt_aes128_gcm(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(s);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(s);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
-  uint8_t *scratch_b = ek + (uint32_t)304U;
+  uint8_t *scratch_b = ek + 304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+  uint8_t *hkeys_b = ek1 + 176U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *cipher_b_ = cipher;
   uint8_t *out_b_ = dst;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    cipher + cipher_len_,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+  memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
   uint64_t c;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+  if (len128x6 / 16ULL >= 6ULL)
   {
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
     uint64_t
     c0 =
       gcm128_decrypt_opt(auth_b_,
@@ -1305,15 +1242,15 @@ decrypt_aes128_gcm(
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
     uint64_t
     c0 =
       gcm128_decrypt_opt(auth_b_,
@@ -1335,11 +1272,11 @@ decrypt_aes128_gcm(
         tag);
     c = c0;
   }
-  memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
   uint64_t r = c;
-  if (r == (uint64_t)0U)
+  if (r == 0ULL)
   {
     return EverCrypt_Error_Success;
   }
@@ -1366,66 +1303,57 @@ decrypt_aes256_gcm(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(s);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(s);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
-  uint8_t *scratch_b = ek + (uint32_t)368U;
+  uint8_t *scratch_b = ek + 368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+  uint8_t *hkeys_b = ek1 + 240U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *cipher_b_ = cipher;
   uint8_t *out_b_ = dst;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    cipher + cipher_len_,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+  memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
   uint64_t c;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+  if (len128x6 / 16ULL >= 6ULL)
   {
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
     uint64_t
     c0 =
       gcm256_decrypt_opt(auth_b_,
@@ -1449,15 +1377,15 @@ decrypt_aes256_gcm(
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
     uint64_t
     c0 =
       gcm256_decrypt_opt(auth_b_,
@@ -1479,11 +1407,11 @@ decrypt_aes256_gcm(
         tag);
     c = c0;
   }
-  memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
   uint64_t r = c;
-  if (r == (uint64_t)0U)
+  if (r == 0ULL)
   {
     return EverCrypt_Error_Success;
   }
@@ -1514,14 +1442,14 @@ decrypt_chacha20_poly1305(
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len != (uint32_t)12U)
+  if (iv_len != 12U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
   uint32_t
   r = EverCrypt_Chacha20Poly1305_aead_decrypt(ek, iv, ad_len, ad, cipher_len, dst, cipher, tag);
-  if (r == (uint32_t)0U)
+  if (r == 0U)
   {
     return EverCrypt_Error_Success;
   }
@@ -1620,73 +1548,64 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
-  uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
-  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
+  uint8_t *hkeys_b0 = ek + 176U;
+  aes128_key_expansion(k, keys_b0);
+  aes128_keyhash_init(keys_b0, hkeys_b0);
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek0 = (*s).ek;
-  uint8_t *scratch_b = ek0 + (uint32_t)304U;
+  uint8_t *scratch_b = ek0 + 304U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+  uint8_t *hkeys_b = ek1 + 176U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *cipher_b_ = cipher;
   uint8_t *out_b_ = dst;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    cipher + cipher_len_,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+  memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
   uint64_t c;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+  if (len128x6 / 16ULL >= 6ULL)
   {
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
     uint64_t
     c0 =
       gcm128_decrypt_opt(auth_b_,
@@ -1710,15 +1629,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
     uint64_t
     c0 =
       gcm128_decrypt_opt(auth_b_,
@@ -1740,11 +1659,11 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         tag);
     c = c0;
   }
-  memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
   uint64_t r = c;
-  if (r == (uint64_t)0U)
+  if (r == 0ULL)
   {
     return EverCrypt_Error_Success;
   }
@@ -1779,73 +1698,64 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
-  uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
-  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
+  uint8_t *hkeys_b0 = ek + 240U;
+  aes256_key_expansion(k, keys_b0);
+  aes256_keyhash_init(keys_b0, hkeys_b0);
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek0 = (*s).ek;
-  uint8_t *scratch_b = ek0 + (uint32_t)368U;
+  uint8_t *scratch_b = ek0 + 368U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+  uint8_t *hkeys_b = ek1 + 240U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *cipher_b_ = cipher;
   uint8_t *out_b_ = dst;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    cipher + cipher_len_,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+  memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
   uint64_t c;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+  if (len128x6 / 16ULL >= 6ULL)
   {
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
     uint64_t
     c0 =
       gcm256_decrypt_opt(auth_b_,
@@ -1869,15 +1779,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
     uint64_t
     c0 =
       gcm256_decrypt_opt(auth_b_,
@@ -1899,11 +1809,11 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         tag);
     c = c0;
   }
-  memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
   uint64_t r = c;
-  if (r == (uint64_t)0U)
+  if (r == 0ULL)
   {
     return EverCrypt_Error_Success;
   }
@@ -1930,15 +1840,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -1949,61 +1859,52 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   {
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
-    uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
-    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
+    uint8_t *hkeys_b0 = ek + 176U;
+    aes128_key_expansion(k, keys_b0);
+    aes128_keyhash_init(keys_b0, hkeys_b0);
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       return EverCrypt_Error_InvalidKey;
     }
-    if (iv_len == (uint32_t)0U)
+    if (iv_len == 0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
     uint8_t *ek0 = (*s).ek;
-    uint8_t *scratch_b = ek0 + (uint32_t)304U;
+    uint8_t *scratch_b = ek0 + 304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
-    uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+    uint8_t *hkeys_b = ek1 + 176U;
     uint8_t tmp_iv[16U] = { 0U };
-    uint32_t len = iv_len / (uint32_t)16U;
-    uint32_t bytes_len = len * (uint32_t)16U;
+    uint32_t len = iv_len / 16U;
+    uint32_t bytes_len = len * 16U;
     uint8_t *iv_b = iv;
-    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-        (uint64_t)iv_len,
-        (uint64_t)len,
-        tmp_iv,
-        tmp_iv,
-        hkeys_b));
+    memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+    compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
     uint8_t *inout_b = scratch_b;
-    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *abytes_b = scratch_b + 16U;
+    uint8_t *scratch_b1 = scratch_b + 32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
     uint8_t *cipher_b_ = cipher;
     uint8_t *out_b_ = dst;
     uint8_t *auth_b_ = ad;
-    memcpy(inout_b,
-      cipher + cipher_len_,
-      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-    memcpy(abytes_b,
-      ad + auth_len_,
-      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+    memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
     uint64_t c;
-    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    if (len128x6 / 16ULL >= 6ULL)
     {
-      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
       uint8_t *in128x6_b = cipher_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
       uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128x6_ = len128x6 / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
       uint64_t
       c0 =
         gcm128_decrypt_opt(auth_b_,
@@ -2027,15 +1928,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     }
     else
     {
-      uint32_t len128x61 = (uint32_t)0U;
-      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint32_t len128x61 = 0U;
+      uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
       uint8_t *in128x6_b = cipher_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = cipher_b_ + len128x61;
       uint8_t *out128_b = out_b_ + len128x61;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t len128x6_ = (uint64_t)0U;
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      uint64_t len128x6_ = 0ULL;
       uint64_t
       c0 =
         gcm128_decrypt_opt(auth_b_,
@@ -2057,11 +1958,11 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
           tag);
       c = c0;
     }
-    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
       inout_b,
-      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+      (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
     uint64_t r = c;
-    if (r == (uint64_t)0U)
+    if (r == 0ULL)
     {
       return EverCrypt_Error_Success;
     }
@@ -2086,15 +1987,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -2105,61 +2006,52 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   {
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
-    uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
-    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
+    uint8_t *hkeys_b0 = ek + 240U;
+    aes256_key_expansion(k, keys_b0);
+    aes256_keyhash_init(keys_b0, hkeys_b0);
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       return EverCrypt_Error_InvalidKey;
     }
-    if (iv_len == (uint32_t)0U)
+    if (iv_len == 0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
     uint8_t *ek0 = (*s).ek;
-    uint8_t *scratch_b = ek0 + (uint32_t)368U;
+    uint8_t *scratch_b = ek0 + 368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
-    uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+    uint8_t *hkeys_b = ek1 + 240U;
     uint8_t tmp_iv[16U] = { 0U };
-    uint32_t len = iv_len / (uint32_t)16U;
-    uint32_t bytes_len = len * (uint32_t)16U;
+    uint32_t len = iv_len / 16U;
+    uint32_t bytes_len = len * 16U;
     uint8_t *iv_b = iv;
-    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-        (uint64_t)iv_len,
-        (uint64_t)len,
-        tmp_iv,
-        tmp_iv,
-        hkeys_b));
+    memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+    compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
     uint8_t *inout_b = scratch_b;
-    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *abytes_b = scratch_b + 16U;
+    uint8_t *scratch_b1 = scratch_b + 32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
     uint8_t *cipher_b_ = cipher;
     uint8_t *out_b_ = dst;
     uint8_t *auth_b_ = ad;
-    memcpy(inout_b,
-      cipher + cipher_len_,
-      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-    memcpy(abytes_b,
-      ad + auth_len_,
-      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+    memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
     uint64_t c;
-    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    if (len128x6 / 16ULL >= 6ULL)
     {
-      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
       uint8_t *in128x6_b = cipher_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
       uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128x6_ = len128x6 / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
       uint64_t
       c0 =
         gcm256_decrypt_opt(auth_b_,
@@ -2183,15 +2075,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     }
     else
     {
-      uint32_t len128x61 = (uint32_t)0U;
-      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint32_t len128x61 = 0U;
+      uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
       uint8_t *in128x6_b = cipher_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = cipher_b_ + len128x61;
       uint8_t *out128_b = out_b_ + len128x61;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t len128x6_ = (uint64_t)0U;
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      uint64_t len128x6_ = 0ULL;
       uint64_t
       c0 =
         gcm256_decrypt_opt(auth_b_,
@@ -2213,11 +2105,11 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
           tag);
       c = c0;
     }
-    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
       inout_b,
-      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+      (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
     uint64_t r = c;
-    if (r == (uint64_t)0U)
+    if (r == 0ULL)
     {
       return EverCrypt_Error_Success;
     }
@@ -2244,7 +2136,7 @@ EverCrypt_AEAD_decrypt_expand_chacha20_poly1305(
 {
   uint8_t ek[32U] = { 0U };
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek };
-  memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(ek, k, 32U * sizeof (uint8_t));
   EverCrypt_AEAD_state_s *s = &p;
   EverCrypt_Error_error_code
   r = decrypt_chacha20_poly1305(s, iv, iv_len, ad, ad_len, cipher, cipher_len, tag, dst);
diff --git a/src/EverCrypt_AutoConfig2.c b/src/EverCrypt_AutoConfig2.c
index b549d020..5a92d995 100644
--- a/src/EverCrypt_AutoConfig2.c
+++ b/src/EverCrypt_AutoConfig2.c
@@ -113,59 +113,59 @@ void EverCrypt_AutoConfig2_recall(void)
 void EverCrypt_AutoConfig2_init(void)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (check_aesni() != (uint64_t)0U)
+  if (check_aesni() != 0ULL)
   {
     cpu_has_aesni[0U] = true;
     cpu_has_pclmulqdq[0U] = true;
   }
-  if (check_sha() != (uint64_t)0U)
+  if (check_sha() != 0ULL)
   {
     cpu_has_shaext[0U] = true;
   }
-  if (check_adx_bmi2() != (uint64_t)0U)
+  if (check_adx_bmi2() != 0ULL)
   {
     cpu_has_bmi2[0U] = true;
     cpu_has_adx[0U] = true;
   }
-  if (check_avx() != (uint64_t)0U)
+  if (check_avx() != 0ULL)
   {
-    if (check_osxsave() != (uint64_t)0U)
+    if (check_osxsave() != 0ULL)
     {
-      if (check_avx_xcr0() != (uint64_t)0U)
+      if (check_avx_xcr0() != 0ULL)
       {
         cpu_has_avx[0U] = true;
       }
     }
   }
-  if (check_avx2() != (uint64_t)0U)
+  if (check_avx2() != 0ULL)
   {
-    if (check_osxsave() != (uint64_t)0U)
+    if (check_osxsave() != 0ULL)
     {
-      if (check_avx_xcr0() != (uint64_t)0U)
+      if (check_avx_xcr0() != 0ULL)
       {
         cpu_has_avx2[0U] = true;
       }
     }
   }
-  if (check_sse() != (uint64_t)0U)
+  if (check_sse() != 0ULL)
   {
     cpu_has_sse[0U] = true;
   }
-  if (check_movbe() != (uint64_t)0U)
+  if (check_movbe() != 0ULL)
   {
     cpu_has_movbe[0U] = true;
   }
-  if (check_rdrand() != (uint64_t)0U)
+  if (check_rdrand() != 0ULL)
   {
     cpu_has_rdrand[0U] = true;
   }
-  if (check_avx512() != (uint64_t)0U)
+  if (check_avx512() != 0ULL)
   {
-    if (check_osxsave() != (uint64_t)0U)
+    if (check_osxsave() != 0ULL)
     {
-      if (check_avx_xcr0() != (uint64_t)0U)
+      if (check_avx_xcr0() != 0ULL)
       {
-        if (check_avx512_xcr0() != (uint64_t)0U)
+        if (check_avx512_xcr0() != 0ULL)
         {
           cpu_has_avx512[0U] = true;
           return;
diff --git a/src/EverCrypt_Chacha20Poly1305.c b/src/EverCrypt_Chacha20Poly1305.c
index 9a110bbf..e762f031 100644
--- a/src/EverCrypt_Chacha20Poly1305.c
+++ b/src/EverCrypt_Chacha20Poly1305.c
@@ -44,22 +44,22 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
-    KRML_HOST_IGNORE(vec128);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+    KRML_MAYBE_UNUSED_VAR(vec128);
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher, tag, m, mlen, aad, aadlen, k, n);
     return;
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
-    KRML_HOST_IGNORE(vec256);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+    KRML_MAYBE_UNUSED_VAR(vec256);
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher, tag, m, mlen, aad, aadlen, k, n);
     return;
   }
   #endif
-  KRML_HOST_IGNORE(vec128);
-  KRML_HOST_IGNORE(vec256);
-  Hacl_Chacha20Poly1305_32_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+  KRML_MAYBE_UNUSED_VAR(vec128);
+  KRML_MAYBE_UNUSED_VAR(vec256);
+  Hacl_AEAD_Chacha20Poly1305_encrypt(cipher, tag, m, mlen, aad, aadlen, k, n);
 }
 
 uint32_t
@@ -79,19 +79,19 @@ EverCrypt_Chacha20Poly1305_aead_decrypt(
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
-    KRML_HOST_IGNORE(vec128);
-    return Hacl_Chacha20Poly1305_256_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+    KRML_MAYBE_UNUSED_VAR(vec128);
+    return Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(m, cipher, mlen, aad, aadlen, k, n, tag);
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
-    KRML_HOST_IGNORE(vec256);
-    return Hacl_Chacha20Poly1305_128_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+    KRML_MAYBE_UNUSED_VAR(vec256);
+    return Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(m, cipher, mlen, aad, aadlen, k, n, tag);
   }
   #endif
-  KRML_HOST_IGNORE(vec128);
-  KRML_HOST_IGNORE(vec256);
-  return Hacl_Chacha20Poly1305_32_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+  KRML_MAYBE_UNUSED_VAR(vec128);
+  KRML_MAYBE_UNUSED_VAR(vec256);
+  return Hacl_AEAD_Chacha20Poly1305_decrypt(m, cipher, mlen, aad, aadlen, k, n, tag);
 }
 
diff --git a/src/EverCrypt_DRBG.c b/src/EverCrypt_DRBG.c
index 13e517e5..301fe528 100644
--- a/src/EverCrypt_DRBG.c
+++ b/src/EverCrypt_DRBG.c
@@ -28,15 +28,15 @@
 #include "internal/EverCrypt_HMAC.h"
 #include "lib_memzero0.h"
 
-uint32_t EverCrypt_DRBG_reseed_interval = (uint32_t)1024U;
+uint32_t EverCrypt_DRBG_reseed_interval = 1024U;
 
-uint32_t EverCrypt_DRBG_max_output_length = (uint32_t)65536U;
+uint32_t EverCrypt_DRBG_max_output_length = 65536U;
 
-uint32_t EverCrypt_DRBG_max_length = (uint32_t)65536U;
+uint32_t EverCrypt_DRBG_max_length = 65536U;
 
-uint32_t EverCrypt_DRBG_max_personalization_string_length = (uint32_t)65536U;
+uint32_t EverCrypt_DRBG_max_personalization_string_length = 65536U;
 
-uint32_t EverCrypt_DRBG_max_additional_input_length = (uint32_t)65536U;
+uint32_t EverCrypt_DRBG_max_additional_input_length = 65536U;
 
 uint32_t EverCrypt_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
 {
@@ -44,19 +44,19 @@ uint32_t EverCrypt_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)16U;
+        return 16U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     default:
       {
@@ -92,7 +92,7 @@ EverCrypt_DRBG_uu___is_SHA1_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   if (projectee.tag == SHA1_s)
   {
     return true;
@@ -106,7 +106,7 @@ EverCrypt_DRBG_uu___is_SHA2_256_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   if (projectee.tag == SHA2_256_s)
   {
     return true;
@@ -120,7 +120,7 @@ EverCrypt_DRBG_uu___is_SHA2_384_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   if (projectee.tag == SHA2_384_s)
   {
     return true;
@@ -134,7 +134,7 @@ EverCrypt_DRBG_uu___is_SHA2_512_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   if (projectee.tag == SHA2_512_s)
   {
     return true;
@@ -149,10 +149,10 @@ EverCrypt_DRBG_state_s *EverCrypt_DRBG_create_in(Spec_Hash_Definitions_hash_alg
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC((uint32_t)20U, sizeof (uint8_t));
-        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC((uint32_t)20U, sizeof (uint8_t));
+        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC(20U, sizeof (uint8_t));
+        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC(20U, sizeof (uint8_t));
         uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         st =
           (
             (EverCrypt_DRBG_state_s){
@@ -164,10 +164,10 @@ EverCrypt_DRBG_state_s *EverCrypt_DRBG_create_in(Spec_Hash_Definitions_hash_alg
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
+        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
         uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         st =
           (
             (EverCrypt_DRBG_state_s){
@@ -179,10 +179,10 @@ EverCrypt_DRBG_state_s *EverCrypt_DRBG_create_in(Spec_Hash_Definitions_hash_alg
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC((uint32_t)48U, sizeof (uint8_t));
-        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC((uint32_t)48U, sizeof (uint8_t));
+        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC(48U, sizeof (uint8_t));
+        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC(48U, sizeof (uint8_t));
         uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         st =
           (
             (EverCrypt_DRBG_state_s){
@@ -194,10 +194,10 @@ EverCrypt_DRBG_state_s *EverCrypt_DRBG_create_in(Spec_Hash_Definitions_hash_alg
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
+        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
         uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         st =
           (
             (EverCrypt_DRBG_state_s){
@@ -247,7 +247,7 @@ instantiate_sha1(
     return false;
   }
   uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
-  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1) / (uint32_t)2U;
+  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1) / 2U;
   uint32_t min_entropy = entropy_input_len + nonce_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), min_entropy);
   uint8_t entropy[min_entropy];
@@ -282,45 +282,43 @@ instantiate_sha1(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  memset(k, 0U, (uint32_t)20U * sizeof (uint8_t));
-  memset(v, (uint8_t)1U, (uint32_t)20U * sizeof (uint8_t));
-  ctr[0U] = (uint32_t)1U;
-  uint32_t
-  input_len = (uint32_t)21U + entropy_input_len + nonce_len + personalization_string_len;
+  memset(k, 0U, 20U * sizeof (uint8_t));
+  memset(v, 1U, 20U * sizeof (uint8_t));
+  ctr[0U] = 1U;
+  uint32_t input_len = 21U + entropy_input_len + nonce_len + personalization_string_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  memcpy(k_, v, 20U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    memcpy(input0 + (uint32_t)21U,
+    memcpy(input0 + 21U,
       seed_material,
       (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
   }
-  input0[20U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  input0[20U] = 0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+  memcpy(k, k_, 20U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    uint32_t
-    input_len0 = (uint32_t)21U + entropy_input_len + nonce_len + personalization_string_len;
+    uint32_t input_len0 = 21U + entropy_input_len + nonce_len + personalization_string_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-    if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+    memcpy(k_0, v, 20U * sizeof (uint8_t));
+    if (entropy_input_len + nonce_len + personalization_string_len != 0U)
     {
-      memcpy(input + (uint32_t)21U,
+      memcpy(input + 21U,
         seed_material,
         (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
     }
-    input[20U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+    input[20U] = 1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+    memcpy(k, k_0, 20U * sizeof (uint8_t));
   }
   return true;
 }
@@ -337,7 +335,7 @@ instantiate_sha2_256(
     return false;
   }
   uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
-  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256) / (uint32_t)2U;
+  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256) / 2U;
   uint32_t min_entropy = entropy_input_len + nonce_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), min_entropy);
   uint8_t entropy[min_entropy];
@@ -372,45 +370,43 @@ instantiate_sha2_256(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  memset(k, 0U, (uint32_t)32U * sizeof (uint8_t));
-  memset(v, (uint8_t)1U, (uint32_t)32U * sizeof (uint8_t));
-  ctr[0U] = (uint32_t)1U;
-  uint32_t
-  input_len = (uint32_t)33U + entropy_input_len + nonce_len + personalization_string_len;
+  memset(k, 0U, 32U * sizeof (uint8_t));
+  memset(v, 1U, 32U * sizeof (uint8_t));
+  ctr[0U] = 1U;
+  uint32_t input_len = 33U + entropy_input_len + nonce_len + personalization_string_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  memcpy(k_, v, 32U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    memcpy(input0 + (uint32_t)33U,
+    memcpy(input0 + 33U,
       seed_material,
       (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
   }
-  input0[32U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  input0[32U] = 0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+  memcpy(k, k_, 32U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    uint32_t
-    input_len0 = (uint32_t)33U + entropy_input_len + nonce_len + personalization_string_len;
+    uint32_t input_len0 = 33U + entropy_input_len + nonce_len + personalization_string_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-    if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+    memcpy(k_0, v, 32U * sizeof (uint8_t));
+    if (entropy_input_len + nonce_len + personalization_string_len != 0U)
     {
-      memcpy(input + (uint32_t)33U,
+      memcpy(input + 33U,
         seed_material,
         (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
     }
-    input[32U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+    input[32U] = 1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+    memcpy(k, k_0, 32U * sizeof (uint8_t));
   }
   return true;
 }
@@ -427,7 +423,7 @@ instantiate_sha2_384(
     return false;
   }
   uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
-  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384) / (uint32_t)2U;
+  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384) / 2U;
   uint32_t min_entropy = entropy_input_len + nonce_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), min_entropy);
   uint8_t entropy[min_entropy];
@@ -462,45 +458,43 @@ instantiate_sha2_384(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  memset(k, 0U, (uint32_t)48U * sizeof (uint8_t));
-  memset(v, (uint8_t)1U, (uint32_t)48U * sizeof (uint8_t));
-  ctr[0U] = (uint32_t)1U;
-  uint32_t
-  input_len = (uint32_t)49U + entropy_input_len + nonce_len + personalization_string_len;
+  memset(k, 0U, 48U * sizeof (uint8_t));
+  memset(v, 1U, 48U * sizeof (uint8_t));
+  ctr[0U] = 1U;
+  uint32_t input_len = 49U + entropy_input_len + nonce_len + personalization_string_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  memcpy(k_, v, 48U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    memcpy(input0 + (uint32_t)49U,
+    memcpy(input0 + 49U,
       seed_material,
       (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
   }
-  input0[48U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  input0[48U] = 0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+  memcpy(k, k_, 48U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    uint32_t
-    input_len0 = (uint32_t)49U + entropy_input_len + nonce_len + personalization_string_len;
+    uint32_t input_len0 = 49U + entropy_input_len + nonce_len + personalization_string_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-    if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+    memcpy(k_0, v, 48U * sizeof (uint8_t));
+    if (entropy_input_len + nonce_len + personalization_string_len != 0U)
     {
-      memcpy(input + (uint32_t)49U,
+      memcpy(input + 49U,
         seed_material,
         (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
     }
-    input[48U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+    input[48U] = 1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+    memcpy(k, k_0, 48U * sizeof (uint8_t));
   }
   return true;
 }
@@ -517,7 +511,7 @@ instantiate_sha2_512(
     return false;
   }
   uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
-  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512) / (uint32_t)2U;
+  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512) / 2U;
   uint32_t min_entropy = entropy_input_len + nonce_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), min_entropy);
   uint8_t entropy[min_entropy];
@@ -552,45 +546,43 @@ instantiate_sha2_512(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  memset(k, 0U, (uint32_t)64U * sizeof (uint8_t));
-  memset(v, (uint8_t)1U, (uint32_t)64U * sizeof (uint8_t));
-  ctr[0U] = (uint32_t)1U;
-  uint32_t
-  input_len = (uint32_t)65U + entropy_input_len + nonce_len + personalization_string_len;
+  memset(k, 0U, 64U * sizeof (uint8_t));
+  memset(v, 1U, 64U * sizeof (uint8_t));
+  ctr[0U] = 1U;
+  uint32_t input_len = 65U + entropy_input_len + nonce_len + personalization_string_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  memcpy(k_, v, 64U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    memcpy(input0 + (uint32_t)65U,
+    memcpy(input0 + 65U,
       seed_material,
       (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
   }
-  input0[64U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  input0[64U] = 0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+  memcpy(k, k_, 64U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    uint32_t
-    input_len0 = (uint32_t)65U + entropy_input_len + nonce_len + personalization_string_len;
+    uint32_t input_len0 = 65U + entropy_input_len + nonce_len + personalization_string_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-    if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+    memcpy(k_0, v, 64U * sizeof (uint8_t));
+    if (entropy_input_len + nonce_len + personalization_string_len != 0U)
     {
-      memcpy(input + (uint32_t)65U,
+      memcpy(input + 65U,
         seed_material,
         (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
     }
-    input[64U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+    input[64U] = 1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+    memcpy(k, k_0, 64U * sizeof (uint8_t));
   }
   return true;
 }
@@ -635,42 +627,42 @@ reseed_sha1(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
+  uint32_t input_len = 21U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 20U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)21U,
+    memcpy(input0 + 21U,
       seed_material,
       (entropy_input_len + additional_input_len) * sizeof (uint8_t));
   }
-  input0[20U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  input0[20U] = 0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+  memcpy(k, k_, 20U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_len;
+    uint32_t input_len0 = 21U + entropy_input_len + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-    if (entropy_input_len + additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 20U * sizeof (uint8_t));
+    if (entropy_input_len + additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)21U,
+      memcpy(input + 21U,
         seed_material,
         (entropy_input_len + additional_input_len) * sizeof (uint8_t));
     }
-    input[20U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+    input[20U] = 1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+    memcpy(k, k_0, 20U * sizeof (uint8_t));
   }
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return true;
 }
 
@@ -714,42 +706,42 @@ reseed_sha2_256(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
+  uint32_t input_len = 33U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 32U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)33U,
+    memcpy(input0 + 33U,
       seed_material,
       (entropy_input_len + additional_input_len) * sizeof (uint8_t));
   }
-  input0[32U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  input0[32U] = 0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+  memcpy(k, k_, 32U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_len;
+    uint32_t input_len0 = 33U + entropy_input_len + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-    if (entropy_input_len + additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 32U * sizeof (uint8_t));
+    if (entropy_input_len + additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)33U,
+      memcpy(input + 33U,
         seed_material,
         (entropy_input_len + additional_input_len) * sizeof (uint8_t));
     }
-    input[32U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+    input[32U] = 1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+    memcpy(k, k_0, 32U * sizeof (uint8_t));
   }
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return true;
 }
 
@@ -793,42 +785,42 @@ reseed_sha2_384(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
+  uint32_t input_len = 49U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 48U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)49U,
+    memcpy(input0 + 49U,
       seed_material,
       (entropy_input_len + additional_input_len) * sizeof (uint8_t));
   }
-  input0[48U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  input0[48U] = 0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+  memcpy(k, k_, 48U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_len;
+    uint32_t input_len0 = 49U + entropy_input_len + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-    if (entropy_input_len + additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 48U * sizeof (uint8_t));
+    if (entropy_input_len + additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)49U,
+      memcpy(input + 49U,
         seed_material,
         (entropy_input_len + additional_input_len) * sizeof (uint8_t));
     }
-    input[48U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+    input[48U] = 1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+    memcpy(k, k_0, 48U * sizeof (uint8_t));
   }
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return true;
 }
 
@@ -872,42 +864,42 @@ reseed_sha2_512(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
+  uint32_t input_len = 65U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 64U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)65U,
+    memcpy(input0 + 65U,
       seed_material,
       (entropy_input_len + additional_input_len) * sizeof (uint8_t));
   }
-  input0[64U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  input0[64U] = 0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+  memcpy(k, k_, 64U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_len;
+    uint32_t input_len0 = 65U + entropy_input_len + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-    if (entropy_input_len + additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 64U * sizeof (uint8_t));
+    if (entropy_input_len + additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)65U,
+      memcpy(input + 65U,
         seed_material,
         (entropy_input_len + additional_input_len) * sizeof (uint8_t));
     }
-    input[64U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+    input[64U] = 1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+    memcpy(k, k_0, 64U * sizeof (uint8_t));
   }
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return true;
 }
 
@@ -970,42 +962,42 @@ generate_sha1(
       uint8_t *k = scrut.k;
       uint8_t *v = scrut.v;
       uint32_t *ctr = scrut.reseed_counter;
-      uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
+      uint32_t input_len = 21U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      memcpy(k_, v, 20U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        memcpy(input0 + (uint32_t)21U,
+        memcpy(input0 + 21U,
           seed_material,
           (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
-      input0[20U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-      EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      input0[20U] = 0U;
+      EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+      EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+      memcpy(k, k_, 20U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_len;
+        uint32_t input_len0 = 21U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_len != (uint32_t)0U)
+        memcpy(k_0, v, 20U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_len != 0U)
         {
-          memcpy(input + (uint32_t)21U,
+          memcpy(input + 21U,
             seed_material,
             (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
-        input[20U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-        EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+        input[20U] = 1U;
+        EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+        EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+        memcpy(k, k_0, 20U * sizeof (uint8_t));
       }
-      ctr[0U] = (uint32_t)1U;
+      ctr[0U] = 1U;
       result = true;
     }
     ok0 = result;
@@ -1015,16 +1007,16 @@ generate_sha1(
     return false;
   }
   EverCrypt_DRBG_state_s st_s = *st;
-  Hacl_HMAC_DRBG_state x1;
+  Hacl_HMAC_DRBG_state ite;
   if (st_s.tag == SHA1_s)
   {
-    x1 = st_s.case_SHA1_s;
+    ite = st_s.case_SHA1_s;
   }
   else
   {
-    x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+    ite = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
+  if (ite.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
     return false;
   }
@@ -1040,87 +1032,87 @@ generate_sha1(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  if (additional_input_len > (uint32_t)0U)
+  if (additional_input_len > 0U)
   {
-    uint32_t input_len = (uint32_t)21U + additional_input_len;
+    uint32_t input_len = 21U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
     memset(input0, 0U, input_len * sizeof (uint8_t));
     uint8_t *k_ = input0;
-    memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_, v, 20U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input0 + 21U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input0[20U] = (uint8_t)0U;
-    EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-    EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    input0[20U] = 0U;
+    EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+    EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+    memcpy(k, k_, 20U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+      uint32_t input_len0 = 21U + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
       uint8_t input[input_len0];
       memset(input, 0U, input_len0 * sizeof (uint8_t));
       uint8_t *k_0 = input;
-      memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
+      memcpy(k_0, v, 20U * sizeof (uint8_t));
+      if (additional_input_len != 0U)
       {
-        memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+        memcpy(input + 21U, additional_input, additional_input_len * sizeof (uint8_t));
       }
-      input[20U] = (uint8_t)1U;
-      EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-      EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+      input[20U] = 1U;
+      EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+      EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+      memcpy(k, k_0, 20U * sizeof (uint8_t));
     }
   }
   uint8_t *output1 = output;
-  uint32_t max = n / (uint32_t)20U;
+  uint32_t max = n / 20U;
   uint8_t *out = output1;
-  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  for (uint32_t i = 0U; i < max; i++)
   {
-    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
+    EverCrypt_HMAC_compute_sha1(v, k, 20U, v, 20U);
+    memcpy(out + i * 20U, v, 20U * sizeof (uint8_t));
   }
-  if (max * (uint32_t)20U < n)
+  if (max * 20U < n)
   {
-    uint8_t *block = output1 + max * (uint32_t)20U;
-    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
+    uint8_t *block = output1 + max * 20U;
+    EverCrypt_HMAC_compute_sha1(v, k, 20U, v, 20U);
+    memcpy(block, v, (n - max * 20U) * sizeof (uint8_t));
   }
-  uint32_t input_len = (uint32_t)21U + additional_input_len;
+  uint32_t input_len = 21U + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 20U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+    memcpy(input0 + 21U, additional_input, additional_input_len * sizeof (uint8_t));
   }
-  input0[20U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  input0[20U] = 0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+  memcpy(k, k_, 20U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+    uint32_t input_len0 = 21U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 20U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input + 21U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input[20U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+    input[20U] = 1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+    memcpy(k, k_0, 20U * sizeof (uint8_t));
   }
   uint32_t old_ctr = ctr[0U];
-  ctr[0U] = old_ctr + (uint32_t)1U;
+  ctr[0U] = old_ctr + 1U;
   return true;
 }
 
@@ -1183,42 +1175,42 @@ generate_sha2_256(
       uint8_t *k = scrut.k;
       uint8_t *v = scrut.v;
       uint32_t *ctr = scrut.reseed_counter;
-      uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
+      uint32_t input_len = 33U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      memcpy(k_, v, 32U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        memcpy(input0 + (uint32_t)33U,
+        memcpy(input0 + 33U,
           seed_material,
           (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
-      input0[32U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      input0[32U] = 0U;
+      EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+      EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+      memcpy(k, k_, 32U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_len;
+        uint32_t input_len0 = 33U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_len != (uint32_t)0U)
+        memcpy(k_0, v, 32U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_len != 0U)
         {
-          memcpy(input + (uint32_t)33U,
+          memcpy(input + 33U,
             seed_material,
             (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
-        input[32U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+        input[32U] = 1U;
+        EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+        EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+        memcpy(k, k_0, 32U * sizeof (uint8_t));
       }
-      ctr[0U] = (uint32_t)1U;
+      ctr[0U] = 1U;
       result = true;
     }
     ok0 = result;
@@ -1228,16 +1220,16 @@ generate_sha2_256(
     return false;
   }
   EverCrypt_DRBG_state_s st_s = *st;
-  Hacl_HMAC_DRBG_state x1;
+  Hacl_HMAC_DRBG_state ite;
   if (st_s.tag == SHA2_256_s)
   {
-    x1 = st_s.case_SHA2_256_s;
+    ite = st_s.case_SHA2_256_s;
   }
   else
   {
-    x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+    ite = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
+  if (ite.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
     return false;
   }
@@ -1253,87 +1245,87 @@ generate_sha2_256(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  if (additional_input_len > (uint32_t)0U)
+  if (additional_input_len > 0U)
   {
-    uint32_t input_len = (uint32_t)33U + additional_input_len;
+    uint32_t input_len = 33U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
     memset(input0, 0U, input_len * sizeof (uint8_t));
     uint8_t *k_ = input0;
-    memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_, v, 32U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input0 + 33U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input0[32U] = (uint8_t)0U;
-    EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-    EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    input0[32U] = 0U;
+    EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+    EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+    memcpy(k, k_, 32U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+      uint32_t input_len0 = 33U + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
       uint8_t input[input_len0];
       memset(input, 0U, input_len0 * sizeof (uint8_t));
       uint8_t *k_0 = input;
-      memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
+      memcpy(k_0, v, 32U * sizeof (uint8_t));
+      if (additional_input_len != 0U)
       {
-        memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+        memcpy(input + 33U, additional_input, additional_input_len * sizeof (uint8_t));
       }
-      input[32U] = (uint8_t)1U;
-      EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-      EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+      input[32U] = 1U;
+      EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+      EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+      memcpy(k, k_0, 32U * sizeof (uint8_t));
     }
   }
   uint8_t *output1 = output;
-  uint32_t max = n / (uint32_t)32U;
+  uint32_t max = n / 32U;
   uint8_t *out = output1;
-  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  for (uint32_t i = 0U; i < max; i++)
   {
-    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
+    EverCrypt_HMAC_compute_sha2_256(v, k, 32U, v, 32U);
+    memcpy(out + i * 32U, v, 32U * sizeof (uint8_t));
   }
-  if (max * (uint32_t)32U < n)
+  if (max * 32U < n)
   {
-    uint8_t *block = output1 + max * (uint32_t)32U;
-    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
+    uint8_t *block = output1 + max * 32U;
+    EverCrypt_HMAC_compute_sha2_256(v, k, 32U, v, 32U);
+    memcpy(block, v, (n - max * 32U) * sizeof (uint8_t));
   }
-  uint32_t input_len = (uint32_t)33U + additional_input_len;
+  uint32_t input_len = 33U + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 32U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+    memcpy(input0 + 33U, additional_input, additional_input_len * sizeof (uint8_t));
   }
-  input0[32U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  input0[32U] = 0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+  memcpy(k, k_, 32U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+    uint32_t input_len0 = 33U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 32U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input + 33U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input[32U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+    input[32U] = 1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+    memcpy(k, k_0, 32U * sizeof (uint8_t));
   }
   uint32_t old_ctr = ctr[0U];
-  ctr[0U] = old_ctr + (uint32_t)1U;
+  ctr[0U] = old_ctr + 1U;
   return true;
 }
 
@@ -1396,42 +1388,42 @@ generate_sha2_384(
       uint8_t *k = scrut.k;
       uint8_t *v = scrut.v;
       uint32_t *ctr = scrut.reseed_counter;
-      uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
+      uint32_t input_len = 49U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      memcpy(k_, v, 48U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        memcpy(input0 + (uint32_t)49U,
+        memcpy(input0 + 49U,
           seed_material,
           (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
-      input0[48U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      input0[48U] = 0U;
+      EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+      EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+      memcpy(k, k_, 48U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_len;
+        uint32_t input_len0 = 49U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_len != (uint32_t)0U)
+        memcpy(k_0, v, 48U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_len != 0U)
         {
-          memcpy(input + (uint32_t)49U,
+          memcpy(input + 49U,
             seed_material,
             (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
-        input[48U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+        input[48U] = 1U;
+        EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+        EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+        memcpy(k, k_0, 48U * sizeof (uint8_t));
       }
-      ctr[0U] = (uint32_t)1U;
+      ctr[0U] = 1U;
       result = true;
     }
     ok0 = result;
@@ -1441,16 +1433,16 @@ generate_sha2_384(
     return false;
   }
   EverCrypt_DRBG_state_s st_s = *st;
-  Hacl_HMAC_DRBG_state x1;
+  Hacl_HMAC_DRBG_state ite;
   if (st_s.tag == SHA2_384_s)
   {
-    x1 = st_s.case_SHA2_384_s;
+    ite = st_s.case_SHA2_384_s;
   }
   else
   {
-    x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+    ite = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
+  if (ite.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
     return false;
   }
@@ -1466,87 +1458,87 @@ generate_sha2_384(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  if (additional_input_len > (uint32_t)0U)
+  if (additional_input_len > 0U)
   {
-    uint32_t input_len = (uint32_t)49U + additional_input_len;
+    uint32_t input_len = 49U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
     memset(input0, 0U, input_len * sizeof (uint8_t));
     uint8_t *k_ = input0;
-    memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_, v, 48U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input0 + 49U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input0[48U] = (uint8_t)0U;
-    EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-    EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    input0[48U] = 0U;
+    EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+    EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+    memcpy(k, k_, 48U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+      uint32_t input_len0 = 49U + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
       uint8_t input[input_len0];
       memset(input, 0U, input_len0 * sizeof (uint8_t));
       uint8_t *k_0 = input;
-      memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
+      memcpy(k_0, v, 48U * sizeof (uint8_t));
+      if (additional_input_len != 0U)
       {
-        memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+        memcpy(input + 49U, additional_input, additional_input_len * sizeof (uint8_t));
       }
-      input[48U] = (uint8_t)1U;
-      EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-      EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+      input[48U] = 1U;
+      EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+      EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+      memcpy(k, k_0, 48U * sizeof (uint8_t));
     }
   }
   uint8_t *output1 = output;
-  uint32_t max = n / (uint32_t)48U;
+  uint32_t max = n / 48U;
   uint8_t *out = output1;
-  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  for (uint32_t i = 0U; i < max; i++)
   {
-    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
+    EverCrypt_HMAC_compute_sha2_384(v, k, 48U, v, 48U);
+    memcpy(out + i * 48U, v, 48U * sizeof (uint8_t));
   }
-  if (max * (uint32_t)48U < n)
+  if (max * 48U < n)
   {
-    uint8_t *block = output1 + max * (uint32_t)48U;
-    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
+    uint8_t *block = output1 + max * 48U;
+    EverCrypt_HMAC_compute_sha2_384(v, k, 48U, v, 48U);
+    memcpy(block, v, (n - max * 48U) * sizeof (uint8_t));
   }
-  uint32_t input_len = (uint32_t)49U + additional_input_len;
+  uint32_t input_len = 49U + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 48U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+    memcpy(input0 + 49U, additional_input, additional_input_len * sizeof (uint8_t));
   }
-  input0[48U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  input0[48U] = 0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+  memcpy(k, k_, 48U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+    uint32_t input_len0 = 49U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 48U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input + 49U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input[48U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+    input[48U] = 1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+    memcpy(k, k_0, 48U * sizeof (uint8_t));
   }
   uint32_t old_ctr = ctr[0U];
-  ctr[0U] = old_ctr + (uint32_t)1U;
+  ctr[0U] = old_ctr + 1U;
   return true;
 }
 
@@ -1609,42 +1601,42 @@ generate_sha2_512(
       uint8_t *k = scrut.k;
       uint8_t *v = scrut.v;
       uint32_t *ctr = scrut.reseed_counter;
-      uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
+      uint32_t input_len = 65U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      memcpy(k_, v, 64U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        memcpy(input0 + (uint32_t)65U,
+        memcpy(input0 + 65U,
           seed_material,
           (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
-      input0[64U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      input0[64U] = 0U;
+      EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+      EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+      memcpy(k, k_, 64U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_len;
+        uint32_t input_len0 = 65U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_len != (uint32_t)0U)
+        memcpy(k_0, v, 64U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_len != 0U)
         {
-          memcpy(input + (uint32_t)65U,
+          memcpy(input + 65U,
             seed_material,
             (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
-        input[64U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+        input[64U] = 1U;
+        EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+        EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+        memcpy(k, k_0, 64U * sizeof (uint8_t));
       }
-      ctr[0U] = (uint32_t)1U;
+      ctr[0U] = 1U;
       result = true;
     }
     ok0 = result;
@@ -1654,16 +1646,16 @@ generate_sha2_512(
     return false;
   }
   EverCrypt_DRBG_state_s st_s = *st;
-  Hacl_HMAC_DRBG_state x1;
+  Hacl_HMAC_DRBG_state ite;
   if (st_s.tag == SHA2_512_s)
   {
-    x1 = st_s.case_SHA2_512_s;
+    ite = st_s.case_SHA2_512_s;
   }
   else
   {
-    x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+    ite = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
+  if (ite.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
     return false;
   }
@@ -1679,87 +1671,87 @@ generate_sha2_512(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  if (additional_input_len > (uint32_t)0U)
+  if (additional_input_len > 0U)
   {
-    uint32_t input_len = (uint32_t)65U + additional_input_len;
+    uint32_t input_len = 65U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
     memset(input0, 0U, input_len * sizeof (uint8_t));
     uint8_t *k_ = input0;
-    memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_, v, 64U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input0 + 65U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input0[64U] = (uint8_t)0U;
-    EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-    EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    input0[64U] = 0U;
+    EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+    EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+    memcpy(k, k_, 64U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+      uint32_t input_len0 = 65U + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
       uint8_t input[input_len0];
       memset(input, 0U, input_len0 * sizeof (uint8_t));
       uint8_t *k_0 = input;
-      memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
+      memcpy(k_0, v, 64U * sizeof (uint8_t));
+      if (additional_input_len != 0U)
       {
-        memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+        memcpy(input + 65U, additional_input, additional_input_len * sizeof (uint8_t));
       }
-      input[64U] = (uint8_t)1U;
-      EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-      EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+      input[64U] = 1U;
+      EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+      EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+      memcpy(k, k_0, 64U * sizeof (uint8_t));
     }
   }
   uint8_t *output1 = output;
-  uint32_t max = n / (uint32_t)64U;
+  uint32_t max = n / 64U;
   uint8_t *out = output1;
-  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  for (uint32_t i = 0U; i < max; i++)
   {
-    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
+    EverCrypt_HMAC_compute_sha2_512(v, k, 64U, v, 64U);
+    memcpy(out + i * 64U, v, 64U * sizeof (uint8_t));
   }
-  if (max * (uint32_t)64U < n)
+  if (max * 64U < n)
   {
-    uint8_t *block = output1 + max * (uint32_t)64U;
-    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
+    uint8_t *block = output1 + max * 64U;
+    EverCrypt_HMAC_compute_sha2_512(v, k, 64U, v, 64U);
+    memcpy(block, v, (n - max * 64U) * sizeof (uint8_t));
   }
-  uint32_t input_len = (uint32_t)65U + additional_input_len;
+  uint32_t input_len = 65U + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 64U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+    memcpy(input0 + 65U, additional_input, additional_input_len * sizeof (uint8_t));
   }
-  input0[64U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  input0[64U] = 0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+  memcpy(k, k_, 64U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+    uint32_t input_len0 = 65U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t input[input_len0];
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 64U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input + 65U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input[64U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+    input[64U] = 1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+    memcpy(k, k_0, 64U * sizeof (uint8_t));
   }
   uint32_t old_ctr = ctr[0U];
-  ctr[0U] = old_ctr + (uint32_t)1U;
+  ctr[0U] = old_ctr + 1U;
   return true;
 }
 
@@ -1778,9 +1770,9 @@ static void uninstantiate_sha1(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)20U, uint8_t);
-  Lib_Memzero0_memzero(v, (uint32_t)20U, uint8_t);
-  ctr[0U] = (uint32_t)0U;
+  Lib_Memzero0_memzero(k, 20U, uint8_t);
+  Lib_Memzero0_memzero(v, 20U, uint8_t);
+  ctr[0U] = 0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
   KRML_HOST_FREE(ctr);
@@ -1802,9 +1794,9 @@ static void uninstantiate_sha2_256(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(v, (uint32_t)32U, uint8_t);
-  ctr[0U] = (uint32_t)0U;
+  Lib_Memzero0_memzero(k, 32U, uint8_t);
+  Lib_Memzero0_memzero(v, 32U, uint8_t);
+  ctr[0U] = 0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
   KRML_HOST_FREE(ctr);
@@ -1826,9 +1818,9 @@ static void uninstantiate_sha2_384(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)48U, uint8_t);
-  Lib_Memzero0_memzero(v, (uint32_t)48U, uint8_t);
-  ctr[0U] = (uint32_t)0U;
+  Lib_Memzero0_memzero(k, 48U, uint8_t);
+  Lib_Memzero0_memzero(v, 48U, uint8_t);
+  ctr[0U] = 0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
   KRML_HOST_FREE(ctr);
@@ -1850,9 +1842,9 @@ static void uninstantiate_sha2_512(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)64U, uint8_t);
-  Lib_Memzero0_memzero(v, (uint32_t)64U, uint8_t);
-  ctr[0U] = (uint32_t)0U;
+  Lib_Memzero0_memzero(k, 64U, uint8_t);
+  Lib_Memzero0_memzero(v, 64U, uint8_t);
+  ctr[0U] = 0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
   KRML_HOST_FREE(ctr);
diff --git a/src/EverCrypt_HKDF.c b/src/EverCrypt_HKDF.c
index 796a8424..773f86b8 100644
--- a/src/EverCrypt_HKDF.c
+++ b/src/EverCrypt_HKDF.c
@@ -37,39 +37,39 @@ expand_sha1(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)20U;
+  uint32_t tlen = 20U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -92,39 +92,39 @@ expand_sha2_256(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -147,39 +147,39 @@ expand_sha2_384(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)48U;
+  uint32_t tlen = 48U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -202,39 +202,39 @@ expand_sha2_512(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -257,39 +257,39 @@ expand_blake2s(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -312,39 +312,39 @@ expand_blake2b(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
diff --git a/src/EverCrypt_HMAC.c b/src/EverCrypt_HMAC.c
index 91440e61..90bcaaac 100644
--- a/src/EverCrypt_HMAC.c
+++ b/src/EverCrypt_HMAC.c
@@ -28,7 +28,9 @@
 #include "internal/Hacl_Krmllib.h"
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b.h"
+#include "internal/Hacl_HMAC.h"
 #include "internal/EverCrypt_Hash.h"
 
 bool EverCrypt_HMAC_is_supported_alg(Spec_Hash_Definitions_hash_alg uu___)
@@ -67,7 +69,7 @@ bool EverCrypt_HMAC_is_supported_alg(Spec_Hash_Definitions_hash_alg uu___)
 }
 
 void
-(*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint32_t x1, uint8_t *x2) =
+(*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint8_t *x1, uint32_t x2) =
   EverCrypt_Hash_Incremental_hash_256;
 
 void
@@ -79,68 +81,63 @@ EverCrypt_HMAC_compute_sha1(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)20U;
+    ite = 20U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Hash_SHA1_legacy_hash(key, key_len, nkey);
+    Hacl_Hash_SHA1_hash_oneshot(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
-  uint32_t
-  s[5U] =
-    {
-      (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
-      (uint32_t)0xc3d2e1f0U
-    };
+  uint32_t s[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_Hash_SHA1_legacy_update_last(s, (uint64_t)0U, ipad, (uint32_t)64U);
+    Hacl_Hash_SHA1_update_last(s, 0ULL, ipad, 64U);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -152,25 +149,21 @@ EverCrypt_HMAC_compute_sha1(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_Hash_SHA1_legacy_update_multi(s, ipad, (uint32_t)1U);
-    Hacl_Hash_SHA1_legacy_update_multi(s, full_blocks, n_blocks);
-    Hacl_Hash_SHA1_legacy_update_last(s,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
-      rem,
-      rem_len);
+    Hacl_Hash_SHA1_update_multi(s, ipad, 1U);
+    Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks);
+    Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len);
   }
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst1);
+  Hacl_Hash_SHA1_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_Hash_Core_SHA1_legacy_init(s);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)20U / block_len;
-  uint32_t rem0 = (uint32_t)20U % block_len;
+  Hacl_Hash_SHA1_init(s);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 20U / block_len;
+  uint32_t rem0 = 20U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)20U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 20U - n_blocks_ * block_len });
   }
   else
   {
@@ -181,13 +174,10 @@ EverCrypt_HMAC_compute_sha1(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_Hash_SHA1_legacy_update_multi(s, opad, (uint32_t)1U);
-  Hacl_Hash_SHA1_legacy_update_multi(s, full_blocks, n_blocks);
-  Hacl_Hash_SHA1_legacy_update_last(s,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
-    rem,
-    rem_len);
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst);
+  Hacl_Hash_SHA1_update_multi(s, opad, 1U);
+  Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks);
+  Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len);
+  Hacl_Hash_SHA1_finish(s, dst);
 }
 
 void
@@ -199,74 +189,71 @@ EverCrypt_HMAC_compute_sha2_256(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    EverCrypt_HMAC_hash_256(key, key_len, nkey);
+    EverCrypt_HMAC_hash_256(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint32_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = st;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t x = Hacl_Hash_SHA2_h256[i];
     os[i] = x;);
   uint32_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)0U + (uint64_t)(uint32_t)64U,
-      (uint32_t)64U,
-      ipad,
-      s);
+    Hacl_Hash_SHA2_sha256_update_last(0ULL + (uint64_t)64U, 64U, ipad, s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -278,27 +265,24 @@ EverCrypt_HMAC_compute_sha2_256(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    EverCrypt_Hash_update_multi_256(s, ipad, (uint32_t)1U);
+    EverCrypt_Hash_update_multi_256(s, ipad, 1U);
     EverCrypt_Hash_update_multi_256(s, full_blocks, n_blocks);
-    Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)(uint32_t)64U
-      + (uint64_t)full_blocks_len
-      + (uint64_t)rem_len,
+    Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len,
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst1);
+  Hacl_Hash_SHA2_sha256_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha256_init(s);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_SHA2_sha256_init(s);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -309,15 +293,13 @@ EverCrypt_HMAC_compute_sha2_256(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  EverCrypt_Hash_update_multi_256(s, opad, (uint32_t)1U);
+  EverCrypt_Hash_update_multi_256(s, opad, 1U);
   EverCrypt_Hash_update_multi_256(s, full_blocks, n_blocks);
-  Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)(uint32_t)64U
-    + (uint64_t)full_blocks_len
-    + (uint64_t)rem_len,
+  Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len,
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst);
+  Hacl_Hash_SHA2_sha256_finish(s, dst);
 }
 
 void
@@ -329,75 +311,75 @@ EverCrypt_HMAC_compute_sha2_384(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)48U;
+    ite = 48U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_384(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_384(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = st;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h384[i];
+    uint64_t x = Hacl_Hash_SHA2_h384[i];
     os[i] = x;);
   uint64_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-        FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U)),
-      (uint32_t)128U,
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL),
+        FStar_UInt128_uint64_to_uint128((uint64_t)128U)),
+      128U,
       ipad,
       s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -409,27 +391,26 @@ EverCrypt_HMAC_compute_sha2_384(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)128U, ipad, s);
-    Hacl_SHA2_Scalar32_sha384_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    Hacl_Hash_SHA2_sha384_update_nblocks(128U, ipad, s);
+    Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s);
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
           FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
         FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha384_finish(s, dst1);
+  Hacl_Hash_SHA2_sha384_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha384_init(s);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)48U / block_len;
-  uint32_t rem0 = (uint32_t)48U % block_len;
+  Hacl_Hash_SHA2_sha384_init(s);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 48U / block_len;
+  uint32_t rem0 = 48U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)48U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 48U - n_blocks_ * block_len });
   }
   else
   {
@@ -440,15 +421,15 @@ EverCrypt_HMAC_compute_sha2_384(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)128U, opad, s);
-  Hacl_SHA2_Scalar32_sha384_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+  Hacl_Hash_SHA2_sha384_update_nblocks(128U, opad, s);
+  Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s);
+  Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha384_finish(s, dst);
+  Hacl_Hash_SHA2_sha384_finish(s, dst);
 }
 
 void
@@ -460,75 +441,75 @@ EverCrypt_HMAC_compute_sha2_512(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_512(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_512(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = st;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h512[i];
+    uint64_t x = Hacl_Hash_SHA2_h512[i];
     os[i] = x;);
   uint64_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-        FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U)),
-      (uint32_t)128U,
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL),
+        FStar_UInt128_uint64_to_uint128((uint64_t)128U)),
+      128U,
       ipad,
       s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -540,27 +521,26 @@ EverCrypt_HMAC_compute_sha2_512(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, ipad, s);
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    Hacl_Hash_SHA2_sha512_update_nblocks(128U, ipad, s);
+    Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s);
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
           FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
         FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha512_finish(s, dst1);
+  Hacl_Hash_SHA2_sha512_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha512_init(s);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_SHA2_sha512_init(s);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -571,15 +551,15 @@ EverCrypt_HMAC_compute_sha2_512(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, opad, s);
-  Hacl_SHA2_Scalar32_sha512_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+  Hacl_Hash_SHA2_sha512_update_nblocks(128U, opad, s);
+  Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s);
+  Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha512_finish(s, dst);
+  Hacl_Hash_SHA2_sha512_finish(s, dst);
 }
 
 void
@@ -591,66 +571,66 @@ EverCrypt_HMAC_compute_blake2s(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2s_32_blake2s((uint32_t)32U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2s_hash_with_key(nkey, 32U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint32_t s[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_init(s, (uint32_t)0U, (uint32_t)32U);
+  Hacl_Hash_Blake2s_init(s, 0U, 32U);
   uint32_t *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last((uint32_t)64U, wv, s0, (uint64_t)0U, (uint32_t)64U, ipad);
+    Hacl_Hash_Blake2s_update_last(64U, wv, s0, 0ULL, 64U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -663,34 +643,33 @@ EverCrypt_HMAC_compute_blake2s(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, ipad, (uint32_t)1U);
+    Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, ipad, 1U);
     uint32_t wv0[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi(n_blocks * (uint32_t)64U,
+    Hacl_Hash_Blake2s_update_multi(n_blocks * 64U,
       wv0,
       s0,
       (uint64_t)block_len,
       full_blocks,
       n_blocks);
     uint32_t wv1[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last(rem_len,
+    Hacl_Hash_Blake2s_update_last(rem_len,
       wv1,
       s0,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+      (uint64_t)64U + (uint64_t)full_blocks_len,
       rem_len,
       rem);
   }
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst1, s0);
+  Hacl_Hash_Blake2s_finish(32U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2s_32_blake2s_init(s0, (uint32_t)0U, (uint32_t)32U);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_Blake2s_init(s0, 0U, 32U);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -702,22 +681,22 @@ EverCrypt_HMAC_compute_blake2s(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   uint32_t wv[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, opad, (uint32_t)1U);
+  Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, opad, 1U);
   uint32_t wv0[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_multi(n_blocks * (uint32_t)64U,
+  Hacl_Hash_Blake2s_update_multi(n_blocks * 64U,
     wv0,
     s0,
     (uint64_t)block_len,
     full_blocks,
     n_blocks);
   uint32_t wv1[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_last(rem_len,
+  Hacl_Hash_Blake2s_update_last(rem_len,
     wv1,
     s0,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+    (uint64_t)64U + (uint64_t)full_blocks_len,
     rem_len,
     rem);
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst, s0);
+  Hacl_Hash_Blake2s_finish(32U, dst, s0);
 }
 
 void
@@ -729,71 +708,66 @@ EverCrypt_HMAC_compute_blake2b(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2b_32_blake2b((uint32_t)64U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2b_hash_with_key(nkey, 64U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t s[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_init(s, (uint32_t)0U, (uint32_t)64U);
+  Hacl_Hash_Blake2b_init(s, 0U, 64U);
   uint64_t *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last((uint32_t)128U,
-      wv,
-      s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      (uint32_t)128U,
-      ipad);
+    Hacl_Hash_Blake2b_update_last(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), 128U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -806,40 +780,34 @@ EverCrypt_HMAC_compute_blake2b(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-      wv,
-      s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      ipad,
-      (uint32_t)1U);
+    Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), ipad, 1U);
     uint64_t wv0[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi(n_blocks * (uint32_t)128U,
+    Hacl_Hash_Blake2b_update_multi(n_blocks * 128U,
       wv0,
       s0,
       FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
       full_blocks,
       n_blocks);
     uint64_t wv1[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last(rem_len,
+    Hacl_Hash_Blake2b_update_last(rem_len,
       wv1,
       s0,
-      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       rem_len,
       rem);
   }
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst1, s0);
+  Hacl_Hash_Blake2b_finish(64U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2b_32_blake2b_init(s0, (uint32_t)0U, (uint32_t)64U);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_Blake2b_init(s0, 0U, 64U);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -851,28 +819,23 @@ EverCrypt_HMAC_compute_blake2b(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   uint64_t wv[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-    wv,
-    s0,
-    FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-    opad,
-    (uint32_t)1U);
+  Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), opad, 1U);
   uint64_t wv0[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_multi(n_blocks * (uint32_t)128U,
+  Hacl_Hash_Blake2b_update_multi(n_blocks * 128U,
     wv0,
     s0,
     FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
     full_blocks,
     n_blocks);
   uint64_t wv1[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_last(rem_len,
+  Hacl_Hash_Blake2b_update_last(rem_len,
     wv1,
     s0,
-    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
       FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
     rem_len,
     rem);
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst, s0);
+  Hacl_Hash_Blake2b_finish(64U, dst, s0);
 }
 
 void
diff --git a/src/EverCrypt_Hash.c b/src/EverCrypt_Hash.c
index b88df9e2..92b3c227 100644
--- a/src/EverCrypt_Hash.c
+++ b/src/EverCrypt_Hash.c
@@ -31,6 +31,10 @@
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
 #include "internal/Hacl_Hash_MD5.h"
+#include "internal/Hacl_Hash_Blake2s_Simd128.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b_Simd256.h"
+#include "internal/Hacl_Hash_Blake2b.h"
 #include "config.h"
 
 #define MD5_s 0
@@ -146,61 +150,61 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(4U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = MD5_s, { .case_MD5_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(5U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA1_s, { .case_SHA1_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA2_224_s, { .case_SHA2_224_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA2_256_s, { .case_SHA2_256_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA2_384_s, { .case_SHA2_384_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA2_512_s, { .case_SHA2_512_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA3_224_s, { .case_SHA3_224_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA3_256_s, { .case_SHA3_256_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA3_384_s, { .case_SHA3_384_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA3_512_s, { .case_SHA3_512_s = buf } });
         break;
       }
@@ -214,17 +218,17 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
             (
               (EverCrypt_Hash_state_s){
                 .tag = Blake2S_128_s,
-                { .case_Blake2S_128_s = Hacl_Blake2s_128_blake2s_malloc() }
+                { .case_Blake2S_128_s = Hacl_Hash_Blake2s_Simd128_malloc_with_key() }
               }
             );
         }
         else
         {
-          uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
+          uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(16U, sizeof (uint32_t));
           s = ((EverCrypt_Hash_state_s){ .tag = Blake2S_s, { .case_Blake2S_s = buf } });
         }
         #else
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(16U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = Blake2S_s, { .case_Blake2S_s = buf } });
         #endif
         break;
@@ -239,17 +243,17 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
             (
               (EverCrypt_Hash_state_s){
                 .tag = Blake2B_256_s,
-                { .case_Blake2B_256_s = Hacl_Blake2b_256_blake2b_malloc() }
+                { .case_Blake2B_256_s = Hacl_Hash_Blake2b_Simd256_malloc_with_key() }
               }
             );
         }
         else
         {
-          uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
+          uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(16U, sizeof (uint64_t));
           s = ((EverCrypt_Hash_state_s){ .tag = Blake2B_s, { .case_Blake2B_s = buf } });
         }
         #else
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(16U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = Blake2B_s, { .case_Blake2B_s = buf } });
         #endif
         break;
@@ -272,94 +276,94 @@ static void init(EverCrypt_Hash_state_s *s)
   if (scrut.tag == MD5_s)
   {
     uint32_t *p1 = scrut.case_MD5_s;
-    Hacl_Hash_Core_MD5_legacy_init(p1);
+    Hacl_Hash_MD5_init(p1);
     return;
   }
   if (scrut.tag == SHA1_s)
   {
     uint32_t *p1 = scrut.case_SHA1_s;
-    Hacl_Hash_Core_SHA1_legacy_init(p1);
+    Hacl_Hash_SHA1_init(p1);
     return;
   }
   if (scrut.tag == SHA2_224_s)
   {
     uint32_t *p1 = scrut.case_SHA2_224_s;
-    Hacl_SHA2_Scalar32_sha224_init(p1);
+    Hacl_Hash_SHA2_sha224_init(p1);
     return;
   }
   if (scrut.tag == SHA2_256_s)
   {
     uint32_t *p1 = scrut.case_SHA2_256_s;
-    Hacl_SHA2_Scalar32_sha256_init(p1);
+    Hacl_Hash_SHA2_sha256_init(p1);
     return;
   }
   if (scrut.tag == SHA2_384_s)
   {
     uint64_t *p1 = scrut.case_SHA2_384_s;
-    Hacl_SHA2_Scalar32_sha384_init(p1);
+    Hacl_Hash_SHA2_sha384_init(p1);
     return;
   }
   if (scrut.tag == SHA2_512_s)
   {
     uint64_t *p1 = scrut.case_SHA2_512_s;
-    Hacl_SHA2_Scalar32_sha512_init(p1);
+    Hacl_Hash_SHA2_sha512_init(p1);
     return;
   }
   if (scrut.tag == SHA3_224_s)
   {
     uint64_t *p1 = scrut.case_SHA3_224_s;
-    memset(p1, 0U, (uint32_t)25U * sizeof (uint64_t));
+    memset(p1, 0U, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut.tag == SHA3_256_s)
   {
     uint64_t *p1 = scrut.case_SHA3_256_s;
-    memset(p1, 0U, (uint32_t)25U * sizeof (uint64_t));
+    memset(p1, 0U, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut.tag == SHA3_384_s)
   {
     uint64_t *p1 = scrut.case_SHA3_384_s;
-    memset(p1, 0U, (uint32_t)25U * sizeof (uint64_t));
+    memset(p1, 0U, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut.tag == SHA3_512_s)
   {
     uint64_t *p1 = scrut.case_SHA3_512_s;
-    memset(p1, 0U, (uint32_t)25U * sizeof (uint64_t));
+    memset(p1, 0U, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut.tag == Blake2S_s)
   {
     uint32_t *p1 = scrut.case_Blake2S_s;
-    Hacl_Blake2s_32_blake2s_init(p1, (uint32_t)0U, (uint32_t)32U);
+    Hacl_Hash_Blake2s_init(p1, 0U, 32U);
     return;
   }
   if (scrut.tag == Blake2S_128_s)
   {
     Lib_IntVector_Intrinsics_vec128 *p1 = scrut.case_Blake2S_128_s;
     #if HACL_CAN_COMPILE_VEC128
-    Hacl_Blake2s_128_blake2s_init(p1, (uint32_t)0U, (uint32_t)32U);
+    Hacl_Hash_Blake2s_Simd128_init(p1, 0U, 32U);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
   if (scrut.tag == Blake2B_s)
   {
     uint64_t *p1 = scrut.case_Blake2B_s;
-    Hacl_Blake2b_32_blake2b_init(p1, (uint32_t)0U, (uint32_t)64U);
+    Hacl_Hash_Blake2b_init(p1, 0U, 64U);
     return;
   }
   if (scrut.tag == Blake2B_256_s)
   {
     Lib_IntVector_Intrinsics_vec256 *p1 = scrut.case_Blake2B_256_s;
     #if HACL_CAN_COMPILE_VEC256
-    Hacl_Blake2b_256_blake2b_init(p1, (uint32_t)0U, (uint32_t)64U);
+    Hacl_Hash_Blake2b_Simd256_init(p1, 0U, 64U);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -373,22 +377,16 @@ static void init(EverCrypt_Hash_state_s *s)
 static uint32_t
 k224_256[64U] =
   {
-    (uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, (uint32_t)0xe9b5dba5U,
-    (uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U,
-    (uint32_t)0xd807aa98U, (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U,
-    (uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, (uint32_t)0xc19bf174U,
-    (uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU,
-    (uint32_t)0x2de92c6fU, (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU,
-    (uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, (uint32_t)0xbf597fc7U,
-    (uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, (uint32_t)0x06ca6351U, (uint32_t)0x14292967U,
-    (uint32_t)0x27b70a85U, (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U,
-    (uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, (uint32_t)0x92722c85U,
-    (uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U,
-    (uint32_t)0xd192e819U, (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U,
-    (uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, (uint32_t)0x34b0bcb5U,
-    (uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U,
-    (uint32_t)0x748f82eeU, (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U,
-    (uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, (uint32_t)0xc67178f2U
+    0x428a2f98U, 0x71374491U, 0xb5c0fbcfU, 0xe9b5dba5U, 0x3956c25bU, 0x59f111f1U, 0x923f82a4U,
+    0xab1c5ed5U, 0xd807aa98U, 0x12835b01U, 0x243185beU, 0x550c7dc3U, 0x72be5d74U, 0x80deb1feU,
+    0x9bdc06a7U, 0xc19bf174U, 0xe49b69c1U, 0xefbe4786U, 0x0fc19dc6U, 0x240ca1ccU, 0x2de92c6fU,
+    0x4a7484aaU, 0x5cb0a9dcU, 0x76f988daU, 0x983e5152U, 0xa831c66dU, 0xb00327c8U, 0xbf597fc7U,
+    0xc6e00bf3U, 0xd5a79147U, 0x06ca6351U, 0x14292967U, 0x27b70a85U, 0x2e1b2138U, 0x4d2c6dfcU,
+    0x53380d13U, 0x650a7354U, 0x766a0abbU, 0x81c2c92eU, 0x92722c85U, 0xa2bfe8a1U, 0xa81a664bU,
+    0xc24b8b70U, 0xc76c51a3U, 0xd192e819U, 0xd6990624U, 0xf40e3585U, 0x106aa070U, 0x19a4c116U,
+    0x1e376c08U, 0x2748774cU, 0x34b0bcb5U, 0x391c0cb3U, 0x4ed8aa4aU, 0x5b9cca4fU, 0x682e6ff3U,
+    0x748f82eeU, 0x78a5636fU, 0x84c87814U, 0x8cc70208U, 0x90befffaU, 0xa4506cebU, 0xbef9a3f7U,
+    0xc67178f2U
   };
 
 void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
@@ -399,13 +397,13 @@ void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
   if (has_shaext && has_sse)
   {
     uint64_t n1 = (uint64_t)n;
-    KRML_HOST_IGNORE(sha256_update(s, blocks, n1, k224_256));
+    sha256_update(s, blocks, n1, k224_256);
     return;
   }
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  Hacl_Hash_SHA2_sha256_update_nblocks(n * 64U, blocks, s);
   #else
   KRML_HOST_IGNORE(k224_256);
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  Hacl_Hash_SHA2_sha256_update_nblocks(n * 64U, blocks, s);
   #endif
 }
 
@@ -416,100 +414,100 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
   if (scrut.tag == MD5_s)
   {
     uint32_t *p1 = scrut.case_MD5_s;
-    uint32_t n = len / (uint32_t)64U;
-    Hacl_Hash_MD5_legacy_update_multi(p1, blocks, n);
+    uint32_t n = len / 64U;
+    Hacl_Hash_MD5_update_multi(p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA1_s)
   {
     uint32_t *p1 = scrut.case_SHA1_s;
-    uint32_t n = len / (uint32_t)64U;
-    Hacl_Hash_SHA1_legacy_update_multi(p1, blocks, n);
+    uint32_t n = len / 64U;
+    Hacl_Hash_SHA1_update_multi(p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA2_224_s)
   {
     uint32_t *p1 = scrut.case_SHA2_224_s;
-    uint32_t n = len / (uint32_t)64U;
+    uint32_t n = len / 64U;
     EverCrypt_Hash_update_multi_256(p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA2_256_s)
   {
     uint32_t *p1 = scrut.case_SHA2_256_s;
-    uint32_t n = len / (uint32_t)64U;
+    uint32_t n = len / 64U;
     EverCrypt_Hash_update_multi_256(p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA2_384_s)
   {
     uint64_t *p1 = scrut.case_SHA2_384_s;
-    uint32_t n = len / (uint32_t)128U;
-    Hacl_SHA2_Scalar32_sha384_update_nblocks(n * (uint32_t)128U, blocks, p1);
+    uint32_t n = len / 128U;
+    Hacl_Hash_SHA2_sha384_update_nblocks(n * 128U, blocks, p1);
     return;
   }
   if (scrut.tag == SHA2_512_s)
   {
     uint64_t *p1 = scrut.case_SHA2_512_s;
-    uint32_t n = len / (uint32_t)128U;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(n * (uint32_t)128U, blocks, p1);
+    uint32_t n = len / 128U;
+    Hacl_Hash_SHA2_sha512_update_nblocks(n * 128U, blocks, p1);
     return;
   }
   if (scrut.tag == SHA3_224_s)
   {
     uint64_t *p1 = scrut.case_SHA3_224_s;
-    uint32_t n = len / (uint32_t)144U;
+    uint32_t n = len / 144U;
     Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA3_256_s)
   {
     uint64_t *p1 = scrut.case_SHA3_256_s;
-    uint32_t n = len / (uint32_t)136U;
+    uint32_t n = len / 136U;
     Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA3_384_s)
   {
     uint64_t *p1 = scrut.case_SHA3_384_s;
-    uint32_t n = len / (uint32_t)104U;
+    uint32_t n = len / 104U;
     Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA3_512_s)
   {
     uint64_t *p1 = scrut.case_SHA3_512_s;
-    uint32_t n = len / (uint32_t)72U;
+    uint32_t n = len / 72U;
     Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, p1, blocks, n);
     return;
   }
   if (scrut.tag == Blake2S_s)
   {
     uint32_t *p1 = scrut.case_Blake2S_s;
-    uint32_t n = len / (uint32_t)64U;
+    uint32_t n = len / 64U;
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi(n * (uint32_t)64U, wv, p1, prevlen, blocks, n);
+    Hacl_Hash_Blake2s_update_multi(n * 64U, wv, p1, prevlen, blocks, n);
     return;
   }
   if (scrut.tag == Blake2S_128_s)
   {
     Lib_IntVector_Intrinsics_vec128 *p1 = scrut.case_Blake2S_128_s;
     #if HACL_CAN_COMPILE_VEC128
-    uint32_t n = len / (uint32_t)64U;
+    uint32_t n = len / 64U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_multi(n * (uint32_t)64U, wv, p1, prevlen, blocks, n);
+    Hacl_Hash_Blake2s_Simd128_update_multi(n * 64U, wv, p1, prevlen, blocks, n);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
   if (scrut.tag == Blake2B_s)
   {
     uint64_t *p1 = scrut.case_Blake2B_s;
-    uint32_t n = len / (uint32_t)128U;
+    uint32_t n = len / 128U;
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi(n * (uint32_t)128U,
+    Hacl_Hash_Blake2b_update_multi(n * 128U,
       wv,
       p1,
       FStar_UInt128_uint64_to_uint128(prevlen),
@@ -521,9 +519,9 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
   {
     Lib_IntVector_Intrinsics_vec256 *p1 = scrut.case_Blake2B_256_s;
     #if HACL_CAN_COMPILE_VEC256
-    uint32_t n = len / (uint32_t)128U;
+    uint32_t n = len / 128U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_multi(n * (uint32_t)128U,
+    Hacl_Hash_Blake2b_Simd256_update_multi(n * 128U,
       wv,
       p1,
       FStar_UInt128_uint64_to_uint128(prevlen),
@@ -531,7 +529,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
       n);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -549,31 +547,31 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
   if (scrut.tag == MD5_s)
   {
     uint32_t *p1 = scrut.case_MD5_s;
-    Hacl_Hash_MD5_legacy_update_last(p1, prev_len, last, last_len);
+    Hacl_Hash_MD5_update_last(p1, prev_len, last, last_len);
     return;
   }
   if (scrut.tag == SHA1_s)
   {
     uint32_t *p1 = scrut.case_SHA1_s;
-    Hacl_Hash_SHA1_legacy_update_last(p1, prev_len, last, last_len);
+    Hacl_Hash_SHA1_update_last(p1, prev_len, last, last_len);
     return;
   }
   if (scrut.tag == SHA2_224_s)
   {
     uint32_t *p1 = scrut.case_SHA2_224_s;
-    Hacl_SHA2_Scalar32_sha224_update_last(prev_len + (uint64_t)last_len, last_len, last, p1);
+    Hacl_Hash_SHA2_sha224_update_last(prev_len + (uint64_t)last_len, last_len, last, p1);
     return;
   }
   if (scrut.tag == SHA2_256_s)
   {
     uint32_t *p1 = scrut.case_SHA2_256_s;
-    Hacl_SHA2_Scalar32_sha256_update_last(prev_len + (uint64_t)last_len, last_len, last, p1);
+    Hacl_Hash_SHA2_sha256_update_last(prev_len + (uint64_t)last_len, last_len, last, p1);
     return;
   }
   if (scrut.tag == SHA2_384_s)
   {
     uint64_t *p1 = scrut.case_SHA2_384_s;
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len),
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len),
         FStar_UInt128_uint64_to_uint128((uint64_t)last_len)),
       last_len,
       last,
@@ -583,7 +581,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
   if (scrut.tag == SHA2_512_s)
   {
     uint64_t *p1 = scrut.case_SHA2_512_s;
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len),
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len),
         FStar_UInt128_uint64_to_uint128((uint64_t)last_len)),
       last_len,
       last,
@@ -618,7 +616,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
   {
     uint32_t *p1 = scrut.case_Blake2S_s;
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
+    Hacl_Hash_Blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
     return;
   }
   if (scrut.tag == Blake2S_128_s)
@@ -626,10 +624,10 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
     Lib_IntVector_Intrinsics_vec128 *p1 = scrut.case_Blake2S_128_s;
     #if HACL_CAN_COMPILE_VEC128
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
+    Hacl_Hash_Blake2s_Simd128_update_last(last_len, wv, p1, prev_len, last_len, last);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -637,7 +635,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
   {
     uint64_t *p1 = scrut.case_Blake2B_s;
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last(last_len,
+    Hacl_Hash_Blake2b_update_last(last_len,
       wv,
       p1,
       FStar_UInt128_uint64_to_uint128(prev_len),
@@ -650,7 +648,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
     Lib_IntVector_Intrinsics_vec256 *p1 = scrut.case_Blake2B_256_s;
     #if HACL_CAN_COMPILE_VEC256
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_last(last_len,
+    Hacl_Hash_Blake2b_Simd256_update_last(last_len,
       wv,
       p1,
       FStar_UInt128_uint64_to_uint128(prev_len),
@@ -658,7 +656,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
       last);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -675,94 +673,94 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
   if (scrut.tag == MD5_s)
   {
     uint32_t *p1 = scrut.case_MD5_s;
-    Hacl_Hash_Core_MD5_legacy_finish(p1, dst);
+    Hacl_Hash_MD5_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA1_s)
   {
     uint32_t *p1 = scrut.case_SHA1_s;
-    Hacl_Hash_Core_SHA1_legacy_finish(p1, dst);
+    Hacl_Hash_SHA1_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA2_224_s)
   {
     uint32_t *p1 = scrut.case_SHA2_224_s;
-    Hacl_SHA2_Scalar32_sha224_finish(p1, dst);
+    Hacl_Hash_SHA2_sha224_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA2_256_s)
   {
     uint32_t *p1 = scrut.case_SHA2_256_s;
-    Hacl_SHA2_Scalar32_sha256_finish(p1, dst);
+    Hacl_Hash_SHA2_sha256_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA2_384_s)
   {
     uint64_t *p1 = scrut.case_SHA2_384_s;
-    Hacl_SHA2_Scalar32_sha384_finish(p1, dst);
+    Hacl_Hash_SHA2_sha384_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA2_512_s)
   {
     uint64_t *p1 = scrut.case_SHA2_512_s;
-    Hacl_SHA2_Scalar32_sha512_finish(p1, dst);
+    Hacl_Hash_SHA2_sha512_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA3_224_s)
   {
     uint64_t *p1 = scrut.case_SHA3_224_s;
-    Hacl_Impl_SHA3_squeeze(p1, (uint32_t)144U, (uint32_t)28U, dst);
+    Hacl_Hash_SHA3_squeeze0(p1, 144U, 28U, dst);
     return;
   }
   if (scrut.tag == SHA3_256_s)
   {
     uint64_t *p1 = scrut.case_SHA3_256_s;
-    Hacl_Impl_SHA3_squeeze(p1, (uint32_t)136U, (uint32_t)32U, dst);
+    Hacl_Hash_SHA3_squeeze0(p1, 136U, 32U, dst);
     return;
   }
   if (scrut.tag == SHA3_384_s)
   {
     uint64_t *p1 = scrut.case_SHA3_384_s;
-    Hacl_Impl_SHA3_squeeze(p1, (uint32_t)104U, (uint32_t)48U, dst);
+    Hacl_Hash_SHA3_squeeze0(p1, 104U, 48U, dst);
     return;
   }
   if (scrut.tag == SHA3_512_s)
   {
     uint64_t *p1 = scrut.case_SHA3_512_s;
-    Hacl_Impl_SHA3_squeeze(p1, (uint32_t)72U, (uint32_t)64U, dst);
+    Hacl_Hash_SHA3_squeeze0(p1, 72U, 64U, dst);
     return;
   }
   if (scrut.tag == Blake2S_s)
   {
     uint32_t *p1 = scrut.case_Blake2S_s;
-    Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst, p1);
+    Hacl_Hash_Blake2s_finish(32U, dst, p1);
     return;
   }
   if (scrut.tag == Blake2S_128_s)
   {
     Lib_IntVector_Intrinsics_vec128 *p1 = scrut.case_Blake2S_128_s;
     #if HACL_CAN_COMPILE_VEC128
-    Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, p1);
+    Hacl_Hash_Blake2s_Simd128_finish(32U, dst, p1);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
   if (scrut.tag == Blake2B_s)
   {
     uint64_t *p1 = scrut.case_Blake2B_s;
-    Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst, p1);
+    Hacl_Hash_Blake2b_finish(64U, dst, p1);
     return;
   }
   if (scrut.tag == Blake2B_256_s)
   {
     Lib_IntVector_Intrinsics_vec256 *p1 = scrut.case_Blake2B_256_s;
     #if HACL_CAN_COMPILE_VEC256
-    Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, p1);
+    Hacl_Hash_Blake2b_Simd256_finish(64U, dst, p1);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -873,7 +871,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint32_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)4U * sizeof (uint32_t));
+    memcpy(p_dst, p_src, 4U * sizeof (uint32_t));
     return;
   }
   if (scrut0.tag == SHA1_s)
@@ -889,7 +887,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint32_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)5U * sizeof (uint32_t));
+    memcpy(p_dst, p_src, 5U * sizeof (uint32_t));
     return;
   }
   if (scrut0.tag == SHA2_224_s)
@@ -905,7 +903,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint32_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)8U * sizeof (uint32_t));
+    memcpy(p_dst, p_src, 8U * sizeof (uint32_t));
     return;
   }
   if (scrut0.tag == SHA2_256_s)
@@ -921,7 +919,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint32_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)8U * sizeof (uint32_t));
+    memcpy(p_dst, p_src, 8U * sizeof (uint32_t));
     return;
   }
   if (scrut0.tag == SHA2_384_s)
@@ -937,7 +935,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)8U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 8U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA2_512_s)
@@ -953,7 +951,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)8U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 8U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA3_224_s)
@@ -969,7 +967,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)25U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA3_256_s)
@@ -985,7 +983,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)25U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA3_384_s)
@@ -1001,7 +999,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)25U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA3_512_s)
@@ -1017,7 +1015,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)25U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == Blake2S_s)
@@ -1027,17 +1025,17 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     if (scrut.tag == Blake2S_s)
     {
       uint32_t *p_dst = scrut.case_Blake2S_s;
-      memcpy(p_dst, p_src, (uint32_t)16U * sizeof (uint32_t));
+      memcpy(p_dst, p_src, 16U * sizeof (uint32_t));
       return;
     }
     if (scrut.tag == Blake2S_128_s)
     {
       Lib_IntVector_Intrinsics_vec128 *p_dst = scrut.case_Blake2S_128_s;
       #if HACL_CAN_COMPILE_VEC128
-      Hacl_Blake2s_128_load_state128s_from_state32(p_dst, p_src);
+      Hacl_Hash_Blake2s_Simd128_load_state128s_from_state32(p_dst, p_src);
       return;
       #else
-      KRML_HOST_IGNORE(p_dst);
+      KRML_MAYBE_UNUSED_VAR(p_dst);
       return;
       #endif
     }
@@ -1054,17 +1052,17 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     if (scrut.tag == Blake2B_s)
     {
       uint64_t *p_dst = scrut.case_Blake2B_s;
-      memcpy(p_dst, p_src, (uint32_t)16U * sizeof (uint64_t));
+      memcpy(p_dst, p_src, 16U * sizeof (uint64_t));
       return;
     }
     if (scrut.tag == Blake2B_256_s)
     {
       Lib_IntVector_Intrinsics_vec256 *p_dst = scrut.case_Blake2B_256_s;
       #if HACL_CAN_COMPILE_VEC256
-      Hacl_Blake2b_256_load_state256b_from_state32(p_dst, p_src);
+      Hacl_Hash_Blake2b_Simd256_load_state256b_from_state32(p_dst, p_src);
       return;
       #else
-      KRML_HOST_IGNORE(p_dst);
+      KRML_MAYBE_UNUSED_VAR(p_dst);
       return;
       #endif
     }
@@ -1081,17 +1079,17 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     if (scrut.tag == Blake2S_128_s)
     {
       Lib_IntVector_Intrinsics_vec128 *p_dst = scrut.case_Blake2S_128_s;
-      memcpy(p_dst, p_src, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+      memcpy(p_dst, p_src, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
       return;
     }
     if (scrut.tag == Blake2S_s)
     {
       uint32_t *p_dst = scrut.case_Blake2S_s;
       #if HACL_CAN_COMPILE_VEC128
-      Hacl_Blake2s_128_store_state128s_to_state32(p_dst, p_src);
+      Hacl_Hash_Blake2s_Simd128_store_state128s_to_state32(p_dst, p_src);
       return;
       #else
-      KRML_HOST_IGNORE(p_dst);
+      KRML_MAYBE_UNUSED_VAR(p_dst);
       return;
       #endif
     }
@@ -1108,17 +1106,17 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     if (scrut.tag == Blake2B_256_s)
     {
       Lib_IntVector_Intrinsics_vec256 *p_dst = scrut.case_Blake2B_256_s;
-      memcpy(p_dst, p_src, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+      memcpy(p_dst, p_src, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
       return;
     }
     if (scrut.tag == Blake2B_s)
     {
       uint64_t *p_dst = scrut.case_Blake2B_s;
       #if HACL_CAN_COMPILE_VEC256
-      Hacl_Blake2b_256_store_state256b_to_state32(p_dst, p_src);
+      Hacl_Hash_Blake2b_Simd256_store_state256b_to_state32(p_dst, p_src);
       return;
       #else
-      KRML_HOST_IGNORE(p_dst);
+      KRML_MAYBE_UNUSED_VAR(p_dst);
       return;
       #endif
     }
@@ -1201,59 +1199,59 @@ static uint32_t block_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)144U;
+        return 144U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)104U;
+        return 104U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)72U;
+        return 72U;
       }
     case Spec_Hash_Definitions_Shake128:
       {
-        return (uint32_t)168U;
+        return 168U;
       }
     case Spec_Hash_Definitions_Shake256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     default:
       {
@@ -1269,18 +1267,18 @@ choice of algorithm (see Hacl_Spec.h). This API will automatically pick the most
 efficient implementation, provided you have called EverCrypt_AutoConfig2_init()
 before. The state is to be freed by calling `free`.
 */
-EverCrypt_Hash_Incremental_hash_state
-*EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_hash_alg a)
+EverCrypt_Hash_Incremental_state_t
+*EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_hash_alg a)
 {
   KRML_CHECK_SIZE(sizeof (uint8_t), block_len(a));
   uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(block_len(a), sizeof (uint8_t));
   EverCrypt_Hash_state_s *block_state = create_in(a);
-  EverCrypt_Hash_Incremental_hash_state
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  EverCrypt_Hash_Incremental_hash_state
+  EverCrypt_Hash_Incremental_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  EverCrypt_Hash_Incremental_state_t
   *p =
-    (EverCrypt_Hash_Incremental_hash_state *)KRML_HOST_MALLOC(sizeof (
-        EverCrypt_Hash_Incremental_hash_state
+    (EverCrypt_Hash_Incremental_state_t *)KRML_HOST_MALLOC(sizeof (
+        EverCrypt_Hash_Incremental_state_t
       ));
   p[0U] = s;
   init(block_state);
@@ -1290,17 +1288,17 @@ EverCrypt_Hash_Incremental_hash_state
 /**
 Reset an existing state to the initial hash state with empty data.
 */
-void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s)
+void EverCrypt_Hash_Incremental_reset(EverCrypt_Hash_Incremental_state_t *state)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *s;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   uint8_t *buf = scrut.buf;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   Spec_Hash_Definitions_hash_alg i = alg_of_state(block_state);
-  KRML_HOST_IGNORE(i);
+  KRML_MAYBE_UNUSED_VAR(i);
   init(block_state);
-  EverCrypt_Hash_Incremental_hash_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  EverCrypt_Hash_Incremental_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 /**
@@ -1312,86 +1310,86 @@ algorithm. Both limits are unlikely to be attained in practice.
 */
 EverCrypt_Error_error_code
 EverCrypt_Hash_Incremental_update(
-  EverCrypt_Hash_Incremental_hash_state *s,
-  uint8_t *data,
-  uint32_t len
+  EverCrypt_Hash_Incremental_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
 )
 {
-  EverCrypt_Hash_Incremental_hash_state s1 = *s;
-  EverCrypt_Hash_state_s *block_state = s1.block_state;
-  uint64_t total_len = s1.total_len;
+  EverCrypt_Hash_Incremental_state_t s = *state;
+  EverCrypt_Hash_state_s *block_state = s.block_state;
+  uint64_t total_len = s.total_len;
   Spec_Hash_Definitions_hash_alg i1 = alg_of_state(block_state);
   uint64_t sw;
   switch (i1)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        sw = (uint64_t)2305843009213693951U;
+        sw = 2305843009213693951ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        sw = (uint64_t)2305843009213693951U;
+        sw = 2305843009213693951ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        sw = (uint64_t)2305843009213693951U;
+        sw = 2305843009213693951ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        sw = (uint64_t)2305843009213693951U;
+        sw = 2305843009213693951ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_Shake128:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_Shake256:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     default:
@@ -1401,14 +1399,14 @@ EverCrypt_Hash_Incremental_update(
       }
   }
   Hacl_Streaming_Types_error_code ite;
-  if ((uint64_t)len > sw - total_len)
+  if ((uint64_t)chunk_len > sw - total_len)
   {
     ite = Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   else
   {
     uint32_t sz;
-    if (total_len % (uint64_t)block_len(i1) == (uint64_t)0U && total_len > (uint64_t)0U)
+    if (total_len % (uint64_t)block_len(i1) == 0ULL && total_len > 0ULL)
     {
       sz = block_len(i1);
     }
@@ -1416,14 +1414,14 @@ EverCrypt_Hash_Incremental_update(
     {
       sz = (uint32_t)(total_len % (uint64_t)block_len(i1));
     }
-    if (len <= block_len(i1) - sz)
+    if (chunk_len <= block_len(i1) - sz)
     {
-      EverCrypt_Hash_Incremental_hash_state s2 = *s;
-      EverCrypt_Hash_state_s *block_state1 = s2.block_state;
-      uint8_t *buf = s2.buf;
-      uint64_t total_len1 = s2.total_len;
+      EverCrypt_Hash_Incremental_state_t s1 = *state;
+      EverCrypt_Hash_state_s *block_state1 = s1.block_state;
+      uint8_t *buf = s1.buf;
+      uint64_t total_len1 = s1.total_len;
       uint32_t sz1;
-      if (total_len1 % (uint64_t)block_len(i1) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+      if (total_len1 % (uint64_t)block_len(i1) == 0ULL && total_len1 > 0ULL)
       {
         sz1 = block_len(i1);
       }
@@ -1432,26 +1430,26 @@ EverCrypt_Hash_Incremental_update(
         sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i1));
       }
       uint8_t *buf2 = buf + sz1;
-      memcpy(buf2, data, len * sizeof (uint8_t));
-      uint64_t total_len2 = total_len1 + (uint64_t)len;
-      *s
+      memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+      uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+      *state
       =
         (
-          (EverCrypt_Hash_Incremental_hash_state){
+          (EverCrypt_Hash_Incremental_state_t){
             .block_state = block_state1,
             .buf = buf,
             .total_len = total_len2
           }
         );
     }
-    else if (sz == (uint32_t)0U)
+    else if (sz == 0U)
     {
-      EverCrypt_Hash_Incremental_hash_state s2 = *s;
-      EverCrypt_Hash_state_s *block_state1 = s2.block_state;
-      uint8_t *buf = s2.buf;
-      uint64_t total_len1 = s2.total_len;
+      EverCrypt_Hash_Incremental_state_t s1 = *state;
+      EverCrypt_Hash_state_s *block_state1 = s1.block_state;
+      uint8_t *buf = s1.buf;
+      uint64_t total_len1 = s1.total_len;
       uint32_t sz1;
-      if (total_len1 % (uint64_t)block_len(i1) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+      if (total_len1 % (uint64_t)block_len(i1) == 0ULL && total_len1 > 0ULL)
       {
         sz1 = block_len(i1);
       }
@@ -1459,49 +1457,49 @@ EverCrypt_Hash_Incremental_update(
       {
         sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i1));
       }
-      if (!(sz1 == (uint32_t)0U))
+      if (!(sz1 == 0U))
       {
         uint64_t prevlen = total_len1 - (uint64_t)sz1;
         update_multi(block_state1, prevlen, buf, block_len(i1));
       }
       uint32_t ite0;
-      if ((uint64_t)len % (uint64_t)block_len(i1) == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+      if ((uint64_t)chunk_len % (uint64_t)block_len(i1) == 0ULL && (uint64_t)chunk_len > 0ULL)
       {
         ite0 = block_len(i1);
       }
       else
       {
-        ite0 = (uint32_t)((uint64_t)len % (uint64_t)block_len(i1));
+        ite0 = (uint32_t)((uint64_t)chunk_len % (uint64_t)block_len(i1));
       }
-      uint32_t n_blocks = (len - ite0) / block_len(i1);
+      uint32_t n_blocks = (chunk_len - ite0) / block_len(i1);
       uint32_t data1_len = n_blocks * block_len(i1);
-      uint32_t data2_len = len - data1_len;
-      uint8_t *data1 = data;
-      uint8_t *data2 = data + data1_len;
+      uint32_t data2_len = chunk_len - data1_len;
+      uint8_t *data1 = chunk;
+      uint8_t *data2 = chunk + data1_len;
       update_multi(block_state1, total_len1, data1, data1_len);
       uint8_t *dst = buf;
       memcpy(dst, data2, data2_len * sizeof (uint8_t));
-      *s
+      *state
       =
         (
-          (EverCrypt_Hash_Incremental_hash_state){
+          (EverCrypt_Hash_Incremental_state_t){
             .block_state = block_state1,
             .buf = buf,
-            .total_len = total_len1 + (uint64_t)len
+            .total_len = total_len1 + (uint64_t)chunk_len
           }
         );
     }
     else
     {
       uint32_t diff = block_len(i1) - sz;
-      uint8_t *data1 = data;
-      uint8_t *data2 = data + diff;
-      EverCrypt_Hash_Incremental_hash_state s2 = *s;
-      EverCrypt_Hash_state_s *block_state10 = s2.block_state;
-      uint8_t *buf0 = s2.buf;
-      uint64_t total_len10 = s2.total_len;
+      uint8_t *chunk1 = chunk;
+      uint8_t *chunk2 = chunk + diff;
+      EverCrypt_Hash_Incremental_state_t s1 = *state;
+      EverCrypt_Hash_state_s *block_state10 = s1.block_state;
+      uint8_t *buf0 = s1.buf;
+      uint64_t total_len10 = s1.total_len;
       uint32_t sz10;
-      if (total_len10 % (uint64_t)block_len(i1) == (uint64_t)0U && total_len10 > (uint64_t)0U)
+      if (total_len10 % (uint64_t)block_len(i1) == 0ULL && total_len10 > 0ULL)
       {
         sz10 = block_len(i1);
       }
@@ -1510,23 +1508,23 @@ EverCrypt_Hash_Incremental_update(
         sz10 = (uint32_t)(total_len10 % (uint64_t)block_len(i1));
       }
       uint8_t *buf2 = buf0 + sz10;
-      memcpy(buf2, data1, diff * sizeof (uint8_t));
+      memcpy(buf2, chunk1, diff * sizeof (uint8_t));
       uint64_t total_len2 = total_len10 + (uint64_t)diff;
-      *s
+      *state
       =
         (
-          (EverCrypt_Hash_Incremental_hash_state){
+          (EverCrypt_Hash_Incremental_state_t){
             .block_state = block_state10,
             .buf = buf0,
             .total_len = total_len2
           }
         );
-      EverCrypt_Hash_Incremental_hash_state s20 = *s;
-      EverCrypt_Hash_state_s *block_state1 = s20.block_state;
-      uint8_t *buf = s20.buf;
-      uint64_t total_len1 = s20.total_len;
+      EverCrypt_Hash_Incremental_state_t s10 = *state;
+      EverCrypt_Hash_state_s *block_state1 = s10.block_state;
+      uint8_t *buf = s10.buf;
+      uint64_t total_len1 = s10.total_len;
       uint32_t sz1;
-      if (total_len1 % (uint64_t)block_len(i1) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+      if (total_len1 % (uint64_t)block_len(i1) == 0ULL && total_len1 > 0ULL)
       {
         sz1 = block_len(i1);
       }
@@ -1534,7 +1532,7 @@ EverCrypt_Hash_Incremental_update(
       {
         sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i1));
       }
-      if (!(sz1 == (uint32_t)0U))
+      if (!(sz1 == 0U))
       {
         uint64_t prevlen = total_len1 - (uint64_t)sz1;
         update_multi(block_state1, prevlen, buf, block_len(i1));
@@ -1542,33 +1540,33 @@ EverCrypt_Hash_Incremental_update(
       uint32_t ite0;
       if
       (
-        (uint64_t)(len - diff)
+        (uint64_t)(chunk_len - diff)
         % (uint64_t)block_len(i1)
-        == (uint64_t)0U
-        && (uint64_t)(len - diff) > (uint64_t)0U
+        == 0ULL
+        && (uint64_t)(chunk_len - diff) > 0ULL
       )
       {
         ite0 = block_len(i1);
       }
       else
       {
-        ite0 = (uint32_t)((uint64_t)(len - diff) % (uint64_t)block_len(i1));
+        ite0 = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)block_len(i1));
       }
-      uint32_t n_blocks = (len - diff - ite0) / block_len(i1);
+      uint32_t n_blocks = (chunk_len - diff - ite0) / block_len(i1);
       uint32_t data1_len = n_blocks * block_len(i1);
-      uint32_t data2_len = len - diff - data1_len;
-      uint8_t *data11 = data2;
-      uint8_t *data21 = data2 + data1_len;
-      update_multi(block_state1, total_len1, data11, data1_len);
+      uint32_t data2_len = chunk_len - diff - data1_len;
+      uint8_t *data1 = chunk2;
+      uint8_t *data2 = chunk2 + data1_len;
+      update_multi(block_state1, total_len1, data1, data1_len);
       uint8_t *dst = buf;
-      memcpy(dst, data21, data2_len * sizeof (uint8_t));
-      *s
+      memcpy(dst, data2, data2_len * sizeof (uint8_t));
+      *state
       =
         (
-          (EverCrypt_Hash_Incremental_hash_state){
+          (EverCrypt_Hash_Incremental_state_t){
             .block_state = block_state1,
             .buf = buf,
-            .total_len = total_len1 + (uint64_t)(len - diff)
+            .total_len = total_len1 + (uint64_t)(chunk_len - diff)
           }
         );
     }
@@ -1592,20 +1590,14 @@ EverCrypt_Hash_Incremental_update(
   }
 }
 
-static void finish_md5(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_md5(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_MD5)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  if (total_len % (uint64_t)block_len(Spec_Hash_Definitions_MD5) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_MD5);
   }
@@ -1620,7 +1612,7 @@ static void finish_md5(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_MD5) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_MD5) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_MD5);
   }
@@ -1630,26 +1622,20 @@ static void finish_md5(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha1(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha1(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA1)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  if (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA1) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA1);
   }
@@ -1664,7 +1650,7 @@ static void finish_sha1(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA1) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA1) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA1);
   }
@@ -1674,26 +1660,21 @@ static void finish_sha1(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha224(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_224)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_224) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA2_224);
   }
@@ -1708,7 +1689,7 @@ static void finish_sha224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA2_224) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA2_224) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA2_224);
   }
@@ -1718,26 +1699,21 @@ static void finish_sha224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha256(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_256)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_256) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA2_256);
   }
@@ -1752,7 +1728,7 @@ static void finish_sha256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA2_256) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA2_256) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA2_256);
   }
@@ -1762,26 +1738,21 @@ static void finish_sha256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha3_224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha3_224(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_224)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_224) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA3_224);
   }
@@ -1796,7 +1767,7 @@ static void finish_sha3_224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA3_224) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA3_224) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA3_224);
   }
@@ -1806,26 +1777,21 @@ static void finish_sha3_224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha3_256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha3_256(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_256)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_256) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA3_256);
   }
@@ -1840,7 +1806,7 @@ static void finish_sha3_256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA3_256) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA3_256) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA3_256);
   }
@@ -1850,26 +1816,21 @@ static void finish_sha3_256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha3_384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha3_384(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_384)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_384) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA3_384);
   }
@@ -1884,7 +1845,7 @@ static void finish_sha3_384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA3_384) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA3_384) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA3_384);
   }
@@ -1894,26 +1855,21 @@ static void finish_sha3_384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha3_512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha3_512(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_512)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_512) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA3_512);
   }
@@ -1928,7 +1884,7 @@ static void finish_sha3_512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA3_512) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA3_512) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA3_512);
   }
@@ -1938,26 +1894,21 @@ static void finish_sha3_512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha384(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_384)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_384) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA2_384);
   }
@@ -1972,7 +1923,7 @@ static void finish_sha384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA2_384) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA2_384) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA2_384);
   }
@@ -1982,26 +1933,21 @@ static void finish_sha384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha512(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_512)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_512) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA2_512);
   }
@@ -2016,7 +1962,7 @@ static void finish_sha512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA2_512) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA2_512) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA2_512);
   }
@@ -2026,26 +1972,20 @@ static void finish_sha512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_blake2s(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_Blake2S)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  if (total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2S) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_Blake2S);
   }
@@ -2075,7 +2015,7 @@ static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_Blake2S) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_Blake2S) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_Blake2S);
   }
@@ -2085,26 +2025,20 @@ static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_blake2b(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_Blake2B)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  if (total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2B) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_Blake2B);
   }
@@ -2134,7 +2068,7 @@ static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_Blake2B) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_Blake2B) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_Blake2B);
   }
@@ -2144,93 +2078,94 @@ static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
 /**
 Perform a run-time test to determine which algorithm was chosen for the given piece of state.
 */
 Spec_Hash_Definitions_hash_alg
-EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s)
+EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_state_t *s)
 {
   EverCrypt_Hash_state_s *block_state = (*s).block_state;
   return alg_of_state(block_state);
 }
 
 /**
-Write the resulting hash into `dst`, an array whose length is
+Write the resulting hash into `output`, an array whose length is
 algorithm-specific. You can use the macros defined earlier in this file to
 allocate a destination buffer of the right length. The state remains valid after
-a call to `finish`, meaning the user may feed more data into the hash via
+a call to `digest`, meaning the user may feed more data into the hash via
 `update`. (The finish function operates on an internal copy of the state and
 therefore does not invalidate the client-held state.)
 */
-void EverCrypt_Hash_Incremental_finish(EverCrypt_Hash_Incremental_hash_state *s, uint8_t *dst)
+void
+EverCrypt_Hash_Incremental_digest(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  Spec_Hash_Definitions_hash_alg a1 = EverCrypt_Hash_Incremental_alg_of_state(s);
+  Spec_Hash_Definitions_hash_alg a1 = EverCrypt_Hash_Incremental_alg_of_state(state);
   switch (a1)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        finish_md5(s, dst);
+        digest_md5(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        finish_sha1(s, dst);
+        digest_sha1(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        finish_sha224(s, dst);
+        digest_sha224(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        finish_sha256(s, dst);
+        digest_sha256(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        finish_sha384(s, dst);
+        digest_sha384(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        finish_sha512(s, dst);
+        digest_sha512(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        finish_sha3_224(s, dst);
+        digest_sha3_224(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        finish_sha3_256(s, dst);
+        digest_sha3_256(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        finish_sha3_384(s, dst);
+        digest_sha3_384(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        finish_sha3_512(s, dst);
+        digest_sha3_512(state, output);
         break;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        finish_blake2s(s, dst);
+        digest_blake2s(state, output);
         break;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        finish_blake2b(s, dst);
+        digest_blake2b(state, output);
         break;
       }
     default:
@@ -2244,38 +2179,38 @@ void EverCrypt_Hash_Incremental_finish(EverCrypt_Hash_Incremental_hash_state *s,
 /**
 Free a state previously allocated with `create_in`.
 */
-void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_hash_state *s)
+void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_state_t *state)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *s;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   uint8_t *buf = scrut.buf;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   free_(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
-void EverCrypt_Hash_Incremental_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void EverCrypt_Hash_Incremental_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint32_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = st;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t x = Hacl_Hash_SHA2_h256[i];
     os[i] = x;);
   uint32_t *s = st;
-  uint32_t blocks_n0 = input_len / (uint32_t)64U;
+  uint32_t blocks_n0 = input_len / 64U;
   uint32_t blocks_n1;
-  if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
+  if (input_len % 64U == 0U && blocks_n0 > 0U)
   {
-    blocks_n1 = blocks_n0 - (uint32_t)1U;
+    blocks_n1 = blocks_n0 - 1U;
   }
   else
   {
     blocks_n1 = blocks_n0;
   }
-  uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
+  uint32_t blocks_len0 = blocks_n1 * 64U;
   uint8_t *blocks0 = input;
   uint32_t rest_len0 = input_len - blocks_len0;
   uint8_t *rest0 = input + blocks_len0;
@@ -2285,35 +2220,35 @@ void EverCrypt_Hash_Incremental_hash_256(uint8_t *input, uint32_t input_len, uin
   uint32_t rest_len = rest_len0;
   uint8_t *rest = rest0;
   EverCrypt_Hash_update_multi_256(s, blocks, blocks_n);
-  Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)blocks_len + (uint64_t)rest_len,
+  Hacl_Hash_SHA2_sha256_update_last((uint64_t)blocks_len + (uint64_t)rest_len,
     rest_len,
     rest,
     s);
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst);
+  Hacl_Hash_SHA2_sha256_finish(s, output);
 }
 
-static void hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst)
+static void hash_224(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint32_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = st;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h224[i];
+    uint32_t x = Hacl_Hash_SHA2_h224[i];
     os[i] = x;);
   uint32_t *s = st;
-  uint32_t blocks_n0 = input_len / (uint32_t)64U;
+  uint32_t blocks_n0 = input_len / 64U;
   uint32_t blocks_n1;
-  if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
+  if (input_len % 64U == 0U && blocks_n0 > 0U)
   {
-    blocks_n1 = blocks_n0 - (uint32_t)1U;
+    blocks_n1 = blocks_n0 - 1U;
   }
   else
   {
     blocks_n1 = blocks_n0;
   }
-  uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
+  uint32_t blocks_len0 = blocks_n1 * 64U;
   uint8_t *blocks0 = input;
   uint32_t rest_len0 = input_len - blocks_len0;
   uint8_t *rest0 = input + blocks_len0;
@@ -2323,15 +2258,15 @@ static void hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst)
   uint32_t rest_len = rest_len0;
   uint8_t *rest = rest0;
   EverCrypt_Hash_update_multi_256(s, blocks, blocks_n);
-  Hacl_SHA2_Scalar32_sha224_update_last((uint64_t)blocks_len + (uint64_t)rest_len,
+  Hacl_Hash_SHA2_sha224_update_last((uint64_t)blocks_len + (uint64_t)rest_len,
     rest_len,
     rest,
     s);
-  Hacl_SHA2_Scalar32_sha224_finish(s, dst);
+  Hacl_Hash_SHA2_sha224_finish(s, output);
 }
 
 /**
-Hash `input`, of len `len`, into `dst`, an array whose length is determined by
+Hash `input`, of len `input_len`, into `output`, an array whose length is determined by
 your choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined
 earlier in this file to allocate a destination buffer of the right length. This
 API will automatically pick the most efficient implementation, provided you have
@@ -2340,61 +2275,61 @@ called EverCrypt_AutoConfig2_init() before.
 void
 EverCrypt_Hash_Incremental_hash(
   Spec_Hash_Definitions_hash_alg a,
-  uint8_t *dst,
+  uint8_t *output,
   uint8_t *input,
-  uint32_t len
+  uint32_t input_len
 )
 {
   switch (a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        Hacl_Hash_MD5_legacy_hash(input, len, dst);
+        Hacl_Hash_MD5_hash_oneshot(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        Hacl_Hash_SHA1_legacy_hash(input, len, dst);
+        Hacl_Hash_SHA1_hash_oneshot(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        hash_224(input, len, dst);
+        hash_224(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        EverCrypt_Hash_Incremental_hash_256(input, len, dst);
+        EverCrypt_Hash_Incremental_hash_256(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        Hacl_Streaming_SHA2_hash_384(input, len, dst);
+        Hacl_Hash_SHA2_hash_384(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        Hacl_Streaming_SHA2_hash_512(input, len, dst);
+        Hacl_Hash_SHA2_hash_512(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        Hacl_SHA3_sha3_224(len, input, dst);
+        Hacl_Hash_SHA3_sha3_224(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        Hacl_SHA3_sha3_256(len, input, dst);
+        Hacl_Hash_SHA3_sha3_256(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        Hacl_SHA3_sha3_384(len, input, dst);
+        Hacl_Hash_SHA3_sha3_384(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        Hacl_SHA3_sha3_512(len, input, dst);
+        Hacl_Hash_SHA3_sha3_512(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_Blake2S:
@@ -2403,12 +2338,12 @@ EverCrypt_Hash_Incremental_hash(
         bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
-          Hacl_Blake2s_128_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+          Hacl_Hash_Blake2s_Simd128_hash_with_key(output, 32U, input, input_len, NULL, 0U);
           return;
         }
-        Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        Hacl_Hash_Blake2s_hash_with_key(output, 32U, input, input_len, NULL, 0U);
         #else
-        Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        Hacl_Hash_Blake2s_hash_with_key(output, 32U, input, input_len, NULL, 0U);
         #endif
         break;
       }
@@ -2418,12 +2353,12 @@ EverCrypt_Hash_Incremental_hash(
         bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
-          Hacl_Blake2b_256_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+          Hacl_Hash_Blake2b_Simd256_hash_with_key(output, 64U, input, input_len, NULL, 0U);
           return;
         }
-        Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        Hacl_Hash_Blake2b_hash_with_key(output, 64U, input, input_len, NULL, 0U);
         #else
-        Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        Hacl_Hash_Blake2b_hash_with_key(output, 64U, input, input_len, NULL, 0U);
         #endif
         break;
       }
diff --git a/src/EverCrypt_Poly1305.c b/src/EverCrypt_Poly1305.c
index 454c0fce..33ee20f3 100644
--- a/src/EverCrypt_Poly1305.c
+++ b/src/EverCrypt_Poly1305.c
@@ -31,60 +31,60 @@
 KRML_MAYBE_UNUSED static void
 poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key)
 {
-  KRML_HOST_IGNORE(dst);
-  KRML_HOST_IGNORE(src);
-  KRML_HOST_IGNORE(len);
-  KRML_HOST_IGNORE(key);
+  KRML_MAYBE_UNUSED_VAR(dst);
+  KRML_MAYBE_UNUSED_VAR(src);
+  KRML_MAYBE_UNUSED_VAR(len);
+  KRML_MAYBE_UNUSED_VAR(key);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ctx[192U] = { 0U };
-  memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
-  uint32_t n_blocks = len / (uint32_t)16U;
-  uint32_t n_extra = len % (uint32_t)16U;
+  memcpy(ctx + 24U, key, 32U * sizeof (uint8_t));
+  uint32_t n_blocks = len / 16U;
+  uint32_t n_extra = len % 16U;
   uint8_t tmp[16U] = { 0U };
-  if (n_extra == (uint32_t)0U)
+  if (n_extra == 0U)
   {
-    KRML_HOST_IGNORE(x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U));
+    x64_poly1305(ctx, src, (uint64_t)len, 1ULL);
   }
   else
   {
-    uint32_t len16 = n_blocks * (uint32_t)16U;
+    uint32_t len16 = n_blocks * 16U;
     uint8_t *src16 = src;
     memcpy(tmp, src + len16, n_extra * sizeof (uint8_t));
-    KRML_HOST_IGNORE(x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U));
-    memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U));
+    x64_poly1305(ctx, src16, (uint64_t)len16, 0ULL);
+    memcpy(ctx + 24U, key, 32U * sizeof (uint8_t));
+    x64_poly1305(ctx, tmp, (uint64_t)n_extra, 1ULL);
   }
-  memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t));
+  memcpy(dst, ctx, 16U * sizeof (uint8_t));
   #endif
 }
 
-void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key)
+void EverCrypt_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key)
 {
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
-    KRML_HOST_IGNORE(vec128);
-    Hacl_Poly1305_256_poly1305_mac(dst, len, src, key);
+    KRML_MAYBE_UNUSED_VAR(vec128);
+    Hacl_MAC_Poly1305_Simd256_mac(output, input, input_len, key);
     return;
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
-    KRML_HOST_IGNORE(vec256);
-    Hacl_Poly1305_128_poly1305_mac(dst, len, src, key);
+    KRML_MAYBE_UNUSED_VAR(vec256);
+    Hacl_MAC_Poly1305_Simd128_mac(output, input, input_len, key);
     return;
   }
   #endif
-  KRML_HOST_IGNORE(vec256);
-  KRML_HOST_IGNORE(vec128);
+  KRML_MAYBE_UNUSED_VAR(vec256);
+  KRML_MAYBE_UNUSED_VAR(vec128);
   #if HACL_CAN_COMPILE_VALE
-  poly1305_vale(dst, src, len, key);
+  poly1305_vale(output, input, input_len, key);
   #else
   KRML_HOST_IGNORE(poly1305_vale);
-  Hacl_Poly1305_32_poly1305_mac(dst, len, src, key);
+  Hacl_MAC_Poly1305_mac(output, input, input_len, key);
   #endif
 }
 
diff --git a/src/Hacl_Chacha20Poly1305_32.c b/src/Hacl_AEAD_Chacha20Poly1305.c
similarity index 65%
rename from src/Hacl_Chacha20Poly1305_32.c
rename to src/Hacl_AEAD_Chacha20Poly1305.c
index 179af485..d5926093 100644
--- a/src/Hacl_Chacha20Poly1305_32.c
+++ b/src/Hacl_AEAD_Chacha20Poly1305.c
@@ -23,35 +23,36 @@
  */
 
 
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
+#include "internal/Hacl_MAC_Poly1305.h"
 #include "internal/Hacl_Krmllib.h"
 
 static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text)
 {
-  uint32_t n = len / (uint32_t)16U;
-  uint32_t r = len % (uint32_t)16U;
+  uint32_t n = len / 16U;
+  uint32_t r = len % 16U;
   uint8_t *blocks = text;
-  uint8_t *rem = text + n * (uint32_t)16U;
-  uint64_t *pre0 = ctx + (uint32_t)5U;
+  uint8_t *rem = text + n * 16U;
+  uint64_t *pre0 = ctx + 5U;
   uint64_t *acc0 = ctx;
-  uint32_t nb = n * (uint32_t)16U / (uint32_t)16U;
-  uint32_t rem1 = n * (uint32_t)16U % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = n * 16U / 16U;
+  uint32_t rem1 = n * 16U % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = blocks + i * (uint32_t)16U;
+    uint8_t *block = blocks + i * 16U;
     uint64_t e[5U] = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     uint64_t f0 = lo;
     uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
     uint64_t f01 = f010;
     uint64_t f111 = f110;
     uint64_t f2 = f20;
@@ -62,12 +63,12 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     uint64_t mask = b;
     uint64_t f4 = e[4U];
     e[4U] = f4 | mask;
     uint64_t *r1 = pre0;
-    uint64_t *r5 = pre0 + (uint32_t)5U;
+    uint64_t *r5 = pre0 + 5U;
     uint64_t r0 = r1[0U];
     uint64_t r11 = r1[1U];
     uint64_t r2 = r1[2U];
@@ -122,28 +123,28 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     uint64_t t2 = a26;
     uint64_t t3 = a36;
     uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
     uint64_t x0 = t0 & mask26;
     uint64_t x3 = t3 & mask26;
     uint64_t x1 = t1 + z0;
     uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
     uint64_t z12 = z11 + t;
     uint64_t x11 = x1 & mask26;
     uint64_t x41 = x4 & mask26;
     uint64_t x2 = t2 + z01;
     uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
     uint64_t x21 = x2 & mask26;
     uint64_t x02 = x01 & mask26;
     uint64_t x31 = x3 + z02;
     uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
+    uint64_t z03 = x31 >> 26U;
     uint64_t x32 = x31 & mask26;
     uint64_t x42 = x41 + z03;
     uint64_t o0 = x02;
@@ -157,23 +158,23 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     acc0[3U] = o3;
     acc0[4U] = o4;
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *last = blocks + nb * (uint32_t)16U;
+    uint8_t *last = blocks + nb * 16U;
     uint64_t e[5U] = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem1 * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     uint64_t f0 = lo;
     uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
     uint64_t f01 = f010;
     uint64_t f111 = f110;
     uint64_t f2 = f20;
@@ -184,12 +185,12 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem1 * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem1 * 8U % 26U;
     uint64_t mask = b;
-    uint64_t fi = e[rem1 * (uint32_t)8U / (uint32_t)26U];
-    e[rem1 * (uint32_t)8U / (uint32_t)26U] = fi | mask;
+    uint64_t fi = e[rem1 * 8U / 26U];
+    e[rem1 * 8U / 26U] = fi | mask;
     uint64_t *r1 = pre0;
-    uint64_t *r5 = pre0 + (uint32_t)5U;
+    uint64_t *r5 = pre0 + 5U;
     uint64_t r0 = r1[0U];
     uint64_t r11 = r1[1U];
     uint64_t r2 = r1[2U];
@@ -244,28 +245,28 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     uint64_t t2 = a26;
     uint64_t t3 = a36;
     uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
     uint64_t x0 = t0 & mask26;
     uint64_t x3 = t3 & mask26;
     uint64_t x1 = t1 + z0;
     uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
     uint64_t z12 = z11 + t;
     uint64_t x11 = x1 & mask26;
     uint64_t x41 = x4 & mask26;
     uint64_t x2 = t2 + z01;
     uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
     uint64_t x21 = x2 & mask26;
     uint64_t x02 = x01 & mask26;
     uint64_t x31 = x3 + z02;
     uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
+    uint64_t z03 = x31 >> 26U;
     uint64_t x32 = x31 & mask26;
     uint64_t x42 = x41 + z03;
     uint64_t o0 = x02;
@@ -281,22 +282,22 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
   }
   uint8_t tmp[16U] = { 0U };
   memcpy(tmp, rem, r * sizeof (uint8_t));
-  if (r > (uint32_t)0U)
+  if (r > 0U)
   {
-    uint64_t *pre = ctx + (uint32_t)5U;
+    uint64_t *pre = ctx + 5U;
     uint64_t *acc = ctx;
     uint64_t e[5U] = { 0U };
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     uint64_t f0 = lo;
     uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
     uint64_t f01 = f010;
     uint64_t f111 = f110;
     uint64_t f2 = f20;
@@ -307,12 +308,12 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     uint64_t mask = b;
     uint64_t f4 = e[4U];
     e[4U] = f4 | mask;
     uint64_t *r1 = pre;
-    uint64_t *r5 = pre + (uint32_t)5U;
+    uint64_t *r5 = pre + 5U;
     uint64_t r0 = r1[0U];
     uint64_t r11 = r1[1U];
     uint64_t r2 = r1[2U];
@@ -367,28 +368,28 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     uint64_t t2 = a26;
     uint64_t t3 = a36;
     uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
     uint64_t x0 = t0 & mask26;
     uint64_t x3 = t3 & mask26;
     uint64_t x1 = t1 + z0;
     uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
     uint64_t z12 = z11 + t;
     uint64_t x11 = x1 & mask26;
     uint64_t x41 = x4 & mask26;
     uint64_t x2 = t2 + z01;
     uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
     uint64_t x21 = x2 & mask26;
     uint64_t x02 = x01 & mask26;
     uint64_t x31 = x3 + z02;
     uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
+    uint64_t z03 = x31 >> 26U;
     uint64_t x32 = x31 & mask26;
     uint64_t x42 = x41 + z03;
     uint64_t o0 = x02;
@@ -417,31 +418,31 @@ poly1305_do_32(
 {
   uint64_t ctx[25U] = { 0U };
   uint8_t block[16U] = { 0U };
-  Hacl_Poly1305_32_poly1305_init(ctx, k);
-  if (aadlen != (uint32_t)0U)
+  Hacl_MAC_Poly1305_poly1305_init(ctx, k);
+  if (aadlen != 0U)
   {
     poly1305_padded_32(ctx, aadlen, aad);
   }
-  if (mlen != (uint32_t)0U)
+  if (mlen != 0U)
   {
     poly1305_padded_32(ctx, mlen, m);
   }
   store64_le(block, (uint64_t)aadlen);
-  store64_le(block + (uint32_t)8U, (uint64_t)mlen);
-  uint64_t *pre = ctx + (uint32_t)5U;
+  store64_le(block + 8U, (uint64_t)mlen);
+  uint64_t *pre = ctx + 5U;
   uint64_t *acc = ctx;
   uint64_t e[5U] = { 0U };
   uint64_t u0 = load64_le(block);
   uint64_t lo = u0;
-  uint64_t u = load64_le(block + (uint32_t)8U);
+  uint64_t u = load64_le(block + 8U);
   uint64_t hi = u;
   uint64_t f0 = lo;
   uint64_t f1 = hi;
-  uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-  uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-  uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-  uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-  uint64_t f40 = f1 >> (uint32_t)40U;
+  uint64_t f010 = f0 & 0x3ffffffULL;
+  uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+  uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+  uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+  uint64_t f40 = f1 >> 40U;
   uint64_t f01 = f010;
   uint64_t f111 = f110;
   uint64_t f2 = f20;
@@ -452,12 +453,12 @@ poly1305_do_32(
   e[2U] = f2;
   e[3U] = f3;
   e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
+  uint64_t b = 0x1000000ULL;
   uint64_t mask = b;
   uint64_t f4 = e[4U];
   e[4U] = f4 | mask;
   uint64_t *r = pre;
-  uint64_t *r5 = pre + (uint32_t)5U;
+  uint64_t *r5 = pre + 5U;
   uint64_t r0 = r[0U];
   uint64_t r1 = r[1U];
   uint64_t r2 = r[2U];
@@ -512,28 +513,28 @@ poly1305_do_32(
   uint64_t t2 = a26;
   uint64_t t3 = a36;
   uint64_t t4 = a46;
-  uint64_t mask26 = (uint64_t)0x3ffffffU;
-  uint64_t z0 = t0 >> (uint32_t)26U;
-  uint64_t z1 = t3 >> (uint32_t)26U;
+  uint64_t mask26 = 0x3ffffffULL;
+  uint64_t z0 = t0 >> 26U;
+  uint64_t z1 = t3 >> 26U;
   uint64_t x0 = t0 & mask26;
   uint64_t x3 = t3 & mask26;
   uint64_t x1 = t1 + z0;
   uint64_t x4 = t4 + z1;
-  uint64_t z01 = x1 >> (uint32_t)26U;
-  uint64_t z11 = x4 >> (uint32_t)26U;
-  uint64_t t = z11 << (uint32_t)2U;
+  uint64_t z01 = x1 >> 26U;
+  uint64_t z11 = x4 >> 26U;
+  uint64_t t = z11 << 2U;
   uint64_t z12 = z11 + t;
   uint64_t x11 = x1 & mask26;
   uint64_t x41 = x4 & mask26;
   uint64_t x2 = t2 + z01;
   uint64_t x01 = x0 + z12;
-  uint64_t z02 = x2 >> (uint32_t)26U;
-  uint64_t z13 = x01 >> (uint32_t)26U;
+  uint64_t z02 = x2 >> 26U;
+  uint64_t z13 = x01 >> 26U;
   uint64_t x21 = x2 & mask26;
   uint64_t x02 = x01 & mask26;
   uint64_t x31 = x3 + z02;
   uint64_t x12 = x11 + z13;
-  uint64_t z03 = x31 >> (uint32_t)26U;
+  uint64_t z03 = x31 >> 26U;
   uint64_t x32 = x31 & mask26;
   uint64_t x42 = x41 + z03;
   uint64_t o0 = x02;
@@ -546,95 +547,93 @@ poly1305_do_32(
   acc[2U] = o2;
   acc[3U] = o3;
   acc[4U] = o4;
-  Hacl_Poly1305_32_poly1305_finish(out, k, ctx);
+  Hacl_MAC_Poly1305_poly1305_finish(out, k, ctx);
 }
 
 /**
-Encrypt a message `m` with key `k`.
+Encrypt a message `input` with key `key`.
 
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
 */
 void
-Hacl_Chacha20Poly1305_32_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
 )
 {
-  Hacl_Chacha20_chacha20_encrypt(mlen, cipher, m, k, n, (uint32_t)1U);
+  Hacl_Chacha20_chacha20_encrypt(input_len, output, input, key, nonce, 1U);
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_chacha20_encrypt((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_32(key, aadlen, aad, mlen, cipher, mac);
+  Hacl_Chacha20_chacha20_encrypt(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_32(key1, data_len, data, input_len, output, tag);
 }
 
 /**
-Decrypt a ciphertext `cipher` with key `k`.
+Decrypt a ciphertext `input` with key `key`.
 
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `output` and `input` can point to the same memory.
 
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
 
 @returns 0 on succeess; 1 on failure.
 */
 uint32_t
-Hacl_Chacha20Poly1305_32_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
 )
 {
-  uint8_t computed_mac[16U] = { 0U };
+  uint8_t computed_tag[16U] = { 0U };
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_chacha20_encrypt((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_32(key, aadlen, aad, mlen, cipher, computed_mac);
-  uint8_t res = (uint8_t)255U;
+  Hacl_Chacha20_chacha20_encrypt(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_32(key1, data_len, data, input_len, input, computed_tag);
+  uint8_t res = 255U;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_mac[i], mac[i]);
-    res = uu____0 & res;);
+    0U,
+    16U,
+    1U,
+    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_tag[i], tag[i]);
+    res = (uint32_t)uu____0 & (uint32_t)res;);
   uint8_t z = res;
-  if (z == (uint8_t)255U)
+  if (z == 255U)
   {
-    Hacl_Chacha20_chacha20_encrypt(mlen, m, cipher, k, n, (uint32_t)1U);
-    return (uint32_t)0U;
+    Hacl_Chacha20_chacha20_encrypt(input_len, output, input, key, nonce, 1U);
+    return 0U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_Chacha20Poly1305_128.c b/src/Hacl_AEAD_Chacha20Poly1305_Simd128.c
similarity index 77%
rename from src/Hacl_Chacha20Poly1305_128.c
rename to src/Hacl_AEAD_Chacha20Poly1305_Simd128.c
index 4cf2eae9..0cfa41fd 100644
--- a/src/Hacl_Chacha20Poly1305_128.c
+++ b/src/Hacl_AEAD_Chacha20Poly1305_Simd128.c
@@ -23,65 +23,60 @@
  */
 
 
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
-#include "internal/Hacl_Poly1305_128.h"
+#include "internal/Hacl_MAC_Poly1305_Simd128.h"
 #include "internal/Hacl_Krmllib.h"
 #include "libintvector.h"
 
 static inline void
 poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t *text)
 {
-  uint32_t n = len / (uint32_t)16U;
-  uint32_t r = len % (uint32_t)16U;
+  uint32_t n = len / 16U;
+  uint32_t r = len % 16U;
   uint8_t *blocks = text;
-  uint8_t *rem = text + n * (uint32_t)16U;
-  Lib_IntVector_Intrinsics_vec128 *pre0 = ctx + (uint32_t)5U;
+  uint8_t *rem = text + n * 16U;
+  Lib_IntVector_Intrinsics_vec128 *pre0 = ctx + 5U;
   Lib_IntVector_Intrinsics_vec128 *acc0 = ctx;
-  uint32_t sz_block = (uint32_t)32U;
-  uint32_t len0 = n * (uint32_t)16U / sz_block * sz_block;
+  uint32_t sz_block = 32U;
+  uint32_t len0 = n * 16U / sz_block * sz_block;
   uint8_t *t00 = blocks;
-  if (len0 > (uint32_t)0U)
+  if (len0 > 0U)
   {
-    uint32_t bs = (uint32_t)32U;
+    uint32_t bs = 32U;
     uint8_t *text0 = t00;
-    Hacl_Impl_Poly1305_Field32xN_128_load_acc2(acc0, text0);
+    Hacl_MAC_Poly1305_Simd128_load_acc2(acc0, text0);
     uint32_t len1 = len0 - bs;
     uint8_t *text1 = t00 + bs;
     uint32_t nb = len1 / bs;
-    for (uint32_t i = (uint32_t)0U; i < nb; i++)
+    for (uint32_t i = 0U; i < nb; i++)
     {
       uint8_t *block = text1 + i * bs;
       KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
       Lib_IntVector_Intrinsics_vec128 b1 = Lib_IntVector_Intrinsics_vec128_load64_le(block);
-      Lib_IntVector_Intrinsics_vec128
-      b2 = Lib_IntVector_Intrinsics_vec128_load64_le(block + (uint32_t)16U);
+      Lib_IntVector_Intrinsics_vec128 b2 = Lib_IntVector_Intrinsics_vec128_load64_le(block + 16U);
       Lib_IntVector_Intrinsics_vec128 lo = Lib_IntVector_Intrinsics_vec128_interleave_low64(b1, b2);
       Lib_IntVector_Intrinsics_vec128
       hi = Lib_IntVector_Intrinsics_vec128_interleave_high64(b1, b2);
       Lib_IntVector_Intrinsics_vec128
       f00 =
         Lib_IntVector_Intrinsics_vec128_and(lo,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
       Lib_IntVector_Intrinsics_vec128
       f15 =
-        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-            (uint32_t)26U),
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 26U),
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
       Lib_IntVector_Intrinsics_vec128
       f25 =
-        Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-            (uint32_t)52U),
+        Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 52U),
           Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(hi,
-              Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-            (uint32_t)12U));
+              Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+            12U));
       Lib_IntVector_Intrinsics_vec128
       f30 =
-        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi,
-            (uint32_t)14U),
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-      Lib_IntVector_Intrinsics_vec128
-      f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, (uint32_t)40U);
+        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 14U),
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+      Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 40U);
       Lib_IntVector_Intrinsics_vec128 f0 = f00;
       Lib_IntVector_Intrinsics_vec128 f1 = f15;
       Lib_IntVector_Intrinsics_vec128 f2 = f25;
@@ -92,12 +87,12 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
       e[2U] = f2;
       e[3U] = f3;
       e[4U] = f41;
-      uint64_t b = (uint64_t)0x1000000U;
+      uint64_t b = 0x1000000ULL;
       Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
       Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
       e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
-      Lib_IntVector_Intrinsics_vec128 *rn = pre0 + (uint32_t)10U;
-      Lib_IntVector_Intrinsics_vec128 *rn5 = pre0 + (uint32_t)15U;
+      Lib_IntVector_Intrinsics_vec128 *rn = pre0 + 10U;
+      Lib_IntVector_Intrinsics_vec128 *rn5 = pre0 + 15U;
       Lib_IntVector_Intrinsics_vec128 r0 = rn[0U];
       Lib_IntVector_Intrinsics_vec128 r1 = rn[1U];
       Lib_IntVector_Intrinsics_vec128 r2 = rn[2U];
@@ -202,37 +197,28 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
       Lib_IntVector_Intrinsics_vec128 t2 = a24;
       Lib_IntVector_Intrinsics_vec128 t3 = a34;
       Lib_IntVector_Intrinsics_vec128 t4 = a44;
-      Lib_IntVector_Intrinsics_vec128
-      mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-      Lib_IntVector_Intrinsics_vec128
-      z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+      Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+      Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
       Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
       Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
       Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
       Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-      Lib_IntVector_Intrinsics_vec128
-      z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+      Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+      Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+      Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
       Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
       Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
       Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
       Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
       Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-      Lib_IntVector_Intrinsics_vec128
-      z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+      Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
       Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
       Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
       Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
       Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-      Lib_IntVector_Intrinsics_vec128
-      z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
       Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
       Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
       Lib_IntVector_Intrinsics_vec128 o00 = x02;
@@ -266,45 +252,41 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
       acc0[3U] = o3;
       acc0[4U] = o4;
     }
-    Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(acc0, pre0);
+    Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize(acc0, pre0);
   }
-  uint32_t len1 = n * (uint32_t)16U - len0;
+  uint32_t len1 = n * 16U - len0;
   uint8_t *t10 = blocks + len0;
-  uint32_t nb = len1 / (uint32_t)16U;
-  uint32_t rem1 = len1 % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = len1 / 16U;
+  uint32_t rem1 = len1 % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = t10 + i * (uint32_t)16U;
+    uint8_t *block = t10 + i * 16U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -315,12 +297,12 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
     Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
     Lib_IntVector_Intrinsics_vec128 *r1 = pre0;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre0 + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre0 + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec128 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r1[2U];
@@ -435,37 +417,28 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -479,41 +452,37 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     acc0[3U] = o3;
     acc0[4U] = o4;
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *last = t10 + nb * (uint32_t)16U;
+    uint8_t *last = t10 + nb * 16U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem1 * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -524,12 +493,12 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem1 * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem1 * 8U % 26U;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
-    Lib_IntVector_Intrinsics_vec128 fi = e[rem1 * (uint32_t)8U / (uint32_t)26U];
-    e[rem1 * (uint32_t)8U / (uint32_t)26U] = Lib_IntVector_Intrinsics_vec128_or(fi, mask);
+    Lib_IntVector_Intrinsics_vec128 fi = e[rem1 * 8U / 26U];
+    e[rem1 * 8U / 26U] = Lib_IntVector_Intrinsics_vec128_or(fi, mask);
     Lib_IntVector_Intrinsics_vec128 *r1 = pre0;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre0 + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre0 + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec128 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r1[2U];
@@ -644,37 +613,28 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -690,40 +650,36 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
   }
   uint8_t tmp[16U] = { 0U };
   memcpy(tmp, rem, r * sizeof (uint8_t));
-  if (r > (uint32_t)0U)
+  if (r > 0U)
   {
-    Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *pre = ctx + 5U;
     Lib_IntVector_Intrinsics_vec128 *acc = ctx;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -734,12 +690,12 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
     Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
     Lib_IntVector_Intrinsics_vec128 *r1 = pre;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec128 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r1[2U];
@@ -854,37 +810,28 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -913,49 +860,45 @@ poly1305_do_128(
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ctx[25U] KRML_POST_ALIGN(16) = { 0U };
   uint8_t block[16U] = { 0U };
-  Hacl_Poly1305_128_poly1305_init(ctx, k);
-  if (aadlen != (uint32_t)0U)
+  Hacl_MAC_Poly1305_Simd128_poly1305_init(ctx, k);
+  if (aadlen != 0U)
   {
     poly1305_padded_128(ctx, aadlen, aad);
   }
-  if (mlen != (uint32_t)0U)
+  if (mlen != 0U)
   {
     poly1305_padded_128(ctx, mlen, m);
   }
   store64_le(block, (uint64_t)aadlen);
-  store64_le(block + (uint32_t)8U, (uint64_t)mlen);
-  Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
+  store64_le(block + 8U, (uint64_t)mlen);
+  Lib_IntVector_Intrinsics_vec128 *pre = ctx + 5U;
   Lib_IntVector_Intrinsics_vec128 *acc = ctx;
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
   uint64_t u0 = load64_le(block);
   uint64_t lo = u0;
-  uint64_t u = load64_le(block + (uint32_t)8U);
+  uint64_t u = load64_le(block + 8U);
   uint64_t hi = u;
   Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
   Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
   Lib_IntVector_Intrinsics_vec128
   f010 =
     Lib_IntVector_Intrinsics_vec128_and(f0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f110 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f20 =
-    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
       Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec128
   f30 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
   Lib_IntVector_Intrinsics_vec128 f01 = f010;
   Lib_IntVector_Intrinsics_vec128 f111 = f110;
   Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -966,12 +909,12 @@ poly1305_do_128(
   e[2U] = f2;
   e[3U] = f3;
   e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
+  uint64_t b = 0x1000000ULL;
   Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
   Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
   e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
   Lib_IntVector_Intrinsics_vec128 *r = pre;
-  Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
   Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
   Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
   Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
@@ -1086,37 +1029,28 @@ poly1305_do_128(
   Lib_IntVector_Intrinsics_vec128 t2 = a26;
   Lib_IntVector_Intrinsics_vec128 t3 = a36;
   Lib_IntVector_Intrinsics_vec128 t4 = a46;
-  Lib_IntVector_Intrinsics_vec128
-  mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec128
-  z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
   Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec128
-  z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec128
-  z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -1129,95 +1063,93 @@ poly1305_do_128(
   acc[2U] = o2;
   acc[3U] = o3;
   acc[4U] = o4;
-  Hacl_Poly1305_128_poly1305_finish(out, k, ctx);
+  Hacl_MAC_Poly1305_Simd128_poly1305_finish(out, k, ctx);
 }
 
 /**
-Encrypt a message `m` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+Encrypt a message `input` with key `key`.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
 */
 void
-Hacl_Chacha20Poly1305_128_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
 )
 {
-  Hacl_Chacha20_Vec128_chacha20_encrypt_128(mlen, cipher, m, k, n, (uint32_t)1U);
+  Hacl_Chacha20_Vec128_chacha20_encrypt_128(input_len, output, input, key, nonce, 1U);
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_Vec128_chacha20_encrypt_128((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_128(key, aadlen, aad, mlen, cipher, mac);
+  Hacl_Chacha20_Vec128_chacha20_encrypt_128(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_128(key1, data_len, data, input_len, output, tag);
 }
 
 /**
-Decrypt a ciphertext `cipher` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+Decrypt a ciphertext `input` with key `key`.
 
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
 
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
 
 @returns 0 on succeess; 1 on failure.
 */
 uint32_t
-Hacl_Chacha20Poly1305_128_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
 )
 {
-  uint8_t computed_mac[16U] = { 0U };
+  uint8_t computed_tag[16U] = { 0U };
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_Vec128_chacha20_encrypt_128((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_128(key, aadlen, aad, mlen, cipher, computed_mac);
-  uint8_t res = (uint8_t)255U;
+  Hacl_Chacha20_Vec128_chacha20_encrypt_128(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_128(key1, data_len, data, input_len, input, computed_tag);
+  uint8_t res = 255U;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_mac[i], mac[i]);
-    res = uu____0 & res;);
+    0U,
+    16U,
+    1U,
+    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_tag[i], tag[i]);
+    res = (uint32_t)uu____0 & (uint32_t)res;);
   uint8_t z = res;
-  if (z == (uint8_t)255U)
+  if (z == 255U)
   {
-    Hacl_Chacha20_Vec128_chacha20_encrypt_128(mlen, m, cipher, k, n, (uint32_t)1U);
-    return (uint32_t)0U;
+    Hacl_Chacha20_Vec128_chacha20_encrypt_128(input_len, output, input, key, nonce, 1U);
+    return 0U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_Chacha20Poly1305_256.c b/src/Hacl_AEAD_Chacha20Poly1305_Simd256.c
similarity index 77%
rename from src/msvc/Hacl_Chacha20Poly1305_256.c
rename to src/Hacl_AEAD_Chacha20Poly1305_Simd256.c
index c3dfec03..28414516 100644
--- a/src/msvc/Hacl_Chacha20Poly1305_256.c
+++ b/src/Hacl_AEAD_Chacha20Poly1305_Simd256.c
@@ -23,67 +23,61 @@
  */
 
 
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
-#include "internal/Hacl_Poly1305_256.h"
+#include "internal/Hacl_MAC_Poly1305_Simd256.h"
 #include "internal/Hacl_Krmllib.h"
 #include "libintvector.h"
 
 static inline void
 poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t *text)
 {
-  uint32_t n = len / (uint32_t)16U;
-  uint32_t r = len % (uint32_t)16U;
+  uint32_t n = len / 16U;
+  uint32_t r = len % 16U;
   uint8_t *blocks = text;
-  uint8_t *rem = text + n * (uint32_t)16U;
-  Lib_IntVector_Intrinsics_vec256 *pre0 = ctx + (uint32_t)5U;
+  uint8_t *rem = text + n * 16U;
+  Lib_IntVector_Intrinsics_vec256 *pre0 = ctx + 5U;
   Lib_IntVector_Intrinsics_vec256 *acc0 = ctx;
-  uint32_t sz_block = (uint32_t)64U;
-  uint32_t len0 = n * (uint32_t)16U / sz_block * sz_block;
+  uint32_t sz_block = 64U;
+  uint32_t len0 = n * 16U / sz_block * sz_block;
   uint8_t *t00 = blocks;
-  if (len0 > (uint32_t)0U)
+  if (len0 > 0U)
   {
-    uint32_t bs = (uint32_t)64U;
+    uint32_t bs = 64U;
     uint8_t *text0 = t00;
-    Hacl_Impl_Poly1305_Field32xN_256_load_acc4(acc0, text0);
+    Hacl_MAC_Poly1305_Simd256_load_acc4(acc0, text0);
     uint32_t len1 = len0 - bs;
     uint8_t *text1 = t00 + bs;
     uint32_t nb = len1 / bs;
-    for (uint32_t i = (uint32_t)0U; i < nb; i++)
+    for (uint32_t i = 0U; i < nb; i++)
     {
       uint8_t *block = text1 + i * bs;
       KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
       Lib_IntVector_Intrinsics_vec256 lo = Lib_IntVector_Intrinsics_vec256_load64_le(block);
+      Lib_IntVector_Intrinsics_vec256 hi = Lib_IntVector_Intrinsics_vec256_load64_le(block + 32U);
       Lib_IntVector_Intrinsics_vec256
-      hi = Lib_IntVector_Intrinsics_vec256_load64_le(block + (uint32_t)32U);
-      Lib_IntVector_Intrinsics_vec256
-      mask260 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
+      mask260 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
       Lib_IntVector_Intrinsics_vec256
       m0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(lo, hi);
       Lib_IntVector_Intrinsics_vec256
       m1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(lo, hi);
-      Lib_IntVector_Intrinsics_vec256
-      m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, (uint32_t)48U);
-      Lib_IntVector_Intrinsics_vec256
-      m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, (uint32_t)48U);
+      Lib_IntVector_Intrinsics_vec256 m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, 48U);
+      Lib_IntVector_Intrinsics_vec256 m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, 48U);
       Lib_IntVector_Intrinsics_vec256
       m4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(m0, m1);
       Lib_IntVector_Intrinsics_vec256
       t010 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m0, m1);
       Lib_IntVector_Intrinsics_vec256
       t30 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m2, m3);
-      Lib_IntVector_Intrinsics_vec256
-      t20 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)4U);
+      Lib_IntVector_Intrinsics_vec256 t20 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 4U);
       Lib_IntVector_Intrinsics_vec256 o20 = Lib_IntVector_Intrinsics_vec256_and(t20, mask260);
       Lib_IntVector_Intrinsics_vec256
-      t10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t010, (uint32_t)26U);
+      t10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t010, 26U);
       Lib_IntVector_Intrinsics_vec256 o10 = Lib_IntVector_Intrinsics_vec256_and(t10, mask260);
       Lib_IntVector_Intrinsics_vec256 o5 = Lib_IntVector_Intrinsics_vec256_and(t010, mask260);
-      Lib_IntVector_Intrinsics_vec256
-      t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)30U);
+      Lib_IntVector_Intrinsics_vec256 t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 30U);
       Lib_IntVector_Intrinsics_vec256 o30 = Lib_IntVector_Intrinsics_vec256_and(t31, mask260);
-      Lib_IntVector_Intrinsics_vec256
-      o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256 o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, 40U);
       Lib_IntVector_Intrinsics_vec256 o00 = o5;
       Lib_IntVector_Intrinsics_vec256 o11 = o10;
       Lib_IntVector_Intrinsics_vec256 o21 = o20;
@@ -94,12 +88,12 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
       e[2U] = o21;
       e[3U] = o31;
       e[4U] = o41;
-      uint64_t b = (uint64_t)0x1000000U;
+      uint64_t b = 0x1000000ULL;
       Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
       Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
       e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
-      Lib_IntVector_Intrinsics_vec256 *rn = pre0 + (uint32_t)10U;
-      Lib_IntVector_Intrinsics_vec256 *rn5 = pre0 + (uint32_t)15U;
+      Lib_IntVector_Intrinsics_vec256 *rn = pre0 + 10U;
+      Lib_IntVector_Intrinsics_vec256 *rn5 = pre0 + 15U;
       Lib_IntVector_Intrinsics_vec256 r0 = rn[0U];
       Lib_IntVector_Intrinsics_vec256 r1 = rn[1U];
       Lib_IntVector_Intrinsics_vec256 r2 = rn[2U];
@@ -204,37 +198,28 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
       Lib_IntVector_Intrinsics_vec256 t2 = a24;
       Lib_IntVector_Intrinsics_vec256 t3 = a34;
       Lib_IntVector_Intrinsics_vec256 t4 = a44;
-      Lib_IntVector_Intrinsics_vec256
-      mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-      Lib_IntVector_Intrinsics_vec256
-      z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+      Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+      Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
       Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
       Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
       Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
       Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-      Lib_IntVector_Intrinsics_vec256
-      z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+      Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+      Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+      Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
       Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
       Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
       Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
       Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
       Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-      Lib_IntVector_Intrinsics_vec256
-      z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+      Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
       Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
       Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
       Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
       Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-      Lib_IntVector_Intrinsics_vec256
-      z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
       Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
       Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
       Lib_IntVector_Intrinsics_vec256 o01 = x02;
@@ -268,45 +253,41 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
       acc0[3U] = o3;
       acc0[4U] = o4;
     }
-    Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(acc0, pre0);
+    Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize(acc0, pre0);
   }
-  uint32_t len1 = n * (uint32_t)16U - len0;
+  uint32_t len1 = n * 16U - len0;
   uint8_t *t10 = blocks + len0;
-  uint32_t nb = len1 / (uint32_t)16U;
-  uint32_t rem1 = len1 % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = len1 / 16U;
+  uint32_t rem1 = len1 % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = t10 + i * (uint32_t)16U;
+    uint8_t *block = t10 + i * 16U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -317,12 +298,12 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
     Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
     Lib_IntVector_Intrinsics_vec256 *r1 = pre0;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre0 + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre0 + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec256 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r1[2U];
@@ -437,37 +418,28 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -481,41 +453,37 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     acc0[3U] = o3;
     acc0[4U] = o4;
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *last = t10 + nb * (uint32_t)16U;
+    uint8_t *last = t10 + nb * 16U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem1 * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -526,12 +494,12 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem1 * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem1 * 8U % 26U;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
-    Lib_IntVector_Intrinsics_vec256 fi = e[rem1 * (uint32_t)8U / (uint32_t)26U];
-    e[rem1 * (uint32_t)8U / (uint32_t)26U] = Lib_IntVector_Intrinsics_vec256_or(fi, mask);
+    Lib_IntVector_Intrinsics_vec256 fi = e[rem1 * 8U / 26U];
+    e[rem1 * 8U / 26U] = Lib_IntVector_Intrinsics_vec256_or(fi, mask);
     Lib_IntVector_Intrinsics_vec256 *r1 = pre0;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre0 + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre0 + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec256 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r1[2U];
@@ -646,37 +614,28 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -692,40 +651,36 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
   }
   uint8_t tmp[16U] = { 0U };
   memcpy(tmp, rem, r * sizeof (uint8_t));
-  if (r > (uint32_t)0U)
+  if (r > 0U)
   {
-    Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *pre = ctx + 5U;
     Lib_IntVector_Intrinsics_vec256 *acc = ctx;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -736,12 +691,12 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
     Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
     Lib_IntVector_Intrinsics_vec256 *r1 = pre;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec256 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r1[2U];
@@ -856,37 +811,28 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -915,49 +861,45 @@ poly1305_do_256(
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ctx[25U] KRML_POST_ALIGN(32) = { 0U };
   uint8_t block[16U] = { 0U };
-  Hacl_Poly1305_256_poly1305_init(ctx, k);
-  if (aadlen != (uint32_t)0U)
+  Hacl_MAC_Poly1305_Simd256_poly1305_init(ctx, k);
+  if (aadlen != 0U)
   {
     poly1305_padded_256(ctx, aadlen, aad);
   }
-  if (mlen != (uint32_t)0U)
+  if (mlen != 0U)
   {
     poly1305_padded_256(ctx, mlen, m);
   }
   store64_le(block, (uint64_t)aadlen);
-  store64_le(block + (uint32_t)8U, (uint64_t)mlen);
-  Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
+  store64_le(block + 8U, (uint64_t)mlen);
+  Lib_IntVector_Intrinsics_vec256 *pre = ctx + 5U;
   Lib_IntVector_Intrinsics_vec256 *acc = ctx;
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
   uint64_t u0 = load64_le(block);
   uint64_t lo = u0;
-  uint64_t u = load64_le(block + (uint32_t)8U);
+  uint64_t u = load64_le(block + 8U);
   uint64_t hi = u;
   Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
   Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
   Lib_IntVector_Intrinsics_vec256
   f010 =
     Lib_IntVector_Intrinsics_vec256_and(f0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
   f110 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
   f20 =
-    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
       Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-          Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec256
   f30 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
   Lib_IntVector_Intrinsics_vec256 f01 = f010;
   Lib_IntVector_Intrinsics_vec256 f111 = f110;
   Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -968,12 +910,12 @@ poly1305_do_256(
   e[2U] = f2;
   e[3U] = f3;
   e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
+  uint64_t b = 0x1000000ULL;
   Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
   Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
   e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
   Lib_IntVector_Intrinsics_vec256 *r = pre;
-  Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
   Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
   Lib_IntVector_Intrinsics_vec256 r1 = r[1U];
   Lib_IntVector_Intrinsics_vec256 r2 = r[2U];
@@ -1088,37 +1030,28 @@ poly1305_do_256(
   Lib_IntVector_Intrinsics_vec256 t2 = a26;
   Lib_IntVector_Intrinsics_vec256 t3 = a36;
   Lib_IntVector_Intrinsics_vec256 t4 = a46;
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec256
-  z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
   Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec256
-  z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec256
-  z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -1131,95 +1064,93 @@ poly1305_do_256(
   acc[2U] = o2;
   acc[3U] = o3;
   acc[4U] = o4;
-  Hacl_Poly1305_256_poly1305_finish(out, k, ctx);
+  Hacl_MAC_Poly1305_Simd256_poly1305_finish(out, k, ctx);
 }
 
 /**
-Encrypt a message `m` with key `k`.
+Encrypt a message `input` with key `key`.
 
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
 */
 void
-Hacl_Chacha20Poly1305_256_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
 )
 {
-  Hacl_Chacha20_Vec256_chacha20_encrypt_256(mlen, cipher, m, k, n, (uint32_t)1U);
+  Hacl_Chacha20_Vec256_chacha20_encrypt_256(input_len, output, input, key, nonce, 1U);
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_Vec256_chacha20_encrypt_256((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_256(key, aadlen, aad, mlen, cipher, mac);
+  Hacl_Chacha20_Vec256_chacha20_encrypt_256(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_256(key1, data_len, data, input_len, output, tag);
 }
 
 /**
-Decrypt a ciphertext `cipher` with key `k`.
+Decrypt a ciphertext `input` with key `key`.
 
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
 
 @returns 0 on succeess; 1 on failure.
 */
 uint32_t
-Hacl_Chacha20Poly1305_256_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
 )
 {
-  uint8_t computed_mac[16U] = { 0U };
+  uint8_t computed_tag[16U] = { 0U };
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_Vec256_chacha20_encrypt_256((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_256(key, aadlen, aad, mlen, cipher, computed_mac);
-  uint8_t res = (uint8_t)255U;
+  Hacl_Chacha20_Vec256_chacha20_encrypt_256(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_256(key1, data_len, data, input_len, input, computed_tag);
+  uint8_t res = 255U;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_mac[i], mac[i]);
-    res = uu____0 & res;);
+    0U,
+    16U,
+    1U,
+    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_tag[i], tag[i]);
+    res = (uint32_t)uu____0 & (uint32_t)res;);
   uint8_t z = res;
-  if (z == (uint8_t)255U)
+  if (z == 255U)
   {
-    Hacl_Chacha20_Vec256_chacha20_encrypt_256(mlen, m, cipher, k, n, (uint32_t)1U);
-    return (uint32_t)0U;
+    Hacl_Chacha20_Vec256_chacha20_encrypt_256(input_len, output, input, key, nonce, 1U);
+    return 0U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_Bignum.c b/src/Hacl_Bignum.c
index fe73faa6..568bcc26 100644
--- a/src/Hacl_Bignum.c
+++ b/src/Hacl_Bignum.c
@@ -37,12 +37,12 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t *res
 )
 {
-  if (aLen < (uint32_t)32U || aLen % (uint32_t)2U == (uint32_t)1U)
+  if (aLen < 32U || aLen % 2U == 1U)
   {
     Hacl_Bignum_Multiplication_bn_mul_u32(aLen, a, aLen, b, res);
     return;
   }
-  uint32_t len2 = aLen / (uint32_t)2U;
+  uint32_t len2 = aLen / 2U;
   uint32_t *a0 = a;
   uint32_t *a1 = a + len2;
   uint32_t *b0 = b;
@@ -52,23 +52,23 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t *tmp_ = tmp + aLen;
   uint32_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a0, a1, tmp_);
   uint32_t c10 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a1, a0, t0);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint32_t *os = t0;
-    uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
+    uint32_t x = ((0U - c0) & t0[i]) | (~(0U - c0) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c10);
+  KRML_MAYBE_UNUSED_VAR(c10);
   uint32_t c00 = c0;
   uint32_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b0, b1, tmp_);
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b1, b0, t1);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint32_t *os = t1;
-    uint32_t x = (((uint32_t)0U - c010) & t1[i]) | (~((uint32_t)0U - c010) & tmp_[i]);
+    uint32_t x = ((0U - c010) & t1[i]) | (~(0U - c010) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   uint32_t c11 = c010;
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
@@ -81,66 +81,61 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t *r231 = res + aLen;
   uint32_t *t01 = tmp;
   uint32_t *t231 = tmp + aLen;
-  uint32_t *t45 = tmp + (uint32_t)2U * aLen;
-  uint32_t *t67 = tmp + (uint32_t)3U * aLen;
+  uint32_t *t45 = tmp + 2U * aLen;
+  uint32_t *t67 = tmp + 3U * aLen;
   uint32_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r011, r231, t01);
   uint32_t c_sign = c00 ^ c11;
   uint32_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(aLen, t01, t231, t67);
   uint32_t c31 = c2 - c3;
   uint32_t c4 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, t01, t231, t45);
   uint32_t c41 = c2 + c4;
-  uint32_t mask = (uint32_t)0U - c_sign;
-  for (uint32_t i = (uint32_t)0U; i < aLen; i++)
+  uint32_t mask = 0U - c_sign;
+  for (uint32_t i = 0U; i < aLen; i++)
   {
     uint32_t *os = t45;
     uint32_t x = (mask & t45[i]) | (~mask & t67[i]);
     os[i] = x;
   }
   uint32_t c5 = (mask & c41) | (~mask & c31);
-  uint32_t aLen2 = aLen / (uint32_t)2U;
+  uint32_t aLen2 = aLen / 2U;
   uint32_t *r0 = res + aLen2;
   uint32_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r0, t45, r0);
   uint32_t c6 = r10;
   uint32_t c60 = c6;
   uint32_t c7 = c5 + c60;
   uint32_t *r = res + aLen + aLen2;
-  uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32((uint32_t)0U, r[0U], c7, r);
+  uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32(0U, r[0U], c7, r);
   uint32_t r1;
-  if ((uint32_t)1U < aLen + aLen - (aLen + aLen2))
+  if (1U < aLen + aLen - (aLen + aLen2))
   {
-    uint32_t *a11 = r + (uint32_t)1U;
-    uint32_t *res1 = r + (uint32_t)1U;
+    uint32_t *a11 = r + 1U;
+    uint32_t *res1 = r + 1U;
     uint32_t c = c01;
-    for
-    (uint32_t
-      i = (uint32_t)0U;
-      i
-      < (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U;
-      i++)
+    for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++)
     {
-      uint32_t t11 = a11[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, (uint32_t)0U, res_i0);
-      uint32_t t110 = a11[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t110, (uint32_t)0U, res_i1);
-      uint32_t t111 = a11[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t111, (uint32_t)0U, res_i2);
-      uint32_t t112 = a11[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t112, (uint32_t)0U, res_i);
+      uint32_t t11 = a11[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, 0U, res_i0);
+      uint32_t t110 = a11[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t110, 0U, res_i1);
+      uint32_t t111 = a11[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t111, 0U, res_i2);
+      uint32_t t112 = a11[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t112, 0U, res_i);
     }
     for
     (uint32_t
-      i = (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
+      i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U;
       i
-      < aLen + aLen - (aLen + aLen2) - (uint32_t)1U;
+      < aLen + aLen - (aLen + aLen2) - 1U;
       i++)
     {
       uint32_t t11 = a11[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, (uint32_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, 0U, res_i);
     }
     uint32_t c110 = c;
     r1 = c110;
@@ -152,7 +147,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
-  KRML_HOST_IGNORE(c9);
+  KRML_MAYBE_UNUSED_VAR(c9);
 }
 
 void
@@ -164,12 +159,12 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t *res
 )
 {
-  if (aLen < (uint32_t)32U || aLen % (uint32_t)2U == (uint32_t)1U)
+  if (aLen < 32U || aLen % 2U == 1U)
   {
     Hacl_Bignum_Multiplication_bn_mul_u64(aLen, a, aLen, b, res);
     return;
   }
-  uint32_t len2 = aLen / (uint32_t)2U;
+  uint32_t len2 = aLen / 2U;
   uint64_t *a0 = a;
   uint64_t *a1 = a + len2;
   uint64_t *b0 = b;
@@ -179,23 +174,23 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t *tmp_ = tmp + aLen;
   uint64_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a0, a1, tmp_);
   uint64_t c10 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a1, a0, t0);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint64_t *os = t0;
-    uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
+    uint64_t x = ((0ULL - c0) & t0[i]) | (~(0ULL - c0) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c10);
+  KRML_MAYBE_UNUSED_VAR(c10);
   uint64_t c00 = c0;
   uint64_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b0, b1, tmp_);
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b1, b0, t1);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint64_t *os = t1;
-    uint64_t x = (((uint64_t)0U - c010) & t1[i]) | (~((uint64_t)0U - c010) & tmp_[i]);
+    uint64_t x = ((0ULL - c010) & t1[i]) | (~(0ULL - c010) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   uint64_t c11 = c010;
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
@@ -208,66 +203,61 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t *r231 = res + aLen;
   uint64_t *t01 = tmp;
   uint64_t *t231 = tmp + aLen;
-  uint64_t *t45 = tmp + (uint32_t)2U * aLen;
-  uint64_t *t67 = tmp + (uint32_t)3U * aLen;
+  uint64_t *t45 = tmp + 2U * aLen;
+  uint64_t *t67 = tmp + 3U * aLen;
   uint64_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r011, r231, t01);
   uint64_t c_sign = c00 ^ c11;
   uint64_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(aLen, t01, t231, t67);
   uint64_t c31 = c2 - c3;
   uint64_t c4 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, t01, t231, t45);
   uint64_t c41 = c2 + c4;
-  uint64_t mask = (uint64_t)0U - c_sign;
-  for (uint32_t i = (uint32_t)0U; i < aLen; i++)
+  uint64_t mask = 0ULL - c_sign;
+  for (uint32_t i = 0U; i < aLen; i++)
   {
     uint64_t *os = t45;
     uint64_t x = (mask & t45[i]) | (~mask & t67[i]);
     os[i] = x;
   }
   uint64_t c5 = (mask & c41) | (~mask & c31);
-  uint32_t aLen2 = aLen / (uint32_t)2U;
+  uint32_t aLen2 = aLen / 2U;
   uint64_t *r0 = res + aLen2;
   uint64_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r0, t45, r0);
   uint64_t c6 = r10;
   uint64_t c60 = c6;
   uint64_t c7 = c5 + c60;
   uint64_t *r = res + aLen + aLen2;
-  uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64((uint64_t)0U, r[0U], c7, r);
+  uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64(0ULL, r[0U], c7, r);
   uint64_t r1;
-  if ((uint32_t)1U < aLen + aLen - (aLen + aLen2))
+  if (1U < aLen + aLen - (aLen + aLen2))
   {
-    uint64_t *a11 = r + (uint32_t)1U;
-    uint64_t *res1 = r + (uint32_t)1U;
+    uint64_t *a11 = r + 1U;
+    uint64_t *res1 = r + 1U;
     uint64_t c = c01;
-    for
-    (uint32_t
-      i = (uint32_t)0U;
-      i
-      < (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U;
-      i++)
+    for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++)
     {
-      uint64_t t11 = a11[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, (uint64_t)0U, res_i0);
-      uint64_t t110 = a11[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t110, (uint64_t)0U, res_i1);
-      uint64_t t111 = a11[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t111, (uint64_t)0U, res_i2);
-      uint64_t t112 = a11[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t112, (uint64_t)0U, res_i);
+      uint64_t t11 = a11[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i0);
+      uint64_t t110 = a11[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t110, 0ULL, res_i1);
+      uint64_t t111 = a11[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t111, 0ULL, res_i2);
+      uint64_t t112 = a11[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t112, 0ULL, res_i);
     }
     for
     (uint32_t
-      i = (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
+      i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U;
       i
-      < aLen + aLen - (aLen + aLen2) - (uint32_t)1U;
+      < aLen + aLen - (aLen + aLen2) - 1U;
       i++)
     {
       uint64_t t11 = a11[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i);
     }
     uint64_t c110 = c;
     r1 = c110;
@@ -279,7 +269,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
-  KRML_HOST_IGNORE(c9);
+  KRML_MAYBE_UNUSED_VAR(c9);
 }
 
 void
@@ -290,27 +280,27 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t *res
 )
 {
-  if (aLen < (uint32_t)32U || aLen % (uint32_t)2U == (uint32_t)1U)
+  if (aLen < 32U || aLen % 2U == 1U)
   {
     Hacl_Bignum_Multiplication_bn_sqr_u32(aLen, a, res);
     return;
   }
-  uint32_t len2 = aLen / (uint32_t)2U;
+  uint32_t len2 = aLen / 2U;
   uint32_t *a0 = a;
   uint32_t *a1 = a + len2;
   uint32_t *t0 = tmp;
   uint32_t *tmp_ = tmp + aLen;
   uint32_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a0, a1, tmp_);
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a1, a0, t0);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint32_t *os = t0;
-    uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
+    uint32_t x = ((0U - c0) & t0[i]) | (~(0U - c0) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   uint32_t c00 = c0;
-  KRML_HOST_IGNORE(c00);
+  KRML_MAYBE_UNUSED_VAR(c00);
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len2, t0, tmp1, t23);
@@ -322,54 +312,49 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t *r231 = res + aLen;
   uint32_t *t01 = tmp;
   uint32_t *t231 = tmp + aLen;
-  uint32_t *t45 = tmp + (uint32_t)2U * aLen;
+  uint32_t *t45 = tmp + 2U * aLen;
   uint32_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r011, r231, t01);
   uint32_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(aLen, t01, t231, t45);
   uint32_t c5 = c2 - c3;
-  uint32_t aLen2 = aLen / (uint32_t)2U;
+  uint32_t aLen2 = aLen / 2U;
   uint32_t *r0 = res + aLen2;
   uint32_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r0, t45, r0);
   uint32_t c4 = r10;
   uint32_t c6 = c4;
   uint32_t c7 = c5 + c6;
   uint32_t *r = res + aLen + aLen2;
-  uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32((uint32_t)0U, r[0U], c7, r);
+  uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32(0U, r[0U], c7, r);
   uint32_t r1;
-  if ((uint32_t)1U < aLen + aLen - (aLen + aLen2))
+  if (1U < aLen + aLen - (aLen + aLen2))
   {
-    uint32_t *a11 = r + (uint32_t)1U;
-    uint32_t *res1 = r + (uint32_t)1U;
+    uint32_t *a11 = r + 1U;
+    uint32_t *res1 = r + 1U;
     uint32_t c = c01;
-    for
-    (uint32_t
-      i = (uint32_t)0U;
-      i
-      < (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U;
-      i++)
+    for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++)
     {
-      uint32_t t1 = a11[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a11[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a11[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a11[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a11[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a11[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a11[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a11[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, 0U, res_i);
     }
     for
     (uint32_t
-      i = (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
+      i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U;
       i
-      < aLen + aLen - (aLen + aLen2) - (uint32_t)1U;
+      < aLen + aLen - (aLen + aLen2) - 1U;
       i++)
     {
       uint32_t t1 = a11[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, (uint32_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, 0U, res_i);
     }
     uint32_t c10 = c;
     r1 = c10;
@@ -381,7 +366,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
-  KRML_HOST_IGNORE(c9);
+  KRML_MAYBE_UNUSED_VAR(c9);
 }
 
 void
@@ -392,27 +377,27 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t *res
 )
 {
-  if (aLen < (uint32_t)32U || aLen % (uint32_t)2U == (uint32_t)1U)
+  if (aLen < 32U || aLen % 2U == 1U)
   {
     Hacl_Bignum_Multiplication_bn_sqr_u64(aLen, a, res);
     return;
   }
-  uint32_t len2 = aLen / (uint32_t)2U;
+  uint32_t len2 = aLen / 2U;
   uint64_t *a0 = a;
   uint64_t *a1 = a + len2;
   uint64_t *t0 = tmp;
   uint64_t *tmp_ = tmp + aLen;
   uint64_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a0, a1, tmp_);
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a1, a0, t0);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint64_t *os = t0;
-    uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
+    uint64_t x = ((0ULL - c0) & t0[i]) | (~(0ULL - c0) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   uint64_t c00 = c0;
-  KRML_HOST_IGNORE(c00);
+  KRML_MAYBE_UNUSED_VAR(c00);
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len2, t0, tmp1, t23);
@@ -424,54 +409,49 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t *r231 = res + aLen;
   uint64_t *t01 = tmp;
   uint64_t *t231 = tmp + aLen;
-  uint64_t *t45 = tmp + (uint32_t)2U * aLen;
+  uint64_t *t45 = tmp + 2U * aLen;
   uint64_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r011, r231, t01);
   uint64_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(aLen, t01, t231, t45);
   uint64_t c5 = c2 - c3;
-  uint32_t aLen2 = aLen / (uint32_t)2U;
+  uint32_t aLen2 = aLen / 2U;
   uint64_t *r0 = res + aLen2;
   uint64_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r0, t45, r0);
   uint64_t c4 = r10;
   uint64_t c6 = c4;
   uint64_t c7 = c5 + c6;
   uint64_t *r = res + aLen + aLen2;
-  uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64((uint64_t)0U, r[0U], c7, r);
+  uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64(0ULL, r[0U], c7, r);
   uint64_t r1;
-  if ((uint32_t)1U < aLen + aLen - (aLen + aLen2))
+  if (1U < aLen + aLen - (aLen + aLen2))
   {
-    uint64_t *a11 = r + (uint32_t)1U;
-    uint64_t *res1 = r + (uint32_t)1U;
+    uint64_t *a11 = r + 1U;
+    uint64_t *res1 = r + 1U;
     uint64_t c = c01;
-    for
-    (uint32_t
-      i = (uint32_t)0U;
-      i
-      < (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U;
-      i++)
+    for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++)
     {
-      uint64_t t1 = a11[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a11[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a11[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a11[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a11[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a11[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a11[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a11[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, 0ULL, res_i);
     }
     for
     (uint32_t
-      i = (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
+      i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U;
       i
-      < aLen + aLen - (aLen + aLen2) - (uint32_t)1U;
+      < aLen + aLen - (aLen + aLen2) - 1U;
       i++)
     {
       uint64_t t1 = a11[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c10 = c;
     r1 = c10;
@@ -483,7 +463,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
-  KRML_HOST_IGNORE(c9);
+  KRML_MAYBE_UNUSED_VAR(c9);
 }
 
 void
@@ -495,27 +475,27 @@ Hacl_Bignum_bn_add_mod_n_u32(
   uint32_t *res
 )
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint32_t c0 = 0U;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint32_t t1 = a[i];
     uint32_t t2 = b[i];
@@ -526,27 +506,27 @@ Hacl_Bignum_bn_add_mod_n_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len1);
   uint32_t tmp[len1];
   memset(tmp, 0U, len1 * sizeof (uint32_t));
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint32_t t1 = res[i];
     uint32_t t2 = n[i];
@@ -555,7 +535,7 @@ Hacl_Bignum_bn_add_mod_n_u32(
   }
   uint32_t c1 = c;
   uint32_t c2 = c00 - c1;
-  for (uint32_t i = (uint32_t)0U; i < len1; i++)
+  for (uint32_t i = 0U; i < len1; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -572,27 +552,27 @@ Hacl_Bignum_bn_add_mod_n_u64(
   uint64_t *res
 )
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint64_t t1 = a[i];
     uint64_t t2 = b[i];
@@ -603,27 +583,27 @@ Hacl_Bignum_bn_add_mod_n_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len1);
   uint64_t tmp[len1];
   memset(tmp, 0U, len1 * sizeof (uint64_t));
-  uint64_t c = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint64_t c = 0ULL;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint64_t t1 = res[i];
     uint64_t t2 = n[i];
@@ -632,7 +612,7 @@ Hacl_Bignum_bn_add_mod_n_u64(
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
-  for (uint32_t i = (uint32_t)0U; i < len1; i++)
+  for (uint32_t i = 0U; i < len1; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -649,27 +629,27 @@ Hacl_Bignum_bn_sub_mod_n_u32(
   uint32_t *res
 )
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint32_t c0 = 0U;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint32_t t1 = a[i];
     uint32_t t2 = b[i];
@@ -680,27 +660,27 @@ Hacl_Bignum_bn_sub_mod_n_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len1);
   uint32_t tmp[len1];
   memset(tmp, 0U, len1 * sizeof (uint32_t));
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint32_t t1 = res[i];
     uint32_t t2 = n[i];
@@ -708,9 +688,9 @@ Hacl_Bignum_bn_sub_mod_n_u32(
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t2, res_i);
   }
   uint32_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint32_t c2 = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len1; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t c2 = 0U - c00;
+  for (uint32_t i = 0U; i < len1; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & tmp[i]) | (~c2 & res[i]);
@@ -727,27 +707,27 @@ Hacl_Bignum_bn_sub_mod_n_u64(
   uint64_t *res
 )
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint64_t t1 = a[i];
     uint64_t t2 = b[i];
@@ -758,27 +738,27 @@ Hacl_Bignum_bn_sub_mod_n_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len1);
   uint64_t tmp[len1];
   memset(tmp, 0U, len1 * sizeof (uint64_t));
-  uint64_t c = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint64_t c = 0ULL;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint64_t t1 = res[i];
     uint64_t t2 = n[i];
@@ -786,9 +766,9 @@ Hacl_Bignum_bn_sub_mod_n_u64(
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i);
   }
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len1; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
+  for (uint32_t i = 0U; i < len1; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & tmp[i]) | (~c2 & res[i]);
@@ -798,42 +778,42 @@ Hacl_Bignum_bn_sub_mod_n_u64(
 
 uint32_t Hacl_Bignum_ModInvLimb_mod_inv_uint32(uint32_t n0)
 {
-  uint32_t alpha = (uint32_t)2147483648U;
+  uint32_t alpha = 2147483648U;
   uint32_t beta = n0;
-  uint32_t ub = (uint32_t)0U;
-  uint32_t vb = (uint32_t)0U;
-  ub = (uint32_t)1U;
-  vb = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t ub = 0U;
+  uint32_t vb = 0U;
+  ub = 1U;
+  vb = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint32_t us = ub;
     uint32_t vs = vb;
-    uint32_t u_is_odd = (uint32_t)0U - (us & (uint32_t)1U);
+    uint32_t u_is_odd = 0U - (us & 1U);
     uint32_t beta_if_u_is_odd = beta & u_is_odd;
-    ub = ((us ^ beta_if_u_is_odd) >> (uint32_t)1U) + (us & beta_if_u_is_odd);
+    ub = ((us ^ beta_if_u_is_odd) >> 1U) + (us & beta_if_u_is_odd);
     uint32_t alpha_if_u_is_odd = alpha & u_is_odd;
-    vb = (vs >> (uint32_t)1U) + alpha_if_u_is_odd;
+    vb = (vs >> 1U) + alpha_if_u_is_odd;
   }
   return vb;
 }
 
 uint64_t Hacl_Bignum_ModInvLimb_mod_inv_uint64(uint64_t n0)
 {
-  uint64_t alpha = (uint64_t)9223372036854775808U;
+  uint64_t alpha = 9223372036854775808ULL;
   uint64_t beta = n0;
-  uint64_t ub = (uint64_t)0U;
-  uint64_t vb = (uint64_t)0U;
-  ub = (uint64_t)1U;
-  vb = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t ub = 0ULL;
+  uint64_t vb = 0ULL;
+  ub = 1ULL;
+  vb = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t us = ub;
     uint64_t vs = vb;
-    uint64_t u_is_odd = (uint64_t)0U - (us & (uint64_t)1U);
+    uint64_t u_is_odd = 0ULL - (us & 1ULL);
     uint64_t beta_if_u_is_odd = beta & u_is_odd;
-    ub = ((us ^ beta_if_u_is_odd) >> (uint32_t)1U) + (us & beta_if_u_is_odd);
+    ub = ((us ^ beta_if_u_is_odd) >> 1U) + (us & beta_if_u_is_odd);
     uint64_t alpha_if_u_is_odd = alpha & u_is_odd;
-    vb = (vs >> (uint32_t)1U) + alpha_if_u_is_odd;
+    vb = (vs >> 1U) + alpha_if_u_is_odd;
   }
   return vb;
 }
@@ -844,15 +824,15 @@ uint32_t Hacl_Bignum_Montgomery_bn_check_modulus_u32(uint32_t len, uint32_t *n)
   uint32_t one[len];
   memset(one, 0U, len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc;
   return m0 & m1;
@@ -867,46 +847,40 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(
 )
 {
   memset(res, 0U, len * sizeof (uint32_t));
-  uint32_t i = nBits / (uint32_t)32U;
-  uint32_t j = nBits % (uint32_t)32U;
-  res[i] = res[i] | (uint32_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U * len - nBits; i0++)
+  uint32_t i = nBits / 32U;
+  uint32_t j = nBits % 32U;
+  res[i] = res[i] | 1U << j;
+  for (uint32_t i0 = 0U; i0 < 64U * len - nBits; i0++)
   {
     Hacl_Bignum_bn_add_mod_n_u32(len, n, res, res, res);
   }
 }
 
-void
-Hacl_Bignum_Montgomery_bn_mont_reduction_u32(
-  uint32_t len,
-  uint32_t *n,
-  uint32_t nInv,
-  uint32_t *c,
-  uint32_t *res
-)
+static void
+bn_mont_reduction_u32(uint32_t len, uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
+  uint32_t c0 = 0U;
+  for (uint32_t i0 = 0U; i0 < len; i0++)
   {
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint32_t c1 = 0U;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint32_t a_i = n[i];
       uint32_t *res_i = res_j0 + i;
@@ -923,27 +897,27 @@ Hacl_Bignum_Montgomery_bn_mont_reduction_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint32_t));
-  uint32_t c1 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+  uint32_t c1 = 0U;
+  for (uint32_t i = 0U; i < len / 4U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t12, t2, res_i);
   }
-  for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+  for (uint32_t i = len / 4U * 4U; i < len; i++)
   {
     uint32_t t1 = res[i];
     uint32_t t2 = n[i];
@@ -952,7 +926,7 @@ Hacl_Bignum_Montgomery_bn_mont_reduction_u32(
   }
   uint32_t c10 = c1;
   uint32_t c2 = c00 - c10;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -973,11 +947,11 @@ Hacl_Bignum_Montgomery_bn_to_mont_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, nInv, c, aM);
+  bn_mont_reduction_u32(len, n, nInv, c, aM);
 }
 
 void
@@ -993,7 +967,7 @@ Hacl_Bignum_Montgomery_bn_from_mont_u32(
   uint32_t tmp[len + len];
   memset(tmp, 0U, (len + len) * sizeof (uint32_t));
   memcpy(tmp, aM, len * sizeof (uint32_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, nInv_u64, tmp, a);
+  bn_mont_reduction_u32(len, n, nInv_u64, tmp, a);
 }
 
 void
@@ -1009,11 +983,11 @@ Hacl_Bignum_Montgomery_bn_mont_mul_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, aM, bM, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, nInv_u64, c, resM);
+  bn_mont_reduction_u32(len, n, nInv_u64, c, resM);
 }
 
 void
@@ -1028,11 +1002,11 @@ Hacl_Bignum_Montgomery_bn_mont_sqr_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len, aM, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, nInv_u64, c, resM);
+  bn_mont_reduction_u32(len, n, nInv_u64, c, resM);
 }
 
 uint64_t Hacl_Bignum_Montgomery_bn_check_modulus_u64(uint32_t len, uint64_t *n)
@@ -1041,15 +1015,15 @@ uint64_t Hacl_Bignum_Montgomery_bn_check_modulus_u64(uint32_t len, uint64_t *n)
   uint64_t one[len];
   memset(one, 0U, len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc;
   return m0 & m1;
@@ -1064,46 +1038,40 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(
 )
 {
   memset(res, 0U, len * sizeof (uint64_t));
-  uint32_t i = nBits / (uint32_t)64U;
-  uint32_t j = nBits % (uint32_t)64U;
-  res[i] = res[i] | (uint64_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)128U * len - nBits; i0++)
+  uint32_t i = nBits / 64U;
+  uint32_t j = nBits % 64U;
+  res[i] = res[i] | 1ULL << j;
+  for (uint32_t i0 = 0U; i0 < 128U * len - nBits; i0++)
   {
     Hacl_Bignum_bn_add_mod_n_u64(len, n, res, res, res);
   }
 }
 
-void
-Hacl_Bignum_Montgomery_bn_mont_reduction_u64(
-  uint32_t len,
-  uint64_t *n,
-  uint64_t nInv,
-  uint64_t *c,
-  uint64_t *res
-)
+static void
+bn_mont_reduction_u64(uint32_t len, uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i0 = 0U; i0 < len; i0++)
   {
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint64_t c1 = 0ULL;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint64_t a_i = n[4U * i];
+      uint64_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * i + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * i + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * i + 3U];
+      uint64_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint64_t a_i = n[i];
       uint64_t *res_i = res_j0 + i;
@@ -1120,27 +1088,27 @@ Hacl_Bignum_Montgomery_bn_mont_reduction_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint64_t));
-  uint64_t c1 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+  uint64_t c1 = 0ULL;
+  for (uint32_t i = 0U; i < len / 4U; i++)
   {
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t12, t2, res_i);
   }
-  for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+  for (uint32_t i = len / 4U * 4U; i < len; i++)
   {
     uint64_t t1 = res[i];
     uint64_t t2 = n[i];
@@ -1149,7 +1117,7 @@ Hacl_Bignum_Montgomery_bn_mont_reduction_u64(
   }
   uint64_t c10 = c1;
   uint64_t c2 = c00 - c10;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -1170,11 +1138,11 @@ Hacl_Bignum_Montgomery_bn_to_mont_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, nInv, c, aM);
+  bn_mont_reduction_u64(len, n, nInv, c, aM);
 }
 
 void
@@ -1190,7 +1158,7 @@ Hacl_Bignum_Montgomery_bn_from_mont_u64(
   uint64_t tmp[len + len];
   memset(tmp, 0U, (len + len) * sizeof (uint64_t));
   memcpy(tmp, aM, len * sizeof (uint64_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, nInv_u64, tmp, a);
+  bn_mont_reduction_u64(len, n, nInv_u64, tmp, a);
 }
 
 void
@@ -1206,11 +1174,11 @@ Hacl_Bignum_Montgomery_bn_mont_mul_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, aM, bM, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, nInv_u64, c, resM);
+  bn_mont_reduction_u64(len, n, nInv_u64, c, resM);
 }
 
 void
@@ -1225,15 +1193,15 @@ Hacl_Bignum_Montgomery_bn_mont_sqr_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len, aM, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, nInv_u64, c, resM);
+  bn_mont_reduction_u64(len, n, nInv_u64, c, resM);
 }
 
-static void
-bn_almost_mont_reduction_u32(
+void
+Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(
   uint32_t len,
   uint32_t *n,
   uint32_t nInv,
@@ -1241,28 +1209,28 @@ bn_almost_mont_reduction_u32(
   uint32_t *res
 )
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
+  uint32_t c0 = 0U;
+  for (uint32_t i0 = 0U; i0 < len; i0++)
   {
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint32_t c1 = 0U;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint32_t a_i = n[i];
       uint32_t *res_i = res_j0 + i;
@@ -1280,9 +1248,9 @@ bn_almost_mont_reduction_u32(
   uint32_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t m = 0U - c00;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t *os = res;
     uint32_t x = (m & tmp[i]) | (~m & res[i]);
@@ -1303,11 +1271,11 @@ bn_almost_mont_mul_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, aM, bM, tmp, c);
-  bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM);
 }
 
 static void
@@ -1322,15 +1290,15 @@ bn_almost_mont_sqr_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len, aM, tmp, c);
-  bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM);
 }
 
-static void
-bn_almost_mont_reduction_u64(
+void
+Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(
   uint32_t len,
   uint64_t *n,
   uint64_t nInv,
@@ -1338,28 +1306,28 @@ bn_almost_mont_reduction_u64(
   uint64_t *res
 )
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i0 = 0U; i0 < len; i0++)
   {
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint64_t c1 = 0ULL;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint64_t a_i = n[4U * i];
+      uint64_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * i + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * i + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * i + 3U];
+      uint64_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint64_t a_i = n[i];
       uint64_t *res_i = res_j0 + i;
@@ -1377,9 +1345,9 @@ bn_almost_mont_reduction_u64(
   uint64_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t m = 0ULL - c00;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t *os = res;
     uint64_t x = (m & tmp[i]) | (~m & res[i]);
@@ -1400,11 +1368,11 @@ bn_almost_mont_mul_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, aM, bM, tmp, c);
-  bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM);
 }
 
 static void
@@ -1419,11 +1387,11 @@ bn_almost_mont_sqr_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t c[len + len];
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len, aM, tmp, c);
-  bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM);
 }
 
 uint32_t
@@ -1439,56 +1407,56 @@ Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32(
   uint32_t one[len];
   memset(one, 0U, len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m10 = acc0;
   uint32_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t m1;
-  if (bBits < (uint32_t)32U * bLen)
+  if (bBits < 32U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), bLen);
     uint32_t b2[bLen];
     memset(b2, 0U, bLen * sizeof (uint32_t));
-    uint32_t i0 = bBits / (uint32_t)32U;
-    uint32_t j = bBits % (uint32_t)32U;
-    b2[i0] = b2[i0] | (uint32_t)1U << j;
-    uint32_t acc = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 32U;
+    uint32_t j = bBits % 32U;
+    b2[i0] = b2[i0] | 1U << j;
+    uint32_t acc = 0U;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint32_t beq = FStar_UInt32_eq_mask(b[i], b2[i]);
       uint32_t blt = ~FStar_UInt32_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
     }
     uint32_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint32_t)0xFFFFFFFFU;
+    m1 = 0xFFFFFFFFU;
   }
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m2 = acc;
   uint32_t m = m1 & m2;
@@ -1507,19 +1475,12 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t aM[len];
     memset(aM, 0U, len * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-    uint32_t c[len + len];
-    memset(c, 0U, (len + len) * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-    uint32_t tmp0[(uint32_t)4U * len];
-    memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-    Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp0, c);
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c, aM);
+    Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM);
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t resM[len];
     memset(resM, 0U, len * sizeof (uint32_t));
@@ -1531,13 +1492,13 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
     uint32_t *ctx_n = ctx;
     uint32_t *ctx_r2 = ctx + len;
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)32U;
-      uint32_t j = i % (uint32_t)32U;
+      uint32_t i1 = i / 32U;
+      uint32_t j = i % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
-      if (!(bit == (uint32_t)0U))
+      uint32_t bit = tmp >> j & 1U;
+      if (!(bit == 0U))
       {
         uint32_t *ctx_n0 = ctx;
         bn_almost_mont_mul_u32(len, ctx_n0, mu, resM, aM, resM);
@@ -1545,44 +1506,33 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
       uint32_t *ctx_n0 = ctx;
       bn_almost_mont_sqr_u32(len, ctx_n0, mu, aM, aM);
     }
-    KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-    uint32_t tmp[len + len];
-    memset(tmp, 0U, (len + len) * sizeof (uint32_t));
-    memcpy(tmp, resM, len * sizeof (uint32_t));
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, tmp, res);
+    Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res);
     return;
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t aM[len];
   memset(aM, 0U, len * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t c[len + len];
-  memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp0[(uint32_t)4U * len];
-  memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp0, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c, aM);
+  Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM);
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t resM[len];
   memset(resM, 0U, len * sizeof (uint32_t));
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t ctx[len + len];
   memset(ctx, 0U, (len + len) * sizeof (uint32_t));
   memcpy(ctx, n, len * sizeof (uint32_t));
   memcpy(ctx + len, r2, len * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)16U * len);
-  uint32_t table[(uint32_t)16U * len];
-  memset(table, 0U, (uint32_t)16U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len);
+  uint32_t table[16U * len];
+  memset(table, 0U, 16U * len * sizeof (uint32_t));
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint32_t));
@@ -1593,21 +1543,21 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
   Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n0, mu, ctx_r20, t0);
   memcpy(t1, aM, len * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * len;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * len;
     uint32_t *ctx_n1 = ctx;
     bn_almost_mont_sqr_u32(len, ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len, tmp, len * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len;
+    memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * len;
     uint32_t *ctx_n = ctx;
     bn_almost_mont_mul_u32(len, ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len, tmp, len * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, 4U);
     uint32_t bits_l32 = bits_c;
     const uint32_t *a_bits_l = table + bits_l32 * len;
     memcpy(resM, (uint32_t *)a_bits_l, len * sizeof (uint32_t));
@@ -1619,29 +1569,25 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM);
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
-  uint32_t tmp1[len];
-  memset(tmp1, 0U, len * sizeof (uint32_t));
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  uint32_t tmp0[len];
+  memset(tmp0, 0U, len * sizeof (uint32_t));
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       bn_almost_mont_sqr_u32(len, ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
     uint32_t bits_l32 = bits_l;
     const uint32_t *a_bits_l = table + bits_l32 * len;
-    memcpy(tmp1, (uint32_t *)a_bits_l, len * sizeof (uint32_t));
+    memcpy(tmp0, (uint32_t *)a_bits_l, len * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
-    bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp1, resM);
+    bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp0, resM);
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t tmp2[len + len];
-  memset(tmp2, 0U, (len + len) * sizeof (uint32_t));
-  memcpy(tmp2, resM, len * sizeof (uint32_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, tmp2, res);
+  Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res);
 }
 
 void
@@ -1656,19 +1602,12 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t aM[len];
     memset(aM, 0U, len * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-    uint32_t c[len + len];
-    memset(c, 0U, (len + len) * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-    uint32_t tmp0[(uint32_t)4U * len];
-    memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-    Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp0, c);
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c, aM);
+    Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM);
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t resM[len];
     memset(resM, 0U, len * sizeof (uint32_t));
@@ -1677,20 +1616,20 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
     memset(ctx, 0U, (len + len) * sizeof (uint32_t));
     memcpy(ctx, n, len * sizeof (uint32_t));
     memcpy(ctx + len, r2, len * sizeof (uint32_t));
-    uint32_t sw = (uint32_t)0U;
+    uint32_t sw = 0U;
     uint32_t *ctx_n = ctx;
     uint32_t *ctx_r2 = ctx + len;
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)32U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)32U;
+      uint32_t i1 = (bBits - i0 - 1U) / 32U;
+      uint32_t j = (bBits - i0 - 1U) % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
+      uint32_t bit = tmp >> j & 1U;
       uint32_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      for (uint32_t i = 0U; i < len; i++)
       {
-        uint32_t dummy = ((uint32_t)0U - sw1) & (resM[i] ^ aM[i]);
+        uint32_t dummy = (0U - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;
       }
@@ -1701,50 +1640,39 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
       sw = bit;
     }
     uint32_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < len; i++)
+    for (uint32_t i = 0U; i < len; i++)
     {
-      uint32_t dummy = ((uint32_t)0U - sw0) & (resM[i] ^ aM[i]);
+      uint32_t dummy = (0U - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;
     }
-    KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-    uint32_t tmp[len + len];
-    memset(tmp, 0U, (len + len) * sizeof (uint32_t));
-    memcpy(tmp, resM, len * sizeof (uint32_t));
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, tmp, res);
+    Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res);
     return;
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t aM[len];
   memset(aM, 0U, len * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t c0[len + len];
-  memset(c0, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp0[(uint32_t)4U * len];
-  memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp0, c0);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c0, aM);
+  Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM);
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t resM[len];
   memset(resM, 0U, len * sizeof (uint32_t));
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t ctx[len + len];
   memset(ctx, 0U, (len + len) * sizeof (uint32_t));
   memcpy(ctx, n, len * sizeof (uint32_t));
   memcpy(ctx + len, r2, len * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)16U * len);
-  uint32_t table[(uint32_t)16U * len];
-  memset(table, 0U, (uint32_t)16U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len);
+  uint32_t table[16U * len];
+  memset(table, 0U, 16U * len * sizeof (uint32_t));
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint32_t));
@@ -1755,29 +1683,29 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
   Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n0, mu, ctx_r20, t0);
   memcpy(t1, aM, len * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * len;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * len;
     uint32_t *ctx_n1 = ctx;
     bn_almost_mont_sqr_u32(len, ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len, tmp, len * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len;
+    memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * len;
     uint32_t *ctx_n = ctx;
     bn_almost_mont_mul_u32(len, ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len, tmp, len * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint32_t *)(table + (uint32_t)0U * len), len * sizeof (uint32_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, 4U);
+    memcpy(resM, (uint32_t *)(table + 0U * len), len * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * len;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * len;
+      for (uint32_t i = 0U; i < len; i++)
       {
         uint32_t *os = resM;
         uint32_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -1791,39 +1719,35 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM);
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
-  uint32_t tmp1[len];
-  memset(tmp1, 0U, len * sizeof (uint32_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  uint32_t tmp0[len];
+  memset(tmp0, 0U, len * sizeof (uint32_t));
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       bn_almost_mont_sqr_u32(len, ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp1, (uint32_t *)(table + (uint32_t)0U * len), len * sizeof (uint32_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
+    memcpy(tmp0, (uint32_t *)(table + 0U * len), len * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * len;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * len;
+      for (uint32_t i = 0U; i < len; i++)
       {
-        uint32_t *os = tmp1;
-        uint32_t x = (c & res_j[i]) | (~c & tmp1[i]);
+        uint32_t *os = tmp0;
+        uint32_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;
       });
     uint32_t *ctx_n = ctx;
-    bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp1, resM);
+    bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp0, resM);
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t tmp2[len + len];
-  memset(tmp2, 0U, (len + len) * sizeof (uint32_t));
-  memcpy(tmp2, resM, len * sizeof (uint32_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, tmp2, res);
+  Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res);
 }
 
 void
@@ -1877,56 +1801,56 @@ Hacl_Bignum_Exponentiation_bn_check_mod_exp_u64(
   uint64_t one[len];
   memset(one, 0U, len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m10 = acc0;
   uint64_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t m1;
-  if (bBits < (uint32_t)64U * bLen)
+  if (bBits < 64U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), bLen);
     uint64_t b2[bLen];
     memset(b2, 0U, bLen * sizeof (uint64_t));
-    uint32_t i0 = bBits / (uint32_t)64U;
-    uint32_t j = bBits % (uint32_t)64U;
-    b2[i0] = b2[i0] | (uint64_t)1U << j;
-    uint64_t acc = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 64U;
+    uint32_t j = bBits % 64U;
+    b2[i0] = b2[i0] | 1ULL << j;
+    uint64_t acc = 0ULL;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]);
       uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
     }
     uint64_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    m1 = 0xFFFFFFFFFFFFFFFFULL;
   }
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m2 = acc;
   uint64_t m = m1 & m2;
@@ -1945,19 +1869,12 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t aM[len];
     memset(aM, 0U, len * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-    uint64_t c[len + len];
-    memset(c, 0U, (len + len) * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-    uint64_t tmp0[(uint32_t)4U * len];
-    memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-    Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp0, c);
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c, aM);
+    Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM);
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t resM[len];
     memset(resM, 0U, len * sizeof (uint64_t));
@@ -1969,13 +1886,13 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
     uint64_t *ctx_n = ctx;
     uint64_t *ctx_r2 = ctx + len;
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)64U;
-      uint32_t j = i % (uint32_t)64U;
+      uint32_t i1 = i / 64U;
+      uint32_t j = i % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
-      if (!(bit == (uint64_t)0U))
+      uint64_t bit = tmp >> j & 1ULL;
+      if (!(bit == 0ULL))
       {
         uint64_t *ctx_n0 = ctx;
         bn_almost_mont_mul_u64(len, ctx_n0, mu, resM, aM, resM);
@@ -1983,44 +1900,33 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
       uint64_t *ctx_n0 = ctx;
       bn_almost_mont_sqr_u64(len, ctx_n0, mu, aM, aM);
     }
-    KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-    uint64_t tmp[len + len];
-    memset(tmp, 0U, (len + len) * sizeof (uint64_t));
-    memcpy(tmp, resM, len * sizeof (uint64_t));
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, tmp, res);
+    Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res);
     return;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t aM[len];
   memset(aM, 0U, len * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t c[len + len];
-  memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp0[(uint32_t)4U * len];
-  memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp0, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c, aM);
+  Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM);
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t resM[len];
   memset(resM, 0U, len * sizeof (uint64_t));
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t ctx[len + len];
   memset(ctx, 0U, (len + len) * sizeof (uint64_t));
   memcpy(ctx, n, len * sizeof (uint64_t));
   memcpy(ctx + len, r2, len * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)16U * len);
-  uint64_t table[(uint32_t)16U * len];
-  memset(table, 0U, (uint32_t)16U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len);
+  uint64_t table[16U * len];
+  memset(table, 0U, 16U * len * sizeof (uint64_t));
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint64_t));
@@ -2031,21 +1937,21 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
   Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n0, mu, ctx_r20, t0);
   memcpy(t1, aM, len * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * len;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * len;
     uint64_t *ctx_n1 = ctx;
     bn_almost_mont_sqr_u64(len, ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len, tmp, len * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len;
+    memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * len;
     uint64_t *ctx_n = ctx;
     bn_almost_mont_mul_u64(len, ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len, tmp, len * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, 4U);
     uint32_t bits_l32 = (uint32_t)bits_c;
     const uint64_t *a_bits_l = table + bits_l32 * len;
     memcpy(resM, (uint64_t *)a_bits_l, len * sizeof (uint64_t));
@@ -2057,29 +1963,25 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
-  uint64_t tmp1[len];
-  memset(tmp1, 0U, len * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  uint64_t tmp0[len];
+  memset(tmp0, 0U, len * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       bn_almost_mont_sqr_u64(len, ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
     uint32_t bits_l32 = (uint32_t)bits_l;
     const uint64_t *a_bits_l = table + bits_l32 * len;
-    memcpy(tmp1, (uint64_t *)a_bits_l, len * sizeof (uint64_t));
+    memcpy(tmp0, (uint64_t *)a_bits_l, len * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
-    bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp1, resM);
+    bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp0, resM);
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t tmp2[len + len];
-  memset(tmp2, 0U, (len + len) * sizeof (uint64_t));
-  memcpy(tmp2, resM, len * sizeof (uint64_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, tmp2, res);
+  Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res);
 }
 
 void
@@ -2094,19 +1996,12 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t aM[len];
     memset(aM, 0U, len * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-    uint64_t c[len + len];
-    memset(c, 0U, (len + len) * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-    uint64_t tmp0[(uint32_t)4U * len];
-    memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-    Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp0, c);
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c, aM);
+    Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM);
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t resM[len];
     memset(resM, 0U, len * sizeof (uint64_t));
@@ -2115,20 +2010,20 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
     memset(ctx, 0U, (len + len) * sizeof (uint64_t));
     memcpy(ctx, n, len * sizeof (uint64_t));
     memcpy(ctx + len, r2, len * sizeof (uint64_t));
-    uint64_t sw = (uint64_t)0U;
+    uint64_t sw = 0ULL;
     uint64_t *ctx_n = ctx;
     uint64_t *ctx_r2 = ctx + len;
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)64U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)64U;
+      uint32_t i1 = (bBits - i0 - 1U) / 64U;
+      uint32_t j = (bBits - i0 - 1U) % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
+      uint64_t bit = tmp >> j & 1ULL;
       uint64_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      for (uint32_t i = 0U; i < len; i++)
       {
-        uint64_t dummy = ((uint64_t)0U - sw1) & (resM[i] ^ aM[i]);
+        uint64_t dummy = (0ULL - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;
       }
@@ -2139,50 +2034,39 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
       sw = bit;
     }
     uint64_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < len; i++)
+    for (uint32_t i = 0U; i < len; i++)
     {
-      uint64_t dummy = ((uint64_t)0U - sw0) & (resM[i] ^ aM[i]);
+      uint64_t dummy = (0ULL - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;
     }
-    KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-    uint64_t tmp[len + len];
-    memset(tmp, 0U, (len + len) * sizeof (uint64_t));
-    memcpy(tmp, resM, len * sizeof (uint64_t));
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, tmp, res);
+    Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res);
     return;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t aM[len];
   memset(aM, 0U, len * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t c0[len + len];
-  memset(c0, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp0[(uint32_t)4U * len];
-  memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp0, c0);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c0, aM);
+  Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM);
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t resM[len];
   memset(resM, 0U, len * sizeof (uint64_t));
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t ctx[len + len];
   memset(ctx, 0U, (len + len) * sizeof (uint64_t));
   memcpy(ctx, n, len * sizeof (uint64_t));
   memcpy(ctx + len, r2, len * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)16U * len);
-  uint64_t table[(uint32_t)16U * len];
-  memset(table, 0U, (uint32_t)16U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len);
+  uint64_t table[16U * len];
+  memset(table, 0U, 16U * len * sizeof (uint64_t));
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint64_t));
@@ -2193,29 +2077,29 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
   Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n0, mu, ctx_r20, t0);
   memcpy(t1, aM, len * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * len;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * len;
     uint64_t *ctx_n1 = ctx;
     bn_almost_mont_sqr_u64(len, ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len, tmp, len * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len;
+    memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * len;
     uint64_t *ctx_n = ctx;
     bn_almost_mont_mul_u64(len, ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len, tmp, len * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint64_t *)(table + (uint32_t)0U * len), len * sizeof (uint64_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, 4U);
+    memcpy(resM, (uint64_t *)(table + 0U * len), len * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * len;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * len;
+      for (uint32_t i = 0U; i < len; i++)
       {
         uint64_t *os = resM;
         uint64_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -2229,39 +2113,35 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
-  uint64_t tmp1[len];
-  memset(tmp1, 0U, len * sizeof (uint64_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  uint64_t tmp0[len];
+  memset(tmp0, 0U, len * sizeof (uint64_t));
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       bn_almost_mont_sqr_u64(len, ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp1, (uint64_t *)(table + (uint32_t)0U * len), len * sizeof (uint64_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
+    memcpy(tmp0, (uint64_t *)(table + 0U * len), len * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * len;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * len;
+      for (uint32_t i = 0U; i < len; i++)
       {
-        uint64_t *os = tmp1;
-        uint64_t x = (c & res_j[i]) | (~c & tmp1[i]);
+        uint64_t *os = tmp0;
+        uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;
       });
     uint64_t *ctx_n = ctx;
-    bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp1, resM);
+    bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp0, resM);
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t tmp2[len + len];
-  memset(tmp2, 0U, (len + len) * sizeof (uint64_t));
-  memcpy(tmp2, resM, len * sizeof (uint64_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, tmp2, res);
+  Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res);
 }
 
 void
diff --git a/src/Hacl_Bignum256.c b/src/Hacl_Bignum256.c
index 41aaadeb..54bbc88a 100644
--- a/src/Hacl_Bignum256.c
+++ b/src/Hacl_Bignum256.c
@@ -60,23 +60,23 @@ Write `a + b mod 2^256` in `res`.
 */
 uint64_t Hacl_Bignum256_add(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   return c;
@@ -91,23 +91,23 @@ Write `a - b mod 2^256` in `res`.
 */
 uint64_t Hacl_Bignum256_sub(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   return c;
@@ -125,52 +125,52 @@ Write `(a + b) mod n` in `res`.
 */
 void Hacl_Bignum256_add_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
@@ -188,53 +188,53 @@ Write `(a - b) mod n` in `res`.
 */
 void Hacl_Bignum256_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & tmp[i]) | (~c2 & res[i]);
     os[i] = x;);
@@ -248,30 +248,30 @@ Write `a * b` in `res`.
 */
 void Hacl_Bignum256_mul(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t bj = b[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = a[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = a[4U * 0U];
+      uint64_t *res_i0 = res_j + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = a[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = a[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = a[4U * 0U + 3U];
+      uint64_t *res_i = res_j + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
     uint64_t r = c;
-    res[(uint32_t)4U + i0] = r;);
+    res[4U + i0] = r;);
 }
 
 /**
@@ -282,31 +282,31 @@ Write `a * a` in `res`.
 */
 void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *ab = a;
     uint64_t a_j = a[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = ab[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = ab[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = ab[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = ab[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint64_t a_i = ab[i];
       uint64_t *res_i = res_j + i;
@@ -314,29 +314,29 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     }
     uint64_t r = c;
     res[i0 + i0] = r;);
-  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, res, res);
+  KRML_MAYBE_UNUSED_VAR(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U));
+    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U));
     uint64_t lo = FStar_UInt128_uint128_to_uint64(res1);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;);
+  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, tmp, res);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
-  uint32_t i = nBits / (uint32_t)64U;
-  uint32_t j = nBits % (uint32_t)64U;
-  res[i] = res[i] | (uint64_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)512U - nBits; i0++)
+  memset(res, 0U, 4U * sizeof (uint64_t));
+  uint32_t i = nBits / 64U;
+  uint32_t j = nBits % 64U;
+  res[i] = res[i] | 1ULL << j;
+  for (uint32_t i0 = 0U; i0 < 512U - nBits; i0++)
   {
     Hacl_Bignum256_add_mod(n, res, res, res);
   }
@@ -344,112 +344,119 @@ static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
 
 static inline void reduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
+    uint64_t c1 = 0ULL;
     {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = n[4U * 0U];
+      uint64_t *res_i0 = res_j0 + 4U * 0U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * 0U + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * 0U + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * 0U + 3U];
+      uint64_t *res_i = res_j0 + 4U * 0U + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i);
     }
     uint64_t r = c1;
     uint64_t c10 = r;
-    uint64_t *resb = c + (uint32_t)4U + i0;
-    uint64_t res_j = c[(uint32_t)4U + i0];
+    uint64_t *resb = c + 4U + i0;
+    uint64_t res_j = c[4U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb););
-  memcpy(res, c + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, c + 4U, 4U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c1 = (uint64_t)0U;
+  uint64_t c1 = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t12, t2, res_i);
   }
   uint64_t c10 = c1;
   uint64_t c2 = c00 - c10;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
 }
 
+static inline void to(uint64_t *n, uint64_t nInv, uint64_t *r2, uint64_t *a, uint64_t *aM)
+{
+  uint64_t c[8U] = { 0U };
+  Hacl_Bignum256_mul(a, r2, c);
+  reduction(n, nInv, c, aM);
+}
+
 static inline void from(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *a)
 {
   uint64_t tmp[8U] = { 0U };
-  memcpy(tmp, aM, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(tmp, aM, 4U * sizeof (uint64_t));
   reduction(n, nInv_u64, tmp, a);
 }
 
 static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
+    uint64_t c1 = 0ULL;
     {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = n[4U * 0U];
+      uint64_t *res_i0 = res_j0 + 4U * 0U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * 0U + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * 0U + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * 0U + 3U];
+      uint64_t *res_i = res_j0 + 4U * 0U + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i);
     }
     uint64_t r = c1;
     uint64_t c10 = r;
-    uint64_t *resb = c + (uint32_t)4U + i0;
-    uint64_t res_j = c[(uint32_t)4U + i0];
+    uint64_t *resb = c + 4U + i0;
+    uint64_t res_j = c[4U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb););
-  memcpy(res, c + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, c + 4U, 4U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t m = 0ULL - c00;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (m & tmp[i]) | (~m & res[i]);
     os[i] = x;);
@@ -459,82 +466,14 @@ static inline void
 amont_mul(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *bM, uint64_t *resM)
 {
   uint64_t c[8U] = { 0U };
-  memset(c, 0U, (uint32_t)8U * sizeof (uint64_t));
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t bj = bM[i0];
-    uint64_t *res_j = c + i0;
-    uint64_t c1 = (uint64_t)0U;
-    {
-      uint64_t a_i = aM[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c1, res_i0);
-      uint64_t a_i0 = aM[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c1, res_i1);
-      uint64_t a_i1 = aM[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c1, res_i2);
-      uint64_t a_i2 = aM[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c1, res_i);
-    }
-    uint64_t r = c1;
-    c[(uint32_t)4U + i0] = r;);
+  Hacl_Bignum256_mul(aM, bM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
 static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *resM)
 {
   uint64_t c[8U] = { 0U };
-  memset(c, 0U, (uint32_t)8U * sizeof (uint64_t));
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *ab = aM;
-    uint64_t a_j = aM[i0];
-    uint64_t *res_j = c + i0;
-    uint64_t c1 = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
-    {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c1, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c1, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c1, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c1, res_i);
-    }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
-    {
-      uint64_t a_i = ab[i];
-      uint64_t *res_i = res_j + i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c1, res_i);
-    }
-    uint64_t r = c1;
-    c[i0 + i0] = r;);
-  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, c, c);
-  KRML_HOST_IGNORE(c0);
-  uint64_t tmp[8U] = { 0U };
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    FStar_UInt128_uint128 res = FStar_UInt128_mul_wide(aM[i], aM[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U));
-    uint64_t lo = FStar_UInt128_uint128_to_uint64(res);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, tmp, c);
-  KRML_HOST_IGNORE(c1);
+  Hacl_Bignum256_sqr(aM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -543,50 +482,9 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
 {
   uint64_t a_mod[4U] = { 0U };
   uint64_t a1[8U] = { 0U };
-  memcpy(a1, a, (uint32_t)8U * sizeof (uint64_t));
-  uint64_t c0 = (uint64_t)0U;
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t qj = mu * a1[i0];
-    uint64_t *res_j0 = a1 + i0;
-    uint64_t c = (uint64_t)0U;
-    {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i);
-    }
-    uint64_t r = c;
-    uint64_t c1 = r;
-    uint64_t *resb = a1 + (uint32_t)4U + i0;
-    uint64_t res_j = a1[(uint32_t)4U + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb););
-  memcpy(a_mod, a1 + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
-  uint64_t c00 = c0;
-  uint64_t tmp[4U] = { 0U };
-  uint64_t c1 = Hacl_Bignum256_sub(a_mod, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = a_mod;
-    uint64_t x = (m & tmp[i]) | (~m & a_mod[i]);
-    os[i] = x;);
-  uint64_t c[8U] = { 0U };
-  Hacl_Bignum256_mul(a_mod, r2, c);
-  reduction(n, mu, c, res);
+  memcpy(a1, a, 8U * sizeof (uint64_t));
+  areduction(n, mu, a1, a_mod);
+  to(n, mu, r2, a_mod, res);
 }
 
 /**
@@ -603,23 +501,22 @@ Write `a mod n` in `res`.
 bool Hacl_Bignum256_mod(uint64_t *n, uint64_t *a, uint64_t *res)
 {
   uint64_t one[4U] = { 0U };
-  memset(one, 0U, (uint32_t)4U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc = (uint64_t)0U;
+  memset(one, 0U, 4U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m1 = acc;
   uint64_t is_valid_m = m0 & m1;
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     uint64_t r2[4U] = { 0U };
     precompr2(nBits, n, r2);
@@ -628,68 +525,68 @@ bool Hacl_Bignum256_mod(uint64_t *n, uint64_t *a, uint64_t *res)
   }
   else
   {
-    memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
+    memset(res, 0U, 4U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static uint64_t exp_check(uint64_t *n, uint64_t *a, uint32_t bBits, uint64_t *b)
 {
   uint64_t one[4U] = { 0U };
-  memset(one, 0U, (uint32_t)4U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
+  memset(one, 0U, 4U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m10 = acc0;
   uint64_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t m1;
-  if (bBits < (uint32_t)64U * bLen)
+  if (bBits < 64U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), bLen);
     uint64_t b2[bLen];
     memset(b2, 0U, bLen * sizeof (uint64_t));
-    uint32_t i0 = bBits / (uint32_t)64U;
-    uint32_t j = bBits % (uint32_t)64U;
-    b2[i0] = b2[i0] | (uint64_t)1U << j;
-    uint64_t acc = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 64U;
+    uint32_t j = bBits % 64U;
+    b2[i0] = b2[i0] | 1ULL << j;
+    uint64_t acc = 0ULL;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]);
       uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
     }
     uint64_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    m1 = 0xFFFFFFFFFFFFFFFFULL;
   }
-  uint64_t acc = (uint64_t)0U;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m2 = acc;
   uint64_t m = m1 & m2;
   return m00 & m;
@@ -706,26 +603,24 @@ exp_vartime_precomp(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint64_t aM[4U] = { 0U };
-    uint64_t c[8U] = { 0U };
-    Hacl_Bignum256_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint64_t resM[4U] = { 0U };
     uint64_t ctx[8U] = { 0U };
-    memcpy(ctx, n, (uint32_t)4U * sizeof (uint64_t));
-    memcpy(ctx + (uint32_t)4U, r2, (uint32_t)4U * sizeof (uint64_t));
+    memcpy(ctx, n, 4U * sizeof (uint64_t));
+    memcpy(ctx + 4U, r2, 4U * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)4U;
+    uint64_t *ctx_r2 = ctx + 4U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)64U;
-      uint32_t j = i % (uint32_t)64U;
+      uint32_t i1 = i / 64U;
+      uint32_t j = i % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
-      if (!(bit == (uint64_t)0U))
+      uint64_t bit = tmp >> j & 1ULL;
+      if (!(bit == 0ULL))
       {
         uint64_t *ctx_n0 = ctx;
         amont_mul(ctx_n0, mu, resM, aM, resM);
@@ -733,86 +628,76 @@ exp_vartime_precomp(
       uint64_t *ctx_n0 = ctx;
       amont_sqr(ctx_n0, mu, aM, aM);
     }
-    uint64_t tmp[8U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)4U * sizeof (uint64_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint64_t aM[4U] = { 0U };
-  uint64_t c[8U] = { 0U };
-  Hacl_Bignum256_mul(a, r2, c);
-  reduction(n, mu, c, aM);
+  to(n, mu, r2, a, aM);
   uint64_t resM[4U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t ctx[8U] = { 0U };
-  memcpy(ctx, n, (uint32_t)4U * sizeof (uint64_t));
-  memcpy(ctx + (uint32_t)4U, r2, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(ctx, n, 4U * sizeof (uint64_t));
+  memcpy(ctx + 4U, r2, 4U * sizeof (uint64_t));
   uint64_t table[64U] = { 0U };
   uint64_t tmp[4U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)4U;
+  uint64_t *t1 = table + 4U;
   uint64_t *ctx_n0 = ctx;
-  uint64_t *ctx_r20 = ctx + (uint32_t)4U;
+  uint64_t *ctx_r20 = ctx + 4U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(t1, aM, 4U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)4U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 4U;
     uint64_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)4U,
-      tmp,
-      (uint32_t)4U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)4U;
+    memcpy(table + (2U * i + 2U) * 4U, tmp, 4U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 4U;
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)4U,
-      tmp,
-      (uint32_t)4U * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 4U, tmp, 4U * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, 4U);
     uint32_t bits_l32 = (uint32_t)bits_c;
-    const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)4U;
-    memcpy(resM, (uint64_t *)a_bits_l, (uint32_t)4U * sizeof (uint64_t));
+    const uint64_t *a_bits_l = table + bits_l32 * 4U;
+    memcpy(resM, (uint64_t *)a_bits_l, 4U * sizeof (uint64_t));
   }
   else
   {
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)4U;
+    uint64_t *ctx_r2 = ctx + 4U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint64_t tmp0[4U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
     uint32_t bits_l32 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)4U;
-    memcpy(tmp0, (uint64_t *)a_bits_l, (uint32_t)4U * sizeof (uint64_t));
+    const uint64_t *a_bits_l = table + bits_l32 * 4U;
+    memcpy(tmp0, (uint64_t *)a_bits_l, 4U * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint64_t tmp1[8U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)4U * sizeof (uint64_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -826,32 +711,30 @@ exp_consttime_precomp(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint64_t aM[4U] = { 0U };
-    uint64_t c[8U] = { 0U };
-    Hacl_Bignum256_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint64_t resM[4U] = { 0U };
     uint64_t ctx[8U] = { 0U };
-    memcpy(ctx, n, (uint32_t)4U * sizeof (uint64_t));
-    memcpy(ctx + (uint32_t)4U, r2, (uint32_t)4U * sizeof (uint64_t));
-    uint64_t sw = (uint64_t)0U;
+    memcpy(ctx, n, 4U * sizeof (uint64_t));
+    memcpy(ctx + 4U, r2, 4U * sizeof (uint64_t));
+    uint64_t sw = 0ULL;
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)4U;
+    uint64_t *ctx_r2 = ctx + 4U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)64U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)64U;
+      uint32_t i1 = (bBits - i0 - 1U) / 64U;
+      uint32_t j = (bBits - i0 - 1U) % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
+      uint64_t bit = tmp >> j & 1ULL;
       uint64_t sw1 = bit ^ sw;
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
-        uint64_t dummy = ((uint64_t)0U - sw1) & (resM[i] ^ aM[i]);
+        0U,
+        4U,
+        1U,
+        uint64_t dummy = (0ULL - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;);
       uint64_t *ctx_n0 = ctx;
@@ -862,73 +745,65 @@ exp_consttime_precomp(
     }
     uint64_t sw0 = sw;
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t dummy = ((uint64_t)0U - sw0) & (resM[i] ^ aM[i]);
+      0U,
+      4U,
+      1U,
+      uint64_t dummy = (0ULL - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;);
-    uint64_t tmp[8U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)4U * sizeof (uint64_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint64_t aM[4U] = { 0U };
-  uint64_t c0[8U] = { 0U };
-  Hacl_Bignum256_mul(a, r2, c0);
-  reduction(n, mu, c0, aM);
+  to(n, mu, r2, a, aM);
   uint64_t resM[4U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t ctx[8U] = { 0U };
-  memcpy(ctx, n, (uint32_t)4U * sizeof (uint64_t));
-  memcpy(ctx + (uint32_t)4U, r2, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(ctx, n, 4U * sizeof (uint64_t));
+  memcpy(ctx + 4U, r2, 4U * sizeof (uint64_t));
   uint64_t table[64U] = { 0U };
   uint64_t tmp[4U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)4U;
+  uint64_t *t1 = table + 4U;
   uint64_t *ctx_n0 = ctx;
-  uint64_t *ctx_r20 = ctx + (uint32_t)4U;
+  uint64_t *ctx_r20 = ctx + 4U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(t1, aM, 4U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)4U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 4U;
     uint64_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)4U,
-      tmp,
-      (uint32_t)4U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)4U;
+    memcpy(table + (2U * i + 2U) * 4U, tmp, 4U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 4U;
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)4U,
-      tmp,
-      (uint32_t)4U * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 4U, tmp, 4U * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint64_t *)table, (uint32_t)4U * sizeof (uint64_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, 4U);
+    memcpy(resM, (uint64_t *)table, 4U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)4U;
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 4U;
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint64_t *os = resM;
         uint64_t x = (c & res_j[i]) | (~c & resM[i]);
         os[i] = x;););
@@ -936,40 +811,38 @@ exp_consttime_precomp(
   else
   {
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)4U;
+    uint64_t *ctx_r2 = ctx + 4U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint64_t tmp0[4U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)4U * sizeof (uint64_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 4U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)4U;
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 4U;
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;););
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint64_t tmp1[8U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)4U * sizeof (uint64_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -1034,17 +907,16 @@ Hacl_Bignum256_mod_exp_vartime(
 )
 {
   uint64_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     exp_vartime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
+    memset(res, 0U, 4U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -1077,17 +949,16 @@ Hacl_Bignum256_mod_exp_consttime(
 )
 {
   uint64_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     exp_consttime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
+    memset(res, 0U, 4U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -1108,67 +979,66 @@ Write `a ^ (-1) mod n` in `res`.
 bool Hacl_Bignum256_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *res)
 {
   uint64_t one[4U] = { 0U };
-  memset(one, 0U, (uint32_t)4U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
+  memset(one, 0U, 4U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m1 = acc0;
   uint64_t m00 = m0 & m1;
   uint64_t bn_zero[4U] = { 0U };
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
   uint64_t res10 = mask1;
   uint64_t m10 = res10;
-  uint64_t acc = (uint64_t)0U;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m2 = acc;
   uint64_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     uint64_t n2[4U] = { 0U };
-    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, n[0U], (uint64_t)2U, n2);
-    uint64_t *a1 = n + (uint32_t)1U;
-    uint64_t *res1 = n2 + (uint32_t)1U;
+    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, n[0U], 2ULL, n2);
+    uint64_t *a1 = n + 1U;
+    uint64_t *res1 = n2 + 1U;
     uint64_t c = c0;
     KRML_MAYBE_FOR3(i,
-      (uint32_t)0U,
-      (uint32_t)3U,
-      (uint32_t)1U,
+      0U,
+      3U,
+      1U,
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
-    KRML_HOST_IGNORE(c2);
-    exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
+    KRML_MAYBE_UNUSED_VAR(c2);
+    exp_vartime(nBits, n, a, 256U, n2, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
+    memset(res, 0U, 4U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 
@@ -1192,17 +1062,15 @@ Heap-allocate and initialize a montgomery context.
 */
 Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 *Hacl_Bignum256_mont_ctx_init(uint64_t *n)
 {
-  uint64_t *r2 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint64_t));
-  uint64_t *n1 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint64_t));
+  uint64_t *r2 = (uint64_t *)KRML_HOST_CALLOC(4U, sizeof (uint64_t));
+  uint64_t *n1 = (uint64_t *)KRML_HOST_CALLOC(4U, sizeof (uint64_t));
   uint64_t *r21 = r2;
   uint64_t *n11 = n1;
-  memcpy(n11, n, (uint32_t)4U * sizeof (uint64_t));
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
+  memcpy(n11, n, 4U * sizeof (uint64_t));
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
   precompr2(nBits, n, r21);
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
-  res = { .len = (uint32_t)4U, .n = n11, .mu = mu, .r2 = r21 };
+  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 res = { .len = 4U, .n = n11, .mu = mu, .r2 = r21 };
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
   *buf =
     (Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 *)KRML_HOST_MALLOC(sizeof (
@@ -1330,21 +1198,21 @@ Hacl_Bignum256_mod_inv_prime_vartime_precomp(
 {
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 k1 = *k;
   uint64_t n2[4U] = { 0U };
-  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, k1.n[0U], (uint64_t)2U, n2);
-  uint64_t *a1 = k1.n + (uint32_t)1U;
-  uint64_t *res1 = n2 + (uint32_t)1U;
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, k1.n[0U], 2ULL, n2);
+  uint64_t *a1 = k1.n + 1U;
+  uint64_t *res1 = n2 + 1U;
   uint64_t c = c0;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
+    0U,
+    3U,
+    1U,
     uint64_t t1 = a1[i];
     uint64_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
-  KRML_HOST_IGNORE(c2);
-  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
+  KRML_MAYBE_UNUSED_VAR(c2);
+  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, 256U, n2, res);
 }
 
 
@@ -1366,36 +1234,28 @@ Load a bid-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum256_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint64_t *os = res2;
-    uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;
   }
@@ -1415,36 +1275,28 @@ Load a little-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum256_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 8U + 1U; i++)
   {
     uint64_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)8U;
+    uint8_t *bj = tmp + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r1 = u;
     uint64_t x = r1;
@@ -1462,12 +1314,8 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_be(res + i * (uint32_t)8U, b[(uint32_t)4U - i - (uint32_t)1U]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(res + i * 8U, b[4U - i - 1U]););
 }
 
 /**
@@ -1479,12 +1327,8 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(res + i * (uint32_t)8U, b[i]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_le(res + i * 8U, b[i]););
 }
 
 
@@ -1500,14 +1344,14 @@ Returns 2^64 - 1 if a < b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum256_lt_mask(uint64_t *a, uint64_t *b)
 {
-  uint64_t acc = (uint64_t)0U;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(a[i], b[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   return acc;
 }
 
@@ -1518,11 +1362,11 @@ Returns 2^64 - 1 if a = b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum256_eq_mask(uint64_t *a, uint64_t *b)
 {
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
diff --git a/src/Hacl_Bignum256_32.c b/src/Hacl_Bignum256_32.c
index ada15309..eed6c65c 100644
--- a/src/Hacl_Bignum256_32.c
+++ b/src/Hacl_Bignum256_32.c
@@ -60,26 +60,26 @@ Write `a + b mod 2^256` in `res`.
 */
 uint32_t Hacl_Bignum256_32_add(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
+  uint32_t c = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i););
   return c;
 }
@@ -93,26 +93,26 @@ Write `a - b mod 2^256` in `res`.
 */
 uint32_t Hacl_Bignum256_32_sub(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
+  uint32_t c = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i););
   return c;
 }
@@ -129,56 +129,56 @@ Write `(a + b) mod n` in `res`.
 */
 void Hacl_Bignum256_32_add_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
+  uint32_t c0 = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t12, t2, res_i););
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
-  uint32_t c = (uint32_t)0U;
+  uint32_t c = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c00 - c1;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
@@ -196,57 +196,57 @@ Write `(a - b) mod n` in `res`.
 */
 void Hacl_Bignum256_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
+  uint32_t c0 = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t12, t2, res_i););
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
-  uint32_t c = (uint32_t)0U;
+  uint32_t c = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i););
   uint32_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint32_t c2 = (uint32_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t c2 = 0U - c00;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = res;
     uint32_t x = (c2 & tmp[i]) | (~c2 & res[i]);
     os[i] = x;);
@@ -260,32 +260,32 @@ Write `a * b` in `res`.
 */
 void Hacl_Bignum256_32_mul(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  memset(res, 0U, (uint32_t)16U * sizeof (uint32_t));
+  memset(res, 0U, 16U * sizeof (uint32_t));
   KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t bj = b[i0];
     uint32_t *res_j = res + i0;
-    uint32_t c = (uint32_t)0U;
+    uint32_t c = 0U;
     KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = a[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
+      0U,
+      2U,
+      1U,
+      uint32_t a_i = a[4U * i];
+      uint32_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i0);
-      uint32_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = a[4U * i + 1U];
+      uint32_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c, res_i1);
-      uint32_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = a[4U * i + 2U];
+      uint32_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c, res_i2);
-      uint32_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = a[4U * i + 3U];
+      uint32_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c, res_i););
     uint32_t r = c;
-    res[(uint32_t)8U + i0] = r;);
+    res[8U + i0] = r;);
 }
 
 /**
@@ -296,31 +296,31 @@ Write `a * a` in `res`.
 */
 void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
 {
-  memset(res, 0U, (uint32_t)16U * sizeof (uint32_t));
+  memset(res, 0U, 16U * sizeof (uint32_t));
   KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *ab = a;
     uint32_t a_j = a[i0];
     uint32_t *res_j = res + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint32_t c = 0U;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint32_t a_i = ab[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint32_t a_i = ab[4U * i];
+      uint32_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i0);
-      uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = ab[4U * i + 1U];
+      uint32_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c, res_i1);
-      uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = ab[4U * i + 2U];
+      uint32_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c, res_i2);
-      uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = ab[4U * i + 3U];
+      uint32_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint32_t a_i = ab[i];
       uint32_t *res_i = res_j + i;
@@ -328,29 +328,29 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     }
     uint32_t r = c;
     res[i0 + i0] = r;);
-  uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(16U, res, res, res);
+  KRML_MAYBE_UNUSED_VAR(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t res1 = (uint64_t)a[i] * (uint64_t)a[i];
-    uint32_t hi = (uint32_t)(res1 >> (uint32_t)32U);
+    uint32_t hi = (uint32_t)(res1 >> 32U);
     uint32_t lo = (uint32_t)res1;
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;);
+  uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(16U, res, tmp, res);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
-  uint32_t i = nBits / (uint32_t)32U;
-  uint32_t j = nBits % (uint32_t)32U;
-  res[i] = res[i] | (uint32_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)512U - nBits; i0++)
+  memset(res, 0U, 8U * sizeof (uint32_t));
+  uint32_t i = nBits / 32U;
+  uint32_t j = nBits % 32U;
+  res[i] = res[i] | 1U << j;
+  for (uint32_t i0 = 0U; i0 < 512U - nBits; i0++)
   {
     Hacl_Bignum256_32_add_mod(n, res, res, res);
   }
@@ -358,118 +358,125 @@ static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
 
 static inline void reduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
+  uint32_t c0 = 0U;
   KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
+    uint32_t c1 = 0U;
     KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      0U,
+      2U,
+      1U,
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i););
     uint32_t r = c1;
     uint32_t c10 = r;
-    uint32_t *resb = c + (uint32_t)8U + i0;
-    uint32_t res_j = c[(uint32_t)8U + i0];
+    uint32_t *resb = c + 8U + i0;
+    uint32_t res_j = c[8U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb););
-  memcpy(res, c + (uint32_t)8U, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(res, c + 8U, 8U * sizeof (uint32_t));
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
-  uint32_t c1 = (uint32_t)0U;
+  uint32_t c1 = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t12, t2, res_i););
   uint32_t c10 = c1;
   uint32_t c2 = c00 - c10;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
 }
 
+static inline void to(uint32_t *n, uint32_t nInv, uint32_t *r2, uint32_t *a, uint32_t *aM)
+{
+  uint32_t c[16U] = { 0U };
+  Hacl_Bignum256_32_mul(a, r2, c);
+  reduction(n, nInv, c, aM);
+}
+
 static inline void from(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *a)
 {
   uint32_t tmp[16U] = { 0U };
-  memcpy(tmp, aM, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(tmp, aM, 8U * sizeof (uint32_t));
   reduction(n, nInv_u64, tmp, a);
 }
 
 static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
+  uint32_t c0 = 0U;
   KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
+    uint32_t c1 = 0U;
     KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      0U,
+      2U,
+      1U,
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i););
     uint32_t r = c1;
     uint32_t c10 = r;
-    uint32_t *resb = c + (uint32_t)8U + i0;
-    uint32_t res_j = c[(uint32_t)8U + i0];
+    uint32_t *resb = c + 8U + i0;
+    uint32_t res_j = c[8U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb););
-  memcpy(res, c + (uint32_t)8U, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(res, c + 8U, 8U * sizeof (uint32_t));
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t m = 0U - c00;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = res;
     uint32_t x = (m & tmp[i]) | (~m & res[i]);
     os[i] = x;);
@@ -479,84 +486,14 @@ static inline void
 amont_mul(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *bM, uint32_t *resM)
 {
   uint32_t c[16U] = { 0U };
-  memset(c, 0U, (uint32_t)16U * sizeof (uint32_t));
-  KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t bj = bM[i0];
-    uint32_t *res_j = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = aM[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c1, res_i0);
-      uint32_t a_i0 = aM[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c1, res_i1);
-      uint32_t a_i1 = aM[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c1, res_i2);
-      uint32_t a_i2 = aM[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c1, res_i););
-    uint32_t r = c1;
-    c[(uint32_t)8U + i0] = r;);
+  Hacl_Bignum256_32_mul(aM, bM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
 static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *resM)
 {
   uint32_t c[16U] = { 0U };
-  memset(c, 0U, (uint32_t)16U * sizeof (uint32_t));
-  KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *ab = aM;
-    uint32_t a_j = aM[i0];
-    uint32_t *res_j = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
-    {
-      uint32_t a_i = ab[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c1, res_i0);
-      uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c1, res_i1);
-      uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c1, res_i2);
-      uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c1, res_i);
-    }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
-    {
-      uint32_t a_i = ab[i];
-      uint32_t *res_i = res_j + i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c1, res_i);
-    }
-    uint32_t r = c1;
-    c[i0 + i0] = r;);
-  uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, c, c);
-  KRML_HOST_IGNORE(c0);
-  uint32_t tmp[16U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint64_t res = (uint64_t)aM[i] * (uint64_t)aM[i];
-    uint32_t hi = (uint32_t)(res >> (uint32_t)32U);
-    uint32_t lo = (uint32_t)res;
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, tmp, c);
-  KRML_HOST_IGNORE(c1);
+  Hacl_Bignum256_32_sqr(aM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -565,52 +502,9 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
 {
   uint32_t a_mod[8U] = { 0U };
   uint32_t a1[16U] = { 0U };
-  memcpy(a1, a, (uint32_t)16U * sizeof (uint32_t));
-  uint32_t c0 = (uint32_t)0U;
-  KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t qj = mu * a1[i0];
-    uint32_t *res_j0 = a1 + i0;
-    uint32_t c = (uint32_t)0U;
-    KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c, res_i););
-    uint32_t r = c;
-    uint32_t c1 = r;
-    uint32_t *resb = a1 + (uint32_t)8U + i0;
-    uint32_t res_j = a1[(uint32_t)8U + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c1, res_j, resb););
-  memcpy(a_mod, a1 + (uint32_t)8U, (uint32_t)8U * sizeof (uint32_t));
-  uint32_t c00 = c0;
-  uint32_t tmp[8U] = { 0U };
-  uint32_t c1 = Hacl_Bignum256_32_sub(a_mod, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = a_mod;
-    uint32_t x = (m & tmp[i]) | (~m & a_mod[i]);
-    os[i] = x;);
-  uint32_t c[16U] = { 0U };
-  Hacl_Bignum256_32_mul(a_mod, r2, c);
-  reduction(n, mu, c, res);
+  memcpy(a1, a, 16U * sizeof (uint32_t));
+  areduction(n, mu, a1, a_mod);
+  to(n, mu, r2, a_mod, res);
 }
 
 /**
@@ -627,22 +521,22 @@ Write `a mod n` in `res`.
 bool Hacl_Bignum256_32_mod(uint32_t *n, uint32_t *a, uint32_t *res)
 {
   uint32_t one[8U] = { 0U };
-  memset(one, 0U, (uint32_t)8U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc = (uint32_t)0U;
+  memset(one, 0U, 8U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m1 = acc;
   uint32_t is_valid_m = m0 & m1;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     uint32_t r2[8U] = { 0U };
     precompr2(nBits, n, r2);
@@ -651,68 +545,68 @@ bool Hacl_Bignum256_32_mod(uint32_t *n, uint32_t *a, uint32_t *res)
   }
   else
   {
-    memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
+    memset(res, 0U, 8U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 static uint32_t exp_check(uint32_t *n, uint32_t *a, uint32_t bBits, uint32_t *b)
 {
   uint32_t one[8U] = { 0U };
-  memset(one, 0U, (uint32_t)8U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
+  memset(one, 0U, 8U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m10 = acc0;
   uint32_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t m1;
-  if (bBits < (uint32_t)32U * bLen)
+  if (bBits < 32U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), bLen);
     uint32_t b2[bLen];
     memset(b2, 0U, bLen * sizeof (uint32_t));
-    uint32_t i0 = bBits / (uint32_t)32U;
-    uint32_t j = bBits % (uint32_t)32U;
-    b2[i0] = b2[i0] | (uint32_t)1U << j;
-    uint32_t acc = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 32U;
+    uint32_t j = bBits % 32U;
+    b2[i0] = b2[i0] | 1U << j;
+    uint32_t acc = 0U;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint32_t beq = FStar_UInt32_eq_mask(b[i], b2[i]);
       uint32_t blt = ~FStar_UInt32_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
     }
     uint32_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint32_t)0xFFFFFFFFU;
+    m1 = 0xFFFFFFFFU;
   }
-  uint32_t acc = (uint32_t)0U;
+  uint32_t acc = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m2 = acc;
   uint32_t m = m1 & m2;
   return m00 & m;
@@ -729,26 +623,24 @@ exp_vartime_precomp(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint32_t aM[8U] = { 0U };
-    uint32_t c[16U] = { 0U };
-    Hacl_Bignum256_32_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint32_t resM[8U] = { 0U };
     uint32_t ctx[16U] = { 0U };
-    memcpy(ctx, n, (uint32_t)8U * sizeof (uint32_t));
-    memcpy(ctx + (uint32_t)8U, r2, (uint32_t)8U * sizeof (uint32_t));
+    memcpy(ctx, n, 8U * sizeof (uint32_t));
+    memcpy(ctx + 8U, r2, 8U * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)8U;
+    uint32_t *ctx_r2 = ctx + 8U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)32U;
-      uint32_t j = i % (uint32_t)32U;
+      uint32_t i1 = i / 32U;
+      uint32_t j = i % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
-      if (!(bit == (uint32_t)0U))
+      uint32_t bit = tmp >> j & 1U;
+      if (!(bit == 0U))
       {
         uint32_t *ctx_n0 = ctx;
         amont_mul(ctx_n0, mu, resM, aM, resM);
@@ -756,86 +648,76 @@ exp_vartime_precomp(
       uint32_t *ctx_n0 = ctx;
       amont_sqr(ctx_n0, mu, aM, aM);
     }
-    uint32_t tmp[16U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)8U * sizeof (uint32_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint32_t aM[8U] = { 0U };
-  uint32_t c[16U] = { 0U };
-  Hacl_Bignum256_32_mul(a, r2, c);
-  reduction(n, mu, c, aM);
+  to(n, mu, r2, a, aM);
   uint32_t resM[8U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t ctx[16U] = { 0U };
-  memcpy(ctx, n, (uint32_t)8U * sizeof (uint32_t));
-  memcpy(ctx + (uint32_t)8U, r2, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(ctx, n, 8U * sizeof (uint32_t));
+  memcpy(ctx + 8U, r2, 8U * sizeof (uint32_t));
   uint32_t table[128U] = { 0U };
   uint32_t tmp[8U] = { 0U };
   uint32_t *t0 = table;
-  uint32_t *t1 = table + (uint32_t)8U;
+  uint32_t *t1 = table + 8U;
   uint32_t *ctx_n0 = ctx;
-  uint32_t *ctx_r20 = ctx + (uint32_t)8U;
+  uint32_t *ctx_r20 = ctx + 8U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(t1, aM, 8U * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)8U;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * 8U;
     uint32_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)8U,
-      tmp,
-      (uint32_t)8U * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)8U;
+    memcpy(table + (2U * i + 2U) * 8U, tmp, 8U * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * 8U;
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)8U,
-      tmp,
-      (uint32_t)8U * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 8U, tmp, 8U * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, 4U);
     uint32_t bits_l32 = bits_c;
-    const uint32_t *a_bits_l = table + bits_l32 * (uint32_t)8U;
-    memcpy(resM, (uint32_t *)a_bits_l, (uint32_t)8U * sizeof (uint32_t));
+    const uint32_t *a_bits_l = table + bits_l32 * 8U;
+    memcpy(resM, (uint32_t *)a_bits_l, 8U * sizeof (uint32_t));
   }
   else
   {
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)8U;
+    uint32_t *ctx_r2 = ctx + 8U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint32_t tmp0[8U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
     uint32_t bits_l32 = bits_l;
-    const uint32_t *a_bits_l = table + bits_l32 * (uint32_t)8U;
-    memcpy(tmp0, (uint32_t *)a_bits_l, (uint32_t)8U * sizeof (uint32_t));
+    const uint32_t *a_bits_l = table + bits_l32 * 8U;
+    memcpy(tmp0, (uint32_t *)a_bits_l, 8U * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint32_t tmp1[16U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)8U * sizeof (uint32_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -849,32 +731,30 @@ exp_consttime_precomp(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint32_t aM[8U] = { 0U };
-    uint32_t c[16U] = { 0U };
-    Hacl_Bignum256_32_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint32_t resM[8U] = { 0U };
     uint32_t ctx[16U] = { 0U };
-    memcpy(ctx, n, (uint32_t)8U * sizeof (uint32_t));
-    memcpy(ctx + (uint32_t)8U, r2, (uint32_t)8U * sizeof (uint32_t));
-    uint32_t sw = (uint32_t)0U;
+    memcpy(ctx, n, 8U * sizeof (uint32_t));
+    memcpy(ctx + 8U, r2, 8U * sizeof (uint32_t));
+    uint32_t sw = 0U;
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)8U;
+    uint32_t *ctx_r2 = ctx + 8U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)32U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)32U;
+      uint32_t i1 = (bBits - i0 - 1U) / 32U;
+      uint32_t j = (bBits - i0 - 1U) % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
+      uint32_t bit = tmp >> j & 1U;
       uint32_t sw1 = bit ^ sw;
       KRML_MAYBE_FOR8(i,
-        (uint32_t)0U,
-        (uint32_t)8U,
-        (uint32_t)1U,
-        uint32_t dummy = ((uint32_t)0U - sw1) & (resM[i] ^ aM[i]);
+        0U,
+        8U,
+        1U,
+        uint32_t dummy = (0U - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;);
       uint32_t *ctx_n0 = ctx;
@@ -885,73 +765,65 @@ exp_consttime_precomp(
     }
     uint32_t sw0 = sw;
     KRML_MAYBE_FOR8(i,
-      (uint32_t)0U,
-      (uint32_t)8U,
-      (uint32_t)1U,
-      uint32_t dummy = ((uint32_t)0U - sw0) & (resM[i] ^ aM[i]);
+      0U,
+      8U,
+      1U,
+      uint32_t dummy = (0U - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;);
-    uint32_t tmp[16U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)8U * sizeof (uint32_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint32_t aM[8U] = { 0U };
-  uint32_t c0[16U] = { 0U };
-  Hacl_Bignum256_32_mul(a, r2, c0);
-  reduction(n, mu, c0, aM);
+  to(n, mu, r2, a, aM);
   uint32_t resM[8U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t ctx[16U] = { 0U };
-  memcpy(ctx, n, (uint32_t)8U * sizeof (uint32_t));
-  memcpy(ctx + (uint32_t)8U, r2, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(ctx, n, 8U * sizeof (uint32_t));
+  memcpy(ctx + 8U, r2, 8U * sizeof (uint32_t));
   uint32_t table[128U] = { 0U };
   uint32_t tmp[8U] = { 0U };
   uint32_t *t0 = table;
-  uint32_t *t1 = table + (uint32_t)8U;
+  uint32_t *t1 = table + 8U;
   uint32_t *ctx_n0 = ctx;
-  uint32_t *ctx_r20 = ctx + (uint32_t)8U;
+  uint32_t *ctx_r20 = ctx + 8U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(t1, aM, 8U * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)8U;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * 8U;
     uint32_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)8U,
-      tmp,
-      (uint32_t)8U * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)8U;
+    memcpy(table + (2U * i + 2U) * 8U, tmp, 8U * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * 8U;
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)8U,
-      tmp,
-      (uint32_t)8U * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 8U, tmp, 8U * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint32_t *)table, (uint32_t)8U * sizeof (uint32_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, 4U);
+    memcpy(resM, (uint32_t *)table, 8U * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)8U;
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * 8U;
       KRML_MAYBE_FOR8(i,
-        (uint32_t)0U,
-        (uint32_t)8U,
-        (uint32_t)1U,
+        0U,
+        8U,
+        1U,
         uint32_t *os = resM;
         uint32_t x = (c & res_j[i]) | (~c & resM[i]);
         os[i] = x;););
@@ -959,40 +831,38 @@ exp_consttime_precomp(
   else
   {
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)8U;
+    uint32_t *ctx_r2 = ctx + 8U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint32_t tmp0[8U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp0, (uint32_t *)table, (uint32_t)8U * sizeof (uint32_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
+    memcpy(tmp0, (uint32_t *)table, 8U * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)8U;
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * 8U;
       KRML_MAYBE_FOR8(i,
-        (uint32_t)0U,
-        (uint32_t)8U,
-        (uint32_t)1U,
+        0U,
+        8U,
+        1U,
         uint32_t *os = tmp0;
         uint32_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;););
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint32_t tmp1[16U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)8U * sizeof (uint32_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -1057,16 +927,16 @@ Hacl_Bignum256_32_mod_exp_vartime(
 )
 {
   uint32_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     exp_vartime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
+    memset(res, 0U, 8U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -1099,16 +969,16 @@ Hacl_Bignum256_32_mod_exp_consttime(
 )
 {
   uint32_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     exp_consttime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
+    memset(res, 0U, 8U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -1129,80 +999,80 @@ Write `a ^ (-1) mod n` in `res`.
 bool Hacl_Bignum256_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t *res)
 {
   uint32_t one[8U] = { 0U };
-  memset(one, 0U, (uint32_t)8U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
+  memset(one, 0U, 8U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m1 = acc0;
   uint32_t m00 = m0 & m1;
   uint32_t bn_zero[8U] = { 0U };
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
+  uint32_t mask = 0xFFFFFFFFU;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;);
   uint32_t mask1 = mask;
   uint32_t res10 = mask1;
   uint32_t m10 = res10;
-  uint32_t acc = (uint32_t)0U;
+  uint32_t acc = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m2 = acc;
   uint32_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     uint32_t n2[8U] = { 0U };
-    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, n[0U], (uint32_t)2U, n2);
-    uint32_t *a1 = n + (uint32_t)1U;
-    uint32_t *res1 = n2 + (uint32_t)1U;
+    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, n[0U], 2U, n2);
+    uint32_t *a1 = n + 1U;
+    uint32_t *res1 = n2 + 1U;
     uint32_t c = c0;
     {
-      uint32_t t1 = a1[(uint32_t)4U * (uint32_t)0U];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * (uint32_t)0U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a1[4U * 0U];
+      uint32_t *res_i0 = res1 + 4U * 0U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a1[4U * 0U + 1U];
+      uint32_t *res_i1 = res1 + 4U * 0U + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a1[4U * 0U + 2U];
+      uint32_t *res_i2 = res1 + 4U * 0U + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a1[4U * 0U + 3U];
+      uint32_t *res_i = res1 + 4U * 0U + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
     }
     KRML_MAYBE_FOR3(i,
-      (uint32_t)4U,
-      (uint32_t)7U,
-      (uint32_t)1U,
+      4U,
+      7U,
+      1U,
       uint32_t t1 = a1[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
-    KRML_HOST_IGNORE(c2);
-    exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
+    KRML_MAYBE_UNUSED_VAR(c2);
+    exp_vartime(nBits, n, a, 256U, n2, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
+    memset(res, 0U, 8U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 
@@ -1226,16 +1096,15 @@ Heap-allocate and initialize a montgomery context.
 */
 Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 *Hacl_Bignum256_32_mont_ctx_init(uint32_t *n)
 {
-  uint32_t *r2 = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
-  uint32_t *n1 = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+  uint32_t *r2 = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
+  uint32_t *n1 = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
   uint32_t *r21 = r2;
   uint32_t *n11 = n1;
-  memcpy(n11, n, (uint32_t)8U * sizeof (uint32_t));
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
+  memcpy(n11, n, 8U * sizeof (uint32_t));
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
   precompr2(nBits, n, r21);
   uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]);
-  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
-  res = { .len = (uint32_t)8U, .n = n11, .mu = mu, .r2 = r21 };
+  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 res = { .len = 8U, .n = n11, .mu = mu, .r2 = r21 };
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
   *buf =
     (Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 *)KRML_HOST_MALLOC(sizeof (
@@ -1363,35 +1232,35 @@ Hacl_Bignum256_32_mod_inv_prime_vartime_precomp(
 {
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 k1 = *k;
   uint32_t n2[8U] = { 0U };
-  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, k1.n[0U], (uint32_t)2U, n2);
-  uint32_t *a1 = k1.n + (uint32_t)1U;
-  uint32_t *res1 = n2 + (uint32_t)1U;
+  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, k1.n[0U], 2U, n2);
+  uint32_t *a1 = k1.n + 1U;
+  uint32_t *res1 = n2 + 1U;
   uint32_t c = c0;
   {
-    uint32_t t1 = a1[(uint32_t)4U * (uint32_t)0U];
-    uint32_t *res_i0 = res1 + (uint32_t)4U * (uint32_t)0U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-    uint32_t t10 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint32_t *res_i1 = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-    uint32_t t11 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint32_t *res_i2 = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-    uint32_t t12 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint32_t *res_i = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+    uint32_t t1 = a1[4U * 0U];
+    uint32_t *res_i0 = res1 + 4U * 0U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+    uint32_t t10 = a1[4U * 0U + 1U];
+    uint32_t *res_i1 = res1 + 4U * 0U + 1U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+    uint32_t t11 = a1[4U * 0U + 2U];
+    uint32_t *res_i2 = res1 + 4U * 0U + 2U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+    uint32_t t12 = a1[4U * 0U + 3U];
+    uint32_t *res_i = res1 + 4U * 0U + 3U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
   }
   KRML_MAYBE_FOR3(i,
-    (uint32_t)4U,
-    (uint32_t)7U,
-    (uint32_t)1U,
+    4U,
+    7U,
+    1U,
     uint32_t t1 = a1[i];
     uint32_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
-  KRML_HOST_IGNORE(c2);
-  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
+  KRML_MAYBE_UNUSED_VAR(c2);
+  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, 256U, n2, res);
 }
 
 
@@ -1413,36 +1282,28 @@ Load a bid-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum256_32_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint32_t *os = res2;
-    uint32_t u = load32_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)4U);
+    uint32_t u = load32_be(tmp + (bnLen - i - 1U) * 4U);
     uint32_t x = u;
     os[i] = x;
   }
@@ -1462,36 +1323,28 @@ Load a little-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum256_32_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 4U + 1U; i++)
   {
     uint32_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)4U;
+    uint8_t *bj = tmp + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r1 = u;
     uint32_t x = r1;
@@ -1509,12 +1362,8 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_be(res + i * (uint32_t)4U, b[(uint32_t)8U - i - (uint32_t)1U]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_be(res + i * 4U, b[8U - i - 1U]););
 }
 
 /**
@@ -1526,12 +1375,8 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_le(res + i * (uint32_t)4U, b[i]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_le(res + i * 4U, b[i]););
 }
 
 
@@ -1547,14 +1392,14 @@ Returns 2^32 - 1 if a < b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum256_32_lt_mask(uint32_t *a, uint32_t *b)
 {
-  uint32_t acc = (uint32_t)0U;
+  uint32_t acc = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(a[i], b[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   return acc;
 }
 
@@ -1565,11 +1410,11 @@ Returns 2^32 - 1 if a = b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum256_32_eq_mask(uint32_t *a, uint32_t *b)
 {
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
+  uint32_t mask = 0xFFFFFFFFU;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;);
   uint32_t mask1 = mask;
diff --git a/src/Hacl_Bignum32.c b/src/Hacl_Bignum32.c
index a9bb4986..34b46324 100644
--- a/src/Hacl_Bignum32.c
+++ b/src/Hacl_Bignum32.c
@@ -105,9 +105,9 @@ Write `a * b` in `res`.
 */
 void Hacl_Bignum32_mul(uint32_t len, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, b, tmp, res);
 }
 
@@ -119,9 +119,9 @@ Write `a * a` in `res`.
 */
 void Hacl_Bignum32_sqr(uint32_t len, uint32_t *a, uint32_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len, a, tmp, res);
 }
 
@@ -142,61 +142,8 @@ bn_slow_precomp(
   uint32_t a1[len + len];
   memset(a1, 0U, (len + len) * sizeof (uint32_t));
   memcpy(a1, a, (len + len) * sizeof (uint32_t));
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
-  {
-    uint32_t qj = mu * a1[i0];
-    uint32_t *res_j0 = a1 + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
-    {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c, res_i);
-    }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
-    {
-      uint32_t a_i = n[i];
-      uint32_t *res_i = res_j0 + i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c, res_i);
-    }
-    uint32_t r = c;
-    uint32_t c1 = r;
-    uint32_t *resb = a1 + len + i0;
-    uint32_t res_j = a1[len + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c1, res_j, resb);
-  }
-  memcpy(a_mod, a1 + len, (len + len - len) * sizeof (uint32_t));
-  uint32_t c00 = c0;
-  KRML_CHECK_SIZE(sizeof (uint32_t), len);
-  uint32_t tmp0[len];
-  memset(tmp0, 0U, len * sizeof (uint32_t));
-  uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, a_mod, n, tmp0);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
-  {
-    uint32_t *os = a_mod;
-    uint32_t x = (m & tmp0[i]) | (~m & a_mod[i]);
-    os[i] = x;
-  }
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t c[len + len];
-  memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a_mod, r2, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c, res);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(len, n, mu, a1, a_mod);
+  Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a_mod, res);
 }
 
 /**
@@ -216,20 +163,20 @@ bool Hacl_Bignum32_mod(uint32_t len, uint32_t *n, uint32_t *a, uint32_t *res)
   uint32_t one[len];
   memset(one, 0U, len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc;
   uint32_t is_valid_m = m0 & m1;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t r2[len];
@@ -242,7 +189,7 @@ bool Hacl_Bignum32_mod(uint32_t len, uint32_t *n, uint32_t *a, uint32_t *res)
   {
     memset(res, 0U, len * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -276,8 +223,8 @@ Hacl_Bignum32_mod_exp_vartime(
 )
 {
   uint32_t is_valid_m = Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32(len, n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len, nBits, n, a, bBits, b, res);
   }
@@ -285,7 +232,7 @@ Hacl_Bignum32_mod_exp_vartime(
   {
     memset(res, 0U, len * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -319,8 +266,8 @@ Hacl_Bignum32_mod_exp_consttime(
 )
 {
   uint32_t is_valid_m = Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32(len, n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_u32(len, nBits, n, a, bBits, b, res);
   }
@@ -328,7 +275,7 @@ Hacl_Bignum32_mod_exp_consttime(
   {
     memset(res, 0U, len * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -353,23 +300,23 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
   uint32_t one[len];
   memset(one, 0U, len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc0;
   uint32_t m00 = m0 & m1;
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t bn_zero[len];
   memset(bn_zero, 0U, len * sizeof (uint32_t));
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t mask = 0xFFFFFFFFU;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -377,53 +324,48 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
   uint32_t mask1 = mask;
   uint32_t res10 = mask1;
   uint32_t m10 = res10;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m2 = acc;
   uint32_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t n2[len];
     memset(n2, 0U, len * sizeof (uint32_t));
-    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, n[0U], (uint32_t)2U, n2);
+    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, n[0U], 2U, n2);
     uint32_t c1;
-    if ((uint32_t)1U < len)
+    if (1U < len)
     {
-      uint32_t *a1 = n + (uint32_t)1U;
-      uint32_t *res1 = n2 + (uint32_t)1U;
+      uint32_t *a1 = n + 1U;
+      uint32_t *res1 = n2 + 1U;
       uint32_t c = c0;
-      for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U; i++)
+      for (uint32_t i = 0U; i < (len - 1U) / 4U; i++)
       {
-        uint32_t t1 = a1[(uint32_t)4U * i];
-        uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-        uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-        uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-        uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-        uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-        uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-        uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+        uint32_t t1 = a1[4U * i];
+        uint32_t *res_i0 = res1 + 4U * i;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+        uint32_t t10 = a1[4U * i + 1U];
+        uint32_t *res_i1 = res1 + 4U * i + 1U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+        uint32_t t11 = a1[4U * i + 2U];
+        uint32_t *res_i2 = res1 + 4U * i + 2U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+        uint32_t t12 = a1[4U * i + 3U];
+        uint32_t *res_i = res1 + 4U * i + 3U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
       }
-      for
-      (uint32_t
-        i = (len - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-        i
-        < len - (uint32_t)1U;
-        i++)
+      for (uint32_t i = (len - 1U) / 4U * 4U; i < len - 1U; i++)
       {
         uint32_t t1 = a1[i];
         uint32_t *res_i = res1 + i;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i);
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i);
       }
       uint32_t c10 = c;
       c1 = c10;
@@ -432,20 +374,14 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
     {
       c1 = c0;
     }
-    KRML_HOST_IGNORE(c1);
-    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len,
-      nBits,
-      n,
-      a,
-      (uint32_t)32U * len,
-      n2,
-      res);
+    KRML_MAYBE_UNUSED_VAR(c1);
+    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len, nBits, n, a, 32U * len, n2, res);
   }
   else
   {
     memset(res, 0U, len * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 
@@ -477,7 +413,7 @@ Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
   uint32_t *r21 = r2;
   uint32_t *n11 = n1;
   memcpy(n11, n, len * sizeof (uint32_t));
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
   Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(len, nBits, n, r21);
   uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 res = { .len = len, .n = n11, .mu = mu, .r2 = r21 };
@@ -632,38 +568,33 @@ Hacl_Bignum32_mod_inv_prime_vartime_precomp(
   KRML_CHECK_SIZE(sizeof (uint32_t), len1);
   uint32_t n2[len1];
   memset(n2, 0U, len1 * sizeof (uint32_t));
-  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, k1.n[0U], (uint32_t)2U, n2);
+  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, k1.n[0U], 2U, n2);
   uint32_t c1;
-  if ((uint32_t)1U < len1)
+  if (1U < len1)
   {
-    uint32_t *a1 = k1.n + (uint32_t)1U;
-    uint32_t *res1 = n2 + (uint32_t)1U;
+    uint32_t *a1 = k1.n + 1U;
+    uint32_t *res1 = n2 + 1U;
     uint32_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (len1 - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (len1 - 1U) / 4U; i++)
     {
-      uint32_t t1 = a1[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a1[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a1[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a1[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a1[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
     }
-    for
-    (uint32_t
-      i = (len1 - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < len1 - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (len1 - 1U) / 4U * 4U; i < len1 - 1U; i++)
     {
       uint32_t t1 = a1[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i);
     }
     uint32_t c10 = c;
     c1 = c10;
@@ -672,13 +603,13 @@ Hacl_Bignum32_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(len1,
     k1.n,
     k1.mu,
     k1.r2,
     a,
-    (uint32_t)32U * len1,
+    32U * len1,
     n2,
     res);
 }
@@ -702,36 +633,28 @@ Load a bid-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum32_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint32_t *os = res2;
-    uint32_t u = load32_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)4U);
+    uint32_t u = load32_be(tmp + (bnLen - i - 1U) * 4U);
     uint32_t x = u;
     os[i] = x;
   }
@@ -751,36 +674,28 @@ Load a little-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum32_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 4U + 1U; i++)
   {
     uint32_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)4U;
+    uint8_t *bj = tmp + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r1 = u;
     uint32_t x = r1;
@@ -797,14 +712,14 @@ Serialize a bignum into big-endian memory.
 */
 void Hacl_Bignum32_bn_to_bytes_be(uint32_t len, uint32_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store32_be(tmp + i * (uint32_t)4U, b[bnLen - i - (uint32_t)1U]);
+    store32_be(tmp + i * 4U, b[bnLen - i - 1U]);
   }
   memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t));
 }
@@ -817,14 +732,14 @@ Serialize a bignum into little-endian memory.
 */
 void Hacl_Bignum32_bn_to_bytes_le(uint32_t len, uint32_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store32_le(tmp + i * (uint32_t)4U, b[i]);
+    store32_le(tmp + i * 4U, b[i]);
   }
   memcpy(res, tmp, len * sizeof (uint8_t));
 }
@@ -842,12 +757,12 @@ Returns 2^32 - 1 if a < b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum32_lt_mask(uint32_t len, uint32_t *a, uint32_t *b)
 {
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], b[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   return acc;
 }
@@ -859,8 +774,8 @@ Returns 2^32 - 1 if a = b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum32_eq_mask(uint32_t len, uint32_t *a, uint32_t *b)
 {
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t mask = 0xFFFFFFFFU;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;
diff --git a/src/Hacl_Bignum4096.c b/src/Hacl_Bignum4096.c
index bf8fd6d2..3572db07 100644
--- a/src/Hacl_Bignum4096.c
+++ b/src/Hacl_Bignum4096.c
@@ -63,26 +63,26 @@ Write `a + b mod 2^4096` in `res`.
 */
 uint64_t Hacl_Bignum4096_add(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i););
   return c;
 }
@@ -96,26 +96,26 @@ Write `a - b mod 2^4096` in `res`.
 */
 uint64_t Hacl_Bignum4096_sub(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i););
   return c;
 }
@@ -132,53 +132,53 @@ Write `(a + b) mod n` in `res`.
 */
 void Hacl_Bignum4096_add_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i););
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -198,54 +198,54 @@ Write `(a - b) mod n` in `res`.
 */
 void Hacl_Bignum4096_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i););
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i););
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & tmp[i]) | (~c2 & res[i]);
@@ -262,7 +262,7 @@ Write `a * b` in `res`.
 void Hacl_Bignum4096_mul(uint64_t *a, uint64_t *b, uint64_t *res)
 {
   uint64_t tmp[256U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64((uint32_t)64U, a, b, tmp, res);
+  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(64U, a, b, tmp, res);
 }
 
 /**
@@ -274,16 +274,16 @@ Write `a * a` in `res`.
 void Hacl_Bignum4096_sqr(uint64_t *a, uint64_t *res)
 {
   uint64_t tmp[256U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64((uint32_t)64U, a, tmp, res);
+  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(64U, a, tmp, res);
 }
 
 static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
-  uint32_t i = nBits / (uint32_t)64U;
-  uint32_t j = nBits % (uint32_t)64U;
-  res[i] = res[i] | (uint64_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)8192U - nBits; i0++)
+  memset(res, 0U, 64U * sizeof (uint64_t));
+  uint32_t i = nBits / 64U;
+  uint32_t j = nBits % 64U;
+  res[i] = res[i] | 1ULL << j;
+  for (uint32_t i0 = 0U; i0 < 8192U - nBits; i0++)
   {
     Hacl_Bignum4096_add_mod(n, res, res, res);
   }
@@ -291,61 +291,61 @@ static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
 
 static inline void reduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
+    uint64_t c1 = 0ULL;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      0U,
+      16U,
+      1U,
+      uint64_t a_i = n[4U * i];
+      uint64_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * i + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * i + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * i + 3U];
+      uint64_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i););
     uint64_t r = c1;
     uint64_t c10 = r;
-    uint64_t *resb = c + (uint32_t)64U + i0;
-    uint64_t res_j = c[(uint32_t)64U + i0];
+    uint64_t *resb = c + 64U + i0;
+    uint64_t res_j = c[64U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb);
   }
-  memcpy(res, c + (uint32_t)64U, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(res, c + 64U, 64U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
-  uint64_t c1 = (uint64_t)0U;
+  uint64_t c1 = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t12, t2, res_i););
   uint64_t c10 = c1;
   uint64_t c2 = c00 - c10;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -353,50 +353,57 @@ static inline void reduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *
   }
 }
 
+static inline void to(uint64_t *n, uint64_t nInv, uint64_t *r2, uint64_t *a, uint64_t *aM)
+{
+  uint64_t c[128U] = { 0U };
+  Hacl_Bignum4096_mul(a, r2, c);
+  reduction(n, nInv, c, aM);
+}
+
 static inline void from(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *a)
 {
   uint64_t tmp[128U] = { 0U };
-  memcpy(tmp, aM, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(tmp, aM, 64U * sizeof (uint64_t));
   reduction(n, nInv_u64, tmp, a);
 }
 
 static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
+    uint64_t c1 = 0ULL;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      0U,
+      16U,
+      1U,
+      uint64_t a_i = n[4U * i];
+      uint64_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * i + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * i + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * i + 3U];
+      uint64_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i););
     uint64_t r = c1;
     uint64_t c10 = r;
-    uint64_t *resb = c + (uint32_t)64U + i0;
-    uint64_t res_j = c[(uint32_t)64U + i0];
+    uint64_t *resb = c + 64U + i0;
+    uint64_t res_j = c[64U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb);
   }
-  memcpy(res, c + (uint32_t)64U, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(res, c + 64U, 64U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t m = 0ULL - c00;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t *os = res;
     uint64_t x = (m & tmp[i]) | (~m & res[i]);
@@ -408,16 +415,14 @@ static inline void
 amont_mul(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *bM, uint64_t *resM)
 {
   uint64_t c[128U] = { 0U };
-  uint64_t tmp[256U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64((uint32_t)64U, aM, bM, tmp, c);
+  Hacl_Bignum4096_mul(aM, bM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
 static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *resM)
 {
   uint64_t c[128U] = { 0U };
-  uint64_t tmp[256U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64((uint32_t)64U, aM, tmp, c);
+  Hacl_Bignum4096_sqr(aM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -426,50 +431,9 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
 {
   uint64_t a_mod[64U] = { 0U };
   uint64_t a1[128U] = { 0U };
-  memcpy(a1, a, (uint32_t)128U * sizeof (uint64_t));
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
-  {
-    uint64_t qj = mu * a1[i0];
-    uint64_t *res_j0 = a1 + i0;
-    uint64_t c = (uint64_t)0U;
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i););
-    uint64_t r = c;
-    uint64_t c1 = r;
-    uint64_t *resb = a1 + (uint32_t)64U + i0;
-    uint64_t res_j = a1[(uint32_t)64U + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb);
-  }
-  memcpy(a_mod, a1 + (uint32_t)64U, (uint32_t)64U * sizeof (uint64_t));
-  uint64_t c00 = c0;
-  uint64_t tmp[64U] = { 0U };
-  uint64_t c1 = Hacl_Bignum4096_sub(a_mod, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
-  {
-    uint64_t *os = a_mod;
-    uint64_t x = (m & tmp[i]) | (~m & a_mod[i]);
-    os[i] = x;
-  }
-  uint64_t c[128U] = { 0U };
-  Hacl_Bignum4096_mul(a_mod, r2, c);
-  reduction(n, mu, c, res);
+  memcpy(a1, a, 128U * sizeof (uint64_t));
+  areduction(n, mu, a1, a_mod);
+  to(n, mu, r2, a_mod, res);
 }
 
 /**
@@ -486,22 +450,21 @@ Write `a mod n` in `res`.
 bool Hacl_Bignum4096_mod(uint64_t *n, uint64_t *a, uint64_t *res)
 {
   uint64_t one[64U] = { 0U };
-  memset(one, 0U, (uint32_t)64U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  memset(one, 0U, 64U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc;
   uint64_t is_valid_m = m0 & m1;
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     uint64_t r2[64U] = { 0U };
     precompr2(nBits, n, r2);
@@ -510,65 +473,65 @@ bool Hacl_Bignum4096_mod(uint64_t *n, uint64_t *a, uint64_t *res)
   }
   else
   {
-    memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
+    memset(res, 0U, 64U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static uint64_t exp_check(uint64_t *n, uint64_t *a, uint32_t bBits, uint64_t *b)
 {
   uint64_t one[64U] = { 0U };
-  memset(one, 0U, (uint32_t)64U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  memset(one, 0U, 64U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m10 = acc0;
   uint64_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t m1;
-  if (bBits < (uint32_t)64U * bLen)
+  if (bBits < 64U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), bLen);
     uint64_t b2[bLen];
     memset(b2, 0U, bLen * sizeof (uint64_t));
-    uint32_t i0 = bBits / (uint32_t)64U;
-    uint32_t j = bBits % (uint32_t)64U;
-    b2[i0] = b2[i0] | (uint64_t)1U << j;
-    uint64_t acc = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 64U;
+    uint32_t j = bBits % 64U;
+    b2[i0] = b2[i0] | 1ULL << j;
+    uint64_t acc = 0ULL;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]);
       uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
     }
     uint64_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    m1 = 0xFFFFFFFFFFFFFFFFULL;
   }
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m2 = acc;
   uint64_t m = m1 & m2;
@@ -586,26 +549,24 @@ exp_vartime_precomp(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint64_t aM[64U] = { 0U };
-    uint64_t c[128U] = { 0U };
-    Hacl_Bignum4096_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint64_t resM[64U] = { 0U };
     uint64_t ctx[128U] = { 0U };
-    memcpy(ctx, n, (uint32_t)64U * sizeof (uint64_t));
-    memcpy(ctx + (uint32_t)64U, r2, (uint32_t)64U * sizeof (uint64_t));
+    memcpy(ctx, n, 64U * sizeof (uint64_t));
+    memcpy(ctx + 64U, r2, 64U * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)64U;
+    uint64_t *ctx_r2 = ctx + 64U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)64U;
-      uint32_t j = i % (uint32_t)64U;
+      uint32_t i1 = i / 64U;
+      uint32_t j = i % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
-      if (!(bit == (uint64_t)0U))
+      uint64_t bit = tmp >> j & 1ULL;
+      if (!(bit == 0ULL))
       {
         uint64_t *ctx_n0 = ctx;
         amont_mul(ctx_n0, mu, resM, aM, resM);
@@ -613,86 +574,76 @@ exp_vartime_precomp(
       uint64_t *ctx_n0 = ctx;
       amont_sqr(ctx_n0, mu, aM, aM);
     }
-    uint64_t tmp[128U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)64U * sizeof (uint64_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint64_t aM[64U] = { 0U };
-  uint64_t c[128U] = { 0U };
-  Hacl_Bignum4096_mul(a, r2, c);
-  reduction(n, mu, c, aM);
+  to(n, mu, r2, a, aM);
   uint64_t resM[64U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t ctx[128U] = { 0U };
-  memcpy(ctx, n, (uint32_t)64U * sizeof (uint64_t));
-  memcpy(ctx + (uint32_t)64U, r2, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(ctx, n, 64U * sizeof (uint64_t));
+  memcpy(ctx + 64U, r2, 64U * sizeof (uint64_t));
   uint64_t table[1024U] = { 0U };
   uint64_t tmp[64U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)64U;
+  uint64_t *t1 = table + 64U;
   uint64_t *ctx_n0 = ctx;
-  uint64_t *ctx_r20 = ctx + (uint32_t)64U;
+  uint64_t *ctx_r20 = ctx + 64U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(t1, aM, 64U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)64U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 64U;
     uint64_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)64U,
-      tmp,
-      (uint32_t)64U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)64U;
+    memcpy(table + (2U * i + 2U) * 64U, tmp, 64U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 64U;
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)64U,
-      tmp,
-      (uint32_t)64U * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 64U, tmp, 64U * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, 4U);
     uint32_t bits_l32 = (uint32_t)bits_c;
-    const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)64U;
-    memcpy(resM, (uint64_t *)a_bits_l, (uint32_t)64U * sizeof (uint64_t));
+    const uint64_t *a_bits_l = table + bits_l32 * 64U;
+    memcpy(resM, (uint64_t *)a_bits_l, 64U * sizeof (uint64_t));
   }
   else
   {
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)64U;
+    uint64_t *ctx_r2 = ctx + 64U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint64_t tmp0[64U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
     uint32_t bits_l32 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)64U;
-    memcpy(tmp0, (uint64_t *)a_bits_l, (uint32_t)64U * sizeof (uint64_t));
+    const uint64_t *a_bits_l = table + bits_l32 * 64U;
+    memcpy(tmp0, (uint64_t *)a_bits_l, 64U * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint64_t tmp1[128U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)64U * sizeof (uint64_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -706,30 +657,28 @@ exp_consttime_precomp(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint64_t aM[64U] = { 0U };
-    uint64_t c[128U] = { 0U };
-    Hacl_Bignum4096_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint64_t resM[64U] = { 0U };
     uint64_t ctx[128U] = { 0U };
-    memcpy(ctx, n, (uint32_t)64U * sizeof (uint64_t));
-    memcpy(ctx + (uint32_t)64U, r2, (uint32_t)64U * sizeof (uint64_t));
-    uint64_t sw = (uint64_t)0U;
+    memcpy(ctx, n, 64U * sizeof (uint64_t));
+    memcpy(ctx + 64U, r2, 64U * sizeof (uint64_t));
+    uint64_t sw = 0ULL;
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)64U;
+    uint64_t *ctx_r2 = ctx + 64U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)64U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)64U;
+      uint32_t i1 = (bBits - i0 - 1U) / 64U;
+      uint32_t j = (bBits - i0 - 1U) % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
+      uint64_t bit = tmp >> j & 1ULL;
       uint64_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+      for (uint32_t i = 0U; i < 64U; i++)
       {
-        uint64_t dummy = ((uint64_t)0U - sw1) & (resM[i] ^ aM[i]);
+        uint64_t dummy = (0ULL - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;
       }
@@ -740,70 +689,62 @@ exp_consttime_precomp(
       sw = bit;
     }
     uint64_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+    for (uint32_t i = 0U; i < 64U; i++)
     {
-      uint64_t dummy = ((uint64_t)0U - sw0) & (resM[i] ^ aM[i]);
+      uint64_t dummy = (0ULL - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;
     }
-    uint64_t tmp[128U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)64U * sizeof (uint64_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint64_t aM[64U] = { 0U };
-  uint64_t c0[128U] = { 0U };
-  Hacl_Bignum4096_mul(a, r2, c0);
-  reduction(n, mu, c0, aM);
+  to(n, mu, r2, a, aM);
   uint64_t resM[64U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t ctx[128U] = { 0U };
-  memcpy(ctx, n, (uint32_t)64U * sizeof (uint64_t));
-  memcpy(ctx + (uint32_t)64U, r2, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(ctx, n, 64U * sizeof (uint64_t));
+  memcpy(ctx + 64U, r2, 64U * sizeof (uint64_t));
   uint64_t table[1024U] = { 0U };
   uint64_t tmp[64U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)64U;
+  uint64_t *t1 = table + 64U;
   uint64_t *ctx_n0 = ctx;
-  uint64_t *ctx_r20 = ctx + (uint32_t)64U;
+  uint64_t *ctx_r20 = ctx + 64U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(t1, aM, 64U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)64U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 64U;
     uint64_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)64U,
-      tmp,
-      (uint32_t)64U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)64U;
+    memcpy(table + (2U * i + 2U) * 64U, tmp, 64U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 64U;
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)64U,
-      tmp,
-      (uint32_t)64U * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 64U, tmp, 64U * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint64_t *)table, (uint32_t)64U * sizeof (uint64_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, 4U);
+    memcpy(resM, (uint64_t *)table, 64U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)64U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 64U;
+      for (uint32_t i = 0U; i < 64U; i++)
       {
         uint64_t *os = resM;
         uint64_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -813,28 +754,28 @@ exp_consttime_precomp(
   else
   {
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)64U;
+    uint64_t *ctx_r2 = ctx + 64U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint64_t tmp0[64U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)64U * sizeof (uint64_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 64U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)64U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 64U;
+      for (uint32_t i = 0U; i < 64U; i++)
       {
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -843,9 +784,7 @@ exp_consttime_precomp(
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint64_t tmp1[128U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)64U * sizeof (uint64_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -910,17 +849,16 @@ Hacl_Bignum4096_mod_exp_vartime(
 )
 {
   uint64_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     exp_vartime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
+    memset(res, 0U, 64U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -953,17 +891,16 @@ Hacl_Bignum4096_mod_exp_consttime(
 )
 {
   uint64_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     exp_consttime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
+    memset(res, 0U, 64U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -984,22 +921,22 @@ Write `a ^ (-1) mod n` in `res`.
 bool Hacl_Bignum4096_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *res)
 {
   uint64_t one[64U] = { 0U };
-  memset(one, 0U, (uint32_t)64U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  memset(one, 0U, 64U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc0;
   uint64_t m00 = m0 & m1;
   uint64_t bn_zero[64U] = { 0U };
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -1007,57 +944,56 @@ bool Hacl_Bignum4096_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *r
   uint64_t mask1 = mask;
   uint64_t res10 = mask1;
   uint64_t m10 = res10;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m2 = acc;
   uint64_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     uint64_t n2[64U] = { 0U };
-    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, n[0U], (uint64_t)2U, n2);
-    uint64_t *a1 = n + (uint32_t)1U;
-    uint64_t *res1 = n2 + (uint32_t)1U;
+    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, n[0U], 2ULL, n2);
+    uint64_t *a1 = n + 1U;
+    uint64_t *res1 = n2 + 1U;
     uint64_t c = c0;
     KRML_MAYBE_FOR15(i,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i););
+      0U,
+      15U,
+      1U,
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i););
     KRML_MAYBE_FOR3(i,
-      (uint32_t)60U,
-      (uint32_t)63U,
-      (uint32_t)1U,
+      60U,
+      63U,
+      1U,
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
-    KRML_HOST_IGNORE(c2);
-    exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
+    KRML_MAYBE_UNUSED_VAR(c2);
+    exp_vartime(nBits, n, a, 4096U, n2, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
+    memset(res, 0U, 64U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 
@@ -1081,17 +1017,15 @@ Heap-allocate and initialize a montgomery context.
 */
 Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 *Hacl_Bignum4096_mont_ctx_init(uint64_t *n)
 {
-  uint64_t *r2 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint64_t));
-  uint64_t *n1 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint64_t));
+  uint64_t *r2 = (uint64_t *)KRML_HOST_CALLOC(64U, sizeof (uint64_t));
+  uint64_t *n1 = (uint64_t *)KRML_HOST_CALLOC(64U, sizeof (uint64_t));
   uint64_t *r21 = r2;
   uint64_t *n11 = n1;
-  memcpy(n11, n, (uint32_t)64U * sizeof (uint64_t));
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
+  memcpy(n11, n, 64U * sizeof (uint64_t));
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
   precompr2(nBits, n, r21);
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
-  res = { .len = (uint32_t)64U, .n = n11, .mu = mu, .r2 = r21 };
+  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 res = { .len = 64U, .n = n11, .mu = mu, .r2 = r21 };
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
   *buf =
     (Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 *)KRML_HOST_MALLOC(sizeof (
@@ -1219,37 +1153,37 @@ Hacl_Bignum4096_mod_inv_prime_vartime_precomp(
 {
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 k1 = *k;
   uint64_t n2[64U] = { 0U };
-  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, k1.n[0U], (uint64_t)2U, n2);
-  uint64_t *a1 = k1.n + (uint32_t)1U;
-  uint64_t *res1 = n2 + (uint32_t)1U;
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, k1.n[0U], 2ULL, n2);
+  uint64_t *a1 = k1.n + 1U;
+  uint64_t *res1 = n2 + 1U;
   uint64_t c = c0;
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t t1 = a1[(uint32_t)4U * i];
-    uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-    uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-    uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-    uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i););
+    0U,
+    15U,
+    1U,
+    uint64_t t1 = a1[4U * i];
+    uint64_t *res_i0 = res1 + 4U * i;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+    uint64_t t10 = a1[4U * i + 1U];
+    uint64_t *res_i1 = res1 + 4U * i + 1U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+    uint64_t t11 = a1[4U * i + 2U];
+    uint64_t *res_i2 = res1 + 4U * i + 2U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+    uint64_t t12 = a1[4U * i + 3U];
+    uint64_t *res_i = res1 + 4U * i + 3U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i););
   KRML_MAYBE_FOR3(i,
-    (uint32_t)60U,
-    (uint32_t)63U,
-    (uint32_t)1U,
+    60U,
+    63U,
+    1U,
     uint64_t t1 = a1[i];
     uint64_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
-  KRML_HOST_IGNORE(c2);
-  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
+  KRML_MAYBE_UNUSED_VAR(c2);
+  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, 4096U, n2, res);
 }
 
 
@@ -1271,36 +1205,28 @@ Load a bid-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum4096_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint64_t *os = res2;
-    uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;
   }
@@ -1320,36 +1246,28 @@ Load a little-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum4096_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 8U + 1U; i++)
   {
     uint64_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)8U;
+    uint8_t *bj = tmp + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r1 = u;
     uint64_t x = r1;
@@ -1367,10 +1285,10 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  for (uint32_t i = 0U; i < 64U; i++)
   {
-    store64_be(res + i * (uint32_t)8U, b[(uint32_t)64U - i - (uint32_t)1U]);
+    store64_be(res + i * 8U, b[64U - i - 1U]);
   }
 }
 
@@ -1383,10 +1301,10 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  for (uint32_t i = 0U; i < 64U; i++)
   {
-    store64_le(res + i * (uint32_t)8U, b[i]);
+    store64_le(res + i * 8U, b[i]);
   }
 }
 
@@ -1403,12 +1321,12 @@ Returns 2^64 - 1 if a < b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum4096_lt_mask(uint64_t *a, uint64_t *b)
 {
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], b[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   return acc;
 }
@@ -1420,8 +1338,8 @@ Returns 2^64 - 1 if a = b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum4096_eq_mask(uint64_t *a, uint64_t *b)
 {
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;
diff --git a/src/Hacl_Bignum4096_32.c b/src/Hacl_Bignum4096_32.c
index 2f8d70f1..1a8b361c 100644
--- a/src/Hacl_Bignum4096_32.c
+++ b/src/Hacl_Bignum4096_32.c
@@ -64,24 +64,24 @@ Write `a + b mod 2^4096` in `res`.
 */
 uint32_t Hacl_Bignum4096_32_add(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
   return c;
@@ -96,24 +96,24 @@ Write `a - b mod 2^4096` in `res`.
 */
 uint32_t Hacl_Bignum4096_32_sub(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i);
   }
   return c;
@@ -131,51 +131,51 @@ Write `(a + b) mod n` in `res`.
 */
 void Hacl_Bignum4096_32_add_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c0 = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t12, t2, res_i);
   }
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i);
   }
   uint32_t c1 = c;
   uint32_t c2 = c00 - c1;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -195,52 +195,52 @@ Write `(a - b) mod n` in `res`.
 */
 void Hacl_Bignum4096_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c0 = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t12, t2, res_i);
   }
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
   uint32_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint32_t c2 = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t c2 = 0U - c00;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & tmp[i]) | (~c2 & res[i]);
@@ -257,7 +257,7 @@ Write `a * b` in `res`.
 void Hacl_Bignum4096_32_mul(uint32_t *a, uint32_t *b, uint32_t *res)
 {
   uint32_t tmp[512U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32((uint32_t)128U, a, b, tmp, res);
+  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(128U, a, b, tmp, res);
 }
 
 /**
@@ -269,16 +269,16 @@ Write `a * a` in `res`.
 void Hacl_Bignum4096_32_sqr(uint32_t *a, uint32_t *res)
 {
   uint32_t tmp[512U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32((uint32_t)128U, a, tmp, res);
+  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(128U, a, tmp, res);
 }
 
 static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
 {
-  memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
-  uint32_t i = nBits / (uint32_t)32U;
-  uint32_t j = nBits % (uint32_t)32U;
-  res[i] = res[i] | (uint32_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)8192U - nBits; i0++)
+  memset(res, 0U, 128U * sizeof (uint32_t));
+  uint32_t i = nBits / 32U;
+  uint32_t j = nBits % 32U;
+  res[i] = res[i] | 1U << j;
+  for (uint32_t i0 = 0U; i0 < 8192U - nBits; i0++)
   {
     Hacl_Bignum4096_32_add_mod(n, res, res, res);
   }
@@ -286,59 +286,59 @@ static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
 
 static inline void reduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)128U; i0++)
+  uint32_t c0 = 0U;
+  for (uint32_t i0 = 0U; i0 < 128U; i0++)
   {
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint32_t c1 = 0U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i);
     }
     uint32_t r = c1;
     uint32_t c10 = r;
-    uint32_t *resb = c + (uint32_t)128U + i0;
-    uint32_t res_j = c[(uint32_t)128U + i0];
+    uint32_t *resb = c + 128U + i0;
+    uint32_t res_j = c[128U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb);
   }
-  memcpy(res, c + (uint32_t)128U, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(res, c + 128U, 128U * sizeof (uint32_t));
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
-  uint32_t c1 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c1 = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t12, t2, res_i);
   }
   uint32_t c10 = c1;
   uint32_t c2 = c00 - c10;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -346,49 +346,56 @@ static inline void reduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *
   }
 }
 
+static inline void to(uint32_t *n, uint32_t nInv, uint32_t *r2, uint32_t *a, uint32_t *aM)
+{
+  uint32_t c[256U] = { 0U };
+  Hacl_Bignum4096_32_mul(a, r2, c);
+  reduction(n, nInv, c, aM);
+}
+
 static inline void from(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *a)
 {
   uint32_t tmp[256U] = { 0U };
-  memcpy(tmp, aM, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(tmp, aM, 128U * sizeof (uint32_t));
   reduction(n, nInv_u64, tmp, a);
 }
 
 static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)128U; i0++)
+  uint32_t c0 = 0U;
+  for (uint32_t i0 = 0U; i0 < 128U; i0++)
   {
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint32_t c1 = 0U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i);
     }
     uint32_t r = c1;
     uint32_t c10 = r;
-    uint32_t *resb = c + (uint32_t)128U + i0;
-    uint32_t res_j = c[(uint32_t)128U + i0];
+    uint32_t *resb = c + 128U + i0;
+    uint32_t res_j = c[128U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb);
   }
-  memcpy(res, c + (uint32_t)128U, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(res, c + 128U, 128U * sizeof (uint32_t));
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t m = 0U - c00;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t *os = res;
     uint32_t x = (m & tmp[i]) | (~m & res[i]);
@@ -400,16 +407,14 @@ static inline void
 amont_mul(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *bM, uint32_t *resM)
 {
   uint32_t c[256U] = { 0U };
-  uint32_t tmp[512U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32((uint32_t)128U, aM, bM, tmp, c);
+  Hacl_Bignum4096_32_mul(aM, bM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
 static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *resM)
 {
   uint32_t c[256U] = { 0U };
-  uint32_t tmp[512U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32((uint32_t)128U, aM, tmp, c);
+  Hacl_Bignum4096_32_sqr(aM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -418,49 +423,9 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
 {
   uint32_t a_mod[128U] = { 0U };
   uint32_t a1[256U] = { 0U };
-  memcpy(a1, a, (uint32_t)256U * sizeof (uint32_t));
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)128U; i0++)
-  {
-    uint32_t qj = mu * a1[i0];
-    uint32_t *res_j0 = a1 + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
-    {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c, res_i);
-    }
-    uint32_t r = c;
-    uint32_t c1 = r;
-    uint32_t *resb = a1 + (uint32_t)128U + i0;
-    uint32_t res_j = a1[(uint32_t)128U + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c1, res_j, resb);
-  }
-  memcpy(a_mod, a1 + (uint32_t)128U, (uint32_t)128U * sizeof (uint32_t));
-  uint32_t c00 = c0;
-  uint32_t tmp[128U] = { 0U };
-  uint32_t c1 = Hacl_Bignum4096_32_sub(a_mod, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
-  {
-    uint32_t *os = a_mod;
-    uint32_t x = (m & tmp[i]) | (~m & a_mod[i]);
-    os[i] = x;
-  }
-  uint32_t c[256U] = { 0U };
-  Hacl_Bignum4096_32_mul(a_mod, r2, c);
-  reduction(n, mu, c, res);
+  memcpy(a1, a, 256U * sizeof (uint32_t));
+  areduction(n, mu, a1, a_mod);
+  to(n, mu, r2, a_mod, res);
 }
 
 /**
@@ -477,21 +442,21 @@ Write `a mod n` in `res`.
 bool Hacl_Bignum4096_32_mod(uint32_t *n, uint32_t *a, uint32_t *res)
 {
   uint32_t one[128U] = { 0U };
-  memset(one, 0U, (uint32_t)128U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  memset(one, 0U, 128U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc;
   uint32_t is_valid_m = m0 & m1;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     uint32_t r2[128U] = { 0U };
     precompr2(nBits, n, r2);
@@ -500,65 +465,65 @@ bool Hacl_Bignum4096_32_mod(uint32_t *n, uint32_t *a, uint32_t *res)
   }
   else
   {
-    memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
+    memset(res, 0U, 128U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 static uint32_t exp_check(uint32_t *n, uint32_t *a, uint32_t bBits, uint32_t *b)
 {
   uint32_t one[128U] = { 0U };
-  memset(one, 0U, (uint32_t)128U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  memset(one, 0U, 128U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m10 = acc0;
   uint32_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t m1;
-  if (bBits < (uint32_t)32U * bLen)
+  if (bBits < 32U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), bLen);
     uint32_t b2[bLen];
     memset(b2, 0U, bLen * sizeof (uint32_t));
-    uint32_t i0 = bBits / (uint32_t)32U;
-    uint32_t j = bBits % (uint32_t)32U;
-    b2[i0] = b2[i0] | (uint32_t)1U << j;
-    uint32_t acc = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 32U;
+    uint32_t j = bBits % 32U;
+    b2[i0] = b2[i0] | 1U << j;
+    uint32_t acc = 0U;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint32_t beq = FStar_UInt32_eq_mask(b[i], b2[i]);
       uint32_t blt = ~FStar_UInt32_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
     }
     uint32_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint32_t)0xFFFFFFFFU;
+    m1 = 0xFFFFFFFFU;
   }
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m2 = acc;
   uint32_t m = m1 & m2;
@@ -576,26 +541,24 @@ exp_vartime_precomp(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint32_t aM[128U] = { 0U };
-    uint32_t c[256U] = { 0U };
-    Hacl_Bignum4096_32_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint32_t resM[128U] = { 0U };
     uint32_t ctx[256U] = { 0U };
-    memcpy(ctx, n, (uint32_t)128U * sizeof (uint32_t));
-    memcpy(ctx + (uint32_t)128U, r2, (uint32_t)128U * sizeof (uint32_t));
+    memcpy(ctx, n, 128U * sizeof (uint32_t));
+    memcpy(ctx + 128U, r2, 128U * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)128U;
+    uint32_t *ctx_r2 = ctx + 128U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)32U;
-      uint32_t j = i % (uint32_t)32U;
+      uint32_t i1 = i / 32U;
+      uint32_t j = i % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
-      if (!(bit == (uint32_t)0U))
+      uint32_t bit = tmp >> j & 1U;
+      if (!(bit == 0U))
       {
         uint32_t *ctx_n0 = ctx;
         amont_mul(ctx_n0, mu, resM, aM, resM);
@@ -603,86 +566,76 @@ exp_vartime_precomp(
       uint32_t *ctx_n0 = ctx;
       amont_sqr(ctx_n0, mu, aM, aM);
     }
-    uint32_t tmp[256U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)128U * sizeof (uint32_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint32_t aM[128U] = { 0U };
-  uint32_t c[256U] = { 0U };
-  Hacl_Bignum4096_32_mul(a, r2, c);
-  reduction(n, mu, c, aM);
+  to(n, mu, r2, a, aM);
   uint32_t resM[128U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t ctx[256U] = { 0U };
-  memcpy(ctx, n, (uint32_t)128U * sizeof (uint32_t));
-  memcpy(ctx + (uint32_t)128U, r2, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(ctx, n, 128U * sizeof (uint32_t));
+  memcpy(ctx + 128U, r2, 128U * sizeof (uint32_t));
   uint32_t table[2048U] = { 0U };
   uint32_t tmp[128U] = { 0U };
   uint32_t *t0 = table;
-  uint32_t *t1 = table + (uint32_t)128U;
+  uint32_t *t1 = table + 128U;
   uint32_t *ctx_n0 = ctx;
-  uint32_t *ctx_r20 = ctx + (uint32_t)128U;
+  uint32_t *ctx_r20 = ctx + 128U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(t1, aM, 128U * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)128U;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * 128U;
     uint32_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)128U,
-      tmp,
-      (uint32_t)128U * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)128U;
+    memcpy(table + (2U * i + 2U) * 128U, tmp, 128U * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * 128U;
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)128U,
-      tmp,
-      (uint32_t)128U * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 128U, tmp, 128U * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, 4U);
     uint32_t bits_l32 = bits_c;
-    const uint32_t *a_bits_l = table + bits_l32 * (uint32_t)128U;
-    memcpy(resM, (uint32_t *)a_bits_l, (uint32_t)128U * sizeof (uint32_t));
+    const uint32_t *a_bits_l = table + bits_l32 * 128U;
+    memcpy(resM, (uint32_t *)a_bits_l, 128U * sizeof (uint32_t));
   }
   else
   {
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)128U;
+    uint32_t *ctx_r2 = ctx + 128U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint32_t tmp0[128U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
     uint32_t bits_l32 = bits_l;
-    const uint32_t *a_bits_l = table + bits_l32 * (uint32_t)128U;
-    memcpy(tmp0, (uint32_t *)a_bits_l, (uint32_t)128U * sizeof (uint32_t));
+    const uint32_t *a_bits_l = table + bits_l32 * 128U;
+    memcpy(tmp0, (uint32_t *)a_bits_l, 128U * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint32_t tmp1[256U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)128U * sizeof (uint32_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -696,30 +649,28 @@ exp_consttime_precomp(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint32_t aM[128U] = { 0U };
-    uint32_t c[256U] = { 0U };
-    Hacl_Bignum4096_32_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint32_t resM[128U] = { 0U };
     uint32_t ctx[256U] = { 0U };
-    memcpy(ctx, n, (uint32_t)128U * sizeof (uint32_t));
-    memcpy(ctx + (uint32_t)128U, r2, (uint32_t)128U * sizeof (uint32_t));
-    uint32_t sw = (uint32_t)0U;
+    memcpy(ctx, n, 128U * sizeof (uint32_t));
+    memcpy(ctx + 128U, r2, 128U * sizeof (uint32_t));
+    uint32_t sw = 0U;
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)128U;
+    uint32_t *ctx_r2 = ctx + 128U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)32U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)32U;
+      uint32_t i1 = (bBits - i0 - 1U) / 32U;
+      uint32_t j = (bBits - i0 - 1U) % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
+      uint32_t bit = tmp >> j & 1U;
       uint32_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+      for (uint32_t i = 0U; i < 128U; i++)
       {
-        uint32_t dummy = ((uint32_t)0U - sw1) & (resM[i] ^ aM[i]);
+        uint32_t dummy = (0U - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;
       }
@@ -730,70 +681,62 @@ exp_consttime_precomp(
       sw = bit;
     }
     uint32_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+    for (uint32_t i = 0U; i < 128U; i++)
     {
-      uint32_t dummy = ((uint32_t)0U - sw0) & (resM[i] ^ aM[i]);
+      uint32_t dummy = (0U - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;
     }
-    uint32_t tmp[256U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)128U * sizeof (uint32_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint32_t aM[128U] = { 0U };
-  uint32_t c0[256U] = { 0U };
-  Hacl_Bignum4096_32_mul(a, r2, c0);
-  reduction(n, mu, c0, aM);
+  to(n, mu, r2, a, aM);
   uint32_t resM[128U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t ctx[256U] = { 0U };
-  memcpy(ctx, n, (uint32_t)128U * sizeof (uint32_t));
-  memcpy(ctx + (uint32_t)128U, r2, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(ctx, n, 128U * sizeof (uint32_t));
+  memcpy(ctx + 128U, r2, 128U * sizeof (uint32_t));
   uint32_t table[2048U] = { 0U };
   uint32_t tmp[128U] = { 0U };
   uint32_t *t0 = table;
-  uint32_t *t1 = table + (uint32_t)128U;
+  uint32_t *t1 = table + 128U;
   uint32_t *ctx_n0 = ctx;
-  uint32_t *ctx_r20 = ctx + (uint32_t)128U;
+  uint32_t *ctx_r20 = ctx + 128U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(t1, aM, 128U * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)128U;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * 128U;
     uint32_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)128U,
-      tmp,
-      (uint32_t)128U * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)128U;
+    memcpy(table + (2U * i + 2U) * 128U, tmp, 128U * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * 128U;
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)128U,
-      tmp,
-      (uint32_t)128U * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 128U, tmp, 128U * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint32_t *)table, (uint32_t)128U * sizeof (uint32_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, 4U);
+    memcpy(resM, (uint32_t *)table, 128U * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)128U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * 128U;
+      for (uint32_t i = 0U; i < 128U; i++)
       {
         uint32_t *os = resM;
         uint32_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -803,28 +746,28 @@ exp_consttime_precomp(
   else
   {
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)128U;
+    uint32_t *ctx_r2 = ctx + 128U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint32_t tmp0[128U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp0, (uint32_t *)table, (uint32_t)128U * sizeof (uint32_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
+    memcpy(tmp0, (uint32_t *)table, 128U * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)128U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * 128U;
+      for (uint32_t i = 0U; i < 128U; i++)
       {
         uint32_t *os = tmp0;
         uint32_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -833,9 +776,7 @@ exp_consttime_precomp(
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint32_t tmp1[256U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)128U * sizeof (uint32_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -900,16 +841,16 @@ Hacl_Bignum4096_32_mod_exp_vartime(
 )
 {
   uint32_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     exp_vartime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
+    memset(res, 0U, 128U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -942,16 +883,16 @@ Hacl_Bignum4096_32_mod_exp_consttime(
 )
 {
   uint32_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     exp_consttime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
+    memset(res, 0U, 128U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -972,22 +913,22 @@ Write `a ^ (-1) mod n` in `res`.
 bool Hacl_Bignum4096_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t *res)
 {
   uint32_t one[128U] = { 0U };
-  memset(one, 0U, (uint32_t)128U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  memset(one, 0U, 128U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc0;
   uint32_t m00 = m0 & m1;
   uint32_t bn_zero[128U] = { 0U };
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t mask = 0xFFFFFFFFU;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -995,55 +936,55 @@ bool Hacl_Bignum4096_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
   uint32_t mask1 = mask;
   uint32_t res10 = mask1;
   uint32_t m10 = res10;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m2 = acc;
   uint32_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     uint32_t n2[128U] = { 0U };
-    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, n[0U], (uint32_t)2U, n2);
-    uint32_t *a1 = n + (uint32_t)1U;
-    uint32_t *res1 = n2 + (uint32_t)1U;
+    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, n[0U], 2U, n2);
+    uint32_t *a1 = n + 1U;
+    uint32_t *res1 = n2 + 1U;
     uint32_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)31U; i++)
+    for (uint32_t i = 0U; i < 31U; i++)
     {
-      uint32_t t1 = a1[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a1[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a1[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a1[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a1[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
     }
     KRML_MAYBE_FOR3(i,
-      (uint32_t)124U,
-      (uint32_t)127U,
-      (uint32_t)1U,
+      124U,
+      127U,
+      1U,
       uint32_t t1 = a1[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
-    KRML_HOST_IGNORE(c2);
-    exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
+    KRML_MAYBE_UNUSED_VAR(c2);
+    exp_vartime(nBits, n, a, 4096U, n2, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
+    memset(res, 0U, 128U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 
@@ -1067,16 +1008,16 @@ Heap-allocate and initialize a montgomery context.
 */
 Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 *Hacl_Bignum4096_32_mont_ctx_init(uint32_t *n)
 {
-  uint32_t *r2 = (uint32_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint32_t));
-  uint32_t *n1 = (uint32_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint32_t));
+  uint32_t *r2 = (uint32_t *)KRML_HOST_CALLOC(128U, sizeof (uint32_t));
+  uint32_t *n1 = (uint32_t *)KRML_HOST_CALLOC(128U, sizeof (uint32_t));
   uint32_t *r21 = r2;
   uint32_t *n11 = n1;
-  memcpy(n11, n, (uint32_t)128U * sizeof (uint32_t));
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
+  memcpy(n11, n, 128U * sizeof (uint32_t));
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
   precompr2(nBits, n, r21);
   uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
-  res = { .len = (uint32_t)128U, .n = n11, .mu = mu, .r2 = r21 };
+  res = { .len = 128U, .n = n11, .mu = mu, .r2 = r21 };
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
   *buf =
     (Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 *)KRML_HOST_MALLOC(sizeof (
@@ -1204,36 +1145,36 @@ Hacl_Bignum4096_32_mod_inv_prime_vartime_precomp(
 {
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 k1 = *k;
   uint32_t n2[128U] = { 0U };
-  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, k1.n[0U], (uint32_t)2U, n2);
-  uint32_t *a1 = k1.n + (uint32_t)1U;
-  uint32_t *res1 = n2 + (uint32_t)1U;
+  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, k1.n[0U], 2U, n2);
+  uint32_t *a1 = k1.n + 1U;
+  uint32_t *res1 = n2 + 1U;
   uint32_t c = c0;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)31U; i++)
+  for (uint32_t i = 0U; i < 31U; i++)
   {
-    uint32_t t1 = a1[(uint32_t)4U * i];
-    uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-    uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-    uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-    uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+    uint32_t t1 = a1[4U * i];
+    uint32_t *res_i0 = res1 + 4U * i;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+    uint32_t t10 = a1[4U * i + 1U];
+    uint32_t *res_i1 = res1 + 4U * i + 1U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+    uint32_t t11 = a1[4U * i + 2U];
+    uint32_t *res_i2 = res1 + 4U * i + 2U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+    uint32_t t12 = a1[4U * i + 3U];
+    uint32_t *res_i = res1 + 4U * i + 3U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
   }
   KRML_MAYBE_FOR3(i,
-    (uint32_t)124U,
-    (uint32_t)127U,
-    (uint32_t)1U,
+    124U,
+    127U,
+    1U,
     uint32_t t1 = a1[i];
     uint32_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
-  KRML_HOST_IGNORE(c2);
-  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
+  KRML_MAYBE_UNUSED_VAR(c2);
+  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, 4096U, n2, res);
 }
 
 
@@ -1255,36 +1196,28 @@ Load a bid-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum4096_32_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint32_t *os = res2;
-    uint32_t u = load32_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)4U);
+    uint32_t u = load32_be(tmp + (bnLen - i - 1U) * 4U);
     uint32_t x = u;
     os[i] = x;
   }
@@ -1304,36 +1237,28 @@ Load a little-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum4096_32_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 4U + 1U; i++)
   {
     uint32_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)4U;
+    uint8_t *bj = tmp + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r1 = u;
     uint32_t x = r1;
@@ -1351,10 +1276,10 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  for (uint32_t i = 0U; i < 128U; i++)
   {
-    store32_be(res + i * (uint32_t)4U, b[(uint32_t)128U - i - (uint32_t)1U]);
+    store32_be(res + i * 4U, b[128U - i - 1U]);
   }
 }
 
@@ -1367,10 +1292,10 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  for (uint32_t i = 0U; i < 128U; i++)
   {
-    store32_le(res + i * (uint32_t)4U, b[i]);
+    store32_le(res + i * 4U, b[i]);
   }
 }
 
@@ -1387,12 +1312,12 @@ Returns 2^32 - 1 if a < b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum4096_32_lt_mask(uint32_t *a, uint32_t *b)
 {
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], b[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   return acc;
 }
@@ -1404,8 +1329,8 @@ Returns 2^32 - 1 if a = b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum4096_32_eq_mask(uint32_t *a, uint32_t *b)
 {
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t mask = 0xFFFFFFFFU;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;
diff --git a/src/Hacl_Bignum64.c b/src/Hacl_Bignum64.c
index 7300a993..f8f5bb6f 100644
--- a/src/Hacl_Bignum64.c
+++ b/src/Hacl_Bignum64.c
@@ -104,9 +104,9 @@ Write `a * b` in `res`.
 */
 void Hacl_Bignum64_mul(uint32_t len, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, b, tmp, res);
 }
 
@@ -118,9 +118,9 @@ Write `a * a` in `res`.
 */
 void Hacl_Bignum64_sqr(uint32_t len, uint64_t *a, uint64_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t tmp[4U * len];
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len, a, tmp, res);
 }
 
@@ -141,61 +141,8 @@ bn_slow_precomp(
   uint64_t a1[len + len];
   memset(a1, 0U, (len + len) * sizeof (uint64_t));
   memcpy(a1, a, (len + len) * sizeof (uint64_t));
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
-  {
-    uint64_t qj = mu * a1[i0];
-    uint64_t *res_j0 = a1 + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
-    {
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i);
-    }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
-    {
-      uint64_t a_i = n[i];
-      uint64_t *res_i = res_j0 + i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i);
-    }
-    uint64_t r = c;
-    uint64_t c1 = r;
-    uint64_t *resb = a1 + len + i0;
-    uint64_t res_j = a1[len + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb);
-  }
-  memcpy(a_mod, a1 + len, (len + len - len) * sizeof (uint64_t));
-  uint64_t c00 = c0;
-  KRML_CHECK_SIZE(sizeof (uint64_t), len);
-  uint64_t tmp0[len];
-  memset(tmp0, 0U, len * sizeof (uint64_t));
-  uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, a_mod, n, tmp0);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
-  {
-    uint64_t *os = a_mod;
-    uint64_t x = (m & tmp0[i]) | (~m & a_mod[i]);
-    os[i] = x;
-  }
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t c[len + len];
-  memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t tmp[(uint32_t)4U * len];
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a_mod, r2, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c, res);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(len, n, mu, a1, a_mod);
+  Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a_mod, res);
 }
 
 /**
@@ -215,20 +162,20 @@ bool Hacl_Bignum64_mod(uint32_t len, uint64_t *n, uint64_t *a, uint64_t *res)
   uint64_t one[len];
   memset(one, 0U, len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc;
   uint64_t is_valid_m = m0 & m1;
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t r2[len];
@@ -241,7 +188,7 @@ bool Hacl_Bignum64_mod(uint32_t len, uint64_t *n, uint64_t *a, uint64_t *res)
   {
     memset(res, 0U, len * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -275,8 +222,8 @@ Hacl_Bignum64_mod_exp_vartime(
 )
 {
   uint64_t is_valid_m = Hacl_Bignum_Exponentiation_bn_check_mod_exp_u64(len, n, a, bBits, b);
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len, nBits, n, a, bBits, b, res);
   }
@@ -284,7 +231,7 @@ Hacl_Bignum64_mod_exp_vartime(
   {
     memset(res, 0U, len * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -318,8 +265,8 @@ Hacl_Bignum64_mod_exp_consttime(
 )
 {
   uint64_t is_valid_m = Hacl_Bignum_Exponentiation_bn_check_mod_exp_u64(len, n, a, bBits, b);
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_u64(len, nBits, n, a, bBits, b, res);
   }
@@ -327,7 +274,7 @@ Hacl_Bignum64_mod_exp_consttime(
   {
     memset(res, 0U, len * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -352,23 +299,23 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
   uint64_t one[len];
   memset(one, 0U, len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc0;
   uint64_t m00 = m0 & m1;
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t bn_zero[len];
   memset(bn_zero, 0U, len * sizeof (uint64_t));
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -376,53 +323,48 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
   uint64_t mask1 = mask;
   uint64_t res10 = mask1;
   uint64_t m10 = res10;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m2 = acc;
   uint64_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t n2[len];
     memset(n2, 0U, len * sizeof (uint64_t));
-    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, n[0U], (uint64_t)2U, n2);
+    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, n[0U], 2ULL, n2);
     uint64_t c1;
-    if ((uint32_t)1U < len)
+    if (1U < len)
     {
-      uint64_t *a1 = n + (uint32_t)1U;
-      uint64_t *res1 = n2 + (uint32_t)1U;
+      uint64_t *a1 = n + 1U;
+      uint64_t *res1 = n2 + 1U;
       uint64_t c = c0;
-      for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U; i++)
+      for (uint32_t i = 0U; i < (len - 1U) / 4U; i++)
       {
-        uint64_t t1 = a1[(uint32_t)4U * i];
-        uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-        uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-        uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-        uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-        uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-        uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-        uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i);
+        uint64_t t1 = a1[4U * i];
+        uint64_t *res_i0 = res1 + 4U * i;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+        uint64_t t10 = a1[4U * i + 1U];
+        uint64_t *res_i1 = res1 + 4U * i + 1U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+        uint64_t t11 = a1[4U * i + 2U];
+        uint64_t *res_i2 = res1 + 4U * i + 2U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+        uint64_t t12 = a1[4U * i + 3U];
+        uint64_t *res_i = res1 + 4U * i + 3U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i);
       }
-      for
-      (uint32_t
-        i = (len - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-        i
-        < len - (uint32_t)1U;
-        i++)
+      for (uint32_t i = (len - 1U) / 4U * 4U; i < len - 1U; i++)
       {
         uint64_t t1 = a1[i];
         uint64_t *res_i = res1 + i;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i);
       }
       uint64_t c10 = c;
       c1 = c10;
@@ -431,20 +373,14 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
     {
       c1 = c0;
     }
-    KRML_HOST_IGNORE(c1);
-    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len,
-      nBits,
-      n,
-      a,
-      (uint32_t)64U * len,
-      n2,
-      res);
+    KRML_MAYBE_UNUSED_VAR(c1);
+    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len, nBits, n, a, 64U * len, n2, res);
   }
   else
   {
     memset(res, 0U, len * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 
@@ -476,7 +412,7 @@ Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
   uint64_t *r21 = r2;
   uint64_t *n11 = n1;
   memcpy(n11, n, len * sizeof (uint64_t));
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
   Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(len, nBits, n, r21);
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 res = { .len = len, .n = n11, .mu = mu, .r2 = r21 };
@@ -631,38 +567,33 @@ Hacl_Bignum64_mod_inv_prime_vartime_precomp(
   KRML_CHECK_SIZE(sizeof (uint64_t), len1);
   uint64_t n2[len1];
   memset(n2, 0U, len1 * sizeof (uint64_t));
-  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, k1.n[0U], (uint64_t)2U, n2);
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, k1.n[0U], 2ULL, n2);
   uint64_t c1;
-  if ((uint32_t)1U < len1)
+  if (1U < len1)
   {
-    uint64_t *a1 = k1.n + (uint32_t)1U;
-    uint64_t *res1 = n2 + (uint32_t)1U;
+    uint64_t *a1 = k1.n + 1U;
+    uint64_t *res1 = n2 + 1U;
     uint64_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (len1 - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (len1 - 1U) / 4U; i++)
     {
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i);
     }
-    for
-    (uint32_t
-      i = (len1 - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < len1 - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (len1 - 1U) / 4U * 4U; i < len1 - 1U; i++)
     {
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c10 = c;
     c1 = c10;
@@ -671,13 +602,13 @@ Hacl_Bignum64_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(len1,
     k1.n,
     k1.mu,
     k1.r2,
     a,
-    (uint32_t)64U * len1,
+    64U * len1,
     n2,
     res);
 }
@@ -701,36 +632,28 @@ Load a bid-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum64_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint64_t *os = res2;
-    uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;
   }
@@ -750,36 +673,28 @@ Load a little-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum64_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 8U + 1U; i++)
   {
     uint64_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)8U;
+    uint8_t *bj = tmp + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r1 = u;
     uint64_t x = r1;
@@ -796,14 +711,14 @@ Serialize a bignum into big-endian memory.
 */
 void Hacl_Bignum64_bn_to_bytes_be(uint32_t len, uint64_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store64_be(tmp + i * (uint32_t)8U, b[bnLen - i - (uint32_t)1U]);
+    store64_be(tmp + i * 8U, b[bnLen - i - 1U]);
   }
   memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t));
 }
@@ -816,14 +731,14 @@ Serialize a bignum into little-endian memory.
 */
 void Hacl_Bignum64_bn_to_bytes_le(uint32_t len, uint64_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t tmp[tmpLen];
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store64_le(tmp + i * (uint32_t)8U, b[i]);
+    store64_le(tmp + i * 8U, b[i]);
   }
   memcpy(res, tmp, len * sizeof (uint8_t));
 }
@@ -841,12 +756,12 @@ Returns 2^64 - 1 if a < b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum64_lt_mask(uint32_t len, uint64_t *a, uint64_t *b)
 {
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], b[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   return acc;
 }
@@ -858,8 +773,8 @@ Returns 2^64 - 1 if a = b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum64_eq_mask(uint32_t len, uint64_t *a, uint64_t *b)
 {
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;
diff --git a/src/Hacl_Chacha20.c b/src/Hacl_Chacha20.c
index 8966e19e..38a5c373 100644
--- a/src/Hacl_Chacha20.c
+++ b/src/Hacl_Chacha20.c
@@ -28,7 +28,7 @@
 const
 uint32_t
 Hacl_Impl_Chacha20_Vec_chacha20_constants[4U] =
-  { (uint32_t)0x61707865U, (uint32_t)0x3320646eU, (uint32_t)0x79622d32U, (uint32_t)0x6b206574U };
+  { 0x61707865U, 0x3320646eU, 0x79622d32U, 0x6b206574U };
 
 static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t c, uint32_t d)
 {
@@ -37,7 +37,7 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t std0 = st[d];
   uint32_t sta10 = sta + stb0;
   uint32_t std10 = std0 ^ sta10;
-  uint32_t std2 = std10 << (uint32_t)16U | std10 >> (uint32_t)16U;
+  uint32_t std2 = std10 << 16U | std10 >> 16U;
   st[a] = sta10;
   st[d] = std2;
   uint32_t sta0 = st[c];
@@ -45,7 +45,7 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t std3 = st[b];
   uint32_t sta11 = sta0 + stb1;
   uint32_t std11 = std3 ^ sta11;
-  uint32_t std20 = std11 << (uint32_t)12U | std11 >> (uint32_t)20U;
+  uint32_t std20 = std11 << 12U | std11 >> 20U;
   st[c] = sta11;
   st[b] = std20;
   uint32_t sta2 = st[a];
@@ -53,7 +53,7 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t std4 = st[d];
   uint32_t sta12 = sta2 + stb2;
   uint32_t std12 = std4 ^ sta12;
-  uint32_t std21 = std12 << (uint32_t)8U | std12 >> (uint32_t)24U;
+  uint32_t std21 = std12 << 8U | std12 >> 24U;
   st[a] = sta12;
   st[d] = std21;
   uint32_t sta3 = st[c];
@@ -61,21 +61,21 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t std = st[b];
   uint32_t sta1 = sta3 + stb;
   uint32_t std1 = std ^ sta1;
-  uint32_t std22 = std1 << (uint32_t)7U | std1 >> (uint32_t)25U;
+  uint32_t std22 = std1 << 7U | std1 >> 25U;
   st[c] = sta1;
   st[b] = std22;
 }
 
 static inline void double_round(uint32_t *st)
 {
-  quarter_round(st, (uint32_t)0U, (uint32_t)4U, (uint32_t)8U, (uint32_t)12U);
-  quarter_round(st, (uint32_t)1U, (uint32_t)5U, (uint32_t)9U, (uint32_t)13U);
-  quarter_round(st, (uint32_t)2U, (uint32_t)6U, (uint32_t)10U, (uint32_t)14U);
-  quarter_round(st, (uint32_t)3U, (uint32_t)7U, (uint32_t)11U, (uint32_t)15U);
-  quarter_round(st, (uint32_t)0U, (uint32_t)5U, (uint32_t)10U, (uint32_t)15U);
-  quarter_round(st, (uint32_t)1U, (uint32_t)6U, (uint32_t)11U, (uint32_t)12U);
-  quarter_round(st, (uint32_t)2U, (uint32_t)7U, (uint32_t)8U, (uint32_t)13U);
-  quarter_round(st, (uint32_t)3U, (uint32_t)4U, (uint32_t)9U, (uint32_t)14U);
+  quarter_round(st, 0U, 4U, 8U, 12U);
+  quarter_round(st, 1U, 5U, 9U, 13U);
+  quarter_round(st, 2U, 6U, 10U, 14U);
+  quarter_round(st, 3U, 7U, 11U, 15U);
+  quarter_round(st, 0U, 5U, 10U, 15U);
+  quarter_round(st, 1U, 6U, 11U, 12U);
+  quarter_round(st, 2U, 7U, 8U, 13U);
+  quarter_round(st, 3U, 4U, 9U, 14U);
 }
 
 static inline void rounds(uint32_t *st)
@@ -94,14 +94,14 @@ static inline void rounds(uint32_t *st)
 
 static inline void chacha20_core(uint32_t *k, uint32_t *ctx, uint32_t ctr)
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (uint32_t));
+  memcpy(k, ctx, 16U * sizeof (uint32_t));
   uint32_t ctr_u32 = ctr;
   k[12U] = k[12U] + ctr_u32;
   rounds(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = k;
     uint32_t x = k[i] + ctx[i];
     os[i] = x;);
@@ -110,35 +110,34 @@ static inline void chacha20_core(uint32_t *k, uint32_t *ctx, uint32_t ctr)
 
 static const
 uint32_t
-chacha20_constants[4U] =
-  { (uint32_t)0x61707865U, (uint32_t)0x3320646eU, (uint32_t)0x79622d32U, (uint32_t)0x6b206574U };
+chacha20_constants[4U] = { 0x61707865U, 0x3320646eU, 0x79622d32U, 0x6b206574U };
 
 void Hacl_Impl_Chacha20_chacha20_init(uint32_t *ctx, uint8_t *k, uint8_t *n, uint32_t ctr)
 {
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = ctx;
     uint32_t x = chacha20_constants[i];
     os[i] = x;);
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = ctx + (uint32_t)4U;
-    uint8_t *bj = k + i * (uint32_t)4U;
+    0U,
+    8U,
+    1U,
+    uint32_t *os = ctx + 4U;
+    uint8_t *bj = k + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   ctx[12U] = ctr;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
-    uint32_t *os = ctx + (uint32_t)13U;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    0U,
+    3U,
+    1U,
+    uint32_t *os = ctx + 13U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
@@ -151,27 +150,23 @@ static void chacha20_encrypt_block(uint32_t *ctx, uint8_t *out, uint32_t incr, u
   chacha20_core(k, ctx, incr);
   uint32_t bl[16U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = bl;
-    uint8_t *bj = text + i * (uint32_t)4U;
+    uint8_t *bj = text + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = bl;
     uint32_t x = bl[i] ^ k[i];
     os[i] = x;);
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    store32_le(out + i * (uint32_t)4U, bl[i]););
+  KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(out + i * 4U, bl[i]););
 }
 
 static inline void
@@ -186,16 +181,16 @@ chacha20_encrypt_last(uint32_t *ctx, uint32_t len, uint8_t *out, uint32_t incr,
 void
 Hacl_Impl_Chacha20_chacha20_update(uint32_t *ctx, uint32_t len, uint8_t *out, uint8_t *text)
 {
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    chacha20_encrypt_block(ctx, out + i * (uint32_t)64U, i, text + i * (uint32_t)64U);
+    chacha20_encrypt_block(ctx, out + i * 64U, i, text + i * 64U);
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    chacha20_encrypt_last(ctx, rem, out + nb * (uint32_t)64U, nb, text + nb * (uint32_t)64U);
+    chacha20_encrypt_last(ctx, rem, out + nb * 64U, nb, text + nb * 64U);
   }
 }
 
diff --git a/src/Hacl_Chacha20_Vec128.c b/src/Hacl_Chacha20_Vec128.c
index 1e0c4ec1..deab1dfc 100644
--- a/src/Hacl_Chacha20_Vec128.c
+++ b/src/Hacl_Chacha20_Vec128.c
@@ -32,100 +32,100 @@ static inline void double_round_128(Lib_IntVector_Intrinsics_vec128 *st)
 {
   st[0U] = Lib_IntVector_Intrinsics_vec128_add32(st[0U], st[4U]);
   Lib_IntVector_Intrinsics_vec128 std = Lib_IntVector_Intrinsics_vec128_xor(st[12U], st[0U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std, (uint32_t)16U);
+  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std, 16U);
   st[8U] = Lib_IntVector_Intrinsics_vec128_add32(st[8U], st[12U]);
   Lib_IntVector_Intrinsics_vec128 std0 = Lib_IntVector_Intrinsics_vec128_xor(st[4U], st[8U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std0, (uint32_t)12U);
+  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std0, 12U);
   st[0U] = Lib_IntVector_Intrinsics_vec128_add32(st[0U], st[4U]);
   Lib_IntVector_Intrinsics_vec128 std1 = Lib_IntVector_Intrinsics_vec128_xor(st[12U], st[0U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std1, (uint32_t)8U);
+  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std1, 8U);
   st[8U] = Lib_IntVector_Intrinsics_vec128_add32(st[8U], st[12U]);
   Lib_IntVector_Intrinsics_vec128 std2 = Lib_IntVector_Intrinsics_vec128_xor(st[4U], st[8U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std2, (uint32_t)7U);
+  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std2, 7U);
   st[1U] = Lib_IntVector_Intrinsics_vec128_add32(st[1U], st[5U]);
   Lib_IntVector_Intrinsics_vec128 std3 = Lib_IntVector_Intrinsics_vec128_xor(st[13U], st[1U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std3, (uint32_t)16U);
+  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std3, 16U);
   st[9U] = Lib_IntVector_Intrinsics_vec128_add32(st[9U], st[13U]);
   Lib_IntVector_Intrinsics_vec128 std4 = Lib_IntVector_Intrinsics_vec128_xor(st[5U], st[9U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std4, (uint32_t)12U);
+  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std4, 12U);
   st[1U] = Lib_IntVector_Intrinsics_vec128_add32(st[1U], st[5U]);
   Lib_IntVector_Intrinsics_vec128 std5 = Lib_IntVector_Intrinsics_vec128_xor(st[13U], st[1U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std5, (uint32_t)8U);
+  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std5, 8U);
   st[9U] = Lib_IntVector_Intrinsics_vec128_add32(st[9U], st[13U]);
   Lib_IntVector_Intrinsics_vec128 std6 = Lib_IntVector_Intrinsics_vec128_xor(st[5U], st[9U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std6, (uint32_t)7U);
+  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std6, 7U);
   st[2U] = Lib_IntVector_Intrinsics_vec128_add32(st[2U], st[6U]);
   Lib_IntVector_Intrinsics_vec128 std7 = Lib_IntVector_Intrinsics_vec128_xor(st[14U], st[2U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std7, (uint32_t)16U);
+  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std7, 16U);
   st[10U] = Lib_IntVector_Intrinsics_vec128_add32(st[10U], st[14U]);
   Lib_IntVector_Intrinsics_vec128 std8 = Lib_IntVector_Intrinsics_vec128_xor(st[6U], st[10U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std8, (uint32_t)12U);
+  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std8, 12U);
   st[2U] = Lib_IntVector_Intrinsics_vec128_add32(st[2U], st[6U]);
   Lib_IntVector_Intrinsics_vec128 std9 = Lib_IntVector_Intrinsics_vec128_xor(st[14U], st[2U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std9, (uint32_t)8U);
+  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std9, 8U);
   st[10U] = Lib_IntVector_Intrinsics_vec128_add32(st[10U], st[14U]);
   Lib_IntVector_Intrinsics_vec128 std10 = Lib_IntVector_Intrinsics_vec128_xor(st[6U], st[10U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std10, (uint32_t)7U);
+  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std10, 7U);
   st[3U] = Lib_IntVector_Intrinsics_vec128_add32(st[3U], st[7U]);
   Lib_IntVector_Intrinsics_vec128 std11 = Lib_IntVector_Intrinsics_vec128_xor(st[15U], st[3U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std11, (uint32_t)16U);
+  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std11, 16U);
   st[11U] = Lib_IntVector_Intrinsics_vec128_add32(st[11U], st[15U]);
   Lib_IntVector_Intrinsics_vec128 std12 = Lib_IntVector_Intrinsics_vec128_xor(st[7U], st[11U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std12, (uint32_t)12U);
+  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std12, 12U);
   st[3U] = Lib_IntVector_Intrinsics_vec128_add32(st[3U], st[7U]);
   Lib_IntVector_Intrinsics_vec128 std13 = Lib_IntVector_Intrinsics_vec128_xor(st[15U], st[3U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std13, (uint32_t)8U);
+  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std13, 8U);
   st[11U] = Lib_IntVector_Intrinsics_vec128_add32(st[11U], st[15U]);
   Lib_IntVector_Intrinsics_vec128 std14 = Lib_IntVector_Intrinsics_vec128_xor(st[7U], st[11U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std14, (uint32_t)7U);
+  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std14, 7U);
   st[0U] = Lib_IntVector_Intrinsics_vec128_add32(st[0U], st[5U]);
   Lib_IntVector_Intrinsics_vec128 std15 = Lib_IntVector_Intrinsics_vec128_xor(st[15U], st[0U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std15, (uint32_t)16U);
+  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std15, 16U);
   st[10U] = Lib_IntVector_Intrinsics_vec128_add32(st[10U], st[15U]);
   Lib_IntVector_Intrinsics_vec128 std16 = Lib_IntVector_Intrinsics_vec128_xor(st[5U], st[10U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std16, (uint32_t)12U);
+  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std16, 12U);
   st[0U] = Lib_IntVector_Intrinsics_vec128_add32(st[0U], st[5U]);
   Lib_IntVector_Intrinsics_vec128 std17 = Lib_IntVector_Intrinsics_vec128_xor(st[15U], st[0U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std17, (uint32_t)8U);
+  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std17, 8U);
   st[10U] = Lib_IntVector_Intrinsics_vec128_add32(st[10U], st[15U]);
   Lib_IntVector_Intrinsics_vec128 std18 = Lib_IntVector_Intrinsics_vec128_xor(st[5U], st[10U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std18, (uint32_t)7U);
+  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std18, 7U);
   st[1U] = Lib_IntVector_Intrinsics_vec128_add32(st[1U], st[6U]);
   Lib_IntVector_Intrinsics_vec128 std19 = Lib_IntVector_Intrinsics_vec128_xor(st[12U], st[1U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std19, (uint32_t)16U);
+  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std19, 16U);
   st[11U] = Lib_IntVector_Intrinsics_vec128_add32(st[11U], st[12U]);
   Lib_IntVector_Intrinsics_vec128 std20 = Lib_IntVector_Intrinsics_vec128_xor(st[6U], st[11U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std20, (uint32_t)12U);
+  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std20, 12U);
   st[1U] = Lib_IntVector_Intrinsics_vec128_add32(st[1U], st[6U]);
   Lib_IntVector_Intrinsics_vec128 std21 = Lib_IntVector_Intrinsics_vec128_xor(st[12U], st[1U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std21, (uint32_t)8U);
+  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std21, 8U);
   st[11U] = Lib_IntVector_Intrinsics_vec128_add32(st[11U], st[12U]);
   Lib_IntVector_Intrinsics_vec128 std22 = Lib_IntVector_Intrinsics_vec128_xor(st[6U], st[11U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std22, (uint32_t)7U);
+  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std22, 7U);
   st[2U] = Lib_IntVector_Intrinsics_vec128_add32(st[2U], st[7U]);
   Lib_IntVector_Intrinsics_vec128 std23 = Lib_IntVector_Intrinsics_vec128_xor(st[13U], st[2U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std23, (uint32_t)16U);
+  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std23, 16U);
   st[8U] = Lib_IntVector_Intrinsics_vec128_add32(st[8U], st[13U]);
   Lib_IntVector_Intrinsics_vec128 std24 = Lib_IntVector_Intrinsics_vec128_xor(st[7U], st[8U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std24, (uint32_t)12U);
+  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std24, 12U);
   st[2U] = Lib_IntVector_Intrinsics_vec128_add32(st[2U], st[7U]);
   Lib_IntVector_Intrinsics_vec128 std25 = Lib_IntVector_Intrinsics_vec128_xor(st[13U], st[2U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std25, (uint32_t)8U);
+  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std25, 8U);
   st[8U] = Lib_IntVector_Intrinsics_vec128_add32(st[8U], st[13U]);
   Lib_IntVector_Intrinsics_vec128 std26 = Lib_IntVector_Intrinsics_vec128_xor(st[7U], st[8U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std26, (uint32_t)7U);
+  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std26, 7U);
   st[3U] = Lib_IntVector_Intrinsics_vec128_add32(st[3U], st[4U]);
   Lib_IntVector_Intrinsics_vec128 std27 = Lib_IntVector_Intrinsics_vec128_xor(st[14U], st[3U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std27, (uint32_t)16U);
+  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std27, 16U);
   st[9U] = Lib_IntVector_Intrinsics_vec128_add32(st[9U], st[14U]);
   Lib_IntVector_Intrinsics_vec128 std28 = Lib_IntVector_Intrinsics_vec128_xor(st[4U], st[9U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std28, (uint32_t)12U);
+  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std28, 12U);
   st[3U] = Lib_IntVector_Intrinsics_vec128_add32(st[3U], st[4U]);
   Lib_IntVector_Intrinsics_vec128 std29 = Lib_IntVector_Intrinsics_vec128_xor(st[14U], st[3U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std29, (uint32_t)8U);
+  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std29, 8U);
   st[9U] = Lib_IntVector_Intrinsics_vec128_add32(st[9U], st[14U]);
   Lib_IntVector_Intrinsics_vec128 std30 = Lib_IntVector_Intrinsics_vec128_xor(st[4U], st[9U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std30, (uint32_t)7U);
+  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std30, 7U);
 }
 
 static inline void
@@ -135,8 +135,8 @@ chacha20_core_128(
   uint32_t ctr
 )
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  uint32_t ctr_u32 = (uint32_t)4U * ctr;
+  memcpy(k, ctx, 16U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  uint32_t ctr_u32 = 4U * ctr;
   Lib_IntVector_Intrinsics_vec128 cv = Lib_IntVector_Intrinsics_vec128_load32(ctr_u32);
   k[12U] = Lib_IntVector_Intrinsics_vec128_add32(k[12U], cv);
   double_round_128(k);
@@ -150,9 +150,9 @@ chacha20_core_128(
   double_round_128(k);
   double_round_128(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = k;
     Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_add32(k[i], ctx[i]);
     os[i] = x;);
@@ -164,47 +164,42 @@ chacha20_init_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *k, uint8_t *n,
 {
   uint32_t ctx1[16U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = ctx1;
     uint32_t x = Hacl_Impl_Chacha20_Vec_chacha20_constants[i];
     os[i] = x;);
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)4U;
-    uint8_t *bj = k + i * (uint32_t)4U;
+    0U,
+    8U,
+    1U,
+    uint32_t *os = ctx1 + 4U;
+    uint8_t *bj = k + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   ctx1[12U] = ctr;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)13U;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    0U,
+    3U,
+    1U,
+    uint32_t *os = ctx1 + 13U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = ctx;
     uint32_t x = ctx1[i];
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_load32(x);
     os[i] = x0;);
-  Lib_IntVector_Intrinsics_vec128
-  ctr1 =
-    Lib_IntVector_Intrinsics_vec128_load32s((uint32_t)0U,
-      (uint32_t)1U,
-      (uint32_t)2U,
-      (uint32_t)3U);
+  Lib_IntVector_Intrinsics_vec128 ctr1 = Lib_IntVector_Intrinsics_vec128_load32s(0U, 1U, 2U, 3U);
   Lib_IntVector_Intrinsics_vec128 c12 = ctx[12U];
   ctx[12U] = Lib_IntVector_Intrinsics_vec128_add32(c12, ctr1);
 }
@@ -221,13 +216,13 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ctx[16U] KRML_POST_ALIGN(16) = { 0U };
   chacha20_init_128(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)256U;
-  uint32_t nb = len / (uint32_t)256U;
-  uint32_t rem1 = len % (uint32_t)256U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 256U;
+  uint32_t nb = len / 256U;
+  uint32_t rem1 = len % 256U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *uu____0 = out + i * (uint32_t)256U;
-    uint8_t *uu____1 = text + i * (uint32_t)256U;
+    uint8_t *uu____0 = out + i * 256U;
+    uint8_t *uu____1 = text + i * 256U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, i);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -359,19 +354,19 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
     k[14U] = v11;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i0,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec128
-      x = Lib_IntVector_Intrinsics_vec128_load32_le(uu____1 + i0 * (uint32_t)16U);
+      x = Lib_IntVector_Intrinsics_vec128_load32_le(uu____1 + i0 * 16U);
       Lib_IntVector_Intrinsics_vec128 y = Lib_IntVector_Intrinsics_vec128_xor(x, k[i0]);
-      Lib_IntVector_Intrinsics_vec128_store32_le(uu____0 + i0 * (uint32_t)16U, y););
+      Lib_IntVector_Intrinsics_vec128_store32_le(uu____0 + i0 * 16U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)256U;
+    uint8_t *uu____2 = out + nb * 256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, text + nb * (uint32_t)256U, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * 256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -503,13 +498,13 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
     k[14U] = v11;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec128
-      x = Lib_IntVector_Intrinsics_vec128_load32_le(plain + i * (uint32_t)16U);
+      x = Lib_IntVector_Intrinsics_vec128_load32_le(plain + i * 16U);
       Lib_IntVector_Intrinsics_vec128 y = Lib_IntVector_Intrinsics_vec128_xor(x, k[i]);
-      Lib_IntVector_Intrinsics_vec128_store32_le(plain + i * (uint32_t)16U, y););
+      Lib_IntVector_Intrinsics_vec128_store32_le(plain + i * 16U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -526,13 +521,13 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ctx[16U] KRML_POST_ALIGN(16) = { 0U };
   chacha20_init_128(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)256U;
-  uint32_t nb = len / (uint32_t)256U;
-  uint32_t rem1 = len % (uint32_t)256U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 256U;
+  uint32_t nb = len / 256U;
+  uint32_t rem1 = len % 256U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *uu____0 = out + i * (uint32_t)256U;
-    uint8_t *uu____1 = cipher + i * (uint32_t)256U;
+    uint8_t *uu____0 = out + i * 256U;
+    uint8_t *uu____1 = cipher + i * 256U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, i);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -664,19 +659,19 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
     k[14U] = v11;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i0,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec128
-      x = Lib_IntVector_Intrinsics_vec128_load32_le(uu____1 + i0 * (uint32_t)16U);
+      x = Lib_IntVector_Intrinsics_vec128_load32_le(uu____1 + i0 * 16U);
       Lib_IntVector_Intrinsics_vec128 y = Lib_IntVector_Intrinsics_vec128_xor(x, k[i0]);
-      Lib_IntVector_Intrinsics_vec128_store32_le(uu____0 + i0 * (uint32_t)16U, y););
+      Lib_IntVector_Intrinsics_vec128_store32_le(uu____0 + i0 * 16U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)256U;
+    uint8_t *uu____2 = out + nb * 256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, cipher + nb * (uint32_t)256U, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * 256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -808,13 +803,13 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
     k[14U] = v11;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec128
-      x = Lib_IntVector_Intrinsics_vec128_load32_le(plain + i * (uint32_t)16U);
+      x = Lib_IntVector_Intrinsics_vec128_load32_le(plain + i * 16U);
       Lib_IntVector_Intrinsics_vec128 y = Lib_IntVector_Intrinsics_vec128_xor(x, k[i]);
-      Lib_IntVector_Intrinsics_vec128_store32_le(plain + i * (uint32_t)16U, y););
+      Lib_IntVector_Intrinsics_vec128_store32_le(plain + i * 16U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
diff --git a/src/Hacl_Chacha20_Vec256.c b/src/Hacl_Chacha20_Vec256.c
index 620f5040..e61a7cfe 100644
--- a/src/Hacl_Chacha20_Vec256.c
+++ b/src/Hacl_Chacha20_Vec256.c
@@ -32,100 +32,100 @@ static inline void double_round_256(Lib_IntVector_Intrinsics_vec256 *st)
 {
   st[0U] = Lib_IntVector_Intrinsics_vec256_add32(st[0U], st[4U]);
   Lib_IntVector_Intrinsics_vec256 std = Lib_IntVector_Intrinsics_vec256_xor(st[12U], st[0U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std, (uint32_t)16U);
+  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std, 16U);
   st[8U] = Lib_IntVector_Intrinsics_vec256_add32(st[8U], st[12U]);
   Lib_IntVector_Intrinsics_vec256 std0 = Lib_IntVector_Intrinsics_vec256_xor(st[4U], st[8U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std0, (uint32_t)12U);
+  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std0, 12U);
   st[0U] = Lib_IntVector_Intrinsics_vec256_add32(st[0U], st[4U]);
   Lib_IntVector_Intrinsics_vec256 std1 = Lib_IntVector_Intrinsics_vec256_xor(st[12U], st[0U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std1, (uint32_t)8U);
+  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std1, 8U);
   st[8U] = Lib_IntVector_Intrinsics_vec256_add32(st[8U], st[12U]);
   Lib_IntVector_Intrinsics_vec256 std2 = Lib_IntVector_Intrinsics_vec256_xor(st[4U], st[8U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std2, (uint32_t)7U);
+  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std2, 7U);
   st[1U] = Lib_IntVector_Intrinsics_vec256_add32(st[1U], st[5U]);
   Lib_IntVector_Intrinsics_vec256 std3 = Lib_IntVector_Intrinsics_vec256_xor(st[13U], st[1U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std3, (uint32_t)16U);
+  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std3, 16U);
   st[9U] = Lib_IntVector_Intrinsics_vec256_add32(st[9U], st[13U]);
   Lib_IntVector_Intrinsics_vec256 std4 = Lib_IntVector_Intrinsics_vec256_xor(st[5U], st[9U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std4, (uint32_t)12U);
+  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std4, 12U);
   st[1U] = Lib_IntVector_Intrinsics_vec256_add32(st[1U], st[5U]);
   Lib_IntVector_Intrinsics_vec256 std5 = Lib_IntVector_Intrinsics_vec256_xor(st[13U], st[1U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std5, (uint32_t)8U);
+  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std5, 8U);
   st[9U] = Lib_IntVector_Intrinsics_vec256_add32(st[9U], st[13U]);
   Lib_IntVector_Intrinsics_vec256 std6 = Lib_IntVector_Intrinsics_vec256_xor(st[5U], st[9U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std6, (uint32_t)7U);
+  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std6, 7U);
   st[2U] = Lib_IntVector_Intrinsics_vec256_add32(st[2U], st[6U]);
   Lib_IntVector_Intrinsics_vec256 std7 = Lib_IntVector_Intrinsics_vec256_xor(st[14U], st[2U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std7, (uint32_t)16U);
+  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std7, 16U);
   st[10U] = Lib_IntVector_Intrinsics_vec256_add32(st[10U], st[14U]);
   Lib_IntVector_Intrinsics_vec256 std8 = Lib_IntVector_Intrinsics_vec256_xor(st[6U], st[10U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std8, (uint32_t)12U);
+  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std8, 12U);
   st[2U] = Lib_IntVector_Intrinsics_vec256_add32(st[2U], st[6U]);
   Lib_IntVector_Intrinsics_vec256 std9 = Lib_IntVector_Intrinsics_vec256_xor(st[14U], st[2U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std9, (uint32_t)8U);
+  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std9, 8U);
   st[10U] = Lib_IntVector_Intrinsics_vec256_add32(st[10U], st[14U]);
   Lib_IntVector_Intrinsics_vec256 std10 = Lib_IntVector_Intrinsics_vec256_xor(st[6U], st[10U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std10, (uint32_t)7U);
+  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std10, 7U);
   st[3U] = Lib_IntVector_Intrinsics_vec256_add32(st[3U], st[7U]);
   Lib_IntVector_Intrinsics_vec256 std11 = Lib_IntVector_Intrinsics_vec256_xor(st[15U], st[3U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std11, (uint32_t)16U);
+  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std11, 16U);
   st[11U] = Lib_IntVector_Intrinsics_vec256_add32(st[11U], st[15U]);
   Lib_IntVector_Intrinsics_vec256 std12 = Lib_IntVector_Intrinsics_vec256_xor(st[7U], st[11U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std12, (uint32_t)12U);
+  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std12, 12U);
   st[3U] = Lib_IntVector_Intrinsics_vec256_add32(st[3U], st[7U]);
   Lib_IntVector_Intrinsics_vec256 std13 = Lib_IntVector_Intrinsics_vec256_xor(st[15U], st[3U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std13, (uint32_t)8U);
+  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std13, 8U);
   st[11U] = Lib_IntVector_Intrinsics_vec256_add32(st[11U], st[15U]);
   Lib_IntVector_Intrinsics_vec256 std14 = Lib_IntVector_Intrinsics_vec256_xor(st[7U], st[11U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std14, (uint32_t)7U);
+  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std14, 7U);
   st[0U] = Lib_IntVector_Intrinsics_vec256_add32(st[0U], st[5U]);
   Lib_IntVector_Intrinsics_vec256 std15 = Lib_IntVector_Intrinsics_vec256_xor(st[15U], st[0U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std15, (uint32_t)16U);
+  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std15, 16U);
   st[10U] = Lib_IntVector_Intrinsics_vec256_add32(st[10U], st[15U]);
   Lib_IntVector_Intrinsics_vec256 std16 = Lib_IntVector_Intrinsics_vec256_xor(st[5U], st[10U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std16, (uint32_t)12U);
+  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std16, 12U);
   st[0U] = Lib_IntVector_Intrinsics_vec256_add32(st[0U], st[5U]);
   Lib_IntVector_Intrinsics_vec256 std17 = Lib_IntVector_Intrinsics_vec256_xor(st[15U], st[0U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std17, (uint32_t)8U);
+  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std17, 8U);
   st[10U] = Lib_IntVector_Intrinsics_vec256_add32(st[10U], st[15U]);
   Lib_IntVector_Intrinsics_vec256 std18 = Lib_IntVector_Intrinsics_vec256_xor(st[5U], st[10U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std18, (uint32_t)7U);
+  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std18, 7U);
   st[1U] = Lib_IntVector_Intrinsics_vec256_add32(st[1U], st[6U]);
   Lib_IntVector_Intrinsics_vec256 std19 = Lib_IntVector_Intrinsics_vec256_xor(st[12U], st[1U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std19, (uint32_t)16U);
+  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std19, 16U);
   st[11U] = Lib_IntVector_Intrinsics_vec256_add32(st[11U], st[12U]);
   Lib_IntVector_Intrinsics_vec256 std20 = Lib_IntVector_Intrinsics_vec256_xor(st[6U], st[11U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std20, (uint32_t)12U);
+  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std20, 12U);
   st[1U] = Lib_IntVector_Intrinsics_vec256_add32(st[1U], st[6U]);
   Lib_IntVector_Intrinsics_vec256 std21 = Lib_IntVector_Intrinsics_vec256_xor(st[12U], st[1U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std21, (uint32_t)8U);
+  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std21, 8U);
   st[11U] = Lib_IntVector_Intrinsics_vec256_add32(st[11U], st[12U]);
   Lib_IntVector_Intrinsics_vec256 std22 = Lib_IntVector_Intrinsics_vec256_xor(st[6U], st[11U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std22, (uint32_t)7U);
+  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std22, 7U);
   st[2U] = Lib_IntVector_Intrinsics_vec256_add32(st[2U], st[7U]);
   Lib_IntVector_Intrinsics_vec256 std23 = Lib_IntVector_Intrinsics_vec256_xor(st[13U], st[2U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std23, (uint32_t)16U);
+  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std23, 16U);
   st[8U] = Lib_IntVector_Intrinsics_vec256_add32(st[8U], st[13U]);
   Lib_IntVector_Intrinsics_vec256 std24 = Lib_IntVector_Intrinsics_vec256_xor(st[7U], st[8U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std24, (uint32_t)12U);
+  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std24, 12U);
   st[2U] = Lib_IntVector_Intrinsics_vec256_add32(st[2U], st[7U]);
   Lib_IntVector_Intrinsics_vec256 std25 = Lib_IntVector_Intrinsics_vec256_xor(st[13U], st[2U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std25, (uint32_t)8U);
+  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std25, 8U);
   st[8U] = Lib_IntVector_Intrinsics_vec256_add32(st[8U], st[13U]);
   Lib_IntVector_Intrinsics_vec256 std26 = Lib_IntVector_Intrinsics_vec256_xor(st[7U], st[8U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std26, (uint32_t)7U);
+  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std26, 7U);
   st[3U] = Lib_IntVector_Intrinsics_vec256_add32(st[3U], st[4U]);
   Lib_IntVector_Intrinsics_vec256 std27 = Lib_IntVector_Intrinsics_vec256_xor(st[14U], st[3U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std27, (uint32_t)16U);
+  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std27, 16U);
   st[9U] = Lib_IntVector_Intrinsics_vec256_add32(st[9U], st[14U]);
   Lib_IntVector_Intrinsics_vec256 std28 = Lib_IntVector_Intrinsics_vec256_xor(st[4U], st[9U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std28, (uint32_t)12U);
+  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std28, 12U);
   st[3U] = Lib_IntVector_Intrinsics_vec256_add32(st[3U], st[4U]);
   Lib_IntVector_Intrinsics_vec256 std29 = Lib_IntVector_Intrinsics_vec256_xor(st[14U], st[3U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std29, (uint32_t)8U);
+  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std29, 8U);
   st[9U] = Lib_IntVector_Intrinsics_vec256_add32(st[9U], st[14U]);
   Lib_IntVector_Intrinsics_vec256 std30 = Lib_IntVector_Intrinsics_vec256_xor(st[4U], st[9U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std30, (uint32_t)7U);
+  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std30, 7U);
 }
 
 static inline void
@@ -135,8 +135,8 @@ chacha20_core_256(
   uint32_t ctr
 )
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  uint32_t ctr_u32 = (uint32_t)8U * ctr;
+  memcpy(k, ctx, 16U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  uint32_t ctr_u32 = 8U * ctr;
   Lib_IntVector_Intrinsics_vec256 cv = Lib_IntVector_Intrinsics_vec256_load32(ctr_u32);
   k[12U] = Lib_IntVector_Intrinsics_vec256_add32(k[12U], cv);
   double_round_256(k);
@@ -150,9 +150,9 @@ chacha20_core_256(
   double_round_256(k);
   double_round_256(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = k;
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_add32(k[i], ctx[i]);
     os[i] = x;);
@@ -164,51 +164,43 @@ chacha20_init_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *k, uint8_t *n,
 {
   uint32_t ctx1[16U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = ctx1;
     uint32_t x = Hacl_Impl_Chacha20_Vec_chacha20_constants[i];
     os[i] = x;);
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)4U;
-    uint8_t *bj = k + i * (uint32_t)4U;
+    0U,
+    8U,
+    1U,
+    uint32_t *os = ctx1 + 4U;
+    uint8_t *bj = k + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   ctx1[12U] = ctr;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)13U;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    0U,
+    3U,
+    1U,
+    uint32_t *os = ctx1 + 13U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = ctx;
     uint32_t x = ctx1[i];
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_load32(x);
     os[i] = x0;);
   Lib_IntVector_Intrinsics_vec256
-  ctr1 =
-    Lib_IntVector_Intrinsics_vec256_load32s((uint32_t)0U,
-      (uint32_t)1U,
-      (uint32_t)2U,
-      (uint32_t)3U,
-      (uint32_t)4U,
-      (uint32_t)5U,
-      (uint32_t)6U,
-      (uint32_t)7U);
+  ctr1 = Lib_IntVector_Intrinsics_vec256_load32s(0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U);
   Lib_IntVector_Intrinsics_vec256 c12 = ctx[12U];
   ctx[12U] = Lib_IntVector_Intrinsics_vec256_add32(c12, ctr1);
 }
@@ -225,13 +217,13 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ctx[16U] KRML_POST_ALIGN(32) = { 0U };
   chacha20_init_256(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)512U;
-  uint32_t nb = len / (uint32_t)512U;
-  uint32_t rem1 = len % (uint32_t)512U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 512U;
+  uint32_t nb = len / 512U;
+  uint32_t rem1 = len % 512U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *uu____0 = out + i * (uint32_t)512U;
-    uint8_t *uu____1 = text + i * (uint32_t)512U;
+    uint8_t *uu____0 = out + i * 512U;
+    uint8_t *uu____1 = text + i * 512U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, i);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -459,19 +451,19 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
     k[14U] = v7;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i0,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec256
-      x = Lib_IntVector_Intrinsics_vec256_load32_le(uu____1 + i0 * (uint32_t)32U);
+      x = Lib_IntVector_Intrinsics_vec256_load32_le(uu____1 + i0 * 32U);
       Lib_IntVector_Intrinsics_vec256 y = Lib_IntVector_Intrinsics_vec256_xor(x, k[i0]);
-      Lib_IntVector_Intrinsics_vec256_store32_le(uu____0 + i0 * (uint32_t)32U, y););
+      Lib_IntVector_Intrinsics_vec256_store32_le(uu____0 + i0 * 32U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)512U;
+    uint8_t *uu____2 = out + nb * 512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, text + nb * (uint32_t)512U, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * 512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -699,13 +691,13 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
     k[14U] = v7;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec256
-      x = Lib_IntVector_Intrinsics_vec256_load32_le(plain + i * (uint32_t)32U);
+      x = Lib_IntVector_Intrinsics_vec256_load32_le(plain + i * 32U);
       Lib_IntVector_Intrinsics_vec256 y = Lib_IntVector_Intrinsics_vec256_xor(x, k[i]);
-      Lib_IntVector_Intrinsics_vec256_store32_le(plain + i * (uint32_t)32U, y););
+      Lib_IntVector_Intrinsics_vec256_store32_le(plain + i * 32U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -722,13 +714,13 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ctx[16U] KRML_POST_ALIGN(32) = { 0U };
   chacha20_init_256(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)512U;
-  uint32_t nb = len / (uint32_t)512U;
-  uint32_t rem1 = len % (uint32_t)512U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 512U;
+  uint32_t nb = len / 512U;
+  uint32_t rem1 = len % 512U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *uu____0 = out + i * (uint32_t)512U;
-    uint8_t *uu____1 = cipher + i * (uint32_t)512U;
+    uint8_t *uu____0 = out + i * 512U;
+    uint8_t *uu____1 = cipher + i * 512U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, i);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -956,19 +948,19 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
     k[14U] = v7;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i0,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec256
-      x = Lib_IntVector_Intrinsics_vec256_load32_le(uu____1 + i0 * (uint32_t)32U);
+      x = Lib_IntVector_Intrinsics_vec256_load32_le(uu____1 + i0 * 32U);
       Lib_IntVector_Intrinsics_vec256 y = Lib_IntVector_Intrinsics_vec256_xor(x, k[i0]);
-      Lib_IntVector_Intrinsics_vec256_store32_le(uu____0 + i0 * (uint32_t)32U, y););
+      Lib_IntVector_Intrinsics_vec256_store32_le(uu____0 + i0 * 32U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)512U;
+    uint8_t *uu____2 = out + nb * 512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, cipher + nb * (uint32_t)512U, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * 512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -1196,13 +1188,13 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
     k[14U] = v7;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec256
-      x = Lib_IntVector_Intrinsics_vec256_load32_le(plain + i * (uint32_t)32U);
+      x = Lib_IntVector_Intrinsics_vec256_load32_le(plain + i * 32U);
       Lib_IntVector_Intrinsics_vec256 y = Lib_IntVector_Intrinsics_vec256_xor(x, k[i]);
-      Lib_IntVector_Intrinsics_vec256_store32_le(plain + i * (uint32_t)32U, y););
+      Lib_IntVector_Intrinsics_vec256_store32_le(plain + i * 32U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
diff --git a/src/Hacl_Chacha20_Vec32.c b/src/Hacl_Chacha20_Vec32.c
index 2bf4764c..0dce915c 100644
--- a/src/Hacl_Chacha20_Vec32.c
+++ b/src/Hacl_Chacha20_Vec32.c
@@ -31,106 +31,106 @@ static inline void double_round_32(uint32_t *st)
 {
   st[0U] = st[0U] + st[4U];
   uint32_t std = st[12U] ^ st[0U];
-  st[12U] = std << (uint32_t)16U | std >> (uint32_t)16U;
+  st[12U] = std << 16U | std >> 16U;
   st[8U] = st[8U] + st[12U];
   uint32_t std0 = st[4U] ^ st[8U];
-  st[4U] = std0 << (uint32_t)12U | std0 >> (uint32_t)20U;
+  st[4U] = std0 << 12U | std0 >> 20U;
   st[0U] = st[0U] + st[4U];
   uint32_t std1 = st[12U] ^ st[0U];
-  st[12U] = std1 << (uint32_t)8U | std1 >> (uint32_t)24U;
+  st[12U] = std1 << 8U | std1 >> 24U;
   st[8U] = st[8U] + st[12U];
   uint32_t std2 = st[4U] ^ st[8U];
-  st[4U] = std2 << (uint32_t)7U | std2 >> (uint32_t)25U;
+  st[4U] = std2 << 7U | std2 >> 25U;
   st[1U] = st[1U] + st[5U];
   uint32_t std3 = st[13U] ^ st[1U];
-  st[13U] = std3 << (uint32_t)16U | std3 >> (uint32_t)16U;
+  st[13U] = std3 << 16U | std3 >> 16U;
   st[9U] = st[9U] + st[13U];
   uint32_t std4 = st[5U] ^ st[9U];
-  st[5U] = std4 << (uint32_t)12U | std4 >> (uint32_t)20U;
+  st[5U] = std4 << 12U | std4 >> 20U;
   st[1U] = st[1U] + st[5U];
   uint32_t std5 = st[13U] ^ st[1U];
-  st[13U] = std5 << (uint32_t)8U | std5 >> (uint32_t)24U;
+  st[13U] = std5 << 8U | std5 >> 24U;
   st[9U] = st[9U] + st[13U];
   uint32_t std6 = st[5U] ^ st[9U];
-  st[5U] = std6 << (uint32_t)7U | std6 >> (uint32_t)25U;
+  st[5U] = std6 << 7U | std6 >> 25U;
   st[2U] = st[2U] + st[6U];
   uint32_t std7 = st[14U] ^ st[2U];
-  st[14U] = std7 << (uint32_t)16U | std7 >> (uint32_t)16U;
+  st[14U] = std7 << 16U | std7 >> 16U;
   st[10U] = st[10U] + st[14U];
   uint32_t std8 = st[6U] ^ st[10U];
-  st[6U] = std8 << (uint32_t)12U | std8 >> (uint32_t)20U;
+  st[6U] = std8 << 12U | std8 >> 20U;
   st[2U] = st[2U] + st[6U];
   uint32_t std9 = st[14U] ^ st[2U];
-  st[14U] = std9 << (uint32_t)8U | std9 >> (uint32_t)24U;
+  st[14U] = std9 << 8U | std9 >> 24U;
   st[10U] = st[10U] + st[14U];
   uint32_t std10 = st[6U] ^ st[10U];
-  st[6U] = std10 << (uint32_t)7U | std10 >> (uint32_t)25U;
+  st[6U] = std10 << 7U | std10 >> 25U;
   st[3U] = st[3U] + st[7U];
   uint32_t std11 = st[15U] ^ st[3U];
-  st[15U] = std11 << (uint32_t)16U | std11 >> (uint32_t)16U;
+  st[15U] = std11 << 16U | std11 >> 16U;
   st[11U] = st[11U] + st[15U];
   uint32_t std12 = st[7U] ^ st[11U];
-  st[7U] = std12 << (uint32_t)12U | std12 >> (uint32_t)20U;
+  st[7U] = std12 << 12U | std12 >> 20U;
   st[3U] = st[3U] + st[7U];
   uint32_t std13 = st[15U] ^ st[3U];
-  st[15U] = std13 << (uint32_t)8U | std13 >> (uint32_t)24U;
+  st[15U] = std13 << 8U | std13 >> 24U;
   st[11U] = st[11U] + st[15U];
   uint32_t std14 = st[7U] ^ st[11U];
-  st[7U] = std14 << (uint32_t)7U | std14 >> (uint32_t)25U;
+  st[7U] = std14 << 7U | std14 >> 25U;
   st[0U] = st[0U] + st[5U];
   uint32_t std15 = st[15U] ^ st[0U];
-  st[15U] = std15 << (uint32_t)16U | std15 >> (uint32_t)16U;
+  st[15U] = std15 << 16U | std15 >> 16U;
   st[10U] = st[10U] + st[15U];
   uint32_t std16 = st[5U] ^ st[10U];
-  st[5U] = std16 << (uint32_t)12U | std16 >> (uint32_t)20U;
+  st[5U] = std16 << 12U | std16 >> 20U;
   st[0U] = st[0U] + st[5U];
   uint32_t std17 = st[15U] ^ st[0U];
-  st[15U] = std17 << (uint32_t)8U | std17 >> (uint32_t)24U;
+  st[15U] = std17 << 8U | std17 >> 24U;
   st[10U] = st[10U] + st[15U];
   uint32_t std18 = st[5U] ^ st[10U];
-  st[5U] = std18 << (uint32_t)7U | std18 >> (uint32_t)25U;
+  st[5U] = std18 << 7U | std18 >> 25U;
   st[1U] = st[1U] + st[6U];
   uint32_t std19 = st[12U] ^ st[1U];
-  st[12U] = std19 << (uint32_t)16U | std19 >> (uint32_t)16U;
+  st[12U] = std19 << 16U | std19 >> 16U;
   st[11U] = st[11U] + st[12U];
   uint32_t std20 = st[6U] ^ st[11U];
-  st[6U] = std20 << (uint32_t)12U | std20 >> (uint32_t)20U;
+  st[6U] = std20 << 12U | std20 >> 20U;
   st[1U] = st[1U] + st[6U];
   uint32_t std21 = st[12U] ^ st[1U];
-  st[12U] = std21 << (uint32_t)8U | std21 >> (uint32_t)24U;
+  st[12U] = std21 << 8U | std21 >> 24U;
   st[11U] = st[11U] + st[12U];
   uint32_t std22 = st[6U] ^ st[11U];
-  st[6U] = std22 << (uint32_t)7U | std22 >> (uint32_t)25U;
+  st[6U] = std22 << 7U | std22 >> 25U;
   st[2U] = st[2U] + st[7U];
   uint32_t std23 = st[13U] ^ st[2U];
-  st[13U] = std23 << (uint32_t)16U | std23 >> (uint32_t)16U;
+  st[13U] = std23 << 16U | std23 >> 16U;
   st[8U] = st[8U] + st[13U];
   uint32_t std24 = st[7U] ^ st[8U];
-  st[7U] = std24 << (uint32_t)12U | std24 >> (uint32_t)20U;
+  st[7U] = std24 << 12U | std24 >> 20U;
   st[2U] = st[2U] + st[7U];
   uint32_t std25 = st[13U] ^ st[2U];
-  st[13U] = std25 << (uint32_t)8U | std25 >> (uint32_t)24U;
+  st[13U] = std25 << 8U | std25 >> 24U;
   st[8U] = st[8U] + st[13U];
   uint32_t std26 = st[7U] ^ st[8U];
-  st[7U] = std26 << (uint32_t)7U | std26 >> (uint32_t)25U;
+  st[7U] = std26 << 7U | std26 >> 25U;
   st[3U] = st[3U] + st[4U];
   uint32_t std27 = st[14U] ^ st[3U];
-  st[14U] = std27 << (uint32_t)16U | std27 >> (uint32_t)16U;
+  st[14U] = std27 << 16U | std27 >> 16U;
   st[9U] = st[9U] + st[14U];
   uint32_t std28 = st[4U] ^ st[9U];
-  st[4U] = std28 << (uint32_t)12U | std28 >> (uint32_t)20U;
+  st[4U] = std28 << 12U | std28 >> 20U;
   st[3U] = st[3U] + st[4U];
   uint32_t std29 = st[14U] ^ st[3U];
-  st[14U] = std29 << (uint32_t)8U | std29 >> (uint32_t)24U;
+  st[14U] = std29 << 8U | std29 >> 24U;
   st[9U] = st[9U] + st[14U];
   uint32_t std30 = st[4U] ^ st[9U];
-  st[4U] = std30 << (uint32_t)7U | std30 >> (uint32_t)25U;
+  st[4U] = std30 << 7U | std30 >> 25U;
 }
 
 static inline void chacha20_core_32(uint32_t *k, uint32_t *ctx, uint32_t ctr)
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (uint32_t));
-  uint32_t ctr_u32 = (uint32_t)1U * ctr;
+  memcpy(k, ctx, 16U * sizeof (uint32_t));
+  uint32_t ctr_u32 = 1U * ctr;
   uint32_t cv = ctr_u32;
   k[12U] = k[12U] + cv;
   double_round_32(k);
@@ -144,9 +144,9 @@ static inline void chacha20_core_32(uint32_t *k, uint32_t *ctx, uint32_t ctr)
   double_round_32(k);
   double_round_32(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = k;
     uint32_t x = k[i] + ctx[i];
     os[i] = x;);
@@ -157,41 +157,41 @@ static inline void chacha20_init_32(uint32_t *ctx, uint8_t *k, uint8_t *n, uint3
 {
   uint32_t ctx1[16U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = ctx1;
     uint32_t x = Hacl_Impl_Chacha20_Vec_chacha20_constants[i];
     os[i] = x;);
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)4U;
-    uint8_t *bj = k + i * (uint32_t)4U;
+    0U,
+    8U,
+    1U,
+    uint32_t *os = ctx1 + 4U;
+    uint8_t *bj = k + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   ctx1[12U] = ctr;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)13U;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    0U,
+    3U,
+    1U,
+    uint32_t *os = ctx1 + 13U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = ctx;
     uint32_t x = ctx1[i];
     os[i] = x;);
-  uint32_t ctr1 = (uint32_t)0U;
+  uint32_t ctr1 = 0U;
   uint32_t c12 = ctx[12U];
   ctx[12U] = c12 + ctr1;
 }
@@ -208,39 +208,39 @@ Hacl_Chacha20_Vec32_chacha20_encrypt_32(
 {
   uint32_t ctx[16U] = { 0U };
   chacha20_init_32(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < nb; i0++)
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i0 = 0U; i0 < nb; i0++)
   {
-    uint8_t *uu____0 = out + i0 * (uint32_t)64U;
-    uint8_t *uu____1 = text + i0 * (uint32_t)64U;
+    uint8_t *uu____0 = out + i0 * 64U;
+    uint8_t *uu____1 = text + i0 * 64U;
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, i0);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t u = load32_le(uu____1 + i * (uint32_t)4U);
+      0U,
+      16U,
+      1U,
+      uint32_t u = load32_le(uu____1 + i * 4U);
       uint32_t x = u;
       uint32_t y = x ^ k[i];
-      store32_le(uu____0 + i * (uint32_t)4U, y););
+      store32_le(uu____0 + i * 4U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)64U;
+    uint8_t *uu____2 = out + nb * 64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * 64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t u = load32_le(plain + i * (uint32_t)4U);
+      0U,
+      16U,
+      1U,
+      uint32_t u = load32_le(plain + i * 4U);
       uint32_t x = u;
       uint32_t y = x ^ k[i];
-      store32_le(plain + i * (uint32_t)4U, y););
+      store32_le(plain + i * 4U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -257,39 +257,39 @@ Hacl_Chacha20_Vec32_chacha20_decrypt_32(
 {
   uint32_t ctx[16U] = { 0U };
   chacha20_init_32(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < nb; i0++)
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i0 = 0U; i0 < nb; i0++)
   {
-    uint8_t *uu____0 = out + i0 * (uint32_t)64U;
-    uint8_t *uu____1 = cipher + i0 * (uint32_t)64U;
+    uint8_t *uu____0 = out + i0 * 64U;
+    uint8_t *uu____1 = cipher + i0 * 64U;
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, i0);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t u = load32_le(uu____1 + i * (uint32_t)4U);
+      0U,
+      16U,
+      1U,
+      uint32_t u = load32_le(uu____1 + i * 4U);
       uint32_t x = u;
       uint32_t y = x ^ k[i];
-      store32_le(uu____0 + i * (uint32_t)4U, y););
+      store32_le(uu____0 + i * 4U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)64U;
+    uint8_t *uu____2 = out + nb * 64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * 64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t u = load32_le(plain + i * (uint32_t)4U);
+      0U,
+      16U,
+      1U,
+      uint32_t u = load32_le(plain + i * 4U);
       uint32_t x = u;
       uint32_t y = x ^ k[i];
-      store32_le(plain + i * (uint32_t)4U, y););
+      store32_le(plain + i * 4U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
diff --git a/src/Hacl_Curve25519_51.c b/src/Hacl_Curve25519_51.c
index 64c855cf..ca561e89 100644
--- a/src/Hacl_Curve25519_51.c
+++ b/src/Hacl_Curve25519_51.c
@@ -28,38 +28,38 @@
 #include "internal/Hacl_Krmllib.h"
 #include "internal/Hacl_Bignum25519_51.h"
 
-static const uint8_t g25519[32U] = { (uint8_t)9U };
+static const uint8_t g25519[32U] = { 9U };
 
 static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, FStar_UInt128_uint128 *tmp2)
 {
   uint64_t *nq = p01_tmp1;
-  uint64_t *nq_p1 = p01_tmp1 + (uint32_t)10U;
-  uint64_t *tmp1 = p01_tmp1 + (uint32_t)20U;
+  uint64_t *nq_p1 = p01_tmp1 + 10U;
+  uint64_t *tmp1 = p01_tmp1 + 20U;
   uint64_t *x1 = q;
   uint64_t *x2 = nq;
-  uint64_t *z2 = nq + (uint32_t)5U;
-  uint64_t *z3 = nq_p1 + (uint32_t)5U;
+  uint64_t *z2 = nq + 5U;
+  uint64_t *z3 = nq_p1 + 5U;
   uint64_t *a = tmp1;
-  uint64_t *b = tmp1 + (uint32_t)5U;
+  uint64_t *b = tmp1 + 5U;
   uint64_t *ab = tmp1;
-  uint64_t *dc = tmp1 + (uint32_t)10U;
+  uint64_t *dc = tmp1 + 10U;
   Hacl_Impl_Curve25519_Field51_fadd(a, x2, z2);
   Hacl_Impl_Curve25519_Field51_fsub(b, x2, z2);
   uint64_t *x3 = nq_p1;
-  uint64_t *z31 = nq_p1 + (uint32_t)5U;
+  uint64_t *z31 = nq_p1 + 5U;
   uint64_t *d0 = dc;
-  uint64_t *c0 = dc + (uint32_t)5U;
+  uint64_t *c0 = dc + 5U;
   Hacl_Impl_Curve25519_Field51_fadd(c0, x3, z31);
   Hacl_Impl_Curve25519_Field51_fsub(d0, x3, z31);
   Hacl_Impl_Curve25519_Field51_fmul2(dc, dc, ab, tmp2);
   Hacl_Impl_Curve25519_Field51_fadd(x3, d0, c0);
   Hacl_Impl_Curve25519_Field51_fsub(z31, d0, c0);
   uint64_t *a1 = tmp1;
-  uint64_t *b1 = tmp1 + (uint32_t)5U;
-  uint64_t *d = tmp1 + (uint32_t)10U;
-  uint64_t *c = tmp1 + (uint32_t)15U;
+  uint64_t *b1 = tmp1 + 5U;
+  uint64_t *d = tmp1 + 10U;
+  uint64_t *c = tmp1 + 15U;
   uint64_t *ab1 = tmp1;
-  uint64_t *dc1 = tmp1 + (uint32_t)10U;
+  uint64_t *dc1 = tmp1 + 10U;
   Hacl_Impl_Curve25519_Field51_fsqr2(dc1, ab1, tmp2);
   Hacl_Impl_Curve25519_Field51_fsqr2(nq_p1, nq_p1, tmp2);
   a1[0U] = c[0U];
@@ -68,7 +68,7 @@ static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, FStar_UInt128_
   a1[3U] = c[3U];
   a1[4U] = c[4U];
   Hacl_Impl_Curve25519_Field51_fsub(c, d, c);
-  Hacl_Impl_Curve25519_Field51_fmul1(b1, c, (uint64_t)121665U);
+  Hacl_Impl_Curve25519_Field51_fmul1(b1, c, 121665ULL);
   Hacl_Impl_Curve25519_Field51_fadd(b1, b1, d);
   Hacl_Impl_Curve25519_Field51_fmul2(nq, dc1, ab1, tmp2);
   Hacl_Impl_Curve25519_Field51_fmul(z3, z3, x1, tmp2);
@@ -77,13 +77,13 @@ static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, FStar_UInt128_
 static void point_double(uint64_t *nq, uint64_t *tmp1, FStar_UInt128_uint128 *tmp2)
 {
   uint64_t *x2 = nq;
-  uint64_t *z2 = nq + (uint32_t)5U;
+  uint64_t *z2 = nq + 5U;
   uint64_t *a = tmp1;
-  uint64_t *b = tmp1 + (uint32_t)5U;
-  uint64_t *d = tmp1 + (uint32_t)10U;
-  uint64_t *c = tmp1 + (uint32_t)15U;
+  uint64_t *b = tmp1 + 5U;
+  uint64_t *d = tmp1 + 10U;
+  uint64_t *c = tmp1 + 15U;
   uint64_t *ab = tmp1;
-  uint64_t *dc = tmp1 + (uint32_t)10U;
+  uint64_t *dc = tmp1 + 10U;
   Hacl_Impl_Curve25519_Field51_fadd(a, x2, z2);
   Hacl_Impl_Curve25519_Field51_fsub(b, x2, z2);
   Hacl_Impl_Curve25519_Field51_fsqr2(dc, ab, tmp2);
@@ -93,7 +93,7 @@ static void point_double(uint64_t *nq, uint64_t *tmp1, FStar_UInt128_uint128 *tm
   a[3U] = c[3U];
   a[4U] = c[4U];
   Hacl_Impl_Curve25519_Field51_fsub(c, d, c);
-  Hacl_Impl_Curve25519_Field51_fmul1(b, c, (uint64_t)121665U);
+  Hacl_Impl_Curve25519_Field51_fmul1(b, c, 121665ULL);
   Hacl_Impl_Curve25519_Field51_fadd(b, b, d);
   Hacl_Impl_Curve25519_Field51_fmul2(nq, dc, ab, tmp2);
 }
@@ -101,46 +101,41 @@ static void point_double(uint64_t *nq, uint64_t *tmp1, FStar_UInt128_uint128 *tm
 static void montgomery_ladder(uint64_t *out, uint8_t *key, uint64_t *init)
 {
   FStar_UInt128_uint128 tmp2[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp2[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp2[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   uint64_t p01_tmp1_swap[41U] = { 0U };
   uint64_t *p0 = p01_tmp1_swap;
   uint64_t *p01 = p01_tmp1_swap;
   uint64_t *p03 = p01;
-  uint64_t *p11 = p01 + (uint32_t)10U;
-  memcpy(p11, init, (uint32_t)10U * sizeof (uint64_t));
+  uint64_t *p11 = p01 + 10U;
+  memcpy(p11, init, 10U * sizeof (uint64_t));
   uint64_t *x0 = p03;
-  uint64_t *z0 = p03 + (uint32_t)5U;
-  x0[0U] = (uint64_t)1U;
-  x0[1U] = (uint64_t)0U;
-  x0[2U] = (uint64_t)0U;
-  x0[3U] = (uint64_t)0U;
-  x0[4U] = (uint64_t)0U;
-  z0[0U] = (uint64_t)0U;
-  z0[1U] = (uint64_t)0U;
-  z0[2U] = (uint64_t)0U;
-  z0[3U] = (uint64_t)0U;
-  z0[4U] = (uint64_t)0U;
+  uint64_t *z0 = p03 + 5U;
+  x0[0U] = 1ULL;
+  x0[1U] = 0ULL;
+  x0[2U] = 0ULL;
+  x0[3U] = 0ULL;
+  x0[4U] = 0ULL;
+  z0[0U] = 0ULL;
+  z0[1U] = 0ULL;
+  z0[2U] = 0ULL;
+  z0[3U] = 0ULL;
+  z0[4U] = 0ULL;
   uint64_t *p01_tmp1 = p01_tmp1_swap;
   uint64_t *p01_tmp11 = p01_tmp1_swap;
   uint64_t *nq1 = p01_tmp1_swap;
-  uint64_t *nq_p11 = p01_tmp1_swap + (uint32_t)10U;
-  uint64_t *swap = p01_tmp1_swap + (uint32_t)40U;
-  Hacl_Impl_Curve25519_Field51_cswap2((uint64_t)1U, nq1, nq_p11);
+  uint64_t *nq_p11 = p01_tmp1_swap + 10U;
+  uint64_t *swap = p01_tmp1_swap + 40U;
+  Hacl_Impl_Curve25519_Field51_cswap2(1ULL, nq1, nq_p11);
   point_add_and_double(init, p01_tmp11, tmp2);
-  swap[0U] = (uint64_t)1U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)251U; i++)
+  swap[0U] = 1ULL;
+  for (uint32_t i = 0U; i < 251U; i++)
   {
     uint64_t *p01_tmp12 = p01_tmp1_swap;
-    uint64_t *swap1 = p01_tmp1_swap + (uint32_t)40U;
+    uint64_t *swap1 = p01_tmp1_swap + 40U;
     uint64_t *nq2 = p01_tmp12;
-    uint64_t *nq_p12 = p01_tmp12 + (uint32_t)10U;
-    uint64_t
-    bit =
-      (uint64_t)(key[((uint32_t)253U - i)
-      / (uint32_t)8U]
-      >> ((uint32_t)253U - i) % (uint32_t)8U
-      & (uint8_t)1U);
+    uint64_t *nq_p12 = p01_tmp12 + 10U;
+    uint64_t bit = (uint64_t)((uint32_t)key[(253U - i) / 8U] >> (253U - i) % 8U & 1U);
     uint64_t sw = swap1[0U] ^ bit;
     Hacl_Impl_Curve25519_Field51_cswap2(sw, nq2, nq_p12);
     point_add_and_double(init, p01_tmp12, tmp2);
@@ -149,11 +144,11 @@ static void montgomery_ladder(uint64_t *out, uint8_t *key, uint64_t *init)
   uint64_t sw = swap[0U];
   Hacl_Impl_Curve25519_Field51_cswap2(sw, nq1, nq_p11);
   uint64_t *nq10 = p01_tmp1;
-  uint64_t *tmp1 = p01_tmp1 + (uint32_t)20U;
+  uint64_t *tmp1 = p01_tmp1 + 20U;
   point_double(nq10, tmp1, tmp2);
   point_double(nq10, tmp1, tmp2);
   point_double(nq10, tmp1, tmp2);
-  memcpy(out, p0, (uint32_t)10U * sizeof (uint64_t));
+  memcpy(out, p0, 10U * sizeof (uint64_t));
 }
 
 void
@@ -165,7 +160,7 @@ Hacl_Curve25519_51_fsquare_times(
 )
 {
   Hacl_Impl_Curve25519_Field51_fsqr(o, inp, tmp);
-  for (uint32_t i = (uint32_t)0U; i < n - (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < n - 1U; i++)
   {
     Hacl_Impl_Curve25519_Field51_fsqr(o, o, tmp);
   }
@@ -175,60 +170,56 @@ void Hacl_Curve25519_51_finv(uint64_t *o, uint64_t *i, FStar_UInt128_uint128 *tm
 {
   uint64_t t1[20U] = { 0U };
   uint64_t *a1 = t1;
-  uint64_t *b1 = t1 + (uint32_t)5U;
-  uint64_t *t010 = t1 + (uint32_t)15U;
+  uint64_t *b1 = t1 + 5U;
+  uint64_t *t010 = t1 + 15U;
   FStar_UInt128_uint128 *tmp10 = tmp;
-  Hacl_Curve25519_51_fsquare_times(a1, i, tmp10, (uint32_t)1U);
-  Hacl_Curve25519_51_fsquare_times(t010, a1, tmp10, (uint32_t)2U);
+  Hacl_Curve25519_51_fsquare_times(a1, i, tmp10, 1U);
+  Hacl_Curve25519_51_fsquare_times(t010, a1, tmp10, 2U);
   Hacl_Impl_Curve25519_Field51_fmul(b1, t010, i, tmp);
   Hacl_Impl_Curve25519_Field51_fmul(a1, b1, a1, tmp);
-  Hacl_Curve25519_51_fsquare_times(t010, a1, tmp10, (uint32_t)1U);
+  Hacl_Curve25519_51_fsquare_times(t010, a1, tmp10, 1U);
   Hacl_Impl_Curve25519_Field51_fmul(b1, t010, b1, tmp);
-  Hacl_Curve25519_51_fsquare_times(t010, b1, tmp10, (uint32_t)5U);
+  Hacl_Curve25519_51_fsquare_times(t010, b1, tmp10, 5U);
   Hacl_Impl_Curve25519_Field51_fmul(b1, t010, b1, tmp);
-  uint64_t *b10 = t1 + (uint32_t)5U;
-  uint64_t *c10 = t1 + (uint32_t)10U;
-  uint64_t *t011 = t1 + (uint32_t)15U;
+  uint64_t *b10 = t1 + 5U;
+  uint64_t *c10 = t1 + 10U;
+  uint64_t *t011 = t1 + 15U;
   FStar_UInt128_uint128 *tmp11 = tmp;
-  Hacl_Curve25519_51_fsquare_times(t011, b10, tmp11, (uint32_t)10U);
+  Hacl_Curve25519_51_fsquare_times(t011, b10, tmp11, 10U);
   Hacl_Impl_Curve25519_Field51_fmul(c10, t011, b10, tmp);
-  Hacl_Curve25519_51_fsquare_times(t011, c10, tmp11, (uint32_t)20U);
+  Hacl_Curve25519_51_fsquare_times(t011, c10, tmp11, 20U);
   Hacl_Impl_Curve25519_Field51_fmul(t011, t011, c10, tmp);
-  Hacl_Curve25519_51_fsquare_times(t011, t011, tmp11, (uint32_t)10U);
+  Hacl_Curve25519_51_fsquare_times(t011, t011, tmp11, 10U);
   Hacl_Impl_Curve25519_Field51_fmul(b10, t011, b10, tmp);
-  Hacl_Curve25519_51_fsquare_times(t011, b10, tmp11, (uint32_t)50U);
+  Hacl_Curve25519_51_fsquare_times(t011, b10, tmp11, 50U);
   Hacl_Impl_Curve25519_Field51_fmul(c10, t011, b10, tmp);
-  uint64_t *b11 = t1 + (uint32_t)5U;
-  uint64_t *c1 = t1 + (uint32_t)10U;
-  uint64_t *t01 = t1 + (uint32_t)15U;
+  uint64_t *b11 = t1 + 5U;
+  uint64_t *c1 = t1 + 10U;
+  uint64_t *t01 = t1 + 15U;
   FStar_UInt128_uint128 *tmp1 = tmp;
-  Hacl_Curve25519_51_fsquare_times(t01, c1, tmp1, (uint32_t)100U);
+  Hacl_Curve25519_51_fsquare_times(t01, c1, tmp1, 100U);
   Hacl_Impl_Curve25519_Field51_fmul(t01, t01, c1, tmp);
-  Hacl_Curve25519_51_fsquare_times(t01, t01, tmp1, (uint32_t)50U);
+  Hacl_Curve25519_51_fsquare_times(t01, t01, tmp1, 50U);
   Hacl_Impl_Curve25519_Field51_fmul(t01, t01, b11, tmp);
-  Hacl_Curve25519_51_fsquare_times(t01, t01, tmp1, (uint32_t)5U);
+  Hacl_Curve25519_51_fsquare_times(t01, t01, tmp1, 5U);
   uint64_t *a = t1;
-  uint64_t *t0 = t1 + (uint32_t)15U;
+  uint64_t *t0 = t1 + 15U;
   Hacl_Impl_Curve25519_Field51_fmul(o, t0, a, tmp);
 }
 
 static void encode_point(uint8_t *o, uint64_t *i)
 {
   uint64_t *x = i;
-  uint64_t *z = i + (uint32_t)5U;
+  uint64_t *z = i + 5U;
   uint64_t tmp[5U] = { 0U };
   uint64_t u64s[4U] = { 0U };
   FStar_UInt128_uint128 tmp_w[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp_w[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp_w[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Curve25519_51_finv(tmp, z, tmp_w);
   Hacl_Impl_Curve25519_Field51_fmul(tmp, tmp, x, tmp_w);
   Hacl_Impl_Curve25519_Field51_store_felem(u64s, tmp);
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(o + i0 * (uint32_t)8U, u64s[i0]););
+  KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, store64_le(o + i0 * 8U, u64s[i0]););
 }
 
 /**
@@ -243,32 +234,32 @@ void Hacl_Curve25519_51_scalarmult(uint8_t *out, uint8_t *priv, uint8_t *pub)
   uint64_t init[10U] = { 0U };
   uint64_t tmp[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = tmp;
-    uint8_t *bj = pub + i * (uint32_t)8U;
+    uint8_t *bj = pub + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   uint64_t tmp3 = tmp[3U];
-  tmp[3U] = tmp3 & (uint64_t)0x7fffffffffffffffU;
+  tmp[3U] = tmp3 & 0x7fffffffffffffffULL;
   uint64_t *x = init;
-  uint64_t *z = init + (uint32_t)5U;
-  z[0U] = (uint64_t)1U;
-  z[1U] = (uint64_t)0U;
-  z[2U] = (uint64_t)0U;
-  z[3U] = (uint64_t)0U;
-  z[4U] = (uint64_t)0U;
-  uint64_t f0l = tmp[0U] & (uint64_t)0x7ffffffffffffU;
-  uint64_t f0h = tmp[0U] >> (uint32_t)51U;
-  uint64_t f1l = (tmp[1U] & (uint64_t)0x3fffffffffU) << (uint32_t)13U;
-  uint64_t f1h = tmp[1U] >> (uint32_t)38U;
-  uint64_t f2l = (tmp[2U] & (uint64_t)0x1ffffffU) << (uint32_t)26U;
-  uint64_t f2h = tmp[2U] >> (uint32_t)25U;
-  uint64_t f3l = (tmp[3U] & (uint64_t)0xfffU) << (uint32_t)39U;
-  uint64_t f3h = tmp[3U] >> (uint32_t)12U;
+  uint64_t *z = init + 5U;
+  z[0U] = 1ULL;
+  z[1U] = 0ULL;
+  z[2U] = 0ULL;
+  z[3U] = 0ULL;
+  z[4U] = 0ULL;
+  uint64_t f0l = tmp[0U] & 0x7ffffffffffffULL;
+  uint64_t f0h = tmp[0U] >> 51U;
+  uint64_t f1l = (tmp[1U] & 0x3fffffffffULL) << 13U;
+  uint64_t f1h = tmp[1U] >> 38U;
+  uint64_t f2l = (tmp[2U] & 0x1ffffffULL) << 26U;
+  uint64_t f2h = tmp[2U] >> 25U;
+  uint64_t f3l = (tmp[3U] & 0xfffULL) << 39U;
+  uint64_t f3h = tmp[3U] >> 12U;
   x[0U] = f0l;
   x[1U] = f0h | f1l;
   x[2U] = f1h | f2l;
@@ -289,7 +280,7 @@ This computes a scalar multiplication of the secret/private key with the curve's
 void Hacl_Curve25519_51_secret_to_public(uint8_t *pub, uint8_t *priv)
 {
   uint8_t basepoint[32U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t *os = basepoint;
     uint8_t x = g25519[i];
@@ -309,14 +300,14 @@ bool Hacl_Curve25519_51_ecdh(uint8_t *out, uint8_t *priv, uint8_t *pub)
 {
   uint8_t zeros[32U] = { 0U };
   Hacl_Curve25519_51_scalarmult(out, priv, pub);
-  uint8_t res = (uint8_t)255U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint8_t res = 255U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t uu____0 = FStar_UInt8_eq_mask(out[i], zeros[i]);
-    res = uu____0 & res;
+    res = (uint32_t)uu____0 & (uint32_t)res;
   }
   uint8_t z = res;
-  bool r = z == (uint8_t)255U;
+  bool r = z == 255U;
   return !r;
 }
 
diff --git a/src/Hacl_Curve25519_64.c b/src/Hacl_Curve25519_64.c
index fb0974fe..edcab306 100644
--- a/src/Hacl_Curve25519_64.c
+++ b/src/Hacl_Curve25519_64.c
@@ -35,7 +35,7 @@ static inline void add_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   add_scalar(out, f1, f2);
   #else
-  KRML_HOST_IGNORE(add_scalar_e(out, f1, f2));
+  add_scalar_e(out, f1, f2);
   #endif
 }
 
@@ -44,7 +44,7 @@ static inline void fadd0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fadd(out, f1, f2);
   #else
-  KRML_HOST_IGNORE(fadd_e(out, f1, f2));
+  fadd_e(out, f1, f2);
   #endif
 }
 
@@ -53,7 +53,7 @@ static inline void fsub0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsub(out, f1, f2);
   #else
-  KRML_HOST_IGNORE(fsub_e(out, f1, f2));
+  fsub_e(out, f1, f2);
   #endif
 }
 
@@ -62,7 +62,7 @@ static inline void fmul0(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *tm
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul(out, f1, f2, tmp);
   #else
-  KRML_HOST_IGNORE(fmul_e(tmp, f1, out, f2));
+  fmul_e(tmp, f1, out, f2);
   #endif
 }
 
@@ -71,7 +71,7 @@ static inline void fmul20(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *t
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul2(out, f1, f2, tmp);
   #else
-  KRML_HOST_IGNORE(fmul2_e(tmp, f1, out, f2));
+  fmul2_e(tmp, f1, out, f2);
   #endif
 }
 
@@ -80,7 +80,7 @@ static inline void fmul_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul_scalar(out, f1, f2);
   #else
-  KRML_HOST_IGNORE(fmul_scalar_e(out, f1, f2));
+  fmul_scalar_e(out, f1, f2);
   #endif
 }
 
@@ -89,7 +89,7 @@ static inline void fsqr0(uint64_t *out, uint64_t *f1, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr(out, f1, tmp);
   #else
-  KRML_HOST_IGNORE(fsqr_e(tmp, f1, out));
+  fsqr_e(tmp, f1, out);
   #endif
 }
 
@@ -98,7 +98,7 @@ static inline void fsqr20(uint64_t *out, uint64_t *f, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr2(out, f, tmp);
   #else
-  KRML_HOST_IGNORE(fsqr2_e(tmp, f, out));
+  fsqr2_e(tmp, f, out);
   #endif
 }
 
@@ -107,42 +107,42 @@ static inline void cswap20(uint64_t bit, uint64_t *p1, uint64_t *p2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   cswap2(bit, p1, p2);
   #else
-  KRML_HOST_IGNORE(cswap2_e(bit, p1, p2));
+  cswap2_e(bit, p1, p2);
   #endif
 }
 
-static const uint8_t g25519[32U] = { (uint8_t)9U };
+static const uint8_t g25519[32U] = { 9U };
 
 static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, uint64_t *tmp2)
 {
   uint64_t *nq = p01_tmp1;
-  uint64_t *nq_p1 = p01_tmp1 + (uint32_t)8U;
-  uint64_t *tmp1 = p01_tmp1 + (uint32_t)16U;
+  uint64_t *nq_p1 = p01_tmp1 + 8U;
+  uint64_t *tmp1 = p01_tmp1 + 16U;
   uint64_t *x1 = q;
   uint64_t *x2 = nq;
-  uint64_t *z2 = nq + (uint32_t)4U;
-  uint64_t *z3 = nq_p1 + (uint32_t)4U;
+  uint64_t *z2 = nq + 4U;
+  uint64_t *z3 = nq_p1 + 4U;
   uint64_t *a = tmp1;
-  uint64_t *b = tmp1 + (uint32_t)4U;
+  uint64_t *b = tmp1 + 4U;
   uint64_t *ab = tmp1;
-  uint64_t *dc = tmp1 + (uint32_t)8U;
+  uint64_t *dc = tmp1 + 8U;
   fadd0(a, x2, z2);
   fsub0(b, x2, z2);
   uint64_t *x3 = nq_p1;
-  uint64_t *z31 = nq_p1 + (uint32_t)4U;
+  uint64_t *z31 = nq_p1 + 4U;
   uint64_t *d0 = dc;
-  uint64_t *c0 = dc + (uint32_t)4U;
+  uint64_t *c0 = dc + 4U;
   fadd0(c0, x3, z31);
   fsub0(d0, x3, z31);
   fmul20(dc, dc, ab, tmp2);
   fadd0(x3, d0, c0);
   fsub0(z31, d0, c0);
   uint64_t *a1 = tmp1;
-  uint64_t *b1 = tmp1 + (uint32_t)4U;
-  uint64_t *d = tmp1 + (uint32_t)8U;
-  uint64_t *c = tmp1 + (uint32_t)12U;
+  uint64_t *b1 = tmp1 + 4U;
+  uint64_t *d = tmp1 + 8U;
+  uint64_t *c = tmp1 + 12U;
   uint64_t *ab1 = tmp1;
-  uint64_t *dc1 = tmp1 + (uint32_t)8U;
+  uint64_t *dc1 = tmp1 + 8U;
   fsqr20(dc1, ab1, tmp2);
   fsqr20(nq_p1, nq_p1, tmp2);
   a1[0U] = c[0U];
@@ -150,7 +150,7 @@ static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, uint64_t *tmp2
   a1[2U] = c[2U];
   a1[3U] = c[3U];
   fsub0(c, d, c);
-  fmul_scalar0(b1, c, (uint64_t)121665U);
+  fmul_scalar0(b1, c, 121665ULL);
   fadd0(b1, b1, d);
   fmul20(nq, dc1, ab1, tmp2);
   fmul0(z3, z3, x1, tmp2);
@@ -159,13 +159,13 @@ static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, uint64_t *tmp2
 static void point_double(uint64_t *nq, uint64_t *tmp1, uint64_t *tmp2)
 {
   uint64_t *x2 = nq;
-  uint64_t *z2 = nq + (uint32_t)4U;
+  uint64_t *z2 = nq + 4U;
   uint64_t *a = tmp1;
-  uint64_t *b = tmp1 + (uint32_t)4U;
-  uint64_t *d = tmp1 + (uint32_t)8U;
-  uint64_t *c = tmp1 + (uint32_t)12U;
+  uint64_t *b = tmp1 + 4U;
+  uint64_t *d = tmp1 + 8U;
+  uint64_t *c = tmp1 + 12U;
   uint64_t *ab = tmp1;
-  uint64_t *dc = tmp1 + (uint32_t)8U;
+  uint64_t *dc = tmp1 + 8U;
   fadd0(a, x2, z2);
   fsub0(b, x2, z2);
   fsqr20(dc, ab, tmp2);
@@ -174,7 +174,7 @@ static void point_double(uint64_t *nq, uint64_t *tmp1, uint64_t *tmp2)
   a[2U] = c[2U];
   a[3U] = c[3U];
   fsub0(c, d, c);
-  fmul_scalar0(b, c, (uint64_t)121665U);
+  fmul_scalar0(b, c, 121665ULL);
   fadd0(b, b, d);
   fmul20(nq, dc, ab, tmp2);
 }
@@ -186,38 +186,33 @@ static void montgomery_ladder(uint64_t *out, uint8_t *key, uint64_t *init)
   uint64_t *p0 = p01_tmp1_swap;
   uint64_t *p01 = p01_tmp1_swap;
   uint64_t *p03 = p01;
-  uint64_t *p11 = p01 + (uint32_t)8U;
-  memcpy(p11, init, (uint32_t)8U * sizeof (uint64_t));
+  uint64_t *p11 = p01 + 8U;
+  memcpy(p11, init, 8U * sizeof (uint64_t));
   uint64_t *x0 = p03;
-  uint64_t *z0 = p03 + (uint32_t)4U;
-  x0[0U] = (uint64_t)1U;
-  x0[1U] = (uint64_t)0U;
-  x0[2U] = (uint64_t)0U;
-  x0[3U] = (uint64_t)0U;
-  z0[0U] = (uint64_t)0U;
-  z0[1U] = (uint64_t)0U;
-  z0[2U] = (uint64_t)0U;
-  z0[3U] = (uint64_t)0U;
+  uint64_t *z0 = p03 + 4U;
+  x0[0U] = 1ULL;
+  x0[1U] = 0ULL;
+  x0[2U] = 0ULL;
+  x0[3U] = 0ULL;
+  z0[0U] = 0ULL;
+  z0[1U] = 0ULL;
+  z0[2U] = 0ULL;
+  z0[3U] = 0ULL;
   uint64_t *p01_tmp1 = p01_tmp1_swap;
   uint64_t *p01_tmp11 = p01_tmp1_swap;
   uint64_t *nq1 = p01_tmp1_swap;
-  uint64_t *nq_p11 = p01_tmp1_swap + (uint32_t)8U;
-  uint64_t *swap = p01_tmp1_swap + (uint32_t)32U;
-  cswap20((uint64_t)1U, nq1, nq_p11);
+  uint64_t *nq_p11 = p01_tmp1_swap + 8U;
+  uint64_t *swap = p01_tmp1_swap + 32U;
+  cswap20(1ULL, nq1, nq_p11);
   point_add_and_double(init, p01_tmp11, tmp2);
-  swap[0U] = (uint64_t)1U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)251U; i++)
+  swap[0U] = 1ULL;
+  for (uint32_t i = 0U; i < 251U; i++)
   {
     uint64_t *p01_tmp12 = p01_tmp1_swap;
-    uint64_t *swap1 = p01_tmp1_swap + (uint32_t)32U;
+    uint64_t *swap1 = p01_tmp1_swap + 32U;
     uint64_t *nq2 = p01_tmp12;
-    uint64_t *nq_p12 = p01_tmp12 + (uint32_t)8U;
-    uint64_t
-    bit =
-      (uint64_t)(key[((uint32_t)253U - i)
-      / (uint32_t)8U]
-      >> ((uint32_t)253U - i) % (uint32_t)8U
-      & (uint8_t)1U);
+    uint64_t *nq_p12 = p01_tmp12 + 8U;
+    uint64_t bit = (uint64_t)((uint32_t)key[(253U - i) / 8U] >> (253U - i) % 8U & 1U);
     uint64_t sw = swap1[0U] ^ bit;
     cswap20(sw, nq2, nq_p12);
     point_add_and_double(init, p01_tmp12, tmp2);
@@ -226,17 +221,17 @@ static void montgomery_ladder(uint64_t *out, uint8_t *key, uint64_t *init)
   uint64_t sw = swap[0U];
   cswap20(sw, nq1, nq_p11);
   uint64_t *nq10 = p01_tmp1;
-  uint64_t *tmp1 = p01_tmp1 + (uint32_t)16U;
+  uint64_t *tmp1 = p01_tmp1 + 16U;
   point_double(nq10, tmp1, tmp2);
   point_double(nq10, tmp1, tmp2);
   point_double(nq10, tmp1, tmp2);
-  memcpy(out, p0, (uint32_t)8U * sizeof (uint64_t));
+  memcpy(out, p0, 8U * sizeof (uint64_t));
 }
 
 static void fsquare_times(uint64_t *o, uint64_t *inp, uint64_t *tmp, uint32_t n)
 {
   fsqr0(o, inp, tmp);
-  for (uint32_t i = (uint32_t)0U; i < n - (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < n - 1U; i++)
   {
     fsqr0(o, o, tmp);
   }
@@ -246,66 +241,66 @@ static void finv(uint64_t *o, uint64_t *i, uint64_t *tmp)
 {
   uint64_t t1[16U] = { 0U };
   uint64_t *a1 = t1;
-  uint64_t *b1 = t1 + (uint32_t)4U;
-  uint64_t *t010 = t1 + (uint32_t)12U;
+  uint64_t *b1 = t1 + 4U;
+  uint64_t *t010 = t1 + 12U;
   uint64_t *tmp10 = tmp;
-  fsquare_times(a1, i, tmp10, (uint32_t)1U);
-  fsquare_times(t010, a1, tmp10, (uint32_t)2U);
+  fsquare_times(a1, i, tmp10, 1U);
+  fsquare_times(t010, a1, tmp10, 2U);
   fmul0(b1, t010, i, tmp);
   fmul0(a1, b1, a1, tmp);
-  fsquare_times(t010, a1, tmp10, (uint32_t)1U);
+  fsquare_times(t010, a1, tmp10, 1U);
   fmul0(b1, t010, b1, tmp);
-  fsquare_times(t010, b1, tmp10, (uint32_t)5U);
+  fsquare_times(t010, b1, tmp10, 5U);
   fmul0(b1, t010, b1, tmp);
-  uint64_t *b10 = t1 + (uint32_t)4U;
-  uint64_t *c10 = t1 + (uint32_t)8U;
-  uint64_t *t011 = t1 + (uint32_t)12U;
+  uint64_t *b10 = t1 + 4U;
+  uint64_t *c10 = t1 + 8U;
+  uint64_t *t011 = t1 + 12U;
   uint64_t *tmp11 = tmp;
-  fsquare_times(t011, b10, tmp11, (uint32_t)10U);
+  fsquare_times(t011, b10, tmp11, 10U);
   fmul0(c10, t011, b10, tmp);
-  fsquare_times(t011, c10, tmp11, (uint32_t)20U);
+  fsquare_times(t011, c10, tmp11, 20U);
   fmul0(t011, t011, c10, tmp);
-  fsquare_times(t011, t011, tmp11, (uint32_t)10U);
+  fsquare_times(t011, t011, tmp11, 10U);
   fmul0(b10, t011, b10, tmp);
-  fsquare_times(t011, b10, tmp11, (uint32_t)50U);
+  fsquare_times(t011, b10, tmp11, 50U);
   fmul0(c10, t011, b10, tmp);
-  uint64_t *b11 = t1 + (uint32_t)4U;
-  uint64_t *c1 = t1 + (uint32_t)8U;
-  uint64_t *t01 = t1 + (uint32_t)12U;
+  uint64_t *b11 = t1 + 4U;
+  uint64_t *c1 = t1 + 8U;
+  uint64_t *t01 = t1 + 12U;
   uint64_t *tmp1 = tmp;
-  fsquare_times(t01, c1, tmp1, (uint32_t)100U);
+  fsquare_times(t01, c1, tmp1, 100U);
   fmul0(t01, t01, c1, tmp);
-  fsquare_times(t01, t01, tmp1, (uint32_t)50U);
+  fsquare_times(t01, t01, tmp1, 50U);
   fmul0(t01, t01, b11, tmp);
-  fsquare_times(t01, t01, tmp1, (uint32_t)5U);
+  fsquare_times(t01, t01, tmp1, 5U);
   uint64_t *a = t1;
-  uint64_t *t0 = t1 + (uint32_t)12U;
+  uint64_t *t0 = t1 + 12U;
   fmul0(o, t0, a, tmp);
 }
 
 static void store_felem(uint64_t *b, uint64_t *f)
 {
   uint64_t f30 = f[3U];
-  uint64_t top_bit0 = f30 >> (uint32_t)63U;
-  f[3U] = f30 & (uint64_t)0x7fffffffffffffffU;
-  add_scalar0(f, f, (uint64_t)19U * top_bit0);
+  uint64_t top_bit0 = f30 >> 63U;
+  f[3U] = f30 & 0x7fffffffffffffffULL;
+  add_scalar0(f, f, 19ULL * top_bit0);
   uint64_t f31 = f[3U];
-  uint64_t top_bit = f31 >> (uint32_t)63U;
-  f[3U] = f31 & (uint64_t)0x7fffffffffffffffU;
-  add_scalar0(f, f, (uint64_t)19U * top_bit);
+  uint64_t top_bit = f31 >> 63U;
+  f[3U] = f31 & 0x7fffffffffffffffULL;
+  add_scalar0(f, f, 19ULL * top_bit);
   uint64_t f0 = f[0U];
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
-  uint64_t m0 = FStar_UInt64_gte_mask(f0, (uint64_t)0xffffffffffffffedU);
-  uint64_t m1 = FStar_UInt64_eq_mask(f1, (uint64_t)0xffffffffffffffffU);
-  uint64_t m2 = FStar_UInt64_eq_mask(f2, (uint64_t)0xffffffffffffffffU);
-  uint64_t m3 = FStar_UInt64_eq_mask(f3, (uint64_t)0x7fffffffffffffffU);
+  uint64_t m0 = FStar_UInt64_gte_mask(f0, 0xffffffffffffffedULL);
+  uint64_t m1 = FStar_UInt64_eq_mask(f1, 0xffffffffffffffffULL);
+  uint64_t m2 = FStar_UInt64_eq_mask(f2, 0xffffffffffffffffULL);
+  uint64_t m3 = FStar_UInt64_eq_mask(f3, 0x7fffffffffffffffULL);
   uint64_t mask = ((m0 & m1) & m2) & m3;
-  uint64_t f0_ = f0 - (mask & (uint64_t)0xffffffffffffffedU);
-  uint64_t f1_ = f1 - (mask & (uint64_t)0xffffffffffffffffU);
-  uint64_t f2_ = f2 - (mask & (uint64_t)0xffffffffffffffffU);
-  uint64_t f3_ = f3 - (mask & (uint64_t)0x7fffffffffffffffU);
+  uint64_t f0_ = f0 - (mask & 0xffffffffffffffedULL);
+  uint64_t f1_ = f1 - (mask & 0xffffffffffffffffULL);
+  uint64_t f2_ = f2 - (mask & 0xffffffffffffffffULL);
+  uint64_t f3_ = f3 - (mask & 0x7fffffffffffffffULL);
   uint64_t o0 = f0_;
   uint64_t o1 = f1_;
   uint64_t o2 = f2_;
@@ -319,18 +314,14 @@ static void store_felem(uint64_t *b, uint64_t *f)
 static void encode_point(uint8_t *o, uint64_t *i)
 {
   uint64_t *x = i;
-  uint64_t *z = i + (uint32_t)4U;
+  uint64_t *z = i + 4U;
   uint64_t tmp[4U] = { 0U };
   uint64_t u64s[4U] = { 0U };
   uint64_t tmp_w[16U] = { 0U };
   finv(tmp, z, tmp_w);
   fmul0(tmp, tmp, x, tmp_w);
   store_felem(u64s, tmp);
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(o + i0 * (uint32_t)8U, u64s[i0]););
+  KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, store64_le(o + i0 * 8U, u64s[i0]););
 }
 
 /**
@@ -345,23 +336,23 @@ void Hacl_Curve25519_64_scalarmult(uint8_t *out, uint8_t *priv, uint8_t *pub)
   uint64_t init[8U] = { 0U };
   uint64_t tmp[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = tmp;
-    uint8_t *bj = pub + i * (uint32_t)8U;
+    uint8_t *bj = pub + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   uint64_t tmp3 = tmp[3U];
-  tmp[3U] = tmp3 & (uint64_t)0x7fffffffffffffffU;
+  tmp[3U] = tmp3 & 0x7fffffffffffffffULL;
   uint64_t *x = init;
-  uint64_t *z = init + (uint32_t)4U;
-  z[0U] = (uint64_t)1U;
-  z[1U] = (uint64_t)0U;
-  z[2U] = (uint64_t)0U;
-  z[3U] = (uint64_t)0U;
+  uint64_t *z = init + 4U;
+  z[0U] = 1ULL;
+  z[1U] = 0ULL;
+  z[2U] = 0ULL;
+  z[3U] = 0ULL;
   x[0U] = tmp[0U];
   x[1U] = tmp[1U];
   x[2U] = tmp[2U];
@@ -381,7 +372,7 @@ This computes a scalar multiplication of the secret/private key with the curve's
 void Hacl_Curve25519_64_secret_to_public(uint8_t *pub, uint8_t *priv)
 {
   uint8_t basepoint[32U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t *os = basepoint;
     uint8_t x = g25519[i];
@@ -401,14 +392,14 @@ bool Hacl_Curve25519_64_ecdh(uint8_t *out, uint8_t *priv, uint8_t *pub)
 {
   uint8_t zeros[32U] = { 0U };
   Hacl_Curve25519_64_scalarmult(out, priv, pub);
-  uint8_t res = (uint8_t)255U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint8_t res = 255U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t uu____0 = FStar_UInt8_eq_mask(out[i], zeros[i]);
-    res = uu____0 & res;
+    res = (uint32_t)uu____0 & (uint32_t)res;
   }
   uint8_t z = res;
-  bool r = z == (uint8_t)255U;
+  bool r = z == 255U;
   return !r;
 }
 
diff --git a/src/Hacl_EC_Ed25519.c b/src/Hacl_EC_Ed25519.c
index 46f2837b..6ab24a33 100644
--- a/src/Hacl_EC_Ed25519.c
+++ b/src/Hacl_EC_Ed25519.c
@@ -43,11 +43,11 @@ Write the additive identity in `f`.
 */
 void Hacl_EC_Ed25519_mk_felem_zero(uint64_t *b)
 {
-  b[0U] = (uint64_t)0U;
-  b[1U] = (uint64_t)0U;
-  b[2U] = (uint64_t)0U;
-  b[3U] = (uint64_t)0U;
-  b[4U] = (uint64_t)0U;
+  b[0U] = 0ULL;
+  b[1U] = 0ULL;
+  b[2U] = 0ULL;
+  b[3U] = 0ULL;
+  b[4U] = 0ULL;
 }
 
 /**
@@ -57,11 +57,11 @@ Write the multiplicative identity in `f`.
 */
 void Hacl_EC_Ed25519_mk_felem_one(uint64_t *b)
 {
-  b[0U] = (uint64_t)1U;
-  b[1U] = (uint64_t)0U;
-  b[2U] = (uint64_t)0U;
-  b[3U] = (uint64_t)0U;
-  b[4U] = (uint64_t)0U;
+  b[0U] = 1ULL;
+  b[1U] = 0ULL;
+  b[2U] = 0ULL;
+  b[3U] = 0ULL;
+  b[4U] = 0ULL;
 }
 
 /**
@@ -106,8 +106,8 @@ Write `a * b mod p` in `out`.
 void Hacl_EC_Ed25519_felem_mul(uint64_t *a, uint64_t *b, uint64_t *out)
 {
   FStar_UInt128_uint128 tmp[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Impl_Curve25519_Field51_fmul(out, a, b, tmp);
 }
 
@@ -123,8 +123,8 @@ Write `a * a mod p` in `out`.
 void Hacl_EC_Ed25519_felem_sqr(uint64_t *a, uint64_t *out)
 {
   FStar_UInt128_uint128 tmp[5U];
-  for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 5U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Impl_Curve25519_Field51_fsqr(out, a, tmp);
 }
 
@@ -205,29 +205,29 @@ Write the base point (generator) in `p`.
 void Hacl_EC_Ed25519_mk_base_point(uint64_t *p)
 {
   uint64_t *gx = p;
-  uint64_t *gy = p + (uint32_t)5U;
-  uint64_t *gz = p + (uint32_t)10U;
-  uint64_t *gt = p + (uint32_t)15U;
-  gx[0U] = (uint64_t)0x00062d608f25d51aU;
-  gx[1U] = (uint64_t)0x000412a4b4f6592aU;
-  gx[2U] = (uint64_t)0x00075b7171a4b31dU;
-  gx[3U] = (uint64_t)0x0001ff60527118feU;
-  gx[4U] = (uint64_t)0x000216936d3cd6e5U;
-  gy[0U] = (uint64_t)0x0006666666666658U;
-  gy[1U] = (uint64_t)0x0004ccccccccccccU;
-  gy[2U] = (uint64_t)0x0001999999999999U;
-  gy[3U] = (uint64_t)0x0003333333333333U;
-  gy[4U] = (uint64_t)0x0006666666666666U;
-  gz[0U] = (uint64_t)1U;
-  gz[1U] = (uint64_t)0U;
-  gz[2U] = (uint64_t)0U;
-  gz[3U] = (uint64_t)0U;
-  gz[4U] = (uint64_t)0U;
-  gt[0U] = (uint64_t)0x00068ab3a5b7dda3U;
-  gt[1U] = (uint64_t)0x00000eea2a5eadbbU;
-  gt[2U] = (uint64_t)0x0002af8df483c27eU;
-  gt[3U] = (uint64_t)0x000332b375274732U;
-  gt[4U] = (uint64_t)0x00067875f0fd78b7U;
+  uint64_t *gy = p + 5U;
+  uint64_t *gz = p + 10U;
+  uint64_t *gt = p + 15U;
+  gx[0U] = 0x00062d608f25d51aULL;
+  gx[1U] = 0x000412a4b4f6592aULL;
+  gx[2U] = 0x00075b7171a4b31dULL;
+  gx[3U] = 0x0001ff60527118feULL;
+  gx[4U] = 0x000216936d3cd6e5ULL;
+  gy[0U] = 0x0006666666666658ULL;
+  gy[1U] = 0x0004ccccccccccccULL;
+  gy[2U] = 0x0001999999999999ULL;
+  gy[3U] = 0x0003333333333333ULL;
+  gy[4U] = 0x0006666666666666ULL;
+  gz[0U] = 1ULL;
+  gz[1U] = 0ULL;
+  gz[2U] = 0ULL;
+  gz[3U] = 0ULL;
+  gz[4U] = 0ULL;
+  gt[0U] = 0x00068ab3a5b7dda3ULL;
+  gt[1U] = 0x00000eea2a5eadbbULL;
+  gt[2U] = 0x0002af8df483c27eULL;
+  gt[3U] = 0x000332b375274732ULL;
+  gt[4U] = 0x00067875f0fd78b7ULL;
 }
 
 /**
diff --git a/src/Hacl_EC_K256.c b/src/Hacl_EC_K256.c
index e48edb5b..581c223b 100644
--- a/src/Hacl_EC_K256.c
+++ b/src/Hacl_EC_K256.c
@@ -43,7 +43,7 @@ Write the additive identity in `f`.
 */
 void Hacl_EC_K256_mk_felem_zero(uint64_t *f)
 {
-  memset(f, 0U, (uint32_t)5U * sizeof (uint64_t));
+  memset(f, 0U, 5U * sizeof (uint64_t));
 }
 
 /**
@@ -53,8 +53,8 @@ Write the multiplicative identity in `f`.
 */
 void Hacl_EC_K256_mk_felem_one(uint64_t *f)
 {
-  memset(f, 0U, (uint32_t)5U * sizeof (uint64_t));
-  f[0U] = (uint64_t)1U;
+  memset(f, 0U, 5U * sizeof (uint64_t));
+  f[0U] = 1ULL;
 }
 
 /**
@@ -83,7 +83,7 @@ Write `a - b mod p` in `out`.
 */
 void Hacl_EC_K256_felem_sub(uint64_t *a, uint64_t *b, uint64_t *out)
 {
-  Hacl_K256_Field_fsub(out, a, b, (uint64_t)2U);
+  Hacl_K256_Field_fsub(out, a, b, 2ULL);
   Hacl_K256_Field_fnormalize_weak(out, out);
 }
 
@@ -189,20 +189,20 @@ Write the base point (generator) in `p`.
 void Hacl_EC_K256_mk_base_point(uint64_t *p)
 {
   uint64_t *gx = p;
-  uint64_t *gy = p + (uint32_t)5U;
-  uint64_t *gz = p + (uint32_t)10U;
-  gx[0U] = (uint64_t)0x2815b16f81798U;
-  gx[1U] = (uint64_t)0xdb2dce28d959fU;
-  gx[2U] = (uint64_t)0xe870b07029bfcU;
-  gx[3U] = (uint64_t)0xbbac55a06295cU;
-  gx[4U] = (uint64_t)0x79be667ef9dcU;
-  gy[0U] = (uint64_t)0x7d08ffb10d4b8U;
-  gy[1U] = (uint64_t)0x48a68554199c4U;
-  gy[2U] = (uint64_t)0xe1108a8fd17b4U;
-  gy[3U] = (uint64_t)0xc4655da4fbfc0U;
-  gy[4U] = (uint64_t)0x483ada7726a3U;
-  memset(gz, 0U, (uint32_t)5U * sizeof (uint64_t));
-  gz[0U] = (uint64_t)1U;
+  uint64_t *gy = p + 5U;
+  uint64_t *gz = p + 10U;
+  gx[0U] = 0x2815b16f81798ULL;
+  gx[1U] = 0xdb2dce28d959fULL;
+  gx[2U] = 0xe870b07029bfcULL;
+  gx[3U] = 0xbbac55a06295cULL;
+  gx[4U] = 0x79be667ef9dcULL;
+  gy[0U] = 0x7d08ffb10d4b8ULL;
+  gy[1U] = 0x48a68554199c4ULL;
+  gy[2U] = 0xe1108a8fd17b4ULL;
+  gy[3U] = 0xc4655da4fbfc0ULL;
+  gy[4U] = 0x483ada7726a3ULL;
+  memset(gz, 0U, 5U * sizeof (uint64_t));
+  gz[0U] = 1ULL;
 }
 
 /**
@@ -264,11 +264,11 @@ void Hacl_EC_K256_point_mul(uint8_t *scalar, uint64_t *p, uint64_t *out)
 {
   uint64_t scalar_q[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = scalar_q;
-    uint64_t u = load64_be(scalar + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(scalar + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
   Hacl_Impl_K256_PointMul_point_mul(out, scalar_q, p);
@@ -307,20 +307,20 @@ void Hacl_EC_K256_point_load(uint8_t *b, uint64_t *out)
 {
   uint64_t p_aff[10U] = { 0U };
   uint64_t *px = p_aff;
-  uint64_t *py = p_aff + (uint32_t)5U;
+  uint64_t *py = p_aff + 5U;
   uint8_t *pxb = b;
-  uint8_t *pyb = b + (uint32_t)32U;
+  uint8_t *pyb = b + 32U;
   Hacl_K256_Field_load_felem(px, pxb);
   Hacl_K256_Field_load_felem(py, pyb);
   uint64_t *x = p_aff;
-  uint64_t *y = p_aff + (uint32_t)5U;
+  uint64_t *y = p_aff + 5U;
   uint64_t *x1 = out;
-  uint64_t *y1 = out + (uint32_t)5U;
-  uint64_t *z1 = out + (uint32_t)10U;
-  memcpy(x1, x, (uint32_t)5U * sizeof (uint64_t));
-  memcpy(y1, y, (uint32_t)5U * sizeof (uint64_t));
-  memset(z1, 0U, (uint32_t)5U * sizeof (uint64_t));
-  z1[0U] = (uint64_t)1U;
+  uint64_t *y1 = out + 5U;
+  uint64_t *z1 = out + 10U;
+  memcpy(x1, x, 5U * sizeof (uint64_t));
+  memcpy(y1, y, 5U * sizeof (uint64_t));
+  memset(z1, 0U, 5U * sizeof (uint64_t));
+  z1[0U] = 1ULL;
 }
 
 /**
diff --git a/src/Hacl_Ed25519.c b/src/Hacl_Ed25519.c
index f9881e91..05d96cd0 100644
--- a/src/Hacl_Ed25519.c
+++ b/src/Hacl_Ed25519.c
@@ -49,24 +49,24 @@ void Hacl_Bignum25519_reduce_513(uint64_t *a)
   uint64_t f2 = a[2U];
   uint64_t f3 = a[3U];
   uint64_t f4 = a[4U];
-  uint64_t l_ = f0 + (uint64_t)0U;
-  uint64_t tmp0 = l_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = l_ >> (uint32_t)51U;
+  uint64_t l_ = f0 + 0ULL;
+  uint64_t tmp0 = l_ & 0x7ffffffffffffULL;
+  uint64_t c0 = l_ >> 51U;
   uint64_t l_0 = f1 + c0;
-  uint64_t tmp1 = l_0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = l_0 >> (uint32_t)51U;
+  uint64_t tmp1 = l_0 & 0x7ffffffffffffULL;
+  uint64_t c1 = l_0 >> 51U;
   uint64_t l_1 = f2 + c1;
-  uint64_t tmp2 = l_1 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = l_1 >> (uint32_t)51U;
+  uint64_t tmp2 = l_1 & 0x7ffffffffffffULL;
+  uint64_t c2 = l_1 >> 51U;
   uint64_t l_2 = f3 + c2;
-  uint64_t tmp3 = l_2 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = l_2 >> (uint32_t)51U;
+  uint64_t tmp3 = l_2 & 0x7ffffffffffffULL;
+  uint64_t c3 = l_2 >> 51U;
   uint64_t l_3 = f4 + c3;
-  uint64_t tmp4 = l_3 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = l_3 >> (uint32_t)51U;
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = l_3 & 0x7ffffffffffffULL;
+  uint64_t c4 = l_3 >> 51U;
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   a[0U] = tmp0_;
   a[1U] = tmp1 + c5;
   a[2U] = tmp2;
@@ -77,8 +77,8 @@ void Hacl_Bignum25519_reduce_513(uint64_t *a)
 static inline void fmul0(uint64_t *output, uint64_t *input, uint64_t *input2)
 {
   FStar_UInt128_uint128 tmp[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Impl_Curve25519_Field51_fmul(output, input, input2, tmp);
 }
 
@@ -89,11 +89,11 @@ static inline void times_2(uint64_t *out, uint64_t *a)
   uint64_t a2 = a[2U];
   uint64_t a3 = a[3U];
   uint64_t a4 = a[4U];
-  uint64_t o0 = (uint64_t)2U * a0;
-  uint64_t o1 = (uint64_t)2U * a1;
-  uint64_t o2 = (uint64_t)2U * a2;
-  uint64_t o3 = (uint64_t)2U * a3;
-  uint64_t o4 = (uint64_t)2U * a4;
+  uint64_t o0 = 2ULL * a0;
+  uint64_t o1 = 2ULL * a1;
+  uint64_t o2 = 2ULL * a2;
+  uint64_t o3 = 2ULL * a3;
+  uint64_t o4 = 2ULL * a4;
   out[0U] = o0;
   out[1U] = o1;
   out[2U] = o2;
@@ -104,54 +104,54 @@ static inline void times_2(uint64_t *out, uint64_t *a)
 static inline void times_d(uint64_t *out, uint64_t *a)
 {
   uint64_t d[5U] = { 0U };
-  d[0U] = (uint64_t)0x00034dca135978a3U;
-  d[1U] = (uint64_t)0x0001a8283b156ebdU;
-  d[2U] = (uint64_t)0x0005e7a26001c029U;
-  d[3U] = (uint64_t)0x000739c663a03cbbU;
-  d[4U] = (uint64_t)0x00052036cee2b6ffU;
+  d[0U] = 0x00034dca135978a3ULL;
+  d[1U] = 0x0001a8283b156ebdULL;
+  d[2U] = 0x0005e7a26001c029ULL;
+  d[3U] = 0x000739c663a03cbbULL;
+  d[4U] = 0x00052036cee2b6ffULL;
   fmul0(out, d, a);
 }
 
 static inline void times_2d(uint64_t *out, uint64_t *a)
 {
   uint64_t d2[5U] = { 0U };
-  d2[0U] = (uint64_t)0x00069b9426b2f159U;
-  d2[1U] = (uint64_t)0x00035050762add7aU;
-  d2[2U] = (uint64_t)0x0003cf44c0038052U;
-  d2[3U] = (uint64_t)0x0006738cc7407977U;
-  d2[4U] = (uint64_t)0x0002406d9dc56dffU;
+  d2[0U] = 0x00069b9426b2f159ULL;
+  d2[1U] = 0x00035050762add7aULL;
+  d2[2U] = 0x0003cf44c0038052ULL;
+  d2[3U] = 0x0006738cc7407977ULL;
+  d2[4U] = 0x0002406d9dc56dffULL;
   fmul0(out, d2, a);
 }
 
 static inline void fsquare(uint64_t *out, uint64_t *a)
 {
   FStar_UInt128_uint128 tmp[5U];
-  for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 5U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Impl_Curve25519_Field51_fsqr(out, a, tmp);
 }
 
 static inline void fsquare_times(uint64_t *output, uint64_t *input, uint32_t count)
 {
   FStar_UInt128_uint128 tmp[5U];
-  for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 5U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Curve25519_51_fsquare_times(output, input, tmp, count);
 }
 
 static inline void fsquare_times_inplace(uint64_t *output, uint32_t count)
 {
   FStar_UInt128_uint128 tmp[5U];
-  for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 5U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Curve25519_51_fsquare_times(output, output, tmp, count);
 }
 
 void Hacl_Bignum25519_inverse(uint64_t *out, uint64_t *a)
 {
   FStar_UInt128_uint128 tmp[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Curve25519_51_finv(out, a, tmp);
 }
 
@@ -162,40 +162,40 @@ static inline void reduce(uint64_t *out)
   uint64_t o2 = out[2U];
   uint64_t o3 = out[3U];
   uint64_t o4 = out[4U];
-  uint64_t l_ = o0 + (uint64_t)0U;
-  uint64_t tmp0 = l_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = l_ >> (uint32_t)51U;
+  uint64_t l_ = o0 + 0ULL;
+  uint64_t tmp0 = l_ & 0x7ffffffffffffULL;
+  uint64_t c0 = l_ >> 51U;
   uint64_t l_0 = o1 + c0;
-  uint64_t tmp1 = l_0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = l_0 >> (uint32_t)51U;
+  uint64_t tmp1 = l_0 & 0x7ffffffffffffULL;
+  uint64_t c1 = l_0 >> 51U;
   uint64_t l_1 = o2 + c1;
-  uint64_t tmp2 = l_1 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = l_1 >> (uint32_t)51U;
+  uint64_t tmp2 = l_1 & 0x7ffffffffffffULL;
+  uint64_t c2 = l_1 >> 51U;
   uint64_t l_2 = o3 + c2;
-  uint64_t tmp3 = l_2 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = l_2 >> (uint32_t)51U;
+  uint64_t tmp3 = l_2 & 0x7ffffffffffffULL;
+  uint64_t c3 = l_2 >> 51U;
   uint64_t l_3 = o4 + c3;
-  uint64_t tmp4 = l_3 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = l_3 >> (uint32_t)51U;
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = l_3 & 0x7ffffffffffffULL;
+  uint64_t c4 = l_3 >> 51U;
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t f0 = tmp0_;
   uint64_t f1 = tmp1 + c5;
   uint64_t f2 = tmp2;
   uint64_t f3 = tmp3;
   uint64_t f4 = tmp4;
-  uint64_t m0 = FStar_UInt64_gte_mask(f0, (uint64_t)0x7ffffffffffedU);
-  uint64_t m1 = FStar_UInt64_eq_mask(f1, (uint64_t)0x7ffffffffffffU);
-  uint64_t m2 = FStar_UInt64_eq_mask(f2, (uint64_t)0x7ffffffffffffU);
-  uint64_t m3 = FStar_UInt64_eq_mask(f3, (uint64_t)0x7ffffffffffffU);
-  uint64_t m4 = FStar_UInt64_eq_mask(f4, (uint64_t)0x7ffffffffffffU);
+  uint64_t m0 = FStar_UInt64_gte_mask(f0, 0x7ffffffffffedULL);
+  uint64_t m1 = FStar_UInt64_eq_mask(f1, 0x7ffffffffffffULL);
+  uint64_t m2 = FStar_UInt64_eq_mask(f2, 0x7ffffffffffffULL);
+  uint64_t m3 = FStar_UInt64_eq_mask(f3, 0x7ffffffffffffULL);
+  uint64_t m4 = FStar_UInt64_eq_mask(f4, 0x7ffffffffffffULL);
   uint64_t mask = (((m0 & m1) & m2) & m3) & m4;
-  uint64_t f0_ = f0 - (mask & (uint64_t)0x7ffffffffffedU);
-  uint64_t f1_ = f1 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f2_ = f2 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f3_ = f3 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f4_ = f4 - (mask & (uint64_t)0x7ffffffffffffU);
+  uint64_t f0_ = f0 - (mask & 0x7ffffffffffedULL);
+  uint64_t f1_ = f1 - (mask & 0x7ffffffffffffULL);
+  uint64_t f2_ = f2 - (mask & 0x7ffffffffffffULL);
+  uint64_t f3_ = f3 - (mask & 0x7ffffffffffffULL);
+  uint64_t f4_ = f4 - (mask & 0x7ffffffffffffULL);
   uint64_t f01 = f0_;
   uint64_t f11 = f1_;
   uint64_t f21 = f2_;
@@ -212,45 +212,41 @@ void Hacl_Bignum25519_load_51(uint64_t *output, uint8_t *input)
 {
   uint64_t u64s[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = u64s;
-    uint8_t *bj = input + i * (uint32_t)8U;
+    uint8_t *bj = input + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   uint64_t u64s3 = u64s[3U];
-  u64s[3U] = u64s3 & (uint64_t)0x7fffffffffffffffU;
-  output[0U] = u64s[0U] & (uint64_t)0x7ffffffffffffU;
-  output[1U] = u64s[0U] >> (uint32_t)51U | (u64s[1U] & (uint64_t)0x3fffffffffU) << (uint32_t)13U;
-  output[2U] = u64s[1U] >> (uint32_t)38U | (u64s[2U] & (uint64_t)0x1ffffffU) << (uint32_t)26U;
-  output[3U] = u64s[2U] >> (uint32_t)25U | (u64s[3U] & (uint64_t)0xfffU) << (uint32_t)39U;
-  output[4U] = u64s[3U] >> (uint32_t)12U;
+  u64s[3U] = u64s3 & 0x7fffffffffffffffULL;
+  output[0U] = u64s[0U] & 0x7ffffffffffffULL;
+  output[1U] = u64s[0U] >> 51U | (u64s[1U] & 0x3fffffffffULL) << 13U;
+  output[2U] = u64s[1U] >> 38U | (u64s[2U] & 0x1ffffffULL) << 26U;
+  output[3U] = u64s[2U] >> 25U | (u64s[3U] & 0xfffULL) << 39U;
+  output[4U] = u64s[3U] >> 12U;
 }
 
 void Hacl_Bignum25519_store_51(uint8_t *output, uint64_t *input)
 {
   uint64_t u64s[4U] = { 0U };
   Hacl_Impl_Curve25519_Field51_store_felem(u64s, input);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(output + i * (uint32_t)8U, u64s[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_le(output + i * 8U, u64s[i]););
 }
 
 void Hacl_Impl_Ed25519_PointDouble_point_double(uint64_t *out, uint64_t *p)
 {
   uint64_t tmp[20U] = { 0U };
   uint64_t *tmp1 = tmp;
-  uint64_t *tmp20 = tmp + (uint32_t)5U;
-  uint64_t *tmp30 = tmp + (uint32_t)10U;
-  uint64_t *tmp40 = tmp + (uint32_t)15U;
+  uint64_t *tmp20 = tmp + 5U;
+  uint64_t *tmp30 = tmp + 10U;
+  uint64_t *tmp40 = tmp + 15U;
   uint64_t *x10 = p;
-  uint64_t *y10 = p + (uint32_t)5U;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *y10 = p + 5U;
+  uint64_t *z1 = p + 10U;
   fsquare(tmp1, x10);
   fsquare(tmp20, y10);
   fsum(tmp30, tmp1, tmp20);
@@ -258,11 +254,11 @@ void Hacl_Impl_Ed25519_PointDouble_point_double(uint64_t *out, uint64_t *p)
   fsquare(tmp1, z1);
   times_2(tmp1, tmp1);
   uint64_t *tmp10 = tmp;
-  uint64_t *tmp2 = tmp + (uint32_t)5U;
-  uint64_t *tmp3 = tmp + (uint32_t)10U;
-  uint64_t *tmp4 = tmp + (uint32_t)15U;
+  uint64_t *tmp2 = tmp + 5U;
+  uint64_t *tmp3 = tmp + 10U;
+  uint64_t *tmp4 = tmp + 15U;
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
+  uint64_t *y1 = p + 5U;
   fsum(tmp2, x1, y1);
   fsquare(tmp2, tmp2);
   Hacl_Bignum25519_reduce_513(tmp3);
@@ -271,13 +267,13 @@ void Hacl_Impl_Ed25519_PointDouble_point_double(uint64_t *out, uint64_t *p)
   Hacl_Bignum25519_reduce_513(tmp4);
   fsum(tmp10, tmp10, tmp4);
   uint64_t *tmp_f = tmp;
-  uint64_t *tmp_e = tmp + (uint32_t)5U;
-  uint64_t *tmp_h = tmp + (uint32_t)10U;
-  uint64_t *tmp_g = tmp + (uint32_t)15U;
+  uint64_t *tmp_e = tmp + 5U;
+  uint64_t *tmp_h = tmp + 10U;
+  uint64_t *tmp_g = tmp + 15U;
   uint64_t *x3 = out;
-  uint64_t *y3 = out + (uint32_t)5U;
-  uint64_t *z3 = out + (uint32_t)10U;
-  uint64_t *t3 = out + (uint32_t)15U;
+  uint64_t *y3 = out + 5U;
+  uint64_t *z3 = out + 10U;
+  uint64_t *t3 = out + 15U;
   fmul0(x3, tmp_e, tmp_f);
   fmul0(y3, tmp_g, tmp_h);
   fmul0(t3, tmp_e, tmp_h);
@@ -288,13 +284,13 @@ void Hacl_Impl_Ed25519_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *
 {
   uint64_t tmp[30U] = { 0U };
   uint64_t *tmp1 = tmp;
-  uint64_t *tmp20 = tmp + (uint32_t)5U;
-  uint64_t *tmp30 = tmp + (uint32_t)10U;
-  uint64_t *tmp40 = tmp + (uint32_t)15U;
+  uint64_t *tmp20 = tmp + 5U;
+  uint64_t *tmp30 = tmp + 10U;
+  uint64_t *tmp40 = tmp + 15U;
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
+  uint64_t *y1 = p + 5U;
   uint64_t *x2 = q;
-  uint64_t *y2 = q + (uint32_t)5U;
+  uint64_t *y2 = q + 5U;
   fdifference(tmp1, y1, x1);
   fdifference(tmp20, y2, x2);
   fmul0(tmp30, tmp1, tmp20);
@@ -302,15 +298,15 @@ void Hacl_Impl_Ed25519_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *
   fsum(tmp20, y2, x2);
   fmul0(tmp40, tmp1, tmp20);
   uint64_t *tmp10 = tmp;
-  uint64_t *tmp2 = tmp + (uint32_t)5U;
-  uint64_t *tmp3 = tmp + (uint32_t)10U;
-  uint64_t *tmp4 = tmp + (uint32_t)15U;
-  uint64_t *tmp5 = tmp + (uint32_t)20U;
-  uint64_t *tmp6 = tmp + (uint32_t)25U;
-  uint64_t *z1 = p + (uint32_t)10U;
-  uint64_t *t1 = p + (uint32_t)15U;
-  uint64_t *z2 = q + (uint32_t)10U;
-  uint64_t *t2 = q + (uint32_t)15U;
+  uint64_t *tmp2 = tmp + 5U;
+  uint64_t *tmp3 = tmp + 10U;
+  uint64_t *tmp4 = tmp + 15U;
+  uint64_t *tmp5 = tmp + 20U;
+  uint64_t *tmp6 = tmp + 25U;
+  uint64_t *z1 = p + 10U;
+  uint64_t *t1 = p + 15U;
+  uint64_t *z2 = q + 10U;
+  uint64_t *t2 = q + 15U;
   times_2d(tmp10, t1);
   fmul0(tmp10, tmp10, t2);
   times_2(tmp2, z1);
@@ -320,13 +316,13 @@ void Hacl_Impl_Ed25519_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *
   fsum(tmp10, tmp2, tmp10);
   fsum(tmp2, tmp4, tmp3);
   uint64_t *tmp_g = tmp;
-  uint64_t *tmp_h = tmp + (uint32_t)5U;
-  uint64_t *tmp_e = tmp + (uint32_t)20U;
-  uint64_t *tmp_f = tmp + (uint32_t)25U;
+  uint64_t *tmp_h = tmp + 5U;
+  uint64_t *tmp_e = tmp + 20U;
+  uint64_t *tmp_f = tmp + 25U;
   uint64_t *x3 = out;
-  uint64_t *y3 = out + (uint32_t)5U;
-  uint64_t *z3 = out + (uint32_t)10U;
-  uint64_t *t3 = out + (uint32_t)15U;
+  uint64_t *y3 = out + 5U;
+  uint64_t *z3 = out + 10U;
+  uint64_t *t3 = out + 15U;
   fmul0(x3, tmp_e, tmp_f);
   fmul0(y3, tmp_g, tmp_h);
   fmul0(t3, tmp_e, tmp_h);
@@ -336,64 +332,64 @@ void Hacl_Impl_Ed25519_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *
 void Hacl_Impl_Ed25519_PointConstants_make_point_inf(uint64_t *b)
 {
   uint64_t *x = b;
-  uint64_t *y = b + (uint32_t)5U;
-  uint64_t *z = b + (uint32_t)10U;
-  uint64_t *t = b + (uint32_t)15U;
-  x[0U] = (uint64_t)0U;
-  x[1U] = (uint64_t)0U;
-  x[2U] = (uint64_t)0U;
-  x[3U] = (uint64_t)0U;
-  x[4U] = (uint64_t)0U;
-  y[0U] = (uint64_t)1U;
-  y[1U] = (uint64_t)0U;
-  y[2U] = (uint64_t)0U;
-  y[3U] = (uint64_t)0U;
-  y[4U] = (uint64_t)0U;
-  z[0U] = (uint64_t)1U;
-  z[1U] = (uint64_t)0U;
-  z[2U] = (uint64_t)0U;
-  z[3U] = (uint64_t)0U;
-  z[4U] = (uint64_t)0U;
-  t[0U] = (uint64_t)0U;
-  t[1U] = (uint64_t)0U;
-  t[2U] = (uint64_t)0U;
-  t[3U] = (uint64_t)0U;
-  t[4U] = (uint64_t)0U;
+  uint64_t *y = b + 5U;
+  uint64_t *z = b + 10U;
+  uint64_t *t = b + 15U;
+  x[0U] = 0ULL;
+  x[1U] = 0ULL;
+  x[2U] = 0ULL;
+  x[3U] = 0ULL;
+  x[4U] = 0ULL;
+  y[0U] = 1ULL;
+  y[1U] = 0ULL;
+  y[2U] = 0ULL;
+  y[3U] = 0ULL;
+  y[4U] = 0ULL;
+  z[0U] = 1ULL;
+  z[1U] = 0ULL;
+  z[2U] = 0ULL;
+  z[3U] = 0ULL;
+  z[4U] = 0ULL;
+  t[0U] = 0ULL;
+  t[1U] = 0ULL;
+  t[2U] = 0ULL;
+  t[3U] = 0ULL;
+  t[4U] = 0ULL;
 }
 
 static inline void pow2_252m2(uint64_t *out, uint64_t *z)
 {
   uint64_t buf[20U] = { 0U };
   uint64_t *a = buf;
-  uint64_t *t00 = buf + (uint32_t)5U;
-  uint64_t *b0 = buf + (uint32_t)10U;
-  uint64_t *c0 = buf + (uint32_t)15U;
-  fsquare_times(a, z, (uint32_t)1U);
-  fsquare_times(t00, a, (uint32_t)2U);
+  uint64_t *t00 = buf + 5U;
+  uint64_t *b0 = buf + 10U;
+  uint64_t *c0 = buf + 15U;
+  fsquare_times(a, z, 1U);
+  fsquare_times(t00, a, 2U);
   fmul0(b0, t00, z);
   fmul0(a, b0, a);
-  fsquare_times(t00, a, (uint32_t)1U);
+  fsquare_times(t00, a, 1U);
   fmul0(b0, t00, b0);
-  fsquare_times(t00, b0, (uint32_t)5U);
+  fsquare_times(t00, b0, 5U);
   fmul0(b0, t00, b0);
-  fsquare_times(t00, b0, (uint32_t)10U);
+  fsquare_times(t00, b0, 10U);
   fmul0(c0, t00, b0);
-  fsquare_times(t00, c0, (uint32_t)20U);
+  fsquare_times(t00, c0, 20U);
   fmul0(t00, t00, c0);
-  fsquare_times_inplace(t00, (uint32_t)10U);
+  fsquare_times_inplace(t00, 10U);
   fmul0(b0, t00, b0);
-  fsquare_times(t00, b0, (uint32_t)50U);
+  fsquare_times(t00, b0, 50U);
   uint64_t *a0 = buf;
-  uint64_t *t0 = buf + (uint32_t)5U;
-  uint64_t *b = buf + (uint32_t)10U;
-  uint64_t *c = buf + (uint32_t)15U;
-  fsquare_times(a0, z, (uint32_t)1U);
+  uint64_t *t0 = buf + 5U;
+  uint64_t *b = buf + 10U;
+  uint64_t *c = buf + 15U;
+  fsquare_times(a0, z, 1U);
   fmul0(c, t0, b);
-  fsquare_times(t0, c, (uint32_t)100U);
+  fsquare_times(t0, c, 100U);
   fmul0(t0, t0, c);
-  fsquare_times_inplace(t0, (uint32_t)50U);
+  fsquare_times_inplace(t0, 50U);
   fmul0(t0, t0, b);
-  fsquare_times_inplace(t0, (uint32_t)2U);
+  fsquare_times_inplace(t0, 2U);
   fmul0(out, t0, a0);
 }
 
@@ -404,23 +400,17 @@ static inline bool is_0(uint64_t *x)
   uint64_t x2 = x[2U];
   uint64_t x3 = x[3U];
   uint64_t x4 = x[4U];
-  return
-    x0
-    == (uint64_t)0U
-    && x1 == (uint64_t)0U
-    && x2 == (uint64_t)0U
-    && x3 == (uint64_t)0U
-    && x4 == (uint64_t)0U;
+  return x0 == 0ULL && x1 == 0ULL && x2 == 0ULL && x3 == 0ULL && x4 == 0ULL;
 }
 
 static inline void mul_modp_sqrt_m1(uint64_t *x)
 {
   uint64_t sqrt_m1[5U] = { 0U };
-  sqrt_m1[0U] = (uint64_t)0x00061b274a0ea0b0U;
-  sqrt_m1[1U] = (uint64_t)0x0000d5a5fc8f189dU;
-  sqrt_m1[2U] = (uint64_t)0x0007ef5e9cbd0c60U;
-  sqrt_m1[3U] = (uint64_t)0x00078595a6804c9eU;
-  sqrt_m1[4U] = (uint64_t)0x0002b8324804fc1dU;
+  sqrt_m1[0U] = 0x00061b274a0ea0b0ULL;
+  sqrt_m1[1U] = 0x0000d5a5fc8f189dULL;
+  sqrt_m1[2U] = 0x0007ef5e9cbd0c60ULL;
+  sqrt_m1[3U] = 0x00078595a6804c9eULL;
+  sqrt_m1[4U] = 0x0002b8324804fc1dULL;
   fmul0(x, x, sqrt_m1);
 }
 
@@ -436,11 +426,11 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
   bool
   b =
     x00
-    >= (uint64_t)0x7ffffffffffedU
-    && x1 == (uint64_t)0x7ffffffffffffU
-    && x21 == (uint64_t)0x7ffffffffffffU
-    && x30 == (uint64_t)0x7ffffffffffffU
-    && x4 == (uint64_t)0x7ffffffffffffU;
+    >= 0x7ffffffffffedULL
+    && x1 == 0x7ffffffffffffULL
+    && x21 == 0x7ffffffffffffULL
+    && x30 == 0x7ffffffffffffULL
+    && x4 == 0x7ffffffffffffULL;
   bool res;
   if (b)
   {
@@ -450,14 +440,14 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
   {
     uint64_t tmp1[20U] = { 0U };
     uint64_t *one = tmp1;
-    uint64_t *y2 = tmp1 + (uint32_t)5U;
-    uint64_t *dyyi = tmp1 + (uint32_t)10U;
-    uint64_t *dyy = tmp1 + (uint32_t)15U;
-    one[0U] = (uint64_t)1U;
-    one[1U] = (uint64_t)0U;
-    one[2U] = (uint64_t)0U;
-    one[3U] = (uint64_t)0U;
-    one[4U] = (uint64_t)0U;
+    uint64_t *y2 = tmp1 + 5U;
+    uint64_t *dyyi = tmp1 + 10U;
+    uint64_t *dyy = tmp1 + 15U;
+    one[0U] = 1ULL;
+    one[1U] = 0ULL;
+    one[2U] = 0ULL;
+    one[3U] = 0ULL;
+    one[4U] = 0ULL;
     fsquare(y2, y);
     times_d(dyy, y2);
     fsum(dyy, dyy, one);
@@ -470,37 +460,37 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
     uint8_t z;
     if (x2_is_0)
     {
-      if (sign == (uint64_t)0U)
+      if (sign == 0ULL)
       {
-        x[0U] = (uint64_t)0U;
-        x[1U] = (uint64_t)0U;
-        x[2U] = (uint64_t)0U;
-        x[3U] = (uint64_t)0U;
-        x[4U] = (uint64_t)0U;
-        z = (uint8_t)1U;
+        x[0U] = 0ULL;
+        x[1U] = 0ULL;
+        x[2U] = 0ULL;
+        x[3U] = 0ULL;
+        x[4U] = 0ULL;
+        z = 1U;
       }
       else
       {
-        z = (uint8_t)0U;
+        z = 0U;
       }
     }
     else
     {
-      z = (uint8_t)2U;
+      z = 2U;
     }
-    if (z == (uint8_t)0U)
+    if (z == 0U)
     {
       res = false;
     }
-    else if (z == (uint8_t)1U)
+    else if (z == 1U)
     {
       res = true;
     }
     else
     {
       uint64_t *x210 = tmp;
-      uint64_t *x31 = tmp + (uint32_t)5U;
-      uint64_t *t00 = tmp + (uint32_t)10U;
+      uint64_t *x31 = tmp + 5U;
+      uint64_t *t00 = tmp + 10U;
       pow2_252m2(x31, x210);
       fsquare(t00, x31);
       fdifference(t00, t00, x210);
@@ -512,8 +502,8 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
         mul_modp_sqrt_m1(x31);
       }
       uint64_t *x211 = tmp;
-      uint64_t *x3 = tmp + (uint32_t)5U;
-      uint64_t *t01 = tmp + (uint32_t)10U;
+      uint64_t *x3 = tmp + 5U;
+      uint64_t *t01 = tmp + 10U;
       fsquare(t01, x3);
       fdifference(t01, t01, x211);
       Hacl_Bignum25519_reduce_513(t01);
@@ -525,23 +515,23 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
       }
       else
       {
-        uint64_t *x32 = tmp + (uint32_t)5U;
-        uint64_t *t0 = tmp + (uint32_t)10U;
+        uint64_t *x32 = tmp + 5U;
+        uint64_t *t0 = tmp + 10U;
         reduce(x32);
         uint64_t x0 = x32[0U];
-        uint64_t x01 = x0 & (uint64_t)1U;
+        uint64_t x01 = x0 & 1ULL;
         if (!(x01 == sign))
         {
-          t0[0U] = (uint64_t)0U;
-          t0[1U] = (uint64_t)0U;
-          t0[2U] = (uint64_t)0U;
-          t0[3U] = (uint64_t)0U;
-          t0[4U] = (uint64_t)0U;
+          t0[0U] = 0ULL;
+          t0[1U] = 0ULL;
+          t0[2U] = 0ULL;
+          t0[3U] = 0ULL;
+          t0[4U] = 0ULL;
           fdifference(x32, t0, x32);
           Hacl_Bignum25519_reduce_513(x32);
           reduce(x32);
         }
-        memcpy(x, x32, (uint32_t)5U * sizeof (uint64_t));
+        memcpy(x, x32, 5U * sizeof (uint64_t));
         res = true;
       }
     }
@@ -554,9 +544,9 @@ bool Hacl_Impl_Ed25519_PointDecompress_point_decompress(uint64_t *out, uint8_t *
 {
   uint64_t tmp[10U] = { 0U };
   uint64_t *y = tmp;
-  uint64_t *x = tmp + (uint32_t)5U;
+  uint64_t *x = tmp + 5U;
   uint8_t s31 = s[31U];
-  uint8_t z = s31 >> (uint32_t)7U;
+  uint8_t z = (uint32_t)s31 >> 7U;
   uint64_t sign = (uint64_t)z;
   Hacl_Bignum25519_load_51(y, s);
   bool z0 = recover_x(x, y, sign);
@@ -568,16 +558,16 @@ bool Hacl_Impl_Ed25519_PointDecompress_point_decompress(uint64_t *out, uint8_t *
   else
   {
     uint64_t *outx = out;
-    uint64_t *outy = out + (uint32_t)5U;
-    uint64_t *outz = out + (uint32_t)10U;
-    uint64_t *outt = out + (uint32_t)15U;
-    memcpy(outx, x, (uint32_t)5U * sizeof (uint64_t));
-    memcpy(outy, y, (uint32_t)5U * sizeof (uint64_t));
-    outz[0U] = (uint64_t)1U;
-    outz[1U] = (uint64_t)0U;
-    outz[2U] = (uint64_t)0U;
-    outz[3U] = (uint64_t)0U;
-    outz[4U] = (uint64_t)0U;
+    uint64_t *outy = out + 5U;
+    uint64_t *outz = out + 10U;
+    uint64_t *outt = out + 15U;
+    memcpy(outx, x, 5U * sizeof (uint64_t));
+    memcpy(outy, y, 5U * sizeof (uint64_t));
+    outz[0U] = 1ULL;
+    outz[1U] = 0ULL;
+    outz[2U] = 0ULL;
+    outz[3U] = 0ULL;
+    outz[4U] = 0ULL;
     fmul0(outt, x, y);
     res = true;
   }
@@ -588,25 +578,25 @@ bool Hacl_Impl_Ed25519_PointDecompress_point_decompress(uint64_t *out, uint8_t *
 void Hacl_Impl_Ed25519_PointCompress_point_compress(uint8_t *z, uint64_t *p)
 {
   uint64_t tmp[15U] = { 0U };
-  uint64_t *x = tmp + (uint32_t)5U;
-  uint64_t *out = tmp + (uint32_t)10U;
+  uint64_t *x = tmp + 5U;
+  uint64_t *out = tmp + 10U;
   uint64_t *zinv1 = tmp;
-  uint64_t *x1 = tmp + (uint32_t)5U;
-  uint64_t *out1 = tmp + (uint32_t)10U;
+  uint64_t *x1 = tmp + 5U;
+  uint64_t *out1 = tmp + 10U;
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
-  uint64_t *pz = p + (uint32_t)10U;
+  uint64_t *py = p + 5U;
+  uint64_t *pz = p + 10U;
   Hacl_Bignum25519_inverse(zinv1, pz);
   fmul0(x1, px, zinv1);
   reduce(x1);
   fmul0(out1, py, zinv1);
   Hacl_Bignum25519_reduce_513(out1);
   uint64_t x0 = x[0U];
-  uint64_t b = x0 & (uint64_t)1U;
+  uint64_t b = x0 & 1ULL;
   Hacl_Bignum25519_store_51(z, out);
   uint8_t xbyte = (uint8_t)b;
   uint8_t o31 = z[31U];
-  z[31U] = o31 + (xbyte << (uint32_t)7U);
+  z[31U] = (uint32_t)o31 + ((uint32_t)xbyte << 7U);
 }
 
 static inline void barrett_reduction(uint64_t *z, uint64_t *t)
@@ -621,40 +611,40 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t t7 = t[7U];
   uint64_t t8 = t[8U];
   uint64_t t9 = t[9U];
-  uint64_t m00 = (uint64_t)0x12631a5cf5d3edU;
-  uint64_t m10 = (uint64_t)0xf9dea2f79cd658U;
-  uint64_t m20 = (uint64_t)0x000000000014deU;
-  uint64_t m30 = (uint64_t)0x00000000000000U;
-  uint64_t m40 = (uint64_t)0x00000010000000U;
+  uint64_t m00 = 0x12631a5cf5d3edULL;
+  uint64_t m10 = 0xf9dea2f79cd658ULL;
+  uint64_t m20 = 0x000000000014deULL;
+  uint64_t m30 = 0x00000000000000ULL;
+  uint64_t m40 = 0x00000010000000ULL;
   uint64_t m0 = m00;
   uint64_t m1 = m10;
   uint64_t m2 = m20;
   uint64_t m3 = m30;
   uint64_t m4 = m40;
-  uint64_t m010 = (uint64_t)0x9ce5a30a2c131bU;
-  uint64_t m110 = (uint64_t)0x215d086329a7edU;
-  uint64_t m210 = (uint64_t)0xffffffffeb2106U;
-  uint64_t m310 = (uint64_t)0xffffffffffffffU;
-  uint64_t m410 = (uint64_t)0x00000fffffffffU;
+  uint64_t m010 = 0x9ce5a30a2c131bULL;
+  uint64_t m110 = 0x215d086329a7edULL;
+  uint64_t m210 = 0xffffffffeb2106ULL;
+  uint64_t m310 = 0xffffffffffffffULL;
+  uint64_t m410 = 0x00000fffffffffULL;
   uint64_t mu0 = m010;
   uint64_t mu1 = m110;
   uint64_t mu2 = m210;
   uint64_t mu3 = m310;
   uint64_t mu4 = m410;
-  uint64_t y_ = (t5 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_ = t4 >> (uint32_t)24U;
+  uint64_t y_ = (t5 & 0xffffffULL) << 32U;
+  uint64_t x_ = t4 >> 24U;
   uint64_t z00 = x_ | y_;
-  uint64_t y_0 = (t6 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_0 = t5 >> (uint32_t)24U;
+  uint64_t y_0 = (t6 & 0xffffffULL) << 32U;
+  uint64_t x_0 = t5 >> 24U;
   uint64_t z10 = x_0 | y_0;
-  uint64_t y_1 = (t7 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_1 = t6 >> (uint32_t)24U;
+  uint64_t y_1 = (t7 & 0xffffffULL) << 32U;
+  uint64_t x_1 = t6 >> 24U;
   uint64_t z20 = x_1 | y_1;
-  uint64_t y_2 = (t8 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_2 = t7 >> (uint32_t)24U;
+  uint64_t y_2 = (t8 & 0xffffffULL) << 32U;
+  uint64_t x_2 = t7 >> 24U;
   uint64_t z30 = x_2 | y_2;
-  uint64_t y_3 = (t9 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_3 = t8 >> (uint32_t)24U;
+  uint64_t y_3 = (t9 & 0xffffffULL) << 32U;
+  uint64_t x_3 = t8 >> 24U;
   uint64_t z40 = x_3 | y_3;
   uint64_t q0 = z00;
   uint64_t q1 = z10;
@@ -707,55 +697,37 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 z6 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy24, xy33), xy42);
   FStar_UInt128_uint128 z7 = FStar_UInt128_add_mod(xy34, xy43);
   FStar_UInt128_uint128 z8 = xy44;
-  FStar_UInt128_uint128 carry0 = FStar_UInt128_shift_right(z01, (uint32_t)56U);
+  FStar_UInt128_uint128 carry0 = FStar_UInt128_shift_right(z01, 56U);
   FStar_UInt128_uint128 c00 = carry0;
-  FStar_UInt128_uint128
-  carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U);
+  FStar_UInt128_uint128 carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), 56U);
   FStar_UInt128_uint128 c10 = carry1;
-  FStar_UInt128_uint128
-  carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U);
+  FStar_UInt128_uint128 carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), 56U);
   FStar_UInt128_uint128 c20 = carry2;
-  FStar_UInt128_uint128
-  carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U);
+  FStar_UInt128_uint128 carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), 56U);
   FStar_UInt128_uint128 c30 = carry3;
-  FStar_UInt128_uint128
-  carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U);
+  FStar_UInt128_uint128 carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), 56U);
   uint64_t
-  t100 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30))
-    & (uint64_t)0xffffffffffffffU;
+  t100 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c40 = carry4;
   uint64_t t410 = t100;
-  FStar_UInt128_uint128
-  carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), (uint32_t)56U);
+  FStar_UInt128_uint128 carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), 56U);
   uint64_t
-  t101 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40))
-    & (uint64_t)0xffffffffffffffU;
+  t101 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c5 = carry5;
   uint64_t t51 = t101;
-  FStar_UInt128_uint128
-  carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), (uint32_t)56U);
+  FStar_UInt128_uint128 carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), 56U);
   uint64_t
-  t102 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5))
-    & (uint64_t)0xffffffffffffffU;
+  t102 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c6 = carry6;
   uint64_t t61 = t102;
-  FStar_UInt128_uint128
-  carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), (uint32_t)56U);
+  FStar_UInt128_uint128 carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), 56U);
   uint64_t
-  t103 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6))
-    & (uint64_t)0xffffffffffffffU;
+  t103 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c7 = carry7;
   uint64_t t71 = t103;
-  FStar_UInt128_uint128
-  carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), (uint32_t)56U);
+  FStar_UInt128_uint128 carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), 56U);
   uint64_t
-  t104 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7))
-    & (uint64_t)0xffffffffffffffU;
+  t104 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c8 = carry8;
   uint64_t t81 = t104;
   uint64_t t91 = FStar_UInt128_uint128_to_uint64(c8);
@@ -765,20 +737,20 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t qmu7_ = t71;
   uint64_t qmu8_ = t81;
   uint64_t qmu9_ = t91;
-  uint64_t y_4 = (qmu5_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_4 = qmu4_ >> (uint32_t)40U;
+  uint64_t y_4 = (qmu5_ & 0xffffffffffULL) << 16U;
+  uint64_t x_4 = qmu4_ >> 40U;
   uint64_t z02 = x_4 | y_4;
-  uint64_t y_5 = (qmu6_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_5 = qmu5_ >> (uint32_t)40U;
+  uint64_t y_5 = (qmu6_ & 0xffffffffffULL) << 16U;
+  uint64_t x_5 = qmu5_ >> 40U;
   uint64_t z12 = x_5 | y_5;
-  uint64_t y_6 = (qmu7_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_6 = qmu6_ >> (uint32_t)40U;
+  uint64_t y_6 = (qmu7_ & 0xffffffffffULL) << 16U;
+  uint64_t x_6 = qmu6_ >> 40U;
   uint64_t z22 = x_6 | y_6;
-  uint64_t y_7 = (qmu8_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_7 = qmu7_ >> (uint32_t)40U;
+  uint64_t y_7 = (qmu8_ & 0xffffffffffULL) << 16U;
+  uint64_t x_7 = qmu7_ >> 40U;
   uint64_t z32 = x_7 | y_7;
-  uint64_t y_8 = (qmu9_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_8 = qmu8_ >> (uint32_t)40U;
+  uint64_t y_8 = (qmu9_ & 0xffffffffffULL) << 16U;
+  uint64_t x_8 = qmu8_ >> 40U;
   uint64_t z42 = x_8 | y_8;
   uint64_t qdiv0 = z02;
   uint64_t qdiv1 = z12;
@@ -789,7 +761,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t r1 = t1;
   uint64_t r2 = t2;
   uint64_t r3 = t3;
-  uint64_t r4 = t4 & (uint64_t)0xffffffffffU;
+  uint64_t r4 = t4 & 0xffffffffffULL;
   FStar_UInt128_uint128 xy00 = FStar_UInt128_mul_wide(qdiv0, m0);
   FStar_UInt128_uint128 xy01 = FStar_UInt128_mul_wide(qdiv0, m1);
   FStar_UInt128_uint128 xy02 = FStar_UInt128_mul_wide(qdiv0, m2);
@@ -805,18 +777,18 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 xy30 = FStar_UInt128_mul_wide(qdiv3, m0);
   FStar_UInt128_uint128 xy31 = FStar_UInt128_mul_wide(qdiv3, m1);
   FStar_UInt128_uint128 xy40 = FStar_UInt128_mul_wide(qdiv4, m0);
-  FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, (uint32_t)56U);
-  uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
+  FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, 56U);
+  uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c0 = carry9;
   uint64_t t010 = t105;
   FStar_UInt128_uint128
   carry10 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0),
-      (uint32_t)56U);
+      56U);
   uint64_t
   t106 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0))
-    & (uint64_t)0xffffffffffffffU;
+    & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c11 = carry10;
   uint64_t t110 = t106;
   FStar_UInt128_uint128
@@ -825,14 +797,14 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
             xy11),
           xy20),
         c11),
-      (uint32_t)56U);
+      56U);
   uint64_t
   t107 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
             xy11),
           xy20),
         c11))
-    & (uint64_t)0xffffffffffffffU;
+    & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c21 = carry11;
   uint64_t t210 = t107;
   FStar_UInt128_uint128
@@ -842,7 +814,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
             xy21),
           xy30),
         c21),
-      (uint32_t)56U);
+      56U);
   uint64_t
   t108 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
@@ -850,7 +822,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
             xy21),
           xy30),
         c21))
-    & (uint64_t)0xffffffffffffffU;
+    & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c31 = carry;
   uint64_t t310 = t108;
   uint64_t
@@ -861,67 +833,67 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
             xy31),
           xy40),
         c31))
-    & (uint64_t)0xffffffffffU;
+    & 0xffffffffffULL;
   uint64_t qmul0 = t010;
   uint64_t qmul1 = t110;
   uint64_t qmul2 = t210;
   uint64_t qmul3 = t310;
   uint64_t qmul4 = t411;
-  uint64_t b5 = (r0 - qmul0) >> (uint32_t)63U;
-  uint64_t t109 = (b5 << (uint32_t)56U) + r0 - qmul0;
+  uint64_t b5 = (r0 - qmul0) >> 63U;
+  uint64_t t109 = (b5 << 56U) + r0 - qmul0;
   uint64_t c1 = b5;
   uint64_t t011 = t109;
-  uint64_t b6 = (r1 - (qmul1 + c1)) >> (uint32_t)63U;
-  uint64_t t1010 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
+  uint64_t b6 = (r1 - (qmul1 + c1)) >> 63U;
+  uint64_t t1010 = (b6 << 56U) + r1 - (qmul1 + c1);
   uint64_t c2 = b6;
   uint64_t t111 = t1010;
-  uint64_t b7 = (r2 - (qmul2 + c2)) >> (uint32_t)63U;
-  uint64_t t1011 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
+  uint64_t b7 = (r2 - (qmul2 + c2)) >> 63U;
+  uint64_t t1011 = (b7 << 56U) + r2 - (qmul2 + c2);
   uint64_t c3 = b7;
   uint64_t t211 = t1011;
-  uint64_t b8 = (r3 - (qmul3 + c3)) >> (uint32_t)63U;
-  uint64_t t1012 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
+  uint64_t b8 = (r3 - (qmul3 + c3)) >> 63U;
+  uint64_t t1012 = (b8 << 56U) + r3 - (qmul3 + c3);
   uint64_t c4 = b8;
   uint64_t t311 = t1012;
-  uint64_t b9 = (r4 - (qmul4 + c4)) >> (uint32_t)63U;
-  uint64_t t1013 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
+  uint64_t b9 = (r4 - (qmul4 + c4)) >> 63U;
+  uint64_t t1013 = (b9 << 40U) + r4 - (qmul4 + c4);
   uint64_t t412 = t1013;
   uint64_t s0 = t011;
   uint64_t s1 = t111;
   uint64_t s2 = t211;
   uint64_t s3 = t311;
   uint64_t s4 = t412;
-  uint64_t m01 = (uint64_t)0x12631a5cf5d3edU;
-  uint64_t m11 = (uint64_t)0xf9dea2f79cd658U;
-  uint64_t m21 = (uint64_t)0x000000000014deU;
-  uint64_t m31 = (uint64_t)0x00000000000000U;
-  uint64_t m41 = (uint64_t)0x00000010000000U;
+  uint64_t m01 = 0x12631a5cf5d3edULL;
+  uint64_t m11 = 0xf9dea2f79cd658ULL;
+  uint64_t m21 = 0x000000000014deULL;
+  uint64_t m31 = 0x00000000000000ULL;
+  uint64_t m41 = 0x00000010000000ULL;
   uint64_t y0 = m01;
   uint64_t y1 = m11;
   uint64_t y2 = m21;
   uint64_t y3 = m31;
   uint64_t y4 = m41;
-  uint64_t b10 = (s0 - y0) >> (uint32_t)63U;
-  uint64_t t1014 = (b10 << (uint32_t)56U) + s0 - y0;
+  uint64_t b10 = (s0 - y0) >> 63U;
+  uint64_t t1014 = (b10 << 56U) + s0 - y0;
   uint64_t b0 = b10;
   uint64_t t01 = t1014;
-  uint64_t b11 = (s1 - (y1 + b0)) >> (uint32_t)63U;
-  uint64_t t1015 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
+  uint64_t b11 = (s1 - (y1 + b0)) >> 63U;
+  uint64_t t1015 = (b11 << 56U) + s1 - (y1 + b0);
   uint64_t b1 = b11;
   uint64_t t11 = t1015;
-  uint64_t b12 = (s2 - (y2 + b1)) >> (uint32_t)63U;
-  uint64_t t1016 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
+  uint64_t b12 = (s2 - (y2 + b1)) >> 63U;
+  uint64_t t1016 = (b12 << 56U) + s2 - (y2 + b1);
   uint64_t b2 = b12;
   uint64_t t21 = t1016;
-  uint64_t b13 = (s3 - (y3 + b2)) >> (uint32_t)63U;
-  uint64_t t1017 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
+  uint64_t b13 = (s3 - (y3 + b2)) >> 63U;
+  uint64_t t1017 = (b13 << 56U) + s3 - (y3 + b2);
   uint64_t b3 = b13;
   uint64_t t31 = t1017;
-  uint64_t b = (s4 - (y4 + b3)) >> (uint32_t)63U;
-  uint64_t t10 = (b << (uint32_t)56U) + s4 - (y4 + b3);
+  uint64_t b = (s4 - (y4 + b3)) >> 63U;
+  uint64_t t10 = (b << 56U) + s4 - (y4 + b3);
   uint64_t b4 = b;
   uint64_t t41 = t10;
-  uint64_t mask = b4 - (uint64_t)1U;
+  uint64_t mask = b4 - 1ULL;
   uint64_t z03 = s0 ^ (mask & (s0 ^ t01));
   uint64_t z13 = s1 ^ (mask & (s1 ^ t11));
   uint64_t z23 = s2 ^ (mask & (s2 ^ t21));
@@ -1008,72 +980,48 @@ static inline void mul_modq(uint64_t *out, uint64_t *x, uint64_t *y)
   FStar_UInt128_uint128 z60 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy24, xy33), xy42);
   FStar_UInt128_uint128 z70 = FStar_UInt128_add_mod(xy34, xy43);
   FStar_UInt128_uint128 z80 = xy44;
-  FStar_UInt128_uint128 carry0 = FStar_UInt128_shift_right(z00, (uint32_t)56U);
-  uint64_t t10 = FStar_UInt128_uint128_to_uint64(z00) & (uint64_t)0xffffffffffffffU;
+  FStar_UInt128_uint128 carry0 = FStar_UInt128_shift_right(z00, 56U);
+  uint64_t t10 = FStar_UInt128_uint128_to_uint64(z00) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c0 = carry0;
   uint64_t t0 = t10;
-  FStar_UInt128_uint128
-  carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z10, c0), (uint32_t)56U);
+  FStar_UInt128_uint128 carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z10, c0), 56U);
   uint64_t
-  t11 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z10, c0))
-    & (uint64_t)0xffffffffffffffU;
+  t11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z10, c0)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c1 = carry1;
   uint64_t t1 = t11;
-  FStar_UInt128_uint128
-  carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z20, c1), (uint32_t)56U);
+  FStar_UInt128_uint128 carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z20, c1), 56U);
   uint64_t
-  t12 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z20, c1))
-    & (uint64_t)0xffffffffffffffU;
+  t12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z20, c1)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c2 = carry2;
   uint64_t t2 = t12;
-  FStar_UInt128_uint128
-  carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z30, c2), (uint32_t)56U);
+  FStar_UInt128_uint128 carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z30, c2), 56U);
   uint64_t
-  t13 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z30, c2))
-    & (uint64_t)0xffffffffffffffU;
+  t13 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z30, c2)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c3 = carry3;
   uint64_t t3 = t13;
-  FStar_UInt128_uint128
-  carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z40, c3), (uint32_t)56U);
+  FStar_UInt128_uint128 carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z40, c3), 56U);
   uint64_t
-  t14 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z40, c3))
-    & (uint64_t)0xffffffffffffffU;
+  t14 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z40, c3)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c4 = carry4;
   uint64_t t4 = t14;
-  FStar_UInt128_uint128
-  carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z50, c4), (uint32_t)56U);
+  FStar_UInt128_uint128 carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z50, c4), 56U);
   uint64_t
-  t15 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z50, c4))
-    & (uint64_t)0xffffffffffffffU;
+  t15 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z50, c4)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c5 = carry5;
   uint64_t t5 = t15;
-  FStar_UInt128_uint128
-  carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z60, c5), (uint32_t)56U);
+  FStar_UInt128_uint128 carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z60, c5), 56U);
   uint64_t
-  t16 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z60, c5))
-    & (uint64_t)0xffffffffffffffU;
+  t16 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z60, c5)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c6 = carry6;
   uint64_t t6 = t16;
-  FStar_UInt128_uint128
-  carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z70, c6), (uint32_t)56U);
+  FStar_UInt128_uint128 carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z70, c6), 56U);
   uint64_t
-  t17 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z70, c6))
-    & (uint64_t)0xffffffffffffffU;
+  t17 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z70, c6)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c7 = carry7;
   uint64_t t7 = t17;
-  FStar_UInt128_uint128
-  carry = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z80, c7), (uint32_t)56U);
+  FStar_UInt128_uint128 carry = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z80, c7), 56U);
   uint64_t
-  t =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z80, c7))
-    & (uint64_t)0xffffffffffffffU;
+  t = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z80, c7)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c8 = carry;
   uint64_t t8 = t;
   uint64_t t9 = FStar_UInt128_uint128_to_uint64(c8);
@@ -1112,54 +1060,54 @@ static inline void add_modq(uint64_t *out, uint64_t *x, uint64_t *y)
   uint64_t y2 = y[2U];
   uint64_t y3 = y[3U];
   uint64_t y4 = y[4U];
-  uint64_t carry0 = (x0 + y0) >> (uint32_t)56U;
-  uint64_t t0 = (x0 + y0) & (uint64_t)0xffffffffffffffU;
+  uint64_t carry0 = (x0 + y0) >> 56U;
+  uint64_t t0 = (x0 + y0) & 0xffffffffffffffULL;
   uint64_t t00 = t0;
   uint64_t c0 = carry0;
-  uint64_t carry1 = (x1 + y1 + c0) >> (uint32_t)56U;
-  uint64_t t1 = (x1 + y1 + c0) & (uint64_t)0xffffffffffffffU;
+  uint64_t carry1 = (x1 + y1 + c0) >> 56U;
+  uint64_t t1 = (x1 + y1 + c0) & 0xffffffffffffffULL;
   uint64_t t10 = t1;
   uint64_t c1 = carry1;
-  uint64_t carry2 = (x2 + y2 + c1) >> (uint32_t)56U;
-  uint64_t t2 = (x2 + y2 + c1) & (uint64_t)0xffffffffffffffU;
+  uint64_t carry2 = (x2 + y2 + c1) >> 56U;
+  uint64_t t2 = (x2 + y2 + c1) & 0xffffffffffffffULL;
   uint64_t t20 = t2;
   uint64_t c2 = carry2;
-  uint64_t carry = (x3 + y3 + c2) >> (uint32_t)56U;
-  uint64_t t3 = (x3 + y3 + c2) & (uint64_t)0xffffffffffffffU;
+  uint64_t carry = (x3 + y3 + c2) >> 56U;
+  uint64_t t3 = (x3 + y3 + c2) & 0xffffffffffffffULL;
   uint64_t t30 = t3;
   uint64_t c3 = carry;
   uint64_t t4 = x4 + y4 + c3;
-  uint64_t m0 = (uint64_t)0x12631a5cf5d3edU;
-  uint64_t m1 = (uint64_t)0xf9dea2f79cd658U;
-  uint64_t m2 = (uint64_t)0x000000000014deU;
-  uint64_t m3 = (uint64_t)0x00000000000000U;
-  uint64_t m4 = (uint64_t)0x00000010000000U;
+  uint64_t m0 = 0x12631a5cf5d3edULL;
+  uint64_t m1 = 0xf9dea2f79cd658ULL;
+  uint64_t m2 = 0x000000000014deULL;
+  uint64_t m3 = 0x00000000000000ULL;
+  uint64_t m4 = 0x00000010000000ULL;
   uint64_t y01 = m0;
   uint64_t y11 = m1;
   uint64_t y21 = m2;
   uint64_t y31 = m3;
   uint64_t y41 = m4;
-  uint64_t b5 = (t00 - y01) >> (uint32_t)63U;
-  uint64_t t5 = (b5 << (uint32_t)56U) + t00 - y01;
+  uint64_t b5 = (t00 - y01) >> 63U;
+  uint64_t t5 = (b5 << 56U) + t00 - y01;
   uint64_t b0 = b5;
   uint64_t t01 = t5;
-  uint64_t b6 = (t10 - (y11 + b0)) >> (uint32_t)63U;
-  uint64_t t6 = (b6 << (uint32_t)56U) + t10 - (y11 + b0);
+  uint64_t b6 = (t10 - (y11 + b0)) >> 63U;
+  uint64_t t6 = (b6 << 56U) + t10 - (y11 + b0);
   uint64_t b1 = b6;
   uint64_t t11 = t6;
-  uint64_t b7 = (t20 - (y21 + b1)) >> (uint32_t)63U;
-  uint64_t t7 = (b7 << (uint32_t)56U) + t20 - (y21 + b1);
+  uint64_t b7 = (t20 - (y21 + b1)) >> 63U;
+  uint64_t t7 = (b7 << 56U) + t20 - (y21 + b1);
   uint64_t b2 = b7;
   uint64_t t21 = t7;
-  uint64_t b8 = (t30 - (y31 + b2)) >> (uint32_t)63U;
-  uint64_t t8 = (b8 << (uint32_t)56U) + t30 - (y31 + b2);
+  uint64_t b8 = (t30 - (y31 + b2)) >> 63U;
+  uint64_t t8 = (b8 << 56U) + t30 - (y31 + b2);
   uint64_t b3 = b8;
   uint64_t t31 = t8;
-  uint64_t b = (t4 - (y41 + b3)) >> (uint32_t)63U;
-  uint64_t t = (b << (uint32_t)56U) + t4 - (y41 + b3);
+  uint64_t b = (t4 - (y41 + b3)) >> 63U;
+  uint64_t t = (b << 56U) + t4 - (y41 + b3);
   uint64_t b4 = b;
   uint64_t t41 = t;
-  uint64_t mask = b4 - (uint64_t)1U;
+  uint64_t mask = b4 - 1ULL;
   uint64_t z00 = t00 ^ (mask & (t00 ^ t01));
   uint64_t z10 = t10 ^ (mask & (t10 ^ t11));
   uint64_t z20 = t20 ^ (mask & (t20 ^ t21));
@@ -1194,35 +1142,35 @@ static inline bool gte_q(uint64_t *s)
   uint64_t s2 = s[2U];
   uint64_t s3 = s[3U];
   uint64_t s4 = s[4U];
-  if (s4 > (uint64_t)0x00000010000000U)
+  if (s4 > 0x00000010000000ULL)
   {
     return true;
   }
-  if (s4 < (uint64_t)0x00000010000000U)
+  if (s4 < 0x00000010000000ULL)
   {
     return false;
   }
-  if (s3 > (uint64_t)0x00000000000000U)
+  if (s3 > 0x00000000000000ULL)
   {
     return true;
   }
-  if (s2 > (uint64_t)0x000000000014deU)
+  if (s2 > 0x000000000014deULL)
   {
     return true;
   }
-  if (s2 < (uint64_t)0x000000000014deU)
+  if (s2 < 0x000000000014deULL)
   {
     return false;
   }
-  if (s1 > (uint64_t)0xf9dea2f79cd658U)
+  if (s1 > 0xf9dea2f79cd658ULL)
   {
     return true;
   }
-  if (s1 < (uint64_t)0xf9dea2f79cd658U)
+  if (s1 < 0xf9dea2f79cd658ULL)
   {
     return false;
   }
-  if (s0 >= (uint64_t)0x12631a5cf5d3edU)
+  if (s0 >= 0x12631a5cf5d3edULL)
   {
     return true;
   }
@@ -1248,19 +1196,19 @@ bool Hacl_Impl_Ed25519_PointEqual_point_equal(uint64_t *p, uint64_t *q)
 {
   uint64_t tmp[20U] = { 0U };
   uint64_t *pxqz = tmp;
-  uint64_t *qxpz = tmp + (uint32_t)5U;
-  fmul0(pxqz, p, q + (uint32_t)10U);
+  uint64_t *qxpz = tmp + 5U;
+  fmul0(pxqz, p, q + 10U);
   reduce(pxqz);
-  fmul0(qxpz, q, p + (uint32_t)10U);
+  fmul0(qxpz, q, p + 10U);
   reduce(qxpz);
   bool b = eq(pxqz, qxpz);
   if (b)
   {
-    uint64_t *pyqz = tmp + (uint32_t)10U;
-    uint64_t *qypz = tmp + (uint32_t)15U;
-    fmul0(pyqz, p + (uint32_t)5U, q + (uint32_t)10U);
+    uint64_t *pyqz = tmp + 10U;
+    uint64_t *qypz = tmp + 15U;
+    fmul0(pyqz, p + 5U, q + 10U);
     reduce(pyqz);
-    fmul0(qypz, q + (uint32_t)5U, p + (uint32_t)10U);
+    fmul0(qypz, q + 5U, p + 10U);
     reduce(qypz);
     return eq(pyqz, qypz);
   }
@@ -1270,23 +1218,23 @@ bool Hacl_Impl_Ed25519_PointEqual_point_equal(uint64_t *p, uint64_t *q)
 void Hacl_Impl_Ed25519_PointNegate_point_negate(uint64_t *p, uint64_t *out)
 {
   uint64_t zero[5U] = { 0U };
-  zero[0U] = (uint64_t)0U;
-  zero[1U] = (uint64_t)0U;
-  zero[2U] = (uint64_t)0U;
-  zero[3U] = (uint64_t)0U;
-  zero[4U] = (uint64_t)0U;
+  zero[0U] = 0ULL;
+  zero[1U] = 0ULL;
+  zero[2U] = 0ULL;
+  zero[3U] = 0ULL;
+  zero[4U] = 0ULL;
   uint64_t *x = p;
-  uint64_t *y = p + (uint32_t)5U;
-  uint64_t *z = p + (uint32_t)10U;
-  uint64_t *t = p + (uint32_t)15U;
+  uint64_t *y = p + 5U;
+  uint64_t *z = p + 10U;
+  uint64_t *t = p + 15U;
   uint64_t *x1 = out;
-  uint64_t *y1 = out + (uint32_t)5U;
-  uint64_t *z1 = out + (uint32_t)10U;
-  uint64_t *t1 = out + (uint32_t)15U;
+  uint64_t *y1 = out + 5U;
+  uint64_t *z1 = out + 10U;
+  uint64_t *t1 = out + 15U;
   fdifference(x1, zero, x);
   Hacl_Bignum25519_reduce_513(x1);
-  memcpy(y1, y, (uint32_t)5U * sizeof (uint64_t));
-  memcpy(z1, z, (uint32_t)5U * sizeof (uint64_t));
+  memcpy(y1, y, 5U * sizeof (uint64_t));
+  memcpy(z1, z, 5U * sizeof (uint64_t));
   fdifference(t1, zero, t);
   Hacl_Bignum25519_reduce_513(t1);
 }
@@ -1295,11 +1243,11 @@ void Hacl_Impl_Ed25519_Ladder_point_mul(uint64_t *out, uint8_t *scalar, uint64_t
 {
   uint64_t bscalar[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = bscalar;
-    uint8_t *bj = scalar + i * (uint32_t)8U;
+    uint8_t *bj = scalar + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
@@ -1307,42 +1255,34 @@ void Hacl_Impl_Ed25519_Ladder_point_mul(uint64_t *out, uint8_t *scalar, uint64_t
   uint64_t table[320U] = { 0U };
   uint64_t tmp[20U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)20U;
+  uint64_t *t1 = table + 20U;
   Hacl_Impl_Ed25519_PointConstants_make_point_inf(t0);
-  memcpy(t1, q, (uint32_t)20U * sizeof (uint64_t));
+  memcpy(t1, q, 20U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)20U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 20U;
     Hacl_Impl_Ed25519_PointDouble_point_double(tmp, t11);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)20U,
-      tmp,
-      (uint32_t)20U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)20U;
+    memcpy(table + (2U * i + 2U) * 20U, tmp, 20U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 20U;
     Hacl_Impl_Ed25519_PointAdd_point_add(tmp, q, t2);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)20U,
-      tmp,
-      (uint32_t)20U * sizeof (uint64_t)););
+    memcpy(table + (2U * i + 3U) * 20U, tmp, 20U * sizeof (uint64_t)););
   Hacl_Impl_Ed25519_PointConstants_make_point_inf(out);
   uint64_t tmp0[20U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)256U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)20U * sizeof (uint64_t));
+    KRML_MAYBE_FOR4(i, 0U, 4U, 1U, Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
+    uint32_t k = 256U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 20U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)20U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)20U; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 20U;
+      for (uint32_t i = 0U; i < 20U; i++)
       {
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -1354,14 +1294,14 @@ void Hacl_Impl_Ed25519_Ladder_point_mul(uint64_t *out, uint8_t *scalar, uint64_t
 
 static inline void precomp_get_consttime(const uint64_t *table, uint64_t bits_l, uint64_t *tmp)
 {
-  memcpy(tmp, (uint64_t *)table, (uint32_t)20U * sizeof (uint64_t));
+  memcpy(tmp, (uint64_t *)table, 20U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i0,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + (uint32_t)1U));
-    const uint64_t *res_j = table + (i0 + (uint32_t)1U) * (uint32_t)20U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)20U; i++)
+    0U,
+    15U,
+    1U,
+    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + 1U));
+    const uint64_t *res_j = table + (i0 + 1U) * 20U;
+    for (uint32_t i = 0U; i < 20U; i++)
     {
       uint64_t *os = tmp;
       uint64_t x = (c & res_j[i]) | (~c & tmp[i]);
@@ -1373,107 +1313,97 @@ static inline void point_mul_g(uint64_t *out, uint8_t *scalar)
 {
   uint64_t bscalar[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = bscalar;
-    uint8_t *bj = scalar + i * (uint32_t)8U;
+    uint8_t *bj = scalar + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   uint64_t q1[20U] = { 0U };
   uint64_t *gx = q1;
-  uint64_t *gy = q1 + (uint32_t)5U;
-  uint64_t *gz = q1 + (uint32_t)10U;
-  uint64_t *gt = q1 + (uint32_t)15U;
-  gx[0U] = (uint64_t)0x00062d608f25d51aU;
-  gx[1U] = (uint64_t)0x000412a4b4f6592aU;
-  gx[2U] = (uint64_t)0x00075b7171a4b31dU;
-  gx[3U] = (uint64_t)0x0001ff60527118feU;
-  gx[4U] = (uint64_t)0x000216936d3cd6e5U;
-  gy[0U] = (uint64_t)0x0006666666666658U;
-  gy[1U] = (uint64_t)0x0004ccccccccccccU;
-  gy[2U] = (uint64_t)0x0001999999999999U;
-  gy[3U] = (uint64_t)0x0003333333333333U;
-  gy[4U] = (uint64_t)0x0006666666666666U;
-  gz[0U] = (uint64_t)1U;
-  gz[1U] = (uint64_t)0U;
-  gz[2U] = (uint64_t)0U;
-  gz[3U] = (uint64_t)0U;
-  gz[4U] = (uint64_t)0U;
-  gt[0U] = (uint64_t)0x00068ab3a5b7dda3U;
-  gt[1U] = (uint64_t)0x00000eea2a5eadbbU;
-  gt[2U] = (uint64_t)0x0002af8df483c27eU;
-  gt[3U] = (uint64_t)0x000332b375274732U;
-  gt[4U] = (uint64_t)0x00067875f0fd78b7U;
+  uint64_t *gy = q1 + 5U;
+  uint64_t *gz = q1 + 10U;
+  uint64_t *gt = q1 + 15U;
+  gx[0U] = 0x00062d608f25d51aULL;
+  gx[1U] = 0x000412a4b4f6592aULL;
+  gx[2U] = 0x00075b7171a4b31dULL;
+  gx[3U] = 0x0001ff60527118feULL;
+  gx[4U] = 0x000216936d3cd6e5ULL;
+  gy[0U] = 0x0006666666666658ULL;
+  gy[1U] = 0x0004ccccccccccccULL;
+  gy[2U] = 0x0001999999999999ULL;
+  gy[3U] = 0x0003333333333333ULL;
+  gy[4U] = 0x0006666666666666ULL;
+  gz[0U] = 1ULL;
+  gz[1U] = 0ULL;
+  gz[2U] = 0ULL;
+  gz[3U] = 0ULL;
+  gz[4U] = 0ULL;
+  gt[0U] = 0x00068ab3a5b7dda3ULL;
+  gt[1U] = 0x00000eea2a5eadbbULL;
+  gt[2U] = 0x0002af8df483c27eULL;
+  gt[3U] = 0x000332b375274732ULL;
+  gt[4U] = 0x00067875f0fd78b7ULL;
   uint64_t
   q2[20U] =
     {
-      (uint64_t)13559344787725U, (uint64_t)2051621493703448U, (uint64_t)1947659315640708U,
-      (uint64_t)626856790370168U, (uint64_t)1592804284034836U, (uint64_t)1781728767459187U,
-      (uint64_t)278818420518009U, (uint64_t)2038030359908351U, (uint64_t)910625973862690U,
-      (uint64_t)471887343142239U, (uint64_t)1298543306606048U, (uint64_t)794147365642417U,
-      (uint64_t)129968992326749U, (uint64_t)523140861678572U, (uint64_t)1166419653909231U,
-      (uint64_t)2009637196928390U, (uint64_t)1288020222395193U, (uint64_t)1007046974985829U,
-      (uint64_t)208981102651386U, (uint64_t)2074009315253380U
+      13559344787725ULL, 2051621493703448ULL, 1947659315640708ULL, 626856790370168ULL,
+      1592804284034836ULL, 1781728767459187ULL, 278818420518009ULL, 2038030359908351ULL,
+      910625973862690ULL, 471887343142239ULL, 1298543306606048ULL, 794147365642417ULL,
+      129968992326749ULL, 523140861678572ULL, 1166419653909231ULL, 2009637196928390ULL,
+      1288020222395193ULL, 1007046974985829ULL, 208981102651386ULL, 2074009315253380ULL
     };
   uint64_t
   q3[20U] =
     {
-      (uint64_t)557549315715710U, (uint64_t)196756086293855U, (uint64_t)846062225082495U,
-      (uint64_t)1865068224838092U, (uint64_t)991112090754908U, (uint64_t)522916421512828U,
-      (uint64_t)2098523346722375U, (uint64_t)1135633221747012U, (uint64_t)858420432114866U,
-      (uint64_t)186358544306082U, (uint64_t)1044420411868480U, (uint64_t)2080052304349321U,
-      (uint64_t)557301814716724U, (uint64_t)1305130257814057U, (uint64_t)2126012765451197U,
-      (uint64_t)1441004402875101U, (uint64_t)353948968859203U, (uint64_t)470765987164835U,
-      (uint64_t)1507675957683570U, (uint64_t)1086650358745097U
+      557549315715710ULL, 196756086293855ULL, 846062225082495ULL, 1865068224838092ULL,
+      991112090754908ULL, 522916421512828ULL, 2098523346722375ULL, 1135633221747012ULL,
+      858420432114866ULL, 186358544306082ULL, 1044420411868480ULL, 2080052304349321ULL,
+      557301814716724ULL, 1305130257814057ULL, 2126012765451197ULL, 1441004402875101ULL,
+      353948968859203ULL, 470765987164835ULL, 1507675957683570ULL, 1086650358745097ULL
     };
   uint64_t
   q4[20U] =
     {
-      (uint64_t)1129953239743101U, (uint64_t)1240339163956160U, (uint64_t)61002583352401U,
-      (uint64_t)2017604552196030U, (uint64_t)1576867829229863U, (uint64_t)1508654942849389U,
-      (uint64_t)270111619664077U, (uint64_t)1253097517254054U, (uint64_t)721798270973250U,
-      (uint64_t)161923365415298U, (uint64_t)828530877526011U, (uint64_t)1494851059386763U,
-      (uint64_t)662034171193976U, (uint64_t)1315349646974670U, (uint64_t)2199229517308806U,
-      (uint64_t)497078277852673U, (uint64_t)1310507715989956U, (uint64_t)1881315714002105U,
-      (uint64_t)2214039404983803U, (uint64_t)1331036420272667U
+      1129953239743101ULL, 1240339163956160ULL, 61002583352401ULL, 2017604552196030ULL,
+      1576867829229863ULL, 1508654942849389ULL, 270111619664077ULL, 1253097517254054ULL,
+      721798270973250ULL, 161923365415298ULL, 828530877526011ULL, 1494851059386763ULL,
+      662034171193976ULL, 1315349646974670ULL, 2199229517308806ULL, 497078277852673ULL,
+      1310507715989956ULL, 1881315714002105ULL, 2214039404983803ULL, 1331036420272667ULL
     };
   uint64_t *r1 = bscalar;
-  uint64_t *r2 = bscalar + (uint32_t)1U;
-  uint64_t *r3 = bscalar + (uint32_t)2U;
-  uint64_t *r4 = bscalar + (uint32_t)3U;
+  uint64_t *r2 = bscalar + 1U;
+  uint64_t *r3 = bscalar + 2U;
+  uint64_t *r4 = bscalar + 3U;
   Hacl_Impl_Ed25519_PointConstants_make_point_inf(out);
   uint64_t tmp[20U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r4, k, (uint32_t)4U);
+    0U,
+    16U,
+    1U,
+    KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
+    uint32_t k = 64U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r4, k, 4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_g_pow2_192_table_w4, bits_l, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp);
-    uint32_t k0 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r3, k0, (uint32_t)4U);
+    uint32_t k0 = 64U - 4U * i - 4U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r3, k0, 4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_g_pow2_128_table_w4, bits_l0, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp);
-    uint32_t k1 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r2, k1, (uint32_t)4U);
+    uint32_t k1 = 64U - 4U * i - 4U;
+    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r2, k1, 4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_g_pow2_64_table_w4, bits_l1, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp);
-    uint32_t k2 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
+    uint32_t k2 = 64U - 4U * i - 4U;
+    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r1, k2, 4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp););
-  KRML_HOST_IGNORE(q2);
-  KRML_HOST_IGNORE(q3);
-  KRML_HOST_IGNORE(q4);
+  KRML_MAYBE_UNUSED_VAR(q2);
+  KRML_MAYBE_UNUSED_VAR(q3);
+  KRML_MAYBE_UNUSED_VAR(q4);
 }
 
 static inline void
@@ -1481,48 +1411,48 @@ point_mul_g_double_vartime(uint64_t *out, uint8_t *scalar1, uint8_t *scalar2, ui
 {
   uint64_t tmp[28U] = { 0U };
   uint64_t *g = tmp;
-  uint64_t *bscalar1 = tmp + (uint32_t)20U;
-  uint64_t *bscalar2 = tmp + (uint32_t)24U;
+  uint64_t *bscalar1 = tmp + 20U;
+  uint64_t *bscalar2 = tmp + 24U;
   uint64_t *gx = g;
-  uint64_t *gy = g + (uint32_t)5U;
-  uint64_t *gz = g + (uint32_t)10U;
-  uint64_t *gt = g + (uint32_t)15U;
-  gx[0U] = (uint64_t)0x00062d608f25d51aU;
-  gx[1U] = (uint64_t)0x000412a4b4f6592aU;
-  gx[2U] = (uint64_t)0x00075b7171a4b31dU;
-  gx[3U] = (uint64_t)0x0001ff60527118feU;
-  gx[4U] = (uint64_t)0x000216936d3cd6e5U;
-  gy[0U] = (uint64_t)0x0006666666666658U;
-  gy[1U] = (uint64_t)0x0004ccccccccccccU;
-  gy[2U] = (uint64_t)0x0001999999999999U;
-  gy[3U] = (uint64_t)0x0003333333333333U;
-  gy[4U] = (uint64_t)0x0006666666666666U;
-  gz[0U] = (uint64_t)1U;
-  gz[1U] = (uint64_t)0U;
-  gz[2U] = (uint64_t)0U;
-  gz[3U] = (uint64_t)0U;
-  gz[4U] = (uint64_t)0U;
-  gt[0U] = (uint64_t)0x00068ab3a5b7dda3U;
-  gt[1U] = (uint64_t)0x00000eea2a5eadbbU;
-  gt[2U] = (uint64_t)0x0002af8df483c27eU;
-  gt[3U] = (uint64_t)0x000332b375274732U;
-  gt[4U] = (uint64_t)0x00067875f0fd78b7U;
+  uint64_t *gy = g + 5U;
+  uint64_t *gz = g + 10U;
+  uint64_t *gt = g + 15U;
+  gx[0U] = 0x00062d608f25d51aULL;
+  gx[1U] = 0x000412a4b4f6592aULL;
+  gx[2U] = 0x00075b7171a4b31dULL;
+  gx[3U] = 0x0001ff60527118feULL;
+  gx[4U] = 0x000216936d3cd6e5ULL;
+  gy[0U] = 0x0006666666666658ULL;
+  gy[1U] = 0x0004ccccccccccccULL;
+  gy[2U] = 0x0001999999999999ULL;
+  gy[3U] = 0x0003333333333333ULL;
+  gy[4U] = 0x0006666666666666ULL;
+  gz[0U] = 1ULL;
+  gz[1U] = 0ULL;
+  gz[2U] = 0ULL;
+  gz[3U] = 0ULL;
+  gz[4U] = 0ULL;
+  gt[0U] = 0x00068ab3a5b7dda3ULL;
+  gt[1U] = 0x00000eea2a5eadbbULL;
+  gt[2U] = 0x0002af8df483c27eULL;
+  gt[3U] = 0x000332b375274732ULL;
+  gt[4U] = 0x00067875f0fd78b7ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = bscalar1;
-    uint8_t *bj = scalar1 + i * (uint32_t)8U;
+    uint8_t *bj = scalar1 + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = bscalar2;
-    uint8_t *bj = scalar2 + i * (uint32_t)8U;
+    uint8_t *bj = scalar2 + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
@@ -1530,58 +1460,50 @@ point_mul_g_double_vartime(uint64_t *out, uint8_t *scalar1, uint8_t *scalar2, ui
   uint64_t table2[640U] = { 0U };
   uint64_t tmp1[20U] = { 0U };
   uint64_t *t0 = table2;
-  uint64_t *t1 = table2 + (uint32_t)20U;
+  uint64_t *t1 = table2 + 20U;
   Hacl_Impl_Ed25519_PointConstants_make_point_inf(t0);
-  memcpy(t1, q2, (uint32_t)20U * sizeof (uint64_t));
+  memcpy(t1, q2, 20U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t *t11 = table2 + (i + (uint32_t)1U) * (uint32_t)20U;
+    0U,
+    15U,
+    1U,
+    uint64_t *t11 = table2 + (i + 1U) * 20U;
     Hacl_Impl_Ed25519_PointDouble_point_double(tmp1, t11);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)20U,
-      tmp1,
-      (uint32_t)20U * sizeof (uint64_t));
-    uint64_t *t2 = table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)20U;
+    memcpy(table2 + (2U * i + 2U) * 20U, tmp1, 20U * sizeof (uint64_t));
+    uint64_t *t2 = table2 + (2U * i + 2U) * 20U;
     Hacl_Impl_Ed25519_PointAdd_point_add(tmp1, q2, t2);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)20U,
-      tmp1,
-      (uint32_t)20U * sizeof (uint64_t)););
+    memcpy(table2 + (2U * i + 3U) * 20U, tmp1, 20U * sizeof (uint64_t)););
   uint64_t tmp10[20U] = { 0U };
-  uint32_t i0 = (uint32_t)255U;
-  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar1, i0, (uint32_t)5U);
+  uint32_t i0 = 255U;
+  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar1, i0, 5U);
   uint32_t bits_l32 = (uint32_t)bits_c;
   const
   uint64_t
-  *a_bits_l = Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * (uint32_t)20U;
-  memcpy(out, (uint64_t *)a_bits_l, (uint32_t)20U * sizeof (uint64_t));
-  uint32_t i1 = (uint32_t)255U;
-  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar2, i1, (uint32_t)5U);
+  *a_bits_l = Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * 20U;
+  memcpy(out, (uint64_t *)a_bits_l, 20U * sizeof (uint64_t));
+  uint32_t i1 = 255U;
+  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar2, i1, 5U);
   uint32_t bits_l320 = (uint32_t)bits_c0;
-  const uint64_t *a_bits_l0 = table2 + bits_l320 * (uint32_t)20U;
-  memcpy(tmp10, (uint64_t *)a_bits_l0, (uint32_t)20U * sizeof (uint64_t));
+  const uint64_t *a_bits_l0 = table2 + bits_l320 * 20U;
+  memcpy(tmp10, (uint64_t *)a_bits_l0, 20U * sizeof (uint64_t));
   Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp10);
   uint64_t tmp11[20U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)51U; i++)
+  for (uint32_t i = 0U; i < 51U; i++)
   {
-    KRML_MAYBE_FOR5(i2,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar2, k, (uint32_t)5U);
+    KRML_MAYBE_FOR5(i2, 0U, 5U, 1U, Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
+    uint32_t k = 255U - 5U * i - 5U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar2, k, 5U);
     uint32_t bits_l321 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l1 = table2 + bits_l321 * (uint32_t)20U;
-    memcpy(tmp11, (uint64_t *)a_bits_l1, (uint32_t)20U * sizeof (uint64_t));
+    const uint64_t *a_bits_l1 = table2 + bits_l321 * 20U;
+    memcpy(tmp11, (uint64_t *)a_bits_l1, 20U * sizeof (uint64_t));
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp11);
-    uint32_t k0 = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar1, k0, (uint32_t)5U);
+    uint32_t k0 = 255U - 5U * i - 5U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar1, k0, 5U);
     uint32_t bits_l322 = (uint32_t)bits_l0;
     const
     uint64_t
-    *a_bits_l2 = Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * (uint32_t)20U;
-    memcpy(tmp11, (uint64_t *)a_bits_l2, (uint32_t)20U * sizeof (uint64_t));
+    *a_bits_l2 = Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * 20U;
+    memcpy(tmp11, (uint64_t *)a_bits_l2, 20U * sizeof (uint64_t));
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp11);
   }
 }
@@ -1609,13 +1531,13 @@ static inline void store_56(uint8_t *out, uint64_t *b)
   uint32_t b4_ = (uint32_t)b4;
   uint8_t *b8 = out;
   store64_le(b8, b0);
-  uint8_t *b80 = out + (uint32_t)7U;
+  uint8_t *b80 = out + 7U;
   store64_le(b80, b1);
-  uint8_t *b81 = out + (uint32_t)14U;
+  uint8_t *b81 = out + 14U;
   store64_le(b81, b2);
-  uint8_t *b82 = out + (uint32_t)21U;
+  uint8_t *b82 = out + 21U;
   store64_le(b82, b3);
-  store32_le(out + (uint32_t)28U, b4_);
+  store32_le(out + 28U, b4_);
 }
 
 static inline void load_64_bytes(uint64_t *out, uint8_t *b)
@@ -1623,39 +1545,39 @@ static inline void load_64_bytes(uint64_t *out, uint8_t *b)
   uint8_t *b80 = b;
   uint64_t u = load64_le(b80);
   uint64_t z = u;
-  uint64_t b0 = z & (uint64_t)0xffffffffffffffU;
-  uint8_t *b81 = b + (uint32_t)7U;
+  uint64_t b0 = z & 0xffffffffffffffULL;
+  uint8_t *b81 = b + 7U;
   uint64_t u0 = load64_le(b81);
   uint64_t z0 = u0;
-  uint64_t b1 = z0 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b82 = b + (uint32_t)14U;
+  uint64_t b1 = z0 & 0xffffffffffffffULL;
+  uint8_t *b82 = b + 14U;
   uint64_t u1 = load64_le(b82);
   uint64_t z1 = u1;
-  uint64_t b2 = z1 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b83 = b + (uint32_t)21U;
+  uint64_t b2 = z1 & 0xffffffffffffffULL;
+  uint8_t *b83 = b + 21U;
   uint64_t u2 = load64_le(b83);
   uint64_t z2 = u2;
-  uint64_t b3 = z2 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b84 = b + (uint32_t)28U;
+  uint64_t b3 = z2 & 0xffffffffffffffULL;
+  uint8_t *b84 = b + 28U;
   uint64_t u3 = load64_le(b84);
   uint64_t z3 = u3;
-  uint64_t b4 = z3 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b85 = b + (uint32_t)35U;
+  uint64_t b4 = z3 & 0xffffffffffffffULL;
+  uint8_t *b85 = b + 35U;
   uint64_t u4 = load64_le(b85);
   uint64_t z4 = u4;
-  uint64_t b5 = z4 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b86 = b + (uint32_t)42U;
+  uint64_t b5 = z4 & 0xffffffffffffffULL;
+  uint8_t *b86 = b + 42U;
   uint64_t u5 = load64_le(b86);
   uint64_t z5 = u5;
-  uint64_t b6 = z5 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b87 = b + (uint32_t)49U;
+  uint64_t b6 = z5 & 0xffffffffffffffULL;
+  uint8_t *b87 = b + 49U;
   uint64_t u6 = load64_le(b87);
   uint64_t z6 = u6;
-  uint64_t b7 = z6 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b8 = b + (uint32_t)56U;
+  uint64_t b7 = z6 & 0xffffffffffffffULL;
+  uint8_t *b8 = b + 56U;
   uint64_t u7 = load64_le(b8);
   uint64_t z7 = u7;
-  uint64_t b88 = z7 & (uint64_t)0xffffffffffffffU;
+  uint64_t b88 = z7 & 0xffffffffffffffULL;
   uint8_t b63 = b[63U];
   uint64_t b9 = (uint64_t)b63;
   out[0U] = b0;
@@ -1675,20 +1597,20 @@ static inline void load_32_bytes(uint64_t *out, uint8_t *b)
   uint8_t *b80 = b;
   uint64_t u0 = load64_le(b80);
   uint64_t z = u0;
-  uint64_t b0 = z & (uint64_t)0xffffffffffffffU;
-  uint8_t *b81 = b + (uint32_t)7U;
+  uint64_t b0 = z & 0xffffffffffffffULL;
+  uint8_t *b81 = b + 7U;
   uint64_t u1 = load64_le(b81);
   uint64_t z0 = u1;
-  uint64_t b1 = z0 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b82 = b + (uint32_t)14U;
+  uint64_t b1 = z0 & 0xffffffffffffffULL;
+  uint8_t *b82 = b + 14U;
   uint64_t u2 = load64_le(b82);
   uint64_t z1 = u2;
-  uint64_t b2 = z1 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b8 = b + (uint32_t)21U;
+  uint64_t b2 = z1 & 0xffffffffffffffULL;
+  uint8_t *b8 = b + 21U;
   uint64_t u3 = load64_le(b8);
   uint64_t z2 = u3;
-  uint64_t b3 = z2 & (uint64_t)0xffffffffffffffU;
-  uint32_t u = load32_le(b + (uint32_t)28U);
+  uint64_t b3 = z2 & 0xffffffffffffffULL;
+  uint32_t u = load32_le(b + 28U);
   uint32_t b4 = u;
   uint64_t b41 = (uint64_t)b4;
   out[0U] = b0;
@@ -1703,16 +1625,15 @@ static inline void sha512_pre_msg(uint8_t *hash, uint8_t *prefix, uint32_t len,
   uint8_t buf[128U] = { 0U };
   uint64_t block_state[8U] = { 0U };
   Hacl_Streaming_MD_state_64
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_64 p = s;
-  Hacl_SHA2_Scalar32_sha512_init(block_state);
+  Hacl_Hash_SHA2_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
-  Hacl_Streaming_Types_error_code
-  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code err1 = Hacl_Streaming_SHA2_update_512(st, input, len);
-  KRML_HOST_IGNORE(err0);
-  KRML_HOST_IGNORE(err1);
-  Hacl_Streaming_SHA2_finish_512(st, hash);
+  Hacl_Streaming_Types_error_code err0 = Hacl_Hash_SHA2_update_512(st, prefix, 32U);
+  Hacl_Streaming_Types_error_code err1 = Hacl_Hash_SHA2_update_512(st, input, len);
+  KRML_MAYBE_UNUSED_VAR(err0);
+  KRML_MAYBE_UNUSED_VAR(err1);
+  Hacl_Hash_SHA2_digest_512(st, hash);
 }
 
 static inline void
@@ -1727,19 +1648,17 @@ sha512_pre_pre2_msg(
   uint8_t buf[128U] = { 0U };
   uint64_t block_state[8U] = { 0U };
   Hacl_Streaming_MD_state_64
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_64 p = s;
-  Hacl_SHA2_Scalar32_sha512_init(block_state);
+  Hacl_Hash_SHA2_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
-  Hacl_Streaming_Types_error_code
-  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code
-  err1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code err2 = Hacl_Streaming_SHA2_update_512(st, input, len);
-  KRML_HOST_IGNORE(err0);
-  KRML_HOST_IGNORE(err1);
-  KRML_HOST_IGNORE(err2);
-  Hacl_Streaming_SHA2_finish_512(st, hash);
+  Hacl_Streaming_Types_error_code err0 = Hacl_Hash_SHA2_update_512(st, prefix, 32U);
+  Hacl_Streaming_Types_error_code err1 = Hacl_Hash_SHA2_update_512(st, prefix2, 32U);
+  Hacl_Streaming_Types_error_code err2 = Hacl_Hash_SHA2_update_512(st, input, len);
+  KRML_MAYBE_UNUSED_VAR(err0);
+  KRML_MAYBE_UNUSED_VAR(err1);
+  KRML_MAYBE_UNUSED_VAR(err2);
+  Hacl_Hash_SHA2_digest_512(st, hash);
 }
 
 static inline void
@@ -1777,12 +1696,12 @@ static inline void point_mul_g_compress(uint8_t *out, uint8_t *s)
 
 static inline void secret_expand(uint8_t *expanded, uint8_t *secret)
 {
-  Hacl_Streaming_SHA2_hash_512(secret, (uint32_t)32U, expanded);
+  Hacl_Hash_SHA2_hash_512(expanded, secret, 32U);
   uint8_t *h_low = expanded;
   uint8_t h_low0 = h_low[0U];
   uint8_t h_low31 = h_low[31U];
-  h_low[0U] = h_low0 & (uint8_t)0xf8U;
-  h_low[31U] = (h_low31 & (uint8_t)127U) | (uint8_t)64U;
+  h_low[0U] = (uint32_t)h_low0 & 0xf8U;
+  h_low[31U] = ((uint32_t)h_low31 & 127U) | 64U;
 }
 
 /********************************************************************************
@@ -1816,8 +1735,8 @@ Compute the expanded keys for an Ed25519 signature.
 void Hacl_Ed25519_expand_keys(uint8_t *expanded_keys, uint8_t *private_key)
 {
   uint8_t *public_key = expanded_keys;
-  uint8_t *s_prefix = expanded_keys + (uint32_t)32U;
-  uint8_t *s = expanded_keys + (uint32_t)32U;
+  uint8_t *s_prefix = expanded_keys + 32U;
+  uint8_t *s = expanded_keys + 32U;
   secret_expand(s_prefix, private_key);
   point_mul_g_compress(public_key, s);
 }
@@ -1843,13 +1762,13 @@ Hacl_Ed25519_sign_expanded(
 )
 {
   uint8_t *rs = signature;
-  uint8_t *ss = signature + (uint32_t)32U;
+  uint8_t *ss = signature + 32U;
   uint64_t rq[5U] = { 0U };
   uint64_t hq[5U] = { 0U };
   uint8_t rb[32U] = { 0U };
   uint8_t *public_key = expanded_keys;
-  uint8_t *s = expanded_keys + (uint32_t)32U;
-  uint8_t *prefix = expanded_keys + (uint32_t)64U;
+  uint8_t *s = expanded_keys + 32U;
+  uint8_t *prefix = expanded_keys + 64U;
   sha512_modq_pre(rq, prefix, msg_len, msg);
   store_56(rb, rq);
   point_mul_g_compress(rs, rb);
@@ -1904,7 +1823,7 @@ Hacl_Ed25519_verify(uint8_t *public_key, uint32_t msg_len, uint8_t *msg, uint8_t
     {
       uint8_t hb[32U] = { 0U };
       uint8_t *rs1 = signature;
-      uint8_t *sb = signature + (uint32_t)32U;
+      uint8_t *sb = signature + 32U;
       uint64_t tmp[5U] = { 0U };
       load_32_bytes(tmp, sb);
       bool b1 = gte_q(tmp);
diff --git a/src/Hacl_FFDHE.c b/src/Hacl_FFDHE.c
index 9cf2ddfb..098aa607 100644
--- a/src/Hacl_FFDHE.c
+++ b/src/Hacl_FFDHE.c
@@ -35,23 +35,23 @@ static inline uint32_t ffdhe_len(Spec_FFDHE_ffdhe_alg a)
   {
     case Spec_FFDHE_FFDHE2048:
       {
-        return (uint32_t)256U;
+        return 256U;
       }
     case Spec_FFDHE_FFDHE3072:
       {
-        return (uint32_t)384U;
+        return 384U;
       }
     case Spec_FFDHE_FFDHE4096:
       {
-        return (uint32_t)512U;
+        return 512U;
       }
     case Spec_FFDHE_FFDHE6144:
       {
-        return (uint32_t)768U;
+        return 768U;
       }
     case Spec_FFDHE_FFDHE8192:
       {
-        return (uint32_t)1024U;
+        return 1024U;
       }
     default:
       {
@@ -63,12 +63,46 @@ static inline uint32_t ffdhe_len(Spec_FFDHE_ffdhe_alg a)
 
 static inline void ffdhe_precomp_p(Spec_FFDHE_ffdhe_alg a, uint64_t *p_r2_n)
 {
-  uint32_t nLen = (ffdhe_len(a) - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (ffdhe_len(a) - 1U) / 8U + 1U;
   uint64_t *p_n = p_r2_n;
   uint64_t *r2_n = p_r2_n + nLen;
-  KRML_CHECK_SIZE(sizeof (uint8_t), ffdhe_len(a));
-  uint8_t p_s[ffdhe_len(a)];
-  memset(p_s, 0U, ffdhe_len(a) * sizeof (uint8_t));
+  uint32_t sw;
+  switch (a)
+  {
+    case Spec_FFDHE_FFDHE2048:
+      {
+        sw = 256U;
+        break;
+      }
+    case Spec_FFDHE_FFDHE3072:
+      {
+        sw = 384U;
+        break;
+      }
+    case Spec_FFDHE_FFDHE4096:
+      {
+        sw = 512U;
+        break;
+      }
+    case Spec_FFDHE_FFDHE6144:
+      {
+        sw = 768U;
+        break;
+      }
+    case Spec_FFDHE_FFDHE8192:
+      {
+        sw = 1024U;
+        break;
+      }
+    default:
+      {
+        KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__);
+        KRML_HOST_EXIT(253U);
+      }
+  }
+  KRML_CHECK_SIZE(sizeof (uint8_t), sw);
+  uint8_t p_s[sw];
+  memset(p_s, 0U, sw * sizeof (uint8_t));
   const uint8_t *p;
   switch (a)
   {
@@ -104,88 +138,80 @@ static inline void ffdhe_precomp_p(Spec_FFDHE_ffdhe_alg a, uint64_t *p_r2_n)
       }
   }
   uint32_t len = ffdhe_len(a);
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint8_t *os = p_s;
     uint8_t x = p[i];
     os[i] = x;
   }
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ffdhe_len(a), p_s, p_n);
-  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((ffdhe_len(a) - (uint32_t)1U)
-    / (uint32_t)8U
-    + (uint32_t)1U,
-    (uint32_t)8U * ffdhe_len(a) - (uint32_t)1U,
+  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((ffdhe_len(a) - 1U) / 8U + 1U,
+    8U * ffdhe_len(a) - 1U,
     p_n,
     r2_n);
 }
 
 static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, uint64_t *p_n)
 {
-  uint32_t nLen = (ffdhe_len(a) - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (ffdhe_len(a) - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t p_n1[nLen];
   memset(p_n1, 0U, nLen * sizeof (uint64_t));
-  uint64_t
-  c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, p_n[0U], (uint64_t)1U, p_n1);
-  if ((uint32_t)1U < nLen)
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, p_n[0U], 1ULL, p_n1);
+  if (1U < nLen)
   {
-    uint64_t *a1 = p_n + (uint32_t)1U;
-    uint64_t *res1 = p_n1 + (uint32_t)1U;
+    uint64_t *a1 = p_n + 1U;
+    uint64_t *res1 = p_n1 + 1U;
     uint64_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (nLen - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (nLen - 1U) / 4U; i++)
     {
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i);
     }
-    for
-    (uint32_t
-      i = (nLen - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < nLen - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (nLen - 1U) / 4U * 4U; i < nLen - 1U; i++)
     {
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c1 = c;
-    KRML_HOST_IGNORE(c1);
+    KRML_MAYBE_UNUSED_VAR(c1);
   }
   else
   {
-    KRML_HOST_IGNORE(c0);
+    KRML_MAYBE_UNUSED_VAR(c0);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t b2[nLen];
   memset(b2, 0U, nLen * sizeof (uint64_t));
-  uint32_t i0 = (uint32_t)0U;
-  uint32_t j = (uint32_t)0U;
-  b2[i0] = b2[i0] | (uint64_t)1U << j;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < nLen; i++)
+  uint32_t i0 = 0U;
+  uint32_t j = 0U;
+  b2[i0] = b2[i0] | 1ULL << j;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < nLen; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(b2[i], pk_n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(b2[i], pk_n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t res = acc0;
   uint64_t m0 = res;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < nLen; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < nLen; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(pk_n[i], p_n1[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(pk_n[i], p_n1[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc;
   return m0 & m1;
@@ -200,21 +226,19 @@ ffdhe_compute_exp(
   uint8_t *res
 )
 {
-  uint32_t nLen = (ffdhe_len(a) - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (ffdhe_len(a) - 1U) / 8U + 1U;
   uint64_t *p_n = p_r2_n;
   uint64_t *r2_n = p_r2_n + nLen;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t res_n[nLen];
   memset(res_n, 0U, nLen * sizeof (uint64_t));
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(p_n[0U]);
-  Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((ffdhe_len(a) - (uint32_t)1U)
-    / (uint32_t)8U
-    + (uint32_t)1U,
+  Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((ffdhe_len(a) - 1U) / 8U + 1U,
     p_n,
     mu,
     r2_n,
     b_n,
-    (uint32_t)64U * nLen,
+    64U * nLen,
     sk_n,
     res_n);
   Hacl_Bignum_Convert_bn_to_bytes_be_uint64(ffdhe_len(a), res_n, res);
@@ -227,7 +251,7 @@ uint32_t Hacl_FFDHE_ffdhe_len(Spec_FFDHE_ffdhe_alg a)
 
 uint64_t *Hacl_FFDHE_new_ffdhe_precomp_p(Spec_FFDHE_ffdhe_alg a)
 {
-  uint32_t nLen = (ffdhe_len(a) - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (ffdhe_len(a) - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen + nLen);
   uint64_t *res = (uint64_t *)KRML_HOST_CALLOC(nLen + nLen, sizeof (uint64_t));
   if (res == NULL)
@@ -249,17 +273,17 @@ Hacl_FFDHE_ffdhe_secret_to_public_precomp(
 )
 {
   uint32_t len = ffdhe_len(a);
-  uint32_t nLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (len - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t g_n[nLen];
   memset(g_n, 0U, nLen * sizeof (uint64_t));
-  uint8_t g = (uint8_t)0U;
+  uint8_t g = 0U;
   {
     uint8_t *os = &g;
     uint8_t x = Hacl_Impl_FFDHE_Constants_ffdhe_g2[0U];
     os[0U] = x;
   }
-  Hacl_Bignum_Convert_bn_from_bytes_be_uint64((uint32_t)1U, &g, g_n);
+  Hacl_Bignum_Convert_bn_from_bytes_be_uint64(1U, &g, g_n);
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t sk_n[nLen];
   memset(sk_n, 0U, nLen * sizeof (uint64_t));
@@ -270,7 +294,7 @@ Hacl_FFDHE_ffdhe_secret_to_public_precomp(
 void Hacl_FFDHE_ffdhe_secret_to_public(Spec_FFDHE_ffdhe_alg a, uint8_t *sk, uint8_t *pk)
 {
   uint32_t len = ffdhe_len(a);
-  uint32_t nLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (len - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen + nLen);
   uint64_t p_r2_n[nLen + nLen];
   memset(p_r2_n, 0U, (nLen + nLen) * sizeof (uint64_t));
@@ -288,7 +312,7 @@ Hacl_FFDHE_ffdhe_shared_secret_precomp(
 )
 {
   uint32_t len = ffdhe_len(a);
-  uint32_t nLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (len - 1U) / 8U + 1U;
   uint64_t *p_n = p_r2_n;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t sk_n[nLen];
@@ -299,7 +323,7 @@ Hacl_FFDHE_ffdhe_shared_secret_precomp(
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(len, sk, sk_n);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(len, pk, pk_n);
   uint64_t m = ffdhe_check_pk(a, pk_n, p_n);
-  if (m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  if (m == 0xFFFFFFFFFFFFFFFFULL)
   {
     ffdhe_compute_exp(a, p_r2_n, sk_n, pk_n, ss);
   }
@@ -310,7 +334,7 @@ uint64_t
 Hacl_FFDHE_ffdhe_shared_secret(Spec_FFDHE_ffdhe_alg a, uint8_t *sk, uint8_t *pk, uint8_t *ss)
 {
   uint32_t len = ffdhe_len(a);
-  uint32_t nLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (len - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen + nLen);
   uint64_t p_n[nLen + nLen];
   memset(p_n, 0U, (nLen + nLen) * sizeof (uint64_t));
diff --git a/src/Hacl_Frodo1344.c b/src/Hacl_Frodo1344.c
index 0696f34c..a565a85b 100644
--- a/src/Hacl_Frodo1344.c
+++ b/src/Hacl_Frodo1344.c
@@ -29,151 +29,113 @@
 #include "internal/Hacl_Frodo_KEM.h"
 #include "lib_memzero0.h"
 
-uint32_t Hacl_Frodo1344_crypto_bytes = (uint32_t)32U;
+uint32_t Hacl_Frodo1344_crypto_bytes = 32U;
 
-uint32_t Hacl_Frodo1344_crypto_publickeybytes = (uint32_t)21520U;
+uint32_t Hacl_Frodo1344_crypto_publickeybytes = 21520U;
 
-uint32_t Hacl_Frodo1344_crypto_secretkeybytes = (uint32_t)43088U;
+uint32_t Hacl_Frodo1344_crypto_secretkeybytes = 43088U;
 
-uint32_t Hacl_Frodo1344_crypto_ciphertextbytes = (uint32_t)21632U;
+uint32_t Hacl_Frodo1344_crypto_ciphertextbytes = 21632U;
 
 uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
 {
   uint8_t coins[80U] = { 0U };
-  randombytes_((uint32_t)80U, coins);
+  randombytes_(80U, coins);
   uint8_t *s = coins;
-  uint8_t *seed_se = coins + (uint32_t)32U;
-  uint8_t *z = coins + (uint32_t)64U;
+  uint8_t *seed_se = coins + 32U;
+  uint8_t *z = coins + 64U;
   uint8_t *seed_a = pk;
-  Hacl_SHA3_shake256_hacl((uint32_t)16U, z, (uint32_t)16U, seed_a);
-  uint8_t *b_bytes = pk + (uint32_t)16U;
-  uint8_t *s_bytes = sk + (uint32_t)21552U;
+  Hacl_Hash_SHA3_shake256_hacl(16U, z, 16U, seed_a);
+  uint8_t *b_bytes = pk + 16U;
+  uint8_t *s_bytes = sk + 21552U;
   uint16_t s_matrix[10752U] = { 0U };
   uint16_t e_matrix[10752U] = { 0U };
   uint8_t r[43008U] = { 0U };
   uint8_t shake_input_seed_se[33U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x5fU;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43008U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U, (uint32_t)8U, r, s_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U,
-    (uint32_t)8U,
-    r + (uint32_t)21504U,
-    e_matrix);
+  shake_input_seed_se[0U] = 0x5fU;
+  memcpy(shake_input_seed_se + 1U, seed_se, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(33U, shake_input_seed_se, 43008U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 33U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(1344U, 8U, r, s_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(1344U, 8U, r + 21504U, e_matrix);
   uint16_t b_matrix[10752U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)1806336U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 1806336U);
   uint16_t a_matrix[1806336U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)1344U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)1344U,
-    (uint32_t)1344U,
-    (uint32_t)8U,
-    a_matrix,
-    s_matrix,
-    b_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)1344U, (uint32_t)8U, b_matrix, e_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)1344U,
-    (uint32_t)8U,
-    (uint32_t)16U,
-    b_matrix,
-    b_bytes);
-  Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)1344U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U, uint16_t);
-  uint32_t slen1 = (uint32_t)43056U;
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 1344U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(1344U, 1344U, 8U, a_matrix, s_matrix, b_matrix);
+  Hacl_Impl_Matrix_matrix_add(1344U, 8U, b_matrix, e_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(1344U, 8U, 16U, b_matrix, b_bytes);
+  Hacl_Impl_Matrix_matrix_to_lbytes(1344U, 8U, s_matrix, s_bytes);
+  Lib_Memzero0_memzero(s_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, 10752U, uint16_t);
+  uint32_t slen1 = 43056U;
   uint8_t *sk_p = sk;
-  memcpy(sk_p, s, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(sk_p + (uint32_t)32U, pk, (uint32_t)21520U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)21520U, pk, (uint32_t)32U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)80U, uint8_t);
-  return (uint32_t)0U;
+  memcpy(sk_p, s, 32U * sizeof (uint8_t));
+  memcpy(sk_p + 32U, pk, 21520U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(21520U, pk, 32U, sk + slen1);
+  Lib_Memzero0_memzero(coins, 80U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
 {
   uint8_t coins[32U] = { 0U };
-  randombytes_((uint32_t)32U, coins);
+  randombytes_(32U, coins);
   uint8_t seed_se_k[64U] = { 0U };
   uint8_t pkh_mu[64U] = { 0U };
-  Hacl_SHA3_shake256_hacl((uint32_t)21520U, pk, (uint32_t)32U, pkh_mu);
-  memcpy(pkh_mu + (uint32_t)32U, coins, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)64U, pkh_mu, (uint32_t)64U, seed_se_k);
+  Hacl_Hash_SHA3_shake256_hacl(21520U, pk, 32U, pkh_mu);
+  memcpy(pkh_mu + 32U, coins, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(64U, pkh_mu, 64U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *k = seed_se_k + (uint32_t)32U;
+  uint8_t *k = seed_se_k + 32U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t sp_matrix[10752U] = { 0U };
   uint16_t ep_matrix[10752U] = { 0U };
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[43136U] = { 0U };
   uint8_t shake_input_seed_se[33U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
-    (uint32_t)1344U,
-    r + (uint32_t)21504U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)43008U,
-    epp_matrix);
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(33U, shake_input_seed_se, 43136U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 33U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 1344U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 1344U, r + 21504U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 8U, r + 43008U, epp_matrix);
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)21504U;
+  uint8_t *c2 = ct + 21504U;
   uint16_t bp_matrix[10752U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)1806336U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 1806336U);
   uint16_t a_matrix[1806336U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)1344U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)1344U,
-    sp_matrix,
-    a_matrix,
-    bp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)1344U, bp_matrix, ep_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, bp_matrix, c1);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 1344U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 1344U, 1344U, sp_matrix, a_matrix, bp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 1344U, bp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 1344U, 16U, bp_matrix, c1);
   uint16_t v_matrix[64U] = { 0U };
   uint16_t b_matrix[10752U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)1344U, (uint32_t)8U, (uint32_t)16U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    v_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(1344U, 8U, 16U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 1344U, 8U, sp_matrix, b_matrix, v_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)16U,
-    (uint32_t)4U,
-    (uint32_t)8U,
-    coins,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint32_t ss_init_len = (uint32_t)21664U;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(16U, 4U, 8U, coins, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 8U, 16U, v_matrix, c2);
+  Lib_Memzero0_memzero(v_matrix, 64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint32_t ss_init_len = 21664U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
   memset(shake_input_ss, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(shake_input_ss, ct, (uint32_t)21632U * sizeof (uint8_t));
-  memcpy(shake_input_ss + (uint32_t)21632U, k, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)32U, ss);
+  memcpy(shake_input_ss, ct, 21632U * sizeof (uint8_t));
+  memcpy(shake_input_ss + 21632U, k, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(ss_init_len, shake_input_ss, 32U, ss);
   Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
-  Lib_Memzero0_memzero(coins, (uint32_t)32U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(seed_se_k, 64U, uint8_t);
+  Lib_Memzero0_memzero(coins, 32U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
@@ -181,39 +143,30 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t bp_matrix[10752U] = { 0U };
   uint16_t c_matrix[64U] = { 0U };
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)21504U;
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, c1, bp_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, c2, c_matrix);
+  uint8_t *c2 = ct + 21504U;
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 1344U, 16U, c1, bp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 8U, 16U, c2, c_matrix);
   uint8_t mu_decode[32U] = { 0U };
-  uint8_t *s_bytes = sk + (uint32_t)21552U;
+  uint8_t *s_bytes = sk + 21552U;
   uint16_t s_matrix[10752U] = { 0U };
   uint16_t m_matrix[64U] = { 0U };
-  Hacl_Impl_Matrix_matrix_from_lbytes((uint32_t)1344U, (uint32_t)8U, s_bytes, s_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)8U,
-    bp_matrix,
-    s_matrix,
-    m_matrix);
-  Hacl_Impl_Matrix_matrix_sub((uint32_t)8U, (uint32_t)8U, c_matrix, m_matrix);
-  Hacl_Impl_Frodo_Encode_frodo_key_decode((uint32_t)16U,
-    (uint32_t)4U,
-    (uint32_t)8U,
-    m_matrix,
-    mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
+  Hacl_Impl_Matrix_matrix_from_lbytes(1344U, 8U, s_bytes, s_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(8U, 1344U, 8U, bp_matrix, s_matrix, m_matrix);
+  Hacl_Impl_Matrix_matrix_sub(8U, 8U, c_matrix, m_matrix);
+  Hacl_Impl_Frodo_Encode_frodo_key_decode(16U, 4U, 8U, m_matrix, mu_decode);
+  Lib_Memzero0_memzero(s_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, 64U, uint16_t);
   uint8_t seed_se_k[64U] = { 0U };
-  uint32_t pkh_mu_decode_len = (uint32_t)64U;
+  uint32_t pkh_mu_decode_len = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
   uint8_t pkh_mu_decode[pkh_mu_decode_len];
   memset(pkh_mu_decode, 0U, pkh_mu_decode_len * sizeof (uint8_t));
-  uint8_t *pkh = sk + (uint32_t)43056U;
-  memcpy(pkh_mu_decode, pkh, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(pkh_mu_decode + (uint32_t)32U, mu_decode, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(pkh_mu_decode_len, pkh_mu_decode, (uint32_t)64U, seed_se_k);
+  uint8_t *pkh = sk + 43056U;
+  memcpy(pkh_mu_decode, pkh, 32U * sizeof (uint8_t));
+  memcpy(pkh_mu_decode + 32U, mu_decode, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(pkh_mu_decode_len, pkh_mu_decode, 64U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *kp = seed_se_k + (uint32_t)32U;
+  uint8_t *kp = seed_se_k + 32U;
   uint8_t *s = sk;
   uint16_t bpp_matrix[10752U] = { 0U };
   uint16_t cp_matrix[64U] = { 0U };
@@ -222,80 +175,58 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[43136U] = { 0U };
   uint8_t shake_input_seed_se[33U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
-    (uint32_t)1344U,
-    r + (uint32_t)21504U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)43008U,
-    epp_matrix);
-  uint8_t *pk = sk + (uint32_t)32U;
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(33U, shake_input_seed_se, 43136U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 33U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 1344U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 1344U, r + 21504U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 8U, r + 43008U, epp_matrix);
+  uint8_t *pk = sk + 32U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)1806336U);
+  uint8_t *b = pk + 16U;
+  KRML_CHECK_SIZE(sizeof (uint16_t), 1806336U);
   uint16_t a_matrix[1806336U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)1344U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)1344U,
-    sp_matrix,
-    a_matrix,
-    bpp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)1344U, bpp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 1344U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 1344U, 1344U, sp_matrix, a_matrix, bpp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 1344U, bpp_matrix, ep_matrix);
   uint16_t b_matrix[10752U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)1344U, (uint32_t)8U, (uint32_t)16U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    cp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(1344U, 8U, 16U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 1344U, 8U, sp_matrix, b_matrix, cp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)16U,
-    (uint32_t)4U,
-    (uint32_t)8U,
-    mu_decode,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, bpp_matrix);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)1344U, bp_matrix, bpp_matrix);
-  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
-  uint16_t mask = b1 & b2;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(16U, 4U, 8U, mu_decode, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Matrix_mod_pow2(8U, 1344U, 16U, bpp_matrix);
+  Hacl_Impl_Matrix_mod_pow2(8U, 8U, 16U, cp_matrix);
+  Lib_Memzero0_memzero(sp_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq(8U, 1344U, bp_matrix, bpp_matrix);
+  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq(8U, 8U, c_matrix, cp_matrix);
+  uint16_t mask = (uint32_t)b1 & (uint32_t)b2;
   uint16_t mask0 = mask;
   uint8_t kp_s[32U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t *os = kp_s;
     uint8_t uu____0 = s[i];
-    uint8_t x = uu____0 ^ ((uint8_t)mask0 & (kp[i] ^ uu____0));
+    uint8_t
+    x = (uint32_t)uu____0 ^ ((uint32_t)(uint8_t)mask0 & ((uint32_t)kp[i] ^ (uint32_t)uu____0));
     os[i] = x;
   }
-  uint32_t ss_init_len = (uint32_t)21664U;
+  uint32_t ss_init_len = 21664U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t ss_init[ss_init_len];
   memset(ss_init, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(ss_init, ct, (uint32_t)21632U * sizeof (uint8_t));
-  memcpy(ss_init + (uint32_t)21632U, kp_s, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)32U, ss);
+  memcpy(ss_init, ct, 21632U * sizeof (uint8_t));
+  memcpy(ss_init + 21632U, kp_s, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(ss_init_len, ss_init, 32U, ss);
   Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(kp_s, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(kp_s, 32U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, 64U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, 32U, uint8_t);
+  return 0U;
 }
 
diff --git a/src/Hacl_Frodo64.c b/src/Hacl_Frodo64.c
index 575390e3..91434038 100644
--- a/src/Hacl_Frodo64.c
+++ b/src/Hacl_Frodo64.c
@@ -34,145 +34,111 @@
  */
 
 
-uint32_t Hacl_Frodo64_crypto_bytes = (uint32_t)16U;
+uint32_t Hacl_Frodo64_crypto_bytes = 16U;
 
-uint32_t Hacl_Frodo64_crypto_publickeybytes = (uint32_t)976U;
+uint32_t Hacl_Frodo64_crypto_publickeybytes = 976U;
 
-uint32_t Hacl_Frodo64_crypto_secretkeybytes = (uint32_t)2032U;
+uint32_t Hacl_Frodo64_crypto_secretkeybytes = 2032U;
 
-uint32_t Hacl_Frodo64_crypto_ciphertextbytes = (uint32_t)1080U;
+uint32_t Hacl_Frodo64_crypto_ciphertextbytes = 1080U;
 
 uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
 {
   uint8_t coins[48U] = { 0U };
-  randombytes_((uint32_t)48U, coins);
+  randombytes_(48U, coins);
   uint8_t *s = coins;
-  uint8_t *seed_se = coins + (uint32_t)16U;
-  uint8_t *z = coins + (uint32_t)32U;
+  uint8_t *seed_se = coins + 16U;
+  uint8_t *z = coins + 32U;
   uint8_t *seed_a = pk;
-  Hacl_SHA3_shake128_hacl((uint32_t)16U, z, (uint32_t)16U, seed_a);
-  uint8_t *b_bytes = pk + (uint32_t)16U;
-  uint8_t *s_bytes = sk + (uint32_t)992U;
+  Hacl_Hash_SHA3_shake128_hacl(16U, z, 16U, seed_a);
+  uint8_t *b_bytes = pk + 16U;
+  uint8_t *s_bytes = sk + 992U;
   uint16_t s_matrix[512U] = { 0U };
   uint16_t e_matrix[512U] = { 0U };
   uint8_t r[2048U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x5fU;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2048U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U, (uint32_t)8U, r, s_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U,
-    (uint32_t)8U,
-    r + (uint32_t)1024U,
-    e_matrix);
+  shake_input_seed_se[0U] = 0x5fU;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 2048U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(64U, 8U, r, s_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(64U, 8U, r + 1024U, e_matrix);
   uint16_t b_matrix[512U] = { 0U };
   uint16_t a_matrix[4096U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)64U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)64U,
-    (uint32_t)64U,
-    (uint32_t)8U,
-    a_matrix,
-    s_matrix,
-    b_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)64U, (uint32_t)8U, b_matrix, e_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b_matrix, b_bytes);
-  Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)64U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U, uint16_t);
-  uint32_t slen1 = (uint32_t)2016U;
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 64U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(64U, 64U, 8U, a_matrix, s_matrix, b_matrix);
+  Hacl_Impl_Matrix_matrix_add(64U, 8U, b_matrix, e_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(64U, 8U, 15U, b_matrix, b_bytes);
+  Hacl_Impl_Matrix_matrix_to_lbytes(64U, 8U, s_matrix, s_bytes);
+  Lib_Memzero0_memzero(s_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, 512U, uint16_t);
+  uint32_t slen1 = 2016U;
   uint8_t *sk_p = sk;
-  memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)976U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)976U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
-  return (uint32_t)0U;
+  memcpy(sk_p, s, 16U * sizeof (uint8_t));
+  memcpy(sk_p + 16U, pk, 976U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(976U, pk, 16U, sk + slen1);
+  Lib_Memzero0_memzero(coins, 48U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
 {
   uint8_t coins[16U] = { 0U };
-  randombytes_((uint32_t)16U, coins);
+  randombytes_(16U, coins);
   uint8_t seed_se_k[32U] = { 0U };
   uint8_t pkh_mu[32U] = { 0U };
-  Hacl_SHA3_shake128_hacl((uint32_t)976U, pk, (uint32_t)16U, pkh_mu);
-  memcpy(pkh_mu + (uint32_t)16U, coins, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)32U, pkh_mu, (uint32_t)32U, seed_se_k);
+  Hacl_Hash_SHA3_shake128_hacl(976U, pk, 16U, pkh_mu);
+  memcpy(pkh_mu + 16U, coins, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(32U, pkh_mu, 32U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *k = seed_se_k + (uint32_t)16U;
+  uint8_t *k = seed_se_k + 16U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t sp_matrix[512U] = { 0U };
   uint16_t ep_matrix[512U] = { 0U };
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[2176U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
-    (uint32_t)64U,
-    r + (uint32_t)1024U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)2048U,
-    epp_matrix);
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 2176U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 64U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 64U, r + 1024U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 8U, r + 2048U, epp_matrix);
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)960U;
+  uint8_t *c2 = ct + 960U;
   uint16_t bp_matrix[512U] = { 0U };
   uint16_t a_matrix[4096U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)64U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)64U,
-    sp_matrix,
-    a_matrix,
-    bp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)64U, bp_matrix, ep_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, bp_matrix, c1);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 64U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 64U, 64U, sp_matrix, a_matrix, bp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 64U, bp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 64U, 15U, bp_matrix, c1);
   uint16_t v_matrix[64U] = { 0U };
   uint16_t b_matrix[512U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    v_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(64U, 8U, 15U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 64U, 8U, sp_matrix, b_matrix, v_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    coins,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint32_t ss_init_len = (uint32_t)1096U;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(15U, 2U, 8U, coins, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 8U, 15U, v_matrix, c2);
+  Lib_Memzero0_memzero(v_matrix, 64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint32_t ss_init_len = 1096U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
   memset(shake_input_ss, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(shake_input_ss, ct, (uint32_t)1080U * sizeof (uint8_t));
-  memcpy(shake_input_ss + (uint32_t)1080U, k, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
+  memcpy(shake_input_ss, ct, 1080U * sizeof (uint8_t));
+  memcpy(shake_input_ss + 1080U, k, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(ss_init_len, shake_input_ss, 16U, ss);
   Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(seed_se_k, 32U, uint8_t);
+  Lib_Memzero0_memzero(coins, 16U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
@@ -180,39 +146,30 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t bp_matrix[512U] = { 0U };
   uint16_t c_matrix[64U] = { 0U };
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)960U;
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, c1, bp_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, c2, c_matrix);
+  uint8_t *c2 = ct + 960U;
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 64U, 15U, c1, bp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 8U, 15U, c2, c_matrix);
   uint8_t mu_decode[16U] = { 0U };
-  uint8_t *s_bytes = sk + (uint32_t)992U;
+  uint8_t *s_bytes = sk + 992U;
   uint16_t s_matrix[512U] = { 0U };
   uint16_t m_matrix[64U] = { 0U };
-  Hacl_Impl_Matrix_matrix_from_lbytes((uint32_t)64U, (uint32_t)8U, s_bytes, s_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)8U,
-    bp_matrix,
-    s_matrix,
-    m_matrix);
-  Hacl_Impl_Matrix_matrix_sub((uint32_t)8U, (uint32_t)8U, c_matrix, m_matrix);
-  Hacl_Impl_Frodo_Encode_frodo_key_decode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    m_matrix,
-    mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
+  Hacl_Impl_Matrix_matrix_from_lbytes(64U, 8U, s_bytes, s_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(8U, 64U, 8U, bp_matrix, s_matrix, m_matrix);
+  Hacl_Impl_Matrix_matrix_sub(8U, 8U, c_matrix, m_matrix);
+  Hacl_Impl_Frodo_Encode_frodo_key_decode(15U, 2U, 8U, m_matrix, mu_decode);
+  Lib_Memzero0_memzero(s_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, 64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
-  uint32_t pkh_mu_decode_len = (uint32_t)32U;
+  uint32_t pkh_mu_decode_len = 32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
   uint8_t pkh_mu_decode[pkh_mu_decode_len];
   memset(pkh_mu_decode, 0U, pkh_mu_decode_len * sizeof (uint8_t));
-  uint8_t *pkh = sk + (uint32_t)2016U;
-  memcpy(pkh_mu_decode, pkh, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(pkh_mu_decode + (uint32_t)16U, mu_decode, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(pkh_mu_decode_len, pkh_mu_decode, (uint32_t)32U, seed_se_k);
+  uint8_t *pkh = sk + 2016U;
+  memcpy(pkh_mu_decode, pkh, 16U * sizeof (uint8_t));
+  memcpy(pkh_mu_decode + 16U, mu_decode, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(pkh_mu_decode_len, pkh_mu_decode, 32U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *kp = seed_se_k + (uint32_t)16U;
+  uint8_t *kp = seed_se_k + 16U;
   uint8_t *s = sk;
   uint16_t bpp_matrix[512U] = { 0U };
   uint16_t cp_matrix[64U] = { 0U };
@@ -221,80 +178,58 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[2176U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
-    (uint32_t)64U,
-    r + (uint32_t)1024U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)2048U,
-    epp_matrix);
-  uint8_t *pk = sk + (uint32_t)16U;
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 2176U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 64U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 64U, r + 1024U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 8U, r + 2048U, epp_matrix);
+  uint8_t *pk = sk + 16U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t a_matrix[4096U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)64U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)64U,
-    sp_matrix,
-    a_matrix,
-    bpp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)64U, bpp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 64U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 64U, 64U, sp_matrix, a_matrix, bpp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 64U, bpp_matrix, ep_matrix);
   uint16_t b_matrix[512U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    cp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(64U, 8U, 15U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 64U, 8U, sp_matrix, b_matrix, cp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    mu_decode,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, bpp_matrix);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)64U, bp_matrix, bpp_matrix);
-  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
-  uint16_t mask = b1 & b2;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(15U, 2U, 8U, mu_decode, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Matrix_mod_pow2(8U, 64U, 15U, bpp_matrix);
+  Hacl_Impl_Matrix_mod_pow2(8U, 8U, 15U, cp_matrix);
+  Lib_Memzero0_memzero(sp_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq(8U, 64U, bp_matrix, bpp_matrix);
+  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq(8U, 8U, c_matrix, cp_matrix);
+  uint16_t mask = (uint32_t)b1 & (uint32_t)b2;
   uint16_t mask0 = mask;
   uint8_t kp_s[16U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint8_t *os = kp_s;
     uint8_t uu____0 = s[i];
-    uint8_t x = uu____0 ^ ((uint8_t)mask0 & (kp[i] ^ uu____0));
+    uint8_t
+    x = (uint32_t)uu____0 ^ ((uint32_t)(uint8_t)mask0 & ((uint32_t)kp[i] ^ (uint32_t)uu____0));
     os[i] = x;);
-  uint32_t ss_init_len = (uint32_t)1096U;
+  uint32_t ss_init_len = 1096U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t ss_init[ss_init_len];
   memset(ss_init, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(ss_init, ct, (uint32_t)1080U * sizeof (uint8_t));
-  memcpy(ss_init + (uint32_t)1080U, kp_s, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
+  memcpy(ss_init, ct, 1080U * sizeof (uint8_t));
+  memcpy(ss_init + 1080U, kp_s, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(ss_init_len, ss_init, 16U, ss);
   Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(kp_s, 16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, 32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, 16U, uint8_t);
+  return 0U;
 }
 
diff --git a/src/Hacl_Frodo640.c b/src/Hacl_Frodo640.c
index 54af36d8..8baaee46 100644
--- a/src/Hacl_Frodo640.c
+++ b/src/Hacl_Frodo640.c
@@ -29,151 +29,113 @@
 #include "internal/Hacl_Frodo_KEM.h"
 #include "lib_memzero0.h"
 
-uint32_t Hacl_Frodo640_crypto_bytes = (uint32_t)16U;
+uint32_t Hacl_Frodo640_crypto_bytes = 16U;
 
-uint32_t Hacl_Frodo640_crypto_publickeybytes = (uint32_t)9616U;
+uint32_t Hacl_Frodo640_crypto_publickeybytes = 9616U;
 
-uint32_t Hacl_Frodo640_crypto_secretkeybytes = (uint32_t)19888U;
+uint32_t Hacl_Frodo640_crypto_secretkeybytes = 19888U;
 
-uint32_t Hacl_Frodo640_crypto_ciphertextbytes = (uint32_t)9720U;
+uint32_t Hacl_Frodo640_crypto_ciphertextbytes = 9720U;
 
 uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
 {
   uint8_t coins[48U] = { 0U };
-  randombytes_((uint32_t)48U, coins);
+  randombytes_(48U, coins);
   uint8_t *s = coins;
-  uint8_t *seed_se = coins + (uint32_t)16U;
-  uint8_t *z = coins + (uint32_t)32U;
+  uint8_t *seed_se = coins + 16U;
+  uint8_t *z = coins + 32U;
   uint8_t *seed_a = pk;
-  Hacl_SHA3_shake128_hacl((uint32_t)16U, z, (uint32_t)16U, seed_a);
-  uint8_t *b_bytes = pk + (uint32_t)16U;
-  uint8_t *s_bytes = sk + (uint32_t)9632U;
+  Hacl_Hash_SHA3_shake128_hacl(16U, z, 16U, seed_a);
+  uint8_t *b_bytes = pk + 16U;
+  uint8_t *s_bytes = sk + 9632U;
   uint16_t s_matrix[5120U] = { 0U };
   uint16_t e_matrix[5120U] = { 0U };
   uint8_t r[20480U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x5fU;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20480U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U, (uint32_t)8U, r, s_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U,
-    (uint32_t)8U,
-    r + (uint32_t)10240U,
-    e_matrix);
+  shake_input_seed_se[0U] = 0x5fU;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 20480U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(640U, 8U, r, s_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(640U, 8U, r + 10240U, e_matrix);
   uint16_t b_matrix[5120U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)409600U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 409600U);
   uint16_t a_matrix[409600U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)640U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)640U,
-    (uint32_t)640U,
-    (uint32_t)8U,
-    a_matrix,
-    s_matrix,
-    b_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)640U, (uint32_t)8U, b_matrix, e_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)640U,
-    (uint32_t)8U,
-    (uint32_t)15U,
-    b_matrix,
-    b_bytes);
-  Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)640U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U, uint16_t);
-  uint32_t slen1 = (uint32_t)19872U;
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 640U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(640U, 640U, 8U, a_matrix, s_matrix, b_matrix);
+  Hacl_Impl_Matrix_matrix_add(640U, 8U, b_matrix, e_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(640U, 8U, 15U, b_matrix, b_bytes);
+  Hacl_Impl_Matrix_matrix_to_lbytes(640U, 8U, s_matrix, s_bytes);
+  Lib_Memzero0_memzero(s_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, 5120U, uint16_t);
+  uint32_t slen1 = 19872U;
   uint8_t *sk_p = sk;
-  memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)9616U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)9616U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
-  return (uint32_t)0U;
+  memcpy(sk_p, s, 16U * sizeof (uint8_t));
+  memcpy(sk_p + 16U, pk, 9616U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(9616U, pk, 16U, sk + slen1);
+  Lib_Memzero0_memzero(coins, 48U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
 {
   uint8_t coins[16U] = { 0U };
-  randombytes_((uint32_t)16U, coins);
+  randombytes_(16U, coins);
   uint8_t seed_se_k[32U] = { 0U };
   uint8_t pkh_mu[32U] = { 0U };
-  Hacl_SHA3_shake128_hacl((uint32_t)9616U, pk, (uint32_t)16U, pkh_mu);
-  memcpy(pkh_mu + (uint32_t)16U, coins, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)32U, pkh_mu, (uint32_t)32U, seed_se_k);
+  Hacl_Hash_SHA3_shake128_hacl(9616U, pk, 16U, pkh_mu);
+  memcpy(pkh_mu + 16U, coins, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(32U, pkh_mu, 32U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *k = seed_se_k + (uint32_t)16U;
+  uint8_t *k = seed_se_k + 16U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t sp_matrix[5120U] = { 0U };
   uint16_t ep_matrix[5120U] = { 0U };
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[20608U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
-    (uint32_t)640U,
-    r + (uint32_t)10240U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)20480U,
-    epp_matrix);
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 20608U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 640U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 640U, r + 10240U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 8U, r + 20480U, epp_matrix);
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)9600U;
+  uint8_t *c2 = ct + 9600U;
   uint16_t bp_matrix[5120U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)409600U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 409600U);
   uint16_t a_matrix[409600U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)640U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)640U,
-    sp_matrix,
-    a_matrix,
-    bp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)640U, bp_matrix, ep_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, bp_matrix, c1);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 640U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 640U, 640U, sp_matrix, a_matrix, bp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 640U, bp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 640U, 15U, bp_matrix, c1);
   uint16_t v_matrix[64U] = { 0U };
   uint16_t b_matrix[5120U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)640U, (uint32_t)8U, (uint32_t)15U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    v_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(640U, 8U, 15U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 640U, 8U, sp_matrix, b_matrix, v_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    coins,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint32_t ss_init_len = (uint32_t)9736U;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(15U, 2U, 8U, coins, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 8U, 15U, v_matrix, c2);
+  Lib_Memzero0_memzero(v_matrix, 64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint32_t ss_init_len = 9736U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
   memset(shake_input_ss, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(shake_input_ss, ct, (uint32_t)9720U * sizeof (uint8_t));
-  memcpy(shake_input_ss + (uint32_t)9720U, k, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
+  memcpy(shake_input_ss, ct, 9720U * sizeof (uint8_t));
+  memcpy(shake_input_ss + 9720U, k, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(ss_init_len, shake_input_ss, 16U, ss);
   Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(seed_se_k, 32U, uint8_t);
+  Lib_Memzero0_memzero(coins, 16U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
@@ -181,39 +143,30 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t bp_matrix[5120U] = { 0U };
   uint16_t c_matrix[64U] = { 0U };
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)9600U;
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, c1, bp_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, c2, c_matrix);
+  uint8_t *c2 = ct + 9600U;
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 640U, 15U, c1, bp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 8U, 15U, c2, c_matrix);
   uint8_t mu_decode[16U] = { 0U };
-  uint8_t *s_bytes = sk + (uint32_t)9632U;
+  uint8_t *s_bytes = sk + 9632U;
   uint16_t s_matrix[5120U] = { 0U };
   uint16_t m_matrix[64U] = { 0U };
-  Hacl_Impl_Matrix_matrix_from_lbytes((uint32_t)640U, (uint32_t)8U, s_bytes, s_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)8U,
-    bp_matrix,
-    s_matrix,
-    m_matrix);
-  Hacl_Impl_Matrix_matrix_sub((uint32_t)8U, (uint32_t)8U, c_matrix, m_matrix);
-  Hacl_Impl_Frodo_Encode_frodo_key_decode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    m_matrix,
-    mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
+  Hacl_Impl_Matrix_matrix_from_lbytes(640U, 8U, s_bytes, s_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(8U, 640U, 8U, bp_matrix, s_matrix, m_matrix);
+  Hacl_Impl_Matrix_matrix_sub(8U, 8U, c_matrix, m_matrix);
+  Hacl_Impl_Frodo_Encode_frodo_key_decode(15U, 2U, 8U, m_matrix, mu_decode);
+  Lib_Memzero0_memzero(s_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, 64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
-  uint32_t pkh_mu_decode_len = (uint32_t)32U;
+  uint32_t pkh_mu_decode_len = 32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
   uint8_t pkh_mu_decode[pkh_mu_decode_len];
   memset(pkh_mu_decode, 0U, pkh_mu_decode_len * sizeof (uint8_t));
-  uint8_t *pkh = sk + (uint32_t)19872U;
-  memcpy(pkh_mu_decode, pkh, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(pkh_mu_decode + (uint32_t)16U, mu_decode, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(pkh_mu_decode_len, pkh_mu_decode, (uint32_t)32U, seed_se_k);
+  uint8_t *pkh = sk + 19872U;
+  memcpy(pkh_mu_decode, pkh, 16U * sizeof (uint8_t));
+  memcpy(pkh_mu_decode + 16U, mu_decode, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(pkh_mu_decode_len, pkh_mu_decode, 32U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *kp = seed_se_k + (uint32_t)16U;
+  uint8_t *kp = seed_se_k + 16U;
   uint8_t *s = sk;
   uint16_t bpp_matrix[5120U] = { 0U };
   uint16_t cp_matrix[64U] = { 0U };
@@ -222,81 +175,59 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[20608U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
-    (uint32_t)640U,
-    r + (uint32_t)10240U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)20480U,
-    epp_matrix);
-  uint8_t *pk = sk + (uint32_t)16U;
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 20608U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 640U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 640U, r + 10240U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 8U, r + 20480U, epp_matrix);
+  uint8_t *pk = sk + 16U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)409600U);
+  uint8_t *b = pk + 16U;
+  KRML_CHECK_SIZE(sizeof (uint16_t), 409600U);
   uint16_t a_matrix[409600U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)640U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)640U,
-    sp_matrix,
-    a_matrix,
-    bpp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)640U, bpp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 640U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 640U, 640U, sp_matrix, a_matrix, bpp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 640U, bpp_matrix, ep_matrix);
   uint16_t b_matrix[5120U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)640U, (uint32_t)8U, (uint32_t)15U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    cp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(640U, 8U, 15U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 640U, 8U, sp_matrix, b_matrix, cp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    mu_decode,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, bpp_matrix);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)640U, bp_matrix, bpp_matrix);
-  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
-  uint16_t mask = b1 & b2;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(15U, 2U, 8U, mu_decode, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Matrix_mod_pow2(8U, 640U, 15U, bpp_matrix);
+  Hacl_Impl_Matrix_mod_pow2(8U, 8U, 15U, cp_matrix);
+  Lib_Memzero0_memzero(sp_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq(8U, 640U, bp_matrix, bpp_matrix);
+  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq(8U, 8U, c_matrix, cp_matrix);
+  uint16_t mask = (uint32_t)b1 & (uint32_t)b2;
   uint16_t mask0 = mask;
   uint8_t kp_s[16U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint8_t *os = kp_s;
     uint8_t uu____0 = s[i];
-    uint8_t x = uu____0 ^ ((uint8_t)mask0 & (kp[i] ^ uu____0));
+    uint8_t
+    x = (uint32_t)uu____0 ^ ((uint32_t)(uint8_t)mask0 & ((uint32_t)kp[i] ^ (uint32_t)uu____0));
     os[i] = x;);
-  uint32_t ss_init_len = (uint32_t)9736U;
+  uint32_t ss_init_len = 9736U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t ss_init[ss_init_len];
   memset(ss_init, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(ss_init, ct, (uint32_t)9720U * sizeof (uint8_t));
-  memcpy(ss_init + (uint32_t)9720U, kp_s, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
+  memcpy(ss_init, ct, 9720U * sizeof (uint8_t));
+  memcpy(ss_init + 9720U, kp_s, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(ss_init_len, ss_init, 16U, ss);
   Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(kp_s, 16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, 32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, 16U, uint8_t);
+  return 0U;
 }
 
diff --git a/src/Hacl_Frodo976.c b/src/Hacl_Frodo976.c
index 2e6aa6f0..76d78a30 100644
--- a/src/Hacl_Frodo976.c
+++ b/src/Hacl_Frodo976.c
@@ -29,151 +29,113 @@
 #include "internal/Hacl_Frodo_KEM.h"
 #include "lib_memzero0.h"
 
-uint32_t Hacl_Frodo976_crypto_bytes = (uint32_t)24U;
+uint32_t Hacl_Frodo976_crypto_bytes = 24U;
 
-uint32_t Hacl_Frodo976_crypto_publickeybytes = (uint32_t)15632U;
+uint32_t Hacl_Frodo976_crypto_publickeybytes = 15632U;
 
-uint32_t Hacl_Frodo976_crypto_secretkeybytes = (uint32_t)31296U;
+uint32_t Hacl_Frodo976_crypto_secretkeybytes = 31296U;
 
-uint32_t Hacl_Frodo976_crypto_ciphertextbytes = (uint32_t)15744U;
+uint32_t Hacl_Frodo976_crypto_ciphertextbytes = 15744U;
 
 uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
 {
   uint8_t coins[64U] = { 0U };
-  randombytes_((uint32_t)64U, coins);
+  randombytes_(64U, coins);
   uint8_t *s = coins;
-  uint8_t *seed_se = coins + (uint32_t)24U;
-  uint8_t *z = coins + (uint32_t)48U;
+  uint8_t *seed_se = coins + 24U;
+  uint8_t *z = coins + 48U;
   uint8_t *seed_a = pk;
-  Hacl_SHA3_shake256_hacl((uint32_t)16U, z, (uint32_t)16U, seed_a);
-  uint8_t *b_bytes = pk + (uint32_t)16U;
-  uint8_t *s_bytes = sk + (uint32_t)15656U;
+  Hacl_Hash_SHA3_shake256_hacl(16U, z, 16U, seed_a);
+  uint8_t *b_bytes = pk + 16U;
+  uint8_t *s_bytes = sk + 15656U;
   uint16_t s_matrix[7808U] = { 0U };
   uint16_t e_matrix[7808U] = { 0U };
   uint8_t r[31232U] = { 0U };
   uint8_t shake_input_seed_se[25U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x5fU;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31232U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U, (uint32_t)8U, r, s_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U,
-    (uint32_t)8U,
-    r + (uint32_t)15616U,
-    e_matrix);
+  shake_input_seed_se[0U] = 0x5fU;
+  memcpy(shake_input_seed_se + 1U, seed_se, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(25U, shake_input_seed_se, 31232U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 25U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(976U, 8U, r, s_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(976U, 8U, r + 15616U, e_matrix);
   uint16_t b_matrix[7808U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)952576U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 952576U);
   uint16_t a_matrix[952576U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)976U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)976U,
-    (uint32_t)976U,
-    (uint32_t)8U,
-    a_matrix,
-    s_matrix,
-    b_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)976U, (uint32_t)8U, b_matrix, e_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)976U,
-    (uint32_t)8U,
-    (uint32_t)16U,
-    b_matrix,
-    b_bytes);
-  Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)976U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U, uint16_t);
-  uint32_t slen1 = (uint32_t)31272U;
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 976U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(976U, 976U, 8U, a_matrix, s_matrix, b_matrix);
+  Hacl_Impl_Matrix_matrix_add(976U, 8U, b_matrix, e_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(976U, 8U, 16U, b_matrix, b_bytes);
+  Hacl_Impl_Matrix_matrix_to_lbytes(976U, 8U, s_matrix, s_bytes);
+  Lib_Memzero0_memzero(s_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, 7808U, uint16_t);
+  uint32_t slen1 = 31272U;
   uint8_t *sk_p = sk;
-  memcpy(sk_p, s, (uint32_t)24U * sizeof (uint8_t));
-  memcpy(sk_p + (uint32_t)24U, pk, (uint32_t)15632U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)15632U, pk, (uint32_t)24U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)64U, uint8_t);
-  return (uint32_t)0U;
+  memcpy(sk_p, s, 24U * sizeof (uint8_t));
+  memcpy(sk_p + 24U, pk, 15632U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(15632U, pk, 24U, sk + slen1);
+  Lib_Memzero0_memzero(coins, 64U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
 {
   uint8_t coins[24U] = { 0U };
-  randombytes_((uint32_t)24U, coins);
+  randombytes_(24U, coins);
   uint8_t seed_se_k[48U] = { 0U };
   uint8_t pkh_mu[48U] = { 0U };
-  Hacl_SHA3_shake256_hacl((uint32_t)15632U, pk, (uint32_t)24U, pkh_mu);
-  memcpy(pkh_mu + (uint32_t)24U, coins, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)48U, pkh_mu, (uint32_t)48U, seed_se_k);
+  Hacl_Hash_SHA3_shake256_hacl(15632U, pk, 24U, pkh_mu);
+  memcpy(pkh_mu + 24U, coins, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(48U, pkh_mu, 48U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *k = seed_se_k + (uint32_t)24U;
+  uint8_t *k = seed_se_k + 24U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t sp_matrix[7808U] = { 0U };
   uint16_t ep_matrix[7808U] = { 0U };
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[31360U] = { 0U };
   uint8_t shake_input_seed_se[25U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
-    (uint32_t)976U,
-    r + (uint32_t)15616U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)31232U,
-    epp_matrix);
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(25U, shake_input_seed_se, 31360U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 25U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 976U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 976U, r + 15616U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 8U, r + 31232U, epp_matrix);
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)15616U;
+  uint8_t *c2 = ct + 15616U;
   uint16_t bp_matrix[7808U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)952576U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 952576U);
   uint16_t a_matrix[952576U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)976U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)976U,
-    sp_matrix,
-    a_matrix,
-    bp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)976U, bp_matrix, ep_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, bp_matrix, c1);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 976U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 976U, 976U, sp_matrix, a_matrix, bp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 976U, bp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 976U, 16U, bp_matrix, c1);
   uint16_t v_matrix[64U] = { 0U };
   uint16_t b_matrix[7808U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)976U, (uint32_t)8U, (uint32_t)16U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    v_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(976U, 8U, 16U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 976U, 8U, sp_matrix, b_matrix, v_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)16U,
-    (uint32_t)3U,
-    (uint32_t)8U,
-    coins,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint32_t ss_init_len = (uint32_t)15768U;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(16U, 3U, 8U, coins, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 8U, 16U, v_matrix, c2);
+  Lib_Memzero0_memzero(v_matrix, 64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint32_t ss_init_len = 15768U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
   memset(shake_input_ss, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(shake_input_ss, ct, (uint32_t)15744U * sizeof (uint8_t));
-  memcpy(shake_input_ss + (uint32_t)15744U, k, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)24U, ss);
+  memcpy(shake_input_ss, ct, 15744U * sizeof (uint8_t));
+  memcpy(shake_input_ss + 15744U, k, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(ss_init_len, shake_input_ss, 24U, ss);
   Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
-  Lib_Memzero0_memzero(coins, (uint32_t)24U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(seed_se_k, 48U, uint8_t);
+  Lib_Memzero0_memzero(coins, 24U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
@@ -181,39 +143,30 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t bp_matrix[7808U] = { 0U };
   uint16_t c_matrix[64U] = { 0U };
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)15616U;
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, c1, bp_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, c2, c_matrix);
+  uint8_t *c2 = ct + 15616U;
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 976U, 16U, c1, bp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 8U, 16U, c2, c_matrix);
   uint8_t mu_decode[24U] = { 0U };
-  uint8_t *s_bytes = sk + (uint32_t)15656U;
+  uint8_t *s_bytes = sk + 15656U;
   uint16_t s_matrix[7808U] = { 0U };
   uint16_t m_matrix[64U] = { 0U };
-  Hacl_Impl_Matrix_matrix_from_lbytes((uint32_t)976U, (uint32_t)8U, s_bytes, s_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)8U,
-    bp_matrix,
-    s_matrix,
-    m_matrix);
-  Hacl_Impl_Matrix_matrix_sub((uint32_t)8U, (uint32_t)8U, c_matrix, m_matrix);
-  Hacl_Impl_Frodo_Encode_frodo_key_decode((uint32_t)16U,
-    (uint32_t)3U,
-    (uint32_t)8U,
-    m_matrix,
-    mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
+  Hacl_Impl_Matrix_matrix_from_lbytes(976U, 8U, s_bytes, s_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(8U, 976U, 8U, bp_matrix, s_matrix, m_matrix);
+  Hacl_Impl_Matrix_matrix_sub(8U, 8U, c_matrix, m_matrix);
+  Hacl_Impl_Frodo_Encode_frodo_key_decode(16U, 3U, 8U, m_matrix, mu_decode);
+  Lib_Memzero0_memzero(s_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, 64U, uint16_t);
   uint8_t seed_se_k[48U] = { 0U };
-  uint32_t pkh_mu_decode_len = (uint32_t)48U;
+  uint32_t pkh_mu_decode_len = 48U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
   uint8_t pkh_mu_decode[pkh_mu_decode_len];
   memset(pkh_mu_decode, 0U, pkh_mu_decode_len * sizeof (uint8_t));
-  uint8_t *pkh = sk + (uint32_t)31272U;
-  memcpy(pkh_mu_decode, pkh, (uint32_t)24U * sizeof (uint8_t));
-  memcpy(pkh_mu_decode + (uint32_t)24U, mu_decode, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(pkh_mu_decode_len, pkh_mu_decode, (uint32_t)48U, seed_se_k);
+  uint8_t *pkh = sk + 31272U;
+  memcpy(pkh_mu_decode, pkh, 24U * sizeof (uint8_t));
+  memcpy(pkh_mu_decode + 24U, mu_decode, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(pkh_mu_decode_len, pkh_mu_decode, 48U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *kp = seed_se_k + (uint32_t)24U;
+  uint8_t *kp = seed_se_k + 24U;
   uint8_t *s = sk;
   uint16_t bpp_matrix[7808U] = { 0U };
   uint16_t cp_matrix[64U] = { 0U };
@@ -222,80 +175,58 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[31360U] = { 0U };
   uint8_t shake_input_seed_se[25U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
-    (uint32_t)976U,
-    r + (uint32_t)15616U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)31232U,
-    epp_matrix);
-  uint8_t *pk = sk + (uint32_t)24U;
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(25U, shake_input_seed_se, 31360U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 25U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 976U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 976U, r + 15616U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 8U, r + 31232U, epp_matrix);
+  uint8_t *pk = sk + 24U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)952576U);
+  uint8_t *b = pk + 16U;
+  KRML_CHECK_SIZE(sizeof (uint16_t), 952576U);
   uint16_t a_matrix[952576U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)976U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)976U,
-    sp_matrix,
-    a_matrix,
-    bpp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)976U, bpp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 976U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 976U, 976U, sp_matrix, a_matrix, bpp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 976U, bpp_matrix, ep_matrix);
   uint16_t b_matrix[7808U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)976U, (uint32_t)8U, (uint32_t)16U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    cp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(976U, 8U, 16U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 976U, 8U, sp_matrix, b_matrix, cp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)16U,
-    (uint32_t)3U,
-    (uint32_t)8U,
-    mu_decode,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, bpp_matrix);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)976U, bp_matrix, bpp_matrix);
-  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
-  uint16_t mask = b1 & b2;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(16U, 3U, 8U, mu_decode, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Matrix_mod_pow2(8U, 976U, 16U, bpp_matrix);
+  Hacl_Impl_Matrix_mod_pow2(8U, 8U, 16U, cp_matrix);
+  Lib_Memzero0_memzero(sp_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq(8U, 976U, bp_matrix, bpp_matrix);
+  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq(8U, 8U, c_matrix, cp_matrix);
+  uint16_t mask = (uint32_t)b1 & (uint32_t)b2;
   uint16_t mask0 = mask;
   uint8_t kp_s[24U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)24U; i++)
+  for (uint32_t i = 0U; i < 24U; i++)
   {
     uint8_t *os = kp_s;
     uint8_t uu____0 = s[i];
-    uint8_t x = uu____0 ^ ((uint8_t)mask0 & (kp[i] ^ uu____0));
+    uint8_t
+    x = (uint32_t)uu____0 ^ ((uint32_t)(uint8_t)mask0 & ((uint32_t)kp[i] ^ (uint32_t)uu____0));
     os[i] = x;
   }
-  uint32_t ss_init_len = (uint32_t)15768U;
+  uint32_t ss_init_len = 15768U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t ss_init[ss_init_len];
   memset(ss_init, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(ss_init, ct, (uint32_t)15744U * sizeof (uint8_t));
-  memcpy(ss_init + (uint32_t)15744U, kp_s, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)24U, ss);
+  memcpy(ss_init, ct, 15744U * sizeof (uint8_t));
+  memcpy(ss_init + 15744U, kp_s, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(ss_init_len, ss_init, 24U, ss);
   Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(kp_s, (uint32_t)24U, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(kp_s, 24U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, 48U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, 24U, uint8_t);
+  return 0U;
 }
 
diff --git a/src/Hacl_Frodo_KEM.c b/src/Hacl_Frodo_KEM.c
index 4265ac0e..e0a65a47 100644
--- a/src/Hacl_Frodo_KEM.c
+++ b/src/Hacl_Frodo_KEM.c
@@ -30,6 +30,6 @@
 
 void randombytes_(uint32_t len, uint8_t *res)
 {
-  KRML_HOST_IGNORE(Lib_RandomBuffer_System_randombytes(res, len));
+  Lib_RandomBuffer_System_randombytes(res, len);
 }
 
diff --git a/src/Hacl_GenericField32.c b/src/Hacl_GenericField32.c
index 8bd08a00..f509e6d4 100644
--- a/src/Hacl_GenericField32.c
+++ b/src/Hacl_GenericField32.c
@@ -56,7 +56,7 @@ Check whether this library will work for a modulus `n`.
 bool Hacl_GenericField32_field_modulus_check(uint32_t len, uint32_t *n)
 {
   uint32_t m = Hacl_Bignum_Montgomery_bn_check_modulus_u32(len, n);
-  return m == (uint32_t)0xFFFFFFFFU;
+  return m == 0xFFFFFFFFU;
 }
 
 /**
@@ -82,7 +82,7 @@ Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
   uint32_t *r21 = r2;
   uint32_t *n11 = n1;
   memcpy(n11, n, len * sizeof (uint32_t));
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
   Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(len, nBits, n, r21);
   uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 res = { .len = len, .n = n11, .mu = mu, .r2 = r21 };
@@ -283,27 +283,27 @@ Hacl_GenericField32_exp_consttime(
   uint32_t aMc[k1.len];
   memset(aMc, 0U, k1.len * sizeof (uint32_t));
   memcpy(aMc, aM, k1.len * sizeof (uint32_t));
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len1 + len1);
     uint32_t ctx[len1 + len1];
     memset(ctx, 0U, (len1 + len1) * sizeof (uint32_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint32_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint32_t));
-    uint32_t sw = (uint32_t)0U;
+    uint32_t sw = 0U;
     uint32_t *ctx_n = ctx;
     uint32_t *ctx_r2 = ctx + len1;
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len1, ctx_n, k1.mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)32U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)32U;
+      uint32_t i1 = (bBits - i0 - 1U) / 32U;
+      uint32_t j = (bBits - i0 - 1U) % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
+      uint32_t bit = tmp >> j & 1U;
       uint32_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < len1; i++)
+      for (uint32_t i = 0U; i < len1; i++)
       {
-        uint32_t dummy = ((uint32_t)0U - sw1) & (resM[i] ^ aMc[i]);
+        uint32_t dummy = (0U - sw1) & (resM[i] ^ aMc[i]);
         resM[i] = resM[i] ^ dummy;
         aMc[i] = aMc[i] ^ dummy;
       }
@@ -314,9 +314,9 @@ Hacl_GenericField32_exp_consttime(
       sw = bit;
     }
     uint32_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < len1; i++)
+    for (uint32_t i = 0U; i < len1; i++)
     {
-      uint32_t dummy = ((uint32_t)0U - sw0) & (resM[i] ^ aMc[i]);
+      uint32_t dummy = (0U - sw0) & (resM[i] ^ aMc[i]);
       resM[i] = resM[i] ^ dummy;
       aMc[i] = aMc[i] ^ dummy;
     }
@@ -324,22 +324,22 @@ Hacl_GenericField32_exp_consttime(
   else
   {
     uint32_t bLen;
-    if (bBits == (uint32_t)0U)
+    if (bBits == 0U)
     {
-      bLen = (uint32_t)1U;
+      bLen = 1U;
     }
     else
     {
-      bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+      bLen = (bBits - 1U) / 32U + 1U;
     }
     KRML_CHECK_SIZE(sizeof (uint32_t), len1 + len1);
     uint32_t ctx[len1 + len1];
     memset(ctx, 0U, (len1 + len1) * sizeof (uint32_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint32_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)16U * len1);
-    uint32_t table[(uint32_t)16U * len1];
-    memset(table, 0U, (uint32_t)16U * len1 * sizeof (uint32_t));
+    KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len1);
+    uint32_t table[16U * len1];
+    memset(table, 0U, 16U * len1 * sizeof (uint32_t));
     KRML_CHECK_SIZE(sizeof (uint32_t), len1);
     uint32_t tmp[len1];
     memset(tmp, 0U, len1 * sizeof (uint32_t));
@@ -350,29 +350,29 @@ Hacl_GenericField32_exp_consttime(
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len1, ctx_n0, k1.mu, ctx_r20, t0);
     memcpy(t1, aMc, len1 * sizeof (uint32_t));
     KRML_MAYBE_FOR7(i,
-      (uint32_t)0U,
-      (uint32_t)7U,
-      (uint32_t)1U,
-      uint32_t *t11 = table + (i + (uint32_t)1U) * len1;
+      0U,
+      7U,
+      1U,
+      uint32_t *t11 = table + (i + 1U) * len1;
       uint32_t *ctx_n1 = ctx;
       Hacl_Bignum_Montgomery_bn_mont_sqr_u32(len1, ctx_n1, k1.mu, t11, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len1, tmp, len1 * sizeof (uint32_t));
-      uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len1;
+      memcpy(table + (2U * i + 2U) * len1, tmp, len1 * sizeof (uint32_t));
+      uint32_t *t2 = table + (2U * i + 2U) * len1;
       uint32_t *ctx_n = ctx;
       Hacl_Bignum_Montgomery_bn_mont_mul_u32(len1, ctx_n, k1.mu, aMc, t2, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len1, tmp, len1 * sizeof (uint32_t)););
-    if (bBits % (uint32_t)4U != (uint32_t)0U)
+      memcpy(table + (2U * i + 3U) * len1, tmp, len1 * sizeof (uint32_t)););
+    if (bBits % 4U != 0U)
     {
-      uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-      uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, (uint32_t)4U);
-      memcpy(resM, (uint32_t *)(table + (uint32_t)0U * len1), len1 * sizeof (uint32_t));
+      uint32_t i0 = bBits / 4U * 4U;
+      uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, 4U);
+      memcpy(resM, (uint32_t *)(table + 0U * len1), len1 * sizeof (uint32_t));
       KRML_MAYBE_FOR15(i1,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
-        uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + (uint32_t)1U);
-        const uint32_t *res_j = table + (i1 + (uint32_t)1U) * len1;
-        for (uint32_t i = (uint32_t)0U; i < len1; i++)
+        0U,
+        15U,
+        1U,
+        uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + 1U);
+        const uint32_t *res_j = table + (i1 + 1U) * len1;
+        for (uint32_t i = 0U; i < len1; i++)
         {
           uint32_t *os = resM;
           uint32_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -388,24 +388,24 @@ Hacl_GenericField32_exp_consttime(
     KRML_CHECK_SIZE(sizeof (uint32_t), len1);
     uint32_t tmp0[len1];
     memset(tmp0, 0U, len1 * sizeof (uint32_t));
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
     {
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint32_t *ctx_n = ctx;
         Hacl_Bignum_Montgomery_bn_mont_sqr_u32(len1, ctx_n, k1.mu, resM, resM););
-      uint32_t k2 = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-      uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k2, (uint32_t)4U);
-      memcpy(tmp0, (uint32_t *)(table + (uint32_t)0U * len1), len1 * sizeof (uint32_t));
+      uint32_t k2 = bBits - bBits % 4U - 4U * i0 - 4U;
+      uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k2, 4U);
+      memcpy(tmp0, (uint32_t *)(table + 0U * len1), len1 * sizeof (uint32_t));
       KRML_MAYBE_FOR15(i1,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
-        uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + (uint32_t)1U);
-        const uint32_t *res_j = table + (i1 + (uint32_t)1U) * len1;
-        for (uint32_t i = (uint32_t)0U; i < len1; i++)
+        0U,
+        15U,
+        1U,
+        uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + 1U);
+        const uint32_t *res_j = table + (i1 + 1U) * len1;
+        for (uint32_t i = 0U; i < len1; i++)
         {
           uint32_t *os = tmp0;
           uint32_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -450,7 +450,7 @@ Hacl_GenericField32_exp_vartime(
   uint32_t aMc[k1.len];
   memset(aMc, 0U, k1.len * sizeof (uint32_t));
   memcpy(aMc, aM, k1.len * sizeof (uint32_t));
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len1 + len1);
     uint32_t ctx[len1 + len1];
@@ -460,13 +460,13 @@ Hacl_GenericField32_exp_vartime(
     uint32_t *ctx_n = ctx;
     uint32_t *ctx_r2 = ctx + len1;
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len1, ctx_n, k1.mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)32U;
-      uint32_t j = i % (uint32_t)32U;
+      uint32_t i1 = i / 32U;
+      uint32_t j = i % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
-      if (!(bit == (uint32_t)0U))
+      uint32_t bit = tmp >> j & 1U;
+      if (!(bit == 0U))
       {
         uint32_t *ctx_n0 = ctx;
         Hacl_Bignum_Montgomery_bn_mont_mul_u32(len1, ctx_n0, k1.mu, resM, aMc, resM);
@@ -478,22 +478,22 @@ Hacl_GenericField32_exp_vartime(
   else
   {
     uint32_t bLen;
-    if (bBits == (uint32_t)0U)
+    if (bBits == 0U)
     {
-      bLen = (uint32_t)1U;
+      bLen = 1U;
     }
     else
     {
-      bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+      bLen = (bBits - 1U) / 32U + 1U;
     }
     KRML_CHECK_SIZE(sizeof (uint32_t), len1 + len1);
     uint32_t ctx[len1 + len1];
     memset(ctx, 0U, (len1 + len1) * sizeof (uint32_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint32_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)16U * len1);
-    uint32_t table[(uint32_t)16U * len1];
-    memset(table, 0U, (uint32_t)16U * len1 * sizeof (uint32_t));
+    KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len1);
+    uint32_t table[16U * len1];
+    memset(table, 0U, 16U * len1 * sizeof (uint32_t));
     KRML_CHECK_SIZE(sizeof (uint32_t), len1);
     uint32_t tmp[len1];
     memset(tmp, 0U, len1 * sizeof (uint32_t));
@@ -504,21 +504,21 @@ Hacl_GenericField32_exp_vartime(
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len1, ctx_n0, k1.mu, ctx_r20, t0);
     memcpy(t1, aMc, len1 * sizeof (uint32_t));
     KRML_MAYBE_FOR7(i,
-      (uint32_t)0U,
-      (uint32_t)7U,
-      (uint32_t)1U,
-      uint32_t *t11 = table + (i + (uint32_t)1U) * len1;
+      0U,
+      7U,
+      1U,
+      uint32_t *t11 = table + (i + 1U) * len1;
       uint32_t *ctx_n1 = ctx;
       Hacl_Bignum_Montgomery_bn_mont_sqr_u32(len1, ctx_n1, k1.mu, t11, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len1, tmp, len1 * sizeof (uint32_t));
-      uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len1;
+      memcpy(table + (2U * i + 2U) * len1, tmp, len1 * sizeof (uint32_t));
+      uint32_t *t2 = table + (2U * i + 2U) * len1;
       uint32_t *ctx_n = ctx;
       Hacl_Bignum_Montgomery_bn_mont_mul_u32(len1, ctx_n, k1.mu, aMc, t2, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len1, tmp, len1 * sizeof (uint32_t)););
-    if (bBits % (uint32_t)4U != (uint32_t)0U)
+      memcpy(table + (2U * i + 3U) * len1, tmp, len1 * sizeof (uint32_t)););
+    if (bBits % 4U != 0U)
     {
-      uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-      uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, (uint32_t)4U);
+      uint32_t i = bBits / 4U * 4U;
+      uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, 4U);
       uint32_t bits_l32 = bits_c;
       const uint32_t *a_bits_l = table + bits_l32 * len1;
       memcpy(resM, (uint32_t *)a_bits_l, len1 * sizeof (uint32_t));
@@ -532,16 +532,16 @@ Hacl_GenericField32_exp_vartime(
     KRML_CHECK_SIZE(sizeof (uint32_t), len1);
     uint32_t tmp0[len1];
     memset(tmp0, 0U, len1 * sizeof (uint32_t));
-    for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < bBits / 4U; i++)
     {
       KRML_MAYBE_FOR4(i0,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint32_t *ctx_n = ctx;
         Hacl_Bignum_Montgomery_bn_mont_sqr_u32(len1, ctx_n, k1.mu, resM, resM););
-      uint32_t k2 = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-      uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k2, (uint32_t)4U);
+      uint32_t k2 = bBits - bBits % 4U - 4U * i - 4U;
+      uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k2, 4U);
       uint32_t bits_l32 = bits_l;
       const uint32_t *a_bits_l = table + bits_l32 * len1;
       memcpy(tmp0, (uint32_t *)a_bits_l, len1 * sizeof (uint32_t));
@@ -574,38 +574,33 @@ Hacl_GenericField32_inverse(
   KRML_CHECK_SIZE(sizeof (uint32_t), len1);
   uint32_t n2[len1];
   memset(n2, 0U, len1 * sizeof (uint32_t));
-  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, k1.n[0U], (uint32_t)2U, n2);
+  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, k1.n[0U], 2U, n2);
   uint32_t c1;
-  if ((uint32_t)1U < len1)
+  if (1U < len1)
   {
-    uint32_t *a1 = k1.n + (uint32_t)1U;
-    uint32_t *res1 = n2 + (uint32_t)1U;
+    uint32_t *a1 = k1.n + 1U;
+    uint32_t *res1 = n2 + 1U;
     uint32_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (len1 - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (len1 - 1U) / 4U; i++)
     {
-      uint32_t t1 = a1[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a1[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a1[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a1[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a1[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
     }
-    for
-    (uint32_t
-      i = (len1 - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < len1 - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (len1 - 1U) / 4U * 4U; i < len1 - 1U; i++)
     {
       uint32_t t1 = a1[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i);
     }
     uint32_t c10 = c;
     c1 = c10;
@@ -614,7 +609,7 @@ Hacl_GenericField32_inverse(
   {
     c1 = c0;
   }
-  KRML_HOST_IGNORE(c1);
-  Hacl_GenericField32_exp_vartime(k, aM, k1.len * (uint32_t)32U, n2, aInvM);
+  KRML_MAYBE_UNUSED_VAR(c1);
+  Hacl_GenericField32_exp_vartime(k, aM, k1.len * 32U, n2, aInvM);
 }
 
diff --git a/src/Hacl_GenericField64.c b/src/Hacl_GenericField64.c
index 7c11d3b7..3f291d36 100644
--- a/src/Hacl_GenericField64.c
+++ b/src/Hacl_GenericField64.c
@@ -55,7 +55,7 @@ Check whether this library will work for a modulus `n`.
 bool Hacl_GenericField64_field_modulus_check(uint32_t len, uint64_t *n)
 {
   uint64_t m = Hacl_Bignum_Montgomery_bn_check_modulus_u64(len, n);
-  return m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -81,7 +81,7 @@ Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
   uint64_t *r21 = r2;
   uint64_t *n11 = n1;
   memcpy(n11, n, len * sizeof (uint64_t));
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
   Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(len, nBits, n, r21);
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 res = { .len = len, .n = n11, .mu = mu, .r2 = r21 };
@@ -282,27 +282,27 @@ Hacl_GenericField64_exp_consttime(
   uint64_t aMc[k1.len];
   memset(aMc, 0U, k1.len * sizeof (uint64_t));
   memcpy(aMc, aM, k1.len * sizeof (uint64_t));
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len1 + len1);
     uint64_t ctx[len1 + len1];
     memset(ctx, 0U, (len1 + len1) * sizeof (uint64_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint64_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint64_t));
-    uint64_t sw = (uint64_t)0U;
+    uint64_t sw = 0ULL;
     uint64_t *ctx_n = ctx;
     uint64_t *ctx_r2 = ctx + len1;
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len1, ctx_n, k1.mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)64U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)64U;
+      uint32_t i1 = (bBits - i0 - 1U) / 64U;
+      uint32_t j = (bBits - i0 - 1U) % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
+      uint64_t bit = tmp >> j & 1ULL;
       uint64_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < len1; i++)
+      for (uint32_t i = 0U; i < len1; i++)
       {
-        uint64_t dummy = ((uint64_t)0U - sw1) & (resM[i] ^ aMc[i]);
+        uint64_t dummy = (0ULL - sw1) & (resM[i] ^ aMc[i]);
         resM[i] = resM[i] ^ dummy;
         aMc[i] = aMc[i] ^ dummy;
       }
@@ -313,9 +313,9 @@ Hacl_GenericField64_exp_consttime(
       sw = bit;
     }
     uint64_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < len1; i++)
+    for (uint32_t i = 0U; i < len1; i++)
     {
-      uint64_t dummy = ((uint64_t)0U - sw0) & (resM[i] ^ aMc[i]);
+      uint64_t dummy = (0ULL - sw0) & (resM[i] ^ aMc[i]);
       resM[i] = resM[i] ^ dummy;
       aMc[i] = aMc[i] ^ dummy;
     }
@@ -323,22 +323,22 @@ Hacl_GenericField64_exp_consttime(
   else
   {
     uint32_t bLen;
-    if (bBits == (uint32_t)0U)
+    if (bBits == 0U)
     {
-      bLen = (uint32_t)1U;
+      bLen = 1U;
     }
     else
     {
-      bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+      bLen = (bBits - 1U) / 64U + 1U;
     }
     KRML_CHECK_SIZE(sizeof (uint64_t), len1 + len1);
     uint64_t ctx[len1 + len1];
     memset(ctx, 0U, (len1 + len1) * sizeof (uint64_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint64_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)16U * len1);
-    uint64_t table[(uint32_t)16U * len1];
-    memset(table, 0U, (uint32_t)16U * len1 * sizeof (uint64_t));
+    KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len1);
+    uint64_t table[16U * len1];
+    memset(table, 0U, 16U * len1 * sizeof (uint64_t));
     KRML_CHECK_SIZE(sizeof (uint64_t), len1);
     uint64_t tmp[len1];
     memset(tmp, 0U, len1 * sizeof (uint64_t));
@@ -349,29 +349,29 @@ Hacl_GenericField64_exp_consttime(
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len1, ctx_n0, k1.mu, ctx_r20, t0);
     memcpy(t1, aMc, len1 * sizeof (uint64_t));
     KRML_MAYBE_FOR7(i,
-      (uint32_t)0U,
-      (uint32_t)7U,
-      (uint32_t)1U,
-      uint64_t *t11 = table + (i + (uint32_t)1U) * len1;
+      0U,
+      7U,
+      1U,
+      uint64_t *t11 = table + (i + 1U) * len1;
       uint64_t *ctx_n1 = ctx;
       Hacl_Bignum_Montgomery_bn_mont_sqr_u64(len1, ctx_n1, k1.mu, t11, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len1, tmp, len1 * sizeof (uint64_t));
-      uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len1;
+      memcpy(table + (2U * i + 2U) * len1, tmp, len1 * sizeof (uint64_t));
+      uint64_t *t2 = table + (2U * i + 2U) * len1;
       uint64_t *ctx_n = ctx;
       Hacl_Bignum_Montgomery_bn_mont_mul_u64(len1, ctx_n, k1.mu, aMc, t2, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len1, tmp, len1 * sizeof (uint64_t)););
-    if (bBits % (uint32_t)4U != (uint32_t)0U)
+      memcpy(table + (2U * i + 3U) * len1, tmp, len1 * sizeof (uint64_t)););
+    if (bBits % 4U != 0U)
     {
-      uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-      uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, (uint32_t)4U);
-      memcpy(resM, (uint64_t *)(table + (uint32_t)0U * len1), len1 * sizeof (uint64_t));
+      uint32_t i0 = bBits / 4U * 4U;
+      uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, 4U);
+      memcpy(resM, (uint64_t *)(table + 0U * len1), len1 * sizeof (uint64_t));
       KRML_MAYBE_FOR15(i1,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
-        uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + (uint32_t)1U));
-        const uint64_t *res_j = table + (i1 + (uint32_t)1U) * len1;
-        for (uint32_t i = (uint32_t)0U; i < len1; i++)
+        0U,
+        15U,
+        1U,
+        uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + 1U));
+        const uint64_t *res_j = table + (i1 + 1U) * len1;
+        for (uint32_t i = 0U; i < len1; i++)
         {
           uint64_t *os = resM;
           uint64_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -387,24 +387,24 @@ Hacl_GenericField64_exp_consttime(
     KRML_CHECK_SIZE(sizeof (uint64_t), len1);
     uint64_t tmp0[len1];
     memset(tmp0, 0U, len1 * sizeof (uint64_t));
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
     {
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint64_t *ctx_n = ctx;
         Hacl_Bignum_Montgomery_bn_mont_sqr_u64(len1, ctx_n, k1.mu, resM, resM););
-      uint32_t k2 = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-      uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k2, (uint32_t)4U);
-      memcpy(tmp0, (uint64_t *)(table + (uint32_t)0U * len1), len1 * sizeof (uint64_t));
+      uint32_t k2 = bBits - bBits % 4U - 4U * i0 - 4U;
+      uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k2, 4U);
+      memcpy(tmp0, (uint64_t *)(table + 0U * len1), len1 * sizeof (uint64_t));
       KRML_MAYBE_FOR15(i1,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
-        uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-        const uint64_t *res_j = table + (i1 + (uint32_t)1U) * len1;
-        for (uint32_t i = (uint32_t)0U; i < len1; i++)
+        0U,
+        15U,
+        1U,
+        uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+        const uint64_t *res_j = table + (i1 + 1U) * len1;
+        for (uint32_t i = 0U; i < len1; i++)
         {
           uint64_t *os = tmp0;
           uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -449,7 +449,7 @@ Hacl_GenericField64_exp_vartime(
   uint64_t aMc[k1.len];
   memset(aMc, 0U, k1.len * sizeof (uint64_t));
   memcpy(aMc, aM, k1.len * sizeof (uint64_t));
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len1 + len1);
     uint64_t ctx[len1 + len1];
@@ -459,13 +459,13 @@ Hacl_GenericField64_exp_vartime(
     uint64_t *ctx_n = ctx;
     uint64_t *ctx_r2 = ctx + len1;
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len1, ctx_n, k1.mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)64U;
-      uint32_t j = i % (uint32_t)64U;
+      uint32_t i1 = i / 64U;
+      uint32_t j = i % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
-      if (!(bit == (uint64_t)0U))
+      uint64_t bit = tmp >> j & 1ULL;
+      if (!(bit == 0ULL))
       {
         uint64_t *ctx_n0 = ctx;
         Hacl_Bignum_Montgomery_bn_mont_mul_u64(len1, ctx_n0, k1.mu, resM, aMc, resM);
@@ -477,22 +477,22 @@ Hacl_GenericField64_exp_vartime(
   else
   {
     uint32_t bLen;
-    if (bBits == (uint32_t)0U)
+    if (bBits == 0U)
     {
-      bLen = (uint32_t)1U;
+      bLen = 1U;
     }
     else
     {
-      bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+      bLen = (bBits - 1U) / 64U + 1U;
     }
     KRML_CHECK_SIZE(sizeof (uint64_t), len1 + len1);
     uint64_t ctx[len1 + len1];
     memset(ctx, 0U, (len1 + len1) * sizeof (uint64_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint64_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)16U * len1);
-    uint64_t table[(uint32_t)16U * len1];
-    memset(table, 0U, (uint32_t)16U * len1 * sizeof (uint64_t));
+    KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len1);
+    uint64_t table[16U * len1];
+    memset(table, 0U, 16U * len1 * sizeof (uint64_t));
     KRML_CHECK_SIZE(sizeof (uint64_t), len1);
     uint64_t tmp[len1];
     memset(tmp, 0U, len1 * sizeof (uint64_t));
@@ -503,21 +503,21 @@ Hacl_GenericField64_exp_vartime(
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len1, ctx_n0, k1.mu, ctx_r20, t0);
     memcpy(t1, aMc, len1 * sizeof (uint64_t));
     KRML_MAYBE_FOR7(i,
-      (uint32_t)0U,
-      (uint32_t)7U,
-      (uint32_t)1U,
-      uint64_t *t11 = table + (i + (uint32_t)1U) * len1;
+      0U,
+      7U,
+      1U,
+      uint64_t *t11 = table + (i + 1U) * len1;
       uint64_t *ctx_n1 = ctx;
       Hacl_Bignum_Montgomery_bn_mont_sqr_u64(len1, ctx_n1, k1.mu, t11, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len1, tmp, len1 * sizeof (uint64_t));
-      uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len1;
+      memcpy(table + (2U * i + 2U) * len1, tmp, len1 * sizeof (uint64_t));
+      uint64_t *t2 = table + (2U * i + 2U) * len1;
       uint64_t *ctx_n = ctx;
       Hacl_Bignum_Montgomery_bn_mont_mul_u64(len1, ctx_n, k1.mu, aMc, t2, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len1, tmp, len1 * sizeof (uint64_t)););
-    if (bBits % (uint32_t)4U != (uint32_t)0U)
+      memcpy(table + (2U * i + 3U) * len1, tmp, len1 * sizeof (uint64_t)););
+    if (bBits % 4U != 0U)
     {
-      uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-      uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, (uint32_t)4U);
+      uint32_t i = bBits / 4U * 4U;
+      uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, 4U);
       uint32_t bits_l32 = (uint32_t)bits_c;
       const uint64_t *a_bits_l = table + bits_l32 * len1;
       memcpy(resM, (uint64_t *)a_bits_l, len1 * sizeof (uint64_t));
@@ -531,16 +531,16 @@ Hacl_GenericField64_exp_vartime(
     KRML_CHECK_SIZE(sizeof (uint64_t), len1);
     uint64_t tmp0[len1];
     memset(tmp0, 0U, len1 * sizeof (uint64_t));
-    for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < bBits / 4U; i++)
     {
       KRML_MAYBE_FOR4(i0,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint64_t *ctx_n = ctx;
         Hacl_Bignum_Montgomery_bn_mont_sqr_u64(len1, ctx_n, k1.mu, resM, resM););
-      uint32_t k2 = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-      uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k2, (uint32_t)4U);
+      uint32_t k2 = bBits - bBits % 4U - 4U * i - 4U;
+      uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k2, 4U);
       uint32_t bits_l32 = (uint32_t)bits_l;
       const uint64_t *a_bits_l = table + bits_l32 * len1;
       memcpy(tmp0, (uint64_t *)a_bits_l, len1 * sizeof (uint64_t));
@@ -573,38 +573,33 @@ Hacl_GenericField64_inverse(
   KRML_CHECK_SIZE(sizeof (uint64_t), len1);
   uint64_t n2[len1];
   memset(n2, 0U, len1 * sizeof (uint64_t));
-  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, k1.n[0U], (uint64_t)2U, n2);
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, k1.n[0U], 2ULL, n2);
   uint64_t c1;
-  if ((uint32_t)1U < len1)
+  if (1U < len1)
   {
-    uint64_t *a1 = k1.n + (uint32_t)1U;
-    uint64_t *res1 = n2 + (uint32_t)1U;
+    uint64_t *a1 = k1.n + 1U;
+    uint64_t *res1 = n2 + 1U;
     uint64_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (len1 - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (len1 - 1U) / 4U; i++)
     {
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i);
     }
-    for
-    (uint32_t
-      i = (len1 - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < len1 - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (len1 - 1U) / 4U * 4U; i < len1 - 1U; i++)
     {
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c10 = c;
     c1 = c10;
@@ -613,7 +608,7 @@ Hacl_GenericField64_inverse(
   {
     c1 = c0;
   }
-  KRML_HOST_IGNORE(c1);
-  Hacl_GenericField64_exp_vartime(k, aM, k1.len * (uint32_t)64U, n2, aInvM);
+  KRML_MAYBE_UNUSED_VAR(c1);
+  Hacl_GenericField64_exp_vartime(k, aM, k1.len * 64U, n2, aInvM);
 }
 
diff --git a/src/Hacl_HKDF.c b/src/Hacl_HKDF.c
index 6148337c..027b719f 100644
--- a/src/Hacl_HKDF.c
+++ b/src/Hacl_HKDF.c
@@ -45,39 +45,39 @@ Hacl_HKDF_expand_sha2_256(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -125,39 +125,39 @@ Hacl_HKDF_expand_sha2_384(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)48U;
+  uint32_t tlen = 48U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -205,39 +205,39 @@ Hacl_HKDF_expand_sha2_512(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -285,39 +285,39 @@ Hacl_HKDF_expand_blake2s_32(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -365,39 +365,39 @@ Hacl_HKDF_expand_blake2b_32(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
diff --git a/src/Hacl_HKDF_Blake2b_256.c b/src/Hacl_HKDF_Blake2b_256.c
index 0d28292a..fe89115d 100644
--- a/src/Hacl_HKDF_Blake2b_256.c
+++ b/src/Hacl_HKDF_Blake2b_256.c
@@ -45,47 +45,39 @@ Hacl_HKDF_Blake2b_256_expand_blake2b_256(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag,
-        prk,
-        prklen,
-        text,
-        tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag,
-        prk,
-        prklen,
-        text,
-        tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
diff --git a/src/Hacl_HKDF_Blake2s_128.c b/src/Hacl_HKDF_Blake2s_128.c
index ec1e727e..4c9e9450 100644
--- a/src/Hacl_HKDF_Blake2s_128.c
+++ b/src/Hacl_HKDF_Blake2s_128.c
@@ -45,47 +45,39 @@ Hacl_HKDF_Blake2s_128_expand_blake2s_128(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t text[tlen + infolen + (uint32_t)1U];
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t text[tlen + infolen + 1U];
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag,
-        prk,
-        prklen,
-        text,
-        tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag,
-        prk,
-        prklen,
-        text,
-        tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
diff --git a/src/Hacl_HMAC.c b/src/Hacl_HMAC.c
index 7b4b36f0..b03bc7ac 100644
--- a/src/Hacl_HMAC.c
+++ b/src/Hacl_HMAC.c
@@ -23,12 +23,13 @@
  */
 
 
-#include "Hacl_HMAC.h"
+#include "internal/Hacl_HMAC.h"
 
 #include "internal/Hacl_Krmllib.h"
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b.h"
 
 /**
 Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.
@@ -37,7 +38,7 @@ The key can be any length and will be hashed if it is longer and padded if it is
 `dst` must point to 20 bytes of memory.
 */
 void
-Hacl_HMAC_legacy_compute_sha1(
+Hacl_HMAC_compute_sha1(
   uint8_t *dst,
   uint8_t *key,
   uint32_t key_len,
@@ -45,68 +46,63 @@ Hacl_HMAC_legacy_compute_sha1(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)20U;
+    ite = 20U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Hash_SHA1_legacy_hash(key, key_len, nkey);
+    Hacl_Hash_SHA1_hash_oneshot(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
-  uint32_t
-  s[5U] =
-    {
-      (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
-      (uint32_t)0xc3d2e1f0U
-    };
+  uint32_t s[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_Hash_SHA1_legacy_update_last(s, (uint64_t)0U, ipad, (uint32_t)64U);
+    Hacl_Hash_SHA1_update_last(s, 0ULL, ipad, 64U);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -118,25 +114,21 @@ Hacl_HMAC_legacy_compute_sha1(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_Hash_SHA1_legacy_update_multi(s, ipad, (uint32_t)1U);
-    Hacl_Hash_SHA1_legacy_update_multi(s, full_blocks, n_blocks);
-    Hacl_Hash_SHA1_legacy_update_last(s,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
-      rem,
-      rem_len);
+    Hacl_Hash_SHA1_update_multi(s, ipad, 1U);
+    Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks);
+    Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len);
   }
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst1);
+  Hacl_Hash_SHA1_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_Hash_Core_SHA1_legacy_init(s);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)20U / block_len;
-  uint32_t rem0 = (uint32_t)20U % block_len;
+  Hacl_Hash_SHA1_init(s);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 20U / block_len;
+  uint32_t rem0 = 20U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)20U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 20U - n_blocks_ * block_len });
   }
   else
   {
@@ -147,13 +139,10 @@ Hacl_HMAC_legacy_compute_sha1(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_Hash_SHA1_legacy_update_multi(s, opad, (uint32_t)1U);
-  Hacl_Hash_SHA1_legacy_update_multi(s, full_blocks, n_blocks);
-  Hacl_Hash_SHA1_legacy_update_last(s,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
-    rem,
-    rem_len);
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst);
+  Hacl_Hash_SHA1_update_multi(s, opad, 1U);
+  Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks);
+  Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len);
+  Hacl_Hash_SHA1_finish(s, dst);
 }
 
 /**
@@ -171,74 +160,71 @@ Hacl_HMAC_compute_sha2_256(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_256(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_256(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint32_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = st;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t x = Hacl_Hash_SHA2_h256[i];
     os[i] = x;);
   uint32_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)0U + (uint64_t)(uint32_t)64U,
-      (uint32_t)64U,
-      ipad,
-      s);
+    Hacl_Hash_SHA2_sha256_update_last(0ULL + (uint64_t)64U, 64U, ipad, s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -250,27 +236,24 @@ Hacl_HMAC_compute_sha2_256(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)64U, ipad, s);
-    Hacl_SHA2_Scalar32_sha256_update_nblocks(n_blocks * (uint32_t)64U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)(uint32_t)64U
-      + (uint64_t)full_blocks_len
-      + (uint64_t)rem_len,
+    Hacl_Hash_SHA2_sha256_update_nblocks(64U, ipad, s);
+    Hacl_Hash_SHA2_sha256_update_nblocks(n_blocks * 64U, full_blocks, s);
+    Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len,
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst1);
+  Hacl_Hash_SHA2_sha256_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha256_init(s);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_SHA2_sha256_init(s);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -281,15 +264,13 @@ Hacl_HMAC_compute_sha2_256(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)64U, opad, s);
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(n_blocks * (uint32_t)64U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)(uint32_t)64U
-    + (uint64_t)full_blocks_len
-    + (uint64_t)rem_len,
+  Hacl_Hash_SHA2_sha256_update_nblocks(64U, opad, s);
+  Hacl_Hash_SHA2_sha256_update_nblocks(n_blocks * 64U, full_blocks, s);
+  Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len,
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst);
+  Hacl_Hash_SHA2_sha256_finish(s, dst);
 }
 
 /**
@@ -307,75 +288,75 @@ Hacl_HMAC_compute_sha2_384(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)48U;
+    ite = 48U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_384(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_384(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = st;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h384[i];
+    uint64_t x = Hacl_Hash_SHA2_h384[i];
     os[i] = x;);
   uint64_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-        FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U)),
-      (uint32_t)128U,
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL),
+        FStar_UInt128_uint64_to_uint128((uint64_t)128U)),
+      128U,
       ipad,
       s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -387,27 +368,26 @@ Hacl_HMAC_compute_sha2_384(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)128U, ipad, s);
-    Hacl_SHA2_Scalar32_sha384_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    Hacl_Hash_SHA2_sha384_update_nblocks(128U, ipad, s);
+    Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s);
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
           FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
         FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha384_finish(s, dst1);
+  Hacl_Hash_SHA2_sha384_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha384_init(s);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)48U / block_len;
-  uint32_t rem0 = (uint32_t)48U % block_len;
+  Hacl_Hash_SHA2_sha384_init(s);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 48U / block_len;
+  uint32_t rem0 = 48U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)48U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 48U - n_blocks_ * block_len });
   }
   else
   {
@@ -418,15 +398,15 @@ Hacl_HMAC_compute_sha2_384(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)128U, opad, s);
-  Hacl_SHA2_Scalar32_sha384_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+  Hacl_Hash_SHA2_sha384_update_nblocks(128U, opad, s);
+  Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s);
+  Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha384_finish(s, dst);
+  Hacl_Hash_SHA2_sha384_finish(s, dst);
 }
 
 /**
@@ -444,75 +424,75 @@ Hacl_HMAC_compute_sha2_512(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_512(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_512(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = st;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h512[i];
+    uint64_t x = Hacl_Hash_SHA2_h512[i];
     os[i] = x;);
   uint64_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-        FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U)),
-      (uint32_t)128U,
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL),
+        FStar_UInt128_uint64_to_uint128((uint64_t)128U)),
+      128U,
       ipad,
       s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -524,27 +504,26 @@ Hacl_HMAC_compute_sha2_512(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, ipad, s);
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    Hacl_Hash_SHA2_sha512_update_nblocks(128U, ipad, s);
+    Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s);
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
           FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
         FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha512_finish(s, dst1);
+  Hacl_Hash_SHA2_sha512_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha512_init(s);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_SHA2_sha512_init(s);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -555,15 +534,15 @@ Hacl_HMAC_compute_sha2_512(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, opad, s);
-  Hacl_SHA2_Scalar32_sha512_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+  Hacl_Hash_SHA2_sha512_update_nblocks(128U, opad, s);
+  Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s);
+  Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha512_finish(s, dst);
+  Hacl_Hash_SHA2_sha512_finish(s, dst);
 }
 
 /**
@@ -581,66 +560,66 @@ Hacl_HMAC_compute_blake2s_32(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2s_32_blake2s((uint32_t)32U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2s_hash_with_key(nkey, 32U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint32_t s[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_init(s, (uint32_t)0U, (uint32_t)32U);
+  Hacl_Hash_Blake2s_init(s, 0U, 32U);
   uint32_t *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last((uint32_t)64U, wv, s0, (uint64_t)0U, (uint32_t)64U, ipad);
+    Hacl_Hash_Blake2s_update_last(64U, wv, s0, 0ULL, 64U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -653,34 +632,33 @@ Hacl_HMAC_compute_blake2s_32(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, ipad, (uint32_t)1U);
+    Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, ipad, 1U);
     uint32_t wv0[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi(n_blocks * (uint32_t)64U,
+    Hacl_Hash_Blake2s_update_multi(n_blocks * 64U,
       wv0,
       s0,
       (uint64_t)block_len,
       full_blocks,
       n_blocks);
     uint32_t wv1[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last(rem_len,
+    Hacl_Hash_Blake2s_update_last(rem_len,
       wv1,
       s0,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+      (uint64_t)64U + (uint64_t)full_blocks_len,
       rem_len,
       rem);
   }
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst1, s0);
+  Hacl_Hash_Blake2s_finish(32U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2s_32_blake2s_init(s0, (uint32_t)0U, (uint32_t)32U);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_Blake2s_init(s0, 0U, 32U);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -692,22 +670,22 @@ Hacl_HMAC_compute_blake2s_32(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   uint32_t wv[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, opad, (uint32_t)1U);
+  Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, opad, 1U);
   uint32_t wv0[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_multi(n_blocks * (uint32_t)64U,
+  Hacl_Hash_Blake2s_update_multi(n_blocks * 64U,
     wv0,
     s0,
     (uint64_t)block_len,
     full_blocks,
     n_blocks);
   uint32_t wv1[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_last(rem_len,
+  Hacl_Hash_Blake2s_update_last(rem_len,
     wv1,
     s0,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+    (uint64_t)64U + (uint64_t)full_blocks_len,
     rem_len,
     rem);
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst, s0);
+  Hacl_Hash_Blake2s_finish(32U, dst, s0);
 }
 
 /**
@@ -725,71 +703,66 @@ Hacl_HMAC_compute_blake2b_32(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2b_32_blake2b((uint32_t)64U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2b_hash_with_key(nkey, 64U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t s[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_init(s, (uint32_t)0U, (uint32_t)64U);
+  Hacl_Hash_Blake2b_init(s, 0U, 64U);
   uint64_t *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last((uint32_t)128U,
-      wv,
-      s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      (uint32_t)128U,
-      ipad);
+    Hacl_Hash_Blake2b_update_last(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), 128U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -802,40 +775,34 @@ Hacl_HMAC_compute_blake2b_32(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-      wv,
-      s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      ipad,
-      (uint32_t)1U);
+    Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), ipad, 1U);
     uint64_t wv0[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi(n_blocks * (uint32_t)128U,
+    Hacl_Hash_Blake2b_update_multi(n_blocks * 128U,
       wv0,
       s0,
       FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
       full_blocks,
       n_blocks);
     uint64_t wv1[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last(rem_len,
+    Hacl_Hash_Blake2b_update_last(rem_len,
       wv1,
       s0,
-      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       rem_len,
       rem);
   }
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst1, s0);
+  Hacl_Hash_Blake2b_finish(64U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2b_32_blake2b_init(s0, (uint32_t)0U, (uint32_t)64U);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_Blake2b_init(s0, 0U, 64U);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -847,27 +814,22 @@ Hacl_HMAC_compute_blake2b_32(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   uint64_t wv[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-    wv,
-    s0,
-    FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-    opad,
-    (uint32_t)1U);
+  Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), opad, 1U);
   uint64_t wv0[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_multi(n_blocks * (uint32_t)128U,
+  Hacl_Hash_Blake2b_update_multi(n_blocks * 128U,
     wv0,
     s0,
     FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
     full_blocks,
     n_blocks);
   uint64_t wv1[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_last(rem_len,
+  Hacl_Hash_Blake2b_update_last(rem_len,
     wv1,
     s0,
-    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
       FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
     rem_len,
     rem);
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst, s0);
+  Hacl_Hash_Blake2b_finish(64U, dst, s0);
 }
 
diff --git a/src/Hacl_HMAC_Blake2b_256.c b/src/Hacl_HMAC_Blake2b_256.c
index 71f75415..6197490a 100644
--- a/src/Hacl_HMAC_Blake2b_256.c
+++ b/src/Hacl_HMAC_Blake2b_256.c
@@ -26,7 +26,8 @@
 #include "Hacl_HMAC_Blake2b_256.h"
 
 #include "internal/Hacl_Krmllib.h"
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2b_Simd256.h"
+#include "internal/Hacl_HMAC.h"
 
 /**
 Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.
@@ -43,71 +44,71 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2b_256_blake2b((uint32_t)64U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2b_Simd256_hash_with_key(nkey, 64U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_init(s, (uint32_t)0U, (uint32_t)64U);
+  Hacl_Hash_Blake2b_Simd256_init(s, 0U, 64U);
   Lib_IntVector_Intrinsics_vec256 *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_last((uint32_t)128U,
+    Hacl_Hash_Blake2b_Simd256_update_last(128U,
       wv,
       s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      (uint32_t)128U,
+      FStar_UInt128_uint64_to_uint128(0ULL),
+      128U,
       ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -120,40 +121,39 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_multi((uint32_t)128U,
+    Hacl_Hash_Blake2b_Simd256_update_multi(128U,
       wv,
       s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
+      FStar_UInt128_uint64_to_uint128(0ULL),
       ipad,
-      (uint32_t)1U);
+      1U);
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv0[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_multi(n_blocks * (uint32_t)128U,
+    Hacl_Hash_Blake2b_Simd256_update_multi(n_blocks * 128U,
       wv0,
       s0,
       FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
       full_blocks,
       n_blocks);
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv1[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_last(rem_len,
+    Hacl_Hash_Blake2b_Simd256_update_last(rem_len,
       wv1,
       s0,
-      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       rem_len,
       rem);
   }
-  Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst1, s0);
+  Hacl_Hash_Blake2b_Simd256_finish(64U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2b_256_blake2b_init(s0, (uint32_t)0U, (uint32_t)64U);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_Blake2b_Simd256_init(s0, 0U, 64U);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -165,27 +165,27 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_update_multi((uint32_t)128U,
+  Hacl_Hash_Blake2b_Simd256_update_multi(128U,
     wv,
     s0,
-    FStar_UInt128_uint64_to_uint128((uint64_t)0U),
+    FStar_UInt128_uint64_to_uint128(0ULL),
     opad,
-    (uint32_t)1U);
+    1U);
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv0[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_update_multi(n_blocks * (uint32_t)128U,
+  Hacl_Hash_Blake2b_Simd256_update_multi(n_blocks * 128U,
     wv0,
     s0,
     FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
     full_blocks,
     n_blocks);
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv1[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_update_last(rem_len,
+  Hacl_Hash_Blake2b_Simd256_update_last(rem_len,
     wv1,
     s0,
-    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
       FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
     rem_len,
     rem);
-  Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, s0);
+  Hacl_Hash_Blake2b_Simd256_finish(64U, dst, s0);
 }
 
diff --git a/src/Hacl_HMAC_Blake2s_128.c b/src/Hacl_HMAC_Blake2s_128.c
index bce00309..0741bffb 100644
--- a/src/Hacl_HMAC_Blake2s_128.c
+++ b/src/Hacl_HMAC_Blake2s_128.c
@@ -25,7 +25,8 @@
 
 #include "Hacl_HMAC_Blake2s_128.h"
 
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2s_Simd128.h"
+#include "internal/Hacl_HMAC.h"
 
 /**
 Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.
@@ -42,66 +43,66 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2s_128_blake2s((uint32_t)32U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2s_Simd128_hash_with_key(nkey, 32U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t ipad[l];
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t opad[l];
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 s[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_init(s, (uint32_t)0U, (uint32_t)32U);
+  Hacl_Hash_Blake2s_Simd128_init(s, 0U, 32U);
   Lib_IntVector_Intrinsics_vec128 *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_last((uint32_t)64U, wv, s0, (uint64_t)0U, (uint32_t)64U, ipad);
+    Hacl_Hash_Blake2s_Simd128_update_last(64U, wv, s0, 0ULL, 64U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -114,34 +115,33 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, ipad, (uint32_t)1U);
+    Hacl_Hash_Blake2s_Simd128_update_multi(64U, wv, s0, 0ULL, ipad, 1U);
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv0[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_multi(n_blocks * (uint32_t)64U,
+    Hacl_Hash_Blake2s_Simd128_update_multi(n_blocks * 64U,
       wv0,
       s0,
       (uint64_t)block_len,
       full_blocks,
       n_blocks);
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv1[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_last(rem_len,
+    Hacl_Hash_Blake2s_Simd128_update_last(rem_len,
       wv1,
       s0,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+      (uint64_t)64U + (uint64_t)full_blocks_len,
       rem_len,
       rem);
   }
-  Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst1, s0);
+  Hacl_Hash_Blake2s_Simd128_finish(32U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2s_128_blake2s_init(s0, (uint32_t)0U, (uint32_t)32U);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_Blake2s_Simd128_init(s0, 0U, 32U);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -153,21 +153,21 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, opad, (uint32_t)1U);
+  Hacl_Hash_Blake2s_Simd128_update_multi(64U, wv, s0, 0ULL, opad, 1U);
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv0[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_update_multi(n_blocks * (uint32_t)64U,
+  Hacl_Hash_Blake2s_Simd128_update_multi(n_blocks * 64U,
     wv0,
     s0,
     (uint64_t)block_len,
     full_blocks,
     n_blocks);
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv1[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_update_last(rem_len,
+  Hacl_Hash_Blake2s_Simd128_update_last(rem_len,
     wv1,
     s0,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+    (uint64_t)64U + (uint64_t)full_blocks_len,
     rem_len,
     rem);
-  Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, s0);
+  Hacl_Hash_Blake2s_Simd128_finish(32U, dst, s0);
 }
 
diff --git a/src/Hacl_HMAC_DRBG.c b/src/Hacl_HMAC_DRBG.c
index 0a09aaed..13de88bc 100644
--- a/src/Hacl_HMAC_DRBG.c
+++ b/src/Hacl_HMAC_DRBG.c
@@ -25,15 +25,15 @@
 
 #include "Hacl_HMAC_DRBG.h"
 
-uint32_t Hacl_HMAC_DRBG_reseed_interval = (uint32_t)1024U;
+uint32_t Hacl_HMAC_DRBG_reseed_interval = 1024U;
 
-uint32_t Hacl_HMAC_DRBG_max_output_length = (uint32_t)65536U;
+uint32_t Hacl_HMAC_DRBG_max_output_length = 65536U;
 
-uint32_t Hacl_HMAC_DRBG_max_length = (uint32_t)65536U;
+uint32_t Hacl_HMAC_DRBG_max_length = 65536U;
 
-uint32_t Hacl_HMAC_DRBG_max_personalization_string_length = (uint32_t)65536U;
+uint32_t Hacl_HMAC_DRBG_max_personalization_string_length = 65536U;
 
-uint32_t Hacl_HMAC_DRBG_max_additional_input_length = (uint32_t)65536U;
+uint32_t Hacl_HMAC_DRBG_max_additional_input_length = 65536U;
 
 /**
 Return the minimal entropy input length of the desired hash function.
@@ -46,19 +46,19 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)16U;
+        return 16U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     default:
       {
@@ -71,8 +71,8 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
 bool
 Hacl_HMAC_DRBG_uu___is_State(Spec_Hash_Definitions_hash_alg a, Hacl_HMAC_DRBG_state projectee)
 {
-  KRML_HOST_IGNORE(a);
-  KRML_HOST_IGNORE(projectee);
+  KRML_MAYBE_UNUSED_VAR(a);
+  KRML_MAYBE_UNUSED_VAR(projectee);
   return true;
 }
 
@@ -92,25 +92,25 @@ Hacl_HMAC_DRBG_state Hacl_HMAC_DRBG_create_in(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)20U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(20U, sizeof (uint8_t));
         k = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
         k = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)48U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(48U, sizeof (uint8_t));
         k = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
         k = buf;
         break;
       }
@@ -125,25 +125,25 @@ Hacl_HMAC_DRBG_state Hacl_HMAC_DRBG_create_in(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)20U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(20U, sizeof (uint8_t));
         v = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
         v = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)48U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(48U, sizeof (uint8_t));
         v = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
         v = buf;
         break;
       }
@@ -154,7 +154,7 @@ Hacl_HMAC_DRBG_state Hacl_HMAC_DRBG_create_in(Spec_Hash_Definitions_hash_alg a)
       }
   }
   uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return ((Hacl_HMAC_DRBG_state){ .k = k, .v = v, .reseed_counter = ctr });
 }
 
@@ -200,45 +200,43 @@ Hacl_HMAC_DRBG_instantiate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        memset(k, 0U, (uint32_t)20U * sizeof (uint8_t));
-        memset(v, (uint8_t)1U, (uint32_t)20U * sizeof (uint8_t));
-        ctr[0U] = (uint32_t)1U;
-        uint32_t
-        input_len = (uint32_t)21U + entropy_input_len + nonce_len + personalization_string_len;
+        memset(k, 0U, 20U * sizeof (uint8_t));
+        memset(v, 1U, 20U * sizeof (uint8_t));
+        ctr[0U] = 1U;
+        uint32_t input_len = 21U + entropy_input_len + nonce_len + personalization_string_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        memcpy(k_, v, 20U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          memcpy(input0 + (uint32_t)21U,
+          memcpy(input0 + 21U,
             seed_material,
             (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
         }
-        input0[20U] = (uint8_t)0U;
-        Hacl_HMAC_legacy_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-        Hacl_HMAC_legacy_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        input0[20U] = 0U;
+        Hacl_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+        Hacl_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+        memcpy(k, k_, 20U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          uint32_t
-          input_len0 = (uint32_t)21U + entropy_input_len + nonce_len + personalization_string_len;
+          uint32_t input_len0 = 21U + entropy_input_len + nonce_len + personalization_string_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-          if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+          memcpy(k_0, v, 20U * sizeof (uint8_t));
+          if (entropy_input_len + nonce_len + personalization_string_len != 0U)
           {
-            memcpy(input + (uint32_t)21U,
+            memcpy(input + 21U,
               seed_material,
               (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
           }
-          input[20U] = (uint8_t)1U;
-          Hacl_HMAC_legacy_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-          Hacl_HMAC_legacy_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+          input[20U] = 1U;
+          Hacl_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+          Hacl_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+          memcpy(k, k_0, 20U * sizeof (uint8_t));
         }
         break;
       }
@@ -258,45 +256,43 @@ Hacl_HMAC_DRBG_instantiate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        memset(k, 0U, (uint32_t)32U * sizeof (uint8_t));
-        memset(v, (uint8_t)1U, (uint32_t)32U * sizeof (uint8_t));
-        ctr[0U] = (uint32_t)1U;
-        uint32_t
-        input_len = (uint32_t)33U + entropy_input_len + nonce_len + personalization_string_len;
+        memset(k, 0U, 32U * sizeof (uint8_t));
+        memset(v, 1U, 32U * sizeof (uint8_t));
+        ctr[0U] = 1U;
+        uint32_t input_len = 33U + entropy_input_len + nonce_len + personalization_string_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        memcpy(k_, v, 32U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          memcpy(input0 + (uint32_t)33U,
+          memcpy(input0 + 33U,
             seed_material,
             (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
         }
-        input0[32U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-        Hacl_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        input0[32U] = 0U;
+        Hacl_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+        Hacl_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+        memcpy(k, k_, 32U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          uint32_t
-          input_len0 = (uint32_t)33U + entropy_input_len + nonce_len + personalization_string_len;
+          uint32_t input_len0 = 33U + entropy_input_len + nonce_len + personalization_string_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-          if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+          memcpy(k_0, v, 32U * sizeof (uint8_t));
+          if (entropy_input_len + nonce_len + personalization_string_len != 0U)
           {
-            memcpy(input + (uint32_t)33U,
+            memcpy(input + 33U,
               seed_material,
               (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
           }
-          input[32U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-          Hacl_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+          input[32U] = 1U;
+          Hacl_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+          Hacl_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+          memcpy(k, k_0, 32U * sizeof (uint8_t));
         }
         break;
       }
@@ -316,45 +312,43 @@ Hacl_HMAC_DRBG_instantiate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        memset(k, 0U, (uint32_t)48U * sizeof (uint8_t));
-        memset(v, (uint8_t)1U, (uint32_t)48U * sizeof (uint8_t));
-        ctr[0U] = (uint32_t)1U;
-        uint32_t
-        input_len = (uint32_t)49U + entropy_input_len + nonce_len + personalization_string_len;
+        memset(k, 0U, 48U * sizeof (uint8_t));
+        memset(v, 1U, 48U * sizeof (uint8_t));
+        ctr[0U] = 1U;
+        uint32_t input_len = 49U + entropy_input_len + nonce_len + personalization_string_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        memcpy(k_, v, 48U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          memcpy(input0 + (uint32_t)49U,
+          memcpy(input0 + 49U,
             seed_material,
             (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
         }
-        input0[48U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-        Hacl_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        input0[48U] = 0U;
+        Hacl_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+        Hacl_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+        memcpy(k, k_, 48U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          uint32_t
-          input_len0 = (uint32_t)49U + entropy_input_len + nonce_len + personalization_string_len;
+          uint32_t input_len0 = 49U + entropy_input_len + nonce_len + personalization_string_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-          if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+          memcpy(k_0, v, 48U * sizeof (uint8_t));
+          if (entropy_input_len + nonce_len + personalization_string_len != 0U)
           {
-            memcpy(input + (uint32_t)49U,
+            memcpy(input + 49U,
               seed_material,
               (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
           }
-          input[48U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-          Hacl_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+          input[48U] = 1U;
+          Hacl_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+          Hacl_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+          memcpy(k, k_0, 48U * sizeof (uint8_t));
         }
         break;
       }
@@ -374,45 +368,43 @@ Hacl_HMAC_DRBG_instantiate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        memset(k, 0U, (uint32_t)64U * sizeof (uint8_t));
-        memset(v, (uint8_t)1U, (uint32_t)64U * sizeof (uint8_t));
-        ctr[0U] = (uint32_t)1U;
-        uint32_t
-        input_len = (uint32_t)65U + entropy_input_len + nonce_len + personalization_string_len;
+        memset(k, 0U, 64U * sizeof (uint8_t));
+        memset(v, 1U, 64U * sizeof (uint8_t));
+        ctr[0U] = 1U;
+        uint32_t input_len = 65U + entropy_input_len + nonce_len + personalization_string_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        memcpy(k_, v, 64U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          memcpy(input0 + (uint32_t)65U,
+          memcpy(input0 + 65U,
             seed_material,
             (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
         }
-        input0[64U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-        Hacl_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        input0[64U] = 0U;
+        Hacl_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+        Hacl_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+        memcpy(k, k_, 64U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          uint32_t
-          input_len0 = (uint32_t)65U + entropy_input_len + nonce_len + personalization_string_len;
+          uint32_t input_len0 = 65U + entropy_input_len + nonce_len + personalization_string_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-          if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+          memcpy(k_0, v, 64U * sizeof (uint8_t));
+          if (entropy_input_len + nonce_len + personalization_string_len != 0U)
           {
-            memcpy(input + (uint32_t)65U,
+            memcpy(input + 65U,
               seed_material,
               (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
           }
-          input[64U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-          Hacl_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+          input[64U] = 1U;
+          Hacl_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+          Hacl_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+          memcpy(k, k_0, 64U * sizeof (uint8_t));
         }
         break;
       }
@@ -460,42 +452,42 @@ Hacl_HMAC_DRBG_reseed(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_input_len;
+        uint32_t input_len = 21U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        memcpy(k_, v, 20U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)21U,
+          memcpy(input0 + 21U,
             seed_material,
             (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
         }
-        input0[20U] = (uint8_t)0U;
-        Hacl_HMAC_legacy_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-        Hacl_HMAC_legacy_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        input0[20U] = 0U;
+        Hacl_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+        Hacl_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+        memcpy(k, k_, 20U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_input_len;
+          uint32_t input_len0 = 21U + entropy_input_len + additional_input_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-          if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 20U * sizeof (uint8_t));
+          if (entropy_input_len + additional_input_input_len != 0U)
           {
-            memcpy(input + (uint32_t)21U,
+            memcpy(input + 21U,
               seed_material,
               (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
           }
-          input[20U] = (uint8_t)1U;
-          Hacl_HMAC_legacy_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-          Hacl_HMAC_legacy_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+          input[20U] = 1U;
+          Hacl_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+          Hacl_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+          memcpy(k, k_0, 20U * sizeof (uint8_t));
         }
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
@@ -512,42 +504,42 @@ Hacl_HMAC_DRBG_reseed(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_input_len;
+        uint32_t input_len = 33U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        memcpy(k_, v, 32U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)33U,
+          memcpy(input0 + 33U,
             seed_material,
             (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
         }
-        input0[32U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-        Hacl_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        input0[32U] = 0U;
+        Hacl_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+        Hacl_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+        memcpy(k, k_, 32U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_input_len;
+          uint32_t input_len0 = 33U + entropy_input_len + additional_input_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-          if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 32U * sizeof (uint8_t));
+          if (entropy_input_len + additional_input_input_len != 0U)
           {
-            memcpy(input + (uint32_t)33U,
+            memcpy(input + 33U,
               seed_material,
               (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
           }
-          input[32U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-          Hacl_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+          input[32U] = 1U;
+          Hacl_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+          Hacl_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+          memcpy(k, k_0, 32U * sizeof (uint8_t));
         }
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
@@ -564,42 +556,42 @@ Hacl_HMAC_DRBG_reseed(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_input_len;
+        uint32_t input_len = 49U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        memcpy(k_, v, 48U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)49U,
+          memcpy(input0 + 49U,
             seed_material,
             (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
         }
-        input0[48U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-        Hacl_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        input0[48U] = 0U;
+        Hacl_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+        Hacl_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+        memcpy(k, k_, 48U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_input_len;
+          uint32_t input_len0 = 49U + entropy_input_len + additional_input_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-          if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 48U * sizeof (uint8_t));
+          if (entropy_input_len + additional_input_input_len != 0U)
           {
-            memcpy(input + (uint32_t)49U,
+            memcpy(input + 49U,
               seed_material,
               (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
           }
-          input[48U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-          Hacl_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+          input[48U] = 1U;
+          Hacl_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+          Hacl_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+          memcpy(k, k_0, 48U * sizeof (uint8_t));
         }
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
@@ -616,42 +608,42 @@ Hacl_HMAC_DRBG_reseed(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_input_len;
+        uint32_t input_len = 65U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        memcpy(k_, v, 64U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)65U,
+          memcpy(input0 + 65U,
             seed_material,
             (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
         }
-        input0[64U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-        Hacl_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        input0[64U] = 0U;
+        Hacl_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+        Hacl_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+        memcpy(k, k_, 64U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_input_len;
+          uint32_t input_len0 = 65U + entropy_input_len + additional_input_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-          if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 64U * sizeof (uint8_t));
+          if (entropy_input_len + additional_input_input_len != 0U)
           {
-            memcpy(input + (uint32_t)65U,
+            memcpy(input + 65U,
               seed_material,
               (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
           }
-          input[64U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-          Hacl_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+          input[64U] = 1U;
+          Hacl_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+          Hacl_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+          memcpy(k, k_0, 64U * sizeof (uint8_t));
         }
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         break;
       }
     default:
@@ -693,93 +685,87 @@ Hacl_HMAC_DRBG_generate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        if (additional_input_len > (uint32_t)0U)
+        if (additional_input_len > 0U)
         {
-          uint32_t input_len = (uint32_t)21U + additional_input_len;
+          uint32_t input_len = 21U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
           uint8_t input0[input_len];
           memset(input0, 0U, input_len * sizeof (uint8_t));
           uint8_t *k_ = input0;
-          memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_, v, 20U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input0 + (uint32_t)21U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input0 + 21U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input0[20U] = (uint8_t)0U;
-          Hacl_HMAC_legacy_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-          Hacl_HMAC_legacy_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          input0[20U] = 0U;
+          Hacl_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+          Hacl_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+          memcpy(k, k_, 20U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+            uint32_t input_len0 = 21U + additional_input_len;
             KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
             uint8_t input[input_len0];
             memset(input, 0U, input_len0 * sizeof (uint8_t));
             uint8_t *k_0 = input;
-            memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-            if (additional_input_len != (uint32_t)0U)
+            memcpy(k_0, v, 20U * sizeof (uint8_t));
+            if (additional_input_len != 0U)
             {
-              memcpy(input + (uint32_t)21U,
-                additional_input,
-                additional_input_len * sizeof (uint8_t));
+              memcpy(input + 21U, additional_input, additional_input_len * sizeof (uint8_t));
             }
-            input[20U] = (uint8_t)1U;
-            Hacl_HMAC_legacy_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-            Hacl_HMAC_legacy_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-            memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+            input[20U] = 1U;
+            Hacl_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+            Hacl_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+            memcpy(k, k_0, 20U * sizeof (uint8_t));
           }
         }
         uint8_t *output1 = output;
-        uint32_t max = n / (uint32_t)20U;
+        uint32_t max = n / 20U;
         uint8_t *out = output1;
-        for (uint32_t i = (uint32_t)0U; i < max; i++)
+        for (uint32_t i = 0U; i < max; i++)
         {
-          Hacl_HMAC_legacy_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
+          Hacl_HMAC_compute_sha1(v, k, 20U, v, 20U);
+          memcpy(out + i * 20U, v, 20U * sizeof (uint8_t));
         }
-        if (max * (uint32_t)20U < n)
+        if (max * 20U < n)
         {
-          uint8_t *block = output1 + max * (uint32_t)20U;
-          Hacl_HMAC_legacy_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
+          uint8_t *block = output1 + max * 20U;
+          Hacl_HMAC_compute_sha1(v, k, 20U, v, 20U);
+          memcpy(block, v, (n - max * 20U) * sizeof (uint8_t));
         }
-        uint32_t input_len = (uint32_t)21U + additional_input_len;
+        uint32_t input_len = 21U + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        memcpy(k_, v, 20U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+          memcpy(input0 + 21U, additional_input, additional_input_len * sizeof (uint8_t));
         }
-        input0[20U] = (uint8_t)0U;
-        Hacl_HMAC_legacy_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-        Hacl_HMAC_legacy_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        input0[20U] = 0U;
+        Hacl_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+        Hacl_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+        memcpy(k, k_, 20U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+          uint32_t input_len0 = 21U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 20U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input + (uint32_t)21U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input + 21U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input[20U] = (uint8_t)1U;
-          Hacl_HMAC_legacy_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-          Hacl_HMAC_legacy_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+          input[20U] = 1U;
+          Hacl_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+          Hacl_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+          memcpy(k, k_0, 20U * sizeof (uint8_t));
         }
         uint32_t old_ctr = ctr[0U];
-        ctr[0U] = old_ctr + (uint32_t)1U;
+        ctr[0U] = old_ctr + 1U;
         return true;
       }
     case Spec_Hash_Definitions_SHA2_256:
@@ -791,93 +777,87 @@ Hacl_HMAC_DRBG_generate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        if (additional_input_len > (uint32_t)0U)
+        if (additional_input_len > 0U)
         {
-          uint32_t input_len = (uint32_t)33U + additional_input_len;
+          uint32_t input_len = 33U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
           uint8_t input0[input_len];
           memset(input0, 0U, input_len * sizeof (uint8_t));
           uint8_t *k_ = input0;
-          memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_, v, 32U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input0 + (uint32_t)33U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input0 + 33U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input0[32U] = (uint8_t)0U;
-          Hacl_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-          Hacl_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          input0[32U] = 0U;
+          Hacl_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+          Hacl_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+          memcpy(k, k_, 32U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+            uint32_t input_len0 = 33U + additional_input_len;
             KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
             uint8_t input[input_len0];
             memset(input, 0U, input_len0 * sizeof (uint8_t));
             uint8_t *k_0 = input;
-            memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-            if (additional_input_len != (uint32_t)0U)
+            memcpy(k_0, v, 32U * sizeof (uint8_t));
+            if (additional_input_len != 0U)
             {
-              memcpy(input + (uint32_t)33U,
-                additional_input,
-                additional_input_len * sizeof (uint8_t));
+              memcpy(input + 33U, additional_input, additional_input_len * sizeof (uint8_t));
             }
-            input[32U] = (uint8_t)1U;
-            Hacl_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-            Hacl_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-            memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+            input[32U] = 1U;
+            Hacl_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+            Hacl_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+            memcpy(k, k_0, 32U * sizeof (uint8_t));
           }
         }
         uint8_t *output1 = output;
-        uint32_t max = n / (uint32_t)32U;
+        uint32_t max = n / 32U;
         uint8_t *out = output1;
-        for (uint32_t i = (uint32_t)0U; i < max; i++)
+        for (uint32_t i = 0U; i < max; i++)
         {
-          Hacl_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
+          Hacl_HMAC_compute_sha2_256(v, k, 32U, v, 32U);
+          memcpy(out + i * 32U, v, 32U * sizeof (uint8_t));
         }
-        if (max * (uint32_t)32U < n)
+        if (max * 32U < n)
         {
-          uint8_t *block = output1 + max * (uint32_t)32U;
-          Hacl_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
+          uint8_t *block = output1 + max * 32U;
+          Hacl_HMAC_compute_sha2_256(v, k, 32U, v, 32U);
+          memcpy(block, v, (n - max * 32U) * sizeof (uint8_t));
         }
-        uint32_t input_len = (uint32_t)33U + additional_input_len;
+        uint32_t input_len = 33U + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        memcpy(k_, v, 32U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+          memcpy(input0 + 33U, additional_input, additional_input_len * sizeof (uint8_t));
         }
-        input0[32U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-        Hacl_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        input0[32U] = 0U;
+        Hacl_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+        Hacl_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+        memcpy(k, k_, 32U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+          uint32_t input_len0 = 33U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 32U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input + (uint32_t)33U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input + 33U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input[32U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-          Hacl_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+          input[32U] = 1U;
+          Hacl_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+          Hacl_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+          memcpy(k, k_0, 32U * sizeof (uint8_t));
         }
         uint32_t old_ctr = ctr[0U];
-        ctr[0U] = old_ctr + (uint32_t)1U;
+        ctr[0U] = old_ctr + 1U;
         return true;
       }
     case Spec_Hash_Definitions_SHA2_384:
@@ -889,93 +869,87 @@ Hacl_HMAC_DRBG_generate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        if (additional_input_len > (uint32_t)0U)
+        if (additional_input_len > 0U)
         {
-          uint32_t input_len = (uint32_t)49U + additional_input_len;
+          uint32_t input_len = 49U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
           uint8_t input0[input_len];
           memset(input0, 0U, input_len * sizeof (uint8_t));
           uint8_t *k_ = input0;
-          memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_, v, 48U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input0 + (uint32_t)49U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input0 + 49U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input0[48U] = (uint8_t)0U;
-          Hacl_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-          Hacl_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          input0[48U] = 0U;
+          Hacl_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+          Hacl_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+          memcpy(k, k_, 48U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+            uint32_t input_len0 = 49U + additional_input_len;
             KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
             uint8_t input[input_len0];
             memset(input, 0U, input_len0 * sizeof (uint8_t));
             uint8_t *k_0 = input;
-            memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-            if (additional_input_len != (uint32_t)0U)
+            memcpy(k_0, v, 48U * sizeof (uint8_t));
+            if (additional_input_len != 0U)
             {
-              memcpy(input + (uint32_t)49U,
-                additional_input,
-                additional_input_len * sizeof (uint8_t));
+              memcpy(input + 49U, additional_input, additional_input_len * sizeof (uint8_t));
             }
-            input[48U] = (uint8_t)1U;
-            Hacl_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-            Hacl_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-            memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+            input[48U] = 1U;
+            Hacl_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+            Hacl_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+            memcpy(k, k_0, 48U * sizeof (uint8_t));
           }
         }
         uint8_t *output1 = output;
-        uint32_t max = n / (uint32_t)48U;
+        uint32_t max = n / 48U;
         uint8_t *out = output1;
-        for (uint32_t i = (uint32_t)0U; i < max; i++)
+        for (uint32_t i = 0U; i < max; i++)
         {
-          Hacl_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
+          Hacl_HMAC_compute_sha2_384(v, k, 48U, v, 48U);
+          memcpy(out + i * 48U, v, 48U * sizeof (uint8_t));
         }
-        if (max * (uint32_t)48U < n)
+        if (max * 48U < n)
         {
-          uint8_t *block = output1 + max * (uint32_t)48U;
-          Hacl_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
+          uint8_t *block = output1 + max * 48U;
+          Hacl_HMAC_compute_sha2_384(v, k, 48U, v, 48U);
+          memcpy(block, v, (n - max * 48U) * sizeof (uint8_t));
         }
-        uint32_t input_len = (uint32_t)49U + additional_input_len;
+        uint32_t input_len = 49U + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        memcpy(k_, v, 48U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+          memcpy(input0 + 49U, additional_input, additional_input_len * sizeof (uint8_t));
         }
-        input0[48U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-        Hacl_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        input0[48U] = 0U;
+        Hacl_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+        Hacl_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+        memcpy(k, k_, 48U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+          uint32_t input_len0 = 49U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 48U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input + (uint32_t)49U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input + 49U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input[48U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-          Hacl_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+          input[48U] = 1U;
+          Hacl_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+          Hacl_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+          memcpy(k, k_0, 48U * sizeof (uint8_t));
         }
         uint32_t old_ctr = ctr[0U];
-        ctr[0U] = old_ctr + (uint32_t)1U;
+        ctr[0U] = old_ctr + 1U;
         return true;
       }
     case Spec_Hash_Definitions_SHA2_512:
@@ -987,93 +961,87 @@ Hacl_HMAC_DRBG_generate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        if (additional_input_len > (uint32_t)0U)
+        if (additional_input_len > 0U)
         {
-          uint32_t input_len = (uint32_t)65U + additional_input_len;
+          uint32_t input_len = 65U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
           uint8_t input0[input_len];
           memset(input0, 0U, input_len * sizeof (uint8_t));
           uint8_t *k_ = input0;
-          memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_, v, 64U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input0 + (uint32_t)65U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input0 + 65U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input0[64U] = (uint8_t)0U;
-          Hacl_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-          Hacl_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          input0[64U] = 0U;
+          Hacl_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+          Hacl_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+          memcpy(k, k_, 64U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+            uint32_t input_len0 = 65U + additional_input_len;
             KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
             uint8_t input[input_len0];
             memset(input, 0U, input_len0 * sizeof (uint8_t));
             uint8_t *k_0 = input;
-            memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-            if (additional_input_len != (uint32_t)0U)
+            memcpy(k_0, v, 64U * sizeof (uint8_t));
+            if (additional_input_len != 0U)
             {
-              memcpy(input + (uint32_t)65U,
-                additional_input,
-                additional_input_len * sizeof (uint8_t));
+              memcpy(input + 65U, additional_input, additional_input_len * sizeof (uint8_t));
             }
-            input[64U] = (uint8_t)1U;
-            Hacl_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-            Hacl_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-            memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+            input[64U] = 1U;
+            Hacl_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+            Hacl_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+            memcpy(k, k_0, 64U * sizeof (uint8_t));
           }
         }
         uint8_t *output1 = output;
-        uint32_t max = n / (uint32_t)64U;
+        uint32_t max = n / 64U;
         uint8_t *out = output1;
-        for (uint32_t i = (uint32_t)0U; i < max; i++)
+        for (uint32_t i = 0U; i < max; i++)
         {
-          Hacl_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
+          Hacl_HMAC_compute_sha2_512(v, k, 64U, v, 64U);
+          memcpy(out + i * 64U, v, 64U * sizeof (uint8_t));
         }
-        if (max * (uint32_t)64U < n)
+        if (max * 64U < n)
         {
-          uint8_t *block = output1 + max * (uint32_t)64U;
-          Hacl_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
+          uint8_t *block = output1 + max * 64U;
+          Hacl_HMAC_compute_sha2_512(v, k, 64U, v, 64U);
+          memcpy(block, v, (n - max * 64U) * sizeof (uint8_t));
         }
-        uint32_t input_len = (uint32_t)65U + additional_input_len;
+        uint32_t input_len = 65U + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        memcpy(k_, v, 64U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+          memcpy(input0 + 65U, additional_input, additional_input_len * sizeof (uint8_t));
         }
-        input0[64U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-        Hacl_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        input0[64U] = 0U;
+        Hacl_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+        Hacl_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+        memcpy(k, k_, 64U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+          uint32_t input_len0 = 65U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t input[input_len0];
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 64U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input + (uint32_t)65U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input + 65U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input[64U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-          Hacl_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+          input[64U] = 1U;
+          Hacl_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+          Hacl_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+          memcpy(k, k_0, 64U * sizeof (uint8_t));
         }
         uint32_t old_ctr = ctr[0U];
-        ctr[0U] = old_ctr + (uint32_t)1U;
+        ctr[0U] = old_ctr + 1U;
         return true;
       }
     default:
@@ -1086,7 +1054,7 @@ Hacl_HMAC_DRBG_generate(
 
 void Hacl_HMAC_DRBG_free(Spec_Hash_Definitions_hash_alg uu___, Hacl_HMAC_DRBG_state s)
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
diff --git a/src/Hacl_HPKE_Curve51_CP128_SHA256.c b/src/Hacl_HPKE_Curve51_CP128_SHA256.c
index 5814ae67..e8df237e 100644
--- a/src/Hacl_HPKE_Curve51_CP128_SHA256.c
+++ b/src/Hacl_HPKE_Curve51_CP128_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP128_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP128_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP128_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve51_CP128_SHA256_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve51_CP128_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve51_CP128_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve51_CP128_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP128_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve51_CP128_SHA512.c b/src/Hacl_HPKE_Curve51_CP128_SHA512.c
index c6aff2e5..62fce254 100644
--- a/src/Hacl_HPKE_Curve51_CP128_SHA512.c
+++ b/src/Hacl_HPKE_Curve51_CP128_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP128_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP128_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP128_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve51_CP128_SHA512_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve51_CP128_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve51_CP128_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve51_CP128_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP128_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve51_CP256_SHA256.c b/src/Hacl_HPKE_Curve51_CP256_SHA256.c
index 4c448589..9862d19d 100644
--- a/src/Hacl_HPKE_Curve51_CP256_SHA256.c
+++ b/src/Hacl_HPKE_Curve51_CP256_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP256_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP256_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP256_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve51_CP256_SHA256_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve51_CP256_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve51_CP256_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve51_CP256_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP256_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve51_CP256_SHA512.c b/src/Hacl_HPKE_Curve51_CP256_SHA512.c
index 1ee26ea0..cafcf2c7 100644
--- a/src/Hacl_HPKE_Curve51_CP256_SHA512.c
+++ b/src/Hacl_HPKE_Curve51_CP256_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP256_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP256_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP256_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve51_CP256_SHA512_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve51_CP256_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve51_CP256_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve51_CP256_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP256_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve51_CP32_SHA256.c b/src/Hacl_HPKE_Curve51_CP32_SHA256.c
index bc59f64a..3db57fa8 100644
--- a/src/Hacl_HPKE_Curve51_CP32_SHA256.c
+++ b/src/Hacl_HPKE_Curve51_CP32_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP32_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP32_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP32_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -607,43 +552,45 @@ Hacl_HPKE_Curve51_CP32_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP32_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -661,7 +608,7 @@ Hacl_HPKE_Curve51_CP32_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -672,42 +619,44 @@ Hacl_HPKE_Curve51_CP32_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP32_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve51_CP32_SHA512.c b/src/Hacl_HPKE_Curve51_CP32_SHA512.c
index 0314c71c..84889570 100644
--- a/src/Hacl_HPKE_Curve51_CP32_SHA512.c
+++ b/src/Hacl_HPKE_Curve51_CP32_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP32_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP32_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP32_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -607,43 +552,45 @@ Hacl_HPKE_Curve51_CP32_SHA512_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP32_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -661,7 +608,7 @@ Hacl_HPKE_Curve51_CP32_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -672,42 +619,44 @@ Hacl_HPKE_Curve51_CP32_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP32_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve64_CP128_SHA256.c b/src/Hacl_HPKE_Curve64_CP128_SHA256.c
index c22d5a64..742bc0da 100644
--- a/src/Hacl_HPKE_Curve64_CP128_SHA256.c
+++ b/src/Hacl_HPKE_Curve64_CP128_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP128_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP128_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP128_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve64_CP128_SHA256_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve64_CP128_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve64_CP128_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve64_CP128_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP128_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve64_CP128_SHA512.c b/src/Hacl_HPKE_Curve64_CP128_SHA512.c
index d01bc1f8..915cc6ad 100644
--- a/src/Hacl_HPKE_Curve64_CP128_SHA512.c
+++ b/src/Hacl_HPKE_Curve64_CP128_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP128_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP128_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP128_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve64_CP128_SHA512_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve64_CP128_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve64_CP128_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve64_CP128_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP128_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve64_CP256_SHA256.c b/src/Hacl_HPKE_Curve64_CP256_SHA256.c
index 6de7db47..c8f5148a 100644
--- a/src/Hacl_HPKE_Curve64_CP256_SHA256.c
+++ b/src/Hacl_HPKE_Curve64_CP256_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP256_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP256_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP256_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve64_CP256_SHA256_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve64_CP256_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve64_CP256_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve64_CP256_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP256_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve64_CP256_SHA512.c b/src/Hacl_HPKE_Curve64_CP256_SHA512.c
index 146b64eb..2b581c0a 100644
--- a/src/Hacl_HPKE_Curve64_CP256_SHA512.c
+++ b/src/Hacl_HPKE_Curve64_CP256_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP256_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP256_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP256_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve64_CP256_SHA512_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve64_CP256_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve64_CP256_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve64_CP256_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP256_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve64_CP32_SHA256.c b/src/Hacl_HPKE_Curve64_CP32_SHA256.c
index c7f168bb..7389f1f2 100644
--- a/src/Hacl_HPKE_Curve64_CP32_SHA256.c
+++ b/src/Hacl_HPKE_Curve64_CP32_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP32_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP32_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP32_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -607,43 +552,45 @@ Hacl_HPKE_Curve64_CP32_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP32_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -661,7 +608,7 @@ Hacl_HPKE_Curve64_CP32_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -672,42 +619,44 @@ Hacl_HPKE_Curve64_CP32_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP32_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_Curve64_CP32_SHA512.c b/src/Hacl_HPKE_Curve64_CP32_SHA512.c
index 39e1a267..2ec61714 100644
--- a/src/Hacl_HPKE_Curve64_CP32_SHA512.c
+++ b/src/Hacl_HPKE_Curve64_CP32_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP32_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP32_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp0[len0];
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp0[len0];
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp1[len1];
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp2[len2];
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp3[len3];
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp4[len4];
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP32_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -607,43 +552,45 @@ Hacl_HPKE_Curve64_CP32_SHA512_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP32_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -661,7 +608,7 @@ Hacl_HPKE_Curve64_CP32_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -672,42 +619,44 @@ Hacl_HPKE_Curve64_CP32_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP32_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_P256_CP128_SHA256.c b/src/Hacl_HPKE_P256_CP128_SHA256.c
index 5320f1f5..54a217fd 100644
--- a/src/Hacl_HPKE_P256_CP128_SHA256.c
+++ b/src/Hacl_HPKE_P256_CP128_SHA256.c
@@ -38,267 +38,239 @@ Hacl_HPKE_P256_CP128_SHA256_setupBaseS(
 )
 {
   uint8_t o_shared[32U] = { 0U };
-  uint8_t *o_pkE1 = o_pkE + (uint32_t)1U;
+  uint8_t *o_pkE1 = o_pkE + 1U;
   bool res0 = Hacl_Impl_P256_DH_ecp256dh_i(o_pkE1, skE);
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint32_t res3;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    o_pkE[0U] = (uint8_t)4U;
+    o_pkE[0U] = 4U;
     uint8_t o_dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkR, skE);
-    memcpy(o_dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(o_dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res2;
     if (res)
     {
-      res2 = (uint32_t)0U;
+      res2 = 0U;
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
     uint8_t o_kemcontext[130U] = { 0U };
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)65U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)65U;
-      uint8_t *o_pkR = o_pkRm + (uint32_t)1U;
-      memcpy(o_pkR, pkR, (uint32_t)64U * sizeof (uint8_t));
-      o_pkRm[0U] = (uint8_t)4U;
+      memcpy(o_kemcontext, o_pkE, 65U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 65U;
+      uint8_t *o_pkR = o_pkRm + 1U;
+      memcpy(o_pkR, pkR, 64U * sizeof (uint8_t));
+      o_pkRm[0U] = 4U;
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____0 = suite_id_kem;
-      uu____0[0U] = (uint8_t)0x4bU;
-      uu____0[1U] = (uint8_t)0x45U;
-      uu____0[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-      uu____1[0U] = (uint8_t)0U;
-      uu____1[1U] = (uint8_t)16U;
+      uu____0[0U] = 0x4bU;
+      uu____0[1U] = 0x45U;
+      uu____0[2U] = 0x4dU;
+      uint8_t *uu____1 = suite_id_kem + 3U;
+      uu____1[0U] = 0U;
+      uu____1[1U] = 16U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp1[len0];
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____2 = tmp1;
-      uu____2[0U] = (uint8_t)0x48U;
-      uu____2[1U] = (uint8_t)0x50U;
-      uu____2[2U] = (uint8_t)0x4bU;
-      uu____2[3U] = (uint8_t)0x45U;
-      uu____2[4U] = (uint8_t)0x2dU;
-      uu____2[5U] = (uint8_t)0x76U;
-      uu____2[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+      uu____2[0U] = 0x48U;
+      uu____2[1U] = 0x50U;
+      uu____2[2U] = 0x4bU;
+      uu____2[3U] = 0x45U;
+      uu____2[4U] = 0x2dU;
+      uu____2[5U] = 0x76U;
+      uu____2[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp1 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)157U;
+      uint32_t len = 157U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____3 = tmp + (uint32_t)2U;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)130U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res3 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____3 = tmp + 2U;
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 130U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res3 = 0U;
     }
     else
     {
-      res3 = (uint32_t)1U;
+      res3 = 1U;
     }
   }
   else
   {
-    res3 = (uint32_t)1U;
+    res3 = 1U;
   }
-  if (res3 == (uint32_t)0U)
+  if (res3 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____4 = suite_id;
-    uu____4[0U] = (uint8_t)0x48U;
-    uu____4[1U] = (uint8_t)0x50U;
-    uu____4[2U] = (uint8_t)0x4bU;
-    uu____4[3U] = (uint8_t)0x45U;
-    uint8_t *uu____5 = suite_id + (uint32_t)4U;
-    uu____5[0U] = (uint8_t)0U;
-    uu____5[1U] = (uint8_t)16U;
-    uint8_t *uu____6 = suite_id + (uint32_t)6U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)1U;
-    uint8_t *uu____7 = suite_id + (uint32_t)8U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
+    uu____4[0U] = 0x48U;
+    uu____4[1U] = 0x50U;
+    uu____4[2U] = 0x4bU;
+    uu____4[3U] = 0x45U;
+    uint8_t *uu____5 = suite_id + 4U;
+    uu____5[0U] = 0U;
+    uu____5[1U] = 16U;
+    uint8_t *uu____6 = suite_id + 6U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 1U;
+    uint8_t *uu____7 = suite_id + 8U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____8 = tmp0;
-    uu____8[0U] = (uint8_t)0x48U;
-    uu____8[1U] = (uint8_t)0x50U;
-    uu____8[2U] = (uint8_t)0x4bU;
-    uu____8[3U] = (uint8_t)0x45U;
-    uu____8[4U] = (uint8_t)0x2dU;
-    uu____8[5U] = (uint8_t)0x76U;
-    uu____8[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____8[0U] = 0x48U;
+    uu____8[1U] = 0x50U;
+    uu____8[2U] = 0x4bU;
+    uu____8[3U] = 0x45U;
+    uu____8[4U] = 0x2dU;
+    uu____8[5U] = 0x76U;
+    uu____8[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp1;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp2;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____11 = tmp3 + (uint32_t)2U;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____11 = tmp3 + 2U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp4 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____12 = tmp4 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____13 = tmp + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____13 = tmp + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res3;
   }
   return res3;
@@ -318,279 +290,252 @@ Hacl_HPKE_P256_CP128_SHA256_setupBaseR(
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    uint8_t *pkE = enc + (uint32_t)1U;
+    uint8_t *pkE = enc + 1U;
     uint8_t dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkE, skR);
-    memcpy(dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res11;
     if (res)
     {
-      res11 = (uint32_t)0U;
+      res11 = 0U;
     }
     else
     {
-      res11 = (uint32_t)1U;
+      res11 = 1U;
     }
     uint32_t res20;
     uint8_t kemcontext[130U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)65U;
-      uint8_t *pkR1 = pkRm + (uint32_t)1U;
+      uint8_t *pkRm = kemcontext + 65U;
+      uint8_t *pkR1 = pkRm + 1U;
       bool res3 = Hacl_Impl_P256_DH_ecp256dh_i(pkR1, skR);
       uint32_t res2;
       if (res3)
       {
-        res2 = (uint32_t)0U;
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
-      if (res2 == (uint32_t)0U)
+      if (res2 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)65U * sizeof (uint8_t));
-        pkRm[0U] = (uint8_t)4U;
+        memcpy(kemcontext, enc, 65U * sizeof (uint8_t));
+        pkRm[0U] = 4U;
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____0 = suite_id_kem;
-        uu____0[0U] = (uint8_t)0x4bU;
-        uu____0[1U] = (uint8_t)0x45U;
-        uu____0[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-        uu____1[0U] = (uint8_t)0U;
-        uu____1[1U] = (uint8_t)16U;
+        uu____0[0U] = 0x4bU;
+        uu____0[1U] = 0x45U;
+        uu____0[2U] = 0x4dU;
+        uint8_t *uu____1 = suite_id_kem + 3U;
+        uu____1[0U] = 0U;
+        uu____1[1U] = 16U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp1[len0];
         memset(tmp1, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____2 = tmp1;
-        uu____2[0U] = (uint8_t)0x48U;
-        uu____2[1U] = (uint8_t)0x50U;
-        uu____2[2U] = (uint8_t)0x4bU;
-        uu____2[3U] = (uint8_t)0x45U;
-        uu____2[4U] = (uint8_t)0x2dU;
-        uu____2[5U] = (uint8_t)0x76U;
-        uu____2[6U] = (uint8_t)0x31U;
-        memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+        uu____2[0U] = 0x48U;
+        uu____2[1U] = 0x50U;
+        uu____2[2U] = 0x4bU;
+        uu____2[3U] = 0x45U;
+        uu____2[4U] = 0x2dU;
+        uu____2[5U] = 0x76U;
+        uu____2[6U] = 0x31U;
+        memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp1 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)157U;
+        uint32_t len = 157U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____3 = tmp + (uint32_t)2U;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)130U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res20 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____3 = tmp + 2U;
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 130U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res20 = 0U;
       }
       else
       {
-        res20 = (uint32_t)1U;
+        res20 = 1U;
       }
     }
     else
     {
-      res20 = (uint32_t)1U;
+      res20 = 1U;
     }
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____4 = suite_id;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uint8_t *uu____5 = suite_id + (uint32_t)4U;
-      uu____5[0U] = (uint8_t)0U;
-      uu____5[1U] = (uint8_t)16U;
-      uint8_t *uu____6 = suite_id + (uint32_t)6U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)1U;
-      uint8_t *uu____7 = suite_id + (uint32_t)8U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uint8_t *uu____5 = suite_id + 4U;
+      uu____5[0U] = 0U;
+      uu____5[1U] = 16U;
+      uint8_t *uu____6 = suite_id + 6U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 1U;
+      uint8_t *uu____7 = suite_id + 8U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp1[len0];
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____8 = tmp1;
-      uu____8[0U] = (uint8_t)0x48U;
-      uu____8[1U] = (uint8_t)0x50U;
-      uu____8[2U] = (uint8_t)0x4bU;
-      uu____8[3U] = (uint8_t)0x45U;
-      uu____8[4U] = (uint8_t)0x2dU;
-      uu____8[5U] = (uint8_t)0x76U;
-      uu____8[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp1, len0);
+      uu____8[0U] = 0x48U;
+      uu____8[1U] = 0x50U;
+      uu____8[2U] = 0x4bU;
+      uu____8[3U] = 0x45U;
+      uu____8[4U] = 0x2dU;
+      uu____8[5U] = 0x76U;
+      uu____8[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp1 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp1, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp2[len1];
       memset(tmp2, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp2;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp2, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp2 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp2, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp3[len2];
       memset(tmp3, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp3;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp3, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp3 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp3 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp3, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp4[len3];
       memset(tmp4, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____11 = tmp4 + (uint32_t)2U;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp4,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____11 = tmp4 + 2U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp4, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp5[len4];
       memset(tmp5, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp5, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp5 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp5 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp5, len4, (uint32_t)32U);
+      store16_be(tmp5, (uint16_t)32U);
+      uint8_t *uu____12 = tmp5 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp5 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp5 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp5 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp5, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____13 = tmp + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____13 = tmp + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -609,7 +554,7 @@ Hacl_HPKE_P256_CP128_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -620,43 +565,45 @@ Hacl_HPKE_P256_CP128_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP128_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -674,7 +621,7 @@ Hacl_HPKE_P256_CP128_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -685,42 +632,44 @@ Hacl_HPKE_P256_CP128_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP128_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_P256_CP256_SHA256.c b/src/Hacl_HPKE_P256_CP256_SHA256.c
index 3603cb42..bccf781a 100644
--- a/src/Hacl_HPKE_P256_CP256_SHA256.c
+++ b/src/Hacl_HPKE_P256_CP256_SHA256.c
@@ -38,267 +38,239 @@ Hacl_HPKE_P256_CP256_SHA256_setupBaseS(
 )
 {
   uint8_t o_shared[32U] = { 0U };
-  uint8_t *o_pkE1 = o_pkE + (uint32_t)1U;
+  uint8_t *o_pkE1 = o_pkE + 1U;
   bool res0 = Hacl_Impl_P256_DH_ecp256dh_i(o_pkE1, skE);
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint32_t res3;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    o_pkE[0U] = (uint8_t)4U;
+    o_pkE[0U] = 4U;
     uint8_t o_dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkR, skE);
-    memcpy(o_dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(o_dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res2;
     if (res)
     {
-      res2 = (uint32_t)0U;
+      res2 = 0U;
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
     uint8_t o_kemcontext[130U] = { 0U };
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)65U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)65U;
-      uint8_t *o_pkR = o_pkRm + (uint32_t)1U;
-      memcpy(o_pkR, pkR, (uint32_t)64U * sizeof (uint8_t));
-      o_pkRm[0U] = (uint8_t)4U;
+      memcpy(o_kemcontext, o_pkE, 65U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 65U;
+      uint8_t *o_pkR = o_pkRm + 1U;
+      memcpy(o_pkR, pkR, 64U * sizeof (uint8_t));
+      o_pkRm[0U] = 4U;
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____0 = suite_id_kem;
-      uu____0[0U] = (uint8_t)0x4bU;
-      uu____0[1U] = (uint8_t)0x45U;
-      uu____0[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-      uu____1[0U] = (uint8_t)0U;
-      uu____1[1U] = (uint8_t)16U;
+      uu____0[0U] = 0x4bU;
+      uu____0[1U] = 0x45U;
+      uu____0[2U] = 0x4dU;
+      uint8_t *uu____1 = suite_id_kem + 3U;
+      uu____1[0U] = 0U;
+      uu____1[1U] = 16U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp1[len0];
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____2 = tmp1;
-      uu____2[0U] = (uint8_t)0x48U;
-      uu____2[1U] = (uint8_t)0x50U;
-      uu____2[2U] = (uint8_t)0x4bU;
-      uu____2[3U] = (uint8_t)0x45U;
-      uu____2[4U] = (uint8_t)0x2dU;
-      uu____2[5U] = (uint8_t)0x76U;
-      uu____2[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+      uu____2[0U] = 0x48U;
+      uu____2[1U] = 0x50U;
+      uu____2[2U] = 0x4bU;
+      uu____2[3U] = 0x45U;
+      uu____2[4U] = 0x2dU;
+      uu____2[5U] = 0x76U;
+      uu____2[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp1 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)157U;
+      uint32_t len = 157U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____3 = tmp + (uint32_t)2U;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)130U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res3 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____3 = tmp + 2U;
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 130U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res3 = 0U;
     }
     else
     {
-      res3 = (uint32_t)1U;
+      res3 = 1U;
     }
   }
   else
   {
-    res3 = (uint32_t)1U;
+    res3 = 1U;
   }
-  if (res3 == (uint32_t)0U)
+  if (res3 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____4 = suite_id;
-    uu____4[0U] = (uint8_t)0x48U;
-    uu____4[1U] = (uint8_t)0x50U;
-    uu____4[2U] = (uint8_t)0x4bU;
-    uu____4[3U] = (uint8_t)0x45U;
-    uint8_t *uu____5 = suite_id + (uint32_t)4U;
-    uu____5[0U] = (uint8_t)0U;
-    uu____5[1U] = (uint8_t)16U;
-    uint8_t *uu____6 = suite_id + (uint32_t)6U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)1U;
-    uint8_t *uu____7 = suite_id + (uint32_t)8U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
+    uu____4[0U] = 0x48U;
+    uu____4[1U] = 0x50U;
+    uu____4[2U] = 0x4bU;
+    uu____4[3U] = 0x45U;
+    uint8_t *uu____5 = suite_id + 4U;
+    uu____5[0U] = 0U;
+    uu____5[1U] = 16U;
+    uint8_t *uu____6 = suite_id + 6U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 1U;
+    uint8_t *uu____7 = suite_id + 8U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____8 = tmp0;
-    uu____8[0U] = (uint8_t)0x48U;
-    uu____8[1U] = (uint8_t)0x50U;
-    uu____8[2U] = (uint8_t)0x4bU;
-    uu____8[3U] = (uint8_t)0x45U;
-    uu____8[4U] = (uint8_t)0x2dU;
-    uu____8[5U] = (uint8_t)0x76U;
-    uu____8[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____8[0U] = 0x48U;
+    uu____8[1U] = 0x50U;
+    uu____8[2U] = 0x4bU;
+    uu____8[3U] = 0x45U;
+    uu____8[4U] = 0x2dU;
+    uu____8[5U] = 0x76U;
+    uu____8[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp1;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp2;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____11 = tmp3 + (uint32_t)2U;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____11 = tmp3 + 2U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp4 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____12 = tmp4 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____13 = tmp + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____13 = tmp + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res3;
   }
   return res3;
@@ -318,279 +290,252 @@ Hacl_HPKE_P256_CP256_SHA256_setupBaseR(
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    uint8_t *pkE = enc + (uint32_t)1U;
+    uint8_t *pkE = enc + 1U;
     uint8_t dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkE, skR);
-    memcpy(dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res11;
     if (res)
     {
-      res11 = (uint32_t)0U;
+      res11 = 0U;
     }
     else
     {
-      res11 = (uint32_t)1U;
+      res11 = 1U;
     }
     uint32_t res20;
     uint8_t kemcontext[130U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)65U;
-      uint8_t *pkR1 = pkRm + (uint32_t)1U;
+      uint8_t *pkRm = kemcontext + 65U;
+      uint8_t *pkR1 = pkRm + 1U;
       bool res3 = Hacl_Impl_P256_DH_ecp256dh_i(pkR1, skR);
       uint32_t res2;
       if (res3)
       {
-        res2 = (uint32_t)0U;
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
-      if (res2 == (uint32_t)0U)
+      if (res2 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)65U * sizeof (uint8_t));
-        pkRm[0U] = (uint8_t)4U;
+        memcpy(kemcontext, enc, 65U * sizeof (uint8_t));
+        pkRm[0U] = 4U;
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____0 = suite_id_kem;
-        uu____0[0U] = (uint8_t)0x4bU;
-        uu____0[1U] = (uint8_t)0x45U;
-        uu____0[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-        uu____1[0U] = (uint8_t)0U;
-        uu____1[1U] = (uint8_t)16U;
+        uu____0[0U] = 0x4bU;
+        uu____0[1U] = 0x45U;
+        uu____0[2U] = 0x4dU;
+        uint8_t *uu____1 = suite_id_kem + 3U;
+        uu____1[0U] = 0U;
+        uu____1[1U] = 16U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp1[len0];
         memset(tmp1, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____2 = tmp1;
-        uu____2[0U] = (uint8_t)0x48U;
-        uu____2[1U] = (uint8_t)0x50U;
-        uu____2[2U] = (uint8_t)0x4bU;
-        uu____2[3U] = (uint8_t)0x45U;
-        uu____2[4U] = (uint8_t)0x2dU;
-        uu____2[5U] = (uint8_t)0x76U;
-        uu____2[6U] = (uint8_t)0x31U;
-        memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+        uu____2[0U] = 0x48U;
+        uu____2[1U] = 0x50U;
+        uu____2[2U] = 0x4bU;
+        uu____2[3U] = 0x45U;
+        uu____2[4U] = 0x2dU;
+        uu____2[5U] = 0x76U;
+        uu____2[6U] = 0x31U;
+        memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp1 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)157U;
+        uint32_t len = 157U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____3 = tmp + (uint32_t)2U;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)130U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res20 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____3 = tmp + 2U;
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 130U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res20 = 0U;
       }
       else
       {
-        res20 = (uint32_t)1U;
+        res20 = 1U;
       }
     }
     else
     {
-      res20 = (uint32_t)1U;
+      res20 = 1U;
     }
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____4 = suite_id;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uint8_t *uu____5 = suite_id + (uint32_t)4U;
-      uu____5[0U] = (uint8_t)0U;
-      uu____5[1U] = (uint8_t)16U;
-      uint8_t *uu____6 = suite_id + (uint32_t)6U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)1U;
-      uint8_t *uu____7 = suite_id + (uint32_t)8U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uint8_t *uu____5 = suite_id + 4U;
+      uu____5[0U] = 0U;
+      uu____5[1U] = 16U;
+      uint8_t *uu____6 = suite_id + 6U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 1U;
+      uint8_t *uu____7 = suite_id + 8U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp1[len0];
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____8 = tmp1;
-      uu____8[0U] = (uint8_t)0x48U;
-      uu____8[1U] = (uint8_t)0x50U;
-      uu____8[2U] = (uint8_t)0x4bU;
-      uu____8[3U] = (uint8_t)0x45U;
-      uu____8[4U] = (uint8_t)0x2dU;
-      uu____8[5U] = (uint8_t)0x76U;
-      uu____8[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp1, len0);
+      uu____8[0U] = 0x48U;
+      uu____8[1U] = 0x50U;
+      uu____8[2U] = 0x4bU;
+      uu____8[3U] = 0x45U;
+      uu____8[4U] = 0x2dU;
+      uu____8[5U] = 0x76U;
+      uu____8[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp1 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp1, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp2[len1];
       memset(tmp2, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp2;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp2, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp2 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp2, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp3[len2];
       memset(tmp3, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp3;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp3, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp3 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp3 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp3, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp4[len3];
       memset(tmp4, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____11 = tmp4 + (uint32_t)2U;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp4,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____11 = tmp4 + 2U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp4, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp5[len4];
       memset(tmp5, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp5, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp5 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp5 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp5, len4, (uint32_t)32U);
+      store16_be(tmp5, (uint16_t)32U);
+      uint8_t *uu____12 = tmp5 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp5 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp5 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp5 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp5, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____13 = tmp + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____13 = tmp + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -609,7 +554,7 @@ Hacl_HPKE_P256_CP256_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -620,43 +565,45 @@ Hacl_HPKE_P256_CP256_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP256_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -674,7 +621,7 @@ Hacl_HPKE_P256_CP256_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -685,42 +632,44 @@ Hacl_HPKE_P256_CP256_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP256_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_HPKE_P256_CP32_SHA256.c b/src/Hacl_HPKE_P256_CP32_SHA256.c
index 5297dd2c..fc132641 100644
--- a/src/Hacl_HPKE_P256_CP32_SHA256.c
+++ b/src/Hacl_HPKE_P256_CP32_SHA256.c
@@ -38,267 +38,239 @@ Hacl_HPKE_P256_CP32_SHA256_setupBaseS(
 )
 {
   uint8_t o_shared[32U] = { 0U };
-  uint8_t *o_pkE1 = o_pkE + (uint32_t)1U;
+  uint8_t *o_pkE1 = o_pkE + 1U;
   bool res0 = Hacl_Impl_P256_DH_ecp256dh_i(o_pkE1, skE);
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint32_t res3;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    o_pkE[0U] = (uint8_t)4U;
+    o_pkE[0U] = 4U;
     uint8_t o_dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkR, skE);
-    memcpy(o_dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(o_dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res2;
     if (res)
     {
-      res2 = (uint32_t)0U;
+      res2 = 0U;
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
     uint8_t o_kemcontext[130U] = { 0U };
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)65U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)65U;
-      uint8_t *o_pkR = o_pkRm + (uint32_t)1U;
-      memcpy(o_pkR, pkR, (uint32_t)64U * sizeof (uint8_t));
-      o_pkRm[0U] = (uint8_t)4U;
+      memcpy(o_kemcontext, o_pkE, 65U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 65U;
+      uint8_t *o_pkR = o_pkRm + 1U;
+      memcpy(o_pkR, pkR, 64U * sizeof (uint8_t));
+      o_pkRm[0U] = 4U;
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____0 = suite_id_kem;
-      uu____0[0U] = (uint8_t)0x4bU;
-      uu____0[1U] = (uint8_t)0x45U;
-      uu____0[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-      uu____1[0U] = (uint8_t)0U;
-      uu____1[1U] = (uint8_t)16U;
+      uu____0[0U] = 0x4bU;
+      uu____0[1U] = 0x45U;
+      uu____0[2U] = 0x4dU;
+      uint8_t *uu____1 = suite_id_kem + 3U;
+      uu____1[0U] = 0U;
+      uu____1[1U] = 16U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp1[len0];
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____2 = tmp1;
-      uu____2[0U] = (uint8_t)0x48U;
-      uu____2[1U] = (uint8_t)0x50U;
-      uu____2[2U] = (uint8_t)0x4bU;
-      uu____2[3U] = (uint8_t)0x45U;
-      uu____2[4U] = (uint8_t)0x2dU;
-      uu____2[5U] = (uint8_t)0x76U;
-      uu____2[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+      uu____2[0U] = 0x48U;
+      uu____2[1U] = 0x50U;
+      uu____2[2U] = 0x4bU;
+      uu____2[3U] = 0x45U;
+      uu____2[4U] = 0x2dU;
+      uu____2[5U] = 0x76U;
+      uu____2[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp1 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)157U;
+      uint32_t len = 157U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____3 = tmp + (uint32_t)2U;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)130U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res3 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____3 = tmp + 2U;
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 130U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res3 = 0U;
     }
     else
     {
-      res3 = (uint32_t)1U;
+      res3 = 1U;
     }
   }
   else
   {
-    res3 = (uint32_t)1U;
+    res3 = 1U;
   }
-  if (res3 == (uint32_t)0U)
+  if (res3 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____4 = suite_id;
-    uu____4[0U] = (uint8_t)0x48U;
-    uu____4[1U] = (uint8_t)0x50U;
-    uu____4[2U] = (uint8_t)0x4bU;
-    uu____4[3U] = (uint8_t)0x45U;
-    uint8_t *uu____5 = suite_id + (uint32_t)4U;
-    uu____5[0U] = (uint8_t)0U;
-    uu____5[1U] = (uint8_t)16U;
-    uint8_t *uu____6 = suite_id + (uint32_t)6U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)1U;
-    uint8_t *uu____7 = suite_id + (uint32_t)8U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
+    uu____4[0U] = 0x48U;
+    uu____4[1U] = 0x50U;
+    uu____4[2U] = 0x4bU;
+    uu____4[3U] = 0x45U;
+    uint8_t *uu____5 = suite_id + 4U;
+    uu____5[0U] = 0U;
+    uu____5[1U] = 16U;
+    uint8_t *uu____6 = suite_id + 6U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 1U;
+    uint8_t *uu____7 = suite_id + 8U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t tmp0[len0];
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____8 = tmp0;
-    uu____8[0U] = (uint8_t)0x48U;
-    uu____8[1U] = (uint8_t)0x50U;
-    uu____8[2U] = (uint8_t)0x4bU;
-    uu____8[3U] = (uint8_t)0x45U;
-    uu____8[4U] = (uint8_t)0x2dU;
-    uu____8[5U] = (uint8_t)0x76U;
-    uu____8[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____8[0U] = 0x48U;
+    uu____8[1U] = 0x50U;
+    uu____8[2U] = 0x4bU;
+    uu____8[3U] = 0x45U;
+    uu____8[4U] = 0x2dU;
+    uu____8[5U] = 0x76U;
+    uu____8[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t tmp1[len1];
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp1;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t tmp2[len2];
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp2;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t tmp3[len3];
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____11 = tmp3 + (uint32_t)2U;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____11 = tmp3 + 2U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t tmp4[len4];
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp4 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____12 = tmp4 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t tmp[len];
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____13 = tmp + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____13 = tmp + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res3;
   }
   return res3;
@@ -318,279 +290,252 @@ Hacl_HPKE_P256_CP32_SHA256_setupBaseR(
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    uint8_t *pkE = enc + (uint32_t)1U;
+    uint8_t *pkE = enc + 1U;
     uint8_t dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkE, skR);
-    memcpy(dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res11;
     if (res)
     {
-      res11 = (uint32_t)0U;
+      res11 = 0U;
     }
     else
     {
-      res11 = (uint32_t)1U;
+      res11 = 1U;
     }
     uint32_t res20;
     uint8_t kemcontext[130U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)65U;
-      uint8_t *pkR1 = pkRm + (uint32_t)1U;
+      uint8_t *pkRm = kemcontext + 65U;
+      uint8_t *pkR1 = pkRm + 1U;
       bool res3 = Hacl_Impl_P256_DH_ecp256dh_i(pkR1, skR);
       uint32_t res2;
       if (res3)
       {
-        res2 = (uint32_t)0U;
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
-      if (res2 == (uint32_t)0U)
+      if (res2 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)65U * sizeof (uint8_t));
-        pkRm[0U] = (uint8_t)4U;
+        memcpy(kemcontext, enc, 65U * sizeof (uint8_t));
+        pkRm[0U] = 4U;
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____0 = suite_id_kem;
-        uu____0[0U] = (uint8_t)0x4bU;
-        uu____0[1U] = (uint8_t)0x45U;
-        uu____0[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-        uu____1[0U] = (uint8_t)0U;
-        uu____1[1U] = (uint8_t)16U;
+        uu____0[0U] = 0x4bU;
+        uu____0[1U] = 0x45U;
+        uu____0[2U] = 0x4dU;
+        uint8_t *uu____1 = suite_id_kem + 3U;
+        uu____1[0U] = 0U;
+        uu____1[1U] = 16U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t tmp1[len0];
         memset(tmp1, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____2 = tmp1;
-        uu____2[0U] = (uint8_t)0x48U;
-        uu____2[1U] = (uint8_t)0x50U;
-        uu____2[2U] = (uint8_t)0x4bU;
-        uu____2[3U] = (uint8_t)0x45U;
-        uu____2[4U] = (uint8_t)0x2dU;
-        uu____2[5U] = (uint8_t)0x76U;
-        uu____2[6U] = (uint8_t)0x31U;
-        memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+        uu____2[0U] = 0x48U;
+        uu____2[1U] = 0x50U;
+        uu____2[2U] = 0x4bU;
+        uu____2[3U] = 0x45U;
+        uu____2[4U] = 0x2dU;
+        uu____2[5U] = 0x76U;
+        uu____2[6U] = 0x31U;
+        memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp1 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)157U;
+        uint32_t len = 157U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t tmp[len];
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____3 = tmp + (uint32_t)2U;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)130U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res20 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____3 = tmp + 2U;
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 130U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res20 = 0U;
       }
       else
       {
-        res20 = (uint32_t)1U;
+        res20 = 1U;
       }
     }
     else
     {
-      res20 = (uint32_t)1U;
+      res20 = 1U;
     }
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____4 = suite_id;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uint8_t *uu____5 = suite_id + (uint32_t)4U;
-      uu____5[0U] = (uint8_t)0U;
-      uu____5[1U] = (uint8_t)16U;
-      uint8_t *uu____6 = suite_id + (uint32_t)6U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)1U;
-      uint8_t *uu____7 = suite_id + (uint32_t)8U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uint8_t *uu____5 = suite_id + 4U;
+      uu____5[0U] = 0U;
+      uu____5[1U] = 16U;
+      uint8_t *uu____6 = suite_id + 6U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 1U;
+      uint8_t *uu____7 = suite_id + 8U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t tmp1[len0];
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____8 = tmp1;
-      uu____8[0U] = (uint8_t)0x48U;
-      uu____8[1U] = (uint8_t)0x50U;
-      uu____8[2U] = (uint8_t)0x4bU;
-      uu____8[3U] = (uint8_t)0x45U;
-      uu____8[4U] = (uint8_t)0x2dU;
-      uu____8[5U] = (uint8_t)0x76U;
-      uu____8[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp1, len0);
+      uu____8[0U] = 0x48U;
+      uu____8[1U] = 0x50U;
+      uu____8[2U] = 0x4bU;
+      uu____8[3U] = 0x45U;
+      uu____8[4U] = 0x2dU;
+      uu____8[5U] = 0x76U;
+      uu____8[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp1 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp1, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t tmp2[len1];
       memset(tmp2, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp2;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp2, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp2 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp2, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t tmp3[len2];
       memset(tmp3, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp3;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp3, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp3 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp3 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp3, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t tmp4[len3];
       memset(tmp4, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____11 = tmp4 + (uint32_t)2U;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp4,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____11 = tmp4 + 2U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp4, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t tmp5[len4];
       memset(tmp5, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp5, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp5 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp5 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp5, len4, (uint32_t)32U);
+      store16_be(tmp5, (uint16_t)32U);
+      uint8_t *uu____12 = tmp5 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp5 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp5 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp5 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp5, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t tmp[len];
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____13 = tmp + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____13 = tmp + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -609,7 +554,7 @@ Hacl_HPKE_P256_CP32_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -620,43 +565,45 @@ Hacl_HPKE_P256_CP32_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP32_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -674,7 +621,7 @@ Hacl_HPKE_P256_CP32_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -685,42 +632,44 @@ Hacl_HPKE_P256_CP32_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP32_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_Hash_Base.c b/src/Hacl_Hash_Base.c
index 40796f14..02d893e3 100644
--- a/src/Hacl_Hash_Base.c
+++ b/src/Hacl_Hash_Base.c
@@ -31,27 +31,27 @@ uint32_t Hacl_Hash_Definitions_word_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)8U;
+        return 8U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)8U;
+        return 8U;
       }
     default:
       {
@@ -67,59 +67,59 @@ uint32_t Hacl_Hash_Definitions_block_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)144U;
+        return 144U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)104U;
+        return 104U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)72U;
+        return 72U;
       }
     case Spec_Hash_Definitions_Shake128:
       {
-        return (uint32_t)168U;
+        return 168U;
       }
     case Spec_Hash_Definitions_Shake256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     default:
       {
@@ -135,27 +135,27 @@ uint32_t Hacl_Hash_Definitions_hash_word_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)5U;
+        return 5U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)7U;
+        return 7U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)8U;
+        return 8U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)6U;
+        return 6U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)8U;
+        return 8U;
       }
     default:
       {
@@ -171,51 +171,51 @@ uint32_t Hacl_Hash_Definitions_hash_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)16U;
+        return 16U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)20U;
+        return 20U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     default:
       {
diff --git a/src/Hacl_Hash_Blake2.c b/src/Hacl_Hash_Blake2.c
deleted file mode 100644
index aecc6165..00000000
--- a/src/Hacl_Hash_Blake2.c
+++ /dev/null
@@ -1,1324 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "internal/Hacl_Hash_Blake2.h"
-
-#include "internal/Hacl_Impl_Blake2_Constants.h"
-#include "lib_memzero0.h"
-
-static void
-blake2b_update_block(
-  uint64_t *wv,
-  uint64_t *hash,
-  bool flag,
-  FStar_UInt128_uint128 totlen,
-  uint8_t *d
-)
-{
-  uint64_t m_w[16U] = { 0U };
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t *os = m_w;
-    uint8_t *bj = d + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  uint64_t mask[4U] = { 0U };
-  uint64_t wv_14;
-  if (flag)
-  {
-    wv_14 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  }
-  else
-  {
-    wv_14 = (uint64_t)0U;
-  }
-  uint64_t wv_15 = (uint64_t)0U;
-  mask[0U] = FStar_UInt128_uint128_to_uint64(totlen);
-  mask[1U] = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(totlen, (uint32_t)64U));
-  mask[2U] = wv_14;
-  mask[3U] = wv_15;
-  memcpy(wv, hash, (uint32_t)16U * sizeof (uint64_t));
-  uint64_t *wv3 = wv + (uint32_t)12U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = wv3;
-    uint64_t x = wv3[i] ^ mask[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR12(i0,
-    (uint32_t)0U,
-    (uint32_t)12U,
-    (uint32_t)1U,
-    uint32_t start_idx = i0 % (uint32_t)10U * (uint32_t)16U;
-    uint64_t m_st[16U] = { 0U };
-    uint64_t *r0 = m_st;
-    uint64_t *r1 = m_st + (uint32_t)4U;
-    uint64_t *r20 = m_st + (uint32_t)8U;
-    uint64_t *r30 = m_st + (uint32_t)12U;
-    uint32_t s0 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)0U];
-    uint32_t s1 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)1U];
-    uint32_t s2 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)2U];
-    uint32_t s3 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)3U];
-    uint32_t s4 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)4U];
-    uint32_t s5 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)5U];
-    uint32_t s6 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)6U];
-    uint32_t s7 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)7U];
-    uint32_t s8 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)8U];
-    uint32_t s9 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)9U];
-    uint32_t s10 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)10U];
-    uint32_t s11 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)11U];
-    uint32_t s12 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)12U];
-    uint32_t s13 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)13U];
-    uint32_t s14 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)14U];
-    uint32_t s15 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)15U];
-    uint64_t uu____0 = m_w[s2];
-    uint64_t uu____1 = m_w[s4];
-    uint64_t uu____2 = m_w[s6];
-    r0[0U] = m_w[s0];
-    r0[1U] = uu____0;
-    r0[2U] = uu____1;
-    r0[3U] = uu____2;
-    uint64_t uu____3 = m_w[s3];
-    uint64_t uu____4 = m_w[s5];
-    uint64_t uu____5 = m_w[s7];
-    r1[0U] = m_w[s1];
-    r1[1U] = uu____3;
-    r1[2U] = uu____4;
-    r1[3U] = uu____5;
-    uint64_t uu____6 = m_w[s10];
-    uint64_t uu____7 = m_w[s12];
-    uint64_t uu____8 = m_w[s14];
-    r20[0U] = m_w[s8];
-    r20[1U] = uu____6;
-    r20[2U] = uu____7;
-    r20[3U] = uu____8;
-    uint64_t uu____9 = m_w[s11];
-    uint64_t uu____10 = m_w[s13];
-    uint64_t uu____11 = m_w[s15];
-    r30[0U] = m_w[s9];
-    r30[1U] = uu____9;
-    r30[2U] = uu____10;
-    r30[3U] = uu____11;
-    uint64_t *x = m_st;
-    uint64_t *y = m_st + (uint32_t)4U;
-    uint64_t *z = m_st + (uint32_t)8U;
-    uint64_t *w = m_st + (uint32_t)12U;
-    uint32_t a = (uint32_t)0U;
-    uint32_t b0 = (uint32_t)1U;
-    uint32_t c0 = (uint32_t)2U;
-    uint32_t d10 = (uint32_t)3U;
-    uint64_t *wv_a0 = wv + a * (uint32_t)4U;
-    uint64_t *wv_b0 = wv + b0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a0;
-      uint64_t x1 = wv_a0[i] + wv_b0[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a0;
-      uint64_t x1 = wv_a0[i] + x[i];
-      os[i] = x1;);
-    uint64_t *wv_a1 = wv + d10 * (uint32_t)4U;
-    uint64_t *wv_b1 = wv + a * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a1;
-      uint64_t x1 = wv_a1[i] ^ wv_b1[i];
-      os[i] = x1;);
-    uint64_t *r10 = wv_a1;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r10;
-      uint64_t x1 = r10[i];
-      uint64_t x10 = x1 >> (uint32_t)32U | x1 << (uint32_t)32U;
-      os[i] = x10;);
-    uint64_t *wv_a2 = wv + c0 * (uint32_t)4U;
-    uint64_t *wv_b2 = wv + d10 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a2;
-      uint64_t x1 = wv_a2[i] + wv_b2[i];
-      os[i] = x1;);
-    uint64_t *wv_a3 = wv + b0 * (uint32_t)4U;
-    uint64_t *wv_b3 = wv + c0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a3;
-      uint64_t x1 = wv_a3[i] ^ wv_b3[i];
-      os[i] = x1;);
-    uint64_t *r12 = wv_a3;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r12;
-      uint64_t x1 = r12[i];
-      uint64_t x10 = x1 >> (uint32_t)24U | x1 << (uint32_t)40U;
-      os[i] = x10;);
-    uint64_t *wv_a4 = wv + a * (uint32_t)4U;
-    uint64_t *wv_b4 = wv + b0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a4;
-      uint64_t x1 = wv_a4[i] + wv_b4[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a4;
-      uint64_t x1 = wv_a4[i] + y[i];
-      os[i] = x1;);
-    uint64_t *wv_a5 = wv + d10 * (uint32_t)4U;
-    uint64_t *wv_b5 = wv + a * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a5;
-      uint64_t x1 = wv_a5[i] ^ wv_b5[i];
-      os[i] = x1;);
-    uint64_t *r13 = wv_a5;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r13;
-      uint64_t x1 = r13[i];
-      uint64_t x10 = x1 >> (uint32_t)16U | x1 << (uint32_t)48U;
-      os[i] = x10;);
-    uint64_t *wv_a6 = wv + c0 * (uint32_t)4U;
-    uint64_t *wv_b6 = wv + d10 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a6;
-      uint64_t x1 = wv_a6[i] + wv_b6[i];
-      os[i] = x1;);
-    uint64_t *wv_a7 = wv + b0 * (uint32_t)4U;
-    uint64_t *wv_b7 = wv + c0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a7;
-      uint64_t x1 = wv_a7[i] ^ wv_b7[i];
-      os[i] = x1;);
-    uint64_t *r14 = wv_a7;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r14;
-      uint64_t x1 = r14[i];
-      uint64_t x10 = x1 >> (uint32_t)63U | x1 << (uint32_t)1U;
-      os[i] = x10;);
-    uint64_t *r15 = wv + (uint32_t)4U;
-    uint64_t *r21 = wv + (uint32_t)8U;
-    uint64_t *r31 = wv + (uint32_t)12U;
-    uint64_t *r110 = r15;
-    uint64_t x00 = r110[1U];
-    uint64_t x10 = r110[2U];
-    uint64_t x20 = r110[3U];
-    uint64_t x30 = r110[0U];
-    r110[0U] = x00;
-    r110[1U] = x10;
-    r110[2U] = x20;
-    r110[3U] = x30;
-    uint64_t *r111 = r21;
-    uint64_t x01 = r111[2U];
-    uint64_t x11 = r111[3U];
-    uint64_t x21 = r111[0U];
-    uint64_t x31 = r111[1U];
-    r111[0U] = x01;
-    r111[1U] = x11;
-    r111[2U] = x21;
-    r111[3U] = x31;
-    uint64_t *r112 = r31;
-    uint64_t x02 = r112[3U];
-    uint64_t x12 = r112[0U];
-    uint64_t x22 = r112[1U];
-    uint64_t x32 = r112[2U];
-    r112[0U] = x02;
-    r112[1U] = x12;
-    r112[2U] = x22;
-    r112[3U] = x32;
-    uint32_t a0 = (uint32_t)0U;
-    uint32_t b = (uint32_t)1U;
-    uint32_t c = (uint32_t)2U;
-    uint32_t d1 = (uint32_t)3U;
-    uint64_t *wv_a = wv + a0 * (uint32_t)4U;
-    uint64_t *wv_b8 = wv + b * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a;
-      uint64_t x1 = wv_a[i] + wv_b8[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a;
-      uint64_t x1 = wv_a[i] + z[i];
-      os[i] = x1;);
-    uint64_t *wv_a8 = wv + d1 * (uint32_t)4U;
-    uint64_t *wv_b9 = wv + a0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a8;
-      uint64_t x1 = wv_a8[i] ^ wv_b9[i];
-      os[i] = x1;);
-    uint64_t *r16 = wv_a8;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r16;
-      uint64_t x1 = r16[i];
-      uint64_t x13 = x1 >> (uint32_t)32U | x1 << (uint32_t)32U;
-      os[i] = x13;);
-    uint64_t *wv_a9 = wv + c * (uint32_t)4U;
-    uint64_t *wv_b10 = wv + d1 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a9;
-      uint64_t x1 = wv_a9[i] + wv_b10[i];
-      os[i] = x1;);
-    uint64_t *wv_a10 = wv + b * (uint32_t)4U;
-    uint64_t *wv_b11 = wv + c * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a10;
-      uint64_t x1 = wv_a10[i] ^ wv_b11[i];
-      os[i] = x1;);
-    uint64_t *r17 = wv_a10;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r17;
-      uint64_t x1 = r17[i];
-      uint64_t x13 = x1 >> (uint32_t)24U | x1 << (uint32_t)40U;
-      os[i] = x13;);
-    uint64_t *wv_a11 = wv + a0 * (uint32_t)4U;
-    uint64_t *wv_b12 = wv + b * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a11;
-      uint64_t x1 = wv_a11[i] + wv_b12[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a11;
-      uint64_t x1 = wv_a11[i] + w[i];
-      os[i] = x1;);
-    uint64_t *wv_a12 = wv + d1 * (uint32_t)4U;
-    uint64_t *wv_b13 = wv + a0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a12;
-      uint64_t x1 = wv_a12[i] ^ wv_b13[i];
-      os[i] = x1;);
-    uint64_t *r18 = wv_a12;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r18;
-      uint64_t x1 = r18[i];
-      uint64_t x13 = x1 >> (uint32_t)16U | x1 << (uint32_t)48U;
-      os[i] = x13;);
-    uint64_t *wv_a13 = wv + c * (uint32_t)4U;
-    uint64_t *wv_b14 = wv + d1 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a13;
-      uint64_t x1 = wv_a13[i] + wv_b14[i];
-      os[i] = x1;);
-    uint64_t *wv_a14 = wv + b * (uint32_t)4U;
-    uint64_t *wv_b = wv + c * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a14;
-      uint64_t x1 = wv_a14[i] ^ wv_b[i];
-      os[i] = x1;);
-    uint64_t *r19 = wv_a14;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r19;
-      uint64_t x1 = r19[i];
-      uint64_t x13 = x1 >> (uint32_t)63U | x1 << (uint32_t)1U;
-      os[i] = x13;);
-    uint64_t *r113 = wv + (uint32_t)4U;
-    uint64_t *r2 = wv + (uint32_t)8U;
-    uint64_t *r3 = wv + (uint32_t)12U;
-    uint64_t *r11 = r113;
-    uint64_t x03 = r11[3U];
-    uint64_t x13 = r11[0U];
-    uint64_t x23 = r11[1U];
-    uint64_t x33 = r11[2U];
-    r11[0U] = x03;
-    r11[1U] = x13;
-    r11[2U] = x23;
-    r11[3U] = x33;
-    uint64_t *r114 = r2;
-    uint64_t x04 = r114[2U];
-    uint64_t x14 = r114[3U];
-    uint64_t x24 = r114[0U];
-    uint64_t x34 = r114[1U];
-    r114[0U] = x04;
-    r114[1U] = x14;
-    r114[2U] = x24;
-    r114[3U] = x34;
-    uint64_t *r115 = r3;
-    uint64_t x0 = r115[1U];
-    uint64_t x1 = r115[2U];
-    uint64_t x2 = r115[3U];
-    uint64_t x3 = r115[0U];
-    r115[0U] = x0;
-    r115[1U] = x1;
-    r115[2U] = x2;
-    r115[3U] = x3;);
-  uint64_t *s0 = hash;
-  uint64_t *s1 = hash + (uint32_t)4U;
-  uint64_t *r0 = wv;
-  uint64_t *r1 = wv + (uint32_t)4U;
-  uint64_t *r2 = wv + (uint32_t)8U;
-  uint64_t *r3 = wv + (uint32_t)12U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = s0;
-    uint64_t x = s0[i] ^ r0[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = s0;
-    uint64_t x = s0[i] ^ r2[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = s1;
-    uint64_t x = s1[i] ^ r1[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = s1;
-    uint64_t x = s1[i] ^ r3[i];
-    os[i] = x;);
-}
-
-void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn)
-{
-  uint64_t *r0 = hash;
-  uint64_t *r1 = hash + (uint32_t)4U;
-  uint64_t *r2 = hash + (uint32_t)8U;
-  uint64_t *r3 = hash + (uint32_t)12U;
-  uint64_t iv0 = Hacl_Impl_Blake2_Constants_ivTable_B[0U];
-  uint64_t iv1 = Hacl_Impl_Blake2_Constants_ivTable_B[1U];
-  uint64_t iv2 = Hacl_Impl_Blake2_Constants_ivTable_B[2U];
-  uint64_t iv3 = Hacl_Impl_Blake2_Constants_ivTable_B[3U];
-  uint64_t iv4 = Hacl_Impl_Blake2_Constants_ivTable_B[4U];
-  uint64_t iv5 = Hacl_Impl_Blake2_Constants_ivTable_B[5U];
-  uint64_t iv6 = Hacl_Impl_Blake2_Constants_ivTable_B[6U];
-  uint64_t iv7 = Hacl_Impl_Blake2_Constants_ivTable_B[7U];
-  r2[0U] = iv0;
-  r2[1U] = iv1;
-  r2[2U] = iv2;
-  r2[3U] = iv3;
-  r3[0U] = iv4;
-  r3[1U] = iv5;
-  r3[2U] = iv6;
-  r3[3U] = iv7;
-  uint64_t kk_shift_8 = (uint64_t)kk << (uint32_t)8U;
-  uint64_t iv0_ = iv0 ^ ((uint64_t)0x01010000U ^ (kk_shift_8 ^ (uint64_t)nn));
-  r0[0U] = iv0_;
-  r0[1U] = iv1;
-  r0[2U] = iv2;
-  r0[3U] = iv3;
-  r1[0U] = iv4;
-  r1[1U] = iv5;
-  r1[2U] = iv6;
-  r1[3U] = iv7;
-}
-
-void
-Hacl_Blake2b_32_blake2b_update_key(
-  uint64_t *wv,
-  uint64_t *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-)
-{
-  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U);
-  uint8_t b[128U] = { 0U };
-  memcpy(b, k, kk * sizeof (uint8_t));
-  if (ll == (uint32_t)0U)
-  {
-    blake2b_update_block(wv, hash, true, lb, b);
-  }
-  else
-  {
-    blake2b_update_block(wv, hash, false, lb, b);
-  }
-  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
-}
-
-void
-Hacl_Blake2b_32_blake2b_update_multi(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks,
-  uint32_t nb
-)
-{
-  KRML_HOST_IGNORE(len);
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    FStar_UInt128_uint128
-    totlen =
-      FStar_UInt128_add_mod(prev,
-        FStar_UInt128_uint64_to_uint128((uint64_t)((i + (uint32_t)1U) * (uint32_t)128U)));
-    uint8_t *b = blocks + i * (uint32_t)128U;
-    blake2b_update_block(wv, hash, false, totlen, b);
-  }
-}
-
-void
-Hacl_Blake2b_32_blake2b_update_last(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint32_t rem,
-  uint8_t *d
-)
-{
-  uint8_t b[128U] = { 0U };
-  uint8_t *last = d + len - rem;
-  memcpy(b, last, rem * sizeof (uint8_t));
-  FStar_UInt128_uint128
-  totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
-  blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
-}
-
-static void
-blake2b_update_blocks(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks
-)
-{
-  uint32_t nb0 = len / (uint32_t)128U;
-  uint32_t rem0 = len % (uint32_t)128U;
-  K___uint32_t_uint32_t scrut;
-  if (rem0 == (uint32_t)0U && nb0 > (uint32_t)0U)
-  {
-    uint32_t nb_ = nb0 - (uint32_t)1U;
-    uint32_t rem_ = (uint32_t)128U;
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb_, .snd = rem_ });
-  }
-  else
-  {
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb0, .snd = rem0 });
-  }
-  uint32_t nb = scrut.fst;
-  uint32_t rem = scrut.snd;
-  Hacl_Blake2b_32_blake2b_update_multi(len, wv, hash, prev, blocks, nb);
-  Hacl_Blake2b_32_blake2b_update_last(len, wv, hash, prev, rem, blocks);
-}
-
-static inline void
-blake2b_update(uint64_t *wv, uint64_t *hash, uint32_t kk, uint8_t *k, uint32_t ll, uint8_t *d)
-{
-  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U);
-  if (kk > (uint32_t)0U)
-  {
-    Hacl_Blake2b_32_blake2b_update_key(wv, hash, kk, k, ll);
-    if (!(ll == (uint32_t)0U))
-    {
-      blake2b_update_blocks(ll, wv, hash, lb, d);
-      return;
-    }
-    return;
-  }
-  blake2b_update_blocks(ll,
-    wv,
-    hash,
-    FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)0U),
-    d);
-}
-
-void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash)
-{
-  uint8_t b[64U] = { 0U };
-  uint8_t *first = b;
-  uint8_t *second = b + (uint32_t)32U;
-  uint64_t *row0 = hash;
-  uint64_t *row1 = hash + (uint32_t)4U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(first + i * (uint32_t)8U, row0[i]););
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(second + i * (uint32_t)8U, row1[i]););
-  uint8_t *final = b;
-  memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-/**
-Write the BLAKE2b digest of message `d` using key `k` into `output`.
-
-@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2b_32_blake2b(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-)
-{
-  uint64_t b[16U] = { 0U };
-  uint64_t b1[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_init(b, kk, nn);
-  blake2b_update(b1, b, kk, k, ll, d);
-  Hacl_Blake2b_32_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint64_t);
-  Lib_Memzero0_memzero(b, (uint32_t)16U, uint64_t);
-}
-
-uint64_t *Hacl_Blake2b_32_blake2b_malloc(void)
-{
-  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
-  return buf;
-}
-
-static inline void
-blake2s_update_block(uint32_t *wv, uint32_t *hash, bool flag, uint64_t totlen, uint8_t *d)
-{
-  uint32_t m_w[16U] = { 0U };
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint32_t *os = m_w;
-    uint8_t *bj = d + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  uint32_t mask[4U] = { 0U };
-  uint32_t wv_14;
-  if (flag)
-  {
-    wv_14 = (uint32_t)0xFFFFFFFFU;
-  }
-  else
-  {
-    wv_14 = (uint32_t)0U;
-  }
-  uint32_t wv_15 = (uint32_t)0U;
-  mask[0U] = (uint32_t)totlen;
-  mask[1U] = (uint32_t)(totlen >> (uint32_t)32U);
-  mask[2U] = wv_14;
-  mask[3U] = wv_15;
-  memcpy(wv, hash, (uint32_t)16U * sizeof (uint32_t));
-  uint32_t *wv3 = wv + (uint32_t)12U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = wv3;
-    uint32_t x = wv3[i] ^ mask[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR10(i0,
-    (uint32_t)0U,
-    (uint32_t)10U,
-    (uint32_t)1U,
-    uint32_t start_idx = i0 % (uint32_t)10U * (uint32_t)16U;
-    uint32_t m_st[16U] = { 0U };
-    uint32_t *r0 = m_st;
-    uint32_t *r1 = m_st + (uint32_t)4U;
-    uint32_t *r20 = m_st + (uint32_t)8U;
-    uint32_t *r30 = m_st + (uint32_t)12U;
-    uint32_t s0 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)0U];
-    uint32_t s1 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)1U];
-    uint32_t s2 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)2U];
-    uint32_t s3 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)3U];
-    uint32_t s4 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)4U];
-    uint32_t s5 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)5U];
-    uint32_t s6 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)6U];
-    uint32_t s7 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)7U];
-    uint32_t s8 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)8U];
-    uint32_t s9 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)9U];
-    uint32_t s10 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)10U];
-    uint32_t s11 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)11U];
-    uint32_t s12 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)12U];
-    uint32_t s13 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)13U];
-    uint32_t s14 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)14U];
-    uint32_t s15 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)15U];
-    uint32_t uu____0 = m_w[s2];
-    uint32_t uu____1 = m_w[s4];
-    uint32_t uu____2 = m_w[s6];
-    r0[0U] = m_w[s0];
-    r0[1U] = uu____0;
-    r0[2U] = uu____1;
-    r0[3U] = uu____2;
-    uint32_t uu____3 = m_w[s3];
-    uint32_t uu____4 = m_w[s5];
-    uint32_t uu____5 = m_w[s7];
-    r1[0U] = m_w[s1];
-    r1[1U] = uu____3;
-    r1[2U] = uu____4;
-    r1[3U] = uu____5;
-    uint32_t uu____6 = m_w[s10];
-    uint32_t uu____7 = m_w[s12];
-    uint32_t uu____8 = m_w[s14];
-    r20[0U] = m_w[s8];
-    r20[1U] = uu____6;
-    r20[2U] = uu____7;
-    r20[3U] = uu____8;
-    uint32_t uu____9 = m_w[s11];
-    uint32_t uu____10 = m_w[s13];
-    uint32_t uu____11 = m_w[s15];
-    r30[0U] = m_w[s9];
-    r30[1U] = uu____9;
-    r30[2U] = uu____10;
-    r30[3U] = uu____11;
-    uint32_t *x = m_st;
-    uint32_t *y = m_st + (uint32_t)4U;
-    uint32_t *z = m_st + (uint32_t)8U;
-    uint32_t *w = m_st + (uint32_t)12U;
-    uint32_t a = (uint32_t)0U;
-    uint32_t b0 = (uint32_t)1U;
-    uint32_t c0 = (uint32_t)2U;
-    uint32_t d10 = (uint32_t)3U;
-    uint32_t *wv_a0 = wv + a * (uint32_t)4U;
-    uint32_t *wv_b0 = wv + b0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a0;
-      uint32_t x1 = wv_a0[i] + wv_b0[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a0;
-      uint32_t x1 = wv_a0[i] + x[i];
-      os[i] = x1;);
-    uint32_t *wv_a1 = wv + d10 * (uint32_t)4U;
-    uint32_t *wv_b1 = wv + a * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a1;
-      uint32_t x1 = wv_a1[i] ^ wv_b1[i];
-      os[i] = x1;);
-    uint32_t *r10 = wv_a1;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r10;
-      uint32_t x1 = r10[i];
-      uint32_t x10 = x1 >> (uint32_t)16U | x1 << (uint32_t)16U;
-      os[i] = x10;);
-    uint32_t *wv_a2 = wv + c0 * (uint32_t)4U;
-    uint32_t *wv_b2 = wv + d10 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a2;
-      uint32_t x1 = wv_a2[i] + wv_b2[i];
-      os[i] = x1;);
-    uint32_t *wv_a3 = wv + b0 * (uint32_t)4U;
-    uint32_t *wv_b3 = wv + c0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a3;
-      uint32_t x1 = wv_a3[i] ^ wv_b3[i];
-      os[i] = x1;);
-    uint32_t *r12 = wv_a3;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r12;
-      uint32_t x1 = r12[i];
-      uint32_t x10 = x1 >> (uint32_t)12U | x1 << (uint32_t)20U;
-      os[i] = x10;);
-    uint32_t *wv_a4 = wv + a * (uint32_t)4U;
-    uint32_t *wv_b4 = wv + b0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a4;
-      uint32_t x1 = wv_a4[i] + wv_b4[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a4;
-      uint32_t x1 = wv_a4[i] + y[i];
-      os[i] = x1;);
-    uint32_t *wv_a5 = wv + d10 * (uint32_t)4U;
-    uint32_t *wv_b5 = wv + a * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a5;
-      uint32_t x1 = wv_a5[i] ^ wv_b5[i];
-      os[i] = x1;);
-    uint32_t *r13 = wv_a5;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r13;
-      uint32_t x1 = r13[i];
-      uint32_t x10 = x1 >> (uint32_t)8U | x1 << (uint32_t)24U;
-      os[i] = x10;);
-    uint32_t *wv_a6 = wv + c0 * (uint32_t)4U;
-    uint32_t *wv_b6 = wv + d10 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a6;
-      uint32_t x1 = wv_a6[i] + wv_b6[i];
-      os[i] = x1;);
-    uint32_t *wv_a7 = wv + b0 * (uint32_t)4U;
-    uint32_t *wv_b7 = wv + c0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a7;
-      uint32_t x1 = wv_a7[i] ^ wv_b7[i];
-      os[i] = x1;);
-    uint32_t *r14 = wv_a7;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r14;
-      uint32_t x1 = r14[i];
-      uint32_t x10 = x1 >> (uint32_t)7U | x1 << (uint32_t)25U;
-      os[i] = x10;);
-    uint32_t *r15 = wv + (uint32_t)4U;
-    uint32_t *r21 = wv + (uint32_t)8U;
-    uint32_t *r31 = wv + (uint32_t)12U;
-    uint32_t *r110 = r15;
-    uint32_t x00 = r110[1U];
-    uint32_t x10 = r110[2U];
-    uint32_t x20 = r110[3U];
-    uint32_t x30 = r110[0U];
-    r110[0U] = x00;
-    r110[1U] = x10;
-    r110[2U] = x20;
-    r110[3U] = x30;
-    uint32_t *r111 = r21;
-    uint32_t x01 = r111[2U];
-    uint32_t x11 = r111[3U];
-    uint32_t x21 = r111[0U];
-    uint32_t x31 = r111[1U];
-    r111[0U] = x01;
-    r111[1U] = x11;
-    r111[2U] = x21;
-    r111[3U] = x31;
-    uint32_t *r112 = r31;
-    uint32_t x02 = r112[3U];
-    uint32_t x12 = r112[0U];
-    uint32_t x22 = r112[1U];
-    uint32_t x32 = r112[2U];
-    r112[0U] = x02;
-    r112[1U] = x12;
-    r112[2U] = x22;
-    r112[3U] = x32;
-    uint32_t a0 = (uint32_t)0U;
-    uint32_t b = (uint32_t)1U;
-    uint32_t c = (uint32_t)2U;
-    uint32_t d1 = (uint32_t)3U;
-    uint32_t *wv_a = wv + a0 * (uint32_t)4U;
-    uint32_t *wv_b8 = wv + b * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a;
-      uint32_t x1 = wv_a[i] + wv_b8[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a;
-      uint32_t x1 = wv_a[i] + z[i];
-      os[i] = x1;);
-    uint32_t *wv_a8 = wv + d1 * (uint32_t)4U;
-    uint32_t *wv_b9 = wv + a0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a8;
-      uint32_t x1 = wv_a8[i] ^ wv_b9[i];
-      os[i] = x1;);
-    uint32_t *r16 = wv_a8;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r16;
-      uint32_t x1 = r16[i];
-      uint32_t x13 = x1 >> (uint32_t)16U | x1 << (uint32_t)16U;
-      os[i] = x13;);
-    uint32_t *wv_a9 = wv + c * (uint32_t)4U;
-    uint32_t *wv_b10 = wv + d1 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a9;
-      uint32_t x1 = wv_a9[i] + wv_b10[i];
-      os[i] = x1;);
-    uint32_t *wv_a10 = wv + b * (uint32_t)4U;
-    uint32_t *wv_b11 = wv + c * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a10;
-      uint32_t x1 = wv_a10[i] ^ wv_b11[i];
-      os[i] = x1;);
-    uint32_t *r17 = wv_a10;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r17;
-      uint32_t x1 = r17[i];
-      uint32_t x13 = x1 >> (uint32_t)12U | x1 << (uint32_t)20U;
-      os[i] = x13;);
-    uint32_t *wv_a11 = wv + a0 * (uint32_t)4U;
-    uint32_t *wv_b12 = wv + b * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a11;
-      uint32_t x1 = wv_a11[i] + wv_b12[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a11;
-      uint32_t x1 = wv_a11[i] + w[i];
-      os[i] = x1;);
-    uint32_t *wv_a12 = wv + d1 * (uint32_t)4U;
-    uint32_t *wv_b13 = wv + a0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a12;
-      uint32_t x1 = wv_a12[i] ^ wv_b13[i];
-      os[i] = x1;);
-    uint32_t *r18 = wv_a12;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r18;
-      uint32_t x1 = r18[i];
-      uint32_t x13 = x1 >> (uint32_t)8U | x1 << (uint32_t)24U;
-      os[i] = x13;);
-    uint32_t *wv_a13 = wv + c * (uint32_t)4U;
-    uint32_t *wv_b14 = wv + d1 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a13;
-      uint32_t x1 = wv_a13[i] + wv_b14[i];
-      os[i] = x1;);
-    uint32_t *wv_a14 = wv + b * (uint32_t)4U;
-    uint32_t *wv_b = wv + c * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a14;
-      uint32_t x1 = wv_a14[i] ^ wv_b[i];
-      os[i] = x1;);
-    uint32_t *r19 = wv_a14;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r19;
-      uint32_t x1 = r19[i];
-      uint32_t x13 = x1 >> (uint32_t)7U | x1 << (uint32_t)25U;
-      os[i] = x13;);
-    uint32_t *r113 = wv + (uint32_t)4U;
-    uint32_t *r2 = wv + (uint32_t)8U;
-    uint32_t *r3 = wv + (uint32_t)12U;
-    uint32_t *r11 = r113;
-    uint32_t x03 = r11[3U];
-    uint32_t x13 = r11[0U];
-    uint32_t x23 = r11[1U];
-    uint32_t x33 = r11[2U];
-    r11[0U] = x03;
-    r11[1U] = x13;
-    r11[2U] = x23;
-    r11[3U] = x33;
-    uint32_t *r114 = r2;
-    uint32_t x04 = r114[2U];
-    uint32_t x14 = r114[3U];
-    uint32_t x24 = r114[0U];
-    uint32_t x34 = r114[1U];
-    r114[0U] = x04;
-    r114[1U] = x14;
-    r114[2U] = x24;
-    r114[3U] = x34;
-    uint32_t *r115 = r3;
-    uint32_t x0 = r115[1U];
-    uint32_t x1 = r115[2U];
-    uint32_t x2 = r115[3U];
-    uint32_t x3 = r115[0U];
-    r115[0U] = x0;
-    r115[1U] = x1;
-    r115[2U] = x2;
-    r115[3U] = x3;);
-  uint32_t *s0 = hash;
-  uint32_t *s1 = hash + (uint32_t)4U;
-  uint32_t *r0 = wv;
-  uint32_t *r1 = wv + (uint32_t)4U;
-  uint32_t *r2 = wv + (uint32_t)8U;
-  uint32_t *r3 = wv + (uint32_t)12U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = s0;
-    uint32_t x = s0[i] ^ r0[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = s0;
-    uint32_t x = s0[i] ^ r2[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = s1;
-    uint32_t x = s1[i] ^ r1[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = s1;
-    uint32_t x = s1[i] ^ r3[i];
-    os[i] = x;);
-}
-
-void Hacl_Blake2s_32_blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn)
-{
-  uint32_t *r0 = hash;
-  uint32_t *r1 = hash + (uint32_t)4U;
-  uint32_t *r2 = hash + (uint32_t)8U;
-  uint32_t *r3 = hash + (uint32_t)12U;
-  uint32_t iv0 = Hacl_Impl_Blake2_Constants_ivTable_S[0U];
-  uint32_t iv1 = Hacl_Impl_Blake2_Constants_ivTable_S[1U];
-  uint32_t iv2 = Hacl_Impl_Blake2_Constants_ivTable_S[2U];
-  uint32_t iv3 = Hacl_Impl_Blake2_Constants_ivTable_S[3U];
-  uint32_t iv4 = Hacl_Impl_Blake2_Constants_ivTable_S[4U];
-  uint32_t iv5 = Hacl_Impl_Blake2_Constants_ivTable_S[5U];
-  uint32_t iv6 = Hacl_Impl_Blake2_Constants_ivTable_S[6U];
-  uint32_t iv7 = Hacl_Impl_Blake2_Constants_ivTable_S[7U];
-  r2[0U] = iv0;
-  r2[1U] = iv1;
-  r2[2U] = iv2;
-  r2[3U] = iv3;
-  r3[0U] = iv4;
-  r3[1U] = iv5;
-  r3[2U] = iv6;
-  r3[3U] = iv7;
-  uint32_t kk_shift_8 = kk << (uint32_t)8U;
-  uint32_t iv0_ = iv0 ^ ((uint32_t)0x01010000U ^ (kk_shift_8 ^ nn));
-  r0[0U] = iv0_;
-  r0[1U] = iv1;
-  r0[2U] = iv2;
-  r0[3U] = iv3;
-  r1[0U] = iv4;
-  r1[1U] = iv5;
-  r1[2U] = iv6;
-  r1[3U] = iv7;
-}
-
-void
-Hacl_Blake2s_32_blake2s_update_key(
-  uint32_t *wv,
-  uint32_t *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-)
-{
-  uint64_t lb = (uint64_t)(uint32_t)64U;
-  uint8_t b[64U] = { 0U };
-  memcpy(b, k, kk * sizeof (uint8_t));
-  if (ll == (uint32_t)0U)
-  {
-    blake2s_update_block(wv, hash, true, lb, b);
-  }
-  else
-  {
-    blake2s_update_block(wv, hash, false, lb, b);
-  }
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-void
-Hacl_Blake2s_32_blake2s_update_multi(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint8_t *blocks,
-  uint32_t nb
-)
-{
-  KRML_HOST_IGNORE(len);
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
-    uint8_t *b = blocks + i * (uint32_t)64U;
-    blake2s_update_block(wv, hash, false, totlen, b);
-  }
-}
-
-void
-Hacl_Blake2s_32_blake2s_update_last(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint32_t rem,
-  uint8_t *d
-)
-{
-  uint8_t b[64U] = { 0U };
-  uint8_t *last = d + len - rem;
-  memcpy(b, last, rem * sizeof (uint8_t));
-  uint64_t totlen = prev + (uint64_t)len;
-  blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-static void
-blake2s_update_blocks(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint8_t *blocks
-)
-{
-  uint32_t nb0 = len / (uint32_t)64U;
-  uint32_t rem0 = len % (uint32_t)64U;
-  K___uint32_t_uint32_t scrut;
-  if (rem0 == (uint32_t)0U && nb0 > (uint32_t)0U)
-  {
-    uint32_t nb_ = nb0 - (uint32_t)1U;
-    uint32_t rem_ = (uint32_t)64U;
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb_, .snd = rem_ });
-  }
-  else
-  {
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb0, .snd = rem0 });
-  }
-  uint32_t nb = scrut.fst;
-  uint32_t rem = scrut.snd;
-  Hacl_Blake2s_32_blake2s_update_multi(len, wv, hash, prev, blocks, nb);
-  Hacl_Blake2s_32_blake2s_update_last(len, wv, hash, prev, rem, blocks);
-}
-
-static inline void
-blake2s_update(uint32_t *wv, uint32_t *hash, uint32_t kk, uint8_t *k, uint32_t ll, uint8_t *d)
-{
-  uint64_t lb = (uint64_t)(uint32_t)64U;
-  if (kk > (uint32_t)0U)
-  {
-    Hacl_Blake2s_32_blake2s_update_key(wv, hash, kk, k, ll);
-    if (!(ll == (uint32_t)0U))
-    {
-      blake2s_update_blocks(ll, wv, hash, lb, d);
-      return;
-    }
-    return;
-  }
-  blake2s_update_blocks(ll, wv, hash, (uint64_t)(uint32_t)0U, d);
-}
-
-void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash)
-{
-  uint8_t b[32U] = { 0U };
-  uint8_t *first = b;
-  uint8_t *second = b + (uint32_t)16U;
-  uint32_t *row0 = hash;
-  uint32_t *row1 = hash + (uint32_t)4U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store32_le(first + i * (uint32_t)4U, row0[i]););
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store32_le(second + i * (uint32_t)4U, row1[i]););
-  uint8_t *final = b;
-  memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
-}
-
-/**
-Write the BLAKE2s digest of message `d` using key `k` into `output`.
-
-@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2s_32_blake2s(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-)
-{
-  uint32_t b[16U] = { 0U };
-  uint32_t b1[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_init(b, kk, nn);
-  blake2s_update(b1, b, kk, k, ll, d);
-  Hacl_Blake2s_32_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint32_t);
-  Lib_Memzero0_memzero(b, (uint32_t)16U, uint32_t);
-}
-
-uint32_t *Hacl_Blake2s_32_blake2s_malloc(void)
-{
-  uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
-  return buf;
-}
-
diff --git a/src/Hacl_Hash_Blake2b.c b/src/Hacl_Hash_Blake2b.c
new file mode 100644
index 00000000..2dceaf4b
--- /dev/null
+++ b/src/Hacl_Hash_Blake2b.c
@@ -0,0 +1,971 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_Hash_Blake2b.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
+
+static void
+update_block(uint64_t *wv, uint64_t *hash, bool flag, FStar_UInt128_uint128 totlen, uint8_t *d)
+{
+  uint64_t m_w[16U] = { 0U };
+  KRML_MAYBE_FOR16(i,
+    0U,
+    16U,
+    1U,
+    uint64_t *os = m_w;
+    uint8_t *bj = d + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  uint64_t mask[4U] = { 0U };
+  uint64_t wv_14;
+  if (flag)
+  {
+    wv_14 = 0xFFFFFFFFFFFFFFFFULL;
+  }
+  else
+  {
+    wv_14 = 0ULL;
+  }
+  uint64_t wv_15 = 0ULL;
+  mask[0U] = FStar_UInt128_uint128_to_uint64(totlen);
+  mask[1U] = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(totlen, 64U));
+  mask[2U] = wv_14;
+  mask[3U] = wv_15;
+  memcpy(wv, hash, 16U * sizeof (uint64_t));
+  uint64_t *wv3 = wv + 12U;
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = wv3;
+    uint64_t x = wv3[i] ^ mask[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR12(i0,
+    0U,
+    12U,
+    1U,
+    uint32_t start_idx = i0 % 10U * 16U;
+    uint64_t m_st[16U] = { 0U };
+    uint64_t *r0 = m_st;
+    uint64_t *r1 = m_st + 4U;
+    uint64_t *r20 = m_st + 8U;
+    uint64_t *r30 = m_st + 12U;
+    uint32_t s0 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 0U];
+    uint32_t s1 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 1U];
+    uint32_t s2 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 2U];
+    uint32_t s3 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 3U];
+    uint32_t s4 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 4U];
+    uint32_t s5 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 5U];
+    uint32_t s6 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 6U];
+    uint32_t s7 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 7U];
+    uint32_t s8 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 8U];
+    uint32_t s9 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 9U];
+    uint32_t s10 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 10U];
+    uint32_t s11 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 11U];
+    uint32_t s12 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 12U];
+    uint32_t s13 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 13U];
+    uint32_t s14 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 14U];
+    uint32_t s15 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 15U];
+    uint64_t uu____0 = m_w[s2];
+    uint64_t uu____1 = m_w[s4];
+    uint64_t uu____2 = m_w[s6];
+    r0[0U] = m_w[s0];
+    r0[1U] = uu____0;
+    r0[2U] = uu____1;
+    r0[3U] = uu____2;
+    uint64_t uu____3 = m_w[s3];
+    uint64_t uu____4 = m_w[s5];
+    uint64_t uu____5 = m_w[s7];
+    r1[0U] = m_w[s1];
+    r1[1U] = uu____3;
+    r1[2U] = uu____4;
+    r1[3U] = uu____5;
+    uint64_t uu____6 = m_w[s10];
+    uint64_t uu____7 = m_w[s12];
+    uint64_t uu____8 = m_w[s14];
+    r20[0U] = m_w[s8];
+    r20[1U] = uu____6;
+    r20[2U] = uu____7;
+    r20[3U] = uu____8;
+    uint64_t uu____9 = m_w[s11];
+    uint64_t uu____10 = m_w[s13];
+    uint64_t uu____11 = m_w[s15];
+    r30[0U] = m_w[s9];
+    r30[1U] = uu____9;
+    r30[2U] = uu____10;
+    r30[3U] = uu____11;
+    uint64_t *x = m_st;
+    uint64_t *y = m_st + 4U;
+    uint64_t *z = m_st + 8U;
+    uint64_t *w = m_st + 12U;
+    uint32_t a = 0U;
+    uint32_t b0 = 1U;
+    uint32_t c0 = 2U;
+    uint32_t d10 = 3U;
+    uint64_t *wv_a0 = wv + a * 4U;
+    uint64_t *wv_b0 = wv + b0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a0;
+      uint64_t x1 = wv_a0[i] + wv_b0[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a0;
+      uint64_t x1 = wv_a0[i] + x[i];
+      os[i] = x1;);
+    uint64_t *wv_a1 = wv + d10 * 4U;
+    uint64_t *wv_b1 = wv + a * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a1;
+      uint64_t x1 = wv_a1[i] ^ wv_b1[i];
+      os[i] = x1;);
+    uint64_t *r10 = wv_a1;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r10;
+      uint64_t x1 = r10[i];
+      uint64_t x10 = x1 >> 32U | x1 << 32U;
+      os[i] = x10;);
+    uint64_t *wv_a2 = wv + c0 * 4U;
+    uint64_t *wv_b2 = wv + d10 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a2;
+      uint64_t x1 = wv_a2[i] + wv_b2[i];
+      os[i] = x1;);
+    uint64_t *wv_a3 = wv + b0 * 4U;
+    uint64_t *wv_b3 = wv + c0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a3;
+      uint64_t x1 = wv_a3[i] ^ wv_b3[i];
+      os[i] = x1;);
+    uint64_t *r12 = wv_a3;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r12;
+      uint64_t x1 = r12[i];
+      uint64_t x10 = x1 >> 24U | x1 << 40U;
+      os[i] = x10;);
+    uint64_t *wv_a4 = wv + a * 4U;
+    uint64_t *wv_b4 = wv + b0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a4;
+      uint64_t x1 = wv_a4[i] + wv_b4[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a4;
+      uint64_t x1 = wv_a4[i] + y[i];
+      os[i] = x1;);
+    uint64_t *wv_a5 = wv + d10 * 4U;
+    uint64_t *wv_b5 = wv + a * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a5;
+      uint64_t x1 = wv_a5[i] ^ wv_b5[i];
+      os[i] = x1;);
+    uint64_t *r13 = wv_a5;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r13;
+      uint64_t x1 = r13[i];
+      uint64_t x10 = x1 >> 16U | x1 << 48U;
+      os[i] = x10;);
+    uint64_t *wv_a6 = wv + c0 * 4U;
+    uint64_t *wv_b6 = wv + d10 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a6;
+      uint64_t x1 = wv_a6[i] + wv_b6[i];
+      os[i] = x1;);
+    uint64_t *wv_a7 = wv + b0 * 4U;
+    uint64_t *wv_b7 = wv + c0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a7;
+      uint64_t x1 = wv_a7[i] ^ wv_b7[i];
+      os[i] = x1;);
+    uint64_t *r14 = wv_a7;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r14;
+      uint64_t x1 = r14[i];
+      uint64_t x10 = x1 >> 63U | x1 << 1U;
+      os[i] = x10;);
+    uint64_t *r15 = wv + 4U;
+    uint64_t *r21 = wv + 8U;
+    uint64_t *r31 = wv + 12U;
+    uint64_t *r110 = r15;
+    uint64_t x00 = r110[1U];
+    uint64_t x10 = r110[2U];
+    uint64_t x20 = r110[3U];
+    uint64_t x30 = r110[0U];
+    r110[0U] = x00;
+    r110[1U] = x10;
+    r110[2U] = x20;
+    r110[3U] = x30;
+    uint64_t *r111 = r21;
+    uint64_t x01 = r111[2U];
+    uint64_t x11 = r111[3U];
+    uint64_t x21 = r111[0U];
+    uint64_t x31 = r111[1U];
+    r111[0U] = x01;
+    r111[1U] = x11;
+    r111[2U] = x21;
+    r111[3U] = x31;
+    uint64_t *r112 = r31;
+    uint64_t x02 = r112[3U];
+    uint64_t x12 = r112[0U];
+    uint64_t x22 = r112[1U];
+    uint64_t x32 = r112[2U];
+    r112[0U] = x02;
+    r112[1U] = x12;
+    r112[2U] = x22;
+    r112[3U] = x32;
+    uint32_t a0 = 0U;
+    uint32_t b = 1U;
+    uint32_t c = 2U;
+    uint32_t d1 = 3U;
+    uint64_t *wv_a = wv + a0 * 4U;
+    uint64_t *wv_b8 = wv + b * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a;
+      uint64_t x1 = wv_a[i] + wv_b8[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a;
+      uint64_t x1 = wv_a[i] + z[i];
+      os[i] = x1;);
+    uint64_t *wv_a8 = wv + d1 * 4U;
+    uint64_t *wv_b9 = wv + a0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a8;
+      uint64_t x1 = wv_a8[i] ^ wv_b9[i];
+      os[i] = x1;);
+    uint64_t *r16 = wv_a8;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r16;
+      uint64_t x1 = r16[i];
+      uint64_t x13 = x1 >> 32U | x1 << 32U;
+      os[i] = x13;);
+    uint64_t *wv_a9 = wv + c * 4U;
+    uint64_t *wv_b10 = wv + d1 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a9;
+      uint64_t x1 = wv_a9[i] + wv_b10[i];
+      os[i] = x1;);
+    uint64_t *wv_a10 = wv + b * 4U;
+    uint64_t *wv_b11 = wv + c * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a10;
+      uint64_t x1 = wv_a10[i] ^ wv_b11[i];
+      os[i] = x1;);
+    uint64_t *r17 = wv_a10;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r17;
+      uint64_t x1 = r17[i];
+      uint64_t x13 = x1 >> 24U | x1 << 40U;
+      os[i] = x13;);
+    uint64_t *wv_a11 = wv + a0 * 4U;
+    uint64_t *wv_b12 = wv + b * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a11;
+      uint64_t x1 = wv_a11[i] + wv_b12[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a11;
+      uint64_t x1 = wv_a11[i] + w[i];
+      os[i] = x1;);
+    uint64_t *wv_a12 = wv + d1 * 4U;
+    uint64_t *wv_b13 = wv + a0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a12;
+      uint64_t x1 = wv_a12[i] ^ wv_b13[i];
+      os[i] = x1;);
+    uint64_t *r18 = wv_a12;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r18;
+      uint64_t x1 = r18[i];
+      uint64_t x13 = x1 >> 16U | x1 << 48U;
+      os[i] = x13;);
+    uint64_t *wv_a13 = wv + c * 4U;
+    uint64_t *wv_b14 = wv + d1 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a13;
+      uint64_t x1 = wv_a13[i] + wv_b14[i];
+      os[i] = x1;);
+    uint64_t *wv_a14 = wv + b * 4U;
+    uint64_t *wv_b = wv + c * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a14;
+      uint64_t x1 = wv_a14[i] ^ wv_b[i];
+      os[i] = x1;);
+    uint64_t *r19 = wv_a14;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r19;
+      uint64_t x1 = r19[i];
+      uint64_t x13 = x1 >> 63U | x1 << 1U;
+      os[i] = x13;);
+    uint64_t *r113 = wv + 4U;
+    uint64_t *r2 = wv + 8U;
+    uint64_t *r3 = wv + 12U;
+    uint64_t *r11 = r113;
+    uint64_t x03 = r11[3U];
+    uint64_t x13 = r11[0U];
+    uint64_t x23 = r11[1U];
+    uint64_t x33 = r11[2U];
+    r11[0U] = x03;
+    r11[1U] = x13;
+    r11[2U] = x23;
+    r11[3U] = x33;
+    uint64_t *r114 = r2;
+    uint64_t x04 = r114[2U];
+    uint64_t x14 = r114[3U];
+    uint64_t x24 = r114[0U];
+    uint64_t x34 = r114[1U];
+    r114[0U] = x04;
+    r114[1U] = x14;
+    r114[2U] = x24;
+    r114[3U] = x34;
+    uint64_t *r115 = r3;
+    uint64_t x0 = r115[1U];
+    uint64_t x1 = r115[2U];
+    uint64_t x2 = r115[3U];
+    uint64_t x3 = r115[0U];
+    r115[0U] = x0;
+    r115[1U] = x1;
+    r115[2U] = x2;
+    r115[3U] = x3;);
+  uint64_t *s0 = hash;
+  uint64_t *s1 = hash + 4U;
+  uint64_t *r0 = wv;
+  uint64_t *r1 = wv + 4U;
+  uint64_t *r2 = wv + 8U;
+  uint64_t *r3 = wv + 12U;
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = s0;
+    uint64_t x = s0[i] ^ r0[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = s0;
+    uint64_t x = s0[i] ^ r2[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = s1;
+    uint64_t x = s1[i] ^ r1[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = s1;
+    uint64_t x = s1[i] ^ r3[i];
+    os[i] = x;);
+}
+
+void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn)
+{
+  uint64_t *r0 = hash;
+  uint64_t *r1 = hash + 4U;
+  uint64_t *r2 = hash + 8U;
+  uint64_t *r3 = hash + 12U;
+  uint64_t iv0 = Hacl_Hash_Blake2s_ivTable_B[0U];
+  uint64_t iv1 = Hacl_Hash_Blake2s_ivTable_B[1U];
+  uint64_t iv2 = Hacl_Hash_Blake2s_ivTable_B[2U];
+  uint64_t iv3 = Hacl_Hash_Blake2s_ivTable_B[3U];
+  uint64_t iv4 = Hacl_Hash_Blake2s_ivTable_B[4U];
+  uint64_t iv5 = Hacl_Hash_Blake2s_ivTable_B[5U];
+  uint64_t iv6 = Hacl_Hash_Blake2s_ivTable_B[6U];
+  uint64_t iv7 = Hacl_Hash_Blake2s_ivTable_B[7U];
+  r2[0U] = iv0;
+  r2[1U] = iv1;
+  r2[2U] = iv2;
+  r2[3U] = iv3;
+  r3[0U] = iv4;
+  r3[1U] = iv5;
+  r3[2U] = iv6;
+  r3[3U] = iv7;
+  uint64_t kk_shift_8 = (uint64_t)kk << 8U;
+  uint64_t iv0_ = iv0 ^ (0x01010000ULL ^ (kk_shift_8 ^ (uint64_t)nn));
+  r0[0U] = iv0_;
+  r0[1U] = iv1;
+  r0[2U] = iv2;
+  r0[3U] = iv3;
+  r1[0U] = iv4;
+  r1[1U] = iv5;
+  r1[2U] = iv6;
+  r1[3U] = iv7;
+}
+
+static void update_key(uint64_t *wv, uint64_t *hash, uint32_t kk, uint8_t *k, uint32_t ll)
+{
+  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)128U);
+  uint8_t b[128U] = { 0U };
+  memcpy(b, k, kk * sizeof (uint8_t));
+  if (ll == 0U)
+  {
+    update_block(wv, hash, true, lb, b);
+  }
+  else
+  {
+    update_block(wv, hash, false, lb, b);
+  }
+  Lib_Memzero0_memzero(b, 128U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2b_update_multi(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks,
+  uint32_t nb
+)
+{
+  KRML_MAYBE_UNUSED_VAR(len);
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    FStar_UInt128_uint128
+    totlen =
+      FStar_UInt128_add_mod(prev,
+        FStar_UInt128_uint64_to_uint128((uint64_t)((i + 1U) * 128U)));
+    uint8_t *b = blocks + i * 128U;
+    update_block(wv, hash, false, totlen, b);
+  }
+}
+
+void
+Hacl_Hash_Blake2b_update_last(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint32_t rem,
+  uint8_t *d
+)
+{
+  uint8_t b[128U] = { 0U };
+  uint8_t *last = d + len - rem;
+  memcpy(b, last, rem * sizeof (uint8_t));
+  FStar_UInt128_uint128
+  totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
+  update_block(wv, hash, true, totlen, b);
+  Lib_Memzero0_memzero(b, 128U, uint8_t);
+}
+
+static void
+update_blocks(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks
+)
+{
+  uint32_t nb0 = len / 128U;
+  uint32_t rem0 = len % 128U;
+  uint32_t nb;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    nb = nb0 - 1U;
+  }
+  else
+  {
+    nb = nb0;
+  }
+  uint32_t rem;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    rem = 128U;
+  }
+  else
+  {
+    rem = rem0;
+  }
+  Hacl_Hash_Blake2b_update_multi(len, wv, hash, prev, blocks, nb);
+  Hacl_Hash_Blake2b_update_last(len, wv, hash, prev, rem, blocks);
+}
+
+static inline void
+update(uint64_t *wv, uint64_t *hash, uint32_t kk, uint8_t *k, uint32_t ll, uint8_t *d)
+{
+  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)128U);
+  if (kk > 0U)
+  {
+    update_key(wv, hash, kk, k, ll);
+    if (!(ll == 0U))
+    {
+      update_blocks(ll, wv, hash, lb, d);
+      return;
+    }
+    return;
+  }
+  update_blocks(ll, wv, hash, FStar_UInt128_uint64_to_uint128((uint64_t)0U), d);
+}
+
+void Hacl_Hash_Blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash)
+{
+  uint8_t b[64U] = { 0U };
+  uint8_t *first = b;
+  uint8_t *second = b + 32U;
+  uint64_t *row0 = hash;
+  uint64_t *row1 = hash + 4U;
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_le(first + i * 8U, row0[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_le(second + i * 8U, row1[i]););
+  uint8_t *final = b;
+  memcpy(output, final, nn * sizeof (uint8_t));
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2b_state_t *Hacl_Hash_Blake2b_malloc(void)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  uint64_t *wv = (uint64_t *)KRML_HOST_CALLOC(16U, sizeof (uint64_t));
+  uint64_t *b = (uint64_t *)KRML_HOST_CALLOC(16U, sizeof (uint64_t));
+  Hacl_Hash_Blake2b_block_state_t block_state = { .fst = wv, .snd = b };
+  Hacl_Hash_Blake2b_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  Hacl_Hash_Blake2b_state_t
+  *p = (Hacl_Hash_Blake2b_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_Blake2b_state_t));
+  p[0U] = s;
+  Hacl_Hash_Blake2b_init(block_state.snd, 0U, 64U);
+  return p;
+}
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2b_reset(Hacl_Hash_Blake2b_state_t *state)
+{
+  Hacl_Hash_Blake2b_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2b_block_state_t block_state = scrut.block_state;
+  Hacl_Hash_Blake2b_init(block_state.snd, 0U, 64U);
+  Hacl_Hash_Blake2b_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
+}
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint32_t chunk_len)
+{
+  Hacl_Hash_Blake2b_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
+  {
+    sz = 128U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)128U);
+  }
+  if (chunk_len <= 128U - sz)
+  {
+    Hacl_Hash_Blake2b_state_t s1 = *state;
+    Hacl_Hash_Blake2b_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_Hash_Blake2b_state_t s1 = *state;
+    Hacl_Hash_Blake2b_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      uint64_t *wv = block_state1.fst;
+      uint64_t *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2b_update_multi(128U,
+        wv,
+        hash,
+        FStar_UInt128_uint64_to_uint128(prevlen),
+        buf,
+        nb);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)128U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 128U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)128U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    uint64_t *wv = block_state1.fst;
+    uint64_t *hash = block_state1.snd;
+    uint32_t nb = data1_len / 128U;
+    Hacl_Hash_Blake2b_update_multi(data1_len,
+      wv,
+      hash,
+      FStar_UInt128_uint64_to_uint128(total_len1),
+      data1,
+      nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 128U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_Blake2b_state_t s1 = *state;
+    Hacl_Hash_Blake2b_block_state_t block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)128U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 128U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)128U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2
+        }
+      );
+    Hacl_Hash_Blake2b_state_t s10 = *state;
+    Hacl_Hash_Blake2b_block_state_t block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      uint64_t *wv = block_state1.fst;
+      uint64_t *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2b_update_multi(128U,
+        wv,
+        hash,
+        FStar_UInt128_uint64_to_uint128(prevlen),
+        buf,
+        nb);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)128U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 128U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)128U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    uint64_t *wv = block_state1.fst;
+    uint64_t *hash = block_state1.snd;
+    uint32_t nb = data1_len / 128U;
+    Hacl_Hash_Blake2b_update_multi(data1_len,
+      wv,
+      hash,
+      FStar_UInt128_uint64_to_uint128(total_len1),
+      data1,
+      nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+/**
+  Finish function when there is no key
+*/
+void Hacl_Hash_Blake2b_digest(Hacl_Hash_Blake2b_state_t *state, uint8_t *output)
+{
+  Hacl_Hash_Blake2b_state_t scrut = *state;
+  Hacl_Hash_Blake2b_block_state_t block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint32_t r;
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
+  {
+    r = 128U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)128U);
+  }
+  uint8_t *buf_1 = buf_;
+  uint64_t wv0[16U] = { 0U };
+  uint64_t b[16U] = { 0U };
+  Hacl_Hash_Blake2b_block_state_t tmp_block_state = { .fst = wv0, .snd = b };
+  uint64_t *src_b = block_state.snd;
+  uint64_t *dst_b = tmp_block_state.snd;
+  memcpy(dst_b, src_b, 16U * sizeof (uint64_t));
+  uint64_t prev_len = total_len - (uint64_t)r;
+  uint32_t ite;
+  if (r % 128U == 0U && r > 0U)
+  {
+    ite = 128U;
+  }
+  else
+  {
+    ite = r % 128U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  uint64_t *wv1 = tmp_block_state.fst;
+  uint64_t *hash0 = tmp_block_state.snd;
+  uint32_t nb = 0U;
+  Hacl_Hash_Blake2b_update_multi(0U,
+    wv1,
+    hash0,
+    FStar_UInt128_uint64_to_uint128(prev_len),
+    buf_multi,
+    nb);
+  uint64_t prev_len_last = total_len - (uint64_t)r;
+  uint64_t *wv = tmp_block_state.fst;
+  uint64_t *hash = tmp_block_state.snd;
+  Hacl_Hash_Blake2b_update_last(r,
+    wv,
+    hash,
+    FStar_UInt128_uint64_to_uint128(prev_len_last),
+    r,
+    buf_last);
+  Hacl_Hash_Blake2b_finish(64U, output, tmp_block_state.snd);
+}
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2b_free(Hacl_Hash_Blake2b_state_t *state)
+{
+  Hacl_Hash_Blake2b_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2b_block_state_t block_state = scrut.block_state;
+  uint64_t *wv = block_state.fst;
+  uint64_t *b = block_state.snd;
+  KRML_HOST_FREE(wv);
+  KRML_HOST_FREE(b);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+/**
+Write the BLAKE2b digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2b_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+)
+{
+  uint64_t b[16U] = { 0U };
+  uint64_t b1[16U] = { 0U };
+  Hacl_Hash_Blake2b_init(b, key_len, output_len);
+  update(b1, b, key_len, key, input_len, input);
+  Hacl_Hash_Blake2b_finish(output_len, output, b);
+  Lib_Memzero0_memzero(b1, 16U, uint64_t);
+  Lib_Memzero0_memzero(b, 16U, uint64_t);
+}
+
diff --git a/src/Hacl_Hash_Blake2b_256.c b/src/Hacl_Hash_Blake2b_256.c
deleted file mode 100644
index b37ffc5f..00000000
--- a/src/Hacl_Hash_Blake2b_256.c
+++ /dev/null
@@ -1,499 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Hash_Blake2b_256.h"
-
-#include "internal/Hacl_Impl_Blake2_Constants.h"
-#include "internal/Hacl_Hash_Blake2.h"
-#include "lib_memzero0.h"
-
-static inline void
-blake2b_update_block(
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  bool flag,
-  FStar_UInt128_uint128 totlen,
-  uint8_t *d
-)
-{
-  uint64_t m_w[16U] = { 0U };
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t *os = m_w;
-    uint8_t *bj = d + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_zero;
-  uint64_t wv_14;
-  if (flag)
-  {
-    wv_14 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  }
-  else
-  {
-    wv_14 = (uint64_t)0U;
-  }
-  uint64_t wv_15 = (uint64_t)0U;
-  mask =
-    Lib_IntVector_Intrinsics_vec256_load64s(FStar_UInt128_uint128_to_uint64(totlen),
-      FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(totlen, (uint32_t)64U)),
-      wv_14,
-      wv_15);
-  memcpy(wv, hash, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Lib_IntVector_Intrinsics_vec256 *wv3 = wv + (uint32_t)3U;
-  wv3[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv3[0U], mask);
-  KRML_MAYBE_FOR12(i,
-    (uint32_t)0U,
-    (uint32_t)12U,
-    (uint32_t)1U,
-    uint32_t start_idx = i % (uint32_t)10U * (uint32_t)16U;
-    KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 m_st[4U] KRML_POST_ALIGN(32) = { 0U };
-    Lib_IntVector_Intrinsics_vec256 *r0 = m_st;
-    Lib_IntVector_Intrinsics_vec256 *r1 = m_st + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *r20 = m_st + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec256 *r30 = m_st + (uint32_t)3U;
-    uint32_t s0 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)0U];
-    uint32_t s1 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)1U];
-    uint32_t s2 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)2U];
-    uint32_t s3 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)3U];
-    uint32_t s4 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)4U];
-    uint32_t s5 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)5U];
-    uint32_t s6 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)6U];
-    uint32_t s7 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)7U];
-    uint32_t s8 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)8U];
-    uint32_t s9 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)9U];
-    uint32_t s10 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)10U];
-    uint32_t s11 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)11U];
-    uint32_t s12 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)12U];
-    uint32_t s13 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)13U];
-    uint32_t s14 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)14U];
-    uint32_t s15 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)15U];
-    r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s0], m_w[s2], m_w[s4], m_w[s6]);
-    r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s1], m_w[s3], m_w[s5], m_w[s7]);
-    r20[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s8], m_w[s10], m_w[s12], m_w[s14]);
-    r30[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s9], m_w[s11], m_w[s13], m_w[s15]);
-    Lib_IntVector_Intrinsics_vec256 *x = m_st;
-    Lib_IntVector_Intrinsics_vec256 *y = m_st + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *z = m_st + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec256 *w = m_st + (uint32_t)3U;
-    uint32_t a = (uint32_t)0U;
-    uint32_t b0 = (uint32_t)1U;
-    uint32_t c0 = (uint32_t)2U;
-    uint32_t d10 = (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec256 *wv_a0 = wv + a * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b0 = wv + b0 * (uint32_t)1U;
-    wv_a0[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a0[0U], wv_b0[0U]);
-    wv_a0[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a0[0U], x[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a1 = wv + d10 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b1 = wv + a * (uint32_t)1U;
-    wv_a1[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a1[0U], wv_b1[0U]);
-    wv_a1[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a1[0U], (uint32_t)32U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a2 = wv + c0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b2 = wv + d10 * (uint32_t)1U;
-    wv_a2[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a2[0U], wv_b2[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a3 = wv + b0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b3 = wv + c0 * (uint32_t)1U;
-    wv_a3[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a3[0U], wv_b3[0U]);
-    wv_a3[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a3[0U], (uint32_t)24U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a4 = wv + a * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b4 = wv + b0 * (uint32_t)1U;
-    wv_a4[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a4[0U], wv_b4[0U]);
-    wv_a4[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a4[0U], y[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a5 = wv + d10 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b5 = wv + a * (uint32_t)1U;
-    wv_a5[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a5[0U], wv_b5[0U]);
-    wv_a5[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a5[0U], (uint32_t)16U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a6 = wv + c0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b6 = wv + d10 * (uint32_t)1U;
-    wv_a6[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a6[0U], wv_b6[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a7 = wv + b0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b7 = wv + c0 * (uint32_t)1U;
-    wv_a7[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a7[0U], wv_b7[0U]);
-    wv_a7[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a7[0U], (uint32_t)63U);
-    Lib_IntVector_Intrinsics_vec256 *r10 = wv + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *r21 = wv + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec256 *r31 = wv + (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec256 v00 = r10[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v1 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v00, (uint32_t)1U);
-    r10[0U] = v1;
-    Lib_IntVector_Intrinsics_vec256 v01 = r21[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v10 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v01, (uint32_t)2U);
-    r21[0U] = v10;
-    Lib_IntVector_Intrinsics_vec256 v02 = r31[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v11 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v02, (uint32_t)3U);
-    r31[0U] = v11;
-    uint32_t a0 = (uint32_t)0U;
-    uint32_t b = (uint32_t)1U;
-    uint32_t c = (uint32_t)2U;
-    uint32_t d1 = (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec256 *wv_a = wv + a0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b8 = wv + b * (uint32_t)1U;
-    wv_a[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a[0U], wv_b8[0U]);
-    wv_a[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a[0U], z[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a8 = wv + d1 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b9 = wv + a0 * (uint32_t)1U;
-    wv_a8[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a8[0U], wv_b9[0U]);
-    wv_a8[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a8[0U], (uint32_t)32U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a9 = wv + c * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b10 = wv + d1 * (uint32_t)1U;
-    wv_a9[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a9[0U], wv_b10[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a10 = wv + b * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b11 = wv + c * (uint32_t)1U;
-    wv_a10[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a10[0U], wv_b11[0U]);
-    wv_a10[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a10[0U], (uint32_t)24U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a11 = wv + a0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b12 = wv + b * (uint32_t)1U;
-    wv_a11[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a11[0U], wv_b12[0U]);
-    wv_a11[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a11[0U], w[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a12 = wv + d1 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b13 = wv + a0 * (uint32_t)1U;
-    wv_a12[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a12[0U], wv_b13[0U]);
-    wv_a12[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a12[0U], (uint32_t)16U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a13 = wv + c * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b14 = wv + d1 * (uint32_t)1U;
-    wv_a13[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a13[0U], wv_b14[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a14 = wv + b * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b = wv + c * (uint32_t)1U;
-    wv_a14[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a14[0U], wv_b[0U]);
-    wv_a14[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a14[0U], (uint32_t)63U);
-    Lib_IntVector_Intrinsics_vec256 *r11 = wv + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *r2 = wv + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec256 *r3 = wv + (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec256 v0 = r11[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v12 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v0, (uint32_t)3U);
-    r11[0U] = v12;
-    Lib_IntVector_Intrinsics_vec256 v03 = r2[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v13 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v03, (uint32_t)2U);
-    r2[0U] = v13;
-    Lib_IntVector_Intrinsics_vec256 v04 = r3[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v14 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v04, (uint32_t)1U);
-    r3[0U] = v14;);
-  Lib_IntVector_Intrinsics_vec256 *s0 = hash;
-  Lib_IntVector_Intrinsics_vec256 *s1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r0 = wv;
-  Lib_IntVector_Intrinsics_vec256 *r1 = wv + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r2 = wv + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec256 *r3 = wv + (uint32_t)3U;
-  s0[0U] = Lib_IntVector_Intrinsics_vec256_xor(s0[0U], r0[0U]);
-  s0[0U] = Lib_IntVector_Intrinsics_vec256_xor(s0[0U], r2[0U]);
-  s1[0U] = Lib_IntVector_Intrinsics_vec256_xor(s1[0U], r1[0U]);
-  s1[0U] = Lib_IntVector_Intrinsics_vec256_xor(s1[0U], r3[0U]);
-}
-
-void
-Hacl_Blake2b_256_blake2b_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn)
-{
-  Lib_IntVector_Intrinsics_vec256 *r0 = hash;
-  Lib_IntVector_Intrinsics_vec256 *r1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r2 = hash + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec256 *r3 = hash + (uint32_t)3U;
-  uint64_t iv0 = Hacl_Impl_Blake2_Constants_ivTable_B[0U];
-  uint64_t iv1 = Hacl_Impl_Blake2_Constants_ivTable_B[1U];
-  uint64_t iv2 = Hacl_Impl_Blake2_Constants_ivTable_B[2U];
-  uint64_t iv3 = Hacl_Impl_Blake2_Constants_ivTable_B[3U];
-  uint64_t iv4 = Hacl_Impl_Blake2_Constants_ivTable_B[4U];
-  uint64_t iv5 = Hacl_Impl_Blake2_Constants_ivTable_B[5U];
-  uint64_t iv6 = Hacl_Impl_Blake2_Constants_ivTable_B[6U];
-  uint64_t iv7 = Hacl_Impl_Blake2_Constants_ivTable_B[7U];
-  r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0, iv1, iv2, iv3);
-  r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7);
-  uint64_t kk_shift_8 = (uint64_t)kk << (uint32_t)8U;
-  uint64_t iv0_ = iv0 ^ ((uint64_t)0x01010000U ^ (kk_shift_8 ^ (uint64_t)nn));
-  r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0_, iv1, iv2, iv3);
-  r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7);
-}
-
-void
-Hacl_Blake2b_256_blake2b_update_key(
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-)
-{
-  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U);
-  uint8_t b[128U] = { 0U };
-  memcpy(b, k, kk * sizeof (uint8_t));
-  if (ll == (uint32_t)0U)
-  {
-    blake2b_update_block(wv, hash, true, lb, b);
-  }
-  else
-  {
-    blake2b_update_block(wv, hash, false, lb, b);
-  }
-  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
-}
-
-void
-Hacl_Blake2b_256_blake2b_update_multi(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks,
-  uint32_t nb
-)
-{
-  KRML_HOST_IGNORE(len);
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    FStar_UInt128_uint128
-    totlen =
-      FStar_UInt128_add_mod(prev,
-        FStar_UInt128_uint64_to_uint128((uint64_t)((i + (uint32_t)1U) * (uint32_t)128U)));
-    uint8_t *b = blocks + i * (uint32_t)128U;
-    blake2b_update_block(wv, hash, false, totlen, b);
-  }
-}
-
-void
-Hacl_Blake2b_256_blake2b_update_last(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  FStar_UInt128_uint128 prev,
-  uint32_t rem,
-  uint8_t *d
-)
-{
-  uint8_t b[128U] = { 0U };
-  uint8_t *last = d + len - rem;
-  memcpy(b, last, rem * sizeof (uint8_t));
-  FStar_UInt128_uint128
-  totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
-  blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
-}
-
-static inline void
-blake2b_update_blocks(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks
-)
-{
-  uint32_t nb0 = len / (uint32_t)128U;
-  uint32_t rem0 = len % (uint32_t)128U;
-  K___uint32_t_uint32_t scrut;
-  if (rem0 == (uint32_t)0U && nb0 > (uint32_t)0U)
-  {
-    uint32_t nb_ = nb0 - (uint32_t)1U;
-    uint32_t rem_ = (uint32_t)128U;
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb_, .snd = rem_ });
-  }
-  else
-  {
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb0, .snd = rem0 });
-  }
-  uint32_t nb = scrut.fst;
-  uint32_t rem = scrut.snd;
-  Hacl_Blake2b_256_blake2b_update_multi(len, wv, hash, prev, blocks, nb);
-  Hacl_Blake2b_256_blake2b_update_last(len, wv, hash, prev, rem, blocks);
-}
-
-static inline void
-blake2b_update(
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll,
-  uint8_t *d
-)
-{
-  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U);
-  if (kk > (uint32_t)0U)
-  {
-    Hacl_Blake2b_256_blake2b_update_key(wv, hash, kk, k, ll);
-    if (!(ll == (uint32_t)0U))
-    {
-      blake2b_update_blocks(ll, wv, hash, lb, d);
-      return;
-    }
-    return;
-  }
-  blake2b_update_blocks(ll,
-    wv,
-    hash,
-    FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)0U),
-    d);
-}
-
-void
-Hacl_Blake2b_256_blake2b_finish(
-  uint32_t nn,
-  uint8_t *output,
-  Lib_IntVector_Intrinsics_vec256 *hash
-)
-{
-  uint8_t b[64U] = { 0U };
-  uint8_t *first = b;
-  uint8_t *second = b + (uint32_t)32U;
-  Lib_IntVector_Intrinsics_vec256 *row0 = hash;
-  Lib_IntVector_Intrinsics_vec256 *row1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256_store64_le(first, row0[0U]);
-  Lib_IntVector_Intrinsics_vec256_store64_le(second, row1[0U]);
-  uint8_t *final = b;
-  memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-/**
-Write the BLAKE2b digest of message `d` using key `k` into `output`.
-
-@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2b_256_blake2b(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-)
-{
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b[4U] KRML_POST_ALIGN(32) = { 0U };
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b1[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_init(b, kk, nn);
-  blake2b_update(b1, b, kk, k, ll, d);
-  Hacl_Blake2b_256_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
-  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
-}
-
-void
-Hacl_Blake2b_256_load_state256b_from_state32(
-  Lib_IntVector_Intrinsics_vec256 *st,
-  uint64_t *st32
-)
-{
-  Lib_IntVector_Intrinsics_vec256 *r0 = st;
-  Lib_IntVector_Intrinsics_vec256 *r1 = st + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r2 = st + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec256 *r3 = st + (uint32_t)3U;
-  uint64_t *b0 = st32;
-  uint64_t *b1 = st32 + (uint32_t)4U;
-  uint64_t *b2 = st32 + (uint32_t)8U;
-  uint64_t *b3 = st32 + (uint32_t)12U;
-  r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b0[0U], b0[1U], b0[2U], b0[3U]);
-  r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b1[0U], b1[1U], b1[2U], b1[3U]);
-  r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b2[0U], b2[1U], b2[2U], b2[3U]);
-  r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b3[0U], b3[1U], b3[2U], b3[3U]);
-}
-
-void
-Hacl_Blake2b_256_store_state256b_to_state32(
-  uint64_t *st32,
-  Lib_IntVector_Intrinsics_vec256 *st
-)
-{
-  Lib_IntVector_Intrinsics_vec256 *r0 = st;
-  Lib_IntVector_Intrinsics_vec256 *r1 = st + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r2 = st + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec256 *r3 = st + (uint32_t)3U;
-  uint64_t *b0 = st32;
-  uint64_t *b1 = st32 + (uint32_t)4U;
-  uint64_t *b2 = st32 + (uint32_t)8U;
-  uint64_t *b3 = st32 + (uint32_t)12U;
-  uint8_t b8[32U] = { 0U };
-  Lib_IntVector_Intrinsics_vec256_store64_le(b8, r0[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = b0;
-    uint8_t *bj = b8 + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  uint8_t b80[32U] = { 0U };
-  Lib_IntVector_Intrinsics_vec256_store64_le(b80, r1[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = b1;
-    uint8_t *bj = b80 + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  uint8_t b81[32U] = { 0U };
-  Lib_IntVector_Intrinsics_vec256_store64_le(b81, r2[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = b2;
-    uint8_t *bj = b81 + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  uint8_t b82[32U] = { 0U };
-  Lib_IntVector_Intrinsics_vec256_store64_le(b82, r3[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = b3;
-    uint8_t *bj = b82 + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-}
-
-Lib_IntVector_Intrinsics_vec256 *Hacl_Blake2b_256_blake2b_malloc(void)
-{
-  Lib_IntVector_Intrinsics_vec256
-  *buf =
-    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
-      sizeof (Lib_IntVector_Intrinsics_vec256) * (uint32_t)4U);
-  memset(buf, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  return buf;
-}
-
diff --git a/src/Hacl_Hash_Blake2b_Simd256.c b/src/Hacl_Hash_Blake2b_Simd256.c
new file mode 100644
index 00000000..1a5e8cf2
--- /dev/null
+++ b/src/Hacl_Hash_Blake2b_Simd256.c
@@ -0,0 +1,828 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_Hash_Blake2b_Simd256.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
+
+static inline void
+update_block(
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  bool flag,
+  FStar_UInt128_uint128 totlen,
+  uint8_t *d
+)
+{
+  uint64_t m_w[16U] = { 0U };
+  KRML_MAYBE_FOR16(i,
+    0U,
+    16U,
+    1U,
+    uint64_t *os = m_w;
+    uint8_t *bj = d + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_zero;
+  uint64_t wv_14;
+  if (flag)
+  {
+    wv_14 = 0xFFFFFFFFFFFFFFFFULL;
+  }
+  else
+  {
+    wv_14 = 0ULL;
+  }
+  uint64_t wv_15 = 0ULL;
+  mask =
+    Lib_IntVector_Intrinsics_vec256_load64s(FStar_UInt128_uint128_to_uint64(totlen),
+      FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(totlen, 64U)),
+      wv_14,
+      wv_15);
+  memcpy(wv, hash, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Lib_IntVector_Intrinsics_vec256 *wv3 = wv + 3U;
+  wv3[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv3[0U], mask);
+  KRML_MAYBE_FOR12(i,
+    0U,
+    12U,
+    1U,
+    uint32_t start_idx = i % 10U * 16U;
+    KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 m_st[4U] KRML_POST_ALIGN(32) = { 0U };
+    Lib_IntVector_Intrinsics_vec256 *r0 = m_st;
+    Lib_IntVector_Intrinsics_vec256 *r1 = m_st + 1U;
+    Lib_IntVector_Intrinsics_vec256 *r20 = m_st + 2U;
+    Lib_IntVector_Intrinsics_vec256 *r30 = m_st + 3U;
+    uint32_t s0 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 0U];
+    uint32_t s1 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 1U];
+    uint32_t s2 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 2U];
+    uint32_t s3 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 3U];
+    uint32_t s4 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 4U];
+    uint32_t s5 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 5U];
+    uint32_t s6 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 6U];
+    uint32_t s7 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 7U];
+    uint32_t s8 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 8U];
+    uint32_t s9 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 9U];
+    uint32_t s10 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 10U];
+    uint32_t s11 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 11U];
+    uint32_t s12 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 12U];
+    uint32_t s13 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 13U];
+    uint32_t s14 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 14U];
+    uint32_t s15 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 15U];
+    r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s0], m_w[s2], m_w[s4], m_w[s6]);
+    r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s1], m_w[s3], m_w[s5], m_w[s7]);
+    r20[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s8], m_w[s10], m_w[s12], m_w[s14]);
+    r30[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s9], m_w[s11], m_w[s13], m_w[s15]);
+    Lib_IntVector_Intrinsics_vec256 *x = m_st;
+    Lib_IntVector_Intrinsics_vec256 *y = m_st + 1U;
+    Lib_IntVector_Intrinsics_vec256 *z = m_st + 2U;
+    Lib_IntVector_Intrinsics_vec256 *w = m_st + 3U;
+    uint32_t a = 0U;
+    uint32_t b0 = 1U;
+    uint32_t c0 = 2U;
+    uint32_t d10 = 3U;
+    Lib_IntVector_Intrinsics_vec256 *wv_a0 = wv + a * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b0 = wv + b0 * 1U;
+    wv_a0[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a0[0U], wv_b0[0U]);
+    wv_a0[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a0[0U], x[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a1 = wv + d10 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b1 = wv + a * 1U;
+    wv_a1[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a1[0U], wv_b1[0U]);
+    wv_a1[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a1[0U], 32U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a2 = wv + c0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b2 = wv + d10 * 1U;
+    wv_a2[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a2[0U], wv_b2[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a3 = wv + b0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b3 = wv + c0 * 1U;
+    wv_a3[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a3[0U], wv_b3[0U]);
+    wv_a3[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a3[0U], 24U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a4 = wv + a * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b4 = wv + b0 * 1U;
+    wv_a4[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a4[0U], wv_b4[0U]);
+    wv_a4[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a4[0U], y[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a5 = wv + d10 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b5 = wv + a * 1U;
+    wv_a5[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a5[0U], wv_b5[0U]);
+    wv_a5[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a5[0U], 16U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a6 = wv + c0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b6 = wv + d10 * 1U;
+    wv_a6[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a6[0U], wv_b6[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a7 = wv + b0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b7 = wv + c0 * 1U;
+    wv_a7[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a7[0U], wv_b7[0U]);
+    wv_a7[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a7[0U], 63U);
+    Lib_IntVector_Intrinsics_vec256 *r10 = wv + 1U;
+    Lib_IntVector_Intrinsics_vec256 *r21 = wv + 2U;
+    Lib_IntVector_Intrinsics_vec256 *r31 = wv + 3U;
+    Lib_IntVector_Intrinsics_vec256 v00 = r10[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v1 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v00, 1U);
+    r10[0U] = v1;
+    Lib_IntVector_Intrinsics_vec256 v01 = r21[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v10 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v01, 2U);
+    r21[0U] = v10;
+    Lib_IntVector_Intrinsics_vec256 v02 = r31[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v11 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v02, 3U);
+    r31[0U] = v11;
+    uint32_t a0 = 0U;
+    uint32_t b = 1U;
+    uint32_t c = 2U;
+    uint32_t d1 = 3U;
+    Lib_IntVector_Intrinsics_vec256 *wv_a = wv + a0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b8 = wv + b * 1U;
+    wv_a[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a[0U], wv_b8[0U]);
+    wv_a[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a[0U], z[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a8 = wv + d1 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b9 = wv + a0 * 1U;
+    wv_a8[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a8[0U], wv_b9[0U]);
+    wv_a8[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a8[0U], 32U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a9 = wv + c * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b10 = wv + d1 * 1U;
+    wv_a9[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a9[0U], wv_b10[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a10 = wv + b * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b11 = wv + c * 1U;
+    wv_a10[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a10[0U], wv_b11[0U]);
+    wv_a10[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a10[0U], 24U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a11 = wv + a0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b12 = wv + b * 1U;
+    wv_a11[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a11[0U], wv_b12[0U]);
+    wv_a11[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a11[0U], w[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a12 = wv + d1 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b13 = wv + a0 * 1U;
+    wv_a12[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a12[0U], wv_b13[0U]);
+    wv_a12[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a12[0U], 16U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a13 = wv + c * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b14 = wv + d1 * 1U;
+    wv_a13[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a13[0U], wv_b14[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a14 = wv + b * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b = wv + c * 1U;
+    wv_a14[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a14[0U], wv_b[0U]);
+    wv_a14[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a14[0U], 63U);
+    Lib_IntVector_Intrinsics_vec256 *r11 = wv + 1U;
+    Lib_IntVector_Intrinsics_vec256 *r2 = wv + 2U;
+    Lib_IntVector_Intrinsics_vec256 *r3 = wv + 3U;
+    Lib_IntVector_Intrinsics_vec256 v0 = r11[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v12 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v0, 3U);
+    r11[0U] = v12;
+    Lib_IntVector_Intrinsics_vec256 v03 = r2[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v13 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v03, 2U);
+    r2[0U] = v13;
+    Lib_IntVector_Intrinsics_vec256 v04 = r3[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v14 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v04, 1U);
+    r3[0U] = v14;);
+  Lib_IntVector_Intrinsics_vec256 *s0 = hash;
+  Lib_IntVector_Intrinsics_vec256 *s1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r0 = wv;
+  Lib_IntVector_Intrinsics_vec256 *r1 = wv + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r2 = wv + 2U;
+  Lib_IntVector_Intrinsics_vec256 *r3 = wv + 3U;
+  s0[0U] = Lib_IntVector_Intrinsics_vec256_xor(s0[0U], r0[0U]);
+  s0[0U] = Lib_IntVector_Intrinsics_vec256_xor(s0[0U], r2[0U]);
+  s1[0U] = Lib_IntVector_Intrinsics_vec256_xor(s1[0U], r1[0U]);
+  s1[0U] = Lib_IntVector_Intrinsics_vec256_xor(s1[0U], r3[0U]);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn)
+{
+  Lib_IntVector_Intrinsics_vec256 *r0 = hash;
+  Lib_IntVector_Intrinsics_vec256 *r1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r2 = hash + 2U;
+  Lib_IntVector_Intrinsics_vec256 *r3 = hash + 3U;
+  uint64_t iv0 = Hacl_Hash_Blake2s_ivTable_B[0U];
+  uint64_t iv1 = Hacl_Hash_Blake2s_ivTable_B[1U];
+  uint64_t iv2 = Hacl_Hash_Blake2s_ivTable_B[2U];
+  uint64_t iv3 = Hacl_Hash_Blake2s_ivTable_B[3U];
+  uint64_t iv4 = Hacl_Hash_Blake2s_ivTable_B[4U];
+  uint64_t iv5 = Hacl_Hash_Blake2s_ivTable_B[5U];
+  uint64_t iv6 = Hacl_Hash_Blake2s_ivTable_B[6U];
+  uint64_t iv7 = Hacl_Hash_Blake2s_ivTable_B[7U];
+  r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0, iv1, iv2, iv3);
+  r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7);
+  uint64_t kk_shift_8 = (uint64_t)kk << 8U;
+  uint64_t iv0_ = iv0 ^ (0x01010000ULL ^ (kk_shift_8 ^ (uint64_t)nn));
+  r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0_, iv1, iv2, iv3);
+  r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7);
+}
+
+static void
+update_key(
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  uint32_t kk,
+  uint8_t *k,
+  uint32_t ll
+)
+{
+  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)128U);
+  uint8_t b[128U] = { 0U };
+  memcpy(b, k, kk * sizeof (uint8_t));
+  if (ll == 0U)
+  {
+    update_block(wv, hash, true, lb, b);
+  }
+  else
+  {
+    update_block(wv, hash, false, lb, b);
+  }
+  Lib_Memzero0_memzero(b, 128U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_update_multi(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks,
+  uint32_t nb
+)
+{
+  KRML_MAYBE_UNUSED_VAR(len);
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    FStar_UInt128_uint128
+    totlen =
+      FStar_UInt128_add_mod(prev,
+        FStar_UInt128_uint64_to_uint128((uint64_t)((i + 1U) * 128U)));
+    uint8_t *b = blocks + i * 128U;
+    update_block(wv, hash, false, totlen, b);
+  }
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_update_last(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  FStar_UInt128_uint128 prev,
+  uint32_t rem,
+  uint8_t *d
+)
+{
+  uint8_t b[128U] = { 0U };
+  uint8_t *last = d + len - rem;
+  memcpy(b, last, rem * sizeof (uint8_t));
+  FStar_UInt128_uint128
+  totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
+  update_block(wv, hash, true, totlen, b);
+  Lib_Memzero0_memzero(b, 128U, uint8_t);
+}
+
+static inline void
+update_blocks(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks
+)
+{
+  uint32_t nb0 = len / 128U;
+  uint32_t rem0 = len % 128U;
+  uint32_t nb;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    nb = nb0 - 1U;
+  }
+  else
+  {
+    nb = nb0;
+  }
+  uint32_t rem;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    rem = 128U;
+  }
+  else
+  {
+    rem = rem0;
+  }
+  Hacl_Hash_Blake2b_Simd256_update_multi(len, wv, hash, prev, blocks, nb);
+  Hacl_Hash_Blake2b_Simd256_update_last(len, wv, hash, prev, rem, blocks);
+}
+
+static inline void
+update(
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  uint32_t kk,
+  uint8_t *k,
+  uint32_t ll,
+  uint8_t *d
+)
+{
+  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)128U);
+  if (kk > 0U)
+  {
+    update_key(wv, hash, kk, k, ll);
+    if (!(ll == 0U))
+    {
+      update_blocks(ll, wv, hash, lb, d);
+      return;
+    }
+    return;
+  }
+  update_blocks(ll, wv, hash, FStar_UInt128_uint64_to_uint128((uint64_t)0U), d);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_finish(
+  uint32_t nn,
+  uint8_t *output,
+  Lib_IntVector_Intrinsics_vec256 *hash
+)
+{
+  uint8_t b[64U] = { 0U };
+  uint8_t *first = b;
+  uint8_t *second = b + 32U;
+  Lib_IntVector_Intrinsics_vec256 *row0 = hash;
+  Lib_IntVector_Intrinsics_vec256 *row1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec256_store64_le(first, row0[0U]);
+  Lib_IntVector_Intrinsics_vec256_store64_le(second, row1[0U]);
+  uint8_t *final = b;
+  memcpy(output, final, nn * sizeof (uint8_t));
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_load_state256b_from_state32(
+  Lib_IntVector_Intrinsics_vec256 *st,
+  uint64_t *st32
+)
+{
+  Lib_IntVector_Intrinsics_vec256 *r0 = st;
+  Lib_IntVector_Intrinsics_vec256 *r1 = st + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r2 = st + 2U;
+  Lib_IntVector_Intrinsics_vec256 *r3 = st + 3U;
+  uint64_t *b0 = st32;
+  uint64_t *b1 = st32 + 4U;
+  uint64_t *b2 = st32 + 8U;
+  uint64_t *b3 = st32 + 12U;
+  r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b0[0U], b0[1U], b0[2U], b0[3U]);
+  r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b1[0U], b1[1U], b1[2U], b1[3U]);
+  r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b2[0U], b2[1U], b2[2U], b2[3U]);
+  r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b3[0U], b3[1U], b3[2U], b3[3U]);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_store_state256b_to_state32(
+  uint64_t *st32,
+  Lib_IntVector_Intrinsics_vec256 *st
+)
+{
+  Lib_IntVector_Intrinsics_vec256 *r0 = st;
+  Lib_IntVector_Intrinsics_vec256 *r1 = st + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r2 = st + 2U;
+  Lib_IntVector_Intrinsics_vec256 *r3 = st + 3U;
+  uint64_t *b0 = st32;
+  uint64_t *b1 = st32 + 4U;
+  uint64_t *b2 = st32 + 8U;
+  uint64_t *b3 = st32 + 12U;
+  uint8_t b8[32U] = { 0U };
+  Lib_IntVector_Intrinsics_vec256_store64_le(b8, r0[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = b0;
+    uint8_t *bj = b8 + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  uint8_t b80[32U] = { 0U };
+  Lib_IntVector_Intrinsics_vec256_store64_le(b80, r1[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = b1;
+    uint8_t *bj = b80 + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  uint8_t b81[32U] = { 0U };
+  Lib_IntVector_Intrinsics_vec256_store64_le(b81, r2[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = b2;
+    uint8_t *bj = b81 + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  uint8_t b82[32U] = { 0U };
+  Lib_IntVector_Intrinsics_vec256_store64_le(b82, r3[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = b3;
+    uint8_t *bj = b82 + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+}
+
+Lib_IntVector_Intrinsics_vec256 *Hacl_Hash_Blake2b_Simd256_malloc_with_key(void)
+{
+  Lib_IntVector_Intrinsics_vec256
+  *buf =
+    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
+      sizeof (Lib_IntVector_Intrinsics_vec256) * 4U);
+  memset(buf, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  return buf;
+}
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2b_Simd256_state_t *Hacl_Hash_Blake2b_Simd256_malloc(void)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  Lib_IntVector_Intrinsics_vec256
+  *wv =
+    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
+      sizeof (Lib_IntVector_Intrinsics_vec256) * 4U);
+  memset(wv, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Lib_IntVector_Intrinsics_vec256
+  *b =
+    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
+      sizeof (Lib_IntVector_Intrinsics_vec256) * 4U);
+  memset(b, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state = { .fst = wv, .snd = b };
+  Hacl_Hash_Blake2b_Simd256_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  Hacl_Hash_Blake2b_Simd256_state_t
+  *p =
+    (Hacl_Hash_Blake2b_Simd256_state_t *)KRML_HOST_MALLOC(sizeof (
+        Hacl_Hash_Blake2b_Simd256_state_t
+      ));
+  p[0U] = s;
+  Hacl_Hash_Blake2b_Simd256_init(block_state.snd, 0U, 64U);
+  return p;
+}
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2b_Simd256_reset(Hacl_Hash_Blake2b_Simd256_state_t *state)
+{
+  Hacl_Hash_Blake2b_Simd256_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state = scrut.block_state;
+  Hacl_Hash_Blake2b_Simd256_init(block_state.snd, 0U, 64U);
+  Hacl_Hash_Blake2b_Simd256_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
+}
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2b_Simd256_update(
+  Hacl_Hash_Blake2b_Simd256_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+)
+{
+  Hacl_Hash_Blake2b_Simd256_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
+  {
+    sz = 128U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)128U);
+  }
+  if (chunk_len <= 128U - sz)
+  {
+    Hacl_Hash_Blake2b_Simd256_state_t s1 = *state;
+    Hacl_Hash_Blake2b_Simd256_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_Hash_Blake2b_Simd256_state_t s1 = *state;
+    Hacl_Hash_Blake2b_Simd256_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
+      Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2b_Simd256_update_multi(128U,
+        wv,
+        hash,
+        FStar_UInt128_uint64_to_uint128(prevlen),
+        buf,
+        nb);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)128U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 128U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)128U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
+    Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
+    uint32_t nb = data1_len / 128U;
+    Hacl_Hash_Blake2b_Simd256_update_multi(data1_len,
+      wv,
+      hash,
+      FStar_UInt128_uint64_to_uint128(total_len1),
+      data1,
+      nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 128U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_Blake2b_Simd256_state_t s1 = *state;
+    Hacl_Hash_Blake2b_Simd256_block_state_t block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)128U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 128U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)128U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_Simd256_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2
+        }
+      );
+    Hacl_Hash_Blake2b_Simd256_state_t s10 = *state;
+    Hacl_Hash_Blake2b_Simd256_block_state_t block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
+      Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2b_Simd256_update_multi(128U,
+        wv,
+        hash,
+        FStar_UInt128_uint64_to_uint128(prevlen),
+        buf,
+        nb);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)128U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 128U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)128U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
+    Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
+    uint32_t nb = data1_len / 128U;
+    Hacl_Hash_Blake2b_Simd256_update_multi(data1_len,
+      wv,
+      hash,
+      FStar_UInt128_uint64_to_uint128(total_len1),
+      data1,
+      nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+/**
+  Finish function when there is no key
+*/
+void
+Hacl_Hash_Blake2b_Simd256_digest(Hacl_Hash_Blake2b_Simd256_state_t *state, uint8_t *output)
+{
+  Hacl_Hash_Blake2b_Simd256_state_t scrut = *state;
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint32_t r;
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
+  {
+    r = 128U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)128U);
+  }
+  uint8_t *buf_1 = buf_;
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv0[4U] KRML_POST_ALIGN(32) = { 0U };
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b[4U] KRML_POST_ALIGN(32) = { 0U };
+  Hacl_Hash_Blake2b_Simd256_block_state_t tmp_block_state = { .fst = wv0, .snd = b };
+  Lib_IntVector_Intrinsics_vec256 *src_b = block_state.snd;
+  Lib_IntVector_Intrinsics_vec256 *dst_b = tmp_block_state.snd;
+  memcpy(dst_b, src_b, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  uint64_t prev_len = total_len - (uint64_t)r;
+  uint32_t ite;
+  if (r % 128U == 0U && r > 0U)
+  {
+    ite = 128U;
+  }
+  else
+  {
+    ite = r % 128U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  Lib_IntVector_Intrinsics_vec256 *wv1 = tmp_block_state.fst;
+  Lib_IntVector_Intrinsics_vec256 *hash0 = tmp_block_state.snd;
+  uint32_t nb = 0U;
+  Hacl_Hash_Blake2b_Simd256_update_multi(0U,
+    wv1,
+    hash0,
+    FStar_UInt128_uint64_to_uint128(prev_len),
+    buf_multi,
+    nb);
+  uint64_t prev_len_last = total_len - (uint64_t)r;
+  Lib_IntVector_Intrinsics_vec256 *wv = tmp_block_state.fst;
+  Lib_IntVector_Intrinsics_vec256 *hash = tmp_block_state.snd;
+  Hacl_Hash_Blake2b_Simd256_update_last(r,
+    wv,
+    hash,
+    FStar_UInt128_uint64_to_uint128(prev_len_last),
+    r,
+    buf_last);
+  Hacl_Hash_Blake2b_Simd256_finish(64U, output, tmp_block_state.snd);
+}
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2b_Simd256_free(Hacl_Hash_Blake2b_Simd256_state_t *state)
+{
+  Hacl_Hash_Blake2b_Simd256_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state = scrut.block_state;
+  Lib_IntVector_Intrinsics_vec256 *wv = block_state.fst;
+  Lib_IntVector_Intrinsics_vec256 *b = block_state.snd;
+  KRML_ALIGNED_FREE(wv);
+  KRML_ALIGNED_FREE(b);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+/**
+Write the BLAKE2b digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2b_Simd256_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+)
+{
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b[4U] KRML_POST_ALIGN(32) = { 0U };
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b1[4U] KRML_POST_ALIGN(32) = { 0U };
+  Hacl_Hash_Blake2b_Simd256_init(b, key_len, output_len);
+  update(b1, b, key_len, key, input_len, input);
+  Hacl_Hash_Blake2b_Simd256_finish(output_len, output, b);
+  Lib_Memzero0_memzero(b1, 4U, Lib_IntVector_Intrinsics_vec256);
+  Lib_Memzero0_memzero(b, 4U, Lib_IntVector_Intrinsics_vec256);
+}
+
diff --git a/src/Hacl_Hash_Blake2s.c b/src/Hacl_Hash_Blake2s.c
new file mode 100644
index 00000000..652c3f33
--- /dev/null
+++ b/src/Hacl_Hash_Blake2s.c
@@ -0,0 +1,931 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_Hash_Blake2s.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
+
+static inline void
+update_block(uint32_t *wv, uint32_t *hash, bool flag, uint64_t totlen, uint8_t *d)
+{
+  uint32_t m_w[16U] = { 0U };
+  KRML_MAYBE_FOR16(i,
+    0U,
+    16U,
+    1U,
+    uint32_t *os = m_w;
+    uint8_t *bj = d + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  uint32_t mask[4U] = { 0U };
+  uint32_t wv_14;
+  if (flag)
+  {
+    wv_14 = 0xFFFFFFFFU;
+  }
+  else
+  {
+    wv_14 = 0U;
+  }
+  uint32_t wv_15 = 0U;
+  mask[0U] = (uint32_t)totlen;
+  mask[1U] = (uint32_t)(totlen >> 32U);
+  mask[2U] = wv_14;
+  mask[3U] = wv_15;
+  memcpy(wv, hash, 16U * sizeof (uint32_t));
+  uint32_t *wv3 = wv + 12U;
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = wv3;
+    uint32_t x = wv3[i] ^ mask[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR10(i0,
+    0U,
+    10U,
+    1U,
+    uint32_t start_idx = i0 % 10U * 16U;
+    uint32_t m_st[16U] = { 0U };
+    uint32_t *r0 = m_st;
+    uint32_t *r1 = m_st + 4U;
+    uint32_t *r20 = m_st + 8U;
+    uint32_t *r30 = m_st + 12U;
+    uint32_t s0 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 0U];
+    uint32_t s1 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 1U];
+    uint32_t s2 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 2U];
+    uint32_t s3 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 3U];
+    uint32_t s4 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 4U];
+    uint32_t s5 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 5U];
+    uint32_t s6 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 6U];
+    uint32_t s7 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 7U];
+    uint32_t s8 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 8U];
+    uint32_t s9 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 9U];
+    uint32_t s10 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 10U];
+    uint32_t s11 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 11U];
+    uint32_t s12 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 12U];
+    uint32_t s13 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 13U];
+    uint32_t s14 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 14U];
+    uint32_t s15 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 15U];
+    uint32_t uu____0 = m_w[s2];
+    uint32_t uu____1 = m_w[s4];
+    uint32_t uu____2 = m_w[s6];
+    r0[0U] = m_w[s0];
+    r0[1U] = uu____0;
+    r0[2U] = uu____1;
+    r0[3U] = uu____2;
+    uint32_t uu____3 = m_w[s3];
+    uint32_t uu____4 = m_w[s5];
+    uint32_t uu____5 = m_w[s7];
+    r1[0U] = m_w[s1];
+    r1[1U] = uu____3;
+    r1[2U] = uu____4;
+    r1[3U] = uu____5;
+    uint32_t uu____6 = m_w[s10];
+    uint32_t uu____7 = m_w[s12];
+    uint32_t uu____8 = m_w[s14];
+    r20[0U] = m_w[s8];
+    r20[1U] = uu____6;
+    r20[2U] = uu____7;
+    r20[3U] = uu____8;
+    uint32_t uu____9 = m_w[s11];
+    uint32_t uu____10 = m_w[s13];
+    uint32_t uu____11 = m_w[s15];
+    r30[0U] = m_w[s9];
+    r30[1U] = uu____9;
+    r30[2U] = uu____10;
+    r30[3U] = uu____11;
+    uint32_t *x = m_st;
+    uint32_t *y = m_st + 4U;
+    uint32_t *z = m_st + 8U;
+    uint32_t *w = m_st + 12U;
+    uint32_t a = 0U;
+    uint32_t b0 = 1U;
+    uint32_t c0 = 2U;
+    uint32_t d10 = 3U;
+    uint32_t *wv_a0 = wv + a * 4U;
+    uint32_t *wv_b0 = wv + b0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a0;
+      uint32_t x1 = wv_a0[i] + wv_b0[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a0;
+      uint32_t x1 = wv_a0[i] + x[i];
+      os[i] = x1;);
+    uint32_t *wv_a1 = wv + d10 * 4U;
+    uint32_t *wv_b1 = wv + a * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a1;
+      uint32_t x1 = wv_a1[i] ^ wv_b1[i];
+      os[i] = x1;);
+    uint32_t *r10 = wv_a1;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r10;
+      uint32_t x1 = r10[i];
+      uint32_t x10 = x1 >> 16U | x1 << 16U;
+      os[i] = x10;);
+    uint32_t *wv_a2 = wv + c0 * 4U;
+    uint32_t *wv_b2 = wv + d10 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a2;
+      uint32_t x1 = wv_a2[i] + wv_b2[i];
+      os[i] = x1;);
+    uint32_t *wv_a3 = wv + b0 * 4U;
+    uint32_t *wv_b3 = wv + c0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a3;
+      uint32_t x1 = wv_a3[i] ^ wv_b3[i];
+      os[i] = x1;);
+    uint32_t *r12 = wv_a3;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r12;
+      uint32_t x1 = r12[i];
+      uint32_t x10 = x1 >> 12U | x1 << 20U;
+      os[i] = x10;);
+    uint32_t *wv_a4 = wv + a * 4U;
+    uint32_t *wv_b4 = wv + b0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a4;
+      uint32_t x1 = wv_a4[i] + wv_b4[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a4;
+      uint32_t x1 = wv_a4[i] + y[i];
+      os[i] = x1;);
+    uint32_t *wv_a5 = wv + d10 * 4U;
+    uint32_t *wv_b5 = wv + a * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a5;
+      uint32_t x1 = wv_a5[i] ^ wv_b5[i];
+      os[i] = x1;);
+    uint32_t *r13 = wv_a5;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r13;
+      uint32_t x1 = r13[i];
+      uint32_t x10 = x1 >> 8U | x1 << 24U;
+      os[i] = x10;);
+    uint32_t *wv_a6 = wv + c0 * 4U;
+    uint32_t *wv_b6 = wv + d10 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a6;
+      uint32_t x1 = wv_a6[i] + wv_b6[i];
+      os[i] = x1;);
+    uint32_t *wv_a7 = wv + b0 * 4U;
+    uint32_t *wv_b7 = wv + c0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a7;
+      uint32_t x1 = wv_a7[i] ^ wv_b7[i];
+      os[i] = x1;);
+    uint32_t *r14 = wv_a7;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r14;
+      uint32_t x1 = r14[i];
+      uint32_t x10 = x1 >> 7U | x1 << 25U;
+      os[i] = x10;);
+    uint32_t *r15 = wv + 4U;
+    uint32_t *r21 = wv + 8U;
+    uint32_t *r31 = wv + 12U;
+    uint32_t *r110 = r15;
+    uint32_t x00 = r110[1U];
+    uint32_t x10 = r110[2U];
+    uint32_t x20 = r110[3U];
+    uint32_t x30 = r110[0U];
+    r110[0U] = x00;
+    r110[1U] = x10;
+    r110[2U] = x20;
+    r110[3U] = x30;
+    uint32_t *r111 = r21;
+    uint32_t x01 = r111[2U];
+    uint32_t x11 = r111[3U];
+    uint32_t x21 = r111[0U];
+    uint32_t x31 = r111[1U];
+    r111[0U] = x01;
+    r111[1U] = x11;
+    r111[2U] = x21;
+    r111[3U] = x31;
+    uint32_t *r112 = r31;
+    uint32_t x02 = r112[3U];
+    uint32_t x12 = r112[0U];
+    uint32_t x22 = r112[1U];
+    uint32_t x32 = r112[2U];
+    r112[0U] = x02;
+    r112[1U] = x12;
+    r112[2U] = x22;
+    r112[3U] = x32;
+    uint32_t a0 = 0U;
+    uint32_t b = 1U;
+    uint32_t c = 2U;
+    uint32_t d1 = 3U;
+    uint32_t *wv_a = wv + a0 * 4U;
+    uint32_t *wv_b8 = wv + b * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a;
+      uint32_t x1 = wv_a[i] + wv_b8[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a;
+      uint32_t x1 = wv_a[i] + z[i];
+      os[i] = x1;);
+    uint32_t *wv_a8 = wv + d1 * 4U;
+    uint32_t *wv_b9 = wv + a0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a8;
+      uint32_t x1 = wv_a8[i] ^ wv_b9[i];
+      os[i] = x1;);
+    uint32_t *r16 = wv_a8;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r16;
+      uint32_t x1 = r16[i];
+      uint32_t x13 = x1 >> 16U | x1 << 16U;
+      os[i] = x13;);
+    uint32_t *wv_a9 = wv + c * 4U;
+    uint32_t *wv_b10 = wv + d1 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a9;
+      uint32_t x1 = wv_a9[i] + wv_b10[i];
+      os[i] = x1;);
+    uint32_t *wv_a10 = wv + b * 4U;
+    uint32_t *wv_b11 = wv + c * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a10;
+      uint32_t x1 = wv_a10[i] ^ wv_b11[i];
+      os[i] = x1;);
+    uint32_t *r17 = wv_a10;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r17;
+      uint32_t x1 = r17[i];
+      uint32_t x13 = x1 >> 12U | x1 << 20U;
+      os[i] = x13;);
+    uint32_t *wv_a11 = wv + a0 * 4U;
+    uint32_t *wv_b12 = wv + b * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a11;
+      uint32_t x1 = wv_a11[i] + wv_b12[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a11;
+      uint32_t x1 = wv_a11[i] + w[i];
+      os[i] = x1;);
+    uint32_t *wv_a12 = wv + d1 * 4U;
+    uint32_t *wv_b13 = wv + a0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a12;
+      uint32_t x1 = wv_a12[i] ^ wv_b13[i];
+      os[i] = x1;);
+    uint32_t *r18 = wv_a12;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r18;
+      uint32_t x1 = r18[i];
+      uint32_t x13 = x1 >> 8U | x1 << 24U;
+      os[i] = x13;);
+    uint32_t *wv_a13 = wv + c * 4U;
+    uint32_t *wv_b14 = wv + d1 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a13;
+      uint32_t x1 = wv_a13[i] + wv_b14[i];
+      os[i] = x1;);
+    uint32_t *wv_a14 = wv + b * 4U;
+    uint32_t *wv_b = wv + c * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a14;
+      uint32_t x1 = wv_a14[i] ^ wv_b[i];
+      os[i] = x1;);
+    uint32_t *r19 = wv_a14;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r19;
+      uint32_t x1 = r19[i];
+      uint32_t x13 = x1 >> 7U | x1 << 25U;
+      os[i] = x13;);
+    uint32_t *r113 = wv + 4U;
+    uint32_t *r2 = wv + 8U;
+    uint32_t *r3 = wv + 12U;
+    uint32_t *r11 = r113;
+    uint32_t x03 = r11[3U];
+    uint32_t x13 = r11[0U];
+    uint32_t x23 = r11[1U];
+    uint32_t x33 = r11[2U];
+    r11[0U] = x03;
+    r11[1U] = x13;
+    r11[2U] = x23;
+    r11[3U] = x33;
+    uint32_t *r114 = r2;
+    uint32_t x04 = r114[2U];
+    uint32_t x14 = r114[3U];
+    uint32_t x24 = r114[0U];
+    uint32_t x34 = r114[1U];
+    r114[0U] = x04;
+    r114[1U] = x14;
+    r114[2U] = x24;
+    r114[3U] = x34;
+    uint32_t *r115 = r3;
+    uint32_t x0 = r115[1U];
+    uint32_t x1 = r115[2U];
+    uint32_t x2 = r115[3U];
+    uint32_t x3 = r115[0U];
+    r115[0U] = x0;
+    r115[1U] = x1;
+    r115[2U] = x2;
+    r115[3U] = x3;);
+  uint32_t *s0 = hash;
+  uint32_t *s1 = hash + 4U;
+  uint32_t *r0 = wv;
+  uint32_t *r1 = wv + 4U;
+  uint32_t *r2 = wv + 8U;
+  uint32_t *r3 = wv + 12U;
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = s0;
+    uint32_t x = s0[i] ^ r0[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = s0;
+    uint32_t x = s0[i] ^ r2[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = s1;
+    uint32_t x = s1[i] ^ r1[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = s1;
+    uint32_t x = s1[i] ^ r3[i];
+    os[i] = x;);
+}
+
+void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn)
+{
+  uint32_t *r0 = hash;
+  uint32_t *r1 = hash + 4U;
+  uint32_t *r2 = hash + 8U;
+  uint32_t *r3 = hash + 12U;
+  uint32_t iv0 = Hacl_Hash_Blake2s_ivTable_S[0U];
+  uint32_t iv1 = Hacl_Hash_Blake2s_ivTable_S[1U];
+  uint32_t iv2 = Hacl_Hash_Blake2s_ivTable_S[2U];
+  uint32_t iv3 = Hacl_Hash_Blake2s_ivTable_S[3U];
+  uint32_t iv4 = Hacl_Hash_Blake2s_ivTable_S[4U];
+  uint32_t iv5 = Hacl_Hash_Blake2s_ivTable_S[5U];
+  uint32_t iv6 = Hacl_Hash_Blake2s_ivTable_S[6U];
+  uint32_t iv7 = Hacl_Hash_Blake2s_ivTable_S[7U];
+  r2[0U] = iv0;
+  r2[1U] = iv1;
+  r2[2U] = iv2;
+  r2[3U] = iv3;
+  r3[0U] = iv4;
+  r3[1U] = iv5;
+  r3[2U] = iv6;
+  r3[3U] = iv7;
+  uint32_t kk_shift_8 = kk << 8U;
+  uint32_t iv0_ = iv0 ^ (0x01010000U ^ (kk_shift_8 ^ nn));
+  r0[0U] = iv0_;
+  r0[1U] = iv1;
+  r0[2U] = iv2;
+  r0[3U] = iv3;
+  r1[0U] = iv4;
+  r1[1U] = iv5;
+  r1[2U] = iv6;
+  r1[3U] = iv7;
+}
+
+static void update_key(uint32_t *wv, uint32_t *hash, uint32_t kk, uint8_t *k, uint32_t ll)
+{
+  uint64_t lb = (uint64_t)64U;
+  uint8_t b[64U] = { 0U };
+  memcpy(b, k, kk * sizeof (uint8_t));
+  if (ll == 0U)
+  {
+    update_block(wv, hash, true, lb, b);
+  }
+  else
+  {
+    update_block(wv, hash, false, lb, b);
+  }
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2s_update_multi(
+  uint32_t len,
+  uint32_t *wv,
+  uint32_t *hash,
+  uint64_t prev,
+  uint8_t *blocks,
+  uint32_t nb
+)
+{
+  KRML_MAYBE_UNUSED_VAR(len);
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    uint64_t totlen = prev + (uint64_t)((i + 1U) * 64U);
+    uint8_t *b = blocks + i * 64U;
+    update_block(wv, hash, false, totlen, b);
+  }
+}
+
+void
+Hacl_Hash_Blake2s_update_last(
+  uint32_t len,
+  uint32_t *wv,
+  uint32_t *hash,
+  uint64_t prev,
+  uint32_t rem,
+  uint8_t *d
+)
+{
+  uint8_t b[64U] = { 0U };
+  uint8_t *last = d + len - rem;
+  memcpy(b, last, rem * sizeof (uint8_t));
+  uint64_t totlen = prev + (uint64_t)len;
+  update_block(wv, hash, true, totlen, b);
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+static void
+update_blocks(uint32_t len, uint32_t *wv, uint32_t *hash, uint64_t prev, uint8_t *blocks)
+{
+  uint32_t nb0 = len / 64U;
+  uint32_t rem0 = len % 64U;
+  uint32_t nb;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    nb = nb0 - 1U;
+  }
+  else
+  {
+    nb = nb0;
+  }
+  uint32_t rem;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    rem = 64U;
+  }
+  else
+  {
+    rem = rem0;
+  }
+  Hacl_Hash_Blake2s_update_multi(len, wv, hash, prev, blocks, nb);
+  Hacl_Hash_Blake2s_update_last(len, wv, hash, prev, rem, blocks);
+}
+
+static inline void
+update(uint32_t *wv, uint32_t *hash, uint32_t kk, uint8_t *k, uint32_t ll, uint8_t *d)
+{
+  uint64_t lb = (uint64_t)64U;
+  if (kk > 0U)
+  {
+    update_key(wv, hash, kk, k, ll);
+    if (!(ll == 0U))
+    {
+      update_blocks(ll, wv, hash, lb, d);
+      return;
+    }
+    return;
+  }
+  update_blocks(ll, wv, hash, (uint64_t)0U, d);
+}
+
+void Hacl_Hash_Blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash)
+{
+  uint8_t b[32U] = { 0U };
+  uint8_t *first = b;
+  uint8_t *second = b + 16U;
+  uint32_t *row0 = hash;
+  uint32_t *row1 = hash + 4U;
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store32_le(first + i * 4U, row0[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store32_le(second + i * 4U, row1[i]););
+  uint8_t *final = b;
+  memcpy(output, final, nn * sizeof (uint8_t));
+  Lib_Memzero0_memzero(b, 32U, uint8_t);
+}
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2s_state_t *Hacl_Hash_Blake2s_malloc(void)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *wv = (uint32_t *)KRML_HOST_CALLOC(16U, sizeof (uint32_t));
+  uint32_t *b = (uint32_t *)KRML_HOST_CALLOC(16U, sizeof (uint32_t));
+  Hacl_Hash_Blake2s_block_state_t block_state = { .fst = wv, .snd = b };
+  Hacl_Hash_Blake2s_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  Hacl_Hash_Blake2s_state_t
+  *p = (Hacl_Hash_Blake2s_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_Blake2s_state_t));
+  p[0U] = s;
+  Hacl_Hash_Blake2s_init(block_state.snd, 0U, 32U);
+  return p;
+}
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2s_reset(Hacl_Hash_Blake2s_state_t *state)
+{
+  Hacl_Hash_Blake2s_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2s_block_state_t block_state = scrut.block_state;
+  Hacl_Hash_Blake2s_init(block_state.snd, 0U, 32U);
+  Hacl_Hash_Blake2s_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
+}
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint32_t chunk_len)
+{
+  Hacl_Hash_Blake2s_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    sz = 64U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  if (chunk_len <= 64U - sz)
+  {
+    Hacl_Hash_Blake2s_state_t s1 = *state;
+    Hacl_Hash_Blake2s_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_Hash_Blake2s_state_t s1 = *state;
+    Hacl_Hash_Blake2s_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      uint32_t *wv = block_state1.fst;
+      uint32_t *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2s_update_multi(64U, wv, hash, prevlen, buf, nb);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    uint32_t *wv = block_state1.fst;
+    uint32_t *hash = block_state1.snd;
+    uint32_t nb = data1_len / 64U;
+    Hacl_Hash_Blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_Blake2s_state_t s1 = *state;
+    Hacl_Hash_Blake2s_block_state_t block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 64U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2
+        }
+      );
+    Hacl_Hash_Blake2s_state_t s10 = *state;
+    Hacl_Hash_Blake2s_block_state_t block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      uint32_t *wv = block_state1.fst;
+      uint32_t *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2s_update_multi(64U, wv, hash, prevlen, buf, nb);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    uint32_t *wv = block_state1.fst;
+    uint32_t *hash = block_state1.snd;
+    uint32_t nb = data1_len / 64U;
+    Hacl_Hash_Blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+/**
+  Finish function when there is no key
+*/
+void Hacl_Hash_Blake2s_digest(Hacl_Hash_Blake2s_state_t *state, uint8_t *output)
+{
+  Hacl_Hash_Blake2s_state_t scrut = *state;
+  Hacl_Hash_Blake2s_block_state_t block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint32_t r;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    r = 64U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  uint8_t *buf_1 = buf_;
+  uint32_t wv0[16U] = { 0U };
+  uint32_t b[16U] = { 0U };
+  Hacl_Hash_Blake2s_block_state_t tmp_block_state = { .fst = wv0, .snd = b };
+  uint32_t *src_b = block_state.snd;
+  uint32_t *dst_b = tmp_block_state.snd;
+  memcpy(dst_b, src_b, 16U * sizeof (uint32_t));
+  uint64_t prev_len = total_len - (uint64_t)r;
+  uint32_t ite;
+  if (r % 64U == 0U && r > 0U)
+  {
+    ite = 64U;
+  }
+  else
+  {
+    ite = r % 64U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  uint32_t *wv1 = tmp_block_state.fst;
+  uint32_t *hash0 = tmp_block_state.snd;
+  uint32_t nb = 0U;
+  Hacl_Hash_Blake2s_update_multi(0U, wv1, hash0, prev_len, buf_multi, nb);
+  uint64_t prev_len_last = total_len - (uint64_t)r;
+  uint32_t *wv = tmp_block_state.fst;
+  uint32_t *hash = tmp_block_state.snd;
+  Hacl_Hash_Blake2s_update_last(r, wv, hash, prev_len_last, r, buf_last);
+  Hacl_Hash_Blake2s_finish(32U, output, tmp_block_state.snd);
+}
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2s_free(Hacl_Hash_Blake2s_state_t *state)
+{
+  Hacl_Hash_Blake2s_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2s_block_state_t block_state = scrut.block_state;
+  uint32_t *wv = block_state.fst;
+  uint32_t *b = block_state.snd;
+  KRML_HOST_FREE(wv);
+  KRML_HOST_FREE(b);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+/**
+Write the BLAKE2s digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2s_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+)
+{
+  uint32_t b[16U] = { 0U };
+  uint32_t b1[16U] = { 0U };
+  Hacl_Hash_Blake2s_init(b, key_len, output_len);
+  update(b1, b, key_len, key, input_len, input);
+  Hacl_Hash_Blake2s_finish(output_len, output, b);
+  Lib_Memzero0_memzero(b1, 16U, uint32_t);
+  Lib_Memzero0_memzero(b, 16U, uint32_t);
+}
+
diff --git a/src/Hacl_Hash_Blake2s_128.c b/src/Hacl_Hash_Blake2s_128.c
deleted file mode 100644
index 86c4f030..00000000
--- a/src/Hacl_Hash_Blake2s_128.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Hash_Blake2s_128.h"
-
-#include "internal/Hacl_Impl_Blake2_Constants.h"
-#include "internal/Hacl_Hash_Blake2.h"
-#include "lib_memzero0.h"
-
-static inline void
-blake2s_update_block(
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  bool flag,
-  uint64_t totlen,
-  uint8_t *d
-)
-{
-  uint32_t m_w[16U] = { 0U };
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint32_t *os = m_w;
-    uint8_t *bj = d + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_zero;
-  uint32_t wv_14;
-  if (flag)
-  {
-    wv_14 = (uint32_t)0xFFFFFFFFU;
-  }
-  else
-  {
-    wv_14 = (uint32_t)0U;
-  }
-  uint32_t wv_15 = (uint32_t)0U;
-  mask =
-    Lib_IntVector_Intrinsics_vec128_load32s((uint32_t)totlen,
-      (uint32_t)(totlen >> (uint32_t)32U),
-      wv_14,
-      wv_15);
-  memcpy(wv, hash, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Lib_IntVector_Intrinsics_vec128 *wv3 = wv + (uint32_t)3U;
-  wv3[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv3[0U], mask);
-  KRML_MAYBE_FOR10(i,
-    (uint32_t)0U,
-    (uint32_t)10U,
-    (uint32_t)1U,
-    uint32_t start_idx = i % (uint32_t)10U * (uint32_t)16U;
-    KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 m_st[4U] KRML_POST_ALIGN(16) = { 0U };
-    Lib_IntVector_Intrinsics_vec128 *r0 = m_st;
-    Lib_IntVector_Intrinsics_vec128 *r1 = m_st + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *r20 = m_st + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec128 *r30 = m_st + (uint32_t)3U;
-    uint32_t s0 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)0U];
-    uint32_t s1 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)1U];
-    uint32_t s2 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)2U];
-    uint32_t s3 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)3U];
-    uint32_t s4 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)4U];
-    uint32_t s5 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)5U];
-    uint32_t s6 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)6U];
-    uint32_t s7 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)7U];
-    uint32_t s8 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)8U];
-    uint32_t s9 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)9U];
-    uint32_t s10 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)10U];
-    uint32_t s11 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)11U];
-    uint32_t s12 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)12U];
-    uint32_t s13 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)13U];
-    uint32_t s14 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)14U];
-    uint32_t s15 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)15U];
-    r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s0], m_w[s2], m_w[s4], m_w[s6]);
-    r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s1], m_w[s3], m_w[s5], m_w[s7]);
-    r20[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s8], m_w[s10], m_w[s12], m_w[s14]);
-    r30[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s9], m_w[s11], m_w[s13], m_w[s15]);
-    Lib_IntVector_Intrinsics_vec128 *x = m_st;
-    Lib_IntVector_Intrinsics_vec128 *y = m_st + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *z = m_st + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec128 *w = m_st + (uint32_t)3U;
-    uint32_t a = (uint32_t)0U;
-    uint32_t b0 = (uint32_t)1U;
-    uint32_t c0 = (uint32_t)2U;
-    uint32_t d10 = (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec128 *wv_a0 = wv + a * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b0 = wv + b0 * (uint32_t)1U;
-    wv_a0[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a0[0U], wv_b0[0U]);
-    wv_a0[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a0[0U], x[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a1 = wv + d10 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b1 = wv + a * (uint32_t)1U;
-    wv_a1[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a1[0U], wv_b1[0U]);
-    wv_a1[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a1[0U], (uint32_t)16U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a2 = wv + c0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b2 = wv + d10 * (uint32_t)1U;
-    wv_a2[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a2[0U], wv_b2[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a3 = wv + b0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b3 = wv + c0 * (uint32_t)1U;
-    wv_a3[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a3[0U], wv_b3[0U]);
-    wv_a3[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a3[0U], (uint32_t)12U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a4 = wv + a * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b4 = wv + b0 * (uint32_t)1U;
-    wv_a4[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a4[0U], wv_b4[0U]);
-    wv_a4[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a4[0U], y[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a5 = wv + d10 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b5 = wv + a * (uint32_t)1U;
-    wv_a5[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a5[0U], wv_b5[0U]);
-    wv_a5[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a5[0U], (uint32_t)8U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a6 = wv + c0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b6 = wv + d10 * (uint32_t)1U;
-    wv_a6[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a6[0U], wv_b6[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a7 = wv + b0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b7 = wv + c0 * (uint32_t)1U;
-    wv_a7[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a7[0U], wv_b7[0U]);
-    wv_a7[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a7[0U], (uint32_t)7U);
-    Lib_IntVector_Intrinsics_vec128 *r10 = wv + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *r21 = wv + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec128 *r31 = wv + (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec128 v00 = r10[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v1 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v00, (uint32_t)1U);
-    r10[0U] = v1;
-    Lib_IntVector_Intrinsics_vec128 v01 = r21[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v10 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v01, (uint32_t)2U);
-    r21[0U] = v10;
-    Lib_IntVector_Intrinsics_vec128 v02 = r31[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v11 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v02, (uint32_t)3U);
-    r31[0U] = v11;
-    uint32_t a0 = (uint32_t)0U;
-    uint32_t b = (uint32_t)1U;
-    uint32_t c = (uint32_t)2U;
-    uint32_t d1 = (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec128 *wv_a = wv + a0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b8 = wv + b * (uint32_t)1U;
-    wv_a[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a[0U], wv_b8[0U]);
-    wv_a[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a[0U], z[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a8 = wv + d1 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b9 = wv + a0 * (uint32_t)1U;
-    wv_a8[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a8[0U], wv_b9[0U]);
-    wv_a8[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a8[0U], (uint32_t)16U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a9 = wv + c * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b10 = wv + d1 * (uint32_t)1U;
-    wv_a9[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a9[0U], wv_b10[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a10 = wv + b * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b11 = wv + c * (uint32_t)1U;
-    wv_a10[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a10[0U], wv_b11[0U]);
-    wv_a10[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a10[0U], (uint32_t)12U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a11 = wv + a0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b12 = wv + b * (uint32_t)1U;
-    wv_a11[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a11[0U], wv_b12[0U]);
-    wv_a11[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a11[0U], w[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a12 = wv + d1 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b13 = wv + a0 * (uint32_t)1U;
-    wv_a12[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a12[0U], wv_b13[0U]);
-    wv_a12[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a12[0U], (uint32_t)8U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a13 = wv + c * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b14 = wv + d1 * (uint32_t)1U;
-    wv_a13[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a13[0U], wv_b14[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a14 = wv + b * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b = wv + c * (uint32_t)1U;
-    wv_a14[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a14[0U], wv_b[0U]);
-    wv_a14[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a14[0U], (uint32_t)7U);
-    Lib_IntVector_Intrinsics_vec128 *r11 = wv + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *r2 = wv + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec128 *r3 = wv + (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec128 v0 = r11[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v12 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v0, (uint32_t)3U);
-    r11[0U] = v12;
-    Lib_IntVector_Intrinsics_vec128 v03 = r2[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v13 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v03, (uint32_t)2U);
-    r2[0U] = v13;
-    Lib_IntVector_Intrinsics_vec128 v04 = r3[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v14 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v04, (uint32_t)1U);
-    r3[0U] = v14;);
-  Lib_IntVector_Intrinsics_vec128 *s0 = hash;
-  Lib_IntVector_Intrinsics_vec128 *s1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r0 = wv;
-  Lib_IntVector_Intrinsics_vec128 *r1 = wv + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r2 = wv + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec128 *r3 = wv + (uint32_t)3U;
-  s0[0U] = Lib_IntVector_Intrinsics_vec128_xor(s0[0U], r0[0U]);
-  s0[0U] = Lib_IntVector_Intrinsics_vec128_xor(s0[0U], r2[0U]);
-  s1[0U] = Lib_IntVector_Intrinsics_vec128_xor(s1[0U], r1[0U]);
-  s1[0U] = Lib_IntVector_Intrinsics_vec128_xor(s1[0U], r3[0U]);
-}
-
-void
-Hacl_Blake2s_128_blake2s_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn)
-{
-  Lib_IntVector_Intrinsics_vec128 *r0 = hash;
-  Lib_IntVector_Intrinsics_vec128 *r1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r2 = hash + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec128 *r3 = hash + (uint32_t)3U;
-  uint32_t iv0 = Hacl_Impl_Blake2_Constants_ivTable_S[0U];
-  uint32_t iv1 = Hacl_Impl_Blake2_Constants_ivTable_S[1U];
-  uint32_t iv2 = Hacl_Impl_Blake2_Constants_ivTable_S[2U];
-  uint32_t iv3 = Hacl_Impl_Blake2_Constants_ivTable_S[3U];
-  uint32_t iv4 = Hacl_Impl_Blake2_Constants_ivTable_S[4U];
-  uint32_t iv5 = Hacl_Impl_Blake2_Constants_ivTable_S[5U];
-  uint32_t iv6 = Hacl_Impl_Blake2_Constants_ivTable_S[6U];
-  uint32_t iv7 = Hacl_Impl_Blake2_Constants_ivTable_S[7U];
-  r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0, iv1, iv2, iv3);
-  r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7);
-  uint32_t kk_shift_8 = kk << (uint32_t)8U;
-  uint32_t iv0_ = iv0 ^ ((uint32_t)0x01010000U ^ (kk_shift_8 ^ nn));
-  r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0_, iv1, iv2, iv3);
-  r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7);
-}
-
-void
-Hacl_Blake2s_128_blake2s_update_key(
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-)
-{
-  uint64_t lb = (uint64_t)(uint32_t)64U;
-  uint8_t b[64U] = { 0U };
-  memcpy(b, k, kk * sizeof (uint8_t));
-  if (ll == (uint32_t)0U)
-  {
-    blake2s_update_block(wv, hash, true, lb, b);
-  }
-  else
-  {
-    blake2s_update_block(wv, hash, false, lb, b);
-  }
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-void
-Hacl_Blake2s_128_blake2s_update_multi(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint64_t prev,
-  uint8_t *blocks,
-  uint32_t nb
-)
-{
-  KRML_HOST_IGNORE(len);
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
-    uint8_t *b = blocks + i * (uint32_t)64U;
-    blake2s_update_block(wv, hash, false, totlen, b);
-  }
-}
-
-void
-Hacl_Blake2s_128_blake2s_update_last(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint64_t prev,
-  uint32_t rem,
-  uint8_t *d
-)
-{
-  uint8_t b[64U] = { 0U };
-  uint8_t *last = d + len - rem;
-  memcpy(b, last, rem * sizeof (uint8_t));
-  uint64_t totlen = prev + (uint64_t)len;
-  blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-static inline void
-blake2s_update_blocks(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint64_t prev,
-  uint8_t *blocks
-)
-{
-  uint32_t nb0 = len / (uint32_t)64U;
-  uint32_t rem0 = len % (uint32_t)64U;
-  K___uint32_t_uint32_t scrut;
-  if (rem0 == (uint32_t)0U && nb0 > (uint32_t)0U)
-  {
-    uint32_t nb_ = nb0 - (uint32_t)1U;
-    uint32_t rem_ = (uint32_t)64U;
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb_, .snd = rem_ });
-  }
-  else
-  {
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb0, .snd = rem0 });
-  }
-  uint32_t nb = scrut.fst;
-  uint32_t rem = scrut.snd;
-  Hacl_Blake2s_128_blake2s_update_multi(len, wv, hash, prev, blocks, nb);
-  Hacl_Blake2s_128_blake2s_update_last(len, wv, hash, prev, rem, blocks);
-}
-
-static inline void
-blake2s_update(
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll,
-  uint8_t *d
-)
-{
-  uint64_t lb = (uint64_t)(uint32_t)64U;
-  if (kk > (uint32_t)0U)
-  {
-    Hacl_Blake2s_128_blake2s_update_key(wv, hash, kk, k, ll);
-    if (!(ll == (uint32_t)0U))
-    {
-      blake2s_update_blocks(ll, wv, hash, lb, d);
-      return;
-    }
-    return;
-  }
-  blake2s_update_blocks(ll, wv, hash, (uint64_t)(uint32_t)0U, d);
-}
-
-void
-Hacl_Blake2s_128_blake2s_finish(
-  uint32_t nn,
-  uint8_t *output,
-  Lib_IntVector_Intrinsics_vec128 *hash
-)
-{
-  uint8_t b[32U] = { 0U };
-  uint8_t *first = b;
-  uint8_t *second = b + (uint32_t)16U;
-  Lib_IntVector_Intrinsics_vec128 *row0 = hash;
-  Lib_IntVector_Intrinsics_vec128 *row1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128_store32_le(first, row0[0U]);
-  Lib_IntVector_Intrinsics_vec128_store32_le(second, row1[0U]);
-  uint8_t *final = b;
-  memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
-}
-
-/**
-Write the BLAKE2s digest of message `d` using key `k` into `output`.
-
-@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2s_128_blake2s(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-)
-{
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b[4U] KRML_POST_ALIGN(16) = { 0U };
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b1[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_init(b, kk, nn);
-  blake2s_update(b1, b, kk, k, ll, d);
-  Hacl_Blake2s_128_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
-  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
-}
-
-void
-Hacl_Blake2s_128_store_state128s_to_state32(
-  uint32_t *st32,
-  Lib_IntVector_Intrinsics_vec128 *st
-)
-{
-  Lib_IntVector_Intrinsics_vec128 *r0 = st;
-  Lib_IntVector_Intrinsics_vec128 *r1 = st + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r2 = st + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec128 *r3 = st + (uint32_t)3U;
-  uint32_t *b0 = st32;
-  uint32_t *b1 = st32 + (uint32_t)4U;
-  uint32_t *b2 = st32 + (uint32_t)8U;
-  uint32_t *b3 = st32 + (uint32_t)12U;
-  uint8_t b8[16U] = { 0U };
-  Lib_IntVector_Intrinsics_vec128_store32_le(b8, r0[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = b0;
-    uint8_t *bj = b8 + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  uint8_t b80[16U] = { 0U };
-  Lib_IntVector_Intrinsics_vec128_store32_le(b80, r1[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = b1;
-    uint8_t *bj = b80 + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  uint8_t b81[16U] = { 0U };
-  Lib_IntVector_Intrinsics_vec128_store32_le(b81, r2[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = b2;
-    uint8_t *bj = b81 + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  uint8_t b82[16U] = { 0U };
-  Lib_IntVector_Intrinsics_vec128_store32_le(b82, r3[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = b3;
-    uint8_t *bj = b82 + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-}
-
-void
-Hacl_Blake2s_128_load_state128s_from_state32(
-  Lib_IntVector_Intrinsics_vec128 *st,
-  uint32_t *st32
-)
-{
-  Lib_IntVector_Intrinsics_vec128 *r0 = st;
-  Lib_IntVector_Intrinsics_vec128 *r1 = st + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r2 = st + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec128 *r3 = st + (uint32_t)3U;
-  uint32_t *b0 = st32;
-  uint32_t *b1 = st32 + (uint32_t)4U;
-  uint32_t *b2 = st32 + (uint32_t)8U;
-  uint32_t *b3 = st32 + (uint32_t)12U;
-  r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b0[0U], b0[1U], b0[2U], b0[3U]);
-  r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b1[0U], b1[1U], b1[2U], b1[3U]);
-  r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b2[0U], b2[1U], b2[2U], b2[3U]);
-  r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b3[0U], b3[1U], b3[2U], b3[3U]);
-}
-
-Lib_IntVector_Intrinsics_vec128 *Hacl_Blake2s_128_blake2s_malloc(void)
-{
-  Lib_IntVector_Intrinsics_vec128
-  *buf =
-    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
-      sizeof (Lib_IntVector_Intrinsics_vec128) * (uint32_t)4U);
-  memset(buf, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  return buf;
-}
-
diff --git a/src/Hacl_Hash_Blake2s_Simd128.c b/src/Hacl_Hash_Blake2s_Simd128.c
new file mode 100644
index 00000000..73f0cccb
--- /dev/null
+++ b/src/Hacl_Hash_Blake2s_Simd128.c
@@ -0,0 +1,794 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_Hash_Blake2s_Simd128.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
+
+static inline void
+update_block(
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  bool flag,
+  uint64_t totlen,
+  uint8_t *d
+)
+{
+  uint32_t m_w[16U] = { 0U };
+  KRML_MAYBE_FOR16(i,
+    0U,
+    16U,
+    1U,
+    uint32_t *os = m_w;
+    uint8_t *bj = d + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_zero;
+  uint32_t wv_14;
+  if (flag)
+  {
+    wv_14 = 0xFFFFFFFFU;
+  }
+  else
+  {
+    wv_14 = 0U;
+  }
+  uint32_t wv_15 = 0U;
+  mask =
+    Lib_IntVector_Intrinsics_vec128_load32s((uint32_t)totlen,
+      (uint32_t)(totlen >> 32U),
+      wv_14,
+      wv_15);
+  memcpy(wv, hash, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Lib_IntVector_Intrinsics_vec128 *wv3 = wv + 3U;
+  wv3[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv3[0U], mask);
+  KRML_MAYBE_FOR10(i,
+    0U,
+    10U,
+    1U,
+    uint32_t start_idx = i % 10U * 16U;
+    KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 m_st[4U] KRML_POST_ALIGN(16) = { 0U };
+    Lib_IntVector_Intrinsics_vec128 *r0 = m_st;
+    Lib_IntVector_Intrinsics_vec128 *r1 = m_st + 1U;
+    Lib_IntVector_Intrinsics_vec128 *r20 = m_st + 2U;
+    Lib_IntVector_Intrinsics_vec128 *r30 = m_st + 3U;
+    uint32_t s0 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 0U];
+    uint32_t s1 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 1U];
+    uint32_t s2 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 2U];
+    uint32_t s3 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 3U];
+    uint32_t s4 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 4U];
+    uint32_t s5 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 5U];
+    uint32_t s6 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 6U];
+    uint32_t s7 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 7U];
+    uint32_t s8 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 8U];
+    uint32_t s9 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 9U];
+    uint32_t s10 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 10U];
+    uint32_t s11 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 11U];
+    uint32_t s12 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 12U];
+    uint32_t s13 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 13U];
+    uint32_t s14 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 14U];
+    uint32_t s15 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 15U];
+    r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s0], m_w[s2], m_w[s4], m_w[s6]);
+    r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s1], m_w[s3], m_w[s5], m_w[s7]);
+    r20[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s8], m_w[s10], m_w[s12], m_w[s14]);
+    r30[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s9], m_w[s11], m_w[s13], m_w[s15]);
+    Lib_IntVector_Intrinsics_vec128 *x = m_st;
+    Lib_IntVector_Intrinsics_vec128 *y = m_st + 1U;
+    Lib_IntVector_Intrinsics_vec128 *z = m_st + 2U;
+    Lib_IntVector_Intrinsics_vec128 *w = m_st + 3U;
+    uint32_t a = 0U;
+    uint32_t b0 = 1U;
+    uint32_t c0 = 2U;
+    uint32_t d10 = 3U;
+    Lib_IntVector_Intrinsics_vec128 *wv_a0 = wv + a * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b0 = wv + b0 * 1U;
+    wv_a0[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a0[0U], wv_b0[0U]);
+    wv_a0[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a0[0U], x[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a1 = wv + d10 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b1 = wv + a * 1U;
+    wv_a1[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a1[0U], wv_b1[0U]);
+    wv_a1[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a1[0U], 16U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a2 = wv + c0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b2 = wv + d10 * 1U;
+    wv_a2[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a2[0U], wv_b2[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a3 = wv + b0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b3 = wv + c0 * 1U;
+    wv_a3[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a3[0U], wv_b3[0U]);
+    wv_a3[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a3[0U], 12U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a4 = wv + a * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b4 = wv + b0 * 1U;
+    wv_a4[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a4[0U], wv_b4[0U]);
+    wv_a4[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a4[0U], y[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a5 = wv + d10 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b5 = wv + a * 1U;
+    wv_a5[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a5[0U], wv_b5[0U]);
+    wv_a5[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a5[0U], 8U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a6 = wv + c0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b6 = wv + d10 * 1U;
+    wv_a6[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a6[0U], wv_b6[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a7 = wv + b0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b7 = wv + c0 * 1U;
+    wv_a7[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a7[0U], wv_b7[0U]);
+    wv_a7[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a7[0U], 7U);
+    Lib_IntVector_Intrinsics_vec128 *r10 = wv + 1U;
+    Lib_IntVector_Intrinsics_vec128 *r21 = wv + 2U;
+    Lib_IntVector_Intrinsics_vec128 *r31 = wv + 3U;
+    Lib_IntVector_Intrinsics_vec128 v00 = r10[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v1 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v00, 1U);
+    r10[0U] = v1;
+    Lib_IntVector_Intrinsics_vec128 v01 = r21[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v10 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v01, 2U);
+    r21[0U] = v10;
+    Lib_IntVector_Intrinsics_vec128 v02 = r31[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v11 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v02, 3U);
+    r31[0U] = v11;
+    uint32_t a0 = 0U;
+    uint32_t b = 1U;
+    uint32_t c = 2U;
+    uint32_t d1 = 3U;
+    Lib_IntVector_Intrinsics_vec128 *wv_a = wv + a0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b8 = wv + b * 1U;
+    wv_a[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a[0U], wv_b8[0U]);
+    wv_a[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a[0U], z[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a8 = wv + d1 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b9 = wv + a0 * 1U;
+    wv_a8[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a8[0U], wv_b9[0U]);
+    wv_a8[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a8[0U], 16U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a9 = wv + c * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b10 = wv + d1 * 1U;
+    wv_a9[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a9[0U], wv_b10[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a10 = wv + b * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b11 = wv + c * 1U;
+    wv_a10[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a10[0U], wv_b11[0U]);
+    wv_a10[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a10[0U], 12U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a11 = wv + a0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b12 = wv + b * 1U;
+    wv_a11[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a11[0U], wv_b12[0U]);
+    wv_a11[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a11[0U], w[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a12 = wv + d1 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b13 = wv + a0 * 1U;
+    wv_a12[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a12[0U], wv_b13[0U]);
+    wv_a12[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a12[0U], 8U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a13 = wv + c * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b14 = wv + d1 * 1U;
+    wv_a13[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a13[0U], wv_b14[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a14 = wv + b * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b = wv + c * 1U;
+    wv_a14[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a14[0U], wv_b[0U]);
+    wv_a14[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a14[0U], 7U);
+    Lib_IntVector_Intrinsics_vec128 *r11 = wv + 1U;
+    Lib_IntVector_Intrinsics_vec128 *r2 = wv + 2U;
+    Lib_IntVector_Intrinsics_vec128 *r3 = wv + 3U;
+    Lib_IntVector_Intrinsics_vec128 v0 = r11[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v12 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v0, 3U);
+    r11[0U] = v12;
+    Lib_IntVector_Intrinsics_vec128 v03 = r2[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v13 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v03, 2U);
+    r2[0U] = v13;
+    Lib_IntVector_Intrinsics_vec128 v04 = r3[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v14 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v04, 1U);
+    r3[0U] = v14;);
+  Lib_IntVector_Intrinsics_vec128 *s0 = hash;
+  Lib_IntVector_Intrinsics_vec128 *s1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r0 = wv;
+  Lib_IntVector_Intrinsics_vec128 *r1 = wv + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = wv + 2U;
+  Lib_IntVector_Intrinsics_vec128 *r3 = wv + 3U;
+  s0[0U] = Lib_IntVector_Intrinsics_vec128_xor(s0[0U], r0[0U]);
+  s0[0U] = Lib_IntVector_Intrinsics_vec128_xor(s0[0U], r2[0U]);
+  s1[0U] = Lib_IntVector_Intrinsics_vec128_xor(s1[0U], r1[0U]);
+  s1[0U] = Lib_IntVector_Intrinsics_vec128_xor(s1[0U], r3[0U]);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn)
+{
+  Lib_IntVector_Intrinsics_vec128 *r0 = hash;
+  Lib_IntVector_Intrinsics_vec128 *r1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = hash + 2U;
+  Lib_IntVector_Intrinsics_vec128 *r3 = hash + 3U;
+  uint32_t iv0 = Hacl_Hash_Blake2s_ivTable_S[0U];
+  uint32_t iv1 = Hacl_Hash_Blake2s_ivTable_S[1U];
+  uint32_t iv2 = Hacl_Hash_Blake2s_ivTable_S[2U];
+  uint32_t iv3 = Hacl_Hash_Blake2s_ivTable_S[3U];
+  uint32_t iv4 = Hacl_Hash_Blake2s_ivTable_S[4U];
+  uint32_t iv5 = Hacl_Hash_Blake2s_ivTable_S[5U];
+  uint32_t iv6 = Hacl_Hash_Blake2s_ivTable_S[6U];
+  uint32_t iv7 = Hacl_Hash_Blake2s_ivTable_S[7U];
+  r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0, iv1, iv2, iv3);
+  r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7);
+  uint32_t kk_shift_8 = kk << 8U;
+  uint32_t iv0_ = iv0 ^ (0x01010000U ^ (kk_shift_8 ^ nn));
+  r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0_, iv1, iv2, iv3);
+  r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7);
+}
+
+static void
+update_key(
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint32_t kk,
+  uint8_t *k,
+  uint32_t ll
+)
+{
+  uint64_t lb = (uint64_t)64U;
+  uint8_t b[64U] = { 0U };
+  memcpy(b, k, kk * sizeof (uint8_t));
+  if (ll == 0U)
+  {
+    update_block(wv, hash, true, lb, b);
+  }
+  else
+  {
+    update_block(wv, hash, false, lb, b);
+  }
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_update_multi(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint64_t prev,
+  uint8_t *blocks,
+  uint32_t nb
+)
+{
+  KRML_MAYBE_UNUSED_VAR(len);
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    uint64_t totlen = prev + (uint64_t)((i + 1U) * 64U);
+    uint8_t *b = blocks + i * 64U;
+    update_block(wv, hash, false, totlen, b);
+  }
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_update_last(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint64_t prev,
+  uint32_t rem,
+  uint8_t *d
+)
+{
+  uint8_t b[64U] = { 0U };
+  uint8_t *last = d + len - rem;
+  memcpy(b, last, rem * sizeof (uint8_t));
+  uint64_t totlen = prev + (uint64_t)len;
+  update_block(wv, hash, true, totlen, b);
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+static inline void
+update_blocks(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint64_t prev,
+  uint8_t *blocks
+)
+{
+  uint32_t nb0 = len / 64U;
+  uint32_t rem0 = len % 64U;
+  uint32_t nb;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    nb = nb0 - 1U;
+  }
+  else
+  {
+    nb = nb0;
+  }
+  uint32_t rem;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    rem = 64U;
+  }
+  else
+  {
+    rem = rem0;
+  }
+  Hacl_Hash_Blake2s_Simd128_update_multi(len, wv, hash, prev, blocks, nb);
+  Hacl_Hash_Blake2s_Simd128_update_last(len, wv, hash, prev, rem, blocks);
+}
+
+static inline void
+update(
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint32_t kk,
+  uint8_t *k,
+  uint32_t ll,
+  uint8_t *d
+)
+{
+  uint64_t lb = (uint64_t)64U;
+  if (kk > 0U)
+  {
+    update_key(wv, hash, kk, k, ll);
+    if (!(ll == 0U))
+    {
+      update_blocks(ll, wv, hash, lb, d);
+      return;
+    }
+    return;
+  }
+  update_blocks(ll, wv, hash, (uint64_t)0U, d);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_finish(
+  uint32_t nn,
+  uint8_t *output,
+  Lib_IntVector_Intrinsics_vec128 *hash
+)
+{
+  uint8_t b[32U] = { 0U };
+  uint8_t *first = b;
+  uint8_t *second = b + 16U;
+  Lib_IntVector_Intrinsics_vec128 *row0 = hash;
+  Lib_IntVector_Intrinsics_vec128 *row1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec128_store32_le(first, row0[0U]);
+  Lib_IntVector_Intrinsics_vec128_store32_le(second, row1[0U]);
+  uint8_t *final = b;
+  memcpy(output, final, nn * sizeof (uint8_t));
+  Lib_Memzero0_memzero(b, 32U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_store_state128s_to_state32(
+  uint32_t *st32,
+  Lib_IntVector_Intrinsics_vec128 *st
+)
+{
+  Lib_IntVector_Intrinsics_vec128 *r0 = st;
+  Lib_IntVector_Intrinsics_vec128 *r1 = st + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = st + 2U;
+  Lib_IntVector_Intrinsics_vec128 *r3 = st + 3U;
+  uint32_t *b0 = st32;
+  uint32_t *b1 = st32 + 4U;
+  uint32_t *b2 = st32 + 8U;
+  uint32_t *b3 = st32 + 12U;
+  uint8_t b8[16U] = { 0U };
+  Lib_IntVector_Intrinsics_vec128_store32_le(b8, r0[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = b0;
+    uint8_t *bj = b8 + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  uint8_t b80[16U] = { 0U };
+  Lib_IntVector_Intrinsics_vec128_store32_le(b80, r1[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = b1;
+    uint8_t *bj = b80 + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  uint8_t b81[16U] = { 0U };
+  Lib_IntVector_Intrinsics_vec128_store32_le(b81, r2[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = b2;
+    uint8_t *bj = b81 + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  uint8_t b82[16U] = { 0U };
+  Lib_IntVector_Intrinsics_vec128_store32_le(b82, r3[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = b3;
+    uint8_t *bj = b82 + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_load_state128s_from_state32(
+  Lib_IntVector_Intrinsics_vec128 *st,
+  uint32_t *st32
+)
+{
+  Lib_IntVector_Intrinsics_vec128 *r0 = st;
+  Lib_IntVector_Intrinsics_vec128 *r1 = st + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = st + 2U;
+  Lib_IntVector_Intrinsics_vec128 *r3 = st + 3U;
+  uint32_t *b0 = st32;
+  uint32_t *b1 = st32 + 4U;
+  uint32_t *b2 = st32 + 8U;
+  uint32_t *b3 = st32 + 12U;
+  r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b0[0U], b0[1U], b0[2U], b0[3U]);
+  r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b1[0U], b1[1U], b1[2U], b1[3U]);
+  r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b2[0U], b2[1U], b2[2U], b2[3U]);
+  r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b3[0U], b3[1U], b3[2U], b3[3U]);
+}
+
+Lib_IntVector_Intrinsics_vec128 *Hacl_Hash_Blake2s_Simd128_malloc_with_key(void)
+{
+  Lib_IntVector_Intrinsics_vec128
+  *buf =
+    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
+      sizeof (Lib_IntVector_Intrinsics_vec128) * 4U);
+  memset(buf, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  return buf;
+}
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2s_Simd128_state_t *Hacl_Hash_Blake2s_Simd128_malloc(void)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  Lib_IntVector_Intrinsics_vec128
+  *wv =
+    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
+      sizeof (Lib_IntVector_Intrinsics_vec128) * 4U);
+  memset(wv, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Lib_IntVector_Intrinsics_vec128
+  *b =
+    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
+      sizeof (Lib_IntVector_Intrinsics_vec128) * 4U);
+  memset(b, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state = { .fst = wv, .snd = b };
+  Hacl_Hash_Blake2s_Simd128_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  Hacl_Hash_Blake2s_Simd128_state_t
+  *p =
+    (Hacl_Hash_Blake2s_Simd128_state_t *)KRML_HOST_MALLOC(sizeof (
+        Hacl_Hash_Blake2s_Simd128_state_t
+      ));
+  p[0U] = s;
+  Hacl_Hash_Blake2s_Simd128_init(block_state.snd, 0U, 32U);
+  return p;
+}
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2s_Simd128_reset(Hacl_Hash_Blake2s_Simd128_state_t *state)
+{
+  Hacl_Hash_Blake2s_Simd128_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state = scrut.block_state;
+  Hacl_Hash_Blake2s_Simd128_init(block_state.snd, 0U, 32U);
+  Hacl_Hash_Blake2s_Simd128_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
+}
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2s_Simd128_update(
+  Hacl_Hash_Blake2s_Simd128_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+)
+{
+  Hacl_Hash_Blake2s_Simd128_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    sz = 64U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  if (chunk_len <= 64U - sz)
+  {
+    Hacl_Hash_Blake2s_Simd128_state_t s1 = *state;
+    Hacl_Hash_Blake2s_Simd128_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_Hash_Blake2s_Simd128_state_t s1 = *state;
+    Hacl_Hash_Blake2s_Simd128_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
+      Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2s_Simd128_update_multi(64U, wv, hash, prevlen, buf, nb);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
+    Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
+    uint32_t nb = data1_len / 64U;
+    Hacl_Hash_Blake2s_Simd128_update_multi(data1_len, wv, hash, total_len1, data1, nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_Blake2s_Simd128_state_t s1 = *state;
+    Hacl_Hash_Blake2s_Simd128_block_state_t block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 64U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_Simd128_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2
+        }
+      );
+    Hacl_Hash_Blake2s_Simd128_state_t s10 = *state;
+    Hacl_Hash_Blake2s_Simd128_block_state_t block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
+      Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2s_Simd128_update_multi(64U, wv, hash, prevlen, buf, nb);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
+    Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
+    uint32_t nb = data1_len / 64U;
+    Hacl_Hash_Blake2s_Simd128_update_multi(data1_len, wv, hash, total_len1, data1, nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+/**
+  Finish function when there is no key
+*/
+void
+Hacl_Hash_Blake2s_Simd128_digest(Hacl_Hash_Blake2s_Simd128_state_t *state, uint8_t *output)
+{
+  Hacl_Hash_Blake2s_Simd128_state_t scrut = *state;
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint32_t r;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    r = 64U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  uint8_t *buf_1 = buf_;
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv0[4U] KRML_POST_ALIGN(16) = { 0U };
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b[4U] KRML_POST_ALIGN(16) = { 0U };
+  Hacl_Hash_Blake2s_Simd128_block_state_t tmp_block_state = { .fst = wv0, .snd = b };
+  Lib_IntVector_Intrinsics_vec128 *src_b = block_state.snd;
+  Lib_IntVector_Intrinsics_vec128 *dst_b = tmp_block_state.snd;
+  memcpy(dst_b, src_b, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  uint64_t prev_len = total_len - (uint64_t)r;
+  uint32_t ite;
+  if (r % 64U == 0U && r > 0U)
+  {
+    ite = 64U;
+  }
+  else
+  {
+    ite = r % 64U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  Lib_IntVector_Intrinsics_vec128 *wv1 = tmp_block_state.fst;
+  Lib_IntVector_Intrinsics_vec128 *hash0 = tmp_block_state.snd;
+  uint32_t nb = 0U;
+  Hacl_Hash_Blake2s_Simd128_update_multi(0U, wv1, hash0, prev_len, buf_multi, nb);
+  uint64_t prev_len_last = total_len - (uint64_t)r;
+  Lib_IntVector_Intrinsics_vec128 *wv = tmp_block_state.fst;
+  Lib_IntVector_Intrinsics_vec128 *hash = tmp_block_state.snd;
+  Hacl_Hash_Blake2s_Simd128_update_last(r, wv, hash, prev_len_last, r, buf_last);
+  Hacl_Hash_Blake2s_Simd128_finish(32U, output, tmp_block_state.snd);
+}
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2s_Simd128_free(Hacl_Hash_Blake2s_Simd128_state_t *state)
+{
+  Hacl_Hash_Blake2s_Simd128_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state = scrut.block_state;
+  Lib_IntVector_Intrinsics_vec128 *wv = block_state.fst;
+  Lib_IntVector_Intrinsics_vec128 *b = block_state.snd;
+  KRML_ALIGNED_FREE(wv);
+  KRML_ALIGNED_FREE(b);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+/**
+Write the BLAKE2s digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2s_Simd128_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+)
+{
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b[4U] KRML_POST_ALIGN(16) = { 0U };
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b1[4U] KRML_POST_ALIGN(16) = { 0U };
+  Hacl_Hash_Blake2s_Simd128_init(b, key_len, output_len);
+  update(b1, b, key_len, key, input_len, input);
+  Hacl_Hash_Blake2s_Simd128_finish(output_len, output, b);
+  Lib_Memzero0_memzero(b1, 4U, Lib_IntVector_Intrinsics_vec128);
+  Lib_Memzero0_memzero(b, 4U, Lib_IntVector_Intrinsics_vec128);
+}
+
diff --git a/src/Hacl_Hash_MD5.c b/src/Hacl_Hash_MD5.c
index 222ac824..ed294839 100644
--- a/src/Hacl_Hash_MD5.c
+++ b/src/Hacl_Hash_MD5.c
@@ -25,37 +25,29 @@
 
 #include "internal/Hacl_Hash_MD5.h"
 
-static uint32_t
-_h0[4U] =
-  { (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U };
+static uint32_t _h0[4U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U };
 
 static uint32_t
 _t[64U] =
   {
-    (uint32_t)0xd76aa478U, (uint32_t)0xe8c7b756U, (uint32_t)0x242070dbU, (uint32_t)0xc1bdceeeU,
-    (uint32_t)0xf57c0fafU, (uint32_t)0x4787c62aU, (uint32_t)0xa8304613U, (uint32_t)0xfd469501U,
-    (uint32_t)0x698098d8U, (uint32_t)0x8b44f7afU, (uint32_t)0xffff5bb1U, (uint32_t)0x895cd7beU,
-    (uint32_t)0x6b901122U, (uint32_t)0xfd987193U, (uint32_t)0xa679438eU, (uint32_t)0x49b40821U,
-    (uint32_t)0xf61e2562U, (uint32_t)0xc040b340U, (uint32_t)0x265e5a51U, (uint32_t)0xe9b6c7aaU,
-    (uint32_t)0xd62f105dU, (uint32_t)0x02441453U, (uint32_t)0xd8a1e681U, (uint32_t)0xe7d3fbc8U,
-    (uint32_t)0x21e1cde6U, (uint32_t)0xc33707d6U, (uint32_t)0xf4d50d87U, (uint32_t)0x455a14edU,
-    (uint32_t)0xa9e3e905U, (uint32_t)0xfcefa3f8U, (uint32_t)0x676f02d9U, (uint32_t)0x8d2a4c8aU,
-    (uint32_t)0xfffa3942U, (uint32_t)0x8771f681U, (uint32_t)0x6d9d6122U, (uint32_t)0xfde5380cU,
-    (uint32_t)0xa4beea44U, (uint32_t)0x4bdecfa9U, (uint32_t)0xf6bb4b60U, (uint32_t)0xbebfbc70U,
-    (uint32_t)0x289b7ec6U, (uint32_t)0xeaa127faU, (uint32_t)0xd4ef3085U, (uint32_t)0x4881d05U,
-    (uint32_t)0xd9d4d039U, (uint32_t)0xe6db99e5U, (uint32_t)0x1fa27cf8U, (uint32_t)0xc4ac5665U,
-    (uint32_t)0xf4292244U, (uint32_t)0x432aff97U, (uint32_t)0xab9423a7U, (uint32_t)0xfc93a039U,
-    (uint32_t)0x655b59c3U, (uint32_t)0x8f0ccc92U, (uint32_t)0xffeff47dU, (uint32_t)0x85845dd1U,
-    (uint32_t)0x6fa87e4fU, (uint32_t)0xfe2ce6e0U, (uint32_t)0xa3014314U, (uint32_t)0x4e0811a1U,
-    (uint32_t)0xf7537e82U, (uint32_t)0xbd3af235U, (uint32_t)0x2ad7d2bbU, (uint32_t)0xeb86d391U
+    0xd76aa478U, 0xe8c7b756U, 0x242070dbU, 0xc1bdceeeU, 0xf57c0fafU, 0x4787c62aU, 0xa8304613U,
+    0xfd469501U, 0x698098d8U, 0x8b44f7afU, 0xffff5bb1U, 0x895cd7beU, 0x6b901122U, 0xfd987193U,
+    0xa679438eU, 0x49b40821U, 0xf61e2562U, 0xc040b340U, 0x265e5a51U, 0xe9b6c7aaU, 0xd62f105dU,
+    0x02441453U, 0xd8a1e681U, 0xe7d3fbc8U, 0x21e1cde6U, 0xc33707d6U, 0xf4d50d87U, 0x455a14edU,
+    0xa9e3e905U, 0xfcefa3f8U, 0x676f02d9U, 0x8d2a4c8aU, 0xfffa3942U, 0x8771f681U, 0x6d9d6122U,
+    0xfde5380cU, 0xa4beea44U, 0x4bdecfa9U, 0xf6bb4b60U, 0xbebfbc70U, 0x289b7ec6U, 0xeaa127faU,
+    0xd4ef3085U, 0x4881d05U, 0xd9d4d039U, 0xe6db99e5U, 0x1fa27cf8U, 0xc4ac5665U, 0xf4292244U,
+    0x432aff97U, 0xab9423a7U, 0xfc93a039U, 0x655b59c3U, 0x8f0ccc92U, 0xffeff47dU, 0x85845dd1U,
+    0x6fa87e4fU, 0xfe2ce6e0U, 0xa3014314U, 0x4e0811a1U, 0xf7537e82U, 0xbd3af235U, 0x2ad7d2bbU,
+    0xeb86d391U
   };
 
-void Hacl_Hash_Core_MD5_legacy_init(uint32_t *s)
+void Hacl_Hash_MD5_init(uint32_t *s)
 {
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, s[i] = _h0[i];);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, s[i] = _h0[i];);
 }
 
-static void legacy_update(uint32_t *abcd, uint8_t *x)
+static void update(uint32_t *abcd, uint8_t *x)
 {
   uint32_t aa = abcd[0U];
   uint32_t bb = abcd[1U];
@@ -74,14 +66,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb0
     +
       ((va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0)
-      << (uint32_t)7U
-      | (va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0) >> (uint32_t)25U);
+      << 7U
+      | (va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0) >> 25U);
   abcd[0U] = v;
   uint32_t va0 = abcd[3U];
   uint32_t vb1 = abcd[0U];
   uint32_t vc1 = abcd[1U];
   uint32_t vd1 = abcd[2U];
-  uint8_t *b1 = x + (uint32_t)4U;
+  uint8_t *b1 = x + 4U;
   uint32_t u0 = load32_le(b1);
   uint32_t xk0 = u0;
   uint32_t ti1 = _t[1U];
@@ -90,14 +82,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb1
     +
       ((va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1)
-      << (uint32_t)12U
-      | (va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1) >> (uint32_t)20U);
+      << 12U
+      | (va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1) >> 20U);
   abcd[3U] = v0;
   uint32_t va1 = abcd[2U];
   uint32_t vb2 = abcd[3U];
   uint32_t vc2 = abcd[0U];
   uint32_t vd2 = abcd[1U];
-  uint8_t *b2 = x + (uint32_t)8U;
+  uint8_t *b2 = x + 8U;
   uint32_t u1 = load32_le(b2);
   uint32_t xk1 = u1;
   uint32_t ti2 = _t[2U];
@@ -106,14 +98,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb2
     +
       ((va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2)
-      << (uint32_t)17U
-      | (va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2) >> (uint32_t)15U);
+      << 17U
+      | (va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2) >> 15U);
   abcd[2U] = v1;
   uint32_t va2 = abcd[1U];
   uint32_t vb3 = abcd[2U];
   uint32_t vc3 = abcd[3U];
   uint32_t vd3 = abcd[0U];
-  uint8_t *b3 = x + (uint32_t)12U;
+  uint8_t *b3 = x + 12U;
   uint32_t u2 = load32_le(b3);
   uint32_t xk2 = u2;
   uint32_t ti3 = _t[3U];
@@ -122,14 +114,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb3
     +
       ((va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3)
-      << (uint32_t)22U
-      | (va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3) >> (uint32_t)10U);
+      << 22U
+      | (va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3) >> 10U);
   abcd[1U] = v2;
   uint32_t va3 = abcd[0U];
   uint32_t vb4 = abcd[1U];
   uint32_t vc4 = abcd[2U];
   uint32_t vd4 = abcd[3U];
-  uint8_t *b4 = x + (uint32_t)16U;
+  uint8_t *b4 = x + 16U;
   uint32_t u3 = load32_le(b4);
   uint32_t xk3 = u3;
   uint32_t ti4 = _t[4U];
@@ -138,14 +130,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb4
     +
       ((va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4)
-      << (uint32_t)7U
-      | (va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4) >> (uint32_t)25U);
+      << 7U
+      | (va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4) >> 25U);
   abcd[0U] = v3;
   uint32_t va4 = abcd[3U];
   uint32_t vb5 = abcd[0U];
   uint32_t vc5 = abcd[1U];
   uint32_t vd5 = abcd[2U];
-  uint8_t *b5 = x + (uint32_t)20U;
+  uint8_t *b5 = x + 20U;
   uint32_t u4 = load32_le(b5);
   uint32_t xk4 = u4;
   uint32_t ti5 = _t[5U];
@@ -154,14 +146,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb5
     +
       ((va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5)
-      << (uint32_t)12U
-      | (va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5) >> (uint32_t)20U);
+      << 12U
+      | (va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5) >> 20U);
   abcd[3U] = v4;
   uint32_t va5 = abcd[2U];
   uint32_t vb6 = abcd[3U];
   uint32_t vc6 = abcd[0U];
   uint32_t vd6 = abcd[1U];
-  uint8_t *b6 = x + (uint32_t)24U;
+  uint8_t *b6 = x + 24U;
   uint32_t u5 = load32_le(b6);
   uint32_t xk5 = u5;
   uint32_t ti6 = _t[6U];
@@ -170,14 +162,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb6
     +
       ((va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6)
-      << (uint32_t)17U
-      | (va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6) >> (uint32_t)15U);
+      << 17U
+      | (va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6) >> 15U);
   abcd[2U] = v5;
   uint32_t va6 = abcd[1U];
   uint32_t vb7 = abcd[2U];
   uint32_t vc7 = abcd[3U];
   uint32_t vd7 = abcd[0U];
-  uint8_t *b7 = x + (uint32_t)28U;
+  uint8_t *b7 = x + 28U;
   uint32_t u6 = load32_le(b7);
   uint32_t xk6 = u6;
   uint32_t ti7 = _t[7U];
@@ -186,14 +178,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb7
     +
       ((va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7)
-      << (uint32_t)22U
-      | (va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7) >> (uint32_t)10U);
+      << 22U
+      | (va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7) >> 10U);
   abcd[1U] = v6;
   uint32_t va7 = abcd[0U];
   uint32_t vb8 = abcd[1U];
   uint32_t vc8 = abcd[2U];
   uint32_t vd8 = abcd[3U];
-  uint8_t *b8 = x + (uint32_t)32U;
+  uint8_t *b8 = x + 32U;
   uint32_t u7 = load32_le(b8);
   uint32_t xk7 = u7;
   uint32_t ti8 = _t[8U];
@@ -202,14 +194,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb8
     +
       ((va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8)
-      << (uint32_t)7U
-      | (va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8) >> (uint32_t)25U);
+      << 7U
+      | (va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8) >> 25U);
   abcd[0U] = v7;
   uint32_t va8 = abcd[3U];
   uint32_t vb9 = abcd[0U];
   uint32_t vc9 = abcd[1U];
   uint32_t vd9 = abcd[2U];
-  uint8_t *b9 = x + (uint32_t)36U;
+  uint8_t *b9 = x + 36U;
   uint32_t u8 = load32_le(b9);
   uint32_t xk8 = u8;
   uint32_t ti9 = _t[9U];
@@ -218,14 +210,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb9
     +
       ((va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9)
-      << (uint32_t)12U
-      | (va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9) >> (uint32_t)20U);
+      << 12U
+      | (va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9) >> 20U);
   abcd[3U] = v8;
   uint32_t va9 = abcd[2U];
   uint32_t vb10 = abcd[3U];
   uint32_t vc10 = abcd[0U];
   uint32_t vd10 = abcd[1U];
-  uint8_t *b10 = x + (uint32_t)40U;
+  uint8_t *b10 = x + 40U;
   uint32_t u9 = load32_le(b10);
   uint32_t xk9 = u9;
   uint32_t ti10 = _t[10U];
@@ -234,14 +226,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb10
     +
       ((va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10)
-      << (uint32_t)17U
-      | (va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10) >> (uint32_t)15U);
+      << 17U
+      | (va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10) >> 15U);
   abcd[2U] = v9;
   uint32_t va10 = abcd[1U];
   uint32_t vb11 = abcd[2U];
   uint32_t vc11 = abcd[3U];
   uint32_t vd11 = abcd[0U];
-  uint8_t *b11 = x + (uint32_t)44U;
+  uint8_t *b11 = x + 44U;
   uint32_t u10 = load32_le(b11);
   uint32_t xk10 = u10;
   uint32_t ti11 = _t[11U];
@@ -250,14 +242,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb11
     +
       ((va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11)
-      << (uint32_t)22U
-      | (va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11) >> (uint32_t)10U);
+      << 22U
+      | (va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11) >> 10U);
   abcd[1U] = v10;
   uint32_t va11 = abcd[0U];
   uint32_t vb12 = abcd[1U];
   uint32_t vc12 = abcd[2U];
   uint32_t vd12 = abcd[3U];
-  uint8_t *b12 = x + (uint32_t)48U;
+  uint8_t *b12 = x + 48U;
   uint32_t u11 = load32_le(b12);
   uint32_t xk11 = u11;
   uint32_t ti12 = _t[12U];
@@ -266,14 +258,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb12
     +
       ((va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12)
-      << (uint32_t)7U
-      | (va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12) >> (uint32_t)25U);
+      << 7U
+      | (va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12) >> 25U);
   abcd[0U] = v11;
   uint32_t va12 = abcd[3U];
   uint32_t vb13 = abcd[0U];
   uint32_t vc13 = abcd[1U];
   uint32_t vd13 = abcd[2U];
-  uint8_t *b13 = x + (uint32_t)52U;
+  uint8_t *b13 = x + 52U;
   uint32_t u12 = load32_le(b13);
   uint32_t xk12 = u12;
   uint32_t ti13 = _t[13U];
@@ -282,14 +274,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb13
     +
       ((va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13)
-      << (uint32_t)12U
-      | (va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13) >> (uint32_t)20U);
+      << 12U
+      | (va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13) >> 20U);
   abcd[3U] = v12;
   uint32_t va13 = abcd[2U];
   uint32_t vb14 = abcd[3U];
   uint32_t vc14 = abcd[0U];
   uint32_t vd14 = abcd[1U];
-  uint8_t *b14 = x + (uint32_t)56U;
+  uint8_t *b14 = x + 56U;
   uint32_t u13 = load32_le(b14);
   uint32_t xk13 = u13;
   uint32_t ti14 = _t[14U];
@@ -298,14 +290,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb14
     +
       ((va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14)
-      << (uint32_t)17U
-      | (va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14) >> (uint32_t)15U);
+      << 17U
+      | (va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14) >> 15U);
   abcd[2U] = v13;
   uint32_t va14 = abcd[1U];
   uint32_t vb15 = abcd[2U];
   uint32_t vc15 = abcd[3U];
   uint32_t vd15 = abcd[0U];
-  uint8_t *b15 = x + (uint32_t)60U;
+  uint8_t *b15 = x + 60U;
   uint32_t u14 = load32_le(b15);
   uint32_t xk14 = u14;
   uint32_t ti15 = _t[15U];
@@ -314,14 +306,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb15
     +
       ((va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15)
-      << (uint32_t)22U
-      | (va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15) >> (uint32_t)10U);
+      << 22U
+      | (va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15) >> 10U);
   abcd[1U] = v14;
   uint32_t va15 = abcd[0U];
   uint32_t vb16 = abcd[1U];
   uint32_t vc16 = abcd[2U];
   uint32_t vd16 = abcd[3U];
-  uint8_t *b16 = x + (uint32_t)4U;
+  uint8_t *b16 = x + 4U;
   uint32_t u15 = load32_le(b16);
   uint32_t xk15 = u15;
   uint32_t ti16 = _t[16U];
@@ -330,14 +322,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb16
     +
       ((va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16)
-      << (uint32_t)5U
-      | (va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16) >> (uint32_t)27U);
+      << 5U
+      | (va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16) >> 27U);
   abcd[0U] = v15;
   uint32_t va16 = abcd[3U];
   uint32_t vb17 = abcd[0U];
   uint32_t vc17 = abcd[1U];
   uint32_t vd17 = abcd[2U];
-  uint8_t *b17 = x + (uint32_t)24U;
+  uint8_t *b17 = x + 24U;
   uint32_t u16 = load32_le(b17);
   uint32_t xk16 = u16;
   uint32_t ti17 = _t[17U];
@@ -346,14 +338,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb17
     +
       ((va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17)
-      << (uint32_t)9U
-      | (va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17) >> (uint32_t)23U);
+      << 9U
+      | (va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17) >> 23U);
   abcd[3U] = v16;
   uint32_t va17 = abcd[2U];
   uint32_t vb18 = abcd[3U];
   uint32_t vc18 = abcd[0U];
   uint32_t vd18 = abcd[1U];
-  uint8_t *b18 = x + (uint32_t)44U;
+  uint8_t *b18 = x + 44U;
   uint32_t u17 = load32_le(b18);
   uint32_t xk17 = u17;
   uint32_t ti18 = _t[18U];
@@ -362,8 +354,8 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb18
     +
       ((va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18)
-      << (uint32_t)14U
-      | (va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18) >> (uint32_t)18U);
+      << 14U
+      | (va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18) >> 18U);
   abcd[2U] = v17;
   uint32_t va18 = abcd[1U];
   uint32_t vb19 = abcd[2U];
@@ -378,14 +370,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb19
     +
       ((va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19)
-      << (uint32_t)20U
-      | (va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19) >> (uint32_t)12U);
+      << 20U
+      | (va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19) >> 12U);
   abcd[1U] = v18;
   uint32_t va19 = abcd[0U];
   uint32_t vb20 = abcd[1U];
   uint32_t vc20 = abcd[2U];
   uint32_t vd20 = abcd[3U];
-  uint8_t *b20 = x + (uint32_t)20U;
+  uint8_t *b20 = x + 20U;
   uint32_t u19 = load32_le(b20);
   uint32_t xk19 = u19;
   uint32_t ti20 = _t[20U];
@@ -394,14 +386,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb20
     +
       ((va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20)
-      << (uint32_t)5U
-      | (va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20) >> (uint32_t)27U);
+      << 5U
+      | (va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20) >> 27U);
   abcd[0U] = v19;
   uint32_t va20 = abcd[3U];
   uint32_t vb21 = abcd[0U];
   uint32_t vc21 = abcd[1U];
   uint32_t vd21 = abcd[2U];
-  uint8_t *b21 = x + (uint32_t)40U;
+  uint8_t *b21 = x + 40U;
   uint32_t u20 = load32_le(b21);
   uint32_t xk20 = u20;
   uint32_t ti21 = _t[21U];
@@ -410,14 +402,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb21
     +
       ((va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21)
-      << (uint32_t)9U
-      | (va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21) >> (uint32_t)23U);
+      << 9U
+      | (va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21) >> 23U);
   abcd[3U] = v20;
   uint32_t va21 = abcd[2U];
   uint32_t vb22 = abcd[3U];
   uint32_t vc22 = abcd[0U];
   uint32_t vd22 = abcd[1U];
-  uint8_t *b22 = x + (uint32_t)60U;
+  uint8_t *b22 = x + 60U;
   uint32_t u21 = load32_le(b22);
   uint32_t xk21 = u21;
   uint32_t ti22 = _t[22U];
@@ -426,14 +418,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb22
     +
       ((va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22)
-      << (uint32_t)14U
-      | (va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22) >> (uint32_t)18U);
+      << 14U
+      | (va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22) >> 18U);
   abcd[2U] = v21;
   uint32_t va22 = abcd[1U];
   uint32_t vb23 = abcd[2U];
   uint32_t vc23 = abcd[3U];
   uint32_t vd23 = abcd[0U];
-  uint8_t *b23 = x + (uint32_t)16U;
+  uint8_t *b23 = x + 16U;
   uint32_t u22 = load32_le(b23);
   uint32_t xk22 = u22;
   uint32_t ti23 = _t[23U];
@@ -442,14 +434,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb23
     +
       ((va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23)
-      << (uint32_t)20U
-      | (va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23) >> (uint32_t)12U);
+      << 20U
+      | (va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23) >> 12U);
   abcd[1U] = v22;
   uint32_t va23 = abcd[0U];
   uint32_t vb24 = abcd[1U];
   uint32_t vc24 = abcd[2U];
   uint32_t vd24 = abcd[3U];
-  uint8_t *b24 = x + (uint32_t)36U;
+  uint8_t *b24 = x + 36U;
   uint32_t u23 = load32_le(b24);
   uint32_t xk23 = u23;
   uint32_t ti24 = _t[24U];
@@ -458,14 +450,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb24
     +
       ((va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24)
-      << (uint32_t)5U
-      | (va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24) >> (uint32_t)27U);
+      << 5U
+      | (va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24) >> 27U);
   abcd[0U] = v23;
   uint32_t va24 = abcd[3U];
   uint32_t vb25 = abcd[0U];
   uint32_t vc25 = abcd[1U];
   uint32_t vd25 = abcd[2U];
-  uint8_t *b25 = x + (uint32_t)56U;
+  uint8_t *b25 = x + 56U;
   uint32_t u24 = load32_le(b25);
   uint32_t xk24 = u24;
   uint32_t ti25 = _t[25U];
@@ -474,14 +466,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb25
     +
       ((va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25)
-      << (uint32_t)9U
-      | (va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25) >> (uint32_t)23U);
+      << 9U
+      | (va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25) >> 23U);
   abcd[3U] = v24;
   uint32_t va25 = abcd[2U];
   uint32_t vb26 = abcd[3U];
   uint32_t vc26 = abcd[0U];
   uint32_t vd26 = abcd[1U];
-  uint8_t *b26 = x + (uint32_t)12U;
+  uint8_t *b26 = x + 12U;
   uint32_t u25 = load32_le(b26);
   uint32_t xk25 = u25;
   uint32_t ti26 = _t[26U];
@@ -490,14 +482,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb26
     +
       ((va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26)
-      << (uint32_t)14U
-      | (va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26) >> (uint32_t)18U);
+      << 14U
+      | (va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26) >> 18U);
   abcd[2U] = v25;
   uint32_t va26 = abcd[1U];
   uint32_t vb27 = abcd[2U];
   uint32_t vc27 = abcd[3U];
   uint32_t vd27 = abcd[0U];
-  uint8_t *b27 = x + (uint32_t)32U;
+  uint8_t *b27 = x + 32U;
   uint32_t u26 = load32_le(b27);
   uint32_t xk26 = u26;
   uint32_t ti27 = _t[27U];
@@ -506,14 +498,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb27
     +
       ((va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27)
-      << (uint32_t)20U
-      | (va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27) >> (uint32_t)12U);
+      << 20U
+      | (va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27) >> 12U);
   abcd[1U] = v26;
   uint32_t va27 = abcd[0U];
   uint32_t vb28 = abcd[1U];
   uint32_t vc28 = abcd[2U];
   uint32_t vd28 = abcd[3U];
-  uint8_t *b28 = x + (uint32_t)52U;
+  uint8_t *b28 = x + 52U;
   uint32_t u27 = load32_le(b28);
   uint32_t xk27 = u27;
   uint32_t ti28 = _t[28U];
@@ -522,14 +514,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb28
     +
       ((va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28)
-      << (uint32_t)5U
-      | (va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28) >> (uint32_t)27U);
+      << 5U
+      | (va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28) >> 27U);
   abcd[0U] = v27;
   uint32_t va28 = abcd[3U];
   uint32_t vb29 = abcd[0U];
   uint32_t vc29 = abcd[1U];
   uint32_t vd29 = abcd[2U];
-  uint8_t *b29 = x + (uint32_t)8U;
+  uint8_t *b29 = x + 8U;
   uint32_t u28 = load32_le(b29);
   uint32_t xk28 = u28;
   uint32_t ti29 = _t[29U];
@@ -538,14 +530,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb29
     +
       ((va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29)
-      << (uint32_t)9U
-      | (va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29) >> (uint32_t)23U);
+      << 9U
+      | (va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29) >> 23U);
   abcd[3U] = v28;
   uint32_t va29 = abcd[2U];
   uint32_t vb30 = abcd[3U];
   uint32_t vc30 = abcd[0U];
   uint32_t vd30 = abcd[1U];
-  uint8_t *b30 = x + (uint32_t)28U;
+  uint8_t *b30 = x + 28U;
   uint32_t u29 = load32_le(b30);
   uint32_t xk29 = u29;
   uint32_t ti30 = _t[30U];
@@ -554,14 +546,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb30
     +
       ((va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30)
-      << (uint32_t)14U
-      | (va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30) >> (uint32_t)18U);
+      << 14U
+      | (va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30) >> 18U);
   abcd[2U] = v29;
   uint32_t va30 = abcd[1U];
   uint32_t vb31 = abcd[2U];
   uint32_t vc31 = abcd[3U];
   uint32_t vd31 = abcd[0U];
-  uint8_t *b31 = x + (uint32_t)48U;
+  uint8_t *b31 = x + 48U;
   uint32_t u30 = load32_le(b31);
   uint32_t xk30 = u30;
   uint32_t ti31 = _t[31U];
@@ -570,14 +562,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb31
     +
       ((va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31)
-      << (uint32_t)20U
-      | (va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31) >> (uint32_t)12U);
+      << 20U
+      | (va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31) >> 12U);
   abcd[1U] = v30;
   uint32_t va31 = abcd[0U];
   uint32_t vb32 = abcd[1U];
   uint32_t vc32 = abcd[2U];
   uint32_t vd32 = abcd[3U];
-  uint8_t *b32 = x + (uint32_t)20U;
+  uint8_t *b32 = x + 20U;
   uint32_t u31 = load32_le(b32);
   uint32_t xk31 = u31;
   uint32_t ti32 = _t[32U];
@@ -586,14 +578,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb32
     +
       ((va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32)
-      << (uint32_t)4U
-      | (va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32) >> (uint32_t)28U);
+      << 4U
+      | (va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32) >> 28U);
   abcd[0U] = v31;
   uint32_t va32 = abcd[3U];
   uint32_t vb33 = abcd[0U];
   uint32_t vc33 = abcd[1U];
   uint32_t vd33 = abcd[2U];
-  uint8_t *b33 = x + (uint32_t)32U;
+  uint8_t *b33 = x + 32U;
   uint32_t u32 = load32_le(b33);
   uint32_t xk32 = u32;
   uint32_t ti33 = _t[33U];
@@ -602,14 +594,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb33
     +
       ((va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33)
-      << (uint32_t)11U
-      | (va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33) >> (uint32_t)21U);
+      << 11U
+      | (va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33) >> 21U);
   abcd[3U] = v32;
   uint32_t va33 = abcd[2U];
   uint32_t vb34 = abcd[3U];
   uint32_t vc34 = abcd[0U];
   uint32_t vd34 = abcd[1U];
-  uint8_t *b34 = x + (uint32_t)44U;
+  uint8_t *b34 = x + 44U;
   uint32_t u33 = load32_le(b34);
   uint32_t xk33 = u33;
   uint32_t ti34 = _t[34U];
@@ -618,14 +610,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb34
     +
       ((va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34)
-      << (uint32_t)16U
-      | (va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34) >> (uint32_t)16U);
+      << 16U
+      | (va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34) >> 16U);
   abcd[2U] = v33;
   uint32_t va34 = abcd[1U];
   uint32_t vb35 = abcd[2U];
   uint32_t vc35 = abcd[3U];
   uint32_t vd35 = abcd[0U];
-  uint8_t *b35 = x + (uint32_t)56U;
+  uint8_t *b35 = x + 56U;
   uint32_t u34 = load32_le(b35);
   uint32_t xk34 = u34;
   uint32_t ti35 = _t[35U];
@@ -634,14 +626,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb35
     +
       ((va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35)
-      << (uint32_t)23U
-      | (va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35) >> (uint32_t)9U);
+      << 23U
+      | (va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35) >> 9U);
   abcd[1U] = v34;
   uint32_t va35 = abcd[0U];
   uint32_t vb36 = abcd[1U];
   uint32_t vc36 = abcd[2U];
   uint32_t vd36 = abcd[3U];
-  uint8_t *b36 = x + (uint32_t)4U;
+  uint8_t *b36 = x + 4U;
   uint32_t u35 = load32_le(b36);
   uint32_t xk35 = u35;
   uint32_t ti36 = _t[36U];
@@ -650,14 +642,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb36
     +
       ((va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36)
-      << (uint32_t)4U
-      | (va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36) >> (uint32_t)28U);
+      << 4U
+      | (va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36) >> 28U);
   abcd[0U] = v35;
   uint32_t va36 = abcd[3U];
   uint32_t vb37 = abcd[0U];
   uint32_t vc37 = abcd[1U];
   uint32_t vd37 = abcd[2U];
-  uint8_t *b37 = x + (uint32_t)16U;
+  uint8_t *b37 = x + 16U;
   uint32_t u36 = load32_le(b37);
   uint32_t xk36 = u36;
   uint32_t ti37 = _t[37U];
@@ -666,14 +658,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb37
     +
       ((va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37)
-      << (uint32_t)11U
-      | (va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37) >> (uint32_t)21U);
+      << 11U
+      | (va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37) >> 21U);
   abcd[3U] = v36;
   uint32_t va37 = abcd[2U];
   uint32_t vb38 = abcd[3U];
   uint32_t vc38 = abcd[0U];
   uint32_t vd38 = abcd[1U];
-  uint8_t *b38 = x + (uint32_t)28U;
+  uint8_t *b38 = x + 28U;
   uint32_t u37 = load32_le(b38);
   uint32_t xk37 = u37;
   uint32_t ti38 = _t[38U];
@@ -682,14 +674,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb38
     +
       ((va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38)
-      << (uint32_t)16U
-      | (va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38) >> (uint32_t)16U);
+      << 16U
+      | (va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38) >> 16U);
   abcd[2U] = v37;
   uint32_t va38 = abcd[1U];
   uint32_t vb39 = abcd[2U];
   uint32_t vc39 = abcd[3U];
   uint32_t vd39 = abcd[0U];
-  uint8_t *b39 = x + (uint32_t)40U;
+  uint8_t *b39 = x + 40U;
   uint32_t u38 = load32_le(b39);
   uint32_t xk38 = u38;
   uint32_t ti39 = _t[39U];
@@ -698,14 +690,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb39
     +
       ((va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39)
-      << (uint32_t)23U
-      | (va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39) >> (uint32_t)9U);
+      << 23U
+      | (va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39) >> 9U);
   abcd[1U] = v38;
   uint32_t va39 = abcd[0U];
   uint32_t vb40 = abcd[1U];
   uint32_t vc40 = abcd[2U];
   uint32_t vd40 = abcd[3U];
-  uint8_t *b40 = x + (uint32_t)52U;
+  uint8_t *b40 = x + 52U;
   uint32_t u39 = load32_le(b40);
   uint32_t xk39 = u39;
   uint32_t ti40 = _t[40U];
@@ -714,8 +706,8 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb40
     +
       ((va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40)
-      << (uint32_t)4U
-      | (va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40) >> (uint32_t)28U);
+      << 4U
+      | (va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40) >> 28U);
   abcd[0U] = v39;
   uint32_t va40 = abcd[3U];
   uint32_t vb41 = abcd[0U];
@@ -730,14 +722,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb41
     +
       ((va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41)
-      << (uint32_t)11U
-      | (va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41) >> (uint32_t)21U);
+      << 11U
+      | (va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41) >> 21U);
   abcd[3U] = v40;
   uint32_t va41 = abcd[2U];
   uint32_t vb42 = abcd[3U];
   uint32_t vc42 = abcd[0U];
   uint32_t vd42 = abcd[1U];
-  uint8_t *b42 = x + (uint32_t)12U;
+  uint8_t *b42 = x + 12U;
   uint32_t u41 = load32_le(b42);
   uint32_t xk41 = u41;
   uint32_t ti42 = _t[42U];
@@ -746,14 +738,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb42
     +
       ((va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42)
-      << (uint32_t)16U
-      | (va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42) >> (uint32_t)16U);
+      << 16U
+      | (va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42) >> 16U);
   abcd[2U] = v41;
   uint32_t va42 = abcd[1U];
   uint32_t vb43 = abcd[2U];
   uint32_t vc43 = abcd[3U];
   uint32_t vd43 = abcd[0U];
-  uint8_t *b43 = x + (uint32_t)24U;
+  uint8_t *b43 = x + 24U;
   uint32_t u42 = load32_le(b43);
   uint32_t xk42 = u42;
   uint32_t ti43 = _t[43U];
@@ -762,14 +754,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb43
     +
       ((va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43)
-      << (uint32_t)23U
-      | (va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43) >> (uint32_t)9U);
+      << 23U
+      | (va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43) >> 9U);
   abcd[1U] = v42;
   uint32_t va43 = abcd[0U];
   uint32_t vb44 = abcd[1U];
   uint32_t vc44 = abcd[2U];
   uint32_t vd44 = abcd[3U];
-  uint8_t *b44 = x + (uint32_t)36U;
+  uint8_t *b44 = x + 36U;
   uint32_t u43 = load32_le(b44);
   uint32_t xk43 = u43;
   uint32_t ti44 = _t[44U];
@@ -778,14 +770,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb44
     +
       ((va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44)
-      << (uint32_t)4U
-      | (va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44) >> (uint32_t)28U);
+      << 4U
+      | (va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44) >> 28U);
   abcd[0U] = v43;
   uint32_t va44 = abcd[3U];
   uint32_t vb45 = abcd[0U];
   uint32_t vc45 = abcd[1U];
   uint32_t vd45 = abcd[2U];
-  uint8_t *b45 = x + (uint32_t)48U;
+  uint8_t *b45 = x + 48U;
   uint32_t u44 = load32_le(b45);
   uint32_t xk44 = u44;
   uint32_t ti45 = _t[45U];
@@ -794,14 +786,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb45
     +
       ((va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45)
-      << (uint32_t)11U
-      | (va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45) >> (uint32_t)21U);
+      << 11U
+      | (va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45) >> 21U);
   abcd[3U] = v44;
   uint32_t va45 = abcd[2U];
   uint32_t vb46 = abcd[3U];
   uint32_t vc46 = abcd[0U];
   uint32_t vd46 = abcd[1U];
-  uint8_t *b46 = x + (uint32_t)60U;
+  uint8_t *b46 = x + 60U;
   uint32_t u45 = load32_le(b46);
   uint32_t xk45 = u45;
   uint32_t ti46 = _t[46U];
@@ -810,14 +802,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb46
     +
       ((va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46)
-      << (uint32_t)16U
-      | (va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46) >> (uint32_t)16U);
+      << 16U
+      | (va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46) >> 16U);
   abcd[2U] = v45;
   uint32_t va46 = abcd[1U];
   uint32_t vb47 = abcd[2U];
   uint32_t vc47 = abcd[3U];
   uint32_t vd47 = abcd[0U];
-  uint8_t *b47 = x + (uint32_t)8U;
+  uint8_t *b47 = x + 8U;
   uint32_t u46 = load32_le(b47);
   uint32_t xk46 = u46;
   uint32_t ti47 = _t[47U];
@@ -826,8 +818,8 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb47
     +
       ((va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47)
-      << (uint32_t)23U
-      | (va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47) >> (uint32_t)9U);
+      << 23U
+      | (va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47) >> 9U);
   abcd[1U] = v46;
   uint32_t va47 = abcd[0U];
   uint32_t vb48 = abcd[1U];
@@ -842,14 +834,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb48
     +
       ((va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48)
-      << (uint32_t)6U
-      | (va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48) >> (uint32_t)26U);
+      << 6U
+      | (va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48) >> 26U);
   abcd[0U] = v47;
   uint32_t va48 = abcd[3U];
   uint32_t vb49 = abcd[0U];
   uint32_t vc49 = abcd[1U];
   uint32_t vd49 = abcd[2U];
-  uint8_t *b49 = x + (uint32_t)28U;
+  uint8_t *b49 = x + 28U;
   uint32_t u48 = load32_le(b49);
   uint32_t xk48 = u48;
   uint32_t ti49 = _t[49U];
@@ -858,14 +850,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb49
     +
       ((va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49)
-      << (uint32_t)10U
-      | (va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49) >> (uint32_t)22U);
+      << 10U
+      | (va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49) >> 22U);
   abcd[3U] = v48;
   uint32_t va49 = abcd[2U];
   uint32_t vb50 = abcd[3U];
   uint32_t vc50 = abcd[0U];
   uint32_t vd50 = abcd[1U];
-  uint8_t *b50 = x + (uint32_t)56U;
+  uint8_t *b50 = x + 56U;
   uint32_t u49 = load32_le(b50);
   uint32_t xk49 = u49;
   uint32_t ti50 = _t[50U];
@@ -874,14 +866,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb50
     +
       ((va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50)
-      << (uint32_t)15U
-      | (va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50) >> (uint32_t)17U);
+      << 15U
+      | (va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50) >> 17U);
   abcd[2U] = v49;
   uint32_t va50 = abcd[1U];
   uint32_t vb51 = abcd[2U];
   uint32_t vc51 = abcd[3U];
   uint32_t vd51 = abcd[0U];
-  uint8_t *b51 = x + (uint32_t)20U;
+  uint8_t *b51 = x + 20U;
   uint32_t u50 = load32_le(b51);
   uint32_t xk50 = u50;
   uint32_t ti51 = _t[51U];
@@ -890,14 +882,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb51
     +
       ((va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51)
-      << (uint32_t)21U
-      | (va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51) >> (uint32_t)11U);
+      << 21U
+      | (va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51) >> 11U);
   abcd[1U] = v50;
   uint32_t va51 = abcd[0U];
   uint32_t vb52 = abcd[1U];
   uint32_t vc52 = abcd[2U];
   uint32_t vd52 = abcd[3U];
-  uint8_t *b52 = x + (uint32_t)48U;
+  uint8_t *b52 = x + 48U;
   uint32_t u51 = load32_le(b52);
   uint32_t xk51 = u51;
   uint32_t ti52 = _t[52U];
@@ -906,14 +898,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb52
     +
       ((va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52)
-      << (uint32_t)6U
-      | (va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52) >> (uint32_t)26U);
+      << 6U
+      | (va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52) >> 26U);
   abcd[0U] = v51;
   uint32_t va52 = abcd[3U];
   uint32_t vb53 = abcd[0U];
   uint32_t vc53 = abcd[1U];
   uint32_t vd53 = abcd[2U];
-  uint8_t *b53 = x + (uint32_t)12U;
+  uint8_t *b53 = x + 12U;
   uint32_t u52 = load32_le(b53);
   uint32_t xk52 = u52;
   uint32_t ti53 = _t[53U];
@@ -922,14 +914,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb53
     +
       ((va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53)
-      << (uint32_t)10U
-      | (va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53) >> (uint32_t)22U);
+      << 10U
+      | (va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53) >> 22U);
   abcd[3U] = v52;
   uint32_t va53 = abcd[2U];
   uint32_t vb54 = abcd[3U];
   uint32_t vc54 = abcd[0U];
   uint32_t vd54 = abcd[1U];
-  uint8_t *b54 = x + (uint32_t)40U;
+  uint8_t *b54 = x + 40U;
   uint32_t u53 = load32_le(b54);
   uint32_t xk53 = u53;
   uint32_t ti54 = _t[54U];
@@ -938,14 +930,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb54
     +
       ((va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54)
-      << (uint32_t)15U
-      | (va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54) >> (uint32_t)17U);
+      << 15U
+      | (va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54) >> 17U);
   abcd[2U] = v53;
   uint32_t va54 = abcd[1U];
   uint32_t vb55 = abcd[2U];
   uint32_t vc55 = abcd[3U];
   uint32_t vd55 = abcd[0U];
-  uint8_t *b55 = x + (uint32_t)4U;
+  uint8_t *b55 = x + 4U;
   uint32_t u54 = load32_le(b55);
   uint32_t xk54 = u54;
   uint32_t ti55 = _t[55U];
@@ -954,14 +946,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb55
     +
       ((va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55)
-      << (uint32_t)21U
-      | (va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55) >> (uint32_t)11U);
+      << 21U
+      | (va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55) >> 11U);
   abcd[1U] = v54;
   uint32_t va55 = abcd[0U];
   uint32_t vb56 = abcd[1U];
   uint32_t vc56 = abcd[2U];
   uint32_t vd56 = abcd[3U];
-  uint8_t *b56 = x + (uint32_t)32U;
+  uint8_t *b56 = x + 32U;
   uint32_t u55 = load32_le(b56);
   uint32_t xk55 = u55;
   uint32_t ti56 = _t[56U];
@@ -970,14 +962,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb56
     +
       ((va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56)
-      << (uint32_t)6U
-      | (va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56) >> (uint32_t)26U);
+      << 6U
+      | (va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56) >> 26U);
   abcd[0U] = v55;
   uint32_t va56 = abcd[3U];
   uint32_t vb57 = abcd[0U];
   uint32_t vc57 = abcd[1U];
   uint32_t vd57 = abcd[2U];
-  uint8_t *b57 = x + (uint32_t)60U;
+  uint8_t *b57 = x + 60U;
   uint32_t u56 = load32_le(b57);
   uint32_t xk56 = u56;
   uint32_t ti57 = _t[57U];
@@ -986,14 +978,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb57
     +
       ((va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57)
-      << (uint32_t)10U
-      | (va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57) >> (uint32_t)22U);
+      << 10U
+      | (va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57) >> 22U);
   abcd[3U] = v56;
   uint32_t va57 = abcd[2U];
   uint32_t vb58 = abcd[3U];
   uint32_t vc58 = abcd[0U];
   uint32_t vd58 = abcd[1U];
-  uint8_t *b58 = x + (uint32_t)24U;
+  uint8_t *b58 = x + 24U;
   uint32_t u57 = load32_le(b58);
   uint32_t xk57 = u57;
   uint32_t ti58 = _t[58U];
@@ -1002,14 +994,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb58
     +
       ((va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58)
-      << (uint32_t)15U
-      | (va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58) >> (uint32_t)17U);
+      << 15U
+      | (va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58) >> 17U);
   abcd[2U] = v57;
   uint32_t va58 = abcd[1U];
   uint32_t vb59 = abcd[2U];
   uint32_t vc59 = abcd[3U];
   uint32_t vd59 = abcd[0U];
-  uint8_t *b59 = x + (uint32_t)52U;
+  uint8_t *b59 = x + 52U;
   uint32_t u58 = load32_le(b59);
   uint32_t xk58 = u58;
   uint32_t ti59 = _t[59U];
@@ -1018,14 +1010,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb59
     +
       ((va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59)
-      << (uint32_t)21U
-      | (va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59) >> (uint32_t)11U);
+      << 21U
+      | (va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59) >> 11U);
   abcd[1U] = v58;
   uint32_t va59 = abcd[0U];
   uint32_t vb60 = abcd[1U];
   uint32_t vc60 = abcd[2U];
   uint32_t vd60 = abcd[3U];
-  uint8_t *b60 = x + (uint32_t)16U;
+  uint8_t *b60 = x + 16U;
   uint32_t u59 = load32_le(b60);
   uint32_t xk59 = u59;
   uint32_t ti60 = _t[60U];
@@ -1034,14 +1026,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb60
     +
       ((va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60)
-      << (uint32_t)6U
-      | (va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60) >> (uint32_t)26U);
+      << 6U
+      | (va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60) >> 26U);
   abcd[0U] = v59;
   uint32_t va60 = abcd[3U];
   uint32_t vb61 = abcd[0U];
   uint32_t vc61 = abcd[1U];
   uint32_t vd61 = abcd[2U];
-  uint8_t *b61 = x + (uint32_t)44U;
+  uint8_t *b61 = x + 44U;
   uint32_t u60 = load32_le(b61);
   uint32_t xk60 = u60;
   uint32_t ti61 = _t[61U];
@@ -1050,14 +1042,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb61
     +
       ((va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61)
-      << (uint32_t)10U
-      | (va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61) >> (uint32_t)22U);
+      << 10U
+      | (va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61) >> 22U);
   abcd[3U] = v60;
   uint32_t va61 = abcd[2U];
   uint32_t vb62 = abcd[3U];
   uint32_t vc62 = abcd[0U];
   uint32_t vd62 = abcd[1U];
-  uint8_t *b62 = x + (uint32_t)8U;
+  uint8_t *b62 = x + 8U;
   uint32_t u61 = load32_le(b62);
   uint32_t xk61 = u61;
   uint32_t ti62 = _t[62U];
@@ -1066,14 +1058,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb62
     +
       ((va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62)
-      << (uint32_t)15U
-      | (va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62) >> (uint32_t)17U);
+      << 15U
+      | (va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62) >> 17U);
   abcd[2U] = v61;
   uint32_t va62 = abcd[1U];
   uint32_t vb = abcd[2U];
   uint32_t vc = abcd[3U];
   uint32_t vd = abcd[0U];
-  uint8_t *b63 = x + (uint32_t)36U;
+  uint8_t *b63 = x + 36U;
   uint32_t u62 = load32_le(b63);
   uint32_t xk62 = u62;
   uint32_t ti = _t[63U];
@@ -1082,8 +1074,8 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb
     +
       ((va62 + (vc ^ (vb | ~vd)) + xk62 + ti)
-      << (uint32_t)21U
-      | (va62 + (vc ^ (vb | ~vd)) + xk62 + ti) >> (uint32_t)11U);
+      << 21U
+      | (va62 + (vc ^ (vb | ~vd)) + xk62 + ti) >> 11U);
   abcd[1U] = v62;
   uint32_t a = abcd[0U];
   uint32_t b = abcd[1U];
@@ -1095,98 +1087,69 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
   abcd[3U] = d + dd;
 }
 
-static void legacy_pad(uint64_t len, uint8_t *dst)
+static void pad(uint64_t len, uint8_t *dst)
 {
   uint8_t *dst1 = dst;
-  dst1[0U] = (uint8_t)0x80U;
-  uint8_t *dst2 = dst + (uint32_t)1U;
-  for
-  (uint32_t
-    i = (uint32_t)0U;
-    i
-    < ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U))) % (uint32_t)64U;
-    i++)
+  dst1[0U] = 0x80U;
+  uint8_t *dst2 = dst + 1U;
+  for (uint32_t i = 0U; i < (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U; i++)
   {
-    dst2[i] = (uint8_t)0U;
+    dst2[i] = 0U;
   }
-  uint8_t
-  *dst3 =
-    dst
-    +
-      (uint32_t)1U
-      +
-        ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U)))
-        % (uint32_t)64U;
-  store64_le(dst3, len << (uint32_t)3U);
+  uint8_t *dst3 = dst + 1U + (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U;
+  store64_le(dst3, len << 3U);
 }
 
-void Hacl_Hash_Core_MD5_legacy_finish(uint32_t *s, uint8_t *dst)
+void Hacl_Hash_MD5_finish(uint32_t *s, uint8_t *dst)
 {
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store32_le(dst + i * (uint32_t)4U, s[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store32_le(dst + i * 4U, s[i]););
 }
 
-void Hacl_Hash_MD5_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
+void Hacl_Hash_MD5_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
 {
-  for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
+  for (uint32_t i = 0U; i < n_blocks; i++)
   {
-    uint32_t sz = (uint32_t)64U;
+    uint32_t sz = 64U;
     uint8_t *block = blocks + sz * i;
-    legacy_update(s, block);
+    update(s, block);
   }
 }
 
 void
-Hacl_Hash_MD5_legacy_update_last(
-  uint32_t *s,
-  uint64_t prev_len,
-  uint8_t *input,
-  uint32_t input_len
-)
+Hacl_Hash_MD5_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len)
 {
-  uint32_t blocks_n = input_len / (uint32_t)64U;
-  uint32_t blocks_len = blocks_n * (uint32_t)64U;
+  uint32_t blocks_n = input_len / 64U;
+  uint32_t blocks_len = blocks_n * 64U;
   uint8_t *blocks = input;
   uint32_t rest_len = input_len - blocks_len;
   uint8_t *rest = input + blocks_len;
-  Hacl_Hash_MD5_legacy_update_multi(s, blocks, blocks_n);
+  Hacl_Hash_MD5_update_multi(s, blocks, blocks_n);
   uint64_t total_input_len = prev_len + (uint64_t)input_len;
-  uint32_t
-  pad_len =
-    (uint32_t)1U
-    +
-      ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(total_input_len % (uint64_t)(uint32_t)64U)))
-      % (uint32_t)64U
-    + (uint32_t)8U;
+  uint32_t pad_len = 1U + (128U - (9U + (uint32_t)(total_input_len % (uint64_t)64U))) % 64U + 8U;
   uint32_t tmp_len = rest_len + pad_len;
   uint8_t tmp_twoblocks[128U] = { 0U };
   uint8_t *tmp = tmp_twoblocks;
   uint8_t *tmp_rest = tmp;
   uint8_t *tmp_pad = tmp + rest_len;
   memcpy(tmp_rest, rest, rest_len * sizeof (uint8_t));
-  legacy_pad(total_input_len, tmp_pad);
-  Hacl_Hash_MD5_legacy_update_multi(s, tmp, tmp_len / (uint32_t)64U);
+  pad(total_input_len, tmp_pad);
+  Hacl_Hash_MD5_update_multi(s, tmp, tmp_len / 64U);
 }
 
-void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_MD5_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  uint32_t
-  s[4U] =
-    { (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U };
-  uint32_t blocks_n0 = input_len / (uint32_t)64U;
+  uint32_t s[4U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U };
+  uint32_t blocks_n0 = input_len / 64U;
   uint32_t blocks_n1;
-  if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
+  if (input_len % 64U == 0U && blocks_n0 > 0U)
   {
-    blocks_n1 = blocks_n0 - (uint32_t)1U;
+    blocks_n1 = blocks_n0 - 1U;
   }
   else
   {
     blocks_n1 = blocks_n0;
   }
-  uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
+  uint32_t blocks_len0 = blocks_n1 * 64U;
   uint8_t *blocks0 = input;
   uint32_t rest_len0 = input_len - blocks_len0;
   uint8_t *rest0 = input + blocks_len0;
@@ -1195,75 +1158,75 @@ void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
   uint8_t *blocks = blocks0;
   uint32_t rest_len = rest_len0;
   uint8_t *rest = rest0;
-  Hacl_Hash_MD5_legacy_update_multi(s, blocks, blocks_n);
-  Hacl_Hash_MD5_legacy_update_last(s, (uint64_t)blocks_len, rest, rest_len);
-  Hacl_Hash_Core_MD5_legacy_finish(s, dst);
+  Hacl_Hash_MD5_update_multi(s, blocks, blocks_n);
+  Hacl_Hash_MD5_update_last(s, (uint64_t)blocks_len, rest, rest_len);
+  Hacl_Hash_MD5_finish(s, output);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_create_in(void)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_malloc(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(4U, sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_32
   *p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
   p[0U] = s;
-  Hacl_Hash_Core_MD5_legacy_init(block_state);
+  Hacl_Hash_MD5_init(block_state);
   return p;
 }
 
-void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_MD5_reset(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  Hacl_Hash_Core_MD5_legacy_init(block_state);
+  Hacl_Hash_MD5_init(block_state);
   Hacl_Streaming_MD_state_32
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
+Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_MD_state_32 s = *p;
+  Hacl_Streaming_MD_state_32 s = *state;
   uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
+  if ((uint64_t)chunk_len > 2305843009213693951ULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    sz = (uint32_t)64U;
+    sz = 64U;
   }
   else
   {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    sz = (uint32_t)(total_len % (uint64_t)64U);
   }
-  if (len <= (uint32_t)64U - sz)
+  if (chunk_len <= 64U - sz)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -1273,74 +1236,74 @@ Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, u
         }
       );
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_Hash_MD5_legacy_update_multi(block_state1, buf, (uint32_t)1U);
+      Hacl_Hash_MD5_update_multi(block_state1, buf, 1U);
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Hash_MD5_legacy_update_multi(block_state1, data1, data1_len / (uint32_t)64U);
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Hacl_Hash_MD5_update_multi(block_state1, data1, data1_len / 64U);
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
     {
-      sz10 = (uint32_t)64U;
+      sz10 = 64U;
     }
     else
     {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -1349,114 +1312,109 @@ Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, u
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_MD_state_32 s10 = *p;
+    Hacl_Streaming_MD_state_32 s10 = *state;
     uint32_t *block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_Hash_MD5_legacy_update_multi(block_state1, buf, (uint32_t)1U);
+      Hacl_Hash_MD5_update_multi(block_state1, buf, 1U);
     }
     uint32_t ite;
     if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Hash_MD5_legacy_update_multi(block_state1, data11, data1_len / (uint32_t)64U);
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Hacl_Hash_MD5_update_multi(block_state1, data1, data1_len / 64U);
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
   return Hacl_Streaming_Types_Success;
 }
 
-void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
+void Hacl_Hash_MD5_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_32 scrut = *p;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)64U;
+    r = 64U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    r = (uint32_t)(total_len % (uint64_t)64U);
   }
   uint8_t *buf_1 = buf_;
   uint32_t tmp_block_state[4U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)4U * sizeof (uint32_t));
+  memcpy(tmp_block_state, block_state, 4U * sizeof (uint32_t));
   uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 64U == 0U && r > 0U)
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   else
   {
-    ite = r % (uint32_t)64U;
+    ite = r % 64U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_Hash_MD5_legacy_update_multi(tmp_block_state, buf_multi, (uint32_t)0U);
+  Hacl_Hash_MD5_update_multi(tmp_block_state, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_Hash_MD5_legacy_update_last(tmp_block_state, prev_len_last, buf_last, r);
-  Hacl_Hash_Core_MD5_legacy_finish(tmp_block_state, dst);
+  Hacl_Hash_MD5_update_last(tmp_block_state, prev_len_last, buf_last, r);
+  Hacl_Hash_MD5_finish(tmp_block_state, output);
 }
 
-void Hacl_Streaming_MD5_legacy_free(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_MD5_free(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
   KRML_HOST_FREE(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_state_32 *s0)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_copy(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s0;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state0 = scrut.block_state;
   uint8_t *buf0 = scrut.buf;
   uint64_t total_len0 = scrut.total_len;
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  memcpy(buf, buf0, (uint32_t)64U * sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint32_t));
-  memcpy(block_state, block_state0, (uint32_t)4U * sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  memcpy(buf, buf0, 64U * sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(4U, sizeof (uint32_t));
+  memcpy(block_state, block_state0, 4U * sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
   s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
   Hacl_Streaming_MD_state_32
@@ -1465,8 +1423,8 @@ Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_sta
   return p;
 }
 
-void Hacl_Streaming_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_MD5_hash(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Hash_MD5_legacy_hash(input, input_len, dst);
+  Hacl_Hash_MD5_hash_oneshot(output, input, input_len);
 }
 
diff --git a/src/Hacl_Hash_SHA1.c b/src/Hacl_Hash_SHA1.c
index 5ecb3c0b..1a8b09b1 100644
--- a/src/Hacl_Hash_SHA1.c
+++ b/src/Hacl_Hash_SHA1.c
@@ -25,19 +25,14 @@
 
 #include "internal/Hacl_Hash_SHA1.h"
 
-static uint32_t
-_h0[5U] =
-  {
-    (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
-    (uint32_t)0xc3d2e1f0U
-  };
+static uint32_t _h0[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
 
-void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s)
+void Hacl_Hash_SHA1_init(uint32_t *s)
 {
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, s[i] = _h0[i];);
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i] = _h0[i];);
 }
 
-static void legacy_update(uint32_t *h, uint8_t *l)
+static void update(uint32_t *h, uint8_t *l)
 {
   uint32_t ha = h[0U];
   uint32_t hb = h[1U];
@@ -45,29 +40,26 @@ static void legacy_update(uint32_t *h, uint8_t *l)
   uint32_t hd = h[3U];
   uint32_t he = h[4U];
   uint32_t _w[80U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
+  for (uint32_t i = 0U; i < 80U; i++)
   {
     uint32_t v;
-    if (i < (uint32_t)16U)
+    if (i < 16U)
     {
-      uint8_t *b = l + i * (uint32_t)4U;
+      uint8_t *b = l + i * 4U;
       uint32_t u = load32_be(b);
       v = u;
     }
     else
     {
-      uint32_t wmit3 = _w[i - (uint32_t)3U];
-      uint32_t wmit8 = _w[i - (uint32_t)8U];
-      uint32_t wmit14 = _w[i - (uint32_t)14U];
-      uint32_t wmit16 = _w[i - (uint32_t)16U];
-      v =
-        (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16)))
-        << (uint32_t)1U
-        | (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) >> (uint32_t)31U;
+      uint32_t wmit3 = _w[i - 3U];
+      uint32_t wmit8 = _w[i - 8U];
+      uint32_t wmit14 = _w[i - 14U];
+      uint32_t wmit16 = _w[i - 16U];
+      v = (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) << 1U | (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) >> 31U;
     }
     _w[i] = v;
   }
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
+  for (uint32_t i = 0U; i < 80U; i++)
   {
     uint32_t _a = h[0U];
     uint32_t _b = h[1U];
@@ -76,11 +68,11 @@ static void legacy_update(uint32_t *h, uint8_t *l)
     uint32_t _e = h[4U];
     uint32_t wmit = _w[i];
     uint32_t ite0;
-    if (i < (uint32_t)20U)
+    if (i < 20U)
     {
       ite0 = (_b & _c) ^ (~_b & _d);
     }
-    else if ((uint32_t)39U < i && i < (uint32_t)60U)
+    else if (39U < i && i < 60U)
     {
       ite0 = (_b & _c) ^ ((_b & _d) ^ (_c & _d));
     }
@@ -89,32 +81,32 @@ static void legacy_update(uint32_t *h, uint8_t *l)
       ite0 = _b ^ (_c ^ _d);
     }
     uint32_t ite;
-    if (i < (uint32_t)20U)
+    if (i < 20U)
     {
-      ite = (uint32_t)0x5a827999U;
+      ite = 0x5a827999U;
     }
-    else if (i < (uint32_t)40U)
+    else if (i < 40U)
     {
-      ite = (uint32_t)0x6ed9eba1U;
+      ite = 0x6ed9eba1U;
     }
-    else if (i < (uint32_t)60U)
+    else if (i < 60U)
     {
-      ite = (uint32_t)0x8f1bbcdcU;
+      ite = 0x8f1bbcdcU;
     }
     else
     {
-      ite = (uint32_t)0xca62c1d6U;
+      ite = 0xca62c1d6U;
     }
-    uint32_t _T = (_a << (uint32_t)5U | _a >> (uint32_t)27U) + ite0 + _e + ite + wmit;
+    uint32_t _T = (_a << 5U | _a >> 27U) + ite0 + _e + ite + wmit;
     h[0U] = _T;
     h[1U] = _a;
-    h[2U] = _b << (uint32_t)30U | _b >> (uint32_t)2U;
+    h[2U] = _b << 30U | _b >> 2U;
     h[3U] = _c;
     h[4U] = _d;
   }
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
+  for (uint32_t i = 0U; i < 80U; i++)
   {
-    _w[i] = (uint32_t)0U;
+    _w[i] = 0U;
   }
   uint32_t sta = h[0U];
   uint32_t stb = h[1U];
@@ -128,101 +120,69 @@ static void legacy_update(uint32_t *h, uint8_t *l)
   h[4U] = ste + he;
 }
 
-static void legacy_pad(uint64_t len, uint8_t *dst)
+static void pad(uint64_t len, uint8_t *dst)
 {
   uint8_t *dst1 = dst;
-  dst1[0U] = (uint8_t)0x80U;
-  uint8_t *dst2 = dst + (uint32_t)1U;
-  for
-  (uint32_t
-    i = (uint32_t)0U;
-    i
-    < ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U))) % (uint32_t)64U;
-    i++)
+  dst1[0U] = 0x80U;
+  uint8_t *dst2 = dst + 1U;
+  for (uint32_t i = 0U; i < (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U; i++)
   {
-    dst2[i] = (uint8_t)0U;
+    dst2[i] = 0U;
   }
-  uint8_t
-  *dst3 =
-    dst
-    +
-      (uint32_t)1U
-      +
-        ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U)))
-        % (uint32_t)64U;
-  store64_be(dst3, len << (uint32_t)3U);
+  uint8_t *dst3 = dst + 1U + (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U;
+  store64_be(dst3, len << 3U);
 }
 
-void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst)
+void Hacl_Hash_SHA1_finish(uint32_t *s, uint8_t *dst)
 {
-  KRML_MAYBE_FOR5(i,
-    (uint32_t)0U,
-    (uint32_t)5U,
-    (uint32_t)1U,
-    store32_be(dst + i * (uint32_t)4U, s[i]););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, store32_be(dst + i * 4U, s[i]););
 }
 
-void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
+void Hacl_Hash_SHA1_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
 {
-  for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
+  for (uint32_t i = 0U; i < n_blocks; i++)
   {
-    uint32_t sz = (uint32_t)64U;
+    uint32_t sz = 64U;
     uint8_t *block = blocks + sz * i;
-    legacy_update(s, block);
+    update(s, block);
   }
 }
 
 void
-Hacl_Hash_SHA1_legacy_update_last(
-  uint32_t *s,
-  uint64_t prev_len,
-  uint8_t *input,
-  uint32_t input_len
-)
+Hacl_Hash_SHA1_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len)
 {
-  uint32_t blocks_n = input_len / (uint32_t)64U;
-  uint32_t blocks_len = blocks_n * (uint32_t)64U;
+  uint32_t blocks_n = input_len / 64U;
+  uint32_t blocks_len = blocks_n * 64U;
   uint8_t *blocks = input;
   uint32_t rest_len = input_len - blocks_len;
   uint8_t *rest = input + blocks_len;
-  Hacl_Hash_SHA1_legacy_update_multi(s, blocks, blocks_n);
+  Hacl_Hash_SHA1_update_multi(s, blocks, blocks_n);
   uint64_t total_input_len = prev_len + (uint64_t)input_len;
-  uint32_t
-  pad_len =
-    (uint32_t)1U
-    +
-      ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(total_input_len % (uint64_t)(uint32_t)64U)))
-      % (uint32_t)64U
-    + (uint32_t)8U;
+  uint32_t pad_len = 1U + (128U - (9U + (uint32_t)(total_input_len % (uint64_t)64U))) % 64U + 8U;
   uint32_t tmp_len = rest_len + pad_len;
   uint8_t tmp_twoblocks[128U] = { 0U };
   uint8_t *tmp = tmp_twoblocks;
   uint8_t *tmp_rest = tmp;
   uint8_t *tmp_pad = tmp + rest_len;
   memcpy(tmp_rest, rest, rest_len * sizeof (uint8_t));
-  legacy_pad(total_input_len, tmp_pad);
-  Hacl_Hash_SHA1_legacy_update_multi(s, tmp, tmp_len / (uint32_t)64U);
+  pad(total_input_len, tmp_pad);
+  Hacl_Hash_SHA1_update_multi(s, tmp, tmp_len / 64U);
 }
 
-void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA1_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  uint32_t
-  s[5U] =
-    {
-      (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
-      (uint32_t)0xc3d2e1f0U
-    };
-  uint32_t blocks_n0 = input_len / (uint32_t)64U;
+  uint32_t s[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
+  uint32_t blocks_n0 = input_len / 64U;
   uint32_t blocks_n1;
-  if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
+  if (input_len % 64U == 0U && blocks_n0 > 0U)
   {
-    blocks_n1 = blocks_n0 - (uint32_t)1U;
+    blocks_n1 = blocks_n0 - 1U;
   }
   else
   {
     blocks_n1 = blocks_n0;
   }
-  uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
+  uint32_t blocks_len0 = blocks_n1 * 64U;
   uint8_t *blocks0 = input;
   uint32_t rest_len0 = input_len - blocks_len0;
   uint8_t *rest0 = input + blocks_len0;
@@ -231,75 +191,75 @@ void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst
   uint8_t *blocks = blocks0;
   uint32_t rest_len = rest_len0;
   uint8_t *rest = rest0;
-  Hacl_Hash_SHA1_legacy_update_multi(s, blocks, blocks_n);
-  Hacl_Hash_SHA1_legacy_update_last(s, (uint64_t)blocks_len, rest, rest_len);
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst);
+  Hacl_Hash_SHA1_update_multi(s, blocks, blocks_n);
+  Hacl_Hash_SHA1_update_last(s, (uint64_t)blocks_len, rest, rest_len);
+  Hacl_Hash_SHA1_finish(s, output);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_malloc(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(5U, sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_32
   *p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
   p[0U] = s;
-  Hacl_Hash_Core_SHA1_legacy_init(block_state);
+  Hacl_Hash_SHA1_init(block_state);
   return p;
 }
 
-void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA1_reset(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  Hacl_Hash_Core_SHA1_legacy_init(block_state);
+  Hacl_Hash_SHA1_init(block_state);
   Hacl_Streaming_MD_state_32
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
+Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_MD_state_32 s = *p;
+  Hacl_Streaming_MD_state_32 s = *state;
   uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
+  if ((uint64_t)chunk_len > 2305843009213693951ULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    sz = (uint32_t)64U;
+    sz = 64U;
   }
   else
   {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    sz = (uint32_t)(total_len % (uint64_t)64U);
   }
-  if (len <= (uint32_t)64U - sz)
+  if (chunk_len <= 64U - sz)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -309,74 +269,74 @@ Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data,
         }
       );
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_Hash_SHA1_legacy_update_multi(block_state1, buf, (uint32_t)1U);
+      Hacl_Hash_SHA1_update_multi(block_state1, buf, 1U);
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Hash_SHA1_legacy_update_multi(block_state1, data1, data1_len / (uint32_t)64U);
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U);
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
     {
-      sz10 = (uint32_t)64U;
+      sz10 = 64U;
     }
     else
     {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -385,114 +345,109 @@ Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data,
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_MD_state_32 s10 = *p;
+    Hacl_Streaming_MD_state_32 s10 = *state;
     uint32_t *block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_Hash_SHA1_legacy_update_multi(block_state1, buf, (uint32_t)1U);
+      Hacl_Hash_SHA1_update_multi(block_state1, buf, 1U);
     }
     uint32_t ite;
     if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Hash_SHA1_legacy_update_multi(block_state1, data11, data1_len / (uint32_t)64U);
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U);
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
   return Hacl_Streaming_Types_Success;
 }
 
-void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
+void Hacl_Hash_SHA1_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_32 scrut = *p;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)64U;
+    r = 64U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    r = (uint32_t)(total_len % (uint64_t)64U);
   }
   uint8_t *buf_1 = buf_;
   uint32_t tmp_block_state[5U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)5U * sizeof (uint32_t));
+  memcpy(tmp_block_state, block_state, 5U * sizeof (uint32_t));
   uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 64U == 0U && r > 0U)
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   else
   {
-    ite = r % (uint32_t)64U;
+    ite = r % 64U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_Hash_SHA1_legacy_update_multi(tmp_block_state, buf_multi, (uint32_t)0U);
+  Hacl_Hash_SHA1_update_multi(tmp_block_state, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_Hash_SHA1_legacy_update_last(tmp_block_state, prev_len_last, buf_last, r);
-  Hacl_Hash_Core_SHA1_legacy_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA1_update_last(tmp_block_state, prev_len_last, buf_last, r);
+  Hacl_Hash_SHA1_finish(tmp_block_state, output);
 }
 
-void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA1_free(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
   KRML_HOST_FREE(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_copy(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s0;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state0 = scrut.block_state;
   uint8_t *buf0 = scrut.buf;
   uint64_t total_len0 = scrut.total_len;
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  memcpy(buf, buf0, (uint32_t)64U * sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
-  memcpy(block_state, block_state0, (uint32_t)5U * sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  memcpy(buf, buf0, 64U * sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(5U, sizeof (uint32_t));
+  memcpy(block_state, block_state0, 5U * sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
   s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
   Hacl_Streaming_MD_state_32
@@ -501,8 +456,8 @@ Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_st
   return p;
 }
 
-void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA1_hash(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Hash_SHA1_legacy_hash(input, input_len, dst);
+  Hacl_Hash_SHA1_hash_oneshot(output, input, input_len);
 }
 
diff --git a/src/Hacl_Hash_SHA2.c b/src/Hacl_Hash_SHA2.c
index c93c3616..995fe707 100644
--- a/src/Hacl_Hash_SHA2.c
+++ b/src/Hacl_Hash_SHA2.c
@@ -27,14 +27,14 @@
 
 #include "internal/Hacl_Krmllib.h"
 
-void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash)
+void Hacl_Hash_SHA2_sha256_init(uint32_t *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = hash;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t x = Hacl_Hash_SHA2_h256[i];
     os[i] = x;);
 }
 
@@ -42,49 +42,49 @@ static inline void sha256_update(uint8_t *b, uint32_t *hash)
 {
   uint32_t hash_old[8U] = { 0U };
   uint32_t ws[16U] = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(hash_old, hash, 8U * sizeof (uint32_t));
   uint8_t *b10 = b;
   uint32_t u = load32_be(b10);
   ws[0U] = u;
-  uint32_t u0 = load32_be(b10 + (uint32_t)4U);
+  uint32_t u0 = load32_be(b10 + 4U);
   ws[1U] = u0;
-  uint32_t u1 = load32_be(b10 + (uint32_t)8U);
+  uint32_t u1 = load32_be(b10 + 8U);
   ws[2U] = u1;
-  uint32_t u2 = load32_be(b10 + (uint32_t)12U);
+  uint32_t u2 = load32_be(b10 + 12U);
   ws[3U] = u2;
-  uint32_t u3 = load32_be(b10 + (uint32_t)16U);
+  uint32_t u3 = load32_be(b10 + 16U);
   ws[4U] = u3;
-  uint32_t u4 = load32_be(b10 + (uint32_t)20U);
+  uint32_t u4 = load32_be(b10 + 20U);
   ws[5U] = u4;
-  uint32_t u5 = load32_be(b10 + (uint32_t)24U);
+  uint32_t u5 = load32_be(b10 + 24U);
   ws[6U] = u5;
-  uint32_t u6 = load32_be(b10 + (uint32_t)28U);
+  uint32_t u6 = load32_be(b10 + 28U);
   ws[7U] = u6;
-  uint32_t u7 = load32_be(b10 + (uint32_t)32U);
+  uint32_t u7 = load32_be(b10 + 32U);
   ws[8U] = u7;
-  uint32_t u8 = load32_be(b10 + (uint32_t)36U);
+  uint32_t u8 = load32_be(b10 + 36U);
   ws[9U] = u8;
-  uint32_t u9 = load32_be(b10 + (uint32_t)40U);
+  uint32_t u9 = load32_be(b10 + 40U);
   ws[10U] = u9;
-  uint32_t u10 = load32_be(b10 + (uint32_t)44U);
+  uint32_t u10 = load32_be(b10 + 44U);
   ws[11U] = u10;
-  uint32_t u11 = load32_be(b10 + (uint32_t)48U);
+  uint32_t u11 = load32_be(b10 + 48U);
   ws[12U] = u11;
-  uint32_t u12 = load32_be(b10 + (uint32_t)52U);
+  uint32_t u12 = load32_be(b10 + 52U);
   ws[13U] = u12;
-  uint32_t u13 = load32_be(b10 + (uint32_t)56U);
+  uint32_t u13 = load32_be(b10 + 56U);
   ws[14U] = u13;
-  uint32_t u14 = load32_be(b10 + (uint32_t)60U);
+  uint32_t u14 = load32_be(b10 + 60U);
   ws[15U] = u14;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       uint32_t ws_t = ws[i];
       uint32_t a0 = hash[0U];
       uint32_t b0 = hash[1U];
@@ -98,20 +98,13 @@ static inline void sha256_update(uint8_t *b, uint32_t *hash)
       uint32_t
       t1 =
         h02
-        +
-          ((e0 << (uint32_t)26U | e0 >> (uint32_t)6U)
-          ^
-            ((e0 << (uint32_t)21U | e0 >> (uint32_t)11U)
-            ^ (e0 << (uint32_t)7U | e0 >> (uint32_t)25U)))
+        + ((e0 << 26U | e0 >> 6U) ^ ((e0 << 21U | e0 >> 11U) ^ (e0 << 7U | e0 >> 25U)))
         + ((e0 & f0) ^ (~e0 & g0))
         + k_e_t
         + ws_t;
       uint32_t
       t2 =
-        ((a0 << (uint32_t)30U | a0 >> (uint32_t)2U)
-        ^
-          ((a0 << (uint32_t)19U | a0 >> (uint32_t)13U)
-          ^ (a0 << (uint32_t)10U | a0 >> (uint32_t)22U)))
+        ((a0 << 30U | a0 >> 2U) ^ ((a0 << 19U | a0 >> 13U) ^ (a0 << 10U | a0 >> 22U)))
         + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0)));
       uint32_t a1 = t1 + t2;
       uint32_t b1 = a0;
@@ -129,74 +122,63 @@ static inline void sha256_update(uint8_t *b, uint32_t *hash)
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         uint32_t t16 = ws[i];
-        uint32_t t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        uint32_t t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        uint32_t t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
-        uint32_t
-        s1 =
-          (t2 << (uint32_t)15U | t2 >> (uint32_t)17U)
-          ^ ((t2 << (uint32_t)13U | t2 >> (uint32_t)19U) ^ t2 >> (uint32_t)10U);
-        uint32_t
-        s0 =
-          (t15 << (uint32_t)25U | t15 >> (uint32_t)7U)
-          ^ ((t15 << (uint32_t)14U | t15 >> (uint32_t)18U) ^ t15 >> (uint32_t)3U);
+        uint32_t t15 = ws[(i + 1U) % 16U];
+        uint32_t t7 = ws[(i + 9U) % 16U];
+        uint32_t t2 = ws[(i + 14U) % 16U];
+        uint32_t s1 = (t2 << 15U | t2 >> 17U) ^ ((t2 << 13U | t2 >> 19U) ^ t2 >> 10U);
+        uint32_t s0 = (t15 << 25U | t15 >> 7U) ^ ((t15 << 14U | t15 >> 18U) ^ t15 >> 3U);
         ws[i] = s1 + t7 + s0 + t16;);
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = hash;
     uint32_t x = hash[i] + hash_old[i];
     os[i] = x;);
 }
 
-void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st)
+void Hacl_Hash_SHA2_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st)
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b0 = b;
-    uint8_t *mb = b0 + i * (uint32_t)64U;
+    uint8_t *mb = b0 + i * 64U;
     sha256_update(mb, st);
   }
 }
 
 void
-Hacl_SHA2_Scalar32_sha256_update_last(
-  uint64_t totlen,
-  uint32_t len,
-  uint8_t *b,
-  uint32_t *hash
-)
+Hacl_Hash_SHA2_sha256_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *hash)
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[128U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b0 = b;
   memcpy(last, b0, len * sizeof (uint8_t));
-  last[len] = (uint8_t)0x80U;
-  memcpy(last + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last[len] = 0x80U;
+  memcpy(last + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)64U;
+  uint8_t *last10 = last + 64U;
   uint8_t *l0 = last00;
   uint8_t *l1 = last10;
   uint8_t *lb0 = l0;
@@ -204,65 +186,56 @@ Hacl_SHA2_Scalar32_sha256_update_last(
   uint8_t *last0 = lb0;
   uint8_t *last1 = lb1;
   sha256_update(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha256_update(last1, hash);
     return;
   }
 }
 
-void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h)
+void Hacl_Hash_SHA2_sha256_finish(uint32_t *st, uint8_t *h)
 {
   uint8_t hbuf[32U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_be(hbuf + i * (uint32_t)4U, st[i]););
-  memcpy(h, hbuf, (uint32_t)32U * sizeof (uint8_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_be(hbuf + i * 4U, st[i]););
+  memcpy(h, hbuf, 32U * sizeof (uint8_t));
 }
 
-void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash)
+void Hacl_Hash_SHA2_sha224_init(uint32_t *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = hash;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h224[i];
+    uint32_t x = Hacl_Hash_SHA2_h224[i];
     os[i] = x;);
 }
 
 static inline void sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st)
 {
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(len, b, st);
+  Hacl_Hash_SHA2_sha256_update_nblocks(len, b, st);
 }
 
-void
-Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st)
+void Hacl_Hash_SHA2_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st)
 {
-  Hacl_SHA2_Scalar32_sha256_update_last(totlen, len, b, st);
+  Hacl_Hash_SHA2_sha256_update_last(totlen, len, b, st);
 }
 
-void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h)
+void Hacl_Hash_SHA2_sha224_finish(uint32_t *st, uint8_t *h)
 {
   uint8_t hbuf[32U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_be(hbuf + i * (uint32_t)4U, st[i]););
-  memcpy(h, hbuf, (uint32_t)28U * sizeof (uint8_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_be(hbuf + i * 4U, st[i]););
+  memcpy(h, hbuf, 28U * sizeof (uint8_t));
 }
 
-void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash)
+void Hacl_Hash_SHA2_sha512_init(uint64_t *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = hash;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h512[i];
+    uint64_t x = Hacl_Hash_SHA2_h512[i];
     os[i] = x;);
 }
 
@@ -270,49 +243,49 @@ static inline void sha512_update(uint8_t *b, uint64_t *hash)
 {
   uint64_t hash_old[8U] = { 0U };
   uint64_t ws[16U] = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (uint64_t));
+  memcpy(hash_old, hash, 8U * sizeof (uint64_t));
   uint8_t *b10 = b;
   uint64_t u = load64_be(b10);
   ws[0U] = u;
-  uint64_t u0 = load64_be(b10 + (uint32_t)8U);
+  uint64_t u0 = load64_be(b10 + 8U);
   ws[1U] = u0;
-  uint64_t u1 = load64_be(b10 + (uint32_t)16U);
+  uint64_t u1 = load64_be(b10 + 16U);
   ws[2U] = u1;
-  uint64_t u2 = load64_be(b10 + (uint32_t)24U);
+  uint64_t u2 = load64_be(b10 + 24U);
   ws[3U] = u2;
-  uint64_t u3 = load64_be(b10 + (uint32_t)32U);
+  uint64_t u3 = load64_be(b10 + 32U);
   ws[4U] = u3;
-  uint64_t u4 = load64_be(b10 + (uint32_t)40U);
+  uint64_t u4 = load64_be(b10 + 40U);
   ws[5U] = u4;
-  uint64_t u5 = load64_be(b10 + (uint32_t)48U);
+  uint64_t u5 = load64_be(b10 + 48U);
   ws[6U] = u5;
-  uint64_t u6 = load64_be(b10 + (uint32_t)56U);
+  uint64_t u6 = load64_be(b10 + 56U);
   ws[7U] = u6;
-  uint64_t u7 = load64_be(b10 + (uint32_t)64U);
+  uint64_t u7 = load64_be(b10 + 64U);
   ws[8U] = u7;
-  uint64_t u8 = load64_be(b10 + (uint32_t)72U);
+  uint64_t u8 = load64_be(b10 + 72U);
   ws[9U] = u8;
-  uint64_t u9 = load64_be(b10 + (uint32_t)80U);
+  uint64_t u9 = load64_be(b10 + 80U);
   ws[10U] = u9;
-  uint64_t u10 = load64_be(b10 + (uint32_t)88U);
+  uint64_t u10 = load64_be(b10 + 88U);
   ws[11U] = u10;
-  uint64_t u11 = load64_be(b10 + (uint32_t)96U);
+  uint64_t u11 = load64_be(b10 + 96U);
   ws[12U] = u11;
-  uint64_t u12 = load64_be(b10 + (uint32_t)104U);
+  uint64_t u12 = load64_be(b10 + 104U);
   ws[13U] = u12;
-  uint64_t u13 = load64_be(b10 + (uint32_t)112U);
+  uint64_t u13 = load64_be(b10 + 112U);
   ws[14U] = u13;
-  uint64_t u14 = load64_be(b10 + (uint32_t)120U);
+  uint64_t u14 = load64_be(b10 + 120U);
   ws[15U] = u14;
   KRML_MAYBE_FOR5(i0,
-    (uint32_t)0U,
-    (uint32_t)5U,
-    (uint32_t)1U,
+    0U,
+    5U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t k_t = Hacl_Impl_SHA2_Generic_k384_512[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint64_t k_t = Hacl_Hash_SHA2_k384_512[16U * i0 + i];
       uint64_t ws_t = ws[i];
       uint64_t a0 = hash[0U];
       uint64_t b0 = hash[1U];
@@ -326,20 +299,13 @@ static inline void sha512_update(uint8_t *b, uint64_t *hash)
       uint64_t
       t1 =
         h02
-        +
-          ((e0 << (uint32_t)50U | e0 >> (uint32_t)14U)
-          ^
-            ((e0 << (uint32_t)46U | e0 >> (uint32_t)18U)
-            ^ (e0 << (uint32_t)23U | e0 >> (uint32_t)41U)))
+        + ((e0 << 50U | e0 >> 14U) ^ ((e0 << 46U | e0 >> 18U) ^ (e0 << 23U | e0 >> 41U)))
         + ((e0 & f0) ^ (~e0 & g0))
         + k_e_t
         + ws_t;
       uint64_t
       t2 =
-        ((a0 << (uint32_t)36U | a0 >> (uint32_t)28U)
-        ^
-          ((a0 << (uint32_t)30U | a0 >> (uint32_t)34U)
-          ^ (a0 << (uint32_t)25U | a0 >> (uint32_t)39U)))
+        ((a0 << 36U | a0 >> 28U) ^ ((a0 << 30U | a0 >> 34U) ^ (a0 << 25U | a0 >> 39U)))
         + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0)));
       uint64_t a1 = t1 + t2;
       uint64_t b1 = a0;
@@ -357,48 +323,42 @@ static inline void sha512_update(uint8_t *b, uint64_t *hash)
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)4U)
+    if (i0 < 4U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         uint64_t t16 = ws[i];
-        uint64_t t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        uint64_t t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        uint64_t t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
-        uint64_t
-        s1 =
-          (t2 << (uint32_t)45U | t2 >> (uint32_t)19U)
-          ^ ((t2 << (uint32_t)3U | t2 >> (uint32_t)61U) ^ t2 >> (uint32_t)6U);
-        uint64_t
-        s0 =
-          (t15 << (uint32_t)63U | t15 >> (uint32_t)1U)
-          ^ ((t15 << (uint32_t)56U | t15 >> (uint32_t)8U) ^ t15 >> (uint32_t)7U);
+        uint64_t t15 = ws[(i + 1U) % 16U];
+        uint64_t t7 = ws[(i + 9U) % 16U];
+        uint64_t t2 = ws[(i + 14U) % 16U];
+        uint64_t s1 = (t2 << 45U | t2 >> 19U) ^ ((t2 << 3U | t2 >> 61U) ^ t2 >> 6U);
+        uint64_t s0 = (t15 << 63U | t15 >> 1U) ^ ((t15 << 56U | t15 >> 8U) ^ t15 >> 7U);
         ws[i] = s1 + t7 + s0 + t16;);
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = hash;
     uint64_t x = hash[i] + hash_old[i];
     os[i] = x;);
 }
 
-void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st)
+void Hacl_Hash_SHA2_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st)
 {
-  uint32_t blocks = len / (uint32_t)128U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 128U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b0 = b;
-    uint8_t *mb = b0 + i * (uint32_t)128U;
+    uint8_t *mb = b0 + i * 128U;
     sha512_update(mb, st);
   }
 }
 
 void
-Hacl_SHA2_Scalar32_sha512_update_last(
+Hacl_Hash_SHA2_sha512_update_last(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
   uint8_t *b,
@@ -406,25 +366,25 @@ Hacl_SHA2_Scalar32_sha512_update_last(
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U)
+  if (len + 16U + 1U <= 128U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)128U;
+  uint32_t fin = blocks * 128U;
   uint8_t last[256U] = { 0U };
   uint8_t totlen_buf[16U] = { 0U };
-  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U);
+  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, 3U);
   store128_be(totlen_buf, total_len_bits);
   uint8_t *b0 = b;
   memcpy(last, b0, len * sizeof (uint8_t));
-  last[len] = (uint8_t)0x80U;
-  memcpy(last + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last[len] = 0x80U;
+  memcpy(last + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
+  uint8_t *last10 = last + 128U;
   uint8_t *l0 = last00;
   uint8_t *l1 = last10;
   uint8_t *lb0 = l0;
@@ -432,76 +392,68 @@ Hacl_SHA2_Scalar32_sha512_update_last(
   uint8_t *last0 = lb0;
   uint8_t *last1 = lb1;
   sha512_update(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha512_update(last1, hash);
     return;
   }
 }
 
-void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h)
+void Hacl_Hash_SHA2_sha512_finish(uint64_t *st, uint8_t *h)
 {
   uint8_t hbuf[64U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store64_be(hbuf + i * (uint32_t)8U, st[i]););
-  memcpy(h, hbuf, (uint32_t)64U * sizeof (uint8_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store64_be(hbuf + i * 8U, st[i]););
+  memcpy(h, hbuf, 64U * sizeof (uint8_t));
 }
 
-void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash)
+void Hacl_Hash_SHA2_sha384_init(uint64_t *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = hash;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h384[i];
+    uint64_t x = Hacl_Hash_SHA2_h384[i];
     os[i] = x;);
 }
 
-void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st)
+void Hacl_Hash_SHA2_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st)
 {
-  Hacl_SHA2_Scalar32_sha512_update_nblocks(len, b, st);
+  Hacl_Hash_SHA2_sha512_update_nblocks(len, b, st);
 }
 
 void
-Hacl_SHA2_Scalar32_sha384_update_last(
+Hacl_Hash_SHA2_sha384_update_last(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
   uint8_t *b,
   uint64_t *st
 )
 {
-  Hacl_SHA2_Scalar32_sha512_update_last(totlen, len, b, st);
+  Hacl_Hash_SHA2_sha512_update_last(totlen, len, b, st);
 }
 
-void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h)
+void Hacl_Hash_SHA2_sha384_finish(uint64_t *st, uint8_t *h)
 {
   uint8_t hbuf[64U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store64_be(hbuf + i * (uint32_t)8U, st[i]););
-  memcpy(h, hbuf, (uint32_t)48U * sizeof (uint8_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store64_be(hbuf + i * 8U, st[i]););
+  memcpy(h, hbuf, 48U * sizeof (uint8_t));
 }
 
 /**
 Allocate initial state for the SHA2_256 hash. The state is to be freed by
 calling `free_256`.
 */
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_256(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_32
   *p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
   p[0U] = s;
-  Hacl_SHA2_Scalar32_sha256_init(block_state);
+  Hacl_Hash_SHA2_sha256_init(block_state);
   return p;
 }
 
@@ -511,16 +463,16 @@ The state is to be freed by calling `free_256`. Cloning the state this way is
 useful, for instance, if your control-flow diverges and you need to feed
 more (different) data into the hash in each branch.
 */
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_copy_256(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s0;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state0 = scrut.block_state;
   uint8_t *buf0 = scrut.buf;
   uint64_t total_len0 = scrut.total_len;
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  memcpy(buf, buf0, (uint32_t)64U * sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
-  memcpy(block_state, block_state0, (uint32_t)8U * sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  memcpy(buf, buf0, 64U * sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
+  memcpy(block_state, block_state0, 8U * sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
   s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
   Hacl_Streaming_MD_state_32
@@ -532,54 +484,54 @@ Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state
 /**
 Reset an existing state to the initial hash state with empty data.
 */
-void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA2_reset_256(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  Hacl_SHA2_Scalar32_sha256_init(block_state);
+  Hacl_Hash_SHA2_sha256_init(block_state);
   Hacl_Streaming_MD_state_32
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 static inline Hacl_Streaming_Types_error_code
-update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
+update_224_256(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_MD_state_32 s = *p;
+  Hacl_Streaming_MD_state_32 s = *state;
   uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
+  if ((uint64_t)chunk_len > 2305843009213693951ULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    sz = (uint32_t)64U;
+    sz = 64U;
   }
   else
   {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    sz = (uint32_t)(total_len % (uint64_t)64U);
   }
-  if (len <= (uint32_t)64U - sz)
+  if (chunk_len <= 64U - sz)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -589,76 +541,74 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
         }
       );
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)64U, buf, block_state1);
+      Hacl_Hash_SHA2_sha256_update_nblocks(64U, buf, block_state1);
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_SHA2_Scalar32_sha256_update_nblocks(data1_len / (uint32_t)64U * (uint32_t)64U,
-      data1,
-      block_state1);
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Hacl_Hash_SHA2_sha256_update_nblocks(data1_len / 64U * 64U, data1, block_state1);
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
     {
-      sz10 = (uint32_t)64U;
+      sz10 = 64U;
     }
     else
     {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -667,55 +617,48 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_MD_state_32 s10 = *p;
+    Hacl_Streaming_MD_state_32 s10 = *state;
     uint32_t *block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)64U, buf, block_state1);
+      Hacl_Hash_SHA2_sha256_update_nblocks(64U, buf, block_state1);
     }
     uint32_t ite;
     if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_SHA2_Scalar32_sha256_update_nblocks(data1_len / (uint32_t)64U * (uint32_t)64U,
-      data11,
-      block_state1);
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Hacl_Hash_SHA2_sha256_update_nblocks(data1_len / 64U * 64U, data1, block_state1);
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
@@ -725,209 +668,203 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
 /**
 Feed an arbitrary amount of data into the hash. This function returns 0 for
 success, or 1 if the combined length of all of the data passed to `update_256`
-(since the last call to `init_256`) exceeds 2^61-1 bytes.
+(since the last call to `reset_256`) exceeds 2^61-1 bytes.
 
 This function is identical to the update function for SHA2_224.
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_256(
-  Hacl_Streaming_MD_state_32 *p,
+Hacl_Hash_SHA2_update_256(
+  Hacl_Streaming_MD_state_32 *state,
   uint8_t *input,
   uint32_t input_len
 )
 {
-  return update_224_256(p, input, input_len);
+  return update_224_256(state, input, input_len);
 }
 
 /**
-Write the resulting hash into `dst`, an array of 32 bytes. The state remains
-valid after a call to `finish_256`, meaning the user may feed more data into
-the hash via `update_256`. (The finish_256 function operates on an internal copy of
+Write the resulting hash into `output`, an array of 32 bytes. The state remains
+valid after a call to `digest_256`, meaning the user may feed more data into
+the hash via `update_256`. (The digest_256 function operates on an internal copy of
 the state and therefore does not invalidate the client-held state `p`.)
 */
-void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
+void Hacl_Hash_SHA2_digest_256(Hacl_Streaming_MD_state_32 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_32 scrut = *p;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)64U;
+    r = 64U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    r = (uint32_t)(total_len % (uint64_t)64U);
   }
   uint8_t *buf_1 = buf_;
   uint32_t tmp_block_state[8U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(tmp_block_state, block_state, 8U * sizeof (uint32_t));
   uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 64U == 0U && r > 0U)
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   else
   {
-    ite = r % (uint32_t)64U;
+    ite = r % 64U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state);
+  Hacl_Hash_SHA2_sha256_update_nblocks(0U, buf_multi, tmp_block_state);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_SHA2_Scalar32_sha256_update_last(prev_len_last + (uint64_t)r,
-    r,
-    buf_last,
-    tmp_block_state);
-  Hacl_SHA2_Scalar32_sha256_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA2_sha256_update_last(prev_len_last + (uint64_t)r, r, buf_last, tmp_block_state);
+  Hacl_Hash_SHA2_sha256_finish(tmp_block_state, output);
 }
 
 /**
-Free a state allocated with `create_in_256`.
+Free a state allocated with `malloc_256`.
 
 This function is identical to the free function for SHA2_224.
 */
-void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA2_free_256(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
   KRML_HOST_FREE(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 32 bytes.
 */
-void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA2_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint8_t *ib = input;
-  uint8_t *rb = dst;
+  uint8_t *rb = output;
   uint32_t st[8U] = { 0U };
-  Hacl_SHA2_Scalar32_sha256_init(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  Hacl_Hash_SHA2_sha256_init(st);
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  Hacl_Hash_SHA2_sha256_update_nblocks(input_len, ib, st);
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b0 = ib;
   uint8_t *lb = b0 + input_len - rem1;
-  Hacl_SHA2_Scalar32_sha256_update_last(len_, rem, lb, st);
-  Hacl_SHA2_Scalar32_sha256_finish(st, rb);
+  Hacl_Hash_SHA2_sha256_update_last(len_, rem, lb, st);
+  Hacl_Hash_SHA2_sha256_finish(st, rb);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_224(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_32
   *p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
   p[0U] = s;
-  Hacl_SHA2_Scalar32_sha224_init(block_state);
+  Hacl_Hash_SHA2_sha224_init(block_state);
   return p;
 }
 
-void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA2_reset_224(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  Hacl_SHA2_Scalar32_sha224_init(block_state);
+  Hacl_Hash_SHA2_sha224_init(block_state);
   Hacl_Streaming_MD_state_32
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_224(
-  Hacl_Streaming_MD_state_32 *p,
+Hacl_Hash_SHA2_update_224(
+  Hacl_Streaming_MD_state_32 *state,
   uint8_t *input,
   uint32_t input_len
 )
 {
-  return update_224_256(p, input, input_len);
+  return update_224_256(state, input, input_len);
 }
 
 /**
-Write the resulting hash into `dst`, an array of 28 bytes. The state remains
-valid after a call to `finish_224`, meaning the user may feed more data into
+Write the resulting hash into `output`, an array of 28 bytes. The state remains
+valid after a call to `digest_224`, meaning the user may feed more data into
 the hash via `update_224`.
 */
-void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
+void Hacl_Hash_SHA2_digest_224(Hacl_Streaming_MD_state_32 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_32 scrut = *p;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)64U;
+    r = 64U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    r = (uint32_t)(total_len % (uint64_t)64U);
   }
   uint8_t *buf_1 = buf_;
   uint32_t tmp_block_state[8U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(tmp_block_state, block_state, 8U * sizeof (uint32_t));
   uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 64U == 0U && r > 0U)
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   else
   {
-    ite = r % (uint32_t)64U;
+    ite = r % 64U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  sha224_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state);
+  sha224_update_nblocks(0U, buf_multi, tmp_block_state);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_SHA2_Scalar32_sha224_update_last(prev_len_last + (uint64_t)r,
-    r,
-    buf_last,
-    tmp_block_state);
-  Hacl_SHA2_Scalar32_sha224_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA2_sha224_update_last(prev_len_last + (uint64_t)r, r, buf_last, tmp_block_state);
+  Hacl_Hash_SHA2_sha224_finish(tmp_block_state, output);
 }
 
-void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p)
+void Hacl_Hash_SHA2_free_224(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_SHA2_free_256(p);
+  Hacl_Hash_SHA2_free_256(state);
 }
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 28 bytes.
 */
-void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA2_hash_224(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint8_t *ib = input;
-  uint8_t *rb = dst;
+  uint8_t *rb = output;
   uint32_t st[8U] = { 0U };
-  Hacl_SHA2_Scalar32_sha224_init(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  Hacl_Hash_SHA2_sha224_init(st);
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha224_update_nblocks(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b0 = ib;
   uint8_t *lb = b0 + input_len - rem1;
-  Hacl_SHA2_Scalar32_sha224_update_last(len_, rem, lb, st);
-  Hacl_SHA2_Scalar32_sha224_finish(st, rb);
+  Hacl_Hash_SHA2_sha224_update_last(len_, rem, lb, st);
+  Hacl_Hash_SHA2_sha224_finish(st, rb);
 }
 
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void)
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_512(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
   Hacl_Streaming_MD_state_64
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_64
   *p = (Hacl_Streaming_MD_state_64 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_64));
   p[0U] = s;
-  Hacl_SHA2_Scalar32_sha512_init(block_state);
+  Hacl_Hash_SHA2_sha512_init(block_state);
   return p;
 }
 
@@ -937,16 +874,16 @@ The state is to be freed by calling `free_512`. Cloning the state this way is
 useful, for instance, if your control-flow diverges and you need to feed
 more (different) data into the hash in each branch.
 */
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0)
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_copy_512(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_MD_state_64 scrut = *s0;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint64_t *block_state0 = scrut.block_state;
   uint8_t *buf0 = scrut.buf;
   uint64_t total_len0 = scrut.total_len;
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  memcpy(buf, buf0, (uint32_t)128U * sizeof (uint8_t));
-  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
-  memcpy(block_state, block_state0, (uint32_t)8U * sizeof (uint64_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  memcpy(buf, buf0, 128U * sizeof (uint8_t));
+  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
+  memcpy(block_state, block_state0, 8U * sizeof (uint64_t));
   Hacl_Streaming_MD_state_64
   s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
   Hacl_Streaming_MD_state_64
@@ -955,54 +892,54 @@ Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state
   return p;
 }
 
-void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s)
+void Hacl_Hash_SHA2_reset_512(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_MD_state_64 scrut = *s;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  Hacl_SHA2_Scalar32_sha512_init(block_state);
+  Hacl_Hash_SHA2_sha512_init(block_state);
   Hacl_Streaming_MD_state_64
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 static inline Hacl_Streaming_Types_error_code
-update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len)
+update_384_512(Hacl_Streaming_MD_state_64 *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_MD_state_64 s = *p;
+  Hacl_Streaming_MD_state_64 s = *state;
   uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)18446744073709551615U - total_len)
+  if ((uint64_t)chunk_len > 18446744073709551615ULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
   {
-    sz = (uint32_t)128U;
+    sz = 128U;
   }
   else
   {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
+    sz = (uint32_t)(total_len % (uint64_t)128U);
   }
-  if (len <= (uint32_t)128U - sz)
+  if (chunk_len <= 128U - sz)
   {
-    Hacl_Streaming_MD_state_64 s1 = *p;
+    Hacl_Streaming_MD_state_64 s1 = *state;
     uint64_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)128U;
+      sz1 = 128U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
       (
         (Hacl_Streaming_MD_state_64){
@@ -1012,76 +949,74 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len)
         }
       );
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_MD_state_64 s1 = *p;
+    Hacl_Streaming_MD_state_64 s1 = *state;
     uint64_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)128U;
+      sz1 = 128U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, buf, block_state1);
+      Hacl_Hash_SHA2_sha512_update_nblocks(128U, buf, block_state1);
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)128U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)128U == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
-      ite = (uint32_t)128U;
+      ite = 128U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)128U);
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)128U);
     }
-    uint32_t n_blocks = (len - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(data1_len / (uint32_t)128U * (uint32_t)128U,
-      data1,
-      block_state1);
+    uint32_t n_blocks = (chunk_len - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Hacl_Hash_SHA2_sha512_update_nblocks(data1_len / 128U * 128U, data1, block_state1);
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_64){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
-    uint32_t diff = (uint32_t)128U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_MD_state_64 s1 = *p;
+    uint32_t diff = 128U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Streaming_MD_state_64 s1 = *state;
     uint64_t *block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)128U == 0ULL && total_len10 > 0ULL)
     {
-      sz10 = (uint32_t)128U;
+      sz10 = 128U;
     }
     else
     {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)128U);
+      sz10 = (uint32_t)(total_len10 % (uint64_t)128U);
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_64){
@@ -1090,55 +1025,48 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len)
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_MD_state_64 s10 = *p;
+    Hacl_Streaming_MD_state_64 s10 = *state;
     uint64_t *block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)128U;
+      sz1 = 128U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, buf, block_state1);
+      Hacl_Hash_SHA2_sha512_update_nblocks(128U, buf, block_state1);
     }
     uint32_t ite;
     if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)128U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
+    ((uint64_t)(chunk_len - diff) % (uint64_t)128U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
     {
-      ite = (uint32_t)128U;
+      ite = 128U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)128U);
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)128U);
     }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(data1_len / (uint32_t)128U * (uint32_t)128U,
-      data11,
-      block_state1);
+    uint32_t n_blocks = (chunk_len - diff - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Hacl_Hash_SHA2_sha512_update_nblocks(data1_len / 128U * 128U, data1, block_state1);
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
         (Hacl_Streaming_MD_state_64){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
@@ -1148,198 +1076,198 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len)
 /**
 Feed an arbitrary amount of data into the hash. This function returns 0 for
 success, or 1 if the combined length of all of the data passed to `update_512`
-(since the last call to `init_512`) exceeds 2^125-1 bytes.
+(since the last call to `reset_512`) exceeds 2^125-1 bytes.
 
 This function is identical to the update function for SHA2_384.
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_512(
-  Hacl_Streaming_MD_state_64 *p,
+Hacl_Hash_SHA2_update_512(
+  Hacl_Streaming_MD_state_64 *state,
   uint8_t *input,
   uint32_t input_len
 )
 {
-  return update_384_512(p, input, input_len);
+  return update_384_512(state, input, input_len);
 }
 
 /**
-Write the resulting hash into `dst`, an array of 64 bytes. The state remains
-valid after a call to `finish_512`, meaning the user may feed more data into
-the hash via `update_512`. (The finish_512 function operates on an internal copy of
+Write the resulting hash into `output`, an array of 64 bytes. The state remains
+valid after a call to `digest_512`, meaning the user may feed more data into
+the hash via `update_512`. (The digest_512 function operates on an internal copy of
 the state and therefore does not invalidate the client-held state `p`.)
 */
-void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst)
+void Hacl_Hash_SHA2_digest_512(Hacl_Streaming_MD_state_64 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_64 scrut = *p;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint64_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)128U;
+    r = 128U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
+    r = (uint32_t)(total_len % (uint64_t)128U);
   }
   uint8_t *buf_1 = buf_;
   uint64_t tmp_block_state[8U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof (uint64_t));
+  memcpy(tmp_block_state, block_state, 8U * sizeof (uint64_t));
   uint32_t ite;
-  if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 128U == 0U && r > 0U)
   {
-    ite = (uint32_t)128U;
+    ite = 128U;
   }
   else
   {
-    ite = r % (uint32_t)128U;
+    ite = r % 128U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state);
+  Hacl_Hash_SHA2_sha512_update_nblocks(0U, buf_multi, tmp_block_state);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last),
+  Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last),
       FStar_UInt128_uint64_to_uint128((uint64_t)r)),
     r,
     buf_last,
     tmp_block_state);
-  Hacl_SHA2_Scalar32_sha512_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA2_sha512_finish(tmp_block_state, output);
 }
 
 /**
-Free a state allocated with `create_in_512`.
+Free a state allocated with `malloc_512`.
 
 This function is identical to the free function for SHA2_384.
 */
-void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s)
+void Hacl_Hash_SHA2_free_512(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_MD_state_64 scrut = *s;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
   KRML_HOST_FREE(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 64 bytes.
 */
-void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA2_hash_512(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint8_t *ib = input;
-  uint8_t *rb = dst;
+  uint8_t *rb = output;
   uint64_t st[8U] = { 0U };
-  Hacl_SHA2_Scalar32_sha512_init(st);
-  uint32_t rem = input_len % (uint32_t)128U;
+  Hacl_Hash_SHA2_sha512_init(st);
+  uint32_t rem = input_len % 128U;
   FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len);
-  Hacl_SHA2_Scalar32_sha512_update_nblocks(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)128U;
+  Hacl_Hash_SHA2_sha512_update_nblocks(input_len, ib, st);
+  uint32_t rem1 = input_len % 128U;
   uint8_t *b0 = ib;
   uint8_t *lb = b0 + input_len - rem1;
-  Hacl_SHA2_Scalar32_sha512_update_last(len_, rem, lb, st);
-  Hacl_SHA2_Scalar32_sha512_finish(st, rb);
+  Hacl_Hash_SHA2_sha512_update_last(len_, rem, lb, st);
+  Hacl_Hash_SHA2_sha512_finish(st, rb);
 }
 
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void)
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_384(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
   Hacl_Streaming_MD_state_64
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_64
   *p = (Hacl_Streaming_MD_state_64 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_64));
   p[0U] = s;
-  Hacl_SHA2_Scalar32_sha384_init(block_state);
+  Hacl_Hash_SHA2_sha384_init(block_state);
   return p;
 }
 
-void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s)
+void Hacl_Hash_SHA2_reset_384(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_MD_state_64 scrut = *s;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  Hacl_SHA2_Scalar32_sha384_init(block_state);
+  Hacl_Hash_SHA2_sha384_init(block_state);
   Hacl_Streaming_MD_state_64
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_384(
-  Hacl_Streaming_MD_state_64 *p,
+Hacl_Hash_SHA2_update_384(
+  Hacl_Streaming_MD_state_64 *state,
   uint8_t *input,
   uint32_t input_len
 )
 {
-  return update_384_512(p, input, input_len);
+  return update_384_512(state, input, input_len);
 }
 
 /**
-Write the resulting hash into `dst`, an array of 48 bytes. The state remains
-valid after a call to `finish_384`, meaning the user may feed more data into
+Write the resulting hash into `output`, an array of 48 bytes. The state remains
+valid after a call to `digest_384`, meaning the user may feed more data into
 the hash via `update_384`.
 */
-void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst)
+void Hacl_Hash_SHA2_digest_384(Hacl_Streaming_MD_state_64 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_64 scrut = *p;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint64_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)128U;
+    r = 128U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
+    r = (uint32_t)(total_len % (uint64_t)128U);
   }
   uint8_t *buf_1 = buf_;
   uint64_t tmp_block_state[8U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof (uint64_t));
+  memcpy(tmp_block_state, block_state, 8U * sizeof (uint64_t));
   uint32_t ite;
-  if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 128U == 0U && r > 0U)
   {
-    ite = (uint32_t)128U;
+    ite = 128U;
   }
   else
   {
-    ite = r % (uint32_t)128U;
+    ite = r % 128U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state);
+  Hacl_Hash_SHA2_sha384_update_nblocks(0U, buf_multi, tmp_block_state);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last),
+  Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last),
       FStar_UInt128_uint64_to_uint128((uint64_t)r)),
     r,
     buf_last,
     tmp_block_state);
-  Hacl_SHA2_Scalar32_sha384_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA2_sha384_finish(tmp_block_state, output);
 }
 
-void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p)
+void Hacl_Hash_SHA2_free_384(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_SHA2_free_512(p);
+  Hacl_Hash_SHA2_free_512(state);
 }
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 48 bytes.
 */
-void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA2_hash_384(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint8_t *ib = input;
-  uint8_t *rb = dst;
+  uint8_t *rb = output;
   uint64_t st[8U] = { 0U };
-  Hacl_SHA2_Scalar32_sha384_init(st);
-  uint32_t rem = input_len % (uint32_t)128U;
+  Hacl_Hash_SHA2_sha384_init(st);
+  uint32_t rem = input_len % 128U;
   FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len);
-  Hacl_SHA2_Scalar32_sha384_update_nblocks(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)128U;
+  Hacl_Hash_SHA2_sha384_update_nblocks(input_len, ib, st);
+  uint32_t rem1 = input_len % 128U;
   uint8_t *b0 = ib;
   uint8_t *lb = b0 + input_len - rem1;
-  Hacl_SHA2_Scalar32_sha384_update_last(len_, rem, lb, st);
-  Hacl_SHA2_Scalar32_sha384_finish(st, rb);
+  Hacl_Hash_SHA2_sha384_update_last(len_, rem, lb, st);
+  Hacl_Hash_SHA2_sha384_finish(st, rb);
 }
 
diff --git a/src/Hacl_Hash_SHA3.c b/src/Hacl_Hash_SHA3.c
index 19d13b1b..4f502866 100644
--- a/src/Hacl_Hash_SHA3.c
+++ b/src/Hacl_Hash_SHA3.c
@@ -31,27 +31,27 @@ static uint32_t block_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)144U;
+        return 144U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)104U;
+        return 104U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)72U;
+        return 72U;
       }
     case Spec_Hash_Definitions_Shake128:
       {
-        return (uint32_t)168U;
+        return 168U;
       }
     case Spec_Hash_Definitions_Shake256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     default:
       {
@@ -67,19 +67,19 @@ static uint32_t hash_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     default:
       {
@@ -97,10 +97,10 @@ Hacl_Hash_SHA3_update_multi_sha3(
   uint32_t n_blocks
 )
 {
-  for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
+  for (uint32_t i = 0U; i < n_blocks; i++)
   {
     uint8_t *block = blocks + i * block_len(a);
-    Hacl_Impl_SHA3_absorb_inner(block_len(a), block, s);
+    Hacl_Hash_SHA3_absorb_inner(block_len(a), block, s);
   }
 }
 
@@ -115,139 +115,139 @@ Hacl_Hash_SHA3_update_last_sha3(
   uint8_t suffix;
   if (a == Spec_Hash_Definitions_Shake128 || a == Spec_Hash_Definitions_Shake256)
   {
-    suffix = (uint8_t)0x1fU;
+    suffix = 0x1fU;
   }
   else
   {
-    suffix = (uint8_t)0x06U;
+    suffix = 0x06U;
   }
   uint32_t len = block_len(a);
   if (input_len == len)
   {
-    Hacl_Impl_SHA3_absorb_inner(len, input, s);
+    Hacl_Hash_SHA3_absorb_inner(len, input, s);
     uint8_t lastBlock_[200U] = { 0U };
     uint8_t *lastBlock = lastBlock_;
-    memcpy(lastBlock, input + input_len, (uint32_t)0U * sizeof (uint8_t));
+    memcpy(lastBlock, input + input_len, 0U * sizeof (uint8_t));
     lastBlock[0U] = suffix;
-    Hacl_Impl_SHA3_loadState(len, lastBlock, s);
-    if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && (uint32_t)0U == len - (uint32_t)1U)
+    Hacl_Hash_SHA3_loadState(len, lastBlock, s);
+    if (!(((uint32_t)suffix & 0x80U) == 0U) && 0U == len - 1U)
     {
-      Hacl_Impl_SHA3_state_permute(s);
+      Hacl_Hash_SHA3_state_permute(s);
     }
     uint8_t nextBlock_[200U] = { 0U };
     uint8_t *nextBlock = nextBlock_;
-    nextBlock[len - (uint32_t)1U] = (uint8_t)0x80U;
-    Hacl_Impl_SHA3_loadState(len, nextBlock, s);
-    Hacl_Impl_SHA3_state_permute(s);
+    nextBlock[len - 1U] = 0x80U;
+    Hacl_Hash_SHA3_loadState(len, nextBlock, s);
+    Hacl_Hash_SHA3_state_permute(s);
     return;
   }
   uint8_t lastBlock_[200U] = { 0U };
   uint8_t *lastBlock = lastBlock_;
   memcpy(lastBlock, input, input_len * sizeof (uint8_t));
   lastBlock[input_len] = suffix;
-  Hacl_Impl_SHA3_loadState(len, lastBlock, s);
-  if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && input_len == len - (uint32_t)1U)
+  Hacl_Hash_SHA3_loadState(len, lastBlock, s);
+  if (!(((uint32_t)suffix & 0x80U) == 0U) && input_len == len - 1U)
   {
-    Hacl_Impl_SHA3_state_permute(s);
+    Hacl_Hash_SHA3_state_permute(s);
   }
   uint8_t nextBlock_[200U] = { 0U };
   uint8_t *nextBlock = nextBlock_;
-  nextBlock[len - (uint32_t)1U] = (uint8_t)0x80U;
-  Hacl_Impl_SHA3_loadState(len, nextBlock, s);
-  Hacl_Impl_SHA3_state_permute(s);
+  nextBlock[len - 1U] = 0x80U;
+  Hacl_Hash_SHA3_loadState(len, nextBlock, s);
+  Hacl_Hash_SHA3_state_permute(s);
 }
 
 typedef struct hash_buf2_s
 {
-  Hacl_Streaming_Keccak_hash_buf fst;
-  Hacl_Streaming_Keccak_hash_buf snd;
+  Hacl_Hash_SHA3_hash_buf fst;
+  Hacl_Hash_SHA3_hash_buf snd;
 }
 hash_buf2;
 
-Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s)
+Spec_Hash_Definitions_hash_alg Hacl_Hash_SHA3_get_alg(Hacl_Hash_SHA3_state_t *s)
 {
-  Hacl_Streaming_Keccak_hash_buf block_state = (*s).block_state;
+  Hacl_Hash_SHA3_hash_buf block_state = (*s).block_state;
   return block_state.fst;
 }
 
-Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_hash_alg a)
+Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_hash_alg a)
 {
   KRML_CHECK_SIZE(sizeof (uint8_t), block_len(a));
   uint8_t *buf0 = (uint8_t *)KRML_HOST_CALLOC(block_len(a), sizeof (uint8_t));
-  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
-  Hacl_Streaming_Keccak_hash_buf block_state = { .fst = a, .snd = buf };
-  Hacl_Streaming_Keccak_state
-  s = { .block_state = block_state, .buf = buf0, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Keccak_state
-  *p = (Hacl_Streaming_Keccak_state *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_Keccak_state));
+  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
+  Hacl_Hash_SHA3_hash_buf block_state = { .fst = a, .snd = buf };
+  Hacl_Hash_SHA3_state_t
+  s = { .block_state = block_state, .buf = buf0, .total_len = (uint64_t)0U };
+  Hacl_Hash_SHA3_state_t
+  *p = (Hacl_Hash_SHA3_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_SHA3_state_t));
   p[0U] = s;
   uint64_t *s1 = block_state.snd;
-  memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
+  memset(s1, 0U, 25U * sizeof (uint64_t));
   return p;
 }
 
-void Hacl_Streaming_Keccak_free(Hacl_Streaming_Keccak_state *s)
+void Hacl_Hash_SHA3_free(Hacl_Hash_SHA3_state_t *state)
 {
-  Hacl_Streaming_Keccak_state scrut = *s;
+  Hacl_Hash_SHA3_state_t scrut = *state;
   uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
-  uint64_t *s1 = block_state.snd;
-  KRML_HOST_FREE(s1);
-  KRML_HOST_FREE(buf);
+  Hacl_Hash_SHA3_hash_buf block_state = scrut.block_state;
+  uint64_t *s = block_state.snd;
   KRML_HOST_FREE(s);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
 }
 
-Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_copy(Hacl_Streaming_Keccak_state *s0)
+Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_copy(Hacl_Hash_SHA3_state_t *state)
 {
-  Hacl_Streaming_Keccak_state scrut0 = *s0;
-  Hacl_Streaming_Keccak_hash_buf block_state0 = scrut0.block_state;
+  Hacl_Hash_SHA3_state_t scrut0 = *state;
+  Hacl_Hash_SHA3_hash_buf block_state0 = scrut0.block_state;
   uint8_t *buf0 = scrut0.buf;
   uint64_t total_len0 = scrut0.total_len;
   Spec_Hash_Definitions_hash_alg i = block_state0.fst;
   KRML_CHECK_SIZE(sizeof (uint8_t), block_len(i));
   uint8_t *buf1 = (uint8_t *)KRML_HOST_CALLOC(block_len(i), sizeof (uint8_t));
   memcpy(buf1, buf0, block_len(i) * sizeof (uint8_t));
-  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
-  Hacl_Streaming_Keccak_hash_buf block_state = { .fst = i, .snd = buf };
+  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
+  Hacl_Hash_SHA3_hash_buf block_state = { .fst = i, .snd = buf };
   hash_buf2 scrut = { .fst = block_state0, .snd = block_state };
   uint64_t *s_dst = scrut.snd.snd;
   uint64_t *s_src = scrut.fst.snd;
-  memcpy(s_dst, s_src, (uint32_t)25U * sizeof (uint64_t));
-  Hacl_Streaming_Keccak_state
+  memcpy(s_dst, s_src, 25U * sizeof (uint64_t));
+  Hacl_Hash_SHA3_state_t
   s = { .block_state = block_state, .buf = buf1, .total_len = total_len0 };
-  Hacl_Streaming_Keccak_state
-  *p = (Hacl_Streaming_Keccak_state *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_Keccak_state));
+  Hacl_Hash_SHA3_state_t
+  *p = (Hacl_Hash_SHA3_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_SHA3_state_t));
   p[0U] = s;
   return p;
 }
 
-void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s)
+void Hacl_Hash_SHA3_reset(Hacl_Hash_SHA3_state_t *state)
 {
-  Hacl_Streaming_Keccak_state scrut = *s;
+  Hacl_Hash_SHA3_state_t scrut = *state;
   uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Hacl_Hash_SHA3_hash_buf block_state = scrut.block_state;
   Spec_Hash_Definitions_hash_alg i = block_state.fst;
-  KRML_HOST_IGNORE(i);
-  uint64_t *s1 = block_state.snd;
-  memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
-  Hacl_Streaming_Keccak_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  KRML_MAYBE_UNUSED_VAR(i);
+  uint64_t *s = block_state.snd;
+  memset(s, 0U, 25U * sizeof (uint64_t));
+  Hacl_Hash_SHA3_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint32_t len)
+Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_Keccak_state s = *p;
-  Hacl_Streaming_Keccak_hash_buf block_state = s.block_state;
+  Hacl_Hash_SHA3_state_t s = *state;
+  Hacl_Hash_SHA3_hash_buf block_state = s.block_state;
   uint64_t total_len = s.total_len;
   Spec_Hash_Definitions_hash_alg i = block_state.fst;
-  if ((uint64_t)len > (uint64_t)0xFFFFFFFFFFFFFFFFU - total_len)
+  if ((uint64_t)chunk_len > 0xFFFFFFFFFFFFFFFFULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)block_len(i) == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)block_len(i) == 0ULL && total_len > 0ULL)
   {
     sz = block_len(i);
   }
@@ -255,14 +255,14 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
   {
     sz = (uint32_t)(total_len % (uint64_t)block_len(i));
   }
-  if (len <= block_len(i) - sz)
+  if (chunk_len <= block_len(i) - sz)
   {
-    Hacl_Streaming_Keccak_state s1 = *p;
-    Hacl_Streaming_Keccak_hash_buf block_state1 = s1.block_state;
+    Hacl_Hash_SHA3_state_t s1 = *state;
+    Hacl_Hash_SHA3_hash_buf block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)block_len(i) == 0ULL && total_len1 > 0ULL)
     {
       sz1 = block_len(i);
     }
@@ -271,26 +271,20 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
       sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i));
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
-      (
-        (Hacl_Streaming_Keccak_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
+      ((Hacl_Hash_SHA3_state_t){ .block_state = block_state1, .buf = buf, .total_len = total_len2 });
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_Keccak_state s1 = *p;
-    Hacl_Streaming_Keccak_hash_buf block_state1 = s1.block_state;
+    Hacl_Hash_SHA3_state_t s1 = *state;
+    Hacl_Hash_SHA3_hash_buf block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)block_len(i) == 0ULL && total_len1 > 0ULL)
     {
       sz1 = block_len(i);
     }
@@ -298,52 +292,52 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
     {
       sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i));
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
       Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
       uint64_t *s2 = block_state1.snd;
       Hacl_Hash_SHA3_update_multi_sha3(a1, s2, buf, block_len(i) / block_len(a1));
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)block_len(i) == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)block_len(i) == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
       ite = block_len(i);
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)block_len(i));
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)block_len(i));
     }
-    uint32_t n_blocks = (len - ite) / block_len(i);
+    uint32_t n_blocks = (chunk_len - ite) / block_len(i);
     uint32_t data1_len = n_blocks * block_len(i);
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
     Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
     uint64_t *s2 = block_state1.snd;
     Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1));
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
-        (Hacl_Streaming_Keccak_state){
+        (Hacl_Hash_SHA3_state_t){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
     uint32_t diff = block_len(i) - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Keccak_state s1 = *p;
-    Hacl_Streaming_Keccak_hash_buf block_state10 = s1.block_state;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_SHA3_state_t s1 = *state;
+    Hacl_Hash_SHA3_hash_buf block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)block_len(i) == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)block_len(i) == 0ULL && total_len10 > 0ULL)
     {
       sz10 = block_len(i);
     }
@@ -352,23 +346,23 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
       sz10 = (uint32_t)(total_len10 % (uint64_t)block_len(i));
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
-        (Hacl_Streaming_Keccak_state){
+        (Hacl_Hash_SHA3_state_t){
           .block_state = block_state10,
           .buf = buf0,
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_Keccak_state s10 = *p;
-    Hacl_Streaming_Keccak_hash_buf block_state1 = s10.block_state;
+    Hacl_Hash_SHA3_state_t s10 = *state;
+    Hacl_Hash_SHA3_hash_buf block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)block_len(i) == 0ULL && total_len1 > 0ULL)
     {
       sz1 = block_len(i);
     }
@@ -376,7 +370,7 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
     {
       sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i));
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
       Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
       uint64_t *s2 = block_state1.snd;
@@ -385,35 +379,35 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
     uint32_t ite;
     if
     (
-      (uint64_t)(len - diff)
+      (uint64_t)(chunk_len - diff)
       % (uint64_t)block_len(i)
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
+      == 0ULL
+      && (uint64_t)(chunk_len - diff) > 0ULL
     )
     {
       ite = block_len(i);
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)block_len(i));
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)block_len(i));
     }
-    uint32_t n_blocks = (len - diff - ite) / block_len(i);
+    uint32_t n_blocks = (chunk_len - diff - ite) / block_len(i);
     uint32_t data1_len = n_blocks * block_len(i);
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
     Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
     uint64_t *s2 = block_state1.snd;
-    Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data11, data1_len / block_len(a1));
+    Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1));
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
-        (Hacl_Streaming_Keccak_state){
+        (Hacl_Hash_SHA3_state_t){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
@@ -421,19 +415,19 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
 }
 
 static void
-finish_(
+digest_(
   Spec_Hash_Definitions_hash_alg a,
-  Hacl_Streaming_Keccak_state *p,
-  uint8_t *dst,
+  Hacl_Hash_SHA3_state_t *state,
+  uint8_t *output,
   uint32_t l
 )
 {
-  Hacl_Streaming_Keccak_state scrut0 = *p;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut0.block_state;
+  Hacl_Hash_SHA3_state_t scrut0 = *state;
+  Hacl_Hash_SHA3_hash_buf block_state = scrut0.block_state;
   uint8_t *buf_ = scrut0.buf;
   uint64_t total_len = scrut0.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)block_len(a) == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)block_len(a) == 0ULL && total_len > 0ULL)
   {
     r = block_len(a);
   }
@@ -443,13 +437,13 @@ finish_(
   }
   uint8_t *buf_1 = buf_;
   uint64_t buf[25U] = { 0U };
-  Hacl_Streaming_Keccak_hash_buf tmp_block_state = { .fst = a, .snd = buf };
+  Hacl_Hash_SHA3_hash_buf tmp_block_state = { .fst = a, .snd = buf };
   hash_buf2 scrut = { .fst = block_state, .snd = tmp_block_state };
   uint64_t *s_dst = scrut.snd.snd;
   uint64_t *s_src = scrut.fst.snd;
-  memcpy(s_dst, s_src, (uint32_t)25U * sizeof (uint64_t));
+  memcpy(s_dst, s_src, 25U * sizeof (uint64_t));
   uint32_t ite;
-  if (r % block_len(a) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(a) == 0U && r > 0U)
   {
     ite = block_len(a);
   }
@@ -461,7 +455,7 @@ finish_(
   uint8_t *buf_multi = buf_1;
   Spec_Hash_Definitions_hash_alg a1 = tmp_block_state.fst;
   uint64_t *s0 = tmp_block_state.snd;
-  Hacl_Hash_SHA3_update_multi_sha3(a1, s0, buf_multi, (uint32_t)0U / block_len(a1));
+  Hacl_Hash_SHA3_update_multi_sha3(a1, s0, buf_multi, 0U / block_len(a1));
   Spec_Hash_Definitions_hash_alg a10 = tmp_block_state.fst;
   uint64_t *s1 = tmp_block_state.snd;
   Hacl_Hash_SHA3_update_last_sha3(a10, s1, buf_last, r);
@@ -469,258 +463,182 @@ finish_(
   uint64_t *s = tmp_block_state.snd;
   if (a11 == Spec_Hash_Definitions_Shake128 || a11 == Spec_Hash_Definitions_Shake256)
   {
-    Hacl_Impl_SHA3_squeeze(s, block_len(a11), l, dst);
+    Hacl_Hash_SHA3_squeeze0(s, block_len(a11), l, output);
     return;
   }
-  Hacl_Impl_SHA3_squeeze(s, block_len(a11), hash_len(a11), dst);
+  Hacl_Hash_SHA3_squeeze0(s, block_len(a11), hash_len(a11), output);
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_finish(Hacl_Streaming_Keccak_state *s, uint8_t *dst)
+Hacl_Hash_SHA3_digest(Hacl_Hash_SHA3_state_t *state, uint8_t *output)
 {
-  Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(state);
   if (a1 == Spec_Hash_Definitions_Shake128 || a1 == Spec_Hash_Definitions_Shake256)
   {
     return Hacl_Streaming_Types_InvalidAlgorithm;
   }
-  finish_(a1, s, dst, hash_len(a1));
+  digest_(a1, state, output, hash_len(a1));
   return Hacl_Streaming_Types_Success;
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_squeeze(Hacl_Streaming_Keccak_state *s, uint8_t *dst, uint32_t l)
+Hacl_Hash_SHA3_squeeze(Hacl_Hash_SHA3_state_t *s, uint8_t *dst, uint32_t l)
 {
-  Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(s);
   if (!(a1 == Spec_Hash_Definitions_Shake128 || a1 == Spec_Hash_Definitions_Shake256))
   {
     return Hacl_Streaming_Types_InvalidAlgorithm;
   }
-  if (l == (uint32_t)0U)
+  if (l == 0U)
   {
     return Hacl_Streaming_Types_InvalidLength;
   }
-  finish_(a1, s, dst, l);
+  digest_(a1, s, dst, l);
   return Hacl_Streaming_Types_Success;
 }
 
-uint32_t Hacl_Streaming_Keccak_block_len(Hacl_Streaming_Keccak_state *s)
+uint32_t Hacl_Hash_SHA3_block_len(Hacl_Hash_SHA3_state_t *s)
 {
-  Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(s);
   return block_len(a1);
 }
 
-uint32_t Hacl_Streaming_Keccak_hash_len(Hacl_Streaming_Keccak_state *s)
+uint32_t Hacl_Hash_SHA3_hash_len(Hacl_Hash_SHA3_state_t *s)
 {
-  Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(s);
   return hash_len(a1);
 }
 
-bool Hacl_Streaming_Keccak_is_shake(Hacl_Streaming_Keccak_state *s)
+bool Hacl_Hash_SHA3_is_shake(Hacl_Hash_SHA3_state_t *s)
 {
-  Spec_Hash_Definitions_hash_alg uu____0 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg uu____0 = Hacl_Hash_SHA3_get_alg(s);
   return uu____0 == Spec_Hash_Definitions_Shake128 || uu____0 == Spec_Hash_Definitions_Shake256;
 }
 
 void
-Hacl_SHA3_shake128_hacl(
+Hacl_Hash_SHA3_shake128_hacl(
   uint32_t inputByteLen,
   uint8_t *input,
   uint32_t outputByteLen,
   uint8_t *output
 )
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)1344U,
-    (uint32_t)256U,
-    inputByteLen,
-    input,
-    (uint8_t)0x1FU,
-    outputByteLen,
-    output);
+  Hacl_Hash_SHA3_keccak(1344U, 256U, inputByteLen, input, 0x1FU, outputByteLen, output);
 }
 
 void
-Hacl_SHA3_shake256_hacl(
+Hacl_Hash_SHA3_shake256_hacl(
   uint32_t inputByteLen,
   uint8_t *input,
   uint32_t outputByteLen,
   uint8_t *output
 )
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)1088U,
-    (uint32_t)512U,
-    inputByteLen,
-    input,
-    (uint8_t)0x1FU,
-    outputByteLen,
-    output);
+  Hacl_Hash_SHA3_keccak(1088U, 512U, inputByteLen, input, 0x1FU, outputByteLen, output);
 }
 
-void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
+void Hacl_Hash_SHA3_sha3_224(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)1152U,
-    (uint32_t)448U,
-    inputByteLen,
-    input,
-    (uint8_t)0x06U,
-    (uint32_t)28U,
-    output);
+  Hacl_Hash_SHA3_keccak(1152U, 448U, input_len, input, 0x06U, 28U, output);
 }
 
-void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
+void Hacl_Hash_SHA3_sha3_256(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)1088U,
-    (uint32_t)512U,
-    inputByteLen,
-    input,
-    (uint8_t)0x06U,
-    (uint32_t)32U,
-    output);
+  Hacl_Hash_SHA3_keccak(1088U, 512U, input_len, input, 0x06U, 32U, output);
 }
 
-void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
+void Hacl_Hash_SHA3_sha3_384(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)832U,
-    (uint32_t)768U,
-    inputByteLen,
-    input,
-    (uint8_t)0x06U,
-    (uint32_t)48U,
-    output);
+  Hacl_Hash_SHA3_keccak(832U, 768U, input_len, input, 0x06U, 48U, output);
 }
 
-void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
+void Hacl_Hash_SHA3_sha3_512(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)576U,
-    (uint32_t)1024U,
-    inputByteLen,
-    input,
-    (uint8_t)0x06U,
-    (uint32_t)64U,
-    output);
+  Hacl_Hash_SHA3_keccak(576U, 1024U, input_len, input, 0x06U, 64U, output);
 }
 
 static const
 uint32_t
 keccak_rotc[24U] =
   {
-    (uint32_t)1U, (uint32_t)3U, (uint32_t)6U, (uint32_t)10U, (uint32_t)15U, (uint32_t)21U,
-    (uint32_t)28U, (uint32_t)36U, (uint32_t)45U, (uint32_t)55U, (uint32_t)2U, (uint32_t)14U,
-    (uint32_t)27U, (uint32_t)41U, (uint32_t)56U, (uint32_t)8U, (uint32_t)25U, (uint32_t)43U,
-    (uint32_t)62U, (uint32_t)18U, (uint32_t)39U, (uint32_t)61U, (uint32_t)20U, (uint32_t)44U
+    1U, 3U, 6U, 10U, 15U, 21U, 28U, 36U, 45U, 55U, 2U, 14U, 27U, 41U, 56U, 8U, 25U, 43U, 62U, 18U,
+    39U, 61U, 20U, 44U
   };
 
 static const
 uint32_t
 keccak_piln[24U] =
   {
-    (uint32_t)10U, (uint32_t)7U, (uint32_t)11U, (uint32_t)17U, (uint32_t)18U, (uint32_t)3U,
-    (uint32_t)5U, (uint32_t)16U, (uint32_t)8U, (uint32_t)21U, (uint32_t)24U, (uint32_t)4U,
-    (uint32_t)15U, (uint32_t)23U, (uint32_t)19U, (uint32_t)13U, (uint32_t)12U, (uint32_t)2U,
-    (uint32_t)20U, (uint32_t)14U, (uint32_t)22U, (uint32_t)9U, (uint32_t)6U, (uint32_t)1U
+    10U, 7U, 11U, 17U, 18U, 3U, 5U, 16U, 8U, 21U, 24U, 4U, 15U, 23U, 19U, 13U, 12U, 2U, 20U, 14U,
+    22U, 9U, 6U, 1U
   };
 
 static const
 uint64_t
 keccak_rndc[24U] =
   {
-    (uint64_t)0x0000000000000001U, (uint64_t)0x0000000000008082U, (uint64_t)0x800000000000808aU,
-    (uint64_t)0x8000000080008000U, (uint64_t)0x000000000000808bU, (uint64_t)0x0000000080000001U,
-    (uint64_t)0x8000000080008081U, (uint64_t)0x8000000000008009U, (uint64_t)0x000000000000008aU,
-    (uint64_t)0x0000000000000088U, (uint64_t)0x0000000080008009U, (uint64_t)0x000000008000000aU,
-    (uint64_t)0x000000008000808bU, (uint64_t)0x800000000000008bU, (uint64_t)0x8000000000008089U,
-    (uint64_t)0x8000000000008003U, (uint64_t)0x8000000000008002U, (uint64_t)0x8000000000000080U,
-    (uint64_t)0x000000000000800aU, (uint64_t)0x800000008000000aU, (uint64_t)0x8000000080008081U,
-    (uint64_t)0x8000000000008080U, (uint64_t)0x0000000080000001U, (uint64_t)0x8000000080008008U
+    0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL, 0x8000000080008000ULL,
+    0x000000000000808bULL, 0x0000000080000001ULL, 0x8000000080008081ULL, 0x8000000000008009ULL,
+    0x000000000000008aULL, 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL,
+    0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL,
+    0x8000000000008002ULL, 0x8000000000000080ULL, 0x000000000000800aULL, 0x800000008000000aULL,
+    0x8000000080008081ULL, 0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL
   };
 
-void Hacl_Impl_SHA3_state_permute(uint64_t *s)
+void Hacl_Hash_SHA3_state_permute(uint64_t *s)
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)24U; i0++)
+  for (uint32_t i0 = 0U; i0 < 24U; i0++)
   {
     uint64_t _C[5U] = { 0U };
     KRML_MAYBE_FOR5(i,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      _C[i] =
-        s[i
-        + (uint32_t)0U]
-        ^
-          (s[i
-          + (uint32_t)5U]
-          ^ (s[i + (uint32_t)10U] ^ (s[i + (uint32_t)15U] ^ s[i + (uint32_t)20U]))););
+      0U,
+      5U,
+      1U,
+      _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U]))););
     KRML_MAYBE_FOR5(i1,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      uint64_t uu____0 = _C[(i1 + (uint32_t)1U) % (uint32_t)5U];
-      uint64_t
-      _D =
-        _C[(i1 + (uint32_t)4U)
-        % (uint32_t)5U]
-        ^ (uu____0 << (uint32_t)1U | uu____0 >> (uint32_t)63U);
-      KRML_MAYBE_FOR5(i,
-        (uint32_t)0U,
-        (uint32_t)5U,
-        (uint32_t)1U,
-        s[i1 + (uint32_t)5U * i] = s[i1 + (uint32_t)5U * i] ^ _D;););
+      0U,
+      5U,
+      1U,
+      uint64_t uu____0 = _C[(i1 + 1U) % 5U];
+      uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U);
+      KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;););
     uint64_t x = s[1U];
     uint64_t current = x;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)24U; i++)
+    for (uint32_t i = 0U; i < 24U; i++)
     {
       uint32_t _Y = keccak_piln[i];
       uint32_t r = keccak_rotc[i];
       uint64_t temp = s[_Y];
       uint64_t uu____1 = current;
-      s[_Y] = uu____1 << r | uu____1 >> ((uint32_t)64U - r);
+      s[_Y] = uu____1 << r | uu____1 >> (64U - r);
       current = temp;
     }
     KRML_MAYBE_FOR5(i,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      uint64_t
-      v0 =
-        s[(uint32_t)0U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)1U + (uint32_t)5U * i] & s[(uint32_t)2U + (uint32_t)5U * i]);
-      uint64_t
-      v1 =
-        s[(uint32_t)1U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)2U + (uint32_t)5U * i] & s[(uint32_t)3U + (uint32_t)5U * i]);
-      uint64_t
-      v2 =
-        s[(uint32_t)2U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)3U + (uint32_t)5U * i] & s[(uint32_t)4U + (uint32_t)5U * i]);
-      uint64_t
-      v3 =
-        s[(uint32_t)3U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)4U + (uint32_t)5U * i] & s[(uint32_t)0U + (uint32_t)5U * i]);
-      uint64_t
-      v4 =
-        s[(uint32_t)4U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)0U + (uint32_t)5U * i] & s[(uint32_t)1U + (uint32_t)5U * i]);
-      s[(uint32_t)0U + (uint32_t)5U * i] = v0;
-      s[(uint32_t)1U + (uint32_t)5U * i] = v1;
-      s[(uint32_t)2U + (uint32_t)5U * i] = v2;
-      s[(uint32_t)3U + (uint32_t)5U * i] = v3;
-      s[(uint32_t)4U + (uint32_t)5U * i] = v4;);
+      0U,
+      5U,
+      1U,
+      uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]);
+      uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]);
+      uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]);
+      uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]);
+      uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]);
+      s[0U + 5U * i] = v0;
+      s[1U + 5U * i] = v1;
+      s[2U + 5U * i] = v2;
+      s[3U + 5U * i] = v3;
+      s[4U + 5U * i] = v4;);
     uint64_t c = keccak_rndc[i0];
     s[0U] = s[0U] ^ c;
   }
 }
 
-void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s)
+void Hacl_Hash_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s)
 {
   uint8_t block[200U] = { 0U };
   memcpy(block, input, rateInBytes * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++)
+  for (uint32_t i = 0U; i < 25U; i++)
   {
-    uint64_t u = load64_le(block + i * (uint32_t)8U);
+    uint64_t u = load64_le(block + i * 8U);
     uint64_t x = u;
     s[i] = s[i] ^ x;
   }
@@ -729,18 +647,18 @@ void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s)
 static void storeState(uint32_t rateInBytes, uint64_t *s, uint8_t *res)
 {
   uint8_t block[200U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++)
+  for (uint32_t i = 0U; i < 25U; i++)
   {
     uint64_t sj = s[i];
-    store64_le(block + i * (uint32_t)8U, sj);
+    store64_le(block + i * 8U, sj);
   }
   memcpy(res, block, rateInBytes * sizeof (uint8_t));
 }
 
-void Hacl_Impl_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s)
+void Hacl_Hash_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s)
 {
-  Hacl_Impl_SHA3_loadState(rateInBytes, block, s);
-  Hacl_Impl_SHA3_state_permute(s);
+  Hacl_Hash_SHA3_loadState(rateInBytes, block, s);
+  Hacl_Hash_SHA3_state_permute(s);
 }
 
 static void
@@ -754,30 +672,30 @@ absorb(
 {
   uint32_t n_blocks = inputByteLen / rateInBytes;
   uint32_t rem = inputByteLen % rateInBytes;
-  for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
+  for (uint32_t i = 0U; i < n_blocks; i++)
   {
     uint8_t *block = input + i * rateInBytes;
-    Hacl_Impl_SHA3_absorb_inner(rateInBytes, block, s);
+    Hacl_Hash_SHA3_absorb_inner(rateInBytes, block, s);
   }
   uint8_t *last = input + n_blocks * rateInBytes;
   uint8_t lastBlock_[200U] = { 0U };
   uint8_t *lastBlock = lastBlock_;
   memcpy(lastBlock, last, rem * sizeof (uint8_t));
   lastBlock[rem] = delimitedSuffix;
-  Hacl_Impl_SHA3_loadState(rateInBytes, lastBlock, s);
-  if (!((delimitedSuffix & (uint8_t)0x80U) == (uint8_t)0U) && rem == rateInBytes - (uint32_t)1U)
+  Hacl_Hash_SHA3_loadState(rateInBytes, lastBlock, s);
+  if (!(((uint32_t)delimitedSuffix & 0x80U) == 0U) && rem == rateInBytes - 1U)
   {
-    Hacl_Impl_SHA3_state_permute(s);
+    Hacl_Hash_SHA3_state_permute(s);
   }
   uint8_t nextBlock_[200U] = { 0U };
   uint8_t *nextBlock = nextBlock_;
-  nextBlock[rateInBytes - (uint32_t)1U] = (uint8_t)0x80U;
-  Hacl_Impl_SHA3_loadState(rateInBytes, nextBlock, s);
-  Hacl_Impl_SHA3_state_permute(s);
+  nextBlock[rateInBytes - 1U] = 0x80U;
+  Hacl_Hash_SHA3_loadState(rateInBytes, nextBlock, s);
+  Hacl_Hash_SHA3_state_permute(s);
 }
 
 void
-Hacl_Impl_SHA3_squeeze(
+Hacl_Hash_SHA3_squeeze0(
   uint64_t *s,
   uint32_t rateInBytes,
   uint32_t outputByteLen,
@@ -788,16 +706,16 @@ Hacl_Impl_SHA3_squeeze(
   uint32_t remOut = outputByteLen % rateInBytes;
   uint8_t *last = output + outputByteLen - remOut;
   uint8_t *blocks = output;
-  for (uint32_t i = (uint32_t)0U; i < outBlocks; i++)
+  for (uint32_t i = 0U; i < outBlocks; i++)
   {
     storeState(rateInBytes, s, blocks + i * rateInBytes);
-    Hacl_Impl_SHA3_state_permute(s);
+    Hacl_Hash_SHA3_state_permute(s);
   }
   storeState(remOut, s, last);
 }
 
 void
-Hacl_Impl_SHA3_keccak(
+Hacl_Hash_SHA3_keccak(
   uint32_t rate,
   uint32_t capacity,
   uint32_t inputByteLen,
@@ -807,10 +725,10 @@ Hacl_Impl_SHA3_keccak(
   uint8_t *output
 )
 {
-  KRML_HOST_IGNORE(capacity);
-  uint32_t rateInBytes = rate / (uint32_t)8U;
+  KRML_MAYBE_UNUSED_VAR(capacity);
+  uint32_t rateInBytes = rate / 8U;
   uint64_t s[25U] = { 0U };
   absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix);
-  Hacl_Impl_SHA3_squeeze(s, rateInBytes, outputByteLen, output);
+  Hacl_Hash_SHA3_squeeze0(s, rateInBytes, outputByteLen, output);
 }
 
diff --git a/src/Hacl_K256_ECDSA.c b/src/Hacl_K256_ECDSA.c
index 2ffc1060..bbd2c615 100644
--- a/src/Hacl_K256_ECDSA.c
+++ b/src/Hacl_K256_ECDSA.c
@@ -35,27 +35,27 @@ bn_add(uint32_t aLen, uint64_t *a, uint32_t bLen, uint64_t *b, uint64_t *res)
 {
   uint64_t *a0 = a;
   uint64_t *res0 = res;
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < bLen / (uint32_t)4U; i++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i = 0U; i < bLen / 4U; i++)
   {
-    uint64_t t1 = a0[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res0 + (uint32_t)4U * i;
+    uint64_t t1 = a0[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res0 + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a0[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res0 + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a0[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res0 + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a0[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res0 + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a0[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res0 + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a0[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res0 + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a0[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res0 + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
-  for (uint32_t i = bLen / (uint32_t)4U * (uint32_t)4U; i < bLen; i++)
+  for (uint32_t i = bLen / 4U * 4U; i < bLen; i++)
   {
     uint64_t t1 = a0[i];
     uint64_t t2 = b[i];
@@ -68,26 +68,26 @@ bn_add(uint32_t aLen, uint64_t *a, uint32_t bLen, uint64_t *b, uint64_t *res)
     uint64_t *a1 = a + bLen;
     uint64_t *res1 = res + bLen;
     uint64_t c = c00;
-    for (uint32_t i = (uint32_t)0U; i < (aLen - bLen) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (aLen - bLen) / 4U; i++)
     {
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, 0ULL, res_i);
     }
-    for (uint32_t i = (aLen - bLen) / (uint32_t)4U * (uint32_t)4U; i < aLen - bLen; i++)
+    for (uint32_t i = (aLen - bLen) / 4U * 4U; i < aLen - bLen; i++)
     {
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c1 = c;
     return c1;
@@ -97,23 +97,23 @@ bn_add(uint32_t aLen, uint64_t *a, uint32_t bLen, uint64_t *b, uint64_t *res)
 
 static uint64_t add4(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   return c;
@@ -121,52 +121,52 @@ static uint64_t add4(uint64_t *a, uint64_t *b, uint64_t *res)
 
 static void add_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
@@ -174,53 +174,53 @@ static void add_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 
 static void sub_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & tmp[i]) | (~c2 & res[i]);
     os[i] = x;);
@@ -228,59 +228,59 @@ static void sub_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 
 static void mul4(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t bj = b[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = a[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = a[4U * 0U];
+      uint64_t *res_i0 = res_j + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = a[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = a[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = a[4U * 0U + 3U];
+      uint64_t *res_i = res_j + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
     uint64_t r = c;
-    res[(uint32_t)4U + i0] = r;);
+    res[4U + i0] = r;);
 }
 
 static void sqr4(uint64_t *a, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *ab = a;
     uint64_t a_j = a[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = ab[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = ab[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = ab[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = ab[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint64_t a_i = ab[i];
       uint64_t *res_i = res_j + i;
@@ -288,30 +288,30 @@ static void sqr4(uint64_t *a, uint64_t *res)
     }
     uint64_t r = c;
     res[i0 + i0] = r;);
-  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, res, res);
+  KRML_MAYBE_UNUSED_VAR(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U));
+    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U));
     uint64_t lo = FStar_UInt128_uint128_to_uint64(res1);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;);
+  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, tmp, res);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline uint64_t is_qelem_zero(uint64_t *f)
 {
   uint64_t bn_zero[4U] = { 0U };
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(f[i], bn_zero[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
@@ -325,33 +325,33 @@ static inline bool is_qelem_zero_vartime(uint64_t *f)
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
-  return f0 == (uint64_t)0U && f1 == (uint64_t)0U && f2 == (uint64_t)0U && f3 == (uint64_t)0U;
+  return f0 == 0ULL && f1 == 0ULL && f2 == 0ULL && f3 == 0ULL;
 }
 
 static inline uint64_t load_qelem_check(uint64_t *f, uint8_t *b)
 {
   uint64_t n[4U] = { 0U };
-  n[0U] = (uint64_t)0xbfd25e8cd0364141U;
-  n[1U] = (uint64_t)0xbaaedce6af48a03bU;
-  n[2U] = (uint64_t)0xfffffffffffffffeU;
-  n[3U] = (uint64_t)0xffffffffffffffffU;
+  n[0U] = 0xbfd25e8cd0364141ULL;
+  n[1U] = 0xbaaedce6af48a03bULL;
+  n[2U] = 0xfffffffffffffffeULL;
+  n[3U] = 0xffffffffffffffffULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = f;
-    uint64_t u = load64_be(b + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(b + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
   uint64_t is_zero = is_qelem_zero(f);
-  uint64_t acc = (uint64_t)0U;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(f[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(f[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t is_lt_q = acc;
   return ~is_zero & is_lt_q;
 }
@@ -359,11 +359,11 @@ static inline uint64_t load_qelem_check(uint64_t *f, uint8_t *b)
 static inline bool load_qelem_vartime(uint64_t *f, uint8_t *b)
 {
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = f;
-    uint64_t u = load64_be(b + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(b + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
   bool is_zero = is_qelem_zero_vartime(f);
@@ -372,29 +372,29 @@ static inline bool load_qelem_vartime(uint64_t *f, uint8_t *b)
   uint64_t a2 = f[2U];
   uint64_t a3 = f[3U];
   bool is_lt_q_b;
-  if (a3 < (uint64_t)0xffffffffffffffffU)
+  if (a3 < 0xffffffffffffffffULL)
   {
     is_lt_q_b = true;
   }
-  else if (a2 < (uint64_t)0xfffffffffffffffeU)
+  else if (a2 < 0xfffffffffffffffeULL)
   {
     is_lt_q_b = true;
   }
-  else if (a2 > (uint64_t)0xfffffffffffffffeU)
+  else if (a2 > 0xfffffffffffffffeULL)
   {
     is_lt_q_b = false;
   }
-  else if (a1 < (uint64_t)0xbaaedce6af48a03bU)
+  else if (a1 < 0xbaaedce6af48a03bULL)
   {
     is_lt_q_b = true;
   }
-  else if (a1 > (uint64_t)0xbaaedce6af48a03bU)
+  else if (a1 > 0xbaaedce6af48a03bULL)
   {
     is_lt_q_b = false;
   }
   else
   {
-    is_lt_q_b = a0 < (uint64_t)0xbfd25e8cd0364141U;
+    is_lt_q_b = a0 < 0xbfd25e8cd0364141ULL;
   }
   return !is_zero && is_lt_q_b;
 }
@@ -402,16 +402,16 @@ static inline bool load_qelem_vartime(uint64_t *f, uint8_t *b)
 static inline void modq_short(uint64_t *out, uint64_t *a)
 {
   uint64_t tmp[4U] = { 0U };
-  tmp[0U] = (uint64_t)0x402da1732fc9bebfU;
-  tmp[1U] = (uint64_t)0x4551231950b75fc4U;
-  tmp[2U] = (uint64_t)0x1U;
-  tmp[3U] = (uint64_t)0x0U;
+  tmp[0U] = 0x402da1732fc9bebfULL;
+  tmp[1U] = 0x4551231950b75fc4ULL;
+  tmp[2U] = 0x1ULL;
+  tmp[3U] = 0x0ULL;
   uint64_t c = add4(a, tmp, out);
-  uint64_t mask = (uint64_t)0U - c;
+  uint64_t mask = 0ULL - c;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = out;
     uint64_t x = (mask & out[i]) | (~mask & a[i]);
     os[i] = x;);
@@ -421,35 +421,31 @@ static inline void load_qelem_modq(uint64_t *f, uint8_t *b)
 {
   uint64_t tmp[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = f;
-    uint64_t u = load64_be(b + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(b + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
-  memcpy(tmp, f, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(tmp, f, 4U * sizeof (uint64_t));
   modq_short(f, tmp);
 }
 
 static inline void store_qelem(uint8_t *b, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_be(b + i * (uint32_t)8U, f[(uint32_t)4U - i - (uint32_t)1U]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(b + i * 8U, f[4U - i - 1U]););
 }
 
 static inline void qadd(uint64_t *out, uint64_t *f1, uint64_t *f2)
 {
   uint64_t n[4U] = { 0U };
-  n[0U] = (uint64_t)0xbfd25e8cd0364141U;
-  n[1U] = (uint64_t)0xbaaedce6af48a03bU;
-  n[2U] = (uint64_t)0xfffffffffffffffeU;
-  n[3U] = (uint64_t)0xffffffffffffffffU;
+  n[0U] = 0xbfd25e8cd0364141ULL;
+  n[1U] = 0xbaaedce6af48a03bULL;
+  n[2U] = 0xfffffffffffffffeULL;
+  n[3U] = 0xffffffffffffffffULL;
   add_mod4(n, f1, f2, out);
 }
 
@@ -463,33 +459,33 @@ mul_pow2_256_minus_q_add(
   uint64_t *res
 )
 {
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + (uint32_t)2U);
-  uint64_t tmp[len + (uint32_t)2U];
-  memset(tmp, 0U, (len + (uint32_t)2U) * sizeof (uint64_t));
-  memset(tmp, 0U, (len + (uint32_t)2U) * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), len + 2U);
+  uint64_t tmp[len + 2U];
+  memset(tmp, 0U, (len + 2U) * sizeof (uint64_t));
+  memset(tmp, 0U, (len + 2U) * sizeof (uint64_t));
   KRML_MAYBE_FOR2(i0,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
+    0U,
+    2U,
+    1U,
     uint64_t bj = t01[i0];
     uint64_t *res_j = tmp + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint64_t a_i = a[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = a[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = a[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = a[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = a[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint64_t a_i = a[i];
       uint64_t *res_i = res_j + i;
@@ -497,9 +493,9 @@ mul_pow2_256_minus_q_add(
     }
     uint64_t r = c;
     tmp[len + i0] = r;);
-  memcpy(res + (uint32_t)2U, a, len * sizeof (uint64_t));
-  KRML_HOST_IGNORE(bn_add(resLen, res, len + (uint32_t)2U, tmp, res));
-  uint64_t c = bn_add(resLen, res, (uint32_t)4U, e, res);
+  memcpy(res + 2U, a, len * sizeof (uint64_t));
+  bn_add(resLen, res, len + 2U, tmp, res);
+  uint64_t c = bn_add(resLen, res, 4U, e, res);
   return c;
 }
 
@@ -507,34 +503,23 @@ static inline void modq(uint64_t *out, uint64_t *a)
 {
   uint64_t r[4U] = { 0U };
   uint64_t tmp[4U] = { 0U };
-  tmp[0U] = (uint64_t)0x402da1732fc9bebfU;
-  tmp[1U] = (uint64_t)0x4551231950b75fc4U;
-  tmp[2U] = (uint64_t)0x1U;
-  tmp[3U] = (uint64_t)0x0U;
+  tmp[0U] = 0x402da1732fc9bebfULL;
+  tmp[1U] = 0x4551231950b75fc4ULL;
+  tmp[2U] = 0x1ULL;
+  tmp[3U] = 0x0ULL;
   uint64_t *t01 = tmp;
   uint64_t m[7U] = { 0U };
   uint64_t p[5U] = { 0U };
-  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)4U,
-      (uint32_t)7U,
-      t01,
-      a + (uint32_t)4U,
-      a,
-      m));
-  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)3U,
-      (uint32_t)5U,
-      t01,
-      m + (uint32_t)4U,
-      m,
-      p));
-  uint64_t
-  c2 = mul_pow2_256_minus_q_add((uint32_t)1U, (uint32_t)4U, t01, p + (uint32_t)4U, p, r);
+  mul_pow2_256_minus_q_add(4U, 7U, t01, a + 4U, a, m);
+  mul_pow2_256_minus_q_add(3U, 5U, t01, m + 4U, m, p);
+  uint64_t c2 = mul_pow2_256_minus_q_add(1U, 4U, t01, p + 4U, p, r);
   uint64_t c0 = c2;
   uint64_t c1 = add4(r, tmp, out);
-  uint64_t mask = (uint64_t)0U - (c0 + c1);
+  uint64_t mask = 0ULL - (c0 + c1);
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = out;
     uint64_t x = (mask & out[i]) | (~mask & r[i]);
     os[i] = x;);
@@ -557,10 +542,10 @@ static inline void qsqr(uint64_t *out, uint64_t *f)
 static inline void qnegate_conditional_vartime(uint64_t *f, bool is_negate)
 {
   uint64_t n[4U] = { 0U };
-  n[0U] = (uint64_t)0xbfd25e8cd0364141U;
-  n[1U] = (uint64_t)0xbaaedce6af48a03bU;
-  n[2U] = (uint64_t)0xfffffffffffffffeU;
-  n[3U] = (uint64_t)0xffffffffffffffffU;
+  n[0U] = 0xbfd25e8cd0364141ULL;
+  n[1U] = 0xbaaedce6af48a03bULL;
+  n[2U] = 0xfffffffffffffffeULL;
+  n[3U] = 0xffffffffffffffffULL;
   uint64_t zero[4U] = { 0U };
   if (is_negate)
   {
@@ -574,31 +559,31 @@ static inline bool is_qelem_le_q_halved_vartime(uint64_t *f)
   uint64_t a1 = f[1U];
   uint64_t a2 = f[2U];
   uint64_t a3 = f[3U];
-  if (a3 < (uint64_t)0x7fffffffffffffffU)
+  if (a3 < 0x7fffffffffffffffULL)
   {
     return true;
   }
-  if (a3 > (uint64_t)0x7fffffffffffffffU)
+  if (a3 > 0x7fffffffffffffffULL)
   {
     return false;
   }
-  if (a2 < (uint64_t)0xffffffffffffffffU)
+  if (a2 < 0xffffffffffffffffULL)
   {
     return true;
   }
-  if (a2 > (uint64_t)0xffffffffffffffffU)
+  if (a2 > 0xffffffffffffffffULL)
   {
     return false;
   }
-  if (a1 < (uint64_t)0x5d576e7357a4501dU)
+  if (a1 < 0x5d576e7357a4501dULL)
   {
     return true;
   }
-  if (a1 > (uint64_t)0x5d576e7357a4501dU)
+  if (a1 > 0x5d576e7357a4501dULL)
   {
     return false;
   }
-  return a0 <= (uint64_t)0xdfe92f46681b20a0U;
+  return a0 <= 0xdfe92f46681b20a0ULL;
 }
 
 static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
@@ -606,27 +591,26 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
   uint64_t l[8U] = { 0U };
   mul4(a, b, l);
   uint64_t res_b_padded[4U] = { 0U };
-  memcpy(res_b_padded, l + (uint32_t)6U, (uint32_t)2U * sizeof (uint64_t));
-  uint64_t
-  c0 = Lib_IntTypes_Intrinsics_add_carry_u64((uint64_t)0U, res_b_padded[0U], (uint64_t)1U, res);
-  uint64_t *a1 = res_b_padded + (uint32_t)1U;
-  uint64_t *res1 = res + (uint32_t)1U;
+  memcpy(res_b_padded, l + 6U, 2U * sizeof (uint64_t));
+  uint64_t c0 = Lib_IntTypes_Intrinsics_add_carry_u64(0ULL, res_b_padded[0U], 1ULL, res);
+  uint64_t *a1 = res_b_padded + 1U;
+  uint64_t *res1 = res + 1U;
   uint64_t c = c0;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
+    0U,
+    3U,
+    1U,
     uint64_t t1 = a1[i];
     uint64_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i););
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t flag = l[5U] >> (uint32_t)63U;
-  uint64_t mask = (uint64_t)0U - flag;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t flag = l[5U] >> 63U;
+  uint64_t mask = 0ULL - flag;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (mask & res[i]) | (~mask & res_b_padded[i]);
     os[i] = x;);
@@ -634,7 +618,7 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
 
 static inline void qsquare_times_in_place(uint64_t *out, uint32_t b)
 {
-  for (uint32_t i = (uint32_t)0U; i < b; i++)
+  for (uint32_t i = 0U; i < b; i++)
   {
     qsqr(out, out);
   }
@@ -642,8 +626,8 @@ static inline void qsquare_times_in_place(uint64_t *out, uint32_t b)
 
 static inline void qsquare_times(uint64_t *out, uint64_t *a, uint32_t b)
 {
-  memcpy(out, a, (uint32_t)4U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < b; i++)
+  memcpy(out, a, 4U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < b; i++)
   {
     qsqr(out, out);
   }
@@ -658,7 +642,7 @@ static inline void qinv(uint64_t *out, uint64_t *f)
   uint64_t x_1001[4U] = { 0U };
   uint64_t x_1011[4U] = { 0U };
   uint64_t x_1101[4U] = { 0U };
-  qsquare_times(x_10, f, (uint32_t)1U);
+  qsquare_times(x_10, f, 1U);
   qmul(x_11, x_10, f);
   qmul(x_101, x_10, x_11);
   qmul(x_111, x_10, x_101);
@@ -668,89 +652,89 @@ static inline void qinv(uint64_t *out, uint64_t *f)
   uint64_t x6[4U] = { 0U };
   uint64_t x8[4U] = { 0U };
   uint64_t x14[4U] = { 0U };
-  qsquare_times(x6, x_1101, (uint32_t)2U);
+  qsquare_times(x6, x_1101, 2U);
   qmul(x6, x6, x_1011);
-  qsquare_times(x8, x6, (uint32_t)2U);
+  qsquare_times(x8, x6, 2U);
   qmul(x8, x8, x_11);
-  qsquare_times(x14, x8, (uint32_t)6U);
+  qsquare_times(x14, x8, 6U);
   qmul(x14, x14, x6);
   uint64_t x56[4U] = { 0U };
-  qsquare_times(out, x14, (uint32_t)14U);
+  qsquare_times(out, x14, 14U);
   qmul(out, out, x14);
-  qsquare_times(x56, out, (uint32_t)28U);
+  qsquare_times(x56, out, 28U);
   qmul(x56, x56, out);
-  qsquare_times(out, x56, (uint32_t)56U);
+  qsquare_times(out, x56, 56U);
   qmul(out, out, x56);
-  qsquare_times_in_place(out, (uint32_t)14U);
+  qsquare_times_in_place(out, 14U);
   qmul(out, out, x14);
-  qsquare_times_in_place(out, (uint32_t)3U);
+  qsquare_times_in_place(out, 3U);
   qmul(out, out, x_101);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_101);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_1011);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_1011);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, x_1101);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_101);
-  qsquare_times_in_place(out, (uint32_t)3U);
+  qsquare_times_in_place(out, 3U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_1001);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, x_101);
-  qsquare_times_in_place(out, (uint32_t)10U);
+  qsquare_times_in_place(out, 10U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)9U);
+  qsquare_times_in_place(out, 9U);
   qmul(out, out, x8);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_1001);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, x_1011);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_1101);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_11);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, x_1101);
-  qsquare_times_in_place(out, (uint32_t)10U);
+  qsquare_times_in_place(out, 10U);
   qmul(out, out, x_1101);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_1001);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, f);
-  qsquare_times_in_place(out, (uint32_t)8U);
+  qsquare_times_in_place(out, 8U);
   qmul(out, out, x6);
 }
 
 void Hacl_Impl_K256_Point_make_point_at_inf(uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
-  uint64_t *pz = p + (uint32_t)10U;
-  memset(px, 0U, (uint32_t)5U * sizeof (uint64_t));
-  memset(py, 0U, (uint32_t)5U * sizeof (uint64_t));
-  py[0U] = (uint64_t)1U;
-  memset(pz, 0U, (uint32_t)5U * sizeof (uint64_t));
+  uint64_t *py = p + 5U;
+  uint64_t *pz = p + 10U;
+  memset(px, 0U, 5U * sizeof (uint64_t));
+  memset(py, 0U, 5U * sizeof (uint64_t));
+  py[0U] = 1ULL;
+  memset(pz, 0U, 5U * sizeof (uint64_t));
 }
 
 static inline void to_aff_point(uint64_t *p_aff, uint64_t *p)
 {
   uint64_t *x = p_aff;
-  uint64_t *y = p_aff + (uint32_t)5U;
+  uint64_t *y = p_aff + 5U;
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *y1 = p + 5U;
+  uint64_t *z1 = p + 10U;
   uint64_t zinv[5U] = { 0U };
   Hacl_Impl_K256_Finv_finv(zinv, z1);
   Hacl_K256_Field_fmul(x, x1, zinv);
@@ -762,7 +746,7 @@ static inline void to_aff_point(uint64_t *p_aff, uint64_t *p)
 static inline void to_aff_point_x(uint64_t *x, uint64_t *p)
 {
   uint64_t *x1 = p;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *z1 = p + 10U;
   uint64_t zinv[5U] = { 0U };
   Hacl_Impl_K256_Finv_finv(zinv, z1);
   Hacl_K256_Field_fmul(x, x1, zinv);
@@ -773,13 +757,13 @@ static inline bool is_on_curve_vartime(uint64_t *p)
 {
   uint64_t y2_exp[5U] = { 0U };
   uint64_t *x = p;
-  uint64_t *y = p + (uint32_t)5U;
+  uint64_t *y = p + 5U;
   uint64_t b[5U] = { 0U };
-  b[0U] = (uint64_t)0x7U;
-  b[1U] = (uint64_t)0U;
-  b[2U] = (uint64_t)0U;
-  b[3U] = (uint64_t)0U;
-  b[4U] = (uint64_t)0U;
+  b[0U] = 0x7ULL;
+  b[1U] = 0ULL;
+  b[2U] = 0ULL;
+  b[3U] = 0ULL;
+  b[4U] = 0ULL;
   Hacl_K256_Field_fsqr(y2_exp, x);
   Hacl_K256_Field_fmul(y2_exp, y2_exp, x);
   Hacl_K256_Field_fadd(y2_exp, y2_exp, b);
@@ -795,11 +779,11 @@ static inline bool is_on_curve_vartime(uint64_t *p)
 void Hacl_Impl_K256_Point_point_negate(uint64_t *out, uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
-  uint64_t *pz = p + (uint32_t)10U;
+  uint64_t *py = p + 5U;
+  uint64_t *pz = p + 10U;
   uint64_t *ox = out;
-  uint64_t *oy = out + (uint32_t)5U;
-  uint64_t *oz = out + (uint32_t)10U;
+  uint64_t *oy = out + 5U;
+  uint64_t *oz = out + 10U;
   ox[0U] = px[0U];
   ox[1U] = px[1U];
   ox[2U] = px[2U];
@@ -815,11 +799,11 @@ void Hacl_Impl_K256_Point_point_negate(uint64_t *out, uint64_t *p)
   uint64_t a2 = py[2U];
   uint64_t a3 = py[3U];
   uint64_t a4 = py[4U];
-  uint64_t r0 = (uint64_t)18014381329608892U - a0;
-  uint64_t r1 = (uint64_t)18014398509481980U - a1;
-  uint64_t r2 = (uint64_t)18014398509481980U - a2;
-  uint64_t r3 = (uint64_t)18014398509481980U - a3;
-  uint64_t r4 = (uint64_t)1125899906842620U - a4;
+  uint64_t r0 = 18014381329608892ULL - a0;
+  uint64_t r1 = 18014398509481980ULL - a1;
+  uint64_t r2 = 18014398509481980ULL - a2;
+  uint64_t r3 = 18014398509481980ULL - a3;
+  uint64_t r4 = 1125899906842620ULL - a4;
   uint64_t f0 = r0;
   uint64_t f1 = r1;
   uint64_t f2 = r2;
@@ -845,9 +829,9 @@ static inline void point_negate_conditional_vartime(uint64_t *p, bool is_negate)
 static inline void aff_point_store(uint8_t *out, uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
+  uint64_t *py = p + 5U;
   Hacl_K256_Field_store_felem(out, px);
-  Hacl_K256_Field_store_felem(out + (uint32_t)32U, py);
+  Hacl_K256_Field_store_felem(out + 32U, py);
 }
 
 void Hacl_Impl_K256_Point_point_store(uint8_t *out, uint64_t *p)
@@ -860,9 +844,9 @@ void Hacl_Impl_K256_Point_point_store(uint8_t *out, uint64_t *p)
 bool Hacl_Impl_K256_Point_aff_point_load_vartime(uint64_t *p, uint8_t *b)
 {
   uint8_t *px = b;
-  uint8_t *py = b + (uint32_t)32U;
+  uint8_t *py = b + 32U;
   uint64_t *bn_px = p;
-  uint64_t *bn_py = p + (uint32_t)5U;
+  uint64_t *bn_py = p + 5U;
   bool is_x_valid = Hacl_K256_Field_load_felem_lt_prime_vartime(bn_px, px);
   bool is_y_valid = Hacl_K256_Field_load_felem_lt_prime_vartime(bn_py, py);
   if (is_x_valid && is_y_valid)
@@ -879,14 +863,14 @@ static inline bool load_point_vartime(uint64_t *p, uint8_t *b)
   if (res)
   {
     uint64_t *x = p_aff;
-    uint64_t *y = p_aff + (uint32_t)5U;
+    uint64_t *y = p_aff + 5U;
     uint64_t *x1 = p;
-    uint64_t *y1 = p + (uint32_t)5U;
-    uint64_t *z1 = p + (uint32_t)10U;
-    memcpy(x1, x, (uint32_t)5U * sizeof (uint64_t));
-    memcpy(y1, y, (uint32_t)5U * sizeof (uint64_t));
-    memset(z1, 0U, (uint32_t)5U * sizeof (uint64_t));
-    z1[0U] = (uint64_t)1U;
+    uint64_t *y1 = p + 5U;
+    uint64_t *z1 = p + 10U;
+    memcpy(x1, x, 5U * sizeof (uint64_t));
+    memcpy(y1, y, 5U * sizeof (uint64_t));
+    memset(z1, 0U, 5U * sizeof (uint64_t));
+    z1[0U] = 1ULL;
   }
   return res;
 }
@@ -895,24 +879,24 @@ static inline bool aff_point_decompress_vartime(uint64_t *x, uint64_t *y, uint8_
 {
   uint8_t s0 = s[0U];
   uint8_t s01 = s0;
-  if (!(s01 == (uint8_t)0x02U || s01 == (uint8_t)0x03U))
+  if (!(s01 == 0x02U || s01 == 0x03U))
   {
     return false;
   }
-  uint8_t *xb = s + (uint32_t)1U;
+  uint8_t *xb = s + 1U;
   bool is_x_valid = Hacl_K256_Field_load_felem_lt_prime_vartime(x, xb);
-  bool is_y_odd = s01 == (uint8_t)0x03U;
+  bool is_y_odd = s01 == 0x03U;
   if (!is_x_valid)
   {
     return false;
   }
   uint64_t y2[5U] = { 0U };
   uint64_t b[5U] = { 0U };
-  b[0U] = (uint64_t)0x7U;
-  b[1U] = (uint64_t)0U;
-  b[2U] = (uint64_t)0U;
-  b[3U] = (uint64_t)0U;
-  b[4U] = (uint64_t)0U;
+  b[0U] = 0x7ULL;
+  b[1U] = 0ULL;
+  b[2U] = 0ULL;
+  b[3U] = 0ULL;
+  b[4U] = 0ULL;
   Hacl_K256_Field_fsqr(y2, x);
   Hacl_K256_Field_fmul(y2, y2, x);
   Hacl_K256_Field_fadd(y2, y2, b);
@@ -930,7 +914,7 @@ static inline bool aff_point_decompress_vartime(uint64_t *x, uint64_t *y, uint8_
     return false;
   }
   uint64_t x0 = y[0U];
-  bool is_y_odd1 = (x0 & (uint64_t)1U) == (uint64_t)1U;
+  bool is_y_odd1 = (x0 & 1ULL) == 1ULL;
   Hacl_K256_Field_fnegate_conditional_vartime(y, is_y_odd1 != is_y_odd);
   return true;
 }
@@ -939,33 +923,33 @@ void Hacl_Impl_K256_PointDouble_point_double(uint64_t *out, uint64_t *p)
 {
   uint64_t tmp[25U] = { 0U };
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *y1 = p + 5U;
+  uint64_t *z1 = p + 10U;
   uint64_t *x3 = out;
-  uint64_t *y3 = out + (uint32_t)5U;
-  uint64_t *z3 = out + (uint32_t)10U;
+  uint64_t *y3 = out + 5U;
+  uint64_t *z3 = out + 10U;
   uint64_t *yy = tmp;
-  uint64_t *zz = tmp + (uint32_t)5U;
-  uint64_t *bzz3 = tmp + (uint32_t)10U;
-  uint64_t *bzz9 = tmp + (uint32_t)15U;
-  uint64_t *tmp1 = tmp + (uint32_t)20U;
+  uint64_t *zz = tmp + 5U;
+  uint64_t *bzz3 = tmp + 10U;
+  uint64_t *bzz9 = tmp + 15U;
+  uint64_t *tmp1 = tmp + 20U;
   Hacl_K256_Field_fsqr(yy, y1);
   Hacl_K256_Field_fsqr(zz, z1);
-  Hacl_K256_Field_fmul_small_num(x3, x1, (uint64_t)2U);
+  Hacl_K256_Field_fmul_small_num(x3, x1, 2ULL);
   Hacl_K256_Field_fmul(x3, x3, y1);
   Hacl_K256_Field_fmul(tmp1, yy, y1);
   Hacl_K256_Field_fmul(z3, tmp1, z1);
-  Hacl_K256_Field_fmul_small_num(z3, z3, (uint64_t)8U);
+  Hacl_K256_Field_fmul_small_num(z3, z3, 8ULL);
   Hacl_K256_Field_fnormalize_weak(z3, z3);
-  Hacl_K256_Field_fmul_small_num(bzz3, zz, (uint64_t)21U);
+  Hacl_K256_Field_fmul_small_num(bzz3, zz, 21ULL);
   Hacl_K256_Field_fnormalize_weak(bzz3, bzz3);
-  Hacl_K256_Field_fmul_small_num(bzz9, bzz3, (uint64_t)3U);
-  Hacl_K256_Field_fsub(bzz9, yy, bzz9, (uint64_t)6U);
+  Hacl_K256_Field_fmul_small_num(bzz9, bzz3, 3ULL);
+  Hacl_K256_Field_fsub(bzz9, yy, bzz9, 6ULL);
   Hacl_K256_Field_fadd(tmp1, yy, bzz3);
   Hacl_K256_Field_fmul(tmp1, bzz9, tmp1);
   Hacl_K256_Field_fmul(y3, yy, zz);
   Hacl_K256_Field_fmul(x3, x3, bzz9);
-  Hacl_K256_Field_fmul_small_num(y3, y3, (uint64_t)168U);
+  Hacl_K256_Field_fmul_small_num(y3, y3, 168ULL);
   Hacl_K256_Field_fadd(y3, tmp1, y3);
   Hacl_K256_Field_fnormalize_weak(y3, y3);
 }
@@ -974,23 +958,23 @@ void Hacl_Impl_K256_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *q)
 {
   uint64_t tmp[45U] = { 0U };
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *y1 = p + 5U;
+  uint64_t *z1 = p + 10U;
   uint64_t *x2 = q;
-  uint64_t *y2 = q + (uint32_t)5U;
-  uint64_t *z2 = q + (uint32_t)10U;
+  uint64_t *y2 = q + 5U;
+  uint64_t *z2 = q + 10U;
   uint64_t *x3 = out;
-  uint64_t *y3 = out + (uint32_t)5U;
-  uint64_t *z3 = out + (uint32_t)10U;
+  uint64_t *y3 = out + 5U;
+  uint64_t *z3 = out + 10U;
   uint64_t *xx = tmp;
-  uint64_t *yy = tmp + (uint32_t)5U;
-  uint64_t *zz = tmp + (uint32_t)10U;
-  uint64_t *xy_pairs = tmp + (uint32_t)15U;
-  uint64_t *yz_pairs = tmp + (uint32_t)20U;
-  uint64_t *xz_pairs = tmp + (uint32_t)25U;
-  uint64_t *yy_m_bzz3 = tmp + (uint32_t)30U;
-  uint64_t *yy_p_bzz3 = tmp + (uint32_t)35U;
-  uint64_t *tmp1 = tmp + (uint32_t)40U;
+  uint64_t *yy = tmp + 5U;
+  uint64_t *zz = tmp + 10U;
+  uint64_t *xy_pairs = tmp + 15U;
+  uint64_t *yz_pairs = tmp + 20U;
+  uint64_t *xz_pairs = tmp + 25U;
+  uint64_t *yy_m_bzz3 = tmp + 30U;
+  uint64_t *yy_p_bzz3 = tmp + 35U;
+  uint64_t *tmp1 = tmp + 40U;
   Hacl_K256_Field_fmul(xx, x1, x2);
   Hacl_K256_Field_fmul(yy, y1, y2);
   Hacl_K256_Field_fmul(zz, z1, z2);
@@ -998,29 +982,29 @@ void Hacl_Impl_K256_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *q)
   Hacl_K256_Field_fadd(tmp1, x2, y2);
   Hacl_K256_Field_fmul(xy_pairs, xy_pairs, tmp1);
   Hacl_K256_Field_fadd(tmp1, xx, yy);
-  Hacl_K256_Field_fsub(xy_pairs, xy_pairs, tmp1, (uint64_t)4U);
+  Hacl_K256_Field_fsub(xy_pairs, xy_pairs, tmp1, 4ULL);
   Hacl_K256_Field_fadd(yz_pairs, y1, z1);
   Hacl_K256_Field_fadd(tmp1, y2, z2);
   Hacl_K256_Field_fmul(yz_pairs, yz_pairs, tmp1);
   Hacl_K256_Field_fadd(tmp1, yy, zz);
-  Hacl_K256_Field_fsub(yz_pairs, yz_pairs, tmp1, (uint64_t)4U);
+  Hacl_K256_Field_fsub(yz_pairs, yz_pairs, tmp1, 4ULL);
   Hacl_K256_Field_fadd(xz_pairs, x1, z1);
   Hacl_K256_Field_fadd(tmp1, x2, z2);
   Hacl_K256_Field_fmul(xz_pairs, xz_pairs, tmp1);
   Hacl_K256_Field_fadd(tmp1, xx, zz);
-  Hacl_K256_Field_fsub(xz_pairs, xz_pairs, tmp1, (uint64_t)4U);
-  Hacl_K256_Field_fmul_small_num(tmp1, zz, (uint64_t)21U);
+  Hacl_K256_Field_fsub(xz_pairs, xz_pairs, tmp1, 4ULL);
+  Hacl_K256_Field_fmul_small_num(tmp1, zz, 21ULL);
   Hacl_K256_Field_fnormalize_weak(tmp1, tmp1);
-  Hacl_K256_Field_fsub(yy_m_bzz3, yy, tmp1, (uint64_t)2U);
+  Hacl_K256_Field_fsub(yy_m_bzz3, yy, tmp1, 2ULL);
   Hacl_K256_Field_fadd(yy_p_bzz3, yy, tmp1);
-  Hacl_K256_Field_fmul_small_num(x3, yz_pairs, (uint64_t)21U);
+  Hacl_K256_Field_fmul_small_num(x3, yz_pairs, 21ULL);
   Hacl_K256_Field_fnormalize_weak(x3, x3);
-  Hacl_K256_Field_fmul_small_num(z3, xx, (uint64_t)3U);
-  Hacl_K256_Field_fmul_small_num(y3, z3, (uint64_t)21U);
+  Hacl_K256_Field_fmul_small_num(z3, xx, 3ULL);
+  Hacl_K256_Field_fmul_small_num(y3, z3, 21ULL);
   Hacl_K256_Field_fnormalize_weak(y3, y3);
   Hacl_K256_Field_fmul(tmp1, xy_pairs, yy_m_bzz3);
   Hacl_K256_Field_fmul(x3, x3, xz_pairs);
-  Hacl_K256_Field_fsub(x3, tmp1, x3, (uint64_t)2U);
+  Hacl_K256_Field_fsub(x3, tmp1, x3, 2ULL);
   Hacl_K256_Field_fnormalize_weak(x3, x3);
   Hacl_K256_Field_fmul(tmp1, yy_p_bzz3, yy_m_bzz3);
   Hacl_K256_Field_fmul(y3, y3, xz_pairs);
@@ -1036,30 +1020,30 @@ static inline void scalar_split_lambda(uint64_t *r1, uint64_t *r2, uint64_t *k)
 {
   uint64_t tmp1[4U] = { 0U };
   uint64_t tmp2[4U] = { 0U };
-  tmp1[0U] = (uint64_t)0xe893209a45dbb031U;
-  tmp1[1U] = (uint64_t)0x3daa8a1471e8ca7fU;
-  tmp1[2U] = (uint64_t)0xe86c90e49284eb15U;
-  tmp1[3U] = (uint64_t)0x3086d221a7d46bcdU;
-  tmp2[0U] = (uint64_t)0x1571b4ae8ac47f71U;
-  tmp2[1U] = (uint64_t)0x221208ac9df506c6U;
-  tmp2[2U] = (uint64_t)0x6f547fa90abfe4c4U;
-  tmp2[3U] = (uint64_t)0xe4437ed6010e8828U;
+  tmp1[0U] = 0xe893209a45dbb031ULL;
+  tmp1[1U] = 0x3daa8a1471e8ca7fULL;
+  tmp1[2U] = 0xe86c90e49284eb15ULL;
+  tmp1[3U] = 0x3086d221a7d46bcdULL;
+  tmp2[0U] = 0x1571b4ae8ac47f71ULL;
+  tmp2[1U] = 0x221208ac9df506c6ULL;
+  tmp2[2U] = 0x6f547fa90abfe4c4ULL;
+  tmp2[3U] = 0xe4437ed6010e8828ULL;
   qmul_shift_384(r1, k, tmp1);
   qmul_shift_384(r2, k, tmp2);
-  tmp1[0U] = (uint64_t)0x6f547fa90abfe4c3U;
-  tmp1[1U] = (uint64_t)0xe4437ed6010e8828U;
-  tmp1[2U] = (uint64_t)0x0U;
-  tmp1[3U] = (uint64_t)0x0U;
-  tmp2[0U] = (uint64_t)0xd765cda83db1562cU;
-  tmp2[1U] = (uint64_t)0x8a280ac50774346dU;
-  tmp2[2U] = (uint64_t)0xfffffffffffffffeU;
-  tmp2[3U] = (uint64_t)0xffffffffffffffffU;
+  tmp1[0U] = 0x6f547fa90abfe4c3ULL;
+  tmp1[1U] = 0xe4437ed6010e8828ULL;
+  tmp1[2U] = 0x0ULL;
+  tmp1[3U] = 0x0ULL;
+  tmp2[0U] = 0xd765cda83db1562cULL;
+  tmp2[1U] = 0x8a280ac50774346dULL;
+  tmp2[2U] = 0xfffffffffffffffeULL;
+  tmp2[3U] = 0xffffffffffffffffULL;
   qmul(r1, r1, tmp1);
   qmul(r2, r2, tmp2);
-  tmp1[0U] = (uint64_t)0xe0cfc810b51283cfU;
-  tmp1[1U] = (uint64_t)0xa880b9fc8ec739c2U;
-  tmp1[2U] = (uint64_t)0x5ad9e3fd77ed9ba4U;
-  tmp1[3U] = (uint64_t)0xac9c52b33fa3cf1fU;
+  tmp1[0U] = 0xe0cfc810b51283cfULL;
+  tmp1[1U] = 0xa880b9fc8ec739c2ULL;
+  tmp1[2U] = 0x5ad9e3fd77ed9ba4ULL;
+  tmp1[3U] = 0xac9c52b33fa3cf1fULL;
   qadd(r2, r1, r2);
   qmul(tmp2, r2, tmp1);
   qadd(r1, k, tmp2);
@@ -1068,17 +1052,17 @@ static inline void scalar_split_lambda(uint64_t *r1, uint64_t *r2, uint64_t *k)
 static inline void point_mul_lambda(uint64_t *res, uint64_t *p)
 {
   uint64_t *rx = res;
-  uint64_t *ry = res + (uint32_t)5U;
-  uint64_t *rz = res + (uint32_t)10U;
+  uint64_t *ry = res + 5U;
+  uint64_t *rz = res + 10U;
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
-  uint64_t *pz = p + (uint32_t)10U;
+  uint64_t *py = p + 5U;
+  uint64_t *pz = p + 10U;
   uint64_t beta[5U] = { 0U };
-  beta[0U] = (uint64_t)0x96c28719501eeU;
-  beta[1U] = (uint64_t)0x7512f58995c13U;
-  beta[2U] = (uint64_t)0xc3434e99cf049U;
-  beta[3U] = (uint64_t)0x7106e64479eaU;
-  beta[4U] = (uint64_t)0x7ae96a2b657cU;
+  beta[0U] = 0x96c28719501eeULL;
+  beta[1U] = 0x7512f58995c13ULL;
+  beta[2U] = 0xc3434e99cf049ULL;
+  beta[3U] = 0x7106e64479eaULL;
+  beta[4U] = 0x7ae96a2b657cULL;
   Hacl_K256_Field_fmul(rx, beta, px);
   ry[0U] = py[0U];
   ry[1U] = py[1U];
@@ -1096,11 +1080,11 @@ static inline void point_mul_lambda_inplace(uint64_t *res)
 {
   uint64_t *rx = res;
   uint64_t beta[5U] = { 0U };
-  beta[0U] = (uint64_t)0x96c28719501eeU;
-  beta[1U] = (uint64_t)0x7512f58995c13U;
-  beta[2U] = (uint64_t)0xc3434e99cf049U;
-  beta[3U] = (uint64_t)0x7106e64479eaU;
-  beta[4U] = (uint64_t)0x7ae96a2b657cU;
+  beta[0U] = 0x96c28719501eeULL;
+  beta[1U] = 0x7512f58995c13ULL;
+  beta[2U] = 0xc3434e99cf049ULL;
+  beta[3U] = 0x7106e64479eaULL;
+  beta[4U] = 0x7ae96a2b657cULL;
   Hacl_K256_Field_fmul(rx, beta, rx);
 }
 
@@ -1123,7 +1107,7 @@ ecmult_endo_split(
 {
   scalar_split_lambda(r1, r2, scalar);
   point_mul_lambda(q2, q);
-  memcpy(q1, q, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(q1, q, 15U * sizeof (uint64_t));
   bool b0 = is_qelem_le_q_halved_vartime(r1);
   qnegate_conditional_vartime(r1, !b0);
   point_negate_conditional_vartime(q1, !b0);
@@ -1140,45 +1124,37 @@ void Hacl_Impl_K256_PointMul_point_mul(uint64_t *out, uint64_t *scalar, uint64_t
   uint64_t table[240U] = { 0U };
   uint64_t tmp[15U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)15U;
+  uint64_t *t1 = table + 15U;
   Hacl_Impl_K256_Point_make_point_at_inf(t0);
-  memcpy(t1, q, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(t1, q, 15U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)15U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 15U;
     Hacl_Impl_K256_PointDouble_point_double(tmp, t11);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U;
+    memcpy(table + (2U * i + 2U) * 15U, tmp, 15U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 15U;
     Hacl_Impl_K256_PointAdd_point_add(tmp, q, t2);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t)););
+    memcpy(table + (2U * i + 3U) * 15U, tmp, 15U * sizeof (uint64_t)););
   Hacl_Impl_K256_Point_make_point_at_inf(out);
   uint64_t tmp0[15U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      Hacl_Impl_K256_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)256U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)15U * sizeof (uint64_t));
+    KRML_MAYBE_FOR4(i, 0U, 4U, 1U, Hacl_Impl_K256_PointDouble_point_double(out, out););
+    uint32_t k = 256U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 15U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)15U;
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 15U;
       KRML_MAYBE_FOR15(i,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
+        0U,
+        15U,
+        1U,
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;););
@@ -1188,17 +1164,17 @@ void Hacl_Impl_K256_PointMul_point_mul(uint64_t *out, uint64_t *scalar, uint64_t
 
 static inline void precomp_get_consttime(const uint64_t *table, uint64_t bits_l, uint64_t *tmp)
 {
-  memcpy(tmp, (uint64_t *)table, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(tmp, (uint64_t *)table, 15U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i0,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + (uint32_t)1U));
-    const uint64_t *res_j = table + (i0 + (uint32_t)1U) * (uint32_t)15U;
+    0U,
+    15U,
+    1U,
+    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + 1U));
+    const uint64_t *res_j = table + (i0 + 1U) * 15U;
     KRML_MAYBE_FOR15(i,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
+      0U,
+      15U,
+      1U,
       uint64_t *os = tmp;
       uint64_t x = (c & res_j[i]) | (~c & tmp[i]);
       os[i] = x;););
@@ -1208,79 +1184,72 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
 {
   uint64_t q1[15U] = { 0U };
   uint64_t *gx = q1;
-  uint64_t *gy = q1 + (uint32_t)5U;
-  uint64_t *gz = q1 + (uint32_t)10U;
-  gx[0U] = (uint64_t)0x2815b16f81798U;
-  gx[1U] = (uint64_t)0xdb2dce28d959fU;
-  gx[2U] = (uint64_t)0xe870b07029bfcU;
-  gx[3U] = (uint64_t)0xbbac55a06295cU;
-  gx[4U] = (uint64_t)0x79be667ef9dcU;
-  gy[0U] = (uint64_t)0x7d08ffb10d4b8U;
-  gy[1U] = (uint64_t)0x48a68554199c4U;
-  gy[2U] = (uint64_t)0xe1108a8fd17b4U;
-  gy[3U] = (uint64_t)0xc4655da4fbfc0U;
-  gy[4U] = (uint64_t)0x483ada7726a3U;
-  memset(gz, 0U, (uint32_t)5U * sizeof (uint64_t));
-  gz[0U] = (uint64_t)1U;
+  uint64_t *gy = q1 + 5U;
+  uint64_t *gz = q1 + 10U;
+  gx[0U] = 0x2815b16f81798ULL;
+  gx[1U] = 0xdb2dce28d959fULL;
+  gx[2U] = 0xe870b07029bfcULL;
+  gx[3U] = 0xbbac55a06295cULL;
+  gx[4U] = 0x79be667ef9dcULL;
+  gy[0U] = 0x7d08ffb10d4b8ULL;
+  gy[1U] = 0x48a68554199c4ULL;
+  gy[2U] = 0xe1108a8fd17b4ULL;
+  gy[3U] = 0xc4655da4fbfc0ULL;
+  gy[4U] = 0x483ada7726a3ULL;
+  memset(gz, 0U, 5U * sizeof (uint64_t));
+  gz[0U] = 1ULL;
   uint64_t
   q2[15U] =
     {
-      (uint64_t)4496295042185355U, (uint64_t)3125448202219451U, (uint64_t)1239608518490046U,
-      (uint64_t)2687445637493112U, (uint64_t)77979604880139U, (uint64_t)3360310474215011U,
-      (uint64_t)1216410458165163U, (uint64_t)177901593587973U, (uint64_t)3209978938104985U,
-      (uint64_t)118285133003718U, (uint64_t)434519962075150U, (uint64_t)1114612377498854U,
-      (uint64_t)3488596944003813U, (uint64_t)450716531072892U, (uint64_t)66044973203836U
+      4496295042185355ULL, 3125448202219451ULL, 1239608518490046ULL, 2687445637493112ULL,
+      77979604880139ULL, 3360310474215011ULL, 1216410458165163ULL, 177901593587973ULL,
+      3209978938104985ULL, 118285133003718ULL, 434519962075150ULL, 1114612377498854ULL,
+      3488596944003813ULL, 450716531072892ULL, 66044973203836ULL
     };
-  KRML_HOST_IGNORE(q2);
+  KRML_MAYBE_UNUSED_VAR(q2);
   uint64_t
   q3[15U] =
     {
-      (uint64_t)1277614565900951U, (uint64_t)378671684419493U, (uint64_t)3176260448102880U,
-      (uint64_t)1575691435565077U, (uint64_t)167304528382180U, (uint64_t)2600787765776588U,
-      (uint64_t)7497946149293U, (uint64_t)2184272641272202U, (uint64_t)2200235265236628U,
-      (uint64_t)265969268774814U, (uint64_t)1913228635640715U, (uint64_t)2831959046949342U,
-      (uint64_t)888030405442963U, (uint64_t)1817092932985033U, (uint64_t)101515844997121U
+      1277614565900951ULL, 378671684419493ULL, 3176260448102880ULL, 1575691435565077ULL,
+      167304528382180ULL, 2600787765776588ULL, 7497946149293ULL, 2184272641272202ULL,
+      2200235265236628ULL, 265969268774814ULL, 1913228635640715ULL, 2831959046949342ULL,
+      888030405442963ULL, 1817092932985033ULL, 101515844997121ULL
     };
-  KRML_HOST_IGNORE(q3);
+  KRML_MAYBE_UNUSED_VAR(q3);
   uint64_t
   q4[15U] =
     {
-      (uint64_t)34056422761564U, (uint64_t)3315864838337811U, (uint64_t)3797032336888745U,
-      (uint64_t)2580641850480806U, (uint64_t)208048944042500U, (uint64_t)1233795288689421U,
-      (uint64_t)1048795233382631U, (uint64_t)646545158071530U, (uint64_t)1816025742137285U,
-      (uint64_t)12245672982162U, (uint64_t)2119364213800870U, (uint64_t)2034960311715107U,
-      (uint64_t)3172697815804487U, (uint64_t)4185144850224160U, (uint64_t)2792055915674U
+      34056422761564ULL, 3315864838337811ULL, 3797032336888745ULL, 2580641850480806ULL,
+      208048944042500ULL, 1233795288689421ULL, 1048795233382631ULL, 646545158071530ULL,
+      1816025742137285ULL, 12245672982162ULL, 2119364213800870ULL, 2034960311715107ULL,
+      3172697815804487ULL, 4185144850224160ULL, 2792055915674ULL
     };
-  KRML_HOST_IGNORE(q4);
+  KRML_MAYBE_UNUSED_VAR(q4);
   uint64_t *r1 = scalar;
-  uint64_t *r2 = scalar + (uint32_t)1U;
-  uint64_t *r3 = scalar + (uint32_t)2U;
-  uint64_t *r4 = scalar + (uint32_t)3U;
+  uint64_t *r2 = scalar + 1U;
+  uint64_t *r3 = scalar + 2U;
+  uint64_t *r4 = scalar + 3U;
   Hacl_Impl_K256_Point_make_point_at_inf(out);
   uint64_t tmp[15U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      Hacl_Impl_K256_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r4, k, (uint32_t)4U);
+    0U,
+    16U,
+    1U,
+    KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, Hacl_Impl_K256_PointDouble_point_double(out, out););
+    uint32_t k = 64U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r4, k, 4U);
     precomp_get_consttime(Hacl_K256_PrecompTable_precomp_g_pow2_192_table_w4, bits_l, tmp);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp);
-    uint32_t k0 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r3, k0, (uint32_t)4U);
+    uint32_t k0 = 64U - 4U * i - 4U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r3, k0, 4U);
     precomp_get_consttime(Hacl_K256_PrecompTable_precomp_g_pow2_128_table_w4, bits_l0, tmp);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp);
-    uint32_t k1 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r2, k1, (uint32_t)4U);
+    uint32_t k1 = 64U - 4U * i - 4U;
+    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r2, k1, 4U);
     precomp_get_consttime(Hacl_K256_PrecompTable_precomp_g_pow2_64_table_w4, bits_l1, tmp);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp);
-    uint32_t k2 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
+    uint32_t k2 = 64U - 4U * i - 4U;
+    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r1, k2, 4U);
     precomp_get_consttime(Hacl_K256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp););
 }
@@ -1290,75 +1259,65 @@ point_mul_g_double_vartime(uint64_t *out, uint64_t *scalar1, uint64_t *scalar2,
 {
   uint64_t q1[15U] = { 0U };
   uint64_t *gx = q1;
-  uint64_t *gy = q1 + (uint32_t)5U;
-  uint64_t *gz = q1 + (uint32_t)10U;
-  gx[0U] = (uint64_t)0x2815b16f81798U;
-  gx[1U] = (uint64_t)0xdb2dce28d959fU;
-  gx[2U] = (uint64_t)0xe870b07029bfcU;
-  gx[3U] = (uint64_t)0xbbac55a06295cU;
-  gx[4U] = (uint64_t)0x79be667ef9dcU;
-  gy[0U] = (uint64_t)0x7d08ffb10d4b8U;
-  gy[1U] = (uint64_t)0x48a68554199c4U;
-  gy[2U] = (uint64_t)0xe1108a8fd17b4U;
-  gy[3U] = (uint64_t)0xc4655da4fbfc0U;
-  gy[4U] = (uint64_t)0x483ada7726a3U;
-  memset(gz, 0U, (uint32_t)5U * sizeof (uint64_t));
-  gz[0U] = (uint64_t)1U;
+  uint64_t *gy = q1 + 5U;
+  uint64_t *gz = q1 + 10U;
+  gx[0U] = 0x2815b16f81798ULL;
+  gx[1U] = 0xdb2dce28d959fULL;
+  gx[2U] = 0xe870b07029bfcULL;
+  gx[3U] = 0xbbac55a06295cULL;
+  gx[4U] = 0x79be667ef9dcULL;
+  gy[0U] = 0x7d08ffb10d4b8ULL;
+  gy[1U] = 0x48a68554199c4ULL;
+  gy[2U] = 0xe1108a8fd17b4ULL;
+  gy[3U] = 0xc4655da4fbfc0ULL;
+  gy[4U] = 0x483ada7726a3ULL;
+  memset(gz, 0U, 5U * sizeof (uint64_t));
+  gz[0U] = 1ULL;
   uint64_t table2[480U] = { 0U };
   uint64_t tmp[15U] = { 0U };
   uint64_t *t0 = table2;
-  uint64_t *t1 = table2 + (uint32_t)15U;
+  uint64_t *t1 = table2 + 15U;
   Hacl_Impl_K256_Point_make_point_at_inf(t0);
-  memcpy(t1, q2, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(t1, q2, 15U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t *t11 = table2 + (i + (uint32_t)1U) * (uint32_t)15U;
+    0U,
+    15U,
+    1U,
+    uint64_t *t11 = table2 + (i + 1U) * 15U;
     Hacl_Impl_K256_PointDouble_point_double(tmp, t11);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t));
-    uint64_t *t2 = table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U;
+    memcpy(table2 + (2U * i + 2U) * 15U, tmp, 15U * sizeof (uint64_t));
+    uint64_t *t2 = table2 + (2U * i + 2U) * 15U;
     Hacl_Impl_K256_PointAdd_point_add(tmp, q2, t2);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t)););
+    memcpy(table2 + (2U * i + 3U) * 15U, tmp, 15U * sizeof (uint64_t)););
   uint64_t tmp0[15U] = { 0U };
-  uint32_t i0 = (uint32_t)255U;
-  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, i0, (uint32_t)5U);
+  uint32_t i0 = 255U;
+  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar1, i0, 5U);
   uint32_t bits_l32 = (uint32_t)bits_c;
-  const
-  uint64_t
-  *a_bits_l = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * (uint32_t)15U;
-  memcpy(out, (uint64_t *)a_bits_l, (uint32_t)15U * sizeof (uint64_t));
-  uint32_t i1 = (uint32_t)255U;
-  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, i1, (uint32_t)5U);
+  const uint64_t *a_bits_l = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * 15U;
+  memcpy(out, (uint64_t *)a_bits_l, 15U * sizeof (uint64_t));
+  uint32_t i1 = 255U;
+  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar2, i1, 5U);
   uint32_t bits_l320 = (uint32_t)bits_c0;
-  const uint64_t *a_bits_l0 = table2 + bits_l320 * (uint32_t)15U;
-  memcpy(tmp0, (uint64_t *)a_bits_l0, (uint32_t)15U * sizeof (uint64_t));
+  const uint64_t *a_bits_l0 = table2 + bits_l320 * 15U;
+  memcpy(tmp0, (uint64_t *)a_bits_l0, 15U * sizeof (uint64_t));
   Hacl_Impl_K256_PointAdd_point_add(out, out, tmp0);
   uint64_t tmp1[15U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)51U; i++)
+  for (uint32_t i = 0U; i < 51U; i++)
   {
-    KRML_MAYBE_FOR5(i2,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      Hacl_Impl_K256_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, k, (uint32_t)5U);
+    KRML_MAYBE_FOR5(i2, 0U, 5U, 1U, Hacl_Impl_K256_PointDouble_point_double(out, out););
+    uint32_t k = 255U - 5U * i - 5U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar2, k, 5U);
     uint32_t bits_l321 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l1 = table2 + bits_l321 * (uint32_t)15U;
-    memcpy(tmp1, (uint64_t *)a_bits_l1, (uint32_t)15U * sizeof (uint64_t));
+    const uint64_t *a_bits_l1 = table2 + bits_l321 * 15U;
+    memcpy(tmp1, (uint64_t *)a_bits_l1, 15U * sizeof (uint64_t));
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp1);
-    uint32_t k0 = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, k0, (uint32_t)5U);
+    uint32_t k0 = 255U - 5U * i - 5U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar1, k0, 5U);
     uint32_t bits_l322 = (uint32_t)bits_l0;
     const
     uint64_t
-    *a_bits_l2 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * (uint32_t)15U;
-    memcpy(tmp1, (uint64_t *)a_bits_l2, (uint32_t)15U * sizeof (uint64_t));
+    *a_bits_l2 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * 15U;
+    memcpy(tmp1, (uint64_t *)a_bits_l2, 15U * sizeof (uint64_t));
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp1);
   }
 }
@@ -1380,99 +1339,89 @@ point_mul_g_double_split_lambda_table(
   uint64_t table2[480U] = { 0U };
   uint64_t tmp[15U] = { 0U };
   uint64_t *t0 = table2;
-  uint64_t *t1 = table2 + (uint32_t)15U;
+  uint64_t *t1 = table2 + 15U;
   Hacl_Impl_K256_Point_make_point_at_inf(t0);
-  memcpy(t1, p2, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(t1, p2, 15U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t *t11 = table2 + (i + (uint32_t)1U) * (uint32_t)15U;
+    0U,
+    15U,
+    1U,
+    uint64_t *t11 = table2 + (i + 1U) * 15U;
     Hacl_Impl_K256_PointDouble_point_double(tmp, t11);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t));
-    uint64_t *t2 = table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U;
+    memcpy(table2 + (2U * i + 2U) * 15U, tmp, 15U * sizeof (uint64_t));
+    uint64_t *t2 = table2 + (2U * i + 2U) * 15U;
     Hacl_Impl_K256_PointAdd_point_add(tmp, p2, t2);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t)););
+    memcpy(table2 + (2U * i + 3U) * 15U, tmp, 15U * sizeof (uint64_t)););
   uint64_t tmp0[15U] = { 0U };
   uint64_t tmp1[15U] = { 0U };
-  uint32_t i0 = (uint32_t)125U;
-  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r1, i0, (uint32_t)5U);
+  uint32_t i0 = 125U;
+  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r1, i0, 5U);
   uint32_t bits_l32 = (uint32_t)bits_c;
-  const
-  uint64_t
-  *a_bits_l = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * (uint32_t)15U;
-  memcpy(out, (uint64_t *)a_bits_l, (uint32_t)15U * sizeof (uint64_t));
+  const uint64_t *a_bits_l = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * 15U;
+  memcpy(out, (uint64_t *)a_bits_l, 15U * sizeof (uint64_t));
   point_negate_conditional_vartime(out, is_negate1);
-  uint32_t i1 = (uint32_t)125U;
-  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r2, i1, (uint32_t)5U);
+  uint32_t i1 = 125U;
+  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r2, i1, 5U);
   uint32_t bits_l320 = (uint32_t)bits_c0;
   const
   uint64_t
-  *a_bits_l0 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l320 * (uint32_t)15U;
-  memcpy(tmp1, (uint64_t *)a_bits_l0, (uint32_t)15U * sizeof (uint64_t));
+  *a_bits_l0 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l320 * 15U;
+  memcpy(tmp1, (uint64_t *)a_bits_l0, 15U * sizeof (uint64_t));
   point_negate_conditional_vartime(tmp1, is_negate2);
   point_mul_lambda_inplace(tmp1);
   Hacl_Impl_K256_PointAdd_point_add(out, out, tmp1);
   uint64_t tmp10[15U] = { 0U };
-  uint32_t i2 = (uint32_t)125U;
-  uint64_t bits_c1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r3, i2, (uint32_t)5U);
+  uint32_t i2 = 125U;
+  uint64_t bits_c1 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r3, i2, 5U);
   uint32_t bits_l321 = (uint32_t)bits_c1;
-  const uint64_t *a_bits_l1 = table2 + bits_l321 * (uint32_t)15U;
-  memcpy(tmp0, (uint64_t *)a_bits_l1, (uint32_t)15U * sizeof (uint64_t));
+  const uint64_t *a_bits_l1 = table2 + bits_l321 * 15U;
+  memcpy(tmp0, (uint64_t *)a_bits_l1, 15U * sizeof (uint64_t));
   point_negate_conditional_vartime(tmp0, is_negate3);
-  uint32_t i3 = (uint32_t)125U;
-  uint64_t bits_c2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r4, i3, (uint32_t)5U);
+  uint32_t i3 = 125U;
+  uint64_t bits_c2 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r4, i3, 5U);
   uint32_t bits_l322 = (uint32_t)bits_c2;
-  const uint64_t *a_bits_l2 = table2 + bits_l322 * (uint32_t)15U;
-  memcpy(tmp10, (uint64_t *)a_bits_l2, (uint32_t)15U * sizeof (uint64_t));
+  const uint64_t *a_bits_l2 = table2 + bits_l322 * 15U;
+  memcpy(tmp10, (uint64_t *)a_bits_l2, 15U * sizeof (uint64_t));
   point_negate_conditional_vartime(tmp10, is_negate4);
   point_mul_lambda_inplace(tmp10);
   Hacl_Impl_K256_PointAdd_point_add(tmp0, tmp0, tmp10);
   Hacl_Impl_K256_PointAdd_point_add(out, out, tmp0);
   uint64_t tmp2[15U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++)
+  for (uint32_t i = 0U; i < 25U; i++)
   {
-    KRML_MAYBE_FOR5(i4,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      Hacl_Impl_K256_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)125U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r4, k, (uint32_t)5U);
+    KRML_MAYBE_FOR5(i4, 0U, 5U, 1U, Hacl_Impl_K256_PointDouble_point_double(out, out););
+    uint32_t k = 125U - 5U * i - 5U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r4, k, 5U);
     uint32_t bits_l323 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l3 = table2 + bits_l323 * (uint32_t)15U;
-    memcpy(tmp2, (uint64_t *)a_bits_l3, (uint32_t)15U * sizeof (uint64_t));
+    const uint64_t *a_bits_l3 = table2 + bits_l323 * 15U;
+    memcpy(tmp2, (uint64_t *)a_bits_l3, 15U * sizeof (uint64_t));
     point_negate_conditional_vartime(tmp2, is_negate4);
     point_mul_lambda_inplace(tmp2);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp2);
-    uint32_t k0 = (uint32_t)125U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r3, k0, (uint32_t)5U);
+    uint32_t k0 = 125U - 5U * i - 5U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r3, k0, 5U);
     uint32_t bits_l324 = (uint32_t)bits_l0;
-    const uint64_t *a_bits_l4 = table2 + bits_l324 * (uint32_t)15U;
-    memcpy(tmp2, (uint64_t *)a_bits_l4, (uint32_t)15U * sizeof (uint64_t));
+    const uint64_t *a_bits_l4 = table2 + bits_l324 * 15U;
+    memcpy(tmp2, (uint64_t *)a_bits_l4, 15U * sizeof (uint64_t));
     point_negate_conditional_vartime(tmp2, is_negate3);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp2);
-    uint32_t k1 = (uint32_t)125U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r2, k1, (uint32_t)5U);
+    uint32_t k1 = 125U - 5U * i - 5U;
+    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r2, k1, 5U);
     uint32_t bits_l325 = (uint32_t)bits_l1;
     const
     uint64_t
-    *a_bits_l5 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l325 * (uint32_t)15U;
-    memcpy(tmp2, (uint64_t *)a_bits_l5, (uint32_t)15U * sizeof (uint64_t));
+    *a_bits_l5 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l325 * 15U;
+    memcpy(tmp2, (uint64_t *)a_bits_l5, 15U * sizeof (uint64_t));
     point_negate_conditional_vartime(tmp2, is_negate2);
     point_mul_lambda_inplace(tmp2);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp2);
-    uint32_t k2 = (uint32_t)125U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r1, k2, (uint32_t)5U);
+    uint32_t k2 = 125U - 5U * i - 5U;
+    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r1, k2, 5U);
     uint32_t bits_l326 = (uint32_t)bits_l2;
     const
     uint64_t
-    *a_bits_l6 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l326 * (uint32_t)15U;
-    memcpy(tmp2, (uint64_t *)a_bits_l6, (uint32_t)15U * sizeof (uint64_t));
+    *a_bits_l6 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l326 * 15U;
+    memcpy(tmp2, (uint64_t *)a_bits_l6, 15U * sizeof (uint64_t));
     point_negate_conditional_vartime(tmp2, is_negate1);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp2);
   }
@@ -1483,16 +1432,16 @@ check_ecmult_endo_split(uint64_t *r1, uint64_t *r2, uint64_t *r3, uint64_t *r4)
 {
   uint64_t f20 = r1[2U];
   uint64_t f30 = r1[3U];
-  bool b1 = f20 == (uint64_t)0U && f30 == (uint64_t)0U;
+  bool b1 = f20 == 0ULL && f30 == 0ULL;
   uint64_t f21 = r2[2U];
   uint64_t f31 = r2[3U];
-  bool b2 = f21 == (uint64_t)0U && f31 == (uint64_t)0U;
+  bool b2 = f21 == 0ULL && f31 == 0ULL;
   uint64_t f22 = r3[2U];
   uint64_t f32 = r3[3U];
-  bool b3 = f22 == (uint64_t)0U && f32 == (uint64_t)0U;
+  bool b3 = f22 == 0ULL && f32 == 0ULL;
   uint64_t f2 = r4[2U];
   uint64_t f3 = r4[3U];
-  bool b4 = f2 == (uint64_t)0U && f3 == (uint64_t)0U;
+  bool b4 = f2 == 0ULL && f3 == 0ULL;
   return b1 && b2 && b3 && b4;
 }
 
@@ -1515,30 +1464,30 @@ point_mul_g_double_split_lambda_vartime(
 {
   uint64_t g[15U] = { 0U };
   uint64_t *gx = g;
-  uint64_t *gy = g + (uint32_t)5U;
-  uint64_t *gz = g + (uint32_t)10U;
-  gx[0U] = (uint64_t)0x2815b16f81798U;
-  gx[1U] = (uint64_t)0xdb2dce28d959fU;
-  gx[2U] = (uint64_t)0xe870b07029bfcU;
-  gx[3U] = (uint64_t)0xbbac55a06295cU;
-  gx[4U] = (uint64_t)0x79be667ef9dcU;
-  gy[0U] = (uint64_t)0x7d08ffb10d4b8U;
-  gy[1U] = (uint64_t)0x48a68554199c4U;
-  gy[2U] = (uint64_t)0xe1108a8fd17b4U;
-  gy[3U] = (uint64_t)0xc4655da4fbfc0U;
-  gy[4U] = (uint64_t)0x483ada7726a3U;
-  memset(gz, 0U, (uint32_t)5U * sizeof (uint64_t));
-  gz[0U] = (uint64_t)1U;
+  uint64_t *gy = g + 5U;
+  uint64_t *gz = g + 10U;
+  gx[0U] = 0x2815b16f81798ULL;
+  gx[1U] = 0xdb2dce28d959fULL;
+  gx[2U] = 0xe870b07029bfcULL;
+  gx[3U] = 0xbbac55a06295cULL;
+  gx[4U] = 0x79be667ef9dcULL;
+  gy[0U] = 0x7d08ffb10d4b8ULL;
+  gy[1U] = 0x48a68554199c4ULL;
+  gy[2U] = 0xe1108a8fd17b4ULL;
+  gy[3U] = 0xc4655da4fbfc0ULL;
+  gy[4U] = 0x483ada7726a3ULL;
+  memset(gz, 0U, 5U * sizeof (uint64_t));
+  gz[0U] = 1ULL;
   uint64_t r1234[16U] = { 0U };
   uint64_t q1234[60U] = { 0U };
   uint64_t *r1 = r1234;
-  uint64_t *r2 = r1234 + (uint32_t)4U;
-  uint64_t *r3 = r1234 + (uint32_t)8U;
-  uint64_t *r4 = r1234 + (uint32_t)12U;
+  uint64_t *r2 = r1234 + 4U;
+  uint64_t *r3 = r1234 + 8U;
+  uint64_t *r4 = r1234 + 12U;
   uint64_t *q1 = q1234;
-  uint64_t *q2 = q1234 + (uint32_t)15U;
-  uint64_t *q3 = q1234 + (uint32_t)30U;
-  uint64_t *q4 = q1234 + (uint32_t)45U;
+  uint64_t *q2 = q1234 + 15U;
+  uint64_t *q3 = q1234 + 30U;
+  uint64_t *q4 = q1234 + 45U;
   __bool_bool scrut0 = ecmult_endo_split(r1, r2, q1, q2, scalar1, g);
   bool is_high10 = scrut0.fst;
   bool is_high20 = scrut0.snd;
@@ -1615,30 +1564,30 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(
   uint8_t *nonce
 )
 {
-  uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
-  KRML_HOST_IGNORE(oneq);
+  uint64_t oneq[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
+  KRML_MAYBE_UNUSED_VAR(oneq);
   uint64_t rsdk_q[16U] = { 0U };
   uint64_t *r_q = rsdk_q;
-  uint64_t *s_q = rsdk_q + (uint32_t)4U;
-  uint64_t *d_a = rsdk_q + (uint32_t)8U;
-  uint64_t *k_q = rsdk_q + (uint32_t)12U;
+  uint64_t *s_q = rsdk_q + 4U;
+  uint64_t *d_a = rsdk_q + 8U;
+  uint64_t *k_q = rsdk_q + 12U;
   uint64_t is_b_valid0 = load_qelem_check(d_a, private_key);
-  uint64_t oneq10[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  uint64_t oneq10[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = d_a;
     uint64_t uu____0 = oneq10[i];
     uint64_t x = uu____0 ^ (is_b_valid0 & (d_a[i] ^ uu____0));
     os[i] = x;);
   uint64_t is_sk_valid = is_b_valid0;
   uint64_t is_b_valid = load_qelem_check(k_q, nonce);
-  uint64_t oneq1[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  uint64_t oneq1[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = k_q;
     uint64_t uu____1 = oneq1[i];
     uint64_t x = uu____1 ^ (is_b_valid & (k_q[i] ^ uu____1));
@@ -1660,11 +1609,11 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(
   qadd(s_q, z, s_q);
   qmul(s_q, kinv, s_q);
   store_qelem(signature, r_q);
-  store_qelem(signature + (uint32_t)32U, s_q);
+  store_qelem(signature + 32U, s_q);
   uint64_t is_r_zero = is_qelem_zero(r_q);
   uint64_t is_s_zero = is_qelem_zero(s_q);
   uint64_t m = are_sk_nonce_valid & (~is_r_zero & ~is_s_zero);
-  bool res = m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool res = m == 0xFFFFFFFFFFFFFFFFULL;
   return res;
 }
 
@@ -1691,7 +1640,7 @@ Hacl_K256_ECDSA_ecdsa_sign_sha256(
 )
 {
   uint8_t msgHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, msgHash);
+  Hacl_Hash_SHA2_hash_256(msgHash, msg, msg_len);
   bool b = Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(signature, msgHash, private_key, nonce);
   return b;
 }
@@ -1713,14 +1662,14 @@ Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(uint8_t *m, uint8_t *public_key, uint8_t
 {
   uint64_t tmp[35U] = { 0U };
   uint64_t *pk = tmp;
-  uint64_t *r_q = tmp + (uint32_t)15U;
-  uint64_t *s_q = tmp + (uint32_t)19U;
-  uint64_t *u1 = tmp + (uint32_t)23U;
-  uint64_t *u2 = tmp + (uint32_t)27U;
-  uint64_t *m_q = tmp + (uint32_t)31U;
+  uint64_t *r_q = tmp + 15U;
+  uint64_t *s_q = tmp + 19U;
+  uint64_t *u1 = tmp + 23U;
+  uint64_t *u2 = tmp + 27U;
+  uint64_t *m_q = tmp + 31U;
   bool is_pk_valid = load_point_vartime(pk, public_key);
   bool is_r_valid = load_qelem_vartime(r_q, signature);
-  bool is_s_valid = load_qelem_vartime(s_q, signature + (uint32_t)32U);
+  bool is_s_valid = load_qelem_vartime(s_q, signature + 32U);
   bool is_rs_valid = is_r_valid && is_s_valid;
   load_qelem_modq(m_q, m);
   if (!(is_pk_valid && is_rs_valid))
@@ -1734,7 +1683,7 @@ Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(uint8_t *m, uint8_t *public_key, uint8_t
   uint64_t res[15U] = { 0U };
   point_mul_g_double_split_lambda_vartime(res, u1, u2, pk);
   uint64_t tmp1[5U] = { 0U };
-  uint64_t *pz = res + (uint32_t)10U;
+  uint64_t *pz = res + 10U;
   Hacl_K256_Field_fnormalize(tmp1, pz);
   bool b = Hacl_K256_Field_is_felem_zero_vartime(tmp1);
   if (b)
@@ -1742,7 +1691,7 @@ Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(uint8_t *m, uint8_t *public_key, uint8_t
     return false;
   }
   uint64_t *x = res;
-  uint64_t *z = res + (uint32_t)10U;
+  uint64_t *z = res + 10U;
   uint8_t r_bytes[32U] = { 0U };
   uint64_t r_fe[5U] = { 0U };
   uint64_t tmp_q[5U] = { 0U };
@@ -1756,11 +1705,11 @@ Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(uint8_t *m, uint8_t *public_key, uint8_t
     bool is_r_lt_p_m_q = Hacl_K256_Field_is_felem_lt_prime_minus_order_vartime(r_fe);
     if (is_r_lt_p_m_q)
     {
-      tmp_q[0U] = (uint64_t)0x25e8cd0364141U;
-      tmp_q[1U] = (uint64_t)0xe6af48a03bbfdU;
-      tmp_q[2U] = (uint64_t)0xffffffebaaedcU;
-      tmp_q[3U] = (uint64_t)0xfffffffffffffU;
-      tmp_q[4U] = (uint64_t)0xffffffffffffU;
+      tmp_q[0U] = 0x25e8cd0364141ULL;
+      tmp_q[1U] = 0xe6af48a03bbfdULL;
+      tmp_q[2U] = 0xffffffebaaedcULL;
+      tmp_q[3U] = 0xfffffffffffffULL;
+      tmp_q[4U] = 0xffffffffffffULL;
       Hacl_K256_Field_fadd(tmp_q, r_fe, tmp_q);
       return fmul_eq_vartime(tmp_q, z, tmp_x);
     }
@@ -1790,7 +1739,7 @@ Hacl_K256_ECDSA_ecdsa_verify_sha256(
 )
 {
   uint8_t mHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  Hacl_Hash_SHA2_hash_256(mHash, msg, msg_len);
   bool b = Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(mHash, public_key, signature);
   return b;
 }
@@ -1805,7 +1754,7 @@ Compute canonical lowest S value for `signature` (R || S).
 bool Hacl_K256_ECDSA_secp256k1_ecdsa_signature_normalize(uint8_t *signature)
 {
   uint64_t s_q[4U] = { 0U };
-  uint8_t *s = signature + (uint32_t)32U;
+  uint8_t *s = signature + 32U;
   bool is_sk_valid = load_qelem_vartime(s_q, s);
   if (!is_sk_valid)
   {
@@ -1813,7 +1762,7 @@ bool Hacl_K256_ECDSA_secp256k1_ecdsa_signature_normalize(uint8_t *signature)
   }
   bool is_sk_lt_q_halved = is_qelem_le_q_halved_vartime(s_q);
   qnegate_conditional_vartime(s_q, !is_sk_lt_q_halved);
-  store_qelem(signature + (uint32_t)32U, s_q);
+  store_qelem(signature + 32U, s_q);
   return true;
 }
 
@@ -1827,7 +1776,7 @@ Check whether `signature` (R || S) is in canonical form.
 bool Hacl_K256_ECDSA_secp256k1_ecdsa_is_signature_normalized(uint8_t *signature)
 {
   uint64_t s_q[4U] = { 0U };
-  uint8_t *s = signature + (uint32_t)32U;
+  uint8_t *s = signature + 32U;
   bool is_s_valid = load_qelem_vartime(s_q, s);
   bool is_s_lt_q_halved = is_qelem_le_q_halved_vartime(s_q);
   return is_s_valid && is_s_lt_q_halved;
@@ -1886,7 +1835,7 @@ Hacl_K256_ECDSA_secp256k1_ecdsa_sign_sha256(
 )
 {
   uint8_t msgHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, msgHash);
+  Hacl_Hash_SHA2_hash_256(msgHash, msg, msg_len);
   bool
   b = Hacl_K256_ECDSA_secp256k1_ecdsa_sign_hashed_msg(signature, msgHash, private_key, nonce);
   return b;
@@ -1940,7 +1889,7 @@ Hacl_K256_ECDSA_secp256k1_ecdsa_verify_sha256(
 )
 {
   uint8_t mHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  Hacl_Hash_SHA2_hash_256(mHash, msg, msg_len);
   bool b = Hacl_K256_ECDSA_secp256k1_ecdsa_verify_hashed_msg(mHash, public_key, signature);
   return b;
 }
@@ -1971,11 +1920,11 @@ Convert a public key from uncompressed to its raw form.
 bool Hacl_K256_ECDSA_public_key_uncompressed_to_raw(uint8_t *pk_raw, uint8_t *pk)
 {
   uint8_t pk0 = pk[0U];
-  if (pk0 != (uint8_t)0x04U)
+  if (pk0 != 0x04U)
   {
     return false;
   }
-  memcpy(pk_raw, pk + (uint32_t)1U, (uint32_t)64U * sizeof (uint8_t));
+  memcpy(pk_raw, pk + 1U, 64U * sizeof (uint8_t));
   return true;
 }
 
@@ -1989,8 +1938,8 @@ Convert a public key from raw to its uncompressed form.
 */
 void Hacl_K256_ECDSA_public_key_uncompressed_from_raw(uint8_t *pk, uint8_t *pk_raw)
 {
-  pk[0U] = (uint8_t)0x04U;
-  memcpy(pk + (uint32_t)1U, pk_raw, (uint32_t)64U * sizeof (uint8_t));
+  pk[0U] = 0x04U;
+  memcpy(pk + 1U, pk_raw, 64U * sizeof (uint8_t));
 }
 
 /**
@@ -2007,12 +1956,12 @@ bool Hacl_K256_ECDSA_public_key_compressed_to_raw(uint8_t *pk_raw, uint8_t *pk)
 {
   uint64_t xa[5U] = { 0U };
   uint64_t ya[5U] = { 0U };
-  uint8_t *pk_xb = pk + (uint32_t)1U;
+  uint8_t *pk_xb = pk + 1U;
   bool b = aff_point_decompress_vartime(xa, ya, pk);
   if (b)
   {
-    memcpy(pk_raw, pk_xb, (uint32_t)32U * sizeof (uint8_t));
-    Hacl_K256_Field_store_felem(pk_raw + (uint32_t)32U, ya);
+    memcpy(pk_raw, pk_xb, 32U * sizeof (uint8_t));
+    Hacl_K256_Field_store_felem(pk_raw + 32U, ya);
   }
   return b;
 }
@@ -2028,20 +1977,20 @@ Convert a public key from raw to its compressed form.
 void Hacl_K256_ECDSA_public_key_compressed_from_raw(uint8_t *pk, uint8_t *pk_raw)
 {
   uint8_t *pk_x = pk_raw;
-  uint8_t *pk_y = pk_raw + (uint32_t)32U;
+  uint8_t *pk_y = pk_raw + 32U;
   uint8_t x0 = pk_y[31U];
-  bool is_pk_y_odd = (x0 & (uint8_t)1U) == (uint8_t)1U;
+  bool is_pk_y_odd = ((uint32_t)x0 & 1U) == 1U;
   uint8_t ite;
   if (is_pk_y_odd)
   {
-    ite = (uint8_t)0x03U;
+    ite = 0x03U;
   }
   else
   {
-    ite = (uint8_t)0x02U;
+    ite = 0x02U;
   }
   pk[0U] = ite;
-  memcpy(pk + (uint32_t)1U, pk_x, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(pk + 1U, pk_x, 32U * sizeof (uint8_t));
 }
 
 
@@ -2084,7 +2033,7 @@ bool Hacl_K256_ECDSA_is_private_key_valid(uint8_t *private_key)
 {
   uint64_t s_q[4U] = { 0U };
   uint64_t res = load_qelem_check(s_q, private_key);
-  return res == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return res == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 
@@ -2107,13 +2056,13 @@ bool Hacl_K256_ECDSA_secret_to_public(uint8_t *public_key, uint8_t *private_key)
 {
   uint64_t tmp[19U] = { 0U };
   uint64_t *pk = tmp;
-  uint64_t *sk = tmp + (uint32_t)15U;
+  uint64_t *sk = tmp + 15U;
   uint64_t is_b_valid = load_qelem_check(sk, private_key);
-  uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  uint64_t oneq[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = sk;
     uint64_t uu____0 = oneq[i];
     uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0));
@@ -2121,7 +2070,7 @@ bool Hacl_K256_ECDSA_secret_to_public(uint8_t *public_key, uint8_t *private_key)
   uint64_t is_sk_valid = is_b_valid;
   point_mul_g(pk, sk);
   Hacl_Impl_K256_Point_point_store(public_key, pk);
-  return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_sk_valid == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -2140,15 +2089,15 @@ bool Hacl_K256_ECDSA_ecdh(uint8_t *shared_secret, uint8_t *their_pubkey, uint8_t
 {
   uint64_t tmp[34U] = { 0U };
   uint64_t *pk = tmp;
-  uint64_t *ss = tmp + (uint32_t)15U;
-  uint64_t *sk = tmp + (uint32_t)30U;
+  uint64_t *ss = tmp + 15U;
+  uint64_t *sk = tmp + 30U;
   bool is_pk_valid = load_point_vartime(pk, their_pubkey);
   uint64_t is_b_valid = load_qelem_check(sk, private_key);
-  uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  uint64_t oneq[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = sk;
     uint64_t uu____0 = oneq[i];
     uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0));
@@ -2159,6 +2108,6 @@ bool Hacl_K256_ECDSA_ecdh(uint8_t *shared_secret, uint8_t *their_pubkey, uint8_t
     Hacl_Impl_K256_PointMul_point_mul(ss, sk, pk);
     Hacl_Impl_K256_Point_point_store(shared_secret, ss);
   }
-  return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU && is_pk_valid;
+  return is_sk_valid == 0xFFFFFFFFFFFFFFFFULL && is_pk_valid;
 }
 
diff --git a/src/Hacl_MAC_Poly1305.c b/src/Hacl_MAC_Poly1305.c
new file mode 100644
index 00000000..28cbca5a
--- /dev/null
+++ b/src/Hacl_MAC_Poly1305.c
@@ -0,0 +1,712 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_MAC_Poly1305.h"
+
+void Hacl_MAC_Poly1305_poly1305_init(uint64_t *ctx, uint8_t *key)
+{
+  uint64_t *acc = ctx;
+  uint64_t *pre = ctx + 5U;
+  uint8_t *kr = key;
+  acc[0U] = 0ULL;
+  acc[1U] = 0ULL;
+  acc[2U] = 0ULL;
+  acc[3U] = 0ULL;
+  acc[4U] = 0ULL;
+  uint64_t u0 = load64_le(kr);
+  uint64_t lo = u0;
+  uint64_t u = load64_le(kr + 8U);
+  uint64_t hi = u;
+  uint64_t mask0 = 0x0ffffffc0fffffffULL;
+  uint64_t mask1 = 0x0ffffffc0ffffffcULL;
+  uint64_t lo1 = lo & mask0;
+  uint64_t hi1 = hi & mask1;
+  uint64_t *r = pre;
+  uint64_t *r5 = pre + 5U;
+  uint64_t *rn = pre + 10U;
+  uint64_t *rn_5 = pre + 15U;
+  uint64_t r_vec0 = lo1;
+  uint64_t r_vec1 = hi1;
+  uint64_t f00 = r_vec0 & 0x3ffffffULL;
+  uint64_t f10 = r_vec0 >> 26U & 0x3ffffffULL;
+  uint64_t f20 = r_vec0 >> 52U | (r_vec1 & 0x3fffULL) << 12U;
+  uint64_t f30 = r_vec1 >> 14U & 0x3ffffffULL;
+  uint64_t f40 = r_vec1 >> 40U;
+  uint64_t f0 = f00;
+  uint64_t f1 = f10;
+  uint64_t f2 = f20;
+  uint64_t f3 = f30;
+  uint64_t f4 = f40;
+  r[0U] = f0;
+  r[1U] = f1;
+  r[2U] = f2;
+  r[3U] = f3;
+  r[4U] = f4;
+  uint64_t f200 = r[0U];
+  uint64_t f21 = r[1U];
+  uint64_t f22 = r[2U];
+  uint64_t f23 = r[3U];
+  uint64_t f24 = r[4U];
+  r5[0U] = f200 * 5ULL;
+  r5[1U] = f21 * 5ULL;
+  r5[2U] = f22 * 5ULL;
+  r5[3U] = f23 * 5ULL;
+  r5[4U] = f24 * 5ULL;
+  rn[0U] = r[0U];
+  rn[1U] = r[1U];
+  rn[2U] = r[2U];
+  rn[3U] = r[3U];
+  rn[4U] = r[4U];
+  rn_5[0U] = r5[0U];
+  rn_5[1U] = r5[1U];
+  rn_5[2U] = r5[2U];
+  rn_5[3U] = r5[3U];
+  rn_5[4U] = r5[4U];
+}
+
+static void poly1305_update(uint64_t *ctx, uint32_t len, uint8_t *text)
+{
+  uint64_t *pre = ctx + 5U;
+  uint64_t *acc = ctx;
+  uint32_t nb = len / 16U;
+  uint32_t rem = len % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    uint8_t *block = text + i * 16U;
+    uint64_t e[5U] = { 0U };
+    uint64_t u0 = load64_le(block);
+    uint64_t lo = u0;
+    uint64_t u = load64_le(block + 8U);
+    uint64_t hi = u;
+    uint64_t f0 = lo;
+    uint64_t f1 = hi;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
+    uint64_t f01 = f010;
+    uint64_t f111 = f110;
+    uint64_t f2 = f20;
+    uint64_t f3 = f30;
+    uint64_t f41 = f40;
+    e[0U] = f01;
+    e[1U] = f111;
+    e[2U] = f2;
+    e[3U] = f3;
+    e[4U] = f41;
+    uint64_t b = 0x1000000ULL;
+    uint64_t mask = b;
+    uint64_t f4 = e[4U];
+    e[4U] = f4 | mask;
+    uint64_t *r = pre;
+    uint64_t *r5 = pre + 5U;
+    uint64_t r0 = r[0U];
+    uint64_t r1 = r[1U];
+    uint64_t r2 = r[2U];
+    uint64_t r3 = r[3U];
+    uint64_t r4 = r[4U];
+    uint64_t r51 = r5[1U];
+    uint64_t r52 = r5[2U];
+    uint64_t r53 = r5[3U];
+    uint64_t r54 = r5[4U];
+    uint64_t f10 = e[0U];
+    uint64_t f11 = e[1U];
+    uint64_t f12 = e[2U];
+    uint64_t f13 = e[3U];
+    uint64_t f14 = e[4U];
+    uint64_t a0 = acc[0U];
+    uint64_t a1 = acc[1U];
+    uint64_t a2 = acc[2U];
+    uint64_t a3 = acc[3U];
+    uint64_t a4 = acc[4U];
+    uint64_t a01 = a0 + f10;
+    uint64_t a11 = a1 + f11;
+    uint64_t a21 = a2 + f12;
+    uint64_t a31 = a3 + f13;
+    uint64_t a41 = a4 + f14;
+    uint64_t a02 = r0 * a01;
+    uint64_t a12 = r1 * a01;
+    uint64_t a22 = r2 * a01;
+    uint64_t a32 = r3 * a01;
+    uint64_t a42 = r4 * a01;
+    uint64_t a03 = a02 + r54 * a11;
+    uint64_t a13 = a12 + r0 * a11;
+    uint64_t a23 = a22 + r1 * a11;
+    uint64_t a33 = a32 + r2 * a11;
+    uint64_t a43 = a42 + r3 * a11;
+    uint64_t a04 = a03 + r53 * a21;
+    uint64_t a14 = a13 + r54 * a21;
+    uint64_t a24 = a23 + r0 * a21;
+    uint64_t a34 = a33 + r1 * a21;
+    uint64_t a44 = a43 + r2 * a21;
+    uint64_t a05 = a04 + r52 * a31;
+    uint64_t a15 = a14 + r53 * a31;
+    uint64_t a25 = a24 + r54 * a31;
+    uint64_t a35 = a34 + r0 * a31;
+    uint64_t a45 = a44 + r1 * a31;
+    uint64_t a06 = a05 + r51 * a41;
+    uint64_t a16 = a15 + r52 * a41;
+    uint64_t a26 = a25 + r53 * a41;
+    uint64_t a36 = a35 + r54 * a41;
+    uint64_t a46 = a45 + r0 * a41;
+    uint64_t t0 = a06;
+    uint64_t t1 = a16;
+    uint64_t t2 = a26;
+    uint64_t t3 = a36;
+    uint64_t t4 = a46;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
+    uint64_t x0 = t0 & mask26;
+    uint64_t x3 = t3 & mask26;
+    uint64_t x1 = t1 + z0;
+    uint64_t x4 = t4 + z1;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
+    uint64_t z12 = z11 + t;
+    uint64_t x11 = x1 & mask26;
+    uint64_t x41 = x4 & mask26;
+    uint64_t x2 = t2 + z01;
+    uint64_t x01 = x0 + z12;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
+    uint64_t x21 = x2 & mask26;
+    uint64_t x02 = x01 & mask26;
+    uint64_t x31 = x3 + z02;
+    uint64_t x12 = x11 + z13;
+    uint64_t z03 = x31 >> 26U;
+    uint64_t x32 = x31 & mask26;
+    uint64_t x42 = x41 + z03;
+    uint64_t o0 = x02;
+    uint64_t o1 = x12;
+    uint64_t o2 = x21;
+    uint64_t o3 = x32;
+    uint64_t o4 = x42;
+    acc[0U] = o0;
+    acc[1U] = o1;
+    acc[2U] = o2;
+    acc[3U] = o3;
+    acc[4U] = o4;
+  }
+  if (rem > 0U)
+  {
+    uint8_t *last = text + nb * 16U;
+    uint64_t e[5U] = { 0U };
+    uint8_t tmp[16U] = { 0U };
+    memcpy(tmp, last, rem * sizeof (uint8_t));
+    uint64_t u0 = load64_le(tmp);
+    uint64_t lo = u0;
+    uint64_t u = load64_le(tmp + 8U);
+    uint64_t hi = u;
+    uint64_t f0 = lo;
+    uint64_t f1 = hi;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
+    uint64_t f01 = f010;
+    uint64_t f111 = f110;
+    uint64_t f2 = f20;
+    uint64_t f3 = f30;
+    uint64_t f4 = f40;
+    e[0U] = f01;
+    e[1U] = f111;
+    e[2U] = f2;
+    e[3U] = f3;
+    e[4U] = f4;
+    uint64_t b = 1ULL << rem * 8U % 26U;
+    uint64_t mask = b;
+    uint64_t fi = e[rem * 8U / 26U];
+    e[rem * 8U / 26U] = fi | mask;
+    uint64_t *r = pre;
+    uint64_t *r5 = pre + 5U;
+    uint64_t r0 = r[0U];
+    uint64_t r1 = r[1U];
+    uint64_t r2 = r[2U];
+    uint64_t r3 = r[3U];
+    uint64_t r4 = r[4U];
+    uint64_t r51 = r5[1U];
+    uint64_t r52 = r5[2U];
+    uint64_t r53 = r5[3U];
+    uint64_t r54 = r5[4U];
+    uint64_t f10 = e[0U];
+    uint64_t f11 = e[1U];
+    uint64_t f12 = e[2U];
+    uint64_t f13 = e[3U];
+    uint64_t f14 = e[4U];
+    uint64_t a0 = acc[0U];
+    uint64_t a1 = acc[1U];
+    uint64_t a2 = acc[2U];
+    uint64_t a3 = acc[3U];
+    uint64_t a4 = acc[4U];
+    uint64_t a01 = a0 + f10;
+    uint64_t a11 = a1 + f11;
+    uint64_t a21 = a2 + f12;
+    uint64_t a31 = a3 + f13;
+    uint64_t a41 = a4 + f14;
+    uint64_t a02 = r0 * a01;
+    uint64_t a12 = r1 * a01;
+    uint64_t a22 = r2 * a01;
+    uint64_t a32 = r3 * a01;
+    uint64_t a42 = r4 * a01;
+    uint64_t a03 = a02 + r54 * a11;
+    uint64_t a13 = a12 + r0 * a11;
+    uint64_t a23 = a22 + r1 * a11;
+    uint64_t a33 = a32 + r2 * a11;
+    uint64_t a43 = a42 + r3 * a11;
+    uint64_t a04 = a03 + r53 * a21;
+    uint64_t a14 = a13 + r54 * a21;
+    uint64_t a24 = a23 + r0 * a21;
+    uint64_t a34 = a33 + r1 * a21;
+    uint64_t a44 = a43 + r2 * a21;
+    uint64_t a05 = a04 + r52 * a31;
+    uint64_t a15 = a14 + r53 * a31;
+    uint64_t a25 = a24 + r54 * a31;
+    uint64_t a35 = a34 + r0 * a31;
+    uint64_t a45 = a44 + r1 * a31;
+    uint64_t a06 = a05 + r51 * a41;
+    uint64_t a16 = a15 + r52 * a41;
+    uint64_t a26 = a25 + r53 * a41;
+    uint64_t a36 = a35 + r54 * a41;
+    uint64_t a46 = a45 + r0 * a41;
+    uint64_t t0 = a06;
+    uint64_t t1 = a16;
+    uint64_t t2 = a26;
+    uint64_t t3 = a36;
+    uint64_t t4 = a46;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
+    uint64_t x0 = t0 & mask26;
+    uint64_t x3 = t3 & mask26;
+    uint64_t x1 = t1 + z0;
+    uint64_t x4 = t4 + z1;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
+    uint64_t z12 = z11 + t;
+    uint64_t x11 = x1 & mask26;
+    uint64_t x41 = x4 & mask26;
+    uint64_t x2 = t2 + z01;
+    uint64_t x01 = x0 + z12;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
+    uint64_t x21 = x2 & mask26;
+    uint64_t x02 = x01 & mask26;
+    uint64_t x31 = x3 + z02;
+    uint64_t x12 = x11 + z13;
+    uint64_t z03 = x31 >> 26U;
+    uint64_t x32 = x31 & mask26;
+    uint64_t x42 = x41 + z03;
+    uint64_t o0 = x02;
+    uint64_t o1 = x12;
+    uint64_t o2 = x21;
+    uint64_t o3 = x32;
+    uint64_t o4 = x42;
+    acc[0U] = o0;
+    acc[1U] = o1;
+    acc[2U] = o2;
+    acc[3U] = o3;
+    acc[4U] = o4;
+    return;
+  }
+}
+
+void Hacl_MAC_Poly1305_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx)
+{
+  uint64_t *acc = ctx;
+  uint8_t *ks = key + 16U;
+  uint64_t f0 = acc[0U];
+  uint64_t f13 = acc[1U];
+  uint64_t f23 = acc[2U];
+  uint64_t f33 = acc[3U];
+  uint64_t f40 = acc[4U];
+  uint64_t l0 = f0 + 0ULL;
+  uint64_t tmp00 = l0 & 0x3ffffffULL;
+  uint64_t c00 = l0 >> 26U;
+  uint64_t l1 = f13 + c00;
+  uint64_t tmp10 = l1 & 0x3ffffffULL;
+  uint64_t c10 = l1 >> 26U;
+  uint64_t l2 = f23 + c10;
+  uint64_t tmp20 = l2 & 0x3ffffffULL;
+  uint64_t c20 = l2 >> 26U;
+  uint64_t l3 = f33 + c20;
+  uint64_t tmp30 = l3 & 0x3ffffffULL;
+  uint64_t c30 = l3 >> 26U;
+  uint64_t l4 = f40 + c30;
+  uint64_t tmp40 = l4 & 0x3ffffffULL;
+  uint64_t c40 = l4 >> 26U;
+  uint64_t f010 = tmp00 + c40 * 5ULL;
+  uint64_t f110 = tmp10;
+  uint64_t f210 = tmp20;
+  uint64_t f310 = tmp30;
+  uint64_t f410 = tmp40;
+  uint64_t l = f010 + 0ULL;
+  uint64_t tmp0 = l & 0x3ffffffULL;
+  uint64_t c0 = l >> 26U;
+  uint64_t l5 = f110 + c0;
+  uint64_t tmp1 = l5 & 0x3ffffffULL;
+  uint64_t c1 = l5 >> 26U;
+  uint64_t l6 = f210 + c1;
+  uint64_t tmp2 = l6 & 0x3ffffffULL;
+  uint64_t c2 = l6 >> 26U;
+  uint64_t l7 = f310 + c2;
+  uint64_t tmp3 = l7 & 0x3ffffffULL;
+  uint64_t c3 = l7 >> 26U;
+  uint64_t l8 = f410 + c3;
+  uint64_t tmp4 = l8 & 0x3ffffffULL;
+  uint64_t c4 = l8 >> 26U;
+  uint64_t f02 = tmp0 + c4 * 5ULL;
+  uint64_t f12 = tmp1;
+  uint64_t f22 = tmp2;
+  uint64_t f32 = tmp3;
+  uint64_t f42 = tmp4;
+  uint64_t mh = 0x3ffffffULL;
+  uint64_t ml = 0x3fffffbULL;
+  uint64_t mask = FStar_UInt64_eq_mask(f42, mh);
+  uint64_t mask1 = mask & FStar_UInt64_eq_mask(f32, mh);
+  uint64_t mask2 = mask1 & FStar_UInt64_eq_mask(f22, mh);
+  uint64_t mask3 = mask2 & FStar_UInt64_eq_mask(f12, mh);
+  uint64_t mask4 = mask3 & ~~FStar_UInt64_gte_mask(f02, ml);
+  uint64_t ph = mask4 & mh;
+  uint64_t pl = mask4 & ml;
+  uint64_t o0 = f02 - pl;
+  uint64_t o1 = f12 - ph;
+  uint64_t o2 = f22 - ph;
+  uint64_t o3 = f32 - ph;
+  uint64_t o4 = f42 - ph;
+  uint64_t f011 = o0;
+  uint64_t f111 = o1;
+  uint64_t f211 = o2;
+  uint64_t f311 = o3;
+  uint64_t f411 = o4;
+  acc[0U] = f011;
+  acc[1U] = f111;
+  acc[2U] = f211;
+  acc[3U] = f311;
+  acc[4U] = f411;
+  uint64_t f00 = acc[0U];
+  uint64_t f1 = acc[1U];
+  uint64_t f2 = acc[2U];
+  uint64_t f3 = acc[3U];
+  uint64_t f4 = acc[4U];
+  uint64_t f01 = f00;
+  uint64_t f112 = f1;
+  uint64_t f212 = f2;
+  uint64_t f312 = f3;
+  uint64_t f41 = f4;
+  uint64_t lo = (f01 | f112 << 26U) | f212 << 52U;
+  uint64_t hi = (f212 >> 12U | f312 << 14U) | f41 << 40U;
+  uint64_t f10 = lo;
+  uint64_t f11 = hi;
+  uint64_t u0 = load64_le(ks);
+  uint64_t lo0 = u0;
+  uint64_t u = load64_le(ks + 8U);
+  uint64_t hi0 = u;
+  uint64_t f20 = lo0;
+  uint64_t f21 = hi0;
+  uint64_t r0 = f10 + f20;
+  uint64_t r1 = f11 + f21;
+  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> 63U;
+  uint64_t r11 = r1 + c;
+  uint64_t f30 = r0;
+  uint64_t f31 = r11;
+  store64_le(tag, f30);
+  store64_le(tag + 8U, f31);
+}
+
+Hacl_MAC_Poly1305_state_t *Hacl_MAC_Poly1305_malloc(uint8_t *key)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(16U, sizeof (uint8_t));
+  uint64_t *r1 = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
+  uint64_t *block_state = r1;
+  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_0 = k_;
+  Hacl_MAC_Poly1305_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_0 };
+  Hacl_MAC_Poly1305_state_t
+  *p = (Hacl_MAC_Poly1305_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_MAC_Poly1305_state_t));
+  p[0U] = s;
+  Hacl_MAC_Poly1305_poly1305_init(block_state, key);
+  return p;
+}
+
+void Hacl_MAC_Poly1305_reset(Hacl_MAC_Poly1305_state_t *state, uint8_t *key)
+{
+  Hacl_MAC_Poly1305_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  uint64_t *block_state = scrut.block_state;
+  Hacl_MAC_Poly1305_poly1305_init(block_state, key);
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_1 = k_;
+  Hacl_MAC_Poly1305_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_1 };
+  state[0U] = tmp;
+}
+
+/**
+0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_MAC_Poly1305_update(Hacl_MAC_Poly1305_state_t *state, uint8_t *chunk, uint32_t chunk_len)
+{
+  Hacl_MAC_Poly1305_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)16U == 0ULL && total_len > 0ULL)
+  {
+    sz = 16U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)16U);
+  }
+  if (chunk_len <= 16U - sz)
+  {
+    Hacl_MAC_Poly1305_state_t s1 = *state;
+    uint64_t *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)16U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 16U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)16U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_MAC_Poly1305_state_t s1 = *state;
+    uint64_t *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)16U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 16U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)16U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 16U, buf);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)16U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 16U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)16U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 16U;
+    uint32_t data1_len = n_blocks * 16U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len,
+          .p_key = k_1
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 16U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_MAC_Poly1305_state_t s1 = *state;
+    uint64_t *block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)16U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 16U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)16U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+    Hacl_MAC_Poly1305_state_t s10 = *state;
+    uint64_t *block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint8_t *k_10 = s10.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)16U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 16U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)16U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 16U, buf);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)16U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 16U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)16U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 16U;
+    uint32_t data1_len = n_blocks * 16U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff),
+          .p_key = k_10
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+void Hacl_MAC_Poly1305_digest(Hacl_MAC_Poly1305_state_t *state, uint8_t *output)
+{
+  Hacl_MAC_Poly1305_state_t scrut = *state;
+  uint64_t *block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint8_t *k_ = scrut.p_key;
+  uint32_t r;
+  if (total_len % (uint64_t)16U == 0ULL && total_len > 0ULL)
+  {
+    r = 16U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)16U);
+  }
+  uint8_t *buf_1 = buf_;
+  uint64_t r1[25U] = { 0U };
+  uint64_t *tmp_block_state = r1;
+  memcpy(tmp_block_state, block_state, 25U * sizeof (uint64_t));
+  uint32_t ite;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite = 16U;
+  }
+  else
+  {
+    ite = r % 16U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  poly1305_update(tmp_block_state, 0U, buf_multi);
+  poly1305_update(tmp_block_state, r, buf_last);
+  uint64_t tmp[25U] = { 0U };
+  memcpy(tmp, tmp_block_state, 25U * sizeof (uint64_t));
+  Hacl_MAC_Poly1305_poly1305_finish(output, k_, tmp);
+}
+
+void Hacl_MAC_Poly1305_free(Hacl_MAC_Poly1305_state_t *state)
+{
+  Hacl_MAC_Poly1305_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  uint64_t *block_state = scrut.block_state;
+  KRML_HOST_FREE(k_);
+  KRML_HOST_FREE(block_state);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+void Hacl_MAC_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key)
+{
+  uint64_t ctx[25U] = { 0U };
+  Hacl_MAC_Poly1305_poly1305_init(ctx, key);
+  poly1305_update(ctx, input_len, input);
+  Hacl_MAC_Poly1305_poly1305_finish(output, key, ctx);
+}
+
diff --git a/src/msvc/Hacl_Poly1305_128.c b/src/Hacl_MAC_Poly1305_Simd128.c
similarity index 66%
rename from src/msvc/Hacl_Poly1305_128.c
rename to src/Hacl_MAC_Poly1305_Simd128.c
index f400fe82..17e26978 100644
--- a/src/msvc/Hacl_Poly1305_128.c
+++ b/src/Hacl_MAC_Poly1305_Simd128.c
@@ -23,40 +23,34 @@
  */
 
 
-#include "internal/Hacl_Poly1305_128.h"
+#include "internal/Hacl_MAC_Poly1305_Simd128.h"
 
-void
-Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b)
+void Hacl_MAC_Poly1305_Simd128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b)
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
   Lib_IntVector_Intrinsics_vec128 b1 = Lib_IntVector_Intrinsics_vec128_load64_le(b);
-  Lib_IntVector_Intrinsics_vec128
-  b2 = Lib_IntVector_Intrinsics_vec128_load64_le(b + (uint32_t)16U);
+  Lib_IntVector_Intrinsics_vec128 b2 = Lib_IntVector_Intrinsics_vec128_load64_le(b + 16U);
   Lib_IntVector_Intrinsics_vec128 lo = Lib_IntVector_Intrinsics_vec128_interleave_low64(b1, b2);
   Lib_IntVector_Intrinsics_vec128 hi = Lib_IntVector_Intrinsics_vec128_interleave_high64(b1, b2);
   Lib_IntVector_Intrinsics_vec128
   f00 =
     Lib_IntVector_Intrinsics_vec128_and(lo,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f10 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 26U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f20 =
-    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 52U),
       Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(hi,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec128
   f30 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, (uint32_t)40U);
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 14U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 40U);
   Lib_IntVector_Intrinsics_vec128 f02 = f00;
   Lib_IntVector_Intrinsics_vec128 f12 = f10;
   Lib_IntVector_Intrinsics_vec128 f22 = f20;
@@ -67,7 +61,7 @@ Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc,
   e[2U] = f22;
   e[3U] = f32;
   e[4U] = f42;
-  uint64_t b10 = (uint64_t)0x1000000U;
+  uint64_t b10 = 0x1000000ULL;
   Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b10);
   Lib_IntVector_Intrinsics_vec128 f43 = e[4U];
   e[4U] = Lib_IntVector_Intrinsics_vec128_or(f43, mask);
@@ -81,16 +75,11 @@ Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc,
   Lib_IntVector_Intrinsics_vec128 e2 = e[2U];
   Lib_IntVector_Intrinsics_vec128 e3 = e[3U];
   Lib_IntVector_Intrinsics_vec128 e4 = e[4U];
-  Lib_IntVector_Intrinsics_vec128
-  f0 = Lib_IntVector_Intrinsics_vec128_insert64(acc0, (uint64_t)0U, (uint32_t)1U);
-  Lib_IntVector_Intrinsics_vec128
-  f1 = Lib_IntVector_Intrinsics_vec128_insert64(acc1, (uint64_t)0U, (uint32_t)1U);
-  Lib_IntVector_Intrinsics_vec128
-  f2 = Lib_IntVector_Intrinsics_vec128_insert64(acc2, (uint64_t)0U, (uint32_t)1U);
-  Lib_IntVector_Intrinsics_vec128
-  f3 = Lib_IntVector_Intrinsics_vec128_insert64(acc3, (uint64_t)0U, (uint32_t)1U);
-  Lib_IntVector_Intrinsics_vec128
-  f4 = Lib_IntVector_Intrinsics_vec128_insert64(acc4, (uint64_t)0U, (uint32_t)1U);
+  Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_insert64(acc0, 0ULL, 1U);
+  Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_insert64(acc1, 0ULL, 1U);
+  Lib_IntVector_Intrinsics_vec128 f2 = Lib_IntVector_Intrinsics_vec128_insert64(acc2, 0ULL, 1U);
+  Lib_IntVector_Intrinsics_vec128 f3 = Lib_IntVector_Intrinsics_vec128_insert64(acc3, 0ULL, 1U);
+  Lib_IntVector_Intrinsics_vec128 f4 = Lib_IntVector_Intrinsics_vec128_insert64(acc4, 0ULL, 1U);
   Lib_IntVector_Intrinsics_vec128 f01 = Lib_IntVector_Intrinsics_vec128_add64(f0, e0);
   Lib_IntVector_Intrinsics_vec128 f11 = Lib_IntVector_Intrinsics_vec128_add64(f1, e1);
   Lib_IntVector_Intrinsics_vec128 f21 = Lib_IntVector_Intrinsics_vec128_add64(f2, e2);
@@ -109,13 +98,13 @@ Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc,
 }
 
 void
-Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
+Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize(
   Lib_IntVector_Intrinsics_vec128 *out,
   Lib_IntVector_Intrinsics_vec128 *p
 )
 {
   Lib_IntVector_Intrinsics_vec128 *r = p;
-  Lib_IntVector_Intrinsics_vec128 *r2 = p + (uint32_t)10U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = p + 10U;
   Lib_IntVector_Intrinsics_vec128 a0 = out[0U];
   Lib_IntVector_Intrinsics_vec128 a1 = out[1U];
   Lib_IntVector_Intrinsics_vec128 a2 = out[2U];
@@ -141,14 +130,10 @@ Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
   r231 = Lib_IntVector_Intrinsics_vec128_interleave_low64(r23, r13);
   Lib_IntVector_Intrinsics_vec128
   r241 = Lib_IntVector_Intrinsics_vec128_interleave_low64(r24, r14);
-  Lib_IntVector_Intrinsics_vec128
-  r251 = Lib_IntVector_Intrinsics_vec128_smul64(r211, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec128
-  r252 = Lib_IntVector_Intrinsics_vec128_smul64(r221, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec128
-  r253 = Lib_IntVector_Intrinsics_vec128_smul64(r231, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec128
-  r254 = Lib_IntVector_Intrinsics_vec128_smul64(r241, (uint64_t)5U);
+  Lib_IntVector_Intrinsics_vec128 r251 = Lib_IntVector_Intrinsics_vec128_smul64(r211, 5ULL);
+  Lib_IntVector_Intrinsics_vec128 r252 = Lib_IntVector_Intrinsics_vec128_smul64(r221, 5ULL);
+  Lib_IntVector_Intrinsics_vec128 r253 = Lib_IntVector_Intrinsics_vec128_smul64(r231, 5ULL);
+  Lib_IntVector_Intrinsics_vec128 r254 = Lib_IntVector_Intrinsics_vec128_smul64(r241, 5ULL);
   Lib_IntVector_Intrinsics_vec128 a01 = Lib_IntVector_Intrinsics_vec128_mul64(r201, a0);
   Lib_IntVector_Intrinsics_vec128 a11 = Lib_IntVector_Intrinsics_vec128_mul64(r211, a0);
   Lib_IntVector_Intrinsics_vec128 a21 = Lib_IntVector_Intrinsics_vec128_mul64(r221, a0);
@@ -239,37 +224,28 @@ Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
   Lib_IntVector_Intrinsics_vec128 t2 = a25;
   Lib_IntVector_Intrinsics_vec128 t3 = a35;
   Lib_IntVector_Intrinsics_vec128 t4 = a45;
-  Lib_IntVector_Intrinsics_vec128
-  mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec128
-  z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
   Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec128
-  z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec128
-  z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -302,41 +278,36 @@ Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
   Lib_IntVector_Intrinsics_vec128
   tmp0 =
     Lib_IntVector_Intrinsics_vec128_and(l,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c0 = Lib_IntVector_Intrinsics_vec128_shift_right64(l, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c0 = Lib_IntVector_Intrinsics_vec128_shift_right64(l, 26U);
   Lib_IntVector_Intrinsics_vec128 l0 = Lib_IntVector_Intrinsics_vec128_add64(o11, c0);
   Lib_IntVector_Intrinsics_vec128
   tmp1 =
     Lib_IntVector_Intrinsics_vec128_and(l0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c1 = Lib_IntVector_Intrinsics_vec128_shift_right64(l0, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c1 = Lib_IntVector_Intrinsics_vec128_shift_right64(l0, 26U);
   Lib_IntVector_Intrinsics_vec128 l1 = Lib_IntVector_Intrinsics_vec128_add64(o21, c1);
   Lib_IntVector_Intrinsics_vec128
   tmp2 =
     Lib_IntVector_Intrinsics_vec128_and(l1,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c2 = Lib_IntVector_Intrinsics_vec128_shift_right64(l1, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c2 = Lib_IntVector_Intrinsics_vec128_shift_right64(l1, 26U);
   Lib_IntVector_Intrinsics_vec128 l2 = Lib_IntVector_Intrinsics_vec128_add64(o31, c2);
   Lib_IntVector_Intrinsics_vec128
   tmp3 =
     Lib_IntVector_Intrinsics_vec128_and(l2,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c3 = Lib_IntVector_Intrinsics_vec128_shift_right64(l2, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c3 = Lib_IntVector_Intrinsics_vec128_shift_right64(l2, 26U);
   Lib_IntVector_Intrinsics_vec128 l3 = Lib_IntVector_Intrinsics_vec128_add64(o41, c3);
   Lib_IntVector_Intrinsics_vec128
   tmp4 =
     Lib_IntVector_Intrinsics_vec128_and(l3,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c4 = Lib_IntVector_Intrinsics_vec128_shift_right64(l3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c4 = Lib_IntVector_Intrinsics_vec128_shift_right64(l3, 26U);
   Lib_IntVector_Intrinsics_vec128
   o00 =
     Lib_IntVector_Intrinsics_vec128_add64(tmp0,
-      Lib_IntVector_Intrinsics_vec128_smul64(c4, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec128_smul64(c4, 5ULL));
   Lib_IntVector_Intrinsics_vec128 o1 = tmp1;
   Lib_IntVector_Intrinsics_vec128 o2 = tmp2;
   Lib_IntVector_Intrinsics_vec128 o3 = tmp3;
@@ -348,10 +319,11 @@ Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
   out[4U] = o4;
 }
 
-void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key)
+void
+Hacl_MAC_Poly1305_Simd128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key)
 {
   Lib_IntVector_Intrinsics_vec128 *acc = ctx;
-  Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec128 *pre = ctx + 5U;
   uint8_t *kr = key;
   acc[0U] = Lib_IntVector_Intrinsics_vec128_zero;
   acc[1U] = Lib_IntVector_Intrinsics_vec128_zero;
@@ -360,41 +332,38 @@ void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8
   acc[4U] = Lib_IntVector_Intrinsics_vec128_zero;
   uint64_t u0 = load64_le(kr);
   uint64_t lo = u0;
-  uint64_t u = load64_le(kr + (uint32_t)8U);
+  uint64_t u = load64_le(kr + 8U);
   uint64_t hi = u;
-  uint64_t mask0 = (uint64_t)0x0ffffffc0fffffffU;
-  uint64_t mask1 = (uint64_t)0x0ffffffc0ffffffcU;
+  uint64_t mask0 = 0x0ffffffc0fffffffULL;
+  uint64_t mask1 = 0x0ffffffc0ffffffcULL;
   uint64_t lo1 = lo & mask0;
   uint64_t hi1 = hi & mask1;
   Lib_IntVector_Intrinsics_vec128 *r = pre;
-  Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec128 *rn = pre + (uint32_t)10U;
-  Lib_IntVector_Intrinsics_vec128 *rn_5 = pre + (uint32_t)15U;
+  Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
+  Lib_IntVector_Intrinsics_vec128 *rn = pre + 10U;
+  Lib_IntVector_Intrinsics_vec128 *rn_5 = pre + 15U;
   Lib_IntVector_Intrinsics_vec128 r_vec0 = Lib_IntVector_Intrinsics_vec128_load64(lo1);
   Lib_IntVector_Intrinsics_vec128 r_vec1 = Lib_IntVector_Intrinsics_vec128_load64(hi1);
   Lib_IntVector_Intrinsics_vec128
   f00 =
     Lib_IntVector_Intrinsics_vec128_and(r_vec0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f15 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec0, 26U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f20 =
-    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec0,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec0, 52U),
       Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(r_vec1,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec128
   f30 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec1, 14U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
-  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec1, (uint32_t)40U);
+  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec1, 40U);
   Lib_IntVector_Intrinsics_vec128 f0 = f00;
   Lib_IntVector_Intrinsics_vec128 f1 = f15;
   Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -410,11 +379,11 @@ void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8
   Lib_IntVector_Intrinsics_vec128 f220 = r[2U];
   Lib_IntVector_Intrinsics_vec128 f230 = r[3U];
   Lib_IntVector_Intrinsics_vec128 f240 = r[4U];
-  r5[0U] = Lib_IntVector_Intrinsics_vec128_smul64(f200, (uint64_t)5U);
-  r5[1U] = Lib_IntVector_Intrinsics_vec128_smul64(f210, (uint64_t)5U);
-  r5[2U] = Lib_IntVector_Intrinsics_vec128_smul64(f220, (uint64_t)5U);
-  r5[3U] = Lib_IntVector_Intrinsics_vec128_smul64(f230, (uint64_t)5U);
-  r5[4U] = Lib_IntVector_Intrinsics_vec128_smul64(f240, (uint64_t)5U);
+  r5[0U] = Lib_IntVector_Intrinsics_vec128_smul64(f200, 5ULL);
+  r5[1U] = Lib_IntVector_Intrinsics_vec128_smul64(f210, 5ULL);
+  r5[2U] = Lib_IntVector_Intrinsics_vec128_smul64(f220, 5ULL);
+  r5[3U] = Lib_IntVector_Intrinsics_vec128_smul64(f230, 5ULL);
+  r5[4U] = Lib_IntVector_Intrinsics_vec128_smul64(f240, 5ULL);
   Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
   Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
   Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
@@ -511,37 +480,28 @@ void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8
   Lib_IntVector_Intrinsics_vec128 t2 = a24;
   Lib_IntVector_Intrinsics_vec128 t3 = a34;
   Lib_IntVector_Intrinsics_vec128 t4 = a44;
-  Lib_IntVector_Intrinsics_vec128
-  mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec128
-  z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
   Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec128
-  z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec128
-  z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -559,275 +519,56 @@ void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8
   Lib_IntVector_Intrinsics_vec128 f22 = rn[2U];
   Lib_IntVector_Intrinsics_vec128 f23 = rn[3U];
   Lib_IntVector_Intrinsics_vec128 f24 = rn[4U];
-  rn_5[0U] = Lib_IntVector_Intrinsics_vec128_smul64(f201, (uint64_t)5U);
-  rn_5[1U] = Lib_IntVector_Intrinsics_vec128_smul64(f21, (uint64_t)5U);
-  rn_5[2U] = Lib_IntVector_Intrinsics_vec128_smul64(f22, (uint64_t)5U);
-  rn_5[3U] = Lib_IntVector_Intrinsics_vec128_smul64(f23, (uint64_t)5U);
-  rn_5[4U] = Lib_IntVector_Intrinsics_vec128_smul64(f24, (uint64_t)5U);
-}
-
-void Hacl_Poly1305_128_poly1305_update1(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *text)
-{
-  Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec128 *acc = ctx;
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
-  uint64_t u0 = load64_le(text);
-  uint64_t lo = u0;
-  uint64_t u = load64_le(text + (uint32_t)8U);
-  uint64_t hi = u;
-  Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
-  Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
-  Lib_IntVector_Intrinsics_vec128
-  f010 =
-    Lib_IntVector_Intrinsics_vec128_and(f0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f110 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f20 =
-    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-        (uint32_t)52U),
-      Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
-  Lib_IntVector_Intrinsics_vec128
-  f30 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
-  Lib_IntVector_Intrinsics_vec128 f01 = f010;
-  Lib_IntVector_Intrinsics_vec128 f111 = f110;
-  Lib_IntVector_Intrinsics_vec128 f2 = f20;
-  Lib_IntVector_Intrinsics_vec128 f3 = f30;
-  Lib_IntVector_Intrinsics_vec128 f41 = f40;
-  e[0U] = f01;
-  e[1U] = f111;
-  e[2U] = f2;
-  e[3U] = f3;
-  e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
-  Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
-  Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
-  e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
-  Lib_IntVector_Intrinsics_vec128 *r = pre;
-  Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
-  Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
-  Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
-  Lib_IntVector_Intrinsics_vec128 r3 = r[3U];
-  Lib_IntVector_Intrinsics_vec128 r4 = r[4U];
-  Lib_IntVector_Intrinsics_vec128 r51 = r5[1U];
-  Lib_IntVector_Intrinsics_vec128 r52 = r5[2U];
-  Lib_IntVector_Intrinsics_vec128 r53 = r5[3U];
-  Lib_IntVector_Intrinsics_vec128 r54 = r5[4U];
-  Lib_IntVector_Intrinsics_vec128 f10 = e[0U];
-  Lib_IntVector_Intrinsics_vec128 f11 = e[1U];
-  Lib_IntVector_Intrinsics_vec128 f12 = e[2U];
-  Lib_IntVector_Intrinsics_vec128 f13 = e[3U];
-  Lib_IntVector_Intrinsics_vec128 f14 = e[4U];
-  Lib_IntVector_Intrinsics_vec128 a0 = acc[0U];
-  Lib_IntVector_Intrinsics_vec128 a1 = acc[1U];
-  Lib_IntVector_Intrinsics_vec128 a2 = acc[2U];
-  Lib_IntVector_Intrinsics_vec128 a3 = acc[3U];
-  Lib_IntVector_Intrinsics_vec128 a4 = acc[4U];
-  Lib_IntVector_Intrinsics_vec128 a01 = Lib_IntVector_Intrinsics_vec128_add64(a0, f10);
-  Lib_IntVector_Intrinsics_vec128 a11 = Lib_IntVector_Intrinsics_vec128_add64(a1, f11);
-  Lib_IntVector_Intrinsics_vec128 a21 = Lib_IntVector_Intrinsics_vec128_add64(a2, f12);
-  Lib_IntVector_Intrinsics_vec128 a31 = Lib_IntVector_Intrinsics_vec128_add64(a3, f13);
-  Lib_IntVector_Intrinsics_vec128 a41 = Lib_IntVector_Intrinsics_vec128_add64(a4, f14);
-  Lib_IntVector_Intrinsics_vec128 a02 = Lib_IntVector_Intrinsics_vec128_mul64(r0, a01);
-  Lib_IntVector_Intrinsics_vec128 a12 = Lib_IntVector_Intrinsics_vec128_mul64(r1, a01);
-  Lib_IntVector_Intrinsics_vec128 a22 = Lib_IntVector_Intrinsics_vec128_mul64(r2, a01);
-  Lib_IntVector_Intrinsics_vec128 a32 = Lib_IntVector_Intrinsics_vec128_mul64(r3, a01);
-  Lib_IntVector_Intrinsics_vec128 a42 = Lib_IntVector_Intrinsics_vec128_mul64(r4, a01);
-  Lib_IntVector_Intrinsics_vec128
-  a03 =
-    Lib_IntVector_Intrinsics_vec128_add64(a02,
-      Lib_IntVector_Intrinsics_vec128_mul64(r54, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a13 =
-    Lib_IntVector_Intrinsics_vec128_add64(a12,
-      Lib_IntVector_Intrinsics_vec128_mul64(r0, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a23 =
-    Lib_IntVector_Intrinsics_vec128_add64(a22,
-      Lib_IntVector_Intrinsics_vec128_mul64(r1, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a33 =
-    Lib_IntVector_Intrinsics_vec128_add64(a32,
-      Lib_IntVector_Intrinsics_vec128_mul64(r2, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a43 =
-    Lib_IntVector_Intrinsics_vec128_add64(a42,
-      Lib_IntVector_Intrinsics_vec128_mul64(r3, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a04 =
-    Lib_IntVector_Intrinsics_vec128_add64(a03,
-      Lib_IntVector_Intrinsics_vec128_mul64(r53, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a14 =
-    Lib_IntVector_Intrinsics_vec128_add64(a13,
-      Lib_IntVector_Intrinsics_vec128_mul64(r54, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a24 =
-    Lib_IntVector_Intrinsics_vec128_add64(a23,
-      Lib_IntVector_Intrinsics_vec128_mul64(r0, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a34 =
-    Lib_IntVector_Intrinsics_vec128_add64(a33,
-      Lib_IntVector_Intrinsics_vec128_mul64(r1, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a44 =
-    Lib_IntVector_Intrinsics_vec128_add64(a43,
-      Lib_IntVector_Intrinsics_vec128_mul64(r2, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a05 =
-    Lib_IntVector_Intrinsics_vec128_add64(a04,
-      Lib_IntVector_Intrinsics_vec128_mul64(r52, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a15 =
-    Lib_IntVector_Intrinsics_vec128_add64(a14,
-      Lib_IntVector_Intrinsics_vec128_mul64(r53, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a25 =
-    Lib_IntVector_Intrinsics_vec128_add64(a24,
-      Lib_IntVector_Intrinsics_vec128_mul64(r54, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a35 =
-    Lib_IntVector_Intrinsics_vec128_add64(a34,
-      Lib_IntVector_Intrinsics_vec128_mul64(r0, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a45 =
-    Lib_IntVector_Intrinsics_vec128_add64(a44,
-      Lib_IntVector_Intrinsics_vec128_mul64(r1, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a06 =
-    Lib_IntVector_Intrinsics_vec128_add64(a05,
-      Lib_IntVector_Intrinsics_vec128_mul64(r51, a41));
-  Lib_IntVector_Intrinsics_vec128
-  a16 =
-    Lib_IntVector_Intrinsics_vec128_add64(a15,
-      Lib_IntVector_Intrinsics_vec128_mul64(r52, a41));
-  Lib_IntVector_Intrinsics_vec128
-  a26 =
-    Lib_IntVector_Intrinsics_vec128_add64(a25,
-      Lib_IntVector_Intrinsics_vec128_mul64(r53, a41));
-  Lib_IntVector_Intrinsics_vec128
-  a36 =
-    Lib_IntVector_Intrinsics_vec128_add64(a35,
-      Lib_IntVector_Intrinsics_vec128_mul64(r54, a41));
-  Lib_IntVector_Intrinsics_vec128
-  a46 =
-    Lib_IntVector_Intrinsics_vec128_add64(a45,
-      Lib_IntVector_Intrinsics_vec128_mul64(r0, a41));
-  Lib_IntVector_Intrinsics_vec128 t0 = a06;
-  Lib_IntVector_Intrinsics_vec128 t1 = a16;
-  Lib_IntVector_Intrinsics_vec128 t2 = a26;
-  Lib_IntVector_Intrinsics_vec128 t3 = a36;
-  Lib_IntVector_Intrinsics_vec128 t4 = a46;
-  Lib_IntVector_Intrinsics_vec128
-  mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
-  Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
-  Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
-  Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec128
-  z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
-  Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
-  Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
-  Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
-  Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
-  Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec128
-  z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
-  Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
-  Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
-  Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec128
-  z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
-  Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
-  Lib_IntVector_Intrinsics_vec128 o0 = x02;
-  Lib_IntVector_Intrinsics_vec128 o1 = x12;
-  Lib_IntVector_Intrinsics_vec128 o2 = x21;
-  Lib_IntVector_Intrinsics_vec128 o3 = x32;
-  Lib_IntVector_Intrinsics_vec128 o4 = x42;
-  acc[0U] = o0;
-  acc[1U] = o1;
-  acc[2U] = o2;
-  acc[3U] = o3;
-  acc[4U] = o4;
+  rn_5[0U] = Lib_IntVector_Intrinsics_vec128_smul64(f201, 5ULL);
+  rn_5[1U] = Lib_IntVector_Intrinsics_vec128_smul64(f21, 5ULL);
+  rn_5[2U] = Lib_IntVector_Intrinsics_vec128_smul64(f22, 5ULL);
+  rn_5[3U] = Lib_IntVector_Intrinsics_vec128_smul64(f23, 5ULL);
+  rn_5[4U] = Lib_IntVector_Intrinsics_vec128_smul64(f24, 5ULL);
 }
 
-void
-Hacl_Poly1305_128_poly1305_update(
-  Lib_IntVector_Intrinsics_vec128 *ctx,
-  uint32_t len,
-  uint8_t *text
-)
+static void poly1305_update(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t *text)
 {
-  Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec128 *pre = ctx + 5U;
   Lib_IntVector_Intrinsics_vec128 *acc = ctx;
-  uint32_t sz_block = (uint32_t)32U;
+  uint32_t sz_block = 32U;
   uint32_t len0 = len / sz_block * sz_block;
   uint8_t *t0 = text;
-  if (len0 > (uint32_t)0U)
+  if (len0 > 0U)
   {
-    uint32_t bs = (uint32_t)32U;
+    uint32_t bs = 32U;
     uint8_t *text0 = t0;
-    Hacl_Impl_Poly1305_Field32xN_128_load_acc2(acc, text0);
+    Hacl_MAC_Poly1305_Simd128_load_acc2(acc, text0);
     uint32_t len1 = len0 - bs;
     uint8_t *text1 = t0 + bs;
     uint32_t nb = len1 / bs;
-    for (uint32_t i = (uint32_t)0U; i < nb; i++)
+    for (uint32_t i = 0U; i < nb; i++)
     {
       uint8_t *block = text1 + i * bs;
       KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
       Lib_IntVector_Intrinsics_vec128 b1 = Lib_IntVector_Intrinsics_vec128_load64_le(block);
-      Lib_IntVector_Intrinsics_vec128
-      b2 = Lib_IntVector_Intrinsics_vec128_load64_le(block + (uint32_t)16U);
+      Lib_IntVector_Intrinsics_vec128 b2 = Lib_IntVector_Intrinsics_vec128_load64_le(block + 16U);
       Lib_IntVector_Intrinsics_vec128 lo = Lib_IntVector_Intrinsics_vec128_interleave_low64(b1, b2);
       Lib_IntVector_Intrinsics_vec128
       hi = Lib_IntVector_Intrinsics_vec128_interleave_high64(b1, b2);
       Lib_IntVector_Intrinsics_vec128
       f00 =
         Lib_IntVector_Intrinsics_vec128_and(lo,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
       Lib_IntVector_Intrinsics_vec128
       f15 =
-        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-            (uint32_t)26U),
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 26U),
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
       Lib_IntVector_Intrinsics_vec128
       f25 =
-        Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-            (uint32_t)52U),
+        Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 52U),
           Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(hi,
-              Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-            (uint32_t)12U));
+              Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+            12U));
       Lib_IntVector_Intrinsics_vec128
       f30 =
-        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi,
-            (uint32_t)14U),
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-      Lib_IntVector_Intrinsics_vec128
-      f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, (uint32_t)40U);
+        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 14U),
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+      Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 40U);
       Lib_IntVector_Intrinsics_vec128 f0 = f00;
       Lib_IntVector_Intrinsics_vec128 f1 = f15;
       Lib_IntVector_Intrinsics_vec128 f2 = f25;
@@ -838,12 +579,12 @@ Hacl_Poly1305_128_poly1305_update(
       e[2U] = f2;
       e[3U] = f3;
       e[4U] = f41;
-      uint64_t b = (uint64_t)0x1000000U;
+      uint64_t b = 0x1000000ULL;
       Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
       Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
       e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
-      Lib_IntVector_Intrinsics_vec128 *rn = pre + (uint32_t)10U;
-      Lib_IntVector_Intrinsics_vec128 *rn5 = pre + (uint32_t)15U;
+      Lib_IntVector_Intrinsics_vec128 *rn = pre + 10U;
+      Lib_IntVector_Intrinsics_vec128 *rn5 = pre + 15U;
       Lib_IntVector_Intrinsics_vec128 r0 = rn[0U];
       Lib_IntVector_Intrinsics_vec128 r1 = rn[1U];
       Lib_IntVector_Intrinsics_vec128 r2 = rn[2U];
@@ -948,37 +689,28 @@ Hacl_Poly1305_128_poly1305_update(
       Lib_IntVector_Intrinsics_vec128 t2 = a24;
       Lib_IntVector_Intrinsics_vec128 t3 = a34;
       Lib_IntVector_Intrinsics_vec128 t4 = a44;
-      Lib_IntVector_Intrinsics_vec128
-      mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-      Lib_IntVector_Intrinsics_vec128
-      z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+      Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+      Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
       Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
       Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
       Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
       Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-      Lib_IntVector_Intrinsics_vec128
-      z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+      Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+      Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+      Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
       Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
       Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
       Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
       Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
       Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-      Lib_IntVector_Intrinsics_vec128
-      z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+      Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
       Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
       Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
       Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
       Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-      Lib_IntVector_Intrinsics_vec128
-      z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
       Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
       Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
       Lib_IntVector_Intrinsics_vec128 o00 = x02;
@@ -1012,45 +744,41 @@ Hacl_Poly1305_128_poly1305_update(
       acc[3U] = o3;
       acc[4U] = o4;
     }
-    Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(acc, pre);
+    Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize(acc, pre);
   }
   uint32_t len1 = len - len0;
   uint8_t *t1 = text + len0;
-  uint32_t nb = len1 / (uint32_t)16U;
-  uint32_t rem = len1 % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = len1 / 16U;
+  uint32_t rem = len1 % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = t1 + i * (uint32_t)16U;
+    uint8_t *block = t1 + i * 16U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -1061,12 +789,12 @@ Hacl_Poly1305_128_poly1305_update(
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
     Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
     Lib_IntVector_Intrinsics_vec128 *r = pre;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
     Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
@@ -1181,37 +909,28 @@ Hacl_Poly1305_128_poly1305_update(
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -1225,41 +944,37 @@ Hacl_Poly1305_128_poly1305_update(
     acc[3U] = o3;
     acc[4U] = o4;
   }
-  if (rem > (uint32_t)0U)
+  if (rem > 0U)
   {
-    uint8_t *last = t1 + nb * (uint32_t)16U;
+    uint8_t *last = t1 + nb * 16U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -1270,12 +985,12 @@ Hacl_Poly1305_128_poly1305_update(
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem * 8U % 26U;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
-    Lib_IntVector_Intrinsics_vec128 fi = e[rem * (uint32_t)8U / (uint32_t)26U];
-    e[rem * (uint32_t)8U / (uint32_t)26U] = Lib_IntVector_Intrinsics_vec128_or(fi, mask);
+    Lib_IntVector_Intrinsics_vec128 fi = e[rem * 8U / 26U];
+    e[rem * 8U / 26U] = Lib_IntVector_Intrinsics_vec128_or(fi, mask);
     Lib_IntVector_Intrinsics_vec128 *r = pre;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
     Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
@@ -1390,37 +1105,28 @@ Hacl_Poly1305_128_poly1305_update(
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -1438,14 +1144,14 @@ Hacl_Poly1305_128_poly1305_update(
 }
 
 void
-Hacl_Poly1305_128_poly1305_finish(
+Hacl_MAC_Poly1305_Simd128_poly1305_finish(
   uint8_t *tag,
   uint8_t *key,
   Lib_IntVector_Intrinsics_vec128 *ctx
 )
 {
   Lib_IntVector_Intrinsics_vec128 *acc = ctx;
-  uint8_t *ks = key + (uint32_t)16U;
+  uint8_t *ks = key + 16U;
   Lib_IntVector_Intrinsics_vec128 f0 = acc[0U];
   Lib_IntVector_Intrinsics_vec128 f13 = acc[1U];
   Lib_IntVector_Intrinsics_vec128 f23 = acc[2U];
@@ -1456,41 +1162,36 @@ Hacl_Poly1305_128_poly1305_finish(
   Lib_IntVector_Intrinsics_vec128
   tmp00 =
     Lib_IntVector_Intrinsics_vec128_and(l0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c00 = Lib_IntVector_Intrinsics_vec128_shift_right64(l0, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c00 = Lib_IntVector_Intrinsics_vec128_shift_right64(l0, 26U);
   Lib_IntVector_Intrinsics_vec128 l1 = Lib_IntVector_Intrinsics_vec128_add64(f13, c00);
   Lib_IntVector_Intrinsics_vec128
   tmp10 =
     Lib_IntVector_Intrinsics_vec128_and(l1,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c10 = Lib_IntVector_Intrinsics_vec128_shift_right64(l1, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c10 = Lib_IntVector_Intrinsics_vec128_shift_right64(l1, 26U);
   Lib_IntVector_Intrinsics_vec128 l2 = Lib_IntVector_Intrinsics_vec128_add64(f23, c10);
   Lib_IntVector_Intrinsics_vec128
   tmp20 =
     Lib_IntVector_Intrinsics_vec128_and(l2,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c20 = Lib_IntVector_Intrinsics_vec128_shift_right64(l2, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c20 = Lib_IntVector_Intrinsics_vec128_shift_right64(l2, 26U);
   Lib_IntVector_Intrinsics_vec128 l3 = Lib_IntVector_Intrinsics_vec128_add64(f33, c20);
   Lib_IntVector_Intrinsics_vec128
   tmp30 =
     Lib_IntVector_Intrinsics_vec128_and(l3,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c30 = Lib_IntVector_Intrinsics_vec128_shift_right64(l3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c30 = Lib_IntVector_Intrinsics_vec128_shift_right64(l3, 26U);
   Lib_IntVector_Intrinsics_vec128 l4 = Lib_IntVector_Intrinsics_vec128_add64(f40, c30);
   Lib_IntVector_Intrinsics_vec128
   tmp40 =
     Lib_IntVector_Intrinsics_vec128_and(l4,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c40 = Lib_IntVector_Intrinsics_vec128_shift_right64(l4, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c40 = Lib_IntVector_Intrinsics_vec128_shift_right64(l4, 26U);
   Lib_IntVector_Intrinsics_vec128
   f010 =
     Lib_IntVector_Intrinsics_vec128_add64(tmp00,
-      Lib_IntVector_Intrinsics_vec128_smul64(c40, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec128_smul64(c40, 5ULL));
   Lib_IntVector_Intrinsics_vec128 f110 = tmp10;
   Lib_IntVector_Intrinsics_vec128 f210 = tmp20;
   Lib_IntVector_Intrinsics_vec128 f310 = tmp30;
@@ -1500,49 +1201,42 @@ Hacl_Poly1305_128_poly1305_finish(
   Lib_IntVector_Intrinsics_vec128
   tmp0 =
     Lib_IntVector_Intrinsics_vec128_and(l,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c0 = Lib_IntVector_Intrinsics_vec128_shift_right64(l, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c0 = Lib_IntVector_Intrinsics_vec128_shift_right64(l, 26U);
   Lib_IntVector_Intrinsics_vec128 l5 = Lib_IntVector_Intrinsics_vec128_add64(f110, c0);
   Lib_IntVector_Intrinsics_vec128
   tmp1 =
     Lib_IntVector_Intrinsics_vec128_and(l5,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c1 = Lib_IntVector_Intrinsics_vec128_shift_right64(l5, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c1 = Lib_IntVector_Intrinsics_vec128_shift_right64(l5, 26U);
   Lib_IntVector_Intrinsics_vec128 l6 = Lib_IntVector_Intrinsics_vec128_add64(f210, c1);
   Lib_IntVector_Intrinsics_vec128
   tmp2 =
     Lib_IntVector_Intrinsics_vec128_and(l6,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c2 = Lib_IntVector_Intrinsics_vec128_shift_right64(l6, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c2 = Lib_IntVector_Intrinsics_vec128_shift_right64(l6, 26U);
   Lib_IntVector_Intrinsics_vec128 l7 = Lib_IntVector_Intrinsics_vec128_add64(f310, c2);
   Lib_IntVector_Intrinsics_vec128
   tmp3 =
     Lib_IntVector_Intrinsics_vec128_and(l7,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c3 = Lib_IntVector_Intrinsics_vec128_shift_right64(l7, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c3 = Lib_IntVector_Intrinsics_vec128_shift_right64(l7, 26U);
   Lib_IntVector_Intrinsics_vec128 l8 = Lib_IntVector_Intrinsics_vec128_add64(f410, c3);
   Lib_IntVector_Intrinsics_vec128
   tmp4 =
     Lib_IntVector_Intrinsics_vec128_and(l8,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c4 = Lib_IntVector_Intrinsics_vec128_shift_right64(l8, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c4 = Lib_IntVector_Intrinsics_vec128_shift_right64(l8, 26U);
   Lib_IntVector_Intrinsics_vec128
   f02 =
     Lib_IntVector_Intrinsics_vec128_add64(tmp0,
-      Lib_IntVector_Intrinsics_vec128_smul64(c4, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec128_smul64(c4, 5ULL));
   Lib_IntVector_Intrinsics_vec128 f12 = tmp1;
   Lib_IntVector_Intrinsics_vec128 f22 = tmp2;
   Lib_IntVector_Intrinsics_vec128 f32 = tmp3;
   Lib_IntVector_Intrinsics_vec128 f42 = tmp4;
-  Lib_IntVector_Intrinsics_vec128
-  mh = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  ml = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffffbU);
+  Lib_IntVector_Intrinsics_vec128 mh = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec128 ml = Lib_IntVector_Intrinsics_vec128_load64(0x3fffffbULL);
   Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_eq64(f42, mh);
   Lib_IntVector_Intrinsics_vec128
   mask1 =
@@ -1582,36 +1276,334 @@ Hacl_Poly1305_128_poly1305_finish(
   Lib_IntVector_Intrinsics_vec128 f2 = acc[2U];
   Lib_IntVector_Intrinsics_vec128 f3 = acc[3U];
   Lib_IntVector_Intrinsics_vec128 f4 = acc[4U];
-  uint64_t f01 = Lib_IntVector_Intrinsics_vec128_extract64(f00, (uint32_t)0U);
-  uint64_t f112 = Lib_IntVector_Intrinsics_vec128_extract64(f1, (uint32_t)0U);
-  uint64_t f212 = Lib_IntVector_Intrinsics_vec128_extract64(f2, (uint32_t)0U);
-  uint64_t f312 = Lib_IntVector_Intrinsics_vec128_extract64(f3, (uint32_t)0U);
-  uint64_t f41 = Lib_IntVector_Intrinsics_vec128_extract64(f4, (uint32_t)0U);
-  uint64_t lo = (f01 | f112 << (uint32_t)26U) | f212 << (uint32_t)52U;
-  uint64_t hi = (f212 >> (uint32_t)12U | f312 << (uint32_t)14U) | f41 << (uint32_t)40U;
+  uint64_t f01 = Lib_IntVector_Intrinsics_vec128_extract64(f00, 0U);
+  uint64_t f112 = Lib_IntVector_Intrinsics_vec128_extract64(f1, 0U);
+  uint64_t f212 = Lib_IntVector_Intrinsics_vec128_extract64(f2, 0U);
+  uint64_t f312 = Lib_IntVector_Intrinsics_vec128_extract64(f3, 0U);
+  uint64_t f41 = Lib_IntVector_Intrinsics_vec128_extract64(f4, 0U);
+  uint64_t lo = (f01 | f112 << 26U) | f212 << 52U;
+  uint64_t hi = (f212 >> 12U | f312 << 14U) | f41 << 40U;
   uint64_t f10 = lo;
   uint64_t f11 = hi;
   uint64_t u0 = load64_le(ks);
   uint64_t lo0 = u0;
-  uint64_t u = load64_le(ks + (uint32_t)8U);
+  uint64_t u = load64_le(ks + 8U);
   uint64_t hi0 = u;
   uint64_t f20 = lo0;
   uint64_t f21 = hi0;
   uint64_t r0 = f10 + f20;
   uint64_t r1 = f11 + f21;
-  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> (uint32_t)63U;
+  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> 63U;
   uint64_t r11 = r1 + c;
   uint64_t f30 = r0;
   uint64_t f31 = r11;
   store64_le(tag, f30);
-  store64_le(tag + (uint32_t)8U, f31);
+  store64_le(tag + 8U, f31);
+}
+
+Hacl_MAC_Poly1305_Simd128_state_t *Hacl_MAC_Poly1305_Simd128_malloc(uint8_t *key)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+  Lib_IntVector_Intrinsics_vec128
+  *r1 =
+    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
+      sizeof (Lib_IntVector_Intrinsics_vec128) * 25U);
+  memset(r1, 0U, 25U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Lib_IntVector_Intrinsics_vec128 *block_state = r1;
+  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_0 = k_;
+  Hacl_MAC_Poly1305_Simd128_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_0 };
+  Hacl_MAC_Poly1305_Simd128_state_t
+  *p =
+    (Hacl_MAC_Poly1305_Simd128_state_t *)KRML_HOST_MALLOC(sizeof (
+        Hacl_MAC_Poly1305_Simd128_state_t
+      ));
+  p[0U] = s;
+  Hacl_MAC_Poly1305_Simd128_poly1305_init(block_state, key);
+  return p;
+}
+
+void Hacl_MAC_Poly1305_Simd128_reset(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *key)
+{
+  Hacl_MAC_Poly1305_Simd128_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
+  Hacl_MAC_Poly1305_Simd128_poly1305_init(block_state, key);
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_1 = k_;
+  Hacl_MAC_Poly1305_Simd128_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_1 };
+  state[0U] = tmp;
 }
 
-void Hacl_Poly1305_128_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key)
+/**
+0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_MAC_Poly1305_Simd128_update(
+  Hacl_MAC_Poly1305_Simd128_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+)
+{
+  Hacl_MAC_Poly1305_Simd128_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)32U == 0ULL && total_len > 0ULL)
+  {
+    sz = 32U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)32U);
+  }
+  if (chunk_len <= 32U - sz)
+  {
+    Hacl_MAC_Poly1305_Simd128_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec128 *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)32U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 32U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)32U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_MAC_Poly1305_Simd128_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec128 *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)32U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 32U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)32U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 32U, buf);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)32U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 32U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)32U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 32U;
+    uint32_t data1_len = n_blocks * 32U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len,
+          .p_key = k_1
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 32U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_MAC_Poly1305_Simd128_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec128 *block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)32U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 32U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)32U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd128_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+    Hacl_MAC_Poly1305_Simd128_state_t s10 = *state;
+    Lib_IntVector_Intrinsics_vec128 *block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint8_t *k_10 = s10.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)32U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 32U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)32U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 32U, buf);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)32U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 32U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)32U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 32U;
+    uint32_t data1_len = n_blocks * 32U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff),
+          .p_key = k_10
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+void
+Hacl_MAC_Poly1305_Simd128_digest(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *output)
+{
+  Hacl_MAC_Poly1305_Simd128_state_t scrut = *state;
+  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint8_t *k_ = scrut.p_key;
+  uint32_t r;
+  if (total_len % (uint64_t)32U == 0ULL && total_len > 0ULL)
+  {
+    r = 32U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)32U);
+  }
+  uint8_t *buf_1 = buf_;
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 r1[25U] KRML_POST_ALIGN(16) = { 0U };
+  Lib_IntVector_Intrinsics_vec128 *tmp_block_state = r1;
+  memcpy(tmp_block_state, block_state, 25U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  uint32_t ite0;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite0 = 16U;
+  }
+  else
+  {
+    ite0 = r % 16U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite0;
+  uint8_t *buf_multi = buf_1;
+  uint32_t ite;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite = 16U;
+  }
+  else
+  {
+    ite = r % 16U;
+  }
+  poly1305_update(tmp_block_state, r - ite, buf_multi);
+  uint32_t ite1;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite1 = 16U;
+  }
+  else
+  {
+    ite1 = r % 16U;
+  }
+  poly1305_update(tmp_block_state, ite1, buf_last);
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 tmp[25U] KRML_POST_ALIGN(16) = { 0U };
+  memcpy(tmp, tmp_block_state, 25U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Hacl_MAC_Poly1305_Simd128_poly1305_finish(output, k_, tmp);
+}
+
+void Hacl_MAC_Poly1305_Simd128_free(Hacl_MAC_Poly1305_Simd128_state_t *state)
+{
+  Hacl_MAC_Poly1305_Simd128_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
+  KRML_HOST_FREE(k_);
+  KRML_ALIGNED_FREE(block_state);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+void
+Hacl_MAC_Poly1305_Simd128_mac(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key
+)
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ctx[25U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Poly1305_128_poly1305_init(ctx, key);
-  Hacl_Poly1305_128_poly1305_update(ctx, len, text);
-  Hacl_Poly1305_128_poly1305_finish(tag, key, ctx);
+  Hacl_MAC_Poly1305_Simd128_poly1305_init(ctx, key);
+  poly1305_update(ctx, input_len, input);
+  Hacl_MAC_Poly1305_Simd128_poly1305_finish(output, key, ctx);
 }
 
diff --git a/src/msvc/Hacl_Poly1305_256.c b/src/Hacl_MAC_Poly1305_Simd256.c
similarity index 71%
rename from src/msvc/Hacl_Poly1305_256.c
rename to src/Hacl_MAC_Poly1305_Simd256.c
index db28cdc7..f25e8fff 100644
--- a/src/msvc/Hacl_Poly1305_256.c
+++ b/src/Hacl_MAC_Poly1305_Simd256.c
@@ -23,39 +23,30 @@
  */
 
 
-#include "internal/Hacl_Poly1305_256.h"
+#include "internal/Hacl_MAC_Poly1305_Simd256.h"
 
-void
-Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b)
+void Hacl_MAC_Poly1305_Simd256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
   Lib_IntVector_Intrinsics_vec256 lo = Lib_IntVector_Intrinsics_vec256_load64_le(b);
-  Lib_IntVector_Intrinsics_vec256
-  hi = Lib_IntVector_Intrinsics_vec256_load64_le(b + (uint32_t)32U);
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
+  Lib_IntVector_Intrinsics_vec256 hi = Lib_IntVector_Intrinsics_vec256_load64_le(b + 32U);
+  Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
   Lib_IntVector_Intrinsics_vec256 m0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(lo, hi);
   Lib_IntVector_Intrinsics_vec256
   m1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(lo, hi);
-  Lib_IntVector_Intrinsics_vec256
-  m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, (uint32_t)48U);
-  Lib_IntVector_Intrinsics_vec256
-  m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, (uint32_t)48U);
+  Lib_IntVector_Intrinsics_vec256 m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, 48U);
+  Lib_IntVector_Intrinsics_vec256 m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, 48U);
   Lib_IntVector_Intrinsics_vec256 m4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(m0, m1);
   Lib_IntVector_Intrinsics_vec256 t0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m0, m1);
   Lib_IntVector_Intrinsics_vec256 t3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m2, m3);
-  Lib_IntVector_Intrinsics_vec256
-  t2 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)4U);
+  Lib_IntVector_Intrinsics_vec256 t2 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 4U);
   Lib_IntVector_Intrinsics_vec256 o20 = Lib_IntVector_Intrinsics_vec256_and(t2, mask26);
-  Lib_IntVector_Intrinsics_vec256
-  t1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 t1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
   Lib_IntVector_Intrinsics_vec256 o10 = Lib_IntVector_Intrinsics_vec256_and(t1, mask26);
   Lib_IntVector_Intrinsics_vec256 o5 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
-  Lib_IntVector_Intrinsics_vec256
-  t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)30U);
+  Lib_IntVector_Intrinsics_vec256 t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 30U);
   Lib_IntVector_Intrinsics_vec256 o30 = Lib_IntVector_Intrinsics_vec256_and(t31, mask26);
-  Lib_IntVector_Intrinsics_vec256
-  o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, (uint32_t)40U);
+  Lib_IntVector_Intrinsics_vec256 o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, 40U);
   Lib_IntVector_Intrinsics_vec256 o0 = o5;
   Lib_IntVector_Intrinsics_vec256 o1 = o10;
   Lib_IntVector_Intrinsics_vec256 o2 = o20;
@@ -66,7 +57,7 @@ Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc,
   e[2U] = o2;
   e[3U] = o3;
   e[4U] = o4;
-  uint64_t b1 = (uint64_t)0x1000000U;
+  uint64_t b1 = 0x1000000ULL;
   Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b1);
   Lib_IntVector_Intrinsics_vec256 f40 = e[4U];
   e[4U] = Lib_IntVector_Intrinsics_vec256_or(f40, mask);
@@ -88,28 +79,28 @@ Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc,
   Lib_IntVector_Intrinsics_vec256
   r01 =
     Lib_IntVector_Intrinsics_vec256_insert64(r0,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc0, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc0, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256
   r11 =
     Lib_IntVector_Intrinsics_vec256_insert64(r1,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc1, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc1, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256
   r21 =
     Lib_IntVector_Intrinsics_vec256_insert64(r2,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc2, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc2, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256
   r31 =
     Lib_IntVector_Intrinsics_vec256_insert64(r3,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc3, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc3, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256
   r41 =
     Lib_IntVector_Intrinsics_vec256_insert64(r4,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc4, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc4, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_add64(r01, e0);
   Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_add64(r11, e1);
   Lib_IntVector_Intrinsics_vec256 f2 = Lib_IntVector_Intrinsics_vec256_add64(r21, e2);
@@ -128,14 +119,14 @@ Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc,
 }
 
 void
-Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
+Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256 *out,
   Lib_IntVector_Intrinsics_vec256 *p
 )
 {
   Lib_IntVector_Intrinsics_vec256 *r = p;
-  Lib_IntVector_Intrinsics_vec256 *r_5 = p + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec256 *r4 = p + (uint32_t)10U;
+  Lib_IntVector_Intrinsics_vec256 *r_5 = p + 5U;
+  Lib_IntVector_Intrinsics_vec256 *r4 = p + 10U;
   Lib_IntVector_Intrinsics_vec256 a0 = out[0U];
   Lib_IntVector_Intrinsics_vec256 a1 = out[1U];
   Lib_IntVector_Intrinsics_vec256 a2 = out[2U];
@@ -245,37 +236,30 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256 t20 = a250;
   Lib_IntVector_Intrinsics_vec256 t30 = a350;
   Lib_IntVector_Intrinsics_vec256 t40 = a450;
-  Lib_IntVector_Intrinsics_vec256
-  mask260 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z00 = Lib_IntVector_Intrinsics_vec256_shift_right64(t00, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask260 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z00 = Lib_IntVector_Intrinsics_vec256_shift_right64(t00, 26U);
+  Lib_IntVector_Intrinsics_vec256 z10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 26U);
   Lib_IntVector_Intrinsics_vec256 x00 = Lib_IntVector_Intrinsics_vec256_and(t00, mask260);
   Lib_IntVector_Intrinsics_vec256 x30 = Lib_IntVector_Intrinsics_vec256_and(t30, mask260);
   Lib_IntVector_Intrinsics_vec256 x10 = Lib_IntVector_Intrinsics_vec256_add64(t10, z00);
   Lib_IntVector_Intrinsics_vec256 x40 = Lib_IntVector_Intrinsics_vec256_add64(t40, z10);
-  Lib_IntVector_Intrinsics_vec256
-  z010 = Lib_IntVector_Intrinsics_vec256_shift_right64(x10, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z110 = Lib_IntVector_Intrinsics_vec256_shift_right64(x40, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t5 = Lib_IntVector_Intrinsics_vec256_shift_left64(z110, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z010 = Lib_IntVector_Intrinsics_vec256_shift_right64(x10, 26U);
+  Lib_IntVector_Intrinsics_vec256 z110 = Lib_IntVector_Intrinsics_vec256_shift_right64(x40, 26U);
+  Lib_IntVector_Intrinsics_vec256 t5 = Lib_IntVector_Intrinsics_vec256_shift_left64(z110, 2U);
   Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z110, t5);
   Lib_IntVector_Intrinsics_vec256 x110 = Lib_IntVector_Intrinsics_vec256_and(x10, mask260);
   Lib_IntVector_Intrinsics_vec256 x410 = Lib_IntVector_Intrinsics_vec256_and(x40, mask260);
   Lib_IntVector_Intrinsics_vec256 x20 = Lib_IntVector_Intrinsics_vec256_add64(t20, z010);
   Lib_IntVector_Intrinsics_vec256 x010 = Lib_IntVector_Intrinsics_vec256_add64(x00, z12);
+  Lib_IntVector_Intrinsics_vec256 z020 = Lib_IntVector_Intrinsics_vec256_shift_right64(x20, 26U);
   Lib_IntVector_Intrinsics_vec256
-  z020 = Lib_IntVector_Intrinsics_vec256_shift_right64(x20, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z130 = Lib_IntVector_Intrinsics_vec256_shift_right64(x010, (uint32_t)26U);
+  z130 = Lib_IntVector_Intrinsics_vec256_shift_right64(x010, 26U);
   Lib_IntVector_Intrinsics_vec256 x210 = Lib_IntVector_Intrinsics_vec256_and(x20, mask260);
   Lib_IntVector_Intrinsics_vec256 x020 = Lib_IntVector_Intrinsics_vec256_and(x010, mask260);
   Lib_IntVector_Intrinsics_vec256 x310 = Lib_IntVector_Intrinsics_vec256_add64(x30, z020);
   Lib_IntVector_Intrinsics_vec256 x120 = Lib_IntVector_Intrinsics_vec256_add64(x110, z130);
   Lib_IntVector_Intrinsics_vec256
-  z030 = Lib_IntVector_Intrinsics_vec256_shift_right64(x310, (uint32_t)26U);
+  z030 = Lib_IntVector_Intrinsics_vec256_shift_right64(x310, 26U);
   Lib_IntVector_Intrinsics_vec256 x320 = Lib_IntVector_Intrinsics_vec256_and(x310, mask260);
   Lib_IntVector_Intrinsics_vec256 x420 = Lib_IntVector_Intrinsics_vec256_add64(x410, z030);
   Lib_IntVector_Intrinsics_vec256 r20 = x020;
@@ -373,37 +357,30 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256 t21 = a251;
   Lib_IntVector_Intrinsics_vec256 t31 = a351;
   Lib_IntVector_Intrinsics_vec256 t41 = a451;
-  Lib_IntVector_Intrinsics_vec256
-  mask261 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z04 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z14 = Lib_IntVector_Intrinsics_vec256_shift_right64(t31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask261 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z04 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+  Lib_IntVector_Intrinsics_vec256 z14 = Lib_IntVector_Intrinsics_vec256_shift_right64(t31, 26U);
   Lib_IntVector_Intrinsics_vec256 x03 = Lib_IntVector_Intrinsics_vec256_and(t01, mask261);
   Lib_IntVector_Intrinsics_vec256 x33 = Lib_IntVector_Intrinsics_vec256_and(t31, mask261);
   Lib_IntVector_Intrinsics_vec256 x13 = Lib_IntVector_Intrinsics_vec256_add64(t11, z04);
   Lib_IntVector_Intrinsics_vec256 x43 = Lib_IntVector_Intrinsics_vec256_add64(t41, z14);
-  Lib_IntVector_Intrinsics_vec256
-  z011 = Lib_IntVector_Intrinsics_vec256_shift_right64(x13, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z111 = Lib_IntVector_Intrinsics_vec256_shift_right64(x43, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t6 = Lib_IntVector_Intrinsics_vec256_shift_left64(z111, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z011 = Lib_IntVector_Intrinsics_vec256_shift_right64(x13, 26U);
+  Lib_IntVector_Intrinsics_vec256 z111 = Lib_IntVector_Intrinsics_vec256_shift_right64(x43, 26U);
+  Lib_IntVector_Intrinsics_vec256 t6 = Lib_IntVector_Intrinsics_vec256_shift_left64(z111, 2U);
   Lib_IntVector_Intrinsics_vec256 z120 = Lib_IntVector_Intrinsics_vec256_add64(z111, t6);
   Lib_IntVector_Intrinsics_vec256 x111 = Lib_IntVector_Intrinsics_vec256_and(x13, mask261);
   Lib_IntVector_Intrinsics_vec256 x411 = Lib_IntVector_Intrinsics_vec256_and(x43, mask261);
   Lib_IntVector_Intrinsics_vec256 x22 = Lib_IntVector_Intrinsics_vec256_add64(t21, z011);
   Lib_IntVector_Intrinsics_vec256 x011 = Lib_IntVector_Intrinsics_vec256_add64(x03, z120);
+  Lib_IntVector_Intrinsics_vec256 z021 = Lib_IntVector_Intrinsics_vec256_shift_right64(x22, 26U);
   Lib_IntVector_Intrinsics_vec256
-  z021 = Lib_IntVector_Intrinsics_vec256_shift_right64(x22, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z131 = Lib_IntVector_Intrinsics_vec256_shift_right64(x011, (uint32_t)26U);
+  z131 = Lib_IntVector_Intrinsics_vec256_shift_right64(x011, 26U);
   Lib_IntVector_Intrinsics_vec256 x211 = Lib_IntVector_Intrinsics_vec256_and(x22, mask261);
   Lib_IntVector_Intrinsics_vec256 x021 = Lib_IntVector_Intrinsics_vec256_and(x011, mask261);
   Lib_IntVector_Intrinsics_vec256 x311 = Lib_IntVector_Intrinsics_vec256_add64(x33, z021);
   Lib_IntVector_Intrinsics_vec256 x121 = Lib_IntVector_Intrinsics_vec256_add64(x111, z131);
   Lib_IntVector_Intrinsics_vec256
-  z031 = Lib_IntVector_Intrinsics_vec256_shift_right64(x311, (uint32_t)26U);
+  z031 = Lib_IntVector_Intrinsics_vec256_shift_right64(x311, 26U);
   Lib_IntVector_Intrinsics_vec256 x321 = Lib_IntVector_Intrinsics_vec256_and(x311, mask261);
   Lib_IntVector_Intrinsics_vec256 x421 = Lib_IntVector_Intrinsics_vec256_add64(x411, z031);
   Lib_IntVector_Intrinsics_vec256 r30 = x021;
@@ -441,14 +418,10 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   v34344 = Lib_IntVector_Intrinsics_vec256_interleave_low64(r44, r34);
   Lib_IntVector_Intrinsics_vec256
   r12344 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v34344, v12124);
-  Lib_IntVector_Intrinsics_vec256
-  r123451 = Lib_IntVector_Intrinsics_vec256_smul64(r12341, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec256
-  r123452 = Lib_IntVector_Intrinsics_vec256_smul64(r12342, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec256
-  r123453 = Lib_IntVector_Intrinsics_vec256_smul64(r12343, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec256
-  r123454 = Lib_IntVector_Intrinsics_vec256_smul64(r12344, (uint64_t)5U);
+  Lib_IntVector_Intrinsics_vec256 r123451 = Lib_IntVector_Intrinsics_vec256_smul64(r12341, 5ULL);
+  Lib_IntVector_Intrinsics_vec256 r123452 = Lib_IntVector_Intrinsics_vec256_smul64(r12342, 5ULL);
+  Lib_IntVector_Intrinsics_vec256 r123453 = Lib_IntVector_Intrinsics_vec256_smul64(r12343, 5ULL);
+  Lib_IntVector_Intrinsics_vec256 r123454 = Lib_IntVector_Intrinsics_vec256_smul64(r12344, 5ULL);
   Lib_IntVector_Intrinsics_vec256 a01 = Lib_IntVector_Intrinsics_vec256_mul64(r12340, a0);
   Lib_IntVector_Intrinsics_vec256 a11 = Lib_IntVector_Intrinsics_vec256_mul64(r12341, a0);
   Lib_IntVector_Intrinsics_vec256 a21 = Lib_IntVector_Intrinsics_vec256_mul64(r12342, a0);
@@ -539,37 +512,28 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256 t2 = a25;
   Lib_IntVector_Intrinsics_vec256 t3 = a35;
   Lib_IntVector_Intrinsics_vec256 t4 = a45;
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec256
-  z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec256 z121 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
   Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z121);
-  Lib_IntVector_Intrinsics_vec256
-  z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec256
-  z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -612,41 +576,36 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256
   tmp0 =
     Lib_IntVector_Intrinsics_vec256_and(l,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c0 = Lib_IntVector_Intrinsics_vec256_shift_right64(l, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c0 = Lib_IntVector_Intrinsics_vec256_shift_right64(l, 26U);
   Lib_IntVector_Intrinsics_vec256 l0 = Lib_IntVector_Intrinsics_vec256_add64(v21, c0);
   Lib_IntVector_Intrinsics_vec256
   tmp1 =
     Lib_IntVector_Intrinsics_vec256_and(l0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c1 = Lib_IntVector_Intrinsics_vec256_shift_right64(l0, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c1 = Lib_IntVector_Intrinsics_vec256_shift_right64(l0, 26U);
   Lib_IntVector_Intrinsics_vec256 l1 = Lib_IntVector_Intrinsics_vec256_add64(v22, c1);
   Lib_IntVector_Intrinsics_vec256
   tmp2 =
     Lib_IntVector_Intrinsics_vec256_and(l1,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c2 = Lib_IntVector_Intrinsics_vec256_shift_right64(l1, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c2 = Lib_IntVector_Intrinsics_vec256_shift_right64(l1, 26U);
   Lib_IntVector_Intrinsics_vec256 l2 = Lib_IntVector_Intrinsics_vec256_add64(v23, c2);
   Lib_IntVector_Intrinsics_vec256
   tmp3 =
     Lib_IntVector_Intrinsics_vec256_and(l2,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c3 = Lib_IntVector_Intrinsics_vec256_shift_right64(l2, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c3 = Lib_IntVector_Intrinsics_vec256_shift_right64(l2, 26U);
   Lib_IntVector_Intrinsics_vec256 l3 = Lib_IntVector_Intrinsics_vec256_add64(v24, c3);
   Lib_IntVector_Intrinsics_vec256
   tmp4 =
     Lib_IntVector_Intrinsics_vec256_and(l3,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c4 = Lib_IntVector_Intrinsics_vec256_shift_right64(l3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c4 = Lib_IntVector_Intrinsics_vec256_shift_right64(l3, 26U);
   Lib_IntVector_Intrinsics_vec256
   o00 =
     Lib_IntVector_Intrinsics_vec256_add64(tmp0,
-      Lib_IntVector_Intrinsics_vec256_smul64(c4, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec256_smul64(c4, 5ULL));
   Lib_IntVector_Intrinsics_vec256 o1 = tmp1;
   Lib_IntVector_Intrinsics_vec256 o2 = tmp2;
   Lib_IntVector_Intrinsics_vec256 o3 = tmp3;
@@ -658,10 +617,11 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   out[4U] = o4;
 }
 
-void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key)
+void
+Hacl_MAC_Poly1305_Simd256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key)
 {
   Lib_IntVector_Intrinsics_vec256 *acc = ctx;
-  Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec256 *pre = ctx + 5U;
   uint8_t *kr = key;
   acc[0U] = Lib_IntVector_Intrinsics_vec256_zero;
   acc[1U] = Lib_IntVector_Intrinsics_vec256_zero;
@@ -670,41 +630,38 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   acc[4U] = Lib_IntVector_Intrinsics_vec256_zero;
   uint64_t u0 = load64_le(kr);
   uint64_t lo = u0;
-  uint64_t u = load64_le(kr + (uint32_t)8U);
+  uint64_t u = load64_le(kr + 8U);
   uint64_t hi = u;
-  uint64_t mask0 = (uint64_t)0x0ffffffc0fffffffU;
-  uint64_t mask1 = (uint64_t)0x0ffffffc0ffffffcU;
+  uint64_t mask0 = 0x0ffffffc0fffffffULL;
+  uint64_t mask1 = 0x0ffffffc0ffffffcULL;
   uint64_t lo1 = lo & mask0;
   uint64_t hi1 = hi & mask1;
   Lib_IntVector_Intrinsics_vec256 *r = pre;
-  Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec256 *rn = pre + (uint32_t)10U;
-  Lib_IntVector_Intrinsics_vec256 *rn_5 = pre + (uint32_t)15U;
+  Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
+  Lib_IntVector_Intrinsics_vec256 *rn = pre + 10U;
+  Lib_IntVector_Intrinsics_vec256 *rn_5 = pre + 15U;
   Lib_IntVector_Intrinsics_vec256 r_vec0 = Lib_IntVector_Intrinsics_vec256_load64(lo1);
   Lib_IntVector_Intrinsics_vec256 r_vec1 = Lib_IntVector_Intrinsics_vec256_load64(hi1);
   Lib_IntVector_Intrinsics_vec256
   f00 =
     Lib_IntVector_Intrinsics_vec256_and(r_vec0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
   f15 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec0, 26U),
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
   f20 =
-    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec0,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec0, 52U),
       Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(r_vec1,
-          Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec256
   f30 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec1, 14U),
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
-  f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec1, (uint32_t)40U);
+  f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec1, 40U);
   Lib_IntVector_Intrinsics_vec256 f0 = f00;
   Lib_IntVector_Intrinsics_vec256 f1 = f15;
   Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -720,11 +677,11 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 f220 = r[2U];
   Lib_IntVector_Intrinsics_vec256 f230 = r[3U];
   Lib_IntVector_Intrinsics_vec256 f240 = r[4U];
-  r5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f200, (uint64_t)5U);
-  r5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f210, (uint64_t)5U);
-  r5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f220, (uint64_t)5U);
-  r5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f230, (uint64_t)5U);
-  r5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f240, (uint64_t)5U);
+  r5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f200, 5ULL);
+  r5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f210, 5ULL);
+  r5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f220, 5ULL);
+  r5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f230, 5ULL);
+  r5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f240, 5ULL);
   Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
   Lib_IntVector_Intrinsics_vec256 r10 = r[1U];
   Lib_IntVector_Intrinsics_vec256 r20 = r[2U];
@@ -829,37 +786,30 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 t20 = a240;
   Lib_IntVector_Intrinsics_vec256 t30 = a340;
   Lib_IntVector_Intrinsics_vec256 t40 = a440;
-  Lib_IntVector_Intrinsics_vec256
-  mask260 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z00 = Lib_IntVector_Intrinsics_vec256_shift_right64(t00, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask260 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z00 = Lib_IntVector_Intrinsics_vec256_shift_right64(t00, 26U);
+  Lib_IntVector_Intrinsics_vec256 z10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 26U);
   Lib_IntVector_Intrinsics_vec256 x00 = Lib_IntVector_Intrinsics_vec256_and(t00, mask260);
   Lib_IntVector_Intrinsics_vec256 x30 = Lib_IntVector_Intrinsics_vec256_and(t30, mask260);
   Lib_IntVector_Intrinsics_vec256 x10 = Lib_IntVector_Intrinsics_vec256_add64(t10, z00);
   Lib_IntVector_Intrinsics_vec256 x40 = Lib_IntVector_Intrinsics_vec256_add64(t40, z10);
-  Lib_IntVector_Intrinsics_vec256
-  z010 = Lib_IntVector_Intrinsics_vec256_shift_right64(x10, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z110 = Lib_IntVector_Intrinsics_vec256_shift_right64(x40, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t5 = Lib_IntVector_Intrinsics_vec256_shift_left64(z110, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z010 = Lib_IntVector_Intrinsics_vec256_shift_right64(x10, 26U);
+  Lib_IntVector_Intrinsics_vec256 z110 = Lib_IntVector_Intrinsics_vec256_shift_right64(x40, 26U);
+  Lib_IntVector_Intrinsics_vec256 t5 = Lib_IntVector_Intrinsics_vec256_shift_left64(z110, 2U);
   Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z110, t5);
   Lib_IntVector_Intrinsics_vec256 x110 = Lib_IntVector_Intrinsics_vec256_and(x10, mask260);
   Lib_IntVector_Intrinsics_vec256 x410 = Lib_IntVector_Intrinsics_vec256_and(x40, mask260);
   Lib_IntVector_Intrinsics_vec256 x20 = Lib_IntVector_Intrinsics_vec256_add64(t20, z010);
   Lib_IntVector_Intrinsics_vec256 x010 = Lib_IntVector_Intrinsics_vec256_add64(x00, z12);
+  Lib_IntVector_Intrinsics_vec256 z020 = Lib_IntVector_Intrinsics_vec256_shift_right64(x20, 26U);
   Lib_IntVector_Intrinsics_vec256
-  z020 = Lib_IntVector_Intrinsics_vec256_shift_right64(x20, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z130 = Lib_IntVector_Intrinsics_vec256_shift_right64(x010, (uint32_t)26U);
+  z130 = Lib_IntVector_Intrinsics_vec256_shift_right64(x010, 26U);
   Lib_IntVector_Intrinsics_vec256 x210 = Lib_IntVector_Intrinsics_vec256_and(x20, mask260);
   Lib_IntVector_Intrinsics_vec256 x020 = Lib_IntVector_Intrinsics_vec256_and(x010, mask260);
   Lib_IntVector_Intrinsics_vec256 x310 = Lib_IntVector_Intrinsics_vec256_add64(x30, z020);
   Lib_IntVector_Intrinsics_vec256 x120 = Lib_IntVector_Intrinsics_vec256_add64(x110, z130);
   Lib_IntVector_Intrinsics_vec256
-  z030 = Lib_IntVector_Intrinsics_vec256_shift_right64(x310, (uint32_t)26U);
+  z030 = Lib_IntVector_Intrinsics_vec256_shift_right64(x310, 26U);
   Lib_IntVector_Intrinsics_vec256 x320 = Lib_IntVector_Intrinsics_vec256_and(x310, mask260);
   Lib_IntVector_Intrinsics_vec256 x420 = Lib_IntVector_Intrinsics_vec256_add64(x410, z030);
   Lib_IntVector_Intrinsics_vec256 o00 = x020;
@@ -877,11 +827,11 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 f221 = rn[2U];
   Lib_IntVector_Intrinsics_vec256 f231 = rn[3U];
   Lib_IntVector_Intrinsics_vec256 f241 = rn[4U];
-  rn_5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f201, (uint64_t)5U);
-  rn_5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f211, (uint64_t)5U);
-  rn_5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f221, (uint64_t)5U);
-  rn_5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f231, (uint64_t)5U);
-  rn_5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f241, (uint64_t)5U);
+  rn_5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f201, 5ULL);
+  rn_5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f211, 5ULL);
+  rn_5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f221, 5ULL);
+  rn_5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f231, 5ULL);
+  rn_5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f241, 5ULL);
   Lib_IntVector_Intrinsics_vec256 r00 = rn[0U];
   Lib_IntVector_Intrinsics_vec256 r1 = rn[1U];
   Lib_IntVector_Intrinsics_vec256 r2 = rn[2U];
@@ -980,37 +930,28 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 t2 = a24;
   Lib_IntVector_Intrinsics_vec256 t3 = a34;
   Lib_IntVector_Intrinsics_vec256 t4 = a44;
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec256
-  z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec256 z120 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
   Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z120);
-  Lib_IntVector_Intrinsics_vec256
-  z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec256
-  z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -1028,277 +969,57 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 f22 = rn[2U];
   Lib_IntVector_Intrinsics_vec256 f23 = rn[3U];
   Lib_IntVector_Intrinsics_vec256 f24 = rn[4U];
-  rn_5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f202, (uint64_t)5U);
-  rn_5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f21, (uint64_t)5U);
-  rn_5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f22, (uint64_t)5U);
-  rn_5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f23, (uint64_t)5U);
-  rn_5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f24, (uint64_t)5U);
-}
-
-void Hacl_Poly1305_256_poly1305_update1(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *text)
-{
-  Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec256 *acc = ctx;
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
-  uint64_t u0 = load64_le(text);
-  uint64_t lo = u0;
-  uint64_t u = load64_le(text + (uint32_t)8U);
-  uint64_t hi = u;
-  Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
-  Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
-  Lib_IntVector_Intrinsics_vec256
-  f010 =
-    Lib_IntVector_Intrinsics_vec256_and(f0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  f110 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  f20 =
-    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-        (uint32_t)52U),
-      Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-          Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
-  Lib_IntVector_Intrinsics_vec256
-  f30 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
-  Lib_IntVector_Intrinsics_vec256 f01 = f010;
-  Lib_IntVector_Intrinsics_vec256 f111 = f110;
-  Lib_IntVector_Intrinsics_vec256 f2 = f20;
-  Lib_IntVector_Intrinsics_vec256 f3 = f30;
-  Lib_IntVector_Intrinsics_vec256 f41 = f40;
-  e[0U] = f01;
-  e[1U] = f111;
-  e[2U] = f2;
-  e[3U] = f3;
-  e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
-  Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
-  Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
-  e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
-  Lib_IntVector_Intrinsics_vec256 *r = pre;
-  Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
-  Lib_IntVector_Intrinsics_vec256 r1 = r[1U];
-  Lib_IntVector_Intrinsics_vec256 r2 = r[2U];
-  Lib_IntVector_Intrinsics_vec256 r3 = r[3U];
-  Lib_IntVector_Intrinsics_vec256 r4 = r[4U];
-  Lib_IntVector_Intrinsics_vec256 r51 = r5[1U];
-  Lib_IntVector_Intrinsics_vec256 r52 = r5[2U];
-  Lib_IntVector_Intrinsics_vec256 r53 = r5[3U];
-  Lib_IntVector_Intrinsics_vec256 r54 = r5[4U];
-  Lib_IntVector_Intrinsics_vec256 f10 = e[0U];
-  Lib_IntVector_Intrinsics_vec256 f11 = e[1U];
-  Lib_IntVector_Intrinsics_vec256 f12 = e[2U];
-  Lib_IntVector_Intrinsics_vec256 f13 = e[3U];
-  Lib_IntVector_Intrinsics_vec256 f14 = e[4U];
-  Lib_IntVector_Intrinsics_vec256 a0 = acc[0U];
-  Lib_IntVector_Intrinsics_vec256 a1 = acc[1U];
-  Lib_IntVector_Intrinsics_vec256 a2 = acc[2U];
-  Lib_IntVector_Intrinsics_vec256 a3 = acc[3U];
-  Lib_IntVector_Intrinsics_vec256 a4 = acc[4U];
-  Lib_IntVector_Intrinsics_vec256 a01 = Lib_IntVector_Intrinsics_vec256_add64(a0, f10);
-  Lib_IntVector_Intrinsics_vec256 a11 = Lib_IntVector_Intrinsics_vec256_add64(a1, f11);
-  Lib_IntVector_Intrinsics_vec256 a21 = Lib_IntVector_Intrinsics_vec256_add64(a2, f12);
-  Lib_IntVector_Intrinsics_vec256 a31 = Lib_IntVector_Intrinsics_vec256_add64(a3, f13);
-  Lib_IntVector_Intrinsics_vec256 a41 = Lib_IntVector_Intrinsics_vec256_add64(a4, f14);
-  Lib_IntVector_Intrinsics_vec256 a02 = Lib_IntVector_Intrinsics_vec256_mul64(r0, a01);
-  Lib_IntVector_Intrinsics_vec256 a12 = Lib_IntVector_Intrinsics_vec256_mul64(r1, a01);
-  Lib_IntVector_Intrinsics_vec256 a22 = Lib_IntVector_Intrinsics_vec256_mul64(r2, a01);
-  Lib_IntVector_Intrinsics_vec256 a32 = Lib_IntVector_Intrinsics_vec256_mul64(r3, a01);
-  Lib_IntVector_Intrinsics_vec256 a42 = Lib_IntVector_Intrinsics_vec256_mul64(r4, a01);
-  Lib_IntVector_Intrinsics_vec256
-  a03 =
-    Lib_IntVector_Intrinsics_vec256_add64(a02,
-      Lib_IntVector_Intrinsics_vec256_mul64(r54, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a13 =
-    Lib_IntVector_Intrinsics_vec256_add64(a12,
-      Lib_IntVector_Intrinsics_vec256_mul64(r0, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a23 =
-    Lib_IntVector_Intrinsics_vec256_add64(a22,
-      Lib_IntVector_Intrinsics_vec256_mul64(r1, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a33 =
-    Lib_IntVector_Intrinsics_vec256_add64(a32,
-      Lib_IntVector_Intrinsics_vec256_mul64(r2, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a43 =
-    Lib_IntVector_Intrinsics_vec256_add64(a42,
-      Lib_IntVector_Intrinsics_vec256_mul64(r3, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a04 =
-    Lib_IntVector_Intrinsics_vec256_add64(a03,
-      Lib_IntVector_Intrinsics_vec256_mul64(r53, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a14 =
-    Lib_IntVector_Intrinsics_vec256_add64(a13,
-      Lib_IntVector_Intrinsics_vec256_mul64(r54, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a24 =
-    Lib_IntVector_Intrinsics_vec256_add64(a23,
-      Lib_IntVector_Intrinsics_vec256_mul64(r0, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a34 =
-    Lib_IntVector_Intrinsics_vec256_add64(a33,
-      Lib_IntVector_Intrinsics_vec256_mul64(r1, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a44 =
-    Lib_IntVector_Intrinsics_vec256_add64(a43,
-      Lib_IntVector_Intrinsics_vec256_mul64(r2, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a05 =
-    Lib_IntVector_Intrinsics_vec256_add64(a04,
-      Lib_IntVector_Intrinsics_vec256_mul64(r52, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a15 =
-    Lib_IntVector_Intrinsics_vec256_add64(a14,
-      Lib_IntVector_Intrinsics_vec256_mul64(r53, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a25 =
-    Lib_IntVector_Intrinsics_vec256_add64(a24,
-      Lib_IntVector_Intrinsics_vec256_mul64(r54, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a35 =
-    Lib_IntVector_Intrinsics_vec256_add64(a34,
-      Lib_IntVector_Intrinsics_vec256_mul64(r0, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a45 =
-    Lib_IntVector_Intrinsics_vec256_add64(a44,
-      Lib_IntVector_Intrinsics_vec256_mul64(r1, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a06 =
-    Lib_IntVector_Intrinsics_vec256_add64(a05,
-      Lib_IntVector_Intrinsics_vec256_mul64(r51, a41));
-  Lib_IntVector_Intrinsics_vec256
-  a16 =
-    Lib_IntVector_Intrinsics_vec256_add64(a15,
-      Lib_IntVector_Intrinsics_vec256_mul64(r52, a41));
-  Lib_IntVector_Intrinsics_vec256
-  a26 =
-    Lib_IntVector_Intrinsics_vec256_add64(a25,
-      Lib_IntVector_Intrinsics_vec256_mul64(r53, a41));
-  Lib_IntVector_Intrinsics_vec256
-  a36 =
-    Lib_IntVector_Intrinsics_vec256_add64(a35,
-      Lib_IntVector_Intrinsics_vec256_mul64(r54, a41));
-  Lib_IntVector_Intrinsics_vec256
-  a46 =
-    Lib_IntVector_Intrinsics_vec256_add64(a45,
-      Lib_IntVector_Intrinsics_vec256_mul64(r0, a41));
-  Lib_IntVector_Intrinsics_vec256 t0 = a06;
-  Lib_IntVector_Intrinsics_vec256 t1 = a16;
-  Lib_IntVector_Intrinsics_vec256 t2 = a26;
-  Lib_IntVector_Intrinsics_vec256 t3 = a36;
-  Lib_IntVector_Intrinsics_vec256 t4 = a46;
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
-  Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
-  Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
-  Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec256
-  z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
-  Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
-  Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
-  Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
-  Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
-  Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec256
-  z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
-  Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
-  Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
-  Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec256
-  z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
-  Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
-  Lib_IntVector_Intrinsics_vec256 o0 = x02;
-  Lib_IntVector_Intrinsics_vec256 o1 = x12;
-  Lib_IntVector_Intrinsics_vec256 o2 = x21;
-  Lib_IntVector_Intrinsics_vec256 o3 = x32;
-  Lib_IntVector_Intrinsics_vec256 o4 = x42;
-  acc[0U] = o0;
-  acc[1U] = o1;
-  acc[2U] = o2;
-  acc[3U] = o3;
-  acc[4U] = o4;
+  rn_5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f202, 5ULL);
+  rn_5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f21, 5ULL);
+  rn_5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f22, 5ULL);
+  rn_5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f23, 5ULL);
+  rn_5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f24, 5ULL);
 }
 
-void
-Hacl_Poly1305_256_poly1305_update(
-  Lib_IntVector_Intrinsics_vec256 *ctx,
-  uint32_t len,
-  uint8_t *text
-)
+static void poly1305_update(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t *text)
 {
-  Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec256 *pre = ctx + 5U;
   Lib_IntVector_Intrinsics_vec256 *acc = ctx;
-  uint32_t sz_block = (uint32_t)64U;
+  uint32_t sz_block = 64U;
   uint32_t len0 = len / sz_block * sz_block;
   uint8_t *t0 = text;
-  if (len0 > (uint32_t)0U)
+  if (len0 > 0U)
   {
-    uint32_t bs = (uint32_t)64U;
+    uint32_t bs = 64U;
     uint8_t *text0 = t0;
-    Hacl_Impl_Poly1305_Field32xN_256_load_acc4(acc, text0);
+    Hacl_MAC_Poly1305_Simd256_load_acc4(acc, text0);
     uint32_t len1 = len0 - bs;
     uint8_t *text1 = t0 + bs;
     uint32_t nb = len1 / bs;
-    for (uint32_t i = (uint32_t)0U; i < nb; i++)
+    for (uint32_t i = 0U; i < nb; i++)
     {
       uint8_t *block = text1 + i * bs;
       KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
       Lib_IntVector_Intrinsics_vec256 lo = Lib_IntVector_Intrinsics_vec256_load64_le(block);
+      Lib_IntVector_Intrinsics_vec256 hi = Lib_IntVector_Intrinsics_vec256_load64_le(block + 32U);
       Lib_IntVector_Intrinsics_vec256
-      hi = Lib_IntVector_Intrinsics_vec256_load64_le(block + (uint32_t)32U);
-      Lib_IntVector_Intrinsics_vec256
-      mask260 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
+      mask260 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
       Lib_IntVector_Intrinsics_vec256
       m0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(lo, hi);
       Lib_IntVector_Intrinsics_vec256
       m1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(lo, hi);
-      Lib_IntVector_Intrinsics_vec256
-      m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, (uint32_t)48U);
-      Lib_IntVector_Intrinsics_vec256
-      m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, (uint32_t)48U);
+      Lib_IntVector_Intrinsics_vec256 m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, 48U);
+      Lib_IntVector_Intrinsics_vec256 m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, 48U);
       Lib_IntVector_Intrinsics_vec256
       m4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(m0, m1);
       Lib_IntVector_Intrinsics_vec256
       t010 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m0, m1);
       Lib_IntVector_Intrinsics_vec256
       t30 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m2, m3);
-      Lib_IntVector_Intrinsics_vec256
-      t20 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)4U);
+      Lib_IntVector_Intrinsics_vec256 t20 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 4U);
       Lib_IntVector_Intrinsics_vec256 o20 = Lib_IntVector_Intrinsics_vec256_and(t20, mask260);
       Lib_IntVector_Intrinsics_vec256
-      t10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t010, (uint32_t)26U);
+      t10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t010, 26U);
       Lib_IntVector_Intrinsics_vec256 o10 = Lib_IntVector_Intrinsics_vec256_and(t10, mask260);
       Lib_IntVector_Intrinsics_vec256 o5 = Lib_IntVector_Intrinsics_vec256_and(t010, mask260);
-      Lib_IntVector_Intrinsics_vec256
-      t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)30U);
+      Lib_IntVector_Intrinsics_vec256 t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 30U);
       Lib_IntVector_Intrinsics_vec256 o30 = Lib_IntVector_Intrinsics_vec256_and(t31, mask260);
-      Lib_IntVector_Intrinsics_vec256
-      o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256 o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, 40U);
       Lib_IntVector_Intrinsics_vec256 o00 = o5;
       Lib_IntVector_Intrinsics_vec256 o11 = o10;
       Lib_IntVector_Intrinsics_vec256 o21 = o20;
@@ -1309,12 +1030,12 @@ Hacl_Poly1305_256_poly1305_update(
       e[2U] = o21;
       e[3U] = o31;
       e[4U] = o41;
-      uint64_t b = (uint64_t)0x1000000U;
+      uint64_t b = 0x1000000ULL;
       Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
       Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
       e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
-      Lib_IntVector_Intrinsics_vec256 *rn = pre + (uint32_t)10U;
-      Lib_IntVector_Intrinsics_vec256 *rn5 = pre + (uint32_t)15U;
+      Lib_IntVector_Intrinsics_vec256 *rn = pre + 10U;
+      Lib_IntVector_Intrinsics_vec256 *rn5 = pre + 15U;
       Lib_IntVector_Intrinsics_vec256 r0 = rn[0U];
       Lib_IntVector_Intrinsics_vec256 r1 = rn[1U];
       Lib_IntVector_Intrinsics_vec256 r2 = rn[2U];
@@ -1419,37 +1140,28 @@ Hacl_Poly1305_256_poly1305_update(
       Lib_IntVector_Intrinsics_vec256 t2 = a24;
       Lib_IntVector_Intrinsics_vec256 t3 = a34;
       Lib_IntVector_Intrinsics_vec256 t4 = a44;
-      Lib_IntVector_Intrinsics_vec256
-      mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-      Lib_IntVector_Intrinsics_vec256
-      z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+      Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+      Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
       Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
       Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
       Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
       Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-      Lib_IntVector_Intrinsics_vec256
-      z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+      Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+      Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+      Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
       Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
       Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
       Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
       Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
       Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-      Lib_IntVector_Intrinsics_vec256
-      z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+      Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
       Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
       Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
       Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
       Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-      Lib_IntVector_Intrinsics_vec256
-      z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
       Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
       Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
       Lib_IntVector_Intrinsics_vec256 o01 = x02;
@@ -1483,45 +1195,41 @@ Hacl_Poly1305_256_poly1305_update(
       acc[3U] = o3;
       acc[4U] = o4;
     }
-    Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(acc, pre);
+    Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize(acc, pre);
   }
   uint32_t len1 = len - len0;
   uint8_t *t1 = text + len0;
-  uint32_t nb = len1 / (uint32_t)16U;
-  uint32_t rem = len1 % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = len1 / 16U;
+  uint32_t rem = len1 % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = t1 + i * (uint32_t)16U;
+    uint8_t *block = t1 + i * 16U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -1532,12 +1240,12 @@ Hacl_Poly1305_256_poly1305_update(
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
     Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
     Lib_IntVector_Intrinsics_vec256 *r = pre;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
     Lib_IntVector_Intrinsics_vec256 r1 = r[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r[2U];
@@ -1652,37 +1360,28 @@ Hacl_Poly1305_256_poly1305_update(
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -1696,41 +1395,37 @@ Hacl_Poly1305_256_poly1305_update(
     acc[3U] = o3;
     acc[4U] = o4;
   }
-  if (rem > (uint32_t)0U)
+  if (rem > 0U)
   {
-    uint8_t *last = t1 + nb * (uint32_t)16U;
+    uint8_t *last = t1 + nb * 16U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -1741,12 +1436,12 @@ Hacl_Poly1305_256_poly1305_update(
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem * 8U % 26U;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
-    Lib_IntVector_Intrinsics_vec256 fi = e[rem * (uint32_t)8U / (uint32_t)26U];
-    e[rem * (uint32_t)8U / (uint32_t)26U] = Lib_IntVector_Intrinsics_vec256_or(fi, mask);
+    Lib_IntVector_Intrinsics_vec256 fi = e[rem * 8U / 26U];
+    e[rem * 8U / 26U] = Lib_IntVector_Intrinsics_vec256_or(fi, mask);
     Lib_IntVector_Intrinsics_vec256 *r = pre;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
     Lib_IntVector_Intrinsics_vec256 r1 = r[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r[2U];
@@ -1861,37 +1556,28 @@ Hacl_Poly1305_256_poly1305_update(
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -1909,14 +1595,14 @@ Hacl_Poly1305_256_poly1305_update(
 }
 
 void
-Hacl_Poly1305_256_poly1305_finish(
+Hacl_MAC_Poly1305_Simd256_poly1305_finish(
   uint8_t *tag,
   uint8_t *key,
   Lib_IntVector_Intrinsics_vec256 *ctx
 )
 {
   Lib_IntVector_Intrinsics_vec256 *acc = ctx;
-  uint8_t *ks = key + (uint32_t)16U;
+  uint8_t *ks = key + 16U;
   Lib_IntVector_Intrinsics_vec256 f0 = acc[0U];
   Lib_IntVector_Intrinsics_vec256 f13 = acc[1U];
   Lib_IntVector_Intrinsics_vec256 f23 = acc[2U];
@@ -1927,41 +1613,36 @@ Hacl_Poly1305_256_poly1305_finish(
   Lib_IntVector_Intrinsics_vec256
   tmp00 =
     Lib_IntVector_Intrinsics_vec256_and(l0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c00 = Lib_IntVector_Intrinsics_vec256_shift_right64(l0, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c00 = Lib_IntVector_Intrinsics_vec256_shift_right64(l0, 26U);
   Lib_IntVector_Intrinsics_vec256 l1 = Lib_IntVector_Intrinsics_vec256_add64(f13, c00);
   Lib_IntVector_Intrinsics_vec256
   tmp10 =
     Lib_IntVector_Intrinsics_vec256_and(l1,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c10 = Lib_IntVector_Intrinsics_vec256_shift_right64(l1, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c10 = Lib_IntVector_Intrinsics_vec256_shift_right64(l1, 26U);
   Lib_IntVector_Intrinsics_vec256 l2 = Lib_IntVector_Intrinsics_vec256_add64(f23, c10);
   Lib_IntVector_Intrinsics_vec256
   tmp20 =
     Lib_IntVector_Intrinsics_vec256_and(l2,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c20 = Lib_IntVector_Intrinsics_vec256_shift_right64(l2, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c20 = Lib_IntVector_Intrinsics_vec256_shift_right64(l2, 26U);
   Lib_IntVector_Intrinsics_vec256 l3 = Lib_IntVector_Intrinsics_vec256_add64(f33, c20);
   Lib_IntVector_Intrinsics_vec256
   tmp30 =
     Lib_IntVector_Intrinsics_vec256_and(l3,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c30 = Lib_IntVector_Intrinsics_vec256_shift_right64(l3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c30 = Lib_IntVector_Intrinsics_vec256_shift_right64(l3, 26U);
   Lib_IntVector_Intrinsics_vec256 l4 = Lib_IntVector_Intrinsics_vec256_add64(f40, c30);
   Lib_IntVector_Intrinsics_vec256
   tmp40 =
     Lib_IntVector_Intrinsics_vec256_and(l4,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c40 = Lib_IntVector_Intrinsics_vec256_shift_right64(l4, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c40 = Lib_IntVector_Intrinsics_vec256_shift_right64(l4, 26U);
   Lib_IntVector_Intrinsics_vec256
   f010 =
     Lib_IntVector_Intrinsics_vec256_add64(tmp00,
-      Lib_IntVector_Intrinsics_vec256_smul64(c40, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec256_smul64(c40, 5ULL));
   Lib_IntVector_Intrinsics_vec256 f110 = tmp10;
   Lib_IntVector_Intrinsics_vec256 f210 = tmp20;
   Lib_IntVector_Intrinsics_vec256 f310 = tmp30;
@@ -1971,49 +1652,42 @@ Hacl_Poly1305_256_poly1305_finish(
   Lib_IntVector_Intrinsics_vec256
   tmp0 =
     Lib_IntVector_Intrinsics_vec256_and(l,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c0 = Lib_IntVector_Intrinsics_vec256_shift_right64(l, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c0 = Lib_IntVector_Intrinsics_vec256_shift_right64(l, 26U);
   Lib_IntVector_Intrinsics_vec256 l5 = Lib_IntVector_Intrinsics_vec256_add64(f110, c0);
   Lib_IntVector_Intrinsics_vec256
   tmp1 =
     Lib_IntVector_Intrinsics_vec256_and(l5,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c1 = Lib_IntVector_Intrinsics_vec256_shift_right64(l5, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c1 = Lib_IntVector_Intrinsics_vec256_shift_right64(l5, 26U);
   Lib_IntVector_Intrinsics_vec256 l6 = Lib_IntVector_Intrinsics_vec256_add64(f210, c1);
   Lib_IntVector_Intrinsics_vec256
   tmp2 =
     Lib_IntVector_Intrinsics_vec256_and(l6,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c2 = Lib_IntVector_Intrinsics_vec256_shift_right64(l6, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c2 = Lib_IntVector_Intrinsics_vec256_shift_right64(l6, 26U);
   Lib_IntVector_Intrinsics_vec256 l7 = Lib_IntVector_Intrinsics_vec256_add64(f310, c2);
   Lib_IntVector_Intrinsics_vec256
   tmp3 =
     Lib_IntVector_Intrinsics_vec256_and(l7,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c3 = Lib_IntVector_Intrinsics_vec256_shift_right64(l7, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c3 = Lib_IntVector_Intrinsics_vec256_shift_right64(l7, 26U);
   Lib_IntVector_Intrinsics_vec256 l8 = Lib_IntVector_Intrinsics_vec256_add64(f410, c3);
   Lib_IntVector_Intrinsics_vec256
   tmp4 =
     Lib_IntVector_Intrinsics_vec256_and(l8,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c4 = Lib_IntVector_Intrinsics_vec256_shift_right64(l8, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c4 = Lib_IntVector_Intrinsics_vec256_shift_right64(l8, 26U);
   Lib_IntVector_Intrinsics_vec256
   f02 =
     Lib_IntVector_Intrinsics_vec256_add64(tmp0,
-      Lib_IntVector_Intrinsics_vec256_smul64(c4, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec256_smul64(c4, 5ULL));
   Lib_IntVector_Intrinsics_vec256 f12 = tmp1;
   Lib_IntVector_Intrinsics_vec256 f22 = tmp2;
   Lib_IntVector_Intrinsics_vec256 f32 = tmp3;
   Lib_IntVector_Intrinsics_vec256 f42 = tmp4;
-  Lib_IntVector_Intrinsics_vec256
-  mh = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  ml = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffffbU);
+  Lib_IntVector_Intrinsics_vec256 mh = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 ml = Lib_IntVector_Intrinsics_vec256_load64(0x3fffffbULL);
   Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_eq64(f42, mh);
   Lib_IntVector_Intrinsics_vec256
   mask1 =
@@ -2053,36 +1727,334 @@ Hacl_Poly1305_256_poly1305_finish(
   Lib_IntVector_Intrinsics_vec256 f2 = acc[2U];
   Lib_IntVector_Intrinsics_vec256 f3 = acc[3U];
   Lib_IntVector_Intrinsics_vec256 f4 = acc[4U];
-  uint64_t f01 = Lib_IntVector_Intrinsics_vec256_extract64(f00, (uint32_t)0U);
-  uint64_t f112 = Lib_IntVector_Intrinsics_vec256_extract64(f1, (uint32_t)0U);
-  uint64_t f212 = Lib_IntVector_Intrinsics_vec256_extract64(f2, (uint32_t)0U);
-  uint64_t f312 = Lib_IntVector_Intrinsics_vec256_extract64(f3, (uint32_t)0U);
-  uint64_t f41 = Lib_IntVector_Intrinsics_vec256_extract64(f4, (uint32_t)0U);
-  uint64_t lo = (f01 | f112 << (uint32_t)26U) | f212 << (uint32_t)52U;
-  uint64_t hi = (f212 >> (uint32_t)12U | f312 << (uint32_t)14U) | f41 << (uint32_t)40U;
+  uint64_t f01 = Lib_IntVector_Intrinsics_vec256_extract64(f00, 0U);
+  uint64_t f112 = Lib_IntVector_Intrinsics_vec256_extract64(f1, 0U);
+  uint64_t f212 = Lib_IntVector_Intrinsics_vec256_extract64(f2, 0U);
+  uint64_t f312 = Lib_IntVector_Intrinsics_vec256_extract64(f3, 0U);
+  uint64_t f41 = Lib_IntVector_Intrinsics_vec256_extract64(f4, 0U);
+  uint64_t lo = (f01 | f112 << 26U) | f212 << 52U;
+  uint64_t hi = (f212 >> 12U | f312 << 14U) | f41 << 40U;
   uint64_t f10 = lo;
   uint64_t f11 = hi;
   uint64_t u0 = load64_le(ks);
   uint64_t lo0 = u0;
-  uint64_t u = load64_le(ks + (uint32_t)8U);
+  uint64_t u = load64_le(ks + 8U);
   uint64_t hi0 = u;
   uint64_t f20 = lo0;
   uint64_t f21 = hi0;
   uint64_t r0 = f10 + f20;
   uint64_t r1 = f11 + f21;
-  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> (uint32_t)63U;
+  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> 63U;
   uint64_t r11 = r1 + c;
   uint64_t f30 = r0;
   uint64_t f31 = r11;
   store64_le(tag, f30);
-  store64_le(tag + (uint32_t)8U, f31);
+  store64_le(tag + 8U, f31);
+}
+
+Hacl_MAC_Poly1305_Simd256_state_t *Hacl_MAC_Poly1305_Simd256_malloc(uint8_t *key)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  Lib_IntVector_Intrinsics_vec256
+  *r1 =
+    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
+      sizeof (Lib_IntVector_Intrinsics_vec256) * 25U);
+  memset(r1, 0U, 25U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Lib_IntVector_Intrinsics_vec256 *block_state = r1;
+  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_0 = k_;
+  Hacl_MAC_Poly1305_Simd256_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_0 };
+  Hacl_MAC_Poly1305_Simd256_state_t
+  *p =
+    (Hacl_MAC_Poly1305_Simd256_state_t *)KRML_HOST_MALLOC(sizeof (
+        Hacl_MAC_Poly1305_Simd256_state_t
+      ));
+  p[0U] = s;
+  Hacl_MAC_Poly1305_Simd256_poly1305_init(block_state, key);
+  return p;
+}
+
+void Hacl_MAC_Poly1305_Simd256_reset(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *key)
+{
+  Hacl_MAC_Poly1305_Simd256_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
+  Hacl_MAC_Poly1305_Simd256_poly1305_init(block_state, key);
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_1 = k_;
+  Hacl_MAC_Poly1305_Simd256_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_1 };
+  state[0U] = tmp;
 }
 
-void Hacl_Poly1305_256_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key)
+/**
+0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_MAC_Poly1305_Simd256_update(
+  Hacl_MAC_Poly1305_Simd256_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+)
+{
+  Hacl_MAC_Poly1305_Simd256_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    sz = 64U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  if (chunk_len <= 64U - sz)
+  {
+    Hacl_MAC_Poly1305_Simd256_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec256 *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_MAC_Poly1305_Simd256_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec256 *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 64U, buf);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len,
+          .p_key = k_1
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_MAC_Poly1305_Simd256_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec256 *block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 64U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd256_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+    Hacl_MAC_Poly1305_Simd256_state_t s10 = *state;
+    Lib_IntVector_Intrinsics_vec256 *block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint8_t *k_10 = s10.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 64U, buf);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff),
+          .p_key = k_10
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+void
+Hacl_MAC_Poly1305_Simd256_digest(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *output)
+{
+  Hacl_MAC_Poly1305_Simd256_state_t scrut = *state;
+  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint8_t *k_ = scrut.p_key;
+  uint32_t r;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    r = 64U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  uint8_t *buf_1 = buf_;
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 r1[25U] KRML_POST_ALIGN(32) = { 0U };
+  Lib_IntVector_Intrinsics_vec256 *tmp_block_state = r1;
+  memcpy(tmp_block_state, block_state, 25U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  uint32_t ite0;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite0 = 16U;
+  }
+  else
+  {
+    ite0 = r % 16U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite0;
+  uint8_t *buf_multi = buf_1;
+  uint32_t ite;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite = 16U;
+  }
+  else
+  {
+    ite = r % 16U;
+  }
+  poly1305_update(tmp_block_state, r - ite, buf_multi);
+  uint32_t ite1;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite1 = 16U;
+  }
+  else
+  {
+    ite1 = r % 16U;
+  }
+  poly1305_update(tmp_block_state, ite1, buf_last);
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 tmp[25U] KRML_POST_ALIGN(32) = { 0U };
+  memcpy(tmp, tmp_block_state, 25U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Hacl_MAC_Poly1305_Simd256_poly1305_finish(output, k_, tmp);
+}
+
+void Hacl_MAC_Poly1305_Simd256_free(Hacl_MAC_Poly1305_Simd256_state_t *state)
+{
+  Hacl_MAC_Poly1305_Simd256_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
+  KRML_HOST_FREE(k_);
+  KRML_ALIGNED_FREE(block_state);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+void
+Hacl_MAC_Poly1305_Simd256_mac(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key
+)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ctx[25U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Poly1305_256_poly1305_init(ctx, key);
-  Hacl_Poly1305_256_poly1305_update(ctx, len, text);
-  Hacl_Poly1305_256_poly1305_finish(tag, key, ctx);
+  Hacl_MAC_Poly1305_Simd256_poly1305_init(ctx, key);
+  poly1305_update(ctx, input_len, input);
+  Hacl_MAC_Poly1305_Simd256_poly1305_finish(output, key, ctx);
 }
 
diff --git a/src/Hacl_NaCl.c b/src/Hacl_NaCl.c
index 37104040..a1bbd25c 100644
--- a/src/Hacl_NaCl.c
+++ b/src/Hacl_NaCl.c
@@ -30,9 +30,9 @@
 static void secretbox_init(uint8_t *xkeys, uint8_t *k, uint8_t *n)
 {
   uint8_t *subkey = xkeys;
-  uint8_t *aekey = xkeys + (uint32_t)32U;
+  uint8_t *aekey = xkeys + 32U;
   uint8_t *n0 = n;
-  uint8_t *n1 = n + (uint32_t)16U;
+  uint8_t *n1 = n + 16U;
   Hacl_Salsa20_hsalsa20(subkey, k, n0);
   Hacl_Salsa20_salsa20_key_block0(aekey, subkey, n1);
 }
@@ -42,35 +42,35 @@ secretbox_detached(uint32_t mlen, uint8_t *c, uint8_t *tag, uint8_t *k, uint8_t
 {
   uint8_t xkeys[96U] = { 0U };
   secretbox_init(xkeys, k, n);
-  uint8_t *mkey = xkeys + (uint32_t)32U;
-  uint8_t *n1 = n + (uint32_t)16U;
+  uint8_t *mkey = xkeys + 32U;
+  uint8_t *n1 = n + 16U;
   uint8_t *subkey = xkeys;
-  uint8_t *ekey0 = xkeys + (uint32_t)64U;
+  uint8_t *ekey0 = xkeys + 64U;
   uint32_t mlen0;
-  if (mlen <= (uint32_t)32U)
+  if (mlen <= 32U)
   {
     mlen0 = mlen;
   }
   else
   {
-    mlen0 = (uint32_t)32U;
+    mlen0 = 32U;
   }
   uint32_t mlen1 = mlen - mlen0;
   uint8_t *m0 = m;
   uint8_t *m1 = m + mlen0;
   uint8_t block0[32U] = { 0U };
   memcpy(block0, m0, mlen0 * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t *os = block0;
-    uint8_t x = block0[i] ^ ekey0[i];
+    uint8_t x = (uint32_t)block0[i] ^ (uint32_t)ekey0[i];
     os[i] = x;
   }
   uint8_t *c0 = c;
   uint8_t *c1 = c + mlen0;
   memcpy(c0, block0, mlen0 * sizeof (uint8_t));
-  Hacl_Salsa20_salsa20_encrypt(mlen1, c1, m1, subkey, n1, (uint32_t)1U);
-  Hacl_Poly1305_32_poly1305_mac(tag, mlen, c, mkey);
+  Hacl_Salsa20_salsa20_encrypt(mlen1, c1, m1, subkey, n1, 1U);
+  Hacl_MAC_Poly1305_mac(tag, c, mlen, mkey);
 }
 
 static uint32_t
@@ -85,55 +85,55 @@ secretbox_open_detached(
 {
   uint8_t xkeys[96U] = { 0U };
   secretbox_init(xkeys, k, n);
-  uint8_t *mkey = xkeys + (uint32_t)32U;
+  uint8_t *mkey = xkeys + 32U;
   uint8_t tag_[16U] = { 0U };
-  Hacl_Poly1305_32_poly1305_mac(tag_, mlen, c, mkey);
-  uint8_t res = (uint8_t)255U;
+  Hacl_MAC_Poly1305_mac(tag_, c, mlen, mkey);
+  uint8_t res = 255U;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint8_t uu____0 = FStar_UInt8_eq_mask(tag[i], tag_[i]);
-    res = uu____0 & res;);
+    res = (uint32_t)uu____0 & (uint32_t)res;);
   uint8_t z = res;
-  if (z == (uint8_t)255U)
+  if (z == 255U)
   {
     uint8_t *subkey = xkeys;
-    uint8_t *ekey0 = xkeys + (uint32_t)64U;
-    uint8_t *n1 = n + (uint32_t)16U;
+    uint8_t *ekey0 = xkeys + 64U;
+    uint8_t *n1 = n + 16U;
     uint32_t mlen0;
-    if (mlen <= (uint32_t)32U)
+    if (mlen <= 32U)
     {
       mlen0 = mlen;
     }
     else
     {
-      mlen0 = (uint32_t)32U;
+      mlen0 = 32U;
     }
     uint32_t mlen1 = mlen - mlen0;
     uint8_t *c0 = c;
     uint8_t *c1 = c + mlen0;
     uint8_t block0[32U] = { 0U };
     memcpy(block0, c0, mlen0 * sizeof (uint8_t));
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t *os = block0;
-      uint8_t x = block0[i] ^ ekey0[i];
+      uint8_t x = (uint32_t)block0[i] ^ (uint32_t)ekey0[i];
       os[i] = x;
     }
     uint8_t *m0 = m;
     uint8_t *m1 = m + mlen0;
     memcpy(m0, block0, mlen0 * sizeof (uint8_t));
-    Hacl_Salsa20_salsa20_decrypt(mlen1, m1, c1, subkey, n1, (uint32_t)1U);
-    return (uint32_t)0U;
+    Hacl_Salsa20_salsa20_decrypt(mlen1, m1, c1, subkey, n1, 1U);
+    return 0U;
   }
-  return (uint32_t)0xffffffffU;
+  return 0xffffffffU;
 }
 
 static void secretbox_easy(uint32_t mlen, uint8_t *c, uint8_t *k, uint8_t *n, uint8_t *m)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   secretbox_detached(mlen, cip, tag, k, n, m);
 }
 
@@ -141,7 +141,7 @@ static uint32_t
 secretbox_open_easy(uint32_t mlen, uint8_t *m, uint8_t *k, uint8_t *n, uint8_t *c)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   return secretbox_open_detached(mlen, m, k, n, cip, tag);
 }
 
@@ -152,9 +152,9 @@ static inline uint32_t box_beforenm(uint8_t *k, uint8_t *pk, uint8_t *sk)
   if (r)
   {
     Hacl_Salsa20_hsalsa20(k, k, n0);
-    return (uint32_t)0U;
+    return 0U;
   }
-  return (uint32_t)0xffffffffU;
+  return 0xffffffffU;
 }
 
 static inline uint32_t
@@ -168,7 +168,7 @@ box_detached_afternm(
 )
 {
   secretbox_detached(mlen, c, tag, k, n, m);
-  return (uint32_t)0U;
+  return 0U;
 }
 
 static inline uint32_t
@@ -184,11 +184,11 @@ box_detached(
 {
   uint8_t k[32U] = { 0U };
   uint32_t r = box_beforenm(k, pk, sk);
-  if (r == (uint32_t)0U)
+  if (r == 0U)
   {
     return box_detached_afternm(mlen, c, tag, k, n, m);
   }
-  return (uint32_t)0xffffffffU;
+  return 0xffffffffU;
 }
 
 static inline uint32_t
@@ -217,18 +217,18 @@ box_open_detached(
 {
   uint8_t k[32U] = { 0U };
   uint32_t r = box_beforenm(k, pk, sk);
-  if (r == (uint32_t)0U)
+  if (r == 0U)
   {
     return box_open_detached_afternm(mlen, m, k, n, c, tag);
   }
-  return (uint32_t)0xffffffffU;
+  return 0xffffffffU;
 }
 
 static inline uint32_t
 box_easy_afternm(uint32_t mlen, uint8_t *c, uint8_t *k, uint8_t *n, uint8_t *m)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   uint32_t res = box_detached_afternm(mlen, cip, tag, k, n, m);
   return res;
 }
@@ -237,7 +237,7 @@ static inline uint32_t
 box_easy(uint32_t mlen, uint8_t *c, uint8_t *sk, uint8_t *pk, uint8_t *n, uint8_t *m)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   uint32_t res = box_detached(mlen, cip, tag, sk, pk, n, m);
   return res;
 }
@@ -246,7 +246,7 @@ static inline uint32_t
 box_open_easy_afternm(uint32_t mlen, uint8_t *m, uint8_t *k, uint8_t *n, uint8_t *c)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   return box_open_detached_afternm(mlen, m, k, n, cip, tag);
 }
 
@@ -254,7 +254,7 @@ static inline uint32_t
 box_open_easy(uint32_t mlen, uint8_t *m, uint8_t *pk, uint8_t *sk, uint8_t *n, uint8_t *c)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   return box_open_detached(mlen, m, pk, sk, n, cip, tag);
 }
 
@@ -281,7 +281,7 @@ Hacl_NaCl_crypto_secretbox_detached(
 )
 {
   secretbox_detached(mlen, c, tag, k, n, m);
-  return (uint32_t)0U;
+  return 0U;
 }
 
 /**
@@ -322,7 +322,7 @@ uint32_t
 Hacl_NaCl_crypto_secretbox_easy(uint8_t *c, uint8_t *m, uint32_t mlen, uint8_t *n, uint8_t *k)
 {
   secretbox_easy(mlen, c, k, n, m);
-  return (uint32_t)0U;
+  return 0U;
 }
 
 /**
@@ -343,7 +343,7 @@ Hacl_NaCl_crypto_secretbox_open_easy(
   uint8_t *k
 )
 {
-  return secretbox_open_easy(clen - (uint32_t)16U, m, k, n, c);
+  return secretbox_open_easy(clen - 16U, m, k, n, c);
 }
 
 /**
@@ -490,7 +490,7 @@ Hacl_NaCl_crypto_box_open_easy_afternm(
   uint8_t *k
 )
 {
-  return box_open_easy_afternm(clen - (uint32_t)16U, m, k, n, c);
+  return box_open_easy_afternm(clen - 16U, m, k, n, c);
 }
 
 /**
@@ -513,6 +513,6 @@ Hacl_NaCl_crypto_box_open_easy(
   uint8_t *sk
 )
 {
-  return box_open_easy(clen - (uint32_t)16U, m, pk, sk, n, c);
+  return box_open_easy(clen - 16U, m, pk, sk, n, c);
 }
 
diff --git a/src/Hacl_P256.c b/src/Hacl_P256.c
index 7e586e54..609fed81 100644
--- a/src/Hacl_P256.c
+++ b/src/Hacl_P256.c
@@ -33,11 +33,11 @@
 static inline uint64_t bn_is_zero_mask4(uint64_t *f)
 {
   uint64_t bn_zero[4U] = { 0U };
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(f[i], bn_zero[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
@@ -48,16 +48,16 @@ static inline uint64_t bn_is_zero_mask4(uint64_t *f)
 static inline bool bn_is_zero_vartime4(uint64_t *f)
 {
   uint64_t m = bn_is_zero_mask4(f);
-  return m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static inline uint64_t bn_is_eq_mask4(uint64_t *a, uint64_t *b)
 {
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
@@ -67,16 +67,16 @@ static inline uint64_t bn_is_eq_mask4(uint64_t *a, uint64_t *b)
 static inline bool bn_is_eq_vartime4(uint64_t *a, uint64_t *b)
 {
   uint64_t m = bn_is_eq_mask4(a, b);
-  return m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static inline void bn_cmovznz4(uint64_t *res, uint64_t cin, uint64_t *x, uint64_t *y)
 {
-  uint64_t mask = ~FStar_UInt64_eq_mask(cin, (uint64_t)0U);
+  uint64_t mask = ~FStar_UInt64_eq_mask(cin, 0ULL);
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t uu____0 = x[i];
     uint64_t x1 = uu____0 ^ (mask & (y[i] ^ uu____0));
@@ -85,52 +85,52 @@ static inline void bn_cmovznz4(uint64_t *res, uint64_t cin, uint64_t *x, uint64_
 
 static inline void bn_add_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t *y)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = x[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = y[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = x[4U * 0U];
+    uint64_t t20 = y[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = x[4U * 0U + 1U];
+    uint64_t t21 = y[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = x[4U * 0U + 2U];
+    uint64_t t22 = y[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = x[4U * 0U + 3U];
+    uint64_t t2 = y[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x1;);
@@ -138,23 +138,23 @@ static inline void bn_add_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t
 
 static inline uint64_t bn_sub4(uint64_t *res, uint64_t *x, uint64_t *y)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = x[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = y[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = x[4U * 0U];
+    uint64_t t20 = y[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = x[4U * 0U + 1U];
+    uint64_t t21 = y[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = x[4U * 0U + 2U];
+    uint64_t t22 = y[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = x[4U * 0U + 3U];
+    uint64_t t2 = y[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c0 = c;
@@ -163,53 +163,53 @@ static inline uint64_t bn_sub4(uint64_t *res, uint64_t *x, uint64_t *y)
 
 static inline void bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t *y)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = x[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = y[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = x[4U * 0U];
+    uint64_t t20 = y[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = x[4U * 0U + 1U];
+    uint64_t t21 = y[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = x[4U * 0U + 2U];
+    uint64_t t22 = y[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = x[4U * 0U + 3U];
+    uint64_t t2 = y[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x1 = (c2 & tmp[i]) | (~c2 & res[i]);
     os[i] = x1;);
@@ -217,59 +217,59 @@ static inline void bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t
 
 static inline void bn_mul4(uint64_t *res, uint64_t *x, uint64_t *y)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t bj = y[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = x[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = x[4U * 0U];
+      uint64_t *res_i0 = res_j + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = x[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = x[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = x[4U * 0U + 3U];
+      uint64_t *res_i = res_j + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
     uint64_t r = c;
-    res[(uint32_t)4U + i0] = r;);
+    res[4U + i0] = r;);
 }
 
 static inline void bn_sqr4(uint64_t *res, uint64_t *x)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *ab = x;
     uint64_t a_j = x[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = ab[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = ab[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = ab[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = ab[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint64_t a_i = ab[i];
       uint64_t *res_i = res_j + i;
@@ -277,41 +277,37 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     }
     uint64_t r = c;
     res[i0 + i0] = r;);
-  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, res, res);
+  KRML_MAYBE_UNUSED_VAR(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(x[i], x[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U));
+    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U));
     uint64_t lo = FStar_UInt128_uint128_to_uint64(res1);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;);
+  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, tmp, res);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline void bn_to_bytes_be4(uint8_t *res, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_be(res + i * (uint32_t)8U, f[(uint32_t)4U - i - (uint32_t)1U]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(res + i * 8U, f[4U - i - 1U]););
 }
 
 static inline void bn_from_bytes_be4(uint64_t *res, uint8_t *b)
 {
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
-    uint64_t u = load64_be(b + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(b + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
 }
@@ -319,79 +315,79 @@ static inline void bn_from_bytes_be4(uint64_t *res, uint8_t *b)
 static inline void bn2_to_bytes_be4(uint8_t *res, uint64_t *x, uint64_t *y)
 {
   bn_to_bytes_be4(res, x);
-  bn_to_bytes_be4(res + (uint32_t)32U, y);
+  bn_to_bytes_be4(res + 32U, y);
 }
 
 static inline void make_prime(uint64_t *n)
 {
-  n[0U] = (uint64_t)0xffffffffffffffffU;
-  n[1U] = (uint64_t)0xffffffffU;
-  n[2U] = (uint64_t)0x0U;
-  n[3U] = (uint64_t)0xffffffff00000001U;
+  n[0U] = 0xffffffffffffffffULL;
+  n[1U] = 0xffffffffULL;
+  n[2U] = 0x0ULL;
+  n[3U] = 0xffffffff00000001ULL;
 }
 
 static inline void make_order(uint64_t *n)
 {
-  n[0U] = (uint64_t)0xf3b9cac2fc632551U;
-  n[1U] = (uint64_t)0xbce6faada7179e84U;
-  n[2U] = (uint64_t)0xffffffffffffffffU;
-  n[3U] = (uint64_t)0xffffffff00000000U;
+  n[0U] = 0xf3b9cac2fc632551ULL;
+  n[1U] = 0xbce6faada7179e84ULL;
+  n[2U] = 0xffffffffffffffffULL;
+  n[3U] = 0xffffffff00000000ULL;
 }
 
 static inline void make_a_coeff(uint64_t *a)
 {
-  a[0U] = (uint64_t)0xfffffffffffffffcU;
-  a[1U] = (uint64_t)0x3ffffffffU;
-  a[2U] = (uint64_t)0x0U;
-  a[3U] = (uint64_t)0xfffffffc00000004U;
+  a[0U] = 0xfffffffffffffffcULL;
+  a[1U] = 0x3ffffffffULL;
+  a[2U] = 0x0ULL;
+  a[3U] = 0xfffffffc00000004ULL;
 }
 
 static inline void make_b_coeff(uint64_t *b)
 {
-  b[0U] = (uint64_t)0xd89cdf6229c4bddfU;
-  b[1U] = (uint64_t)0xacf005cd78843090U;
-  b[2U] = (uint64_t)0xe5a220abf7212ed6U;
-  b[3U] = (uint64_t)0xdc30061d04874834U;
+  b[0U] = 0xd89cdf6229c4bddfULL;
+  b[1U] = 0xacf005cd78843090ULL;
+  b[2U] = 0xe5a220abf7212ed6ULL;
+  b[3U] = 0xdc30061d04874834ULL;
 }
 
 static inline void make_g_x(uint64_t *n)
 {
-  n[0U] = (uint64_t)0x79e730d418a9143cU;
-  n[1U] = (uint64_t)0x75ba95fc5fedb601U;
-  n[2U] = (uint64_t)0x79fb732b77622510U;
-  n[3U] = (uint64_t)0x18905f76a53755c6U;
+  n[0U] = 0x79e730d418a9143cULL;
+  n[1U] = 0x75ba95fc5fedb601ULL;
+  n[2U] = 0x79fb732b77622510ULL;
+  n[3U] = 0x18905f76a53755c6ULL;
 }
 
 static inline void make_g_y(uint64_t *n)
 {
-  n[0U] = (uint64_t)0xddf25357ce95560aU;
-  n[1U] = (uint64_t)0x8b4ab8e4ba19e45cU;
-  n[2U] = (uint64_t)0xd2e88688dd21f325U;
-  n[3U] = (uint64_t)0x8571ff1825885d85U;
+  n[0U] = 0xddf25357ce95560aULL;
+  n[1U] = 0x8b4ab8e4ba19e45cULL;
+  n[2U] = 0xd2e88688dd21f325ULL;
+  n[3U] = 0x8571ff1825885d85ULL;
 }
 
 static inline void make_fmont_R2(uint64_t *n)
 {
-  n[0U] = (uint64_t)0x3U;
-  n[1U] = (uint64_t)0xfffffffbffffffffU;
-  n[2U] = (uint64_t)0xfffffffffffffffeU;
-  n[3U] = (uint64_t)0x4fffffffdU;
+  n[0U] = 0x3ULL;
+  n[1U] = 0xfffffffbffffffffULL;
+  n[2U] = 0xfffffffffffffffeULL;
+  n[3U] = 0x4fffffffdULL;
 }
 
 static inline void make_fzero(uint64_t *n)
 {
-  n[0U] = (uint64_t)0U;
-  n[1U] = (uint64_t)0U;
-  n[2U] = (uint64_t)0U;
-  n[3U] = (uint64_t)0U;
+  n[0U] = 0ULL;
+  n[1U] = 0ULL;
+  n[2U] = 0ULL;
+  n[3U] = 0ULL;
 }
 
 static inline void make_fone(uint64_t *n)
 {
-  n[0U] = (uint64_t)0x1U;
-  n[1U] = (uint64_t)0xffffffff00000000U;
-  n[2U] = (uint64_t)0xffffffffffffffffU;
-  n[3U] = (uint64_t)0xfffffffeU;
+  n[0U] = 0x1ULL;
+  n[1U] = 0xffffffff00000000ULL;
+  n[2U] = 0xffffffffffffffffULL;
+  n[3U] = 0xfffffffeULL;
 }
 
 static inline uint64_t bn_is_lt_prime_mask4(uint64_t *f)
@@ -399,7 +395,7 @@ static inline uint64_t bn_is_lt_prime_mask4(uint64_t *f)
   uint64_t tmp[4U] = { 0U };
   make_prime(tmp);
   uint64_t c = bn_sub4(tmp, f, tmp);
-  return (uint64_t)0U - c;
+  return 0ULL - c;
 }
 
 static inline uint64_t feq_mask(uint64_t *a, uint64_t *b)
@@ -435,61 +431,61 @@ static inline void mont_reduction(uint64_t *res, uint64_t *x)
 {
   uint64_t n[4U] = { 0U };
   make_prime(n);
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t qj = (uint64_t)1U * x[i0];
+    0U,
+    4U,
+    1U,
+    uint64_t qj = 1ULL * x[i0];
     uint64_t *res_j0 = x + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = n[4U * 0U];
+      uint64_t *res_i0 = res_j0 + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * 0U + 3U];
+      uint64_t *res_i = res_j0 + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i);
     }
     uint64_t r = c;
     uint64_t c1 = r;
-    uint64_t *resb = x + (uint32_t)4U + i0;
-    uint64_t res_j = x[(uint32_t)4U + i0];
+    uint64_t *resb = x + 4U + i0;
+    uint64_t res_j = x[4U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb););
-  memcpy(res, x + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, x + 4U, 4U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x1;);
@@ -512,7 +508,7 @@ static inline void fsqr0(uint64_t *res, uint64_t *x)
 static inline void from_mont(uint64_t *res, uint64_t *a)
 {
   uint64_t tmp[8U] = { 0U };
-  memcpy(tmp, a, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(tmp, a, 4U * sizeof (uint64_t));
   mont_reduction(res, tmp);
 }
 
@@ -540,105 +536,105 @@ static inline void finv(uint64_t *res, uint64_t *a)
 {
   uint64_t tmp[16U] = { 0U };
   uint64_t *x30 = tmp;
-  uint64_t *x2 = tmp + (uint32_t)4U;
-  uint64_t *tmp1 = tmp + (uint32_t)8U;
-  uint64_t *tmp2 = tmp + (uint32_t)12U;
-  memcpy(x2, a, (uint32_t)4U * sizeof (uint64_t));
+  uint64_t *x2 = tmp + 4U;
+  uint64_t *tmp1 = tmp + 8U;
+  uint64_t *tmp2 = tmp + 12U;
+  memcpy(x2, a, 4U * sizeof (uint64_t));
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, a);
-  memcpy(x30, x2, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(x30, x2, 4U * sizeof (uint64_t));
   {
     fsqr0(x30, x30);
   }
   fmul0(x30, x30, a);
-  memcpy(tmp1, x30, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, x30, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, x30);
-  memcpy(tmp2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, fsqr0(tmp2, tmp2););
+  memcpy(tmp2, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, fsqr0(tmp2, tmp2););
   fmul0(tmp2, tmp2, tmp1);
-  memcpy(tmp1, tmp2, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, tmp2, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, x30);
-  memcpy(x30, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR15(i, (uint32_t)0U, (uint32_t)15U, (uint32_t)1U, fsqr0(x30, x30););
+  memcpy(x30, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR15(i, 0U, 15U, 1U, fsqr0(x30, x30););
   fmul0(x30, x30, tmp1);
-  memcpy(tmp1, x30, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, x30, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, x2);
-  memcpy(x2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  memcpy(x2, tmp1, 4U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, a);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, tmp1);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, tmp1);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)30U; i++)
+  for (uint32_t i = 0U; i < 30U; i++)
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, x30);
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, fsqr0(x2, x2););
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, fsqr0(x2, x2););
   fmul0(tmp1, x2, a);
-  memcpy(res, tmp1, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, tmp1, 4U * sizeof (uint64_t));
 }
 
 static inline void fsqrt(uint64_t *res, uint64_t *a)
 {
   uint64_t tmp[8U] = { 0U };
   uint64_t *tmp1 = tmp;
-  uint64_t *tmp2 = tmp + (uint32_t)4U;
-  memcpy(tmp1, a, (uint32_t)4U * sizeof (uint64_t));
+  uint64_t *tmp2 = tmp + 4U;
+  memcpy(tmp1, a, 4U * sizeof (uint64_t));
   {
     fsqr0(tmp1, tmp1);
   }
   fmul0(tmp1, tmp1, a);
-  memcpy(tmp2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, fsqr0(tmp2, tmp2););
+  memcpy(tmp2, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, fsqr0(tmp2, tmp2););
   fmul0(tmp2, tmp2, tmp1);
-  memcpy(tmp1, tmp2, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, tmp2, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, tmp2);
-  memcpy(tmp2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, fsqr0(tmp2, tmp2););
+  memcpy(tmp2, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, fsqr0(tmp2, tmp2););
   fmul0(tmp2, tmp2, tmp1);
-  memcpy(tmp1, tmp2, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR16(i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, tmp2, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR16(i, 0U, 16U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, tmp2);
-  memcpy(tmp2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  memcpy(tmp2, tmp1, 4U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     fsqr0(tmp2, tmp2);
   }
   fmul0(tmp2, tmp2, a);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)96U; i++)
+  for (uint32_t i = 0U; i < 96U; i++)
   {
     fsqr0(tmp2, tmp2);
   }
   fmul0(tmp2, tmp2, a);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)94U; i++)
+  for (uint32_t i = 0U; i < 94U; i++)
   {
     fsqr0(tmp2, tmp2);
   }
-  memcpy(res, tmp2, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, tmp2, 4U * sizeof (uint64_t));
 }
 
 static inline void make_base_point(uint64_t *p)
 {
   uint64_t *x = p;
-  uint64_t *y = p + (uint32_t)4U;
-  uint64_t *z = p + (uint32_t)8U;
+  uint64_t *y = p + 4U;
+  uint64_t *z = p + 8U;
   make_g_x(x);
   make_g_y(y);
   make_fone(z);
@@ -647,8 +643,8 @@ static inline void make_base_point(uint64_t *p)
 static inline void make_point_at_inf(uint64_t *p)
 {
   uint64_t *x = p;
-  uint64_t *y = p + (uint32_t)4U;
-  uint64_t *z = p + (uint32_t)8U;
+  uint64_t *y = p + 4U;
+  uint64_t *z = p + 8U;
   make_fzero(x);
   make_fone(y);
   make_fzero(z);
@@ -656,7 +652,7 @@ static inline void make_point_at_inf(uint64_t *p)
 
 static inline bool is_point_at_inf_vartime(uint64_t *p)
 {
-  uint64_t *pz = p + (uint32_t)8U;
+  uint64_t *pz = p + 8U;
   return bn_is_zero_vartime4(pz);
 }
 
@@ -664,10 +660,10 @@ static inline void to_aff_point(uint64_t *res, uint64_t *p)
 {
   uint64_t zinv[4U] = { 0U };
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
-  uint64_t *pz = p + (uint32_t)8U;
+  uint64_t *py = p + 4U;
+  uint64_t *pz = p + 8U;
   uint64_t *x = res;
-  uint64_t *y = res + (uint32_t)4U;
+  uint64_t *y = res + 4U;
   finv(zinv, pz);
   fmul0(x, px, zinv);
   fmul0(y, py, zinv);
@@ -679,7 +675,7 @@ static inline void to_aff_point_x(uint64_t *res, uint64_t *p)
 {
   uint64_t zinv[4U] = { 0U };
   uint64_t *px = p;
-  uint64_t *pz = p + (uint32_t)8U;
+  uint64_t *pz = p + 8U;
   finv(zinv, pz);
   fmul0(res, px, zinv);
   from_mont(res, res);
@@ -688,10 +684,10 @@ static inline void to_aff_point_x(uint64_t *res, uint64_t *p)
 static inline void to_proj_point(uint64_t *res, uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
+  uint64_t *py = p + 4U;
   uint64_t *rx = res;
-  uint64_t *ry = res + (uint32_t)4U;
-  uint64_t *rz = res + (uint32_t)8U;
+  uint64_t *ry = res + 4U;
+  uint64_t *rz = res + 8U;
   to_mont(rx, px);
   to_mont(ry, py);
   make_fone(rz);
@@ -703,7 +699,7 @@ static inline bool is_on_curve_vartime(uint64_t *p)
   uint64_t tx[4U] = { 0U };
   uint64_t ty[4U] = { 0U };
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
+  uint64_t *py = p + 4U;
   to_mont(tx, px);
   to_mont(ty, py);
   uint64_t tmp[4U] = { 0U };
@@ -715,14 +711,14 @@ static inline bool is_on_curve_vartime(uint64_t *p)
   fadd0(rp, tmp, rp);
   fsqr0(ty, ty);
   uint64_t r = feq_mask(ty, rp);
-  bool r0 = r == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool r0 = r == 0xFFFFFFFFFFFFFFFFULL;
   return r0;
 }
 
 static inline void aff_point_store(uint8_t *res, uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
+  uint64_t *py = p + 4U;
   bn2_to_bytes_be4(res, px, py);
 }
 
@@ -736,17 +732,17 @@ static inline void point_store(uint8_t *res, uint64_t *p)
 static inline bool aff_point_load_vartime(uint64_t *p, uint8_t *b)
 {
   uint8_t *p_x = b;
-  uint8_t *p_y = b + (uint32_t)32U;
+  uint8_t *p_y = b + 32U;
   uint64_t *bn_p_x = p;
-  uint64_t *bn_p_y = p + (uint32_t)4U;
+  uint64_t *bn_p_y = p + 4U;
   bn_from_bytes_be4(bn_p_x, p_x);
   bn_from_bytes_be4(bn_p_y, p_y);
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
+  uint64_t *py = p + 4U;
   uint64_t lessX = bn_is_lt_prime_mask4(px);
   uint64_t lessY = bn_is_lt_prime_mask4(py);
   uint64_t res = lessX & lessY;
-  bool is_xy_valid = res == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool is_xy_valid = res == 0xFFFFFFFFFFFFFFFFULL;
   if (!is_xy_valid)
   {
     return false;
@@ -769,15 +765,15 @@ static inline bool aff_point_decompress_vartime(uint64_t *x, uint64_t *y, uint8_
 {
   uint8_t s0 = s[0U];
   uint8_t s01 = s0;
-  if (!(s01 == (uint8_t)0x02U || s01 == (uint8_t)0x03U))
+  if (!(s01 == 0x02U || s01 == 0x03U))
   {
     return false;
   }
-  uint8_t *xb = s + (uint32_t)1U;
+  uint8_t *xb = s + 1U;
   bn_from_bytes_be4(x, xb);
   uint64_t is_x_valid = bn_is_lt_prime_mask4(x);
-  bool is_x_valid1 = is_x_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  bool is_y_odd = s01 == (uint8_t)0x03U;
+  bool is_x_valid1 = is_x_valid == 0xFFFFFFFFFFFFFFFFULL;
+  bool is_y_odd = s01 == 0x03U;
   if (!is_x_valid1)
   {
     return false;
@@ -797,14 +793,14 @@ static inline bool aff_point_decompress_vartime(uint64_t *x, uint64_t *y, uint8_
   from_mont(y, yM);
   fsqr0(yM, yM);
   uint64_t r = feq_mask(yM, y2M);
-  bool is_y_valid = r == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool is_y_valid = r == 0xFFFFFFFFFFFFFFFFULL;
   bool is_y_valid0 = is_y_valid;
   if (!is_y_valid0)
   {
     return false;
   }
-  uint64_t is_y_odd1 = y[0U] & (uint64_t)1U;
-  bool is_y_odd2 = is_y_odd1 == (uint64_t)1U;
+  uint64_t is_y_odd1 = y[0U] & 1ULL;
+  bool is_y_odd2 = is_y_odd1 == 1ULL;
   fnegate_conditional_vartime(y, is_y_odd2 != is_y_odd);
   return true;
 }
@@ -813,18 +809,18 @@ static inline void point_double(uint64_t *res, uint64_t *p)
 {
   uint64_t tmp[20U] = { 0U };
   uint64_t *x = p;
-  uint64_t *z = p + (uint32_t)8U;
+  uint64_t *z = p + 8U;
   uint64_t *x3 = res;
-  uint64_t *y3 = res + (uint32_t)4U;
-  uint64_t *z3 = res + (uint32_t)8U;
+  uint64_t *y3 = res + 4U;
+  uint64_t *z3 = res + 8U;
   uint64_t *t0 = tmp;
-  uint64_t *t1 = tmp + (uint32_t)4U;
-  uint64_t *t2 = tmp + (uint32_t)8U;
-  uint64_t *t3 = tmp + (uint32_t)12U;
-  uint64_t *t4 = tmp + (uint32_t)16U;
+  uint64_t *t1 = tmp + 4U;
+  uint64_t *t2 = tmp + 8U;
+  uint64_t *t3 = tmp + 12U;
+  uint64_t *t4 = tmp + 16U;
   uint64_t *x1 = p;
-  uint64_t *y = p + (uint32_t)4U;
-  uint64_t *z1 = p + (uint32_t)8U;
+  uint64_t *y = p + 4U;
+  uint64_t *z1 = p + 8U;
   fsqr0(t0, x1);
   fsqr0(t1, y);
   fsqr0(t2, z1);
@@ -865,22 +861,22 @@ static inline void point_add(uint64_t *res, uint64_t *p, uint64_t *q)
 {
   uint64_t tmp[36U] = { 0U };
   uint64_t *t0 = tmp;
-  uint64_t *t1 = tmp + (uint32_t)24U;
+  uint64_t *t1 = tmp + 24U;
   uint64_t *x3 = t1;
-  uint64_t *y3 = t1 + (uint32_t)4U;
-  uint64_t *z3 = t1 + (uint32_t)8U;
+  uint64_t *y3 = t1 + 4U;
+  uint64_t *z3 = t1 + 8U;
   uint64_t *t01 = t0;
-  uint64_t *t11 = t0 + (uint32_t)4U;
-  uint64_t *t2 = t0 + (uint32_t)8U;
-  uint64_t *t3 = t0 + (uint32_t)12U;
-  uint64_t *t4 = t0 + (uint32_t)16U;
-  uint64_t *t5 = t0 + (uint32_t)20U;
+  uint64_t *t11 = t0 + 4U;
+  uint64_t *t2 = t0 + 8U;
+  uint64_t *t3 = t0 + 12U;
+  uint64_t *t4 = t0 + 16U;
+  uint64_t *t5 = t0 + 20U;
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)4U;
-  uint64_t *z10 = p + (uint32_t)8U;
+  uint64_t *y1 = p + 4U;
+  uint64_t *z10 = p + 8U;
   uint64_t *x20 = q;
-  uint64_t *y20 = q + (uint32_t)4U;
-  uint64_t *z20 = q + (uint32_t)8U;
+  uint64_t *y20 = q + 4U;
+  uint64_t *z20 = q + 8U;
   fmul0(t01, x1, x20);
   fmul0(t11, y1, y20);
   fmul0(t2, z10, z20);
@@ -888,10 +884,10 @@ static inline void point_add(uint64_t *res, uint64_t *p, uint64_t *q)
   fadd0(t4, x20, y20);
   fmul0(t3, t3, t4);
   fadd0(t4, t01, t11);
-  uint64_t *y10 = p + (uint32_t)4U;
-  uint64_t *z11 = p + (uint32_t)8U;
-  uint64_t *y2 = q + (uint32_t)4U;
-  uint64_t *z21 = q + (uint32_t)8U;
+  uint64_t *y10 = p + 4U;
+  uint64_t *z11 = p + 8U;
+  uint64_t *y2 = q + 4U;
+  uint64_t *z21 = q + 8U;
   fsub0(t3, t3, t4);
   fadd0(t4, y10, z11);
   fadd0(t5, y2, z21);
@@ -899,9 +895,9 @@ static inline void point_add(uint64_t *res, uint64_t *p, uint64_t *q)
   fadd0(t5, t11, t2);
   fsub0(t4, t4, t5);
   uint64_t *x10 = p;
-  uint64_t *z1 = p + (uint32_t)8U;
+  uint64_t *z1 = p + 8U;
   uint64_t *x2 = q;
-  uint64_t *z2 = q + (uint32_t)8U;
+  uint64_t *z2 = q + 8U;
   fadd0(x3, x10, z1);
   fadd0(y3, x2, z2);
   fmul0(x3, x3, y3);
@@ -932,7 +928,7 @@ static inline void point_add(uint64_t *res, uint64_t *p, uint64_t *q)
   fmul0(z3, t4, z3);
   fmul0(t11, t3, t01);
   fadd0(z3, z3, t11);
-  memcpy(res, t1, (uint32_t)12U * sizeof (uint64_t));
+  memcpy(res, t1, 12U * sizeof (uint64_t));
 }
 
 static inline void point_mul(uint64_t *res, uint64_t *scalar, uint64_t *p)
@@ -940,41 +936,37 @@ static inline void point_mul(uint64_t *res, uint64_t *scalar, uint64_t *p)
   uint64_t table[192U] = { 0U };
   uint64_t tmp[12U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)12U;
+  uint64_t *t1 = table + 12U;
   make_point_at_inf(t0);
-  memcpy(t1, p, (uint32_t)12U * sizeof (uint64_t));
+  memcpy(t1, p, 12U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)12U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 12U;
     point_double(tmp, t11);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U,
-      tmp,
-      (uint32_t)12U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U;
+    memcpy(table + (2U * i + 2U) * 12U, tmp, 12U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 12U;
     point_add(tmp, p, t2);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)12U,
-      tmp,
-      (uint32_t)12U * sizeof (uint64_t)););
+    memcpy(table + (2U * i + 3U) * 12U, tmp, 12U * sizeof (uint64_t)););
   make_point_at_inf(res);
   uint64_t tmp0[12U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
-    KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, point_double(res, res););
-    uint32_t k = (uint32_t)256U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)12U * sizeof (uint64_t));
+    KRML_MAYBE_FOR4(i, 0U, 4U, 1U, point_double(res, res););
+    uint32_t k = 256U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 12U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)12U;
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 12U;
       KRML_MAYBE_FOR12(i,
-        (uint32_t)0U,
-        (uint32_t)12U,
-        (uint32_t)1U,
+        0U,
+        12U,
+        1U,
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;););
@@ -984,17 +976,17 @@ static inline void point_mul(uint64_t *res, uint64_t *scalar, uint64_t *p)
 
 static inline void precomp_get_consttime(const uint64_t *table, uint64_t bits_l, uint64_t *tmp)
 {
-  memcpy(tmp, (uint64_t *)table, (uint32_t)12U * sizeof (uint64_t));
+  memcpy(tmp, (uint64_t *)table, 12U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i0,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + (uint32_t)1U));
-    const uint64_t *res_j = table + (i0 + (uint32_t)1U) * (uint32_t)12U;
+    0U,
+    15U,
+    1U,
+    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + 1U));
+    const uint64_t *res_j = table + (i0 + 1U) * 12U;
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint64_t *os = tmp;
       uint64_t x = (c & res_j[i]) | (~c & tmp[i]);
       os[i] = x;););
@@ -1007,64 +999,58 @@ static inline void point_mul_g(uint64_t *res, uint64_t *scalar)
   uint64_t
   q2[12U] =
     {
-      (uint64_t)1499621593102562565U, (uint64_t)16692369783039433128U,
-      (uint64_t)15337520135922861848U, (uint64_t)5455737214495366228U,
-      (uint64_t)17827017231032529600U, (uint64_t)12413621606240782649U,
-      (uint64_t)2290483008028286132U, (uint64_t)15752017553340844820U,
-      (uint64_t)4846430910634234874U, (uint64_t)10861682798464583253U,
-      (uint64_t)15404737222404363049U, (uint64_t)363586619281562022U
+      1499621593102562565ULL, 16692369783039433128ULL, 15337520135922861848ULL,
+      5455737214495366228ULL, 17827017231032529600ULL, 12413621606240782649ULL,
+      2290483008028286132ULL, 15752017553340844820ULL, 4846430910634234874ULL,
+      10861682798464583253ULL, 15404737222404363049ULL, 363586619281562022ULL
     };
   uint64_t
   q3[12U] =
     {
-      (uint64_t)14619254753077084366U, (uint64_t)13913835116514008593U,
-      (uint64_t)15060744674088488145U, (uint64_t)17668414598203068685U,
-      (uint64_t)10761169236902342334U, (uint64_t)15467027479157446221U,
-      (uint64_t)14989185522423469618U, (uint64_t)14354539272510107003U,
-      (uint64_t)14298211796392133693U, (uint64_t)13270323784253711450U,
-      (uint64_t)13380964971965046957U, (uint64_t)8686204248456909699U
+      14619254753077084366ULL, 13913835116514008593ULL, 15060744674088488145ULL,
+      17668414598203068685ULL, 10761169236902342334ULL, 15467027479157446221ULL,
+      14989185522423469618ULL, 14354539272510107003ULL, 14298211796392133693ULL,
+      13270323784253711450ULL, 13380964971965046957ULL, 8686204248456909699ULL
     };
   uint64_t
   q4[12U] =
     {
-      (uint64_t)7870395003430845958U, (uint64_t)18001862936410067720U,
-      (uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U,
-      (uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U,
-      (uint64_t)7139806720777708306U, (uint64_t)8253938546650739833U,
-      (uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U,
-      (uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U
+      7870395003430845958ULL, 18001862936410067720ULL, 8006461232116967215ULL,
+      5921313779532424762ULL, 10702113371959864307ULL, 8070517410642379879ULL,
+      7139806720777708306ULL, 8253938546650739833ULL, 17490482834545705718ULL,
+      1065249776797037500ULL, 5018258455937968775ULL, 14100621120178668337ULL
     };
   uint64_t *r1 = scalar;
-  uint64_t *r2 = scalar + (uint32_t)1U;
-  uint64_t *r3 = scalar + (uint32_t)2U;
-  uint64_t *r4 = scalar + (uint32_t)3U;
+  uint64_t *r2 = scalar + 1U;
+  uint64_t *r3 = scalar + 2U;
+  uint64_t *r4 = scalar + 3U;
   make_point_at_inf(res);
   uint64_t tmp[12U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    KRML_MAYBE_FOR4(i0, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, point_double(res, res););
-    uint32_t k = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r4, k, (uint32_t)4U);
+    0U,
+    16U,
+    1U,
+    KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, point_double(res, res););
+    uint32_t k = 64U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r4, k, 4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_g_pow2_192_table_w4, bits_l, tmp);
     point_add(res, res, tmp);
-    uint32_t k0 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r3, k0, (uint32_t)4U);
+    uint32_t k0 = 64U - 4U * i - 4U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r3, k0, 4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_g_pow2_128_table_w4, bits_l0, tmp);
     point_add(res, res, tmp);
-    uint32_t k1 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r2, k1, (uint32_t)4U);
+    uint32_t k1 = 64U - 4U * i - 4U;
+    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r2, k1, 4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_g_pow2_64_table_w4, bits_l1, tmp);
     point_add(res, res, tmp);
-    uint32_t k2 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
+    uint32_t k2 = 64U - 4U * i - 4U;
+    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r1, k2, 4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     point_add(res, res, tmp););
-  KRML_HOST_IGNORE(q1);
-  KRML_HOST_IGNORE(q2);
-  KRML_HOST_IGNORE(q3);
-  KRML_HOST_IGNORE(q4);
+  KRML_MAYBE_UNUSED_VAR(q1);
+  KRML_MAYBE_UNUSED_VAR(q2);
+  KRML_MAYBE_UNUSED_VAR(q3);
+  KRML_MAYBE_UNUSED_VAR(q4);
 }
 
 static inline void
@@ -1075,54 +1061,48 @@ point_mul_double_g(uint64_t *res, uint64_t *scalar1, uint64_t *scalar2, uint64_t
   uint64_t table2[384U] = { 0U };
   uint64_t tmp[12U] = { 0U };
   uint64_t *t0 = table2;
-  uint64_t *t1 = table2 + (uint32_t)12U;
+  uint64_t *t1 = table2 + 12U;
   make_point_at_inf(t0);
-  memcpy(t1, q2, (uint32_t)12U * sizeof (uint64_t));
+  memcpy(t1, q2, 12U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t *t11 = table2 + (i + (uint32_t)1U) * (uint32_t)12U;
+    0U,
+    15U,
+    1U,
+    uint64_t *t11 = table2 + (i + 1U) * 12U;
     point_double(tmp, t11);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U,
-      tmp,
-      (uint32_t)12U * sizeof (uint64_t));
-    uint64_t *t2 = table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U;
+    memcpy(table2 + (2U * i + 2U) * 12U, tmp, 12U * sizeof (uint64_t));
+    uint64_t *t2 = table2 + (2U * i + 2U) * 12U;
     point_add(tmp, q2, t2);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)12U,
-      tmp,
-      (uint32_t)12U * sizeof (uint64_t)););
+    memcpy(table2 + (2U * i + 3U) * 12U, tmp, 12U * sizeof (uint64_t)););
   uint64_t tmp0[12U] = { 0U };
-  uint32_t i0 = (uint32_t)255U;
-  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, i0, (uint32_t)5U);
+  uint32_t i0 = 255U;
+  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar1, i0, 5U);
   uint32_t bits_l32 = (uint32_t)bits_c;
-  const
-  uint64_t
-  *a_bits_l = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * (uint32_t)12U;
-  memcpy(res, (uint64_t *)a_bits_l, (uint32_t)12U * sizeof (uint64_t));
-  uint32_t i1 = (uint32_t)255U;
-  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, i1, (uint32_t)5U);
+  const uint64_t *a_bits_l = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * 12U;
+  memcpy(res, (uint64_t *)a_bits_l, 12U * sizeof (uint64_t));
+  uint32_t i1 = 255U;
+  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar2, i1, 5U);
   uint32_t bits_l320 = (uint32_t)bits_c0;
-  const uint64_t *a_bits_l0 = table2 + bits_l320 * (uint32_t)12U;
-  memcpy(tmp0, (uint64_t *)a_bits_l0, (uint32_t)12U * sizeof (uint64_t));
+  const uint64_t *a_bits_l0 = table2 + bits_l320 * 12U;
+  memcpy(tmp0, (uint64_t *)a_bits_l0, 12U * sizeof (uint64_t));
   point_add(res, res, tmp0);
   uint64_t tmp1[12U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)51U; i++)
+  for (uint32_t i = 0U; i < 51U; i++)
   {
-    KRML_MAYBE_FOR5(i2, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, point_double(res, res););
-    uint32_t k = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, k, (uint32_t)5U);
+    KRML_MAYBE_FOR5(i2, 0U, 5U, 1U, point_double(res, res););
+    uint32_t k = 255U - 5U * i - 5U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar2, k, 5U);
     uint32_t bits_l321 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l1 = table2 + bits_l321 * (uint32_t)12U;
-    memcpy(tmp1, (uint64_t *)a_bits_l1, (uint32_t)12U * sizeof (uint64_t));
+    const uint64_t *a_bits_l1 = table2 + bits_l321 * 12U;
+    memcpy(tmp1, (uint64_t *)a_bits_l1, 12U * sizeof (uint64_t));
     point_add(res, res, tmp1);
-    uint32_t k0 = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, k0, (uint32_t)5U);
+    uint32_t k0 = 255U - 5U * i - 5U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar1, k0, 5U);
     uint32_t bits_l322 = (uint32_t)bits_l0;
     const
     uint64_t
-    *a_bits_l2 = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * (uint32_t)12U;
-    memcpy(tmp1, (uint64_t *)a_bits_l2, (uint32_t)12U * sizeof (uint64_t));
+    *a_bits_l2 = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * 12U;
+    memcpy(tmp1, (uint64_t *)a_bits_l2, 12U * sizeof (uint64_t));
     point_add(res, res, tmp1);
   }
 }
@@ -1132,7 +1112,7 @@ static inline uint64_t bn_is_lt_order_mask4(uint64_t *f)
   uint64_t tmp[4U] = { 0U };
   make_order(tmp);
   uint64_t c = bn_sub4(tmp, f, tmp);
-  return (uint64_t)0U - c;
+  return 0ULL - c;
 }
 
 static inline uint64_t bn_is_lt_order_and_gt_zero_mask4(uint64_t *f)
@@ -1161,61 +1141,61 @@ static inline void qmont_reduction(uint64_t *res, uint64_t *x)
 {
   uint64_t n[4U] = { 0U };
   make_order(n);
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t qj = (uint64_t)0xccd1c8aaee00bc4fU * x[i0];
+    0U,
+    4U,
+    1U,
+    uint64_t qj = 0xccd1c8aaee00bc4fULL * x[i0];
     uint64_t *res_j0 = x + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = n[4U * 0U];
+      uint64_t *res_i0 = res_j0 + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * 0U + 3U];
+      uint64_t *res_i = res_j0 + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i);
     }
     uint64_t r = c;
     uint64_t c1 = r;
-    uint64_t *resb = x + (uint32_t)4U + i0;
-    uint64_t res_j = x[(uint32_t)4U + i0];
+    uint64_t *resb = x + 4U + i0;
+    uint64_t res_j = x[4U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb););
-  memcpy(res, x + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, x + 4U, 4U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x1;);
@@ -1224,7 +1204,7 @@ static inline void qmont_reduction(uint64_t *res, uint64_t *x)
 static inline void from_qmont(uint64_t *res, uint64_t *x)
 {
   uint64_t tmp[8U] = { 0U };
-  memcpy(tmp, x, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(tmp, x, 4U * sizeof (uint64_t));
   qmont_reduction(res, tmp);
 }
 
@@ -1246,18 +1226,18 @@ bool Hacl_Impl_P256_DH_ecp256dh_i(uint8_t *public_key, uint8_t *private_key)
 {
   uint64_t tmp[16U] = { 0U };
   uint64_t *sk = tmp;
-  uint64_t *pk = tmp + (uint32_t)4U;
+  uint64_t *pk = tmp + 4U;
   bn_from_bytes_be4(sk, private_key);
   uint64_t is_b_valid = bn_is_lt_order_and_gt_zero_mask4(sk);
   uint64_t oneq[4U] = { 0U };
-  oneq[0U] = (uint64_t)1U;
-  oneq[1U] = (uint64_t)0U;
-  oneq[2U] = (uint64_t)0U;
-  oneq[3U] = (uint64_t)0U;
+  oneq[0U] = 1ULL;
+  oneq[1U] = 0ULL;
+  oneq[2U] = 0ULL;
+  oneq[3U] = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = sk;
     uint64_t uu____0 = oneq[i];
     uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0));
@@ -1265,7 +1245,7 @@ bool Hacl_Impl_P256_DH_ecp256dh_i(uint8_t *public_key, uint8_t *private_key)
   uint64_t is_sk_valid = is_b_valid;
   point_mul_g(pk, sk);
   point_store(public_key, pk);
-  return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_sk_valid == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 bool
@@ -1277,19 +1257,19 @@ Hacl_Impl_P256_DH_ecp256dh_r(
 {
   uint64_t tmp[16U] = { 0U };
   uint64_t *sk = tmp;
-  uint64_t *pk = tmp + (uint32_t)4U;
+  uint64_t *pk = tmp + 4U;
   bool is_pk_valid = load_point_vartime(pk, their_pubkey);
   bn_from_bytes_be4(sk, private_key);
   uint64_t is_b_valid = bn_is_lt_order_and_gt_zero_mask4(sk);
   uint64_t oneq[4U] = { 0U };
-  oneq[0U] = (uint64_t)1U;
-  oneq[1U] = (uint64_t)0U;
-  oneq[2U] = (uint64_t)0U;
-  oneq[3U] = (uint64_t)0U;
+  oneq[0U] = 1ULL;
+  oneq[1U] = 0ULL;
+  oneq[2U] = 0ULL;
+  oneq[3U] = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = sk;
     uint64_t uu____0 = oneq[i];
     uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0));
@@ -1301,27 +1281,27 @@ Hacl_Impl_P256_DH_ecp256dh_r(
     point_mul(ss_proj, sk, pk);
     point_store(shared_secret, ss_proj);
   }
-  return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU && is_pk_valid;
+  return is_sk_valid == 0xFFFFFFFFFFFFFFFFULL && is_pk_valid;
 }
 
 static inline void qinv(uint64_t *res, uint64_t *r)
 {
   uint64_t tmp[28U] = { 0U };
   uint64_t *x6 = tmp;
-  uint64_t *x_11 = tmp + (uint32_t)4U;
-  uint64_t *x_101 = tmp + (uint32_t)8U;
-  uint64_t *x_111 = tmp + (uint32_t)12U;
-  uint64_t *x_1111 = tmp + (uint32_t)16U;
-  uint64_t *x_10101 = tmp + (uint32_t)20U;
-  uint64_t *x_101111 = tmp + (uint32_t)24U;
-  memcpy(x6, r, (uint32_t)4U * sizeof (uint64_t));
+  uint64_t *x_11 = tmp + 4U;
+  uint64_t *x_101 = tmp + 8U;
+  uint64_t *x_111 = tmp + 12U;
+  uint64_t *x_1111 = tmp + 16U;
+  uint64_t *x_10101 = tmp + 20U;
+  uint64_t *x_101111 = tmp + 24U;
+  memcpy(x6, r, 4U * sizeof (uint64_t));
   {
     qsqr(x6, x6);
   }
   qmul(x_11, x6, r);
   qmul(x_101, x6, x_11);
   qmul(x_111, x6, x_101);
-  memcpy(x6, x_101, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(x6, x_101, 4U * sizeof (uint64_t));
   {
     qsqr(x6, x6);
   }
@@ -1330,86 +1310,86 @@ static inline void qinv(uint64_t *res, uint64_t *r)
     qsqr(x6, x6);
   }
   qmul(x_10101, x6, r);
-  memcpy(x6, x_10101, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(x6, x_10101, 4U * sizeof (uint64_t));
   {
     qsqr(x6, x6);
   }
   qmul(x_101111, x_101, x6);
   qmul(x6, x_10101, x6);
   uint64_t tmp1[4U] = { 0U };
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, qsqr(x6, x6););
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, qsqr(x6, x6););
   qmul(x6, x6, x_11);
-  memcpy(tmp1, x6, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  memcpy(tmp1, x6, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x6);
-  memcpy(x6, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR16(i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, qsqr(x6, x6););
+  memcpy(x6, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR16(i, 0U, 16U, 1U, qsqr(x6, x6););
   qmul(x6, x6, tmp1);
-  memcpy(tmp1, x6, (uint32_t)4U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  memcpy(tmp1, x6, 4U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     qsqr(tmp1, tmp1);
   }
   qmul(tmp1, tmp1, x6);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     qsqr(tmp1, tmp1);
   }
   qmul(tmp1, tmp1, x6);
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_1111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_10101);
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101);
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101);
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR9(i, (uint32_t)0U, (uint32_t)9U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR9(i, 0U, 9U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101111);
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_1111);
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, r);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, r);
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_1111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101);
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR10(i, (uint32_t)0U, (uint32_t)10U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR10(i, 0U, 10U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101111);
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, r);
-  KRML_MAYBE_FOR7(i, (uint32_t)0U, (uint32_t)7U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR7(i, 0U, 7U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_10101);
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_1111);
-  memcpy(x6, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  memcpy(res, x6, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(x6, tmp1, 4U * sizeof (uint64_t));
+  memcpy(res, x6, 4U * sizeof (uint64_t));
 }
 
 static inline void qmul_mont(uint64_t *sinv, uint64_t *b, uint64_t *res)
@@ -1429,20 +1409,16 @@ ecdsa_verify_msg_as_qelem(
 {
   uint64_t tmp[28U] = { 0U };
   uint64_t *pk = tmp;
-  uint64_t *r_q = tmp + (uint32_t)12U;
-  uint64_t *s_q = tmp + (uint32_t)16U;
-  uint64_t *u1 = tmp + (uint32_t)20U;
-  uint64_t *u2 = tmp + (uint32_t)24U;
+  uint64_t *r_q = tmp + 12U;
+  uint64_t *s_q = tmp + 16U;
+  uint64_t *u1 = tmp + 20U;
+  uint64_t *u2 = tmp + 24U;
   bool is_pk_valid = load_point_vartime(pk, public_key);
   bn_from_bytes_be4(r_q, signature_r);
   bn_from_bytes_be4(s_q, signature_s);
   uint64_t is_r_valid = bn_is_lt_order_and_gt_zero_mask4(r_q);
   uint64_t is_s_valid = bn_is_lt_order_and_gt_zero_mask4(s_q);
-  bool
-  is_rs_valid =
-    is_r_valid
-    == (uint64_t)0xFFFFFFFFFFFFFFFFU
-    && is_s_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool is_rs_valid = is_r_valid == 0xFFFFFFFFFFFFFFFFULL && is_s_valid == 0xFFFFFFFFFFFFFFFFULL;
   if (!(is_pk_valid && is_rs_valid))
   {
     return false;
@@ -1474,20 +1450,20 @@ ecdsa_sign_msg_as_qelem(
 {
   uint64_t rsdk_q[16U] = { 0U };
   uint64_t *r_q = rsdk_q;
-  uint64_t *s_q = rsdk_q + (uint32_t)4U;
-  uint64_t *d_a = rsdk_q + (uint32_t)8U;
-  uint64_t *k_q = rsdk_q + (uint32_t)12U;
+  uint64_t *s_q = rsdk_q + 4U;
+  uint64_t *d_a = rsdk_q + 8U;
+  uint64_t *k_q = rsdk_q + 12U;
   bn_from_bytes_be4(d_a, private_key);
   uint64_t is_b_valid0 = bn_is_lt_order_and_gt_zero_mask4(d_a);
   uint64_t oneq0[4U] = { 0U };
-  oneq0[0U] = (uint64_t)1U;
-  oneq0[1U] = (uint64_t)0U;
-  oneq0[2U] = (uint64_t)0U;
-  oneq0[3U] = (uint64_t)0U;
+  oneq0[0U] = 1ULL;
+  oneq0[1U] = 0ULL;
+  oneq0[2U] = 0ULL;
+  oneq0[3U] = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = d_a;
     uint64_t uu____0 = oneq0[i];
     uint64_t x = uu____0 ^ (is_b_valid0 & (d_a[i] ^ uu____0));
@@ -1496,14 +1472,14 @@ ecdsa_sign_msg_as_qelem(
   bn_from_bytes_be4(k_q, nonce);
   uint64_t is_b_valid = bn_is_lt_order_and_gt_zero_mask4(k_q);
   uint64_t oneq[4U] = { 0U };
-  oneq[0U] = (uint64_t)1U;
-  oneq[1U] = (uint64_t)0U;
-  oneq[2U] = (uint64_t)0U;
-  oneq[3U] = (uint64_t)0U;
+  oneq[0U] = 1ULL;
+  oneq[1U] = 0ULL;
+  oneq[2U] = 0ULL;
+  oneq[3U] = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = k_q;
     uint64_t uu____1 = oneq[i];
     uint64_t x = uu____1 ^ (is_b_valid & (k_q[i] ^ uu____1));
@@ -1524,7 +1500,7 @@ ecdsa_sign_msg_as_qelem(
   uint64_t is_r_zero = bn_is_zero_mask4(r_q);
   uint64_t is_s_zero = bn_is_zero_mask4(s_q);
   uint64_t m = are_sk_nonce_valid & (~is_r_zero & ~is_s_zero);
-  bool res = m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool res = m == 0xFFFFFFFFFFFFFFFFULL;
   return res;
 }
 
@@ -1571,8 +1547,8 @@ Hacl_P256_ecdsa_sign_p256_sha2(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_256(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1604,8 +1580,8 @@ Hacl_P256_ecdsa_sign_p256_sha384(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
-  Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_384(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1637,8 +1613,8 @@ Hacl_P256_ecdsa_sign_p256_sha512(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
-  Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_512(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1680,8 +1656,8 @@ Hacl_P256_ecdsa_sign_p256_without_hash(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
-  memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(msg_len);
+  memcpy(mHash, msg, 32U * sizeof (uint8_t));
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1716,8 +1692,8 @@ Hacl_P256_ecdsa_verif_p256_sha2(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_256(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1747,8 +1723,8 @@ Hacl_P256_ecdsa_verif_p256_sha384(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
-  Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_384(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1778,8 +1754,8 @@ Hacl_P256_ecdsa_verif_p256_sha512(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
-  Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_512(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1814,8 +1790,8 @@ Hacl_P256_ecdsa_verif_without_hash(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
-  memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(msg_len);
+  memcpy(mHash, msg, 32U * sizeof (uint8_t));
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1864,7 +1840,7 @@ bool Hacl_P256_validate_private_key(uint8_t *private_key)
   uint64_t bn_sk[4U] = { 0U };
   bn_from_bytes_be4(bn_sk, private_key);
   uint64_t res = bn_is_lt_order_and_gt_zero_mask4(bn_sk);
-  return res == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return res == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /*******************************************************************************
@@ -1893,11 +1869,11 @@ Convert a public key from uncompressed to its raw form.
 bool Hacl_P256_uncompressed_to_raw(uint8_t *pk, uint8_t *pk_raw)
 {
   uint8_t pk0 = pk[0U];
-  if (pk0 != (uint8_t)0x04U)
+  if (pk0 != 0x04U)
   {
     return false;
   }
-  memcpy(pk_raw, pk + (uint32_t)1U, (uint32_t)64U * sizeof (uint8_t));
+  memcpy(pk_raw, pk + 1U, 64U * sizeof (uint8_t));
   return true;
 }
 
@@ -1915,12 +1891,12 @@ bool Hacl_P256_compressed_to_raw(uint8_t *pk, uint8_t *pk_raw)
 {
   uint64_t xa[4U] = { 0U };
   uint64_t ya[4U] = { 0U };
-  uint8_t *pk_xb = pk + (uint32_t)1U;
+  uint8_t *pk_xb = pk + 1U;
   bool b = aff_point_decompress_vartime(xa, ya, pk);
   if (b)
   {
-    memcpy(pk_raw, pk_xb, (uint32_t)32U * sizeof (uint8_t));
-    bn_to_bytes_be4(pk_raw + (uint32_t)32U, ya);
+    memcpy(pk_raw, pk_xb, 32U * sizeof (uint8_t));
+    bn_to_bytes_be4(pk_raw + 32U, ya);
   }
   return b;
 }
@@ -1935,8 +1911,8 @@ Convert a public key from raw to its uncompressed form.
 */
 void Hacl_P256_raw_to_uncompressed(uint8_t *pk_raw, uint8_t *pk)
 {
-  pk[0U] = (uint8_t)0x04U;
-  memcpy(pk + (uint32_t)1U, pk_raw, (uint32_t)64U * sizeof (uint8_t));
+  pk[0U] = 0x04U;
+  memcpy(pk + 1U, pk_raw, 64U * sizeof (uint8_t));
 }
 
 /**
@@ -1950,12 +1926,12 @@ Convert a public key from raw to its compressed form.
 void Hacl_P256_raw_to_compressed(uint8_t *pk_raw, uint8_t *pk)
 {
   uint8_t *pk_x = pk_raw;
-  uint8_t *pk_y = pk_raw + (uint32_t)32U;
+  uint8_t *pk_y = pk_raw + 32U;
   uint64_t bn_f[4U] = { 0U };
   bn_from_bytes_be4(bn_f, pk_y);
-  uint64_t is_odd_f = bn_f[0U] & (uint64_t)1U;
-  pk[0U] = (uint8_t)is_odd_f + (uint8_t)0x02U;
-  memcpy(pk + (uint32_t)1U, pk_x, (uint32_t)32U * sizeof (uint8_t));
+  uint64_t is_odd_f = bn_f[0U] & 1ULL;
+  pk[0U] = (uint32_t)(uint8_t)is_odd_f + 0x02U;
+  memcpy(pk + 1U, pk_x, 32U * sizeof (uint8_t));
 }
 
 
diff --git a/src/Hacl_Poly1305_32.c b/src/Hacl_Poly1305_32.c
deleted file mode 100644
index 5192559b..00000000
--- a/src/Hacl_Poly1305_32.c
+++ /dev/null
@@ -1,572 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Poly1305_32.h"
-
-void Hacl_Poly1305_32_poly1305_init(uint64_t *ctx, uint8_t *key)
-{
-  uint64_t *acc = ctx;
-  uint64_t *pre = ctx + (uint32_t)5U;
-  uint8_t *kr = key;
-  acc[0U] = (uint64_t)0U;
-  acc[1U] = (uint64_t)0U;
-  acc[2U] = (uint64_t)0U;
-  acc[3U] = (uint64_t)0U;
-  acc[4U] = (uint64_t)0U;
-  uint64_t u0 = load64_le(kr);
-  uint64_t lo = u0;
-  uint64_t u = load64_le(kr + (uint32_t)8U);
-  uint64_t hi = u;
-  uint64_t mask0 = (uint64_t)0x0ffffffc0fffffffU;
-  uint64_t mask1 = (uint64_t)0x0ffffffc0ffffffcU;
-  uint64_t lo1 = lo & mask0;
-  uint64_t hi1 = hi & mask1;
-  uint64_t *r = pre;
-  uint64_t *r5 = pre + (uint32_t)5U;
-  uint64_t *rn = pre + (uint32_t)10U;
-  uint64_t *rn_5 = pre + (uint32_t)15U;
-  uint64_t r_vec0 = lo1;
-  uint64_t r_vec1 = hi1;
-  uint64_t f00 = r_vec0 & (uint64_t)0x3ffffffU;
-  uint64_t f10 = r_vec0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-  uint64_t f20 = r_vec0 >> (uint32_t)52U | (r_vec1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-  uint64_t f30 = r_vec1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-  uint64_t f40 = r_vec1 >> (uint32_t)40U;
-  uint64_t f0 = f00;
-  uint64_t f1 = f10;
-  uint64_t f2 = f20;
-  uint64_t f3 = f30;
-  uint64_t f4 = f40;
-  r[0U] = f0;
-  r[1U] = f1;
-  r[2U] = f2;
-  r[3U] = f3;
-  r[4U] = f4;
-  uint64_t f200 = r[0U];
-  uint64_t f21 = r[1U];
-  uint64_t f22 = r[2U];
-  uint64_t f23 = r[3U];
-  uint64_t f24 = r[4U];
-  r5[0U] = f200 * (uint64_t)5U;
-  r5[1U] = f21 * (uint64_t)5U;
-  r5[2U] = f22 * (uint64_t)5U;
-  r5[3U] = f23 * (uint64_t)5U;
-  r5[4U] = f24 * (uint64_t)5U;
-  rn[0U] = r[0U];
-  rn[1U] = r[1U];
-  rn[2U] = r[2U];
-  rn[3U] = r[3U];
-  rn[4U] = r[4U];
-  rn_5[0U] = r5[0U];
-  rn_5[1U] = r5[1U];
-  rn_5[2U] = r5[2U];
-  rn_5[3U] = r5[3U];
-  rn_5[4U] = r5[4U];
-}
-
-void Hacl_Poly1305_32_poly1305_update1(uint64_t *ctx, uint8_t *text)
-{
-  uint64_t *pre = ctx + (uint32_t)5U;
-  uint64_t *acc = ctx;
-  uint64_t e[5U] = { 0U };
-  uint64_t u0 = load64_le(text);
-  uint64_t lo = u0;
-  uint64_t u = load64_le(text + (uint32_t)8U);
-  uint64_t hi = u;
-  uint64_t f0 = lo;
-  uint64_t f1 = hi;
-  uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-  uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-  uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-  uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-  uint64_t f40 = f1 >> (uint32_t)40U;
-  uint64_t f01 = f010;
-  uint64_t f111 = f110;
-  uint64_t f2 = f20;
-  uint64_t f3 = f30;
-  uint64_t f41 = f40;
-  e[0U] = f01;
-  e[1U] = f111;
-  e[2U] = f2;
-  e[3U] = f3;
-  e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
-  uint64_t mask = b;
-  uint64_t f4 = e[4U];
-  e[4U] = f4 | mask;
-  uint64_t *r = pre;
-  uint64_t *r5 = pre + (uint32_t)5U;
-  uint64_t r0 = r[0U];
-  uint64_t r1 = r[1U];
-  uint64_t r2 = r[2U];
-  uint64_t r3 = r[3U];
-  uint64_t r4 = r[4U];
-  uint64_t r51 = r5[1U];
-  uint64_t r52 = r5[2U];
-  uint64_t r53 = r5[3U];
-  uint64_t r54 = r5[4U];
-  uint64_t f10 = e[0U];
-  uint64_t f11 = e[1U];
-  uint64_t f12 = e[2U];
-  uint64_t f13 = e[3U];
-  uint64_t f14 = e[4U];
-  uint64_t a0 = acc[0U];
-  uint64_t a1 = acc[1U];
-  uint64_t a2 = acc[2U];
-  uint64_t a3 = acc[3U];
-  uint64_t a4 = acc[4U];
-  uint64_t a01 = a0 + f10;
-  uint64_t a11 = a1 + f11;
-  uint64_t a21 = a2 + f12;
-  uint64_t a31 = a3 + f13;
-  uint64_t a41 = a4 + f14;
-  uint64_t a02 = r0 * a01;
-  uint64_t a12 = r1 * a01;
-  uint64_t a22 = r2 * a01;
-  uint64_t a32 = r3 * a01;
-  uint64_t a42 = r4 * a01;
-  uint64_t a03 = a02 + r54 * a11;
-  uint64_t a13 = a12 + r0 * a11;
-  uint64_t a23 = a22 + r1 * a11;
-  uint64_t a33 = a32 + r2 * a11;
-  uint64_t a43 = a42 + r3 * a11;
-  uint64_t a04 = a03 + r53 * a21;
-  uint64_t a14 = a13 + r54 * a21;
-  uint64_t a24 = a23 + r0 * a21;
-  uint64_t a34 = a33 + r1 * a21;
-  uint64_t a44 = a43 + r2 * a21;
-  uint64_t a05 = a04 + r52 * a31;
-  uint64_t a15 = a14 + r53 * a31;
-  uint64_t a25 = a24 + r54 * a31;
-  uint64_t a35 = a34 + r0 * a31;
-  uint64_t a45 = a44 + r1 * a31;
-  uint64_t a06 = a05 + r51 * a41;
-  uint64_t a16 = a15 + r52 * a41;
-  uint64_t a26 = a25 + r53 * a41;
-  uint64_t a36 = a35 + r54 * a41;
-  uint64_t a46 = a45 + r0 * a41;
-  uint64_t t0 = a06;
-  uint64_t t1 = a16;
-  uint64_t t2 = a26;
-  uint64_t t3 = a36;
-  uint64_t t4 = a46;
-  uint64_t mask26 = (uint64_t)0x3ffffffU;
-  uint64_t z0 = t0 >> (uint32_t)26U;
-  uint64_t z1 = t3 >> (uint32_t)26U;
-  uint64_t x0 = t0 & mask26;
-  uint64_t x3 = t3 & mask26;
-  uint64_t x1 = t1 + z0;
-  uint64_t x4 = t4 + z1;
-  uint64_t z01 = x1 >> (uint32_t)26U;
-  uint64_t z11 = x4 >> (uint32_t)26U;
-  uint64_t t = z11 << (uint32_t)2U;
-  uint64_t z12 = z11 + t;
-  uint64_t x11 = x1 & mask26;
-  uint64_t x41 = x4 & mask26;
-  uint64_t x2 = t2 + z01;
-  uint64_t x01 = x0 + z12;
-  uint64_t z02 = x2 >> (uint32_t)26U;
-  uint64_t z13 = x01 >> (uint32_t)26U;
-  uint64_t x21 = x2 & mask26;
-  uint64_t x02 = x01 & mask26;
-  uint64_t x31 = x3 + z02;
-  uint64_t x12 = x11 + z13;
-  uint64_t z03 = x31 >> (uint32_t)26U;
-  uint64_t x32 = x31 & mask26;
-  uint64_t x42 = x41 + z03;
-  uint64_t o0 = x02;
-  uint64_t o1 = x12;
-  uint64_t o2 = x21;
-  uint64_t o3 = x32;
-  uint64_t o4 = x42;
-  acc[0U] = o0;
-  acc[1U] = o1;
-  acc[2U] = o2;
-  acc[3U] = o3;
-  acc[4U] = o4;
-}
-
-void Hacl_Poly1305_32_poly1305_update(uint64_t *ctx, uint32_t len, uint8_t *text)
-{
-  uint64_t *pre = ctx + (uint32_t)5U;
-  uint64_t *acc = ctx;
-  uint32_t nb = len / (uint32_t)16U;
-  uint32_t rem = len % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    uint8_t *block = text + i * (uint32_t)16U;
-    uint64_t e[5U] = { 0U };
-    uint64_t u0 = load64_le(block);
-    uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
-    uint64_t hi = u;
-    uint64_t f0 = lo;
-    uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
-    uint64_t f01 = f010;
-    uint64_t f111 = f110;
-    uint64_t f2 = f20;
-    uint64_t f3 = f30;
-    uint64_t f41 = f40;
-    e[0U] = f01;
-    e[1U] = f111;
-    e[2U] = f2;
-    e[3U] = f3;
-    e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
-    uint64_t mask = b;
-    uint64_t f4 = e[4U];
-    e[4U] = f4 | mask;
-    uint64_t *r = pre;
-    uint64_t *r5 = pre + (uint32_t)5U;
-    uint64_t r0 = r[0U];
-    uint64_t r1 = r[1U];
-    uint64_t r2 = r[2U];
-    uint64_t r3 = r[3U];
-    uint64_t r4 = r[4U];
-    uint64_t r51 = r5[1U];
-    uint64_t r52 = r5[2U];
-    uint64_t r53 = r5[3U];
-    uint64_t r54 = r5[4U];
-    uint64_t f10 = e[0U];
-    uint64_t f11 = e[1U];
-    uint64_t f12 = e[2U];
-    uint64_t f13 = e[3U];
-    uint64_t f14 = e[4U];
-    uint64_t a0 = acc[0U];
-    uint64_t a1 = acc[1U];
-    uint64_t a2 = acc[2U];
-    uint64_t a3 = acc[3U];
-    uint64_t a4 = acc[4U];
-    uint64_t a01 = a0 + f10;
-    uint64_t a11 = a1 + f11;
-    uint64_t a21 = a2 + f12;
-    uint64_t a31 = a3 + f13;
-    uint64_t a41 = a4 + f14;
-    uint64_t a02 = r0 * a01;
-    uint64_t a12 = r1 * a01;
-    uint64_t a22 = r2 * a01;
-    uint64_t a32 = r3 * a01;
-    uint64_t a42 = r4 * a01;
-    uint64_t a03 = a02 + r54 * a11;
-    uint64_t a13 = a12 + r0 * a11;
-    uint64_t a23 = a22 + r1 * a11;
-    uint64_t a33 = a32 + r2 * a11;
-    uint64_t a43 = a42 + r3 * a11;
-    uint64_t a04 = a03 + r53 * a21;
-    uint64_t a14 = a13 + r54 * a21;
-    uint64_t a24 = a23 + r0 * a21;
-    uint64_t a34 = a33 + r1 * a21;
-    uint64_t a44 = a43 + r2 * a21;
-    uint64_t a05 = a04 + r52 * a31;
-    uint64_t a15 = a14 + r53 * a31;
-    uint64_t a25 = a24 + r54 * a31;
-    uint64_t a35 = a34 + r0 * a31;
-    uint64_t a45 = a44 + r1 * a31;
-    uint64_t a06 = a05 + r51 * a41;
-    uint64_t a16 = a15 + r52 * a41;
-    uint64_t a26 = a25 + r53 * a41;
-    uint64_t a36 = a35 + r54 * a41;
-    uint64_t a46 = a45 + r0 * a41;
-    uint64_t t0 = a06;
-    uint64_t t1 = a16;
-    uint64_t t2 = a26;
-    uint64_t t3 = a36;
-    uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
-    uint64_t x0 = t0 & mask26;
-    uint64_t x3 = t3 & mask26;
-    uint64_t x1 = t1 + z0;
-    uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
-    uint64_t z12 = z11 + t;
-    uint64_t x11 = x1 & mask26;
-    uint64_t x41 = x4 & mask26;
-    uint64_t x2 = t2 + z01;
-    uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
-    uint64_t x21 = x2 & mask26;
-    uint64_t x02 = x01 & mask26;
-    uint64_t x31 = x3 + z02;
-    uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
-    uint64_t x32 = x31 & mask26;
-    uint64_t x42 = x41 + z03;
-    uint64_t o0 = x02;
-    uint64_t o1 = x12;
-    uint64_t o2 = x21;
-    uint64_t o3 = x32;
-    uint64_t o4 = x42;
-    acc[0U] = o0;
-    acc[1U] = o1;
-    acc[2U] = o2;
-    acc[3U] = o3;
-    acc[4U] = o4;
-  }
-  if (rem > (uint32_t)0U)
-  {
-    uint8_t *last = text + nb * (uint32_t)16U;
-    uint64_t e[5U] = { 0U };
-    uint8_t tmp[16U] = { 0U };
-    memcpy(tmp, last, rem * sizeof (uint8_t));
-    uint64_t u0 = load64_le(tmp);
-    uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
-    uint64_t hi = u;
-    uint64_t f0 = lo;
-    uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
-    uint64_t f01 = f010;
-    uint64_t f111 = f110;
-    uint64_t f2 = f20;
-    uint64_t f3 = f30;
-    uint64_t f4 = f40;
-    e[0U] = f01;
-    e[1U] = f111;
-    e[2U] = f2;
-    e[3U] = f3;
-    e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem * (uint32_t)8U % (uint32_t)26U;
-    uint64_t mask = b;
-    uint64_t fi = e[rem * (uint32_t)8U / (uint32_t)26U];
-    e[rem * (uint32_t)8U / (uint32_t)26U] = fi | mask;
-    uint64_t *r = pre;
-    uint64_t *r5 = pre + (uint32_t)5U;
-    uint64_t r0 = r[0U];
-    uint64_t r1 = r[1U];
-    uint64_t r2 = r[2U];
-    uint64_t r3 = r[3U];
-    uint64_t r4 = r[4U];
-    uint64_t r51 = r5[1U];
-    uint64_t r52 = r5[2U];
-    uint64_t r53 = r5[3U];
-    uint64_t r54 = r5[4U];
-    uint64_t f10 = e[0U];
-    uint64_t f11 = e[1U];
-    uint64_t f12 = e[2U];
-    uint64_t f13 = e[3U];
-    uint64_t f14 = e[4U];
-    uint64_t a0 = acc[0U];
-    uint64_t a1 = acc[1U];
-    uint64_t a2 = acc[2U];
-    uint64_t a3 = acc[3U];
-    uint64_t a4 = acc[4U];
-    uint64_t a01 = a0 + f10;
-    uint64_t a11 = a1 + f11;
-    uint64_t a21 = a2 + f12;
-    uint64_t a31 = a3 + f13;
-    uint64_t a41 = a4 + f14;
-    uint64_t a02 = r0 * a01;
-    uint64_t a12 = r1 * a01;
-    uint64_t a22 = r2 * a01;
-    uint64_t a32 = r3 * a01;
-    uint64_t a42 = r4 * a01;
-    uint64_t a03 = a02 + r54 * a11;
-    uint64_t a13 = a12 + r0 * a11;
-    uint64_t a23 = a22 + r1 * a11;
-    uint64_t a33 = a32 + r2 * a11;
-    uint64_t a43 = a42 + r3 * a11;
-    uint64_t a04 = a03 + r53 * a21;
-    uint64_t a14 = a13 + r54 * a21;
-    uint64_t a24 = a23 + r0 * a21;
-    uint64_t a34 = a33 + r1 * a21;
-    uint64_t a44 = a43 + r2 * a21;
-    uint64_t a05 = a04 + r52 * a31;
-    uint64_t a15 = a14 + r53 * a31;
-    uint64_t a25 = a24 + r54 * a31;
-    uint64_t a35 = a34 + r0 * a31;
-    uint64_t a45 = a44 + r1 * a31;
-    uint64_t a06 = a05 + r51 * a41;
-    uint64_t a16 = a15 + r52 * a41;
-    uint64_t a26 = a25 + r53 * a41;
-    uint64_t a36 = a35 + r54 * a41;
-    uint64_t a46 = a45 + r0 * a41;
-    uint64_t t0 = a06;
-    uint64_t t1 = a16;
-    uint64_t t2 = a26;
-    uint64_t t3 = a36;
-    uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
-    uint64_t x0 = t0 & mask26;
-    uint64_t x3 = t3 & mask26;
-    uint64_t x1 = t1 + z0;
-    uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
-    uint64_t z12 = z11 + t;
-    uint64_t x11 = x1 & mask26;
-    uint64_t x41 = x4 & mask26;
-    uint64_t x2 = t2 + z01;
-    uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
-    uint64_t x21 = x2 & mask26;
-    uint64_t x02 = x01 & mask26;
-    uint64_t x31 = x3 + z02;
-    uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
-    uint64_t x32 = x31 & mask26;
-    uint64_t x42 = x41 + z03;
-    uint64_t o0 = x02;
-    uint64_t o1 = x12;
-    uint64_t o2 = x21;
-    uint64_t o3 = x32;
-    uint64_t o4 = x42;
-    acc[0U] = o0;
-    acc[1U] = o1;
-    acc[2U] = o2;
-    acc[3U] = o3;
-    acc[4U] = o4;
-    return;
-  }
-}
-
-void Hacl_Poly1305_32_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx)
-{
-  uint64_t *acc = ctx;
-  uint8_t *ks = key + (uint32_t)16U;
-  uint64_t f0 = acc[0U];
-  uint64_t f13 = acc[1U];
-  uint64_t f23 = acc[2U];
-  uint64_t f33 = acc[3U];
-  uint64_t f40 = acc[4U];
-  uint64_t l0 = f0 + (uint64_t)0U;
-  uint64_t tmp00 = l0 & (uint64_t)0x3ffffffU;
-  uint64_t c00 = l0 >> (uint32_t)26U;
-  uint64_t l1 = f13 + c00;
-  uint64_t tmp10 = l1 & (uint64_t)0x3ffffffU;
-  uint64_t c10 = l1 >> (uint32_t)26U;
-  uint64_t l2 = f23 + c10;
-  uint64_t tmp20 = l2 & (uint64_t)0x3ffffffU;
-  uint64_t c20 = l2 >> (uint32_t)26U;
-  uint64_t l3 = f33 + c20;
-  uint64_t tmp30 = l3 & (uint64_t)0x3ffffffU;
-  uint64_t c30 = l3 >> (uint32_t)26U;
-  uint64_t l4 = f40 + c30;
-  uint64_t tmp40 = l4 & (uint64_t)0x3ffffffU;
-  uint64_t c40 = l4 >> (uint32_t)26U;
-  uint64_t f010 = tmp00 + c40 * (uint64_t)5U;
-  uint64_t f110 = tmp10;
-  uint64_t f210 = tmp20;
-  uint64_t f310 = tmp30;
-  uint64_t f410 = tmp40;
-  uint64_t l = f010 + (uint64_t)0U;
-  uint64_t tmp0 = l & (uint64_t)0x3ffffffU;
-  uint64_t c0 = l >> (uint32_t)26U;
-  uint64_t l5 = f110 + c0;
-  uint64_t tmp1 = l5 & (uint64_t)0x3ffffffU;
-  uint64_t c1 = l5 >> (uint32_t)26U;
-  uint64_t l6 = f210 + c1;
-  uint64_t tmp2 = l6 & (uint64_t)0x3ffffffU;
-  uint64_t c2 = l6 >> (uint32_t)26U;
-  uint64_t l7 = f310 + c2;
-  uint64_t tmp3 = l7 & (uint64_t)0x3ffffffU;
-  uint64_t c3 = l7 >> (uint32_t)26U;
-  uint64_t l8 = f410 + c3;
-  uint64_t tmp4 = l8 & (uint64_t)0x3ffffffU;
-  uint64_t c4 = l8 >> (uint32_t)26U;
-  uint64_t f02 = tmp0 + c4 * (uint64_t)5U;
-  uint64_t f12 = tmp1;
-  uint64_t f22 = tmp2;
-  uint64_t f32 = tmp3;
-  uint64_t f42 = tmp4;
-  uint64_t mh = (uint64_t)0x3ffffffU;
-  uint64_t ml = (uint64_t)0x3fffffbU;
-  uint64_t mask = FStar_UInt64_eq_mask(f42, mh);
-  uint64_t mask1 = mask & FStar_UInt64_eq_mask(f32, mh);
-  uint64_t mask2 = mask1 & FStar_UInt64_eq_mask(f22, mh);
-  uint64_t mask3 = mask2 & FStar_UInt64_eq_mask(f12, mh);
-  uint64_t mask4 = mask3 & ~~FStar_UInt64_gte_mask(f02, ml);
-  uint64_t ph = mask4 & mh;
-  uint64_t pl = mask4 & ml;
-  uint64_t o0 = f02 - pl;
-  uint64_t o1 = f12 - ph;
-  uint64_t o2 = f22 - ph;
-  uint64_t o3 = f32 - ph;
-  uint64_t o4 = f42 - ph;
-  uint64_t f011 = o0;
-  uint64_t f111 = o1;
-  uint64_t f211 = o2;
-  uint64_t f311 = o3;
-  uint64_t f411 = o4;
-  acc[0U] = f011;
-  acc[1U] = f111;
-  acc[2U] = f211;
-  acc[3U] = f311;
-  acc[4U] = f411;
-  uint64_t f00 = acc[0U];
-  uint64_t f1 = acc[1U];
-  uint64_t f2 = acc[2U];
-  uint64_t f3 = acc[3U];
-  uint64_t f4 = acc[4U];
-  uint64_t f01 = f00;
-  uint64_t f112 = f1;
-  uint64_t f212 = f2;
-  uint64_t f312 = f3;
-  uint64_t f41 = f4;
-  uint64_t lo = (f01 | f112 << (uint32_t)26U) | f212 << (uint32_t)52U;
-  uint64_t hi = (f212 >> (uint32_t)12U | f312 << (uint32_t)14U) | f41 << (uint32_t)40U;
-  uint64_t f10 = lo;
-  uint64_t f11 = hi;
-  uint64_t u0 = load64_le(ks);
-  uint64_t lo0 = u0;
-  uint64_t u = load64_le(ks + (uint32_t)8U);
-  uint64_t hi0 = u;
-  uint64_t f20 = lo0;
-  uint64_t f21 = hi0;
-  uint64_t r0 = f10 + f20;
-  uint64_t r1 = f11 + f21;
-  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> (uint32_t)63U;
-  uint64_t r11 = r1 + c;
-  uint64_t f30 = r0;
-  uint64_t f31 = r11;
-  store64_le(tag, f30);
-  store64_le(tag + (uint32_t)8U, f31);
-}
-
-void Hacl_Poly1305_32_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key)
-{
-  uint64_t ctx[25U] = { 0U };
-  Hacl_Poly1305_32_poly1305_init(ctx, key);
-  Hacl_Poly1305_32_poly1305_update(ctx, len, text);
-  Hacl_Poly1305_32_poly1305_finish(tag, key, ctx);
-}
-
diff --git a/src/Hacl_RSAPSS.c b/src/Hacl_RSAPSS.c
index ceb9a6f0..71e141d0 100644
--- a/src/Hacl_RSAPSS.c
+++ b/src/Hacl_RSAPSS.c
@@ -35,51 +35,51 @@ static inline uint32_t hash_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)16U;
+        return 16U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)20U;
+        return 20U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     default:
       {
@@ -96,17 +96,17 @@ hash(Spec_Hash_Definitions_hash_alg a, uint8_t *mHash, uint32_t msgLen, uint8_t
   {
     case Spec_Hash_Definitions_SHA2_256:
       {
-        Hacl_Streaming_SHA2_hash_256(msg, msgLen, mHash);
+        Hacl_Hash_SHA2_hash_256(mHash, msg, msgLen);
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        Hacl_Streaming_SHA2_hash_384(msg, msgLen, mHash);
+        Hacl_Hash_SHA2_hash_384(mHash, msg, msgLen);
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        Hacl_Streaming_SHA2_hash_512(msg, msgLen, mHash);
+        Hacl_Hash_SHA2_hash_512(mHash, msg, msgLen);
         break;
       }
     default:
@@ -126,48 +126,48 @@ mgf_hash(
   uint8_t *res
 )
 {
-  KRML_CHECK_SIZE(sizeof (uint8_t), len + (uint32_t)4U);
-  uint8_t mgfseed_counter[len + (uint32_t)4U];
-  memset(mgfseed_counter, 0U, (len + (uint32_t)4U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), len + 4U);
+  uint8_t mgfseed_counter[len + 4U];
+  memset(mgfseed_counter, 0U, (len + 4U) * sizeof (uint8_t));
   memcpy(mgfseed_counter, mgfseed, len * sizeof (uint8_t));
   uint32_t hLen = hash_len(a);
-  uint32_t n = (maskLen - (uint32_t)1U) / hLen + (uint32_t)1U;
+  uint32_t n = (maskLen - 1U) / hLen + 1U;
   uint32_t accLen = n * hLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), accLen);
   uint8_t acc[accLen];
   memset(acc, 0U, accLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
     uint8_t *acc_i = acc + i * hLen;
     uint8_t *c = mgfseed_counter + len;
-    c[0U] = (uint8_t)(i >> (uint32_t)24U);
-    c[1U] = (uint8_t)(i >> (uint32_t)16U);
-    c[2U] = (uint8_t)(i >> (uint32_t)8U);
+    c[0U] = (uint8_t)(i >> 24U);
+    c[1U] = (uint8_t)(i >> 16U);
+    c[2U] = (uint8_t)(i >> 8U);
     c[3U] = (uint8_t)i;
-    hash(a, acc_i, len + (uint32_t)4U, mgfseed_counter);
+    hash(a, acc_i, len + 4U, mgfseed_counter);
   }
   memcpy(res, acc, maskLen * sizeof (uint8_t));
 }
 
 static inline uint64_t check_num_bits_u64(uint32_t bs, uint64_t *b)
 {
-  uint32_t bLen = (bs - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  if (bs == (uint32_t)64U * bLen)
+  uint32_t bLen = (bs - 1U) / 64U + 1U;
+  if (bs == 64U * bLen)
   {
-    return (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    return 0xFFFFFFFFFFFFFFFFULL;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), bLen);
   uint64_t b2[bLen];
   memset(b2, 0U, bLen * sizeof (uint64_t));
-  uint32_t i0 = bs / (uint32_t)64U;
-  uint32_t j = bs % (uint32_t)64U;
-  b2[i0] = b2[i0] | (uint64_t)1U << j;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+  uint32_t i0 = bs / 64U;
+  uint32_t j = bs % 64U;
+  b2[i0] = b2[i0] | 1ULL << j;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < bLen; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t res = acc;
   return res;
@@ -175,21 +175,21 @@ static inline uint64_t check_num_bits_u64(uint32_t bs, uint64_t *b)
 
 static inline uint64_t check_modulus_u64(uint32_t modBits, uint64_t *n)
 {
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint64_t bits0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bits0;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
+  uint64_t bits0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bits0;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t b2[nLen];
   memset(b2, 0U, nLen * sizeof (uint64_t));
-  uint32_t i0 = (modBits - (uint32_t)1U) / (uint32_t)64U;
-  uint32_t j = (modBits - (uint32_t)1U) % (uint32_t)64U;
-  b2[i0] = b2[i0] | (uint64_t)1U << j;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < nLen; i++)
+  uint32_t i0 = (modBits - 1U) / 64U;
+  uint32_t j = (modBits - 1U) % 64U;
+  b2[i0] = b2[i0] | 1ULL << j;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < nLen; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(b2[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(b2[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t res = acc;
   uint64_t m1 = res;
@@ -199,12 +199,12 @@ static inline uint64_t check_modulus_u64(uint32_t modBits, uint64_t *n)
 
 static inline uint64_t check_exponent_u64(uint32_t eBits, uint64_t *e)
 {
-  uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t eLen = (eBits - 1U) / 64U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), eLen);
   uint64_t bn_zero[eLen];
   memset(bn_zero, 0U, eLen * sizeof (uint64_t));
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < eLen; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < eLen; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(e[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -231,39 +231,39 @@ pss_encode(
   KRML_CHECK_SIZE(sizeof (uint8_t), hLen);
   uint8_t m1Hash[hLen];
   memset(m1Hash, 0U, hLen * sizeof (uint8_t));
-  uint32_t m1Len = (uint32_t)8U + hLen + saltLen;
+  uint32_t m1Len = 8U + hLen + saltLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), m1Len);
   uint8_t m1[m1Len];
   memset(m1, 0U, m1Len * sizeof (uint8_t));
-  hash(a, m1 + (uint32_t)8U, msgLen, msg);
-  memcpy(m1 + (uint32_t)8U + hLen, salt, saltLen * sizeof (uint8_t));
+  hash(a, m1 + 8U, msgLen, msg);
+  memcpy(m1 + 8U + hLen, salt, saltLen * sizeof (uint8_t));
   hash(a, m1Hash, m1Len, m1);
-  uint32_t emLen = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t dbLen = emLen - hLen - (uint32_t)1U;
+  uint32_t emLen = (emBits - 1U) / 8U + 1U;
+  uint32_t dbLen = emLen - hLen - 1U;
   KRML_CHECK_SIZE(sizeof (uint8_t), dbLen);
   uint8_t db[dbLen];
   memset(db, 0U, dbLen * sizeof (uint8_t));
-  uint32_t last_before_salt = dbLen - saltLen - (uint32_t)1U;
-  db[last_before_salt] = (uint8_t)1U;
-  memcpy(db + last_before_salt + (uint32_t)1U, salt, saltLen * sizeof (uint8_t));
+  uint32_t last_before_salt = dbLen - saltLen - 1U;
+  db[last_before_salt] = 1U;
+  memcpy(db + last_before_salt + 1U, salt, saltLen * sizeof (uint8_t));
   KRML_CHECK_SIZE(sizeof (uint8_t), dbLen);
   uint8_t dbMask[dbLen];
   memset(dbMask, 0U, dbLen * sizeof (uint8_t));
   mgf_hash(a, hLen, m1Hash, dbLen, dbMask);
-  for (uint32_t i = (uint32_t)0U; i < dbLen; i++)
+  for (uint32_t i = 0U; i < dbLen; i++)
   {
     uint8_t *os = db;
-    uint8_t x = db[i] ^ dbMask[i];
+    uint8_t x = (uint32_t)db[i] ^ (uint32_t)dbMask[i];
     os[i] = x;
   }
-  uint32_t msBits = emBits % (uint32_t)8U;
-  if (msBits > (uint32_t)0U)
+  uint32_t msBits = emBits % 8U;
+  if (msBits > 0U)
   {
-    db[0U] = db[0U] & (uint8_t)0xffU >> ((uint32_t)8U - msBits);
+    db[0U] = (uint32_t)db[0U] & 0xffU >> (8U - msBits);
   }
   memcpy(em, db, dbLen * sizeof (uint8_t));
   memcpy(em + dbLen, m1Hash, hLen * sizeof (uint8_t));
-  em[emLen - (uint32_t)1U] = (uint8_t)0xbcU;
+  em[emLen - 1U] = 0xbcU;
 }
 
 static inline bool
@@ -276,105 +276,100 @@ pss_verify(
   uint8_t *em
 )
 {
-  uint32_t emLen = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t msBits = emBits % (uint32_t)8U;
+  uint32_t emLen = (emBits - 1U) / 8U + 1U;
+  uint32_t msBits = emBits % 8U;
   uint8_t em_0;
-  if (msBits > (uint32_t)0U)
+  if (msBits > 0U)
   {
-    em_0 = em[0U] & (uint8_t)0xffU << msBits;
+    em_0 = (uint32_t)em[0U] & 0xffU << msBits;
   }
   else
   {
-    em_0 = (uint8_t)0U;
+    em_0 = 0U;
   }
-  uint8_t em_last = em[emLen - (uint32_t)1U];
-  if (emLen < saltLen + hash_len(a) + (uint32_t)2U)
+  uint8_t em_last = em[emLen - 1U];
+  if (emLen < saltLen + hash_len(a) + 2U)
   {
     return false;
   }
-  if (!(em_last == (uint8_t)0xbcU && em_0 == (uint8_t)0U))
+  if (!(em_last == 0xbcU && em_0 == 0U))
   {
     return false;
   }
-  uint32_t emLen1 = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t emLen1 = (emBits - 1U) / 8U + 1U;
   uint32_t hLen = hash_len(a);
   KRML_CHECK_SIZE(sizeof (uint8_t), hLen);
   uint8_t m1Hash0[hLen];
   memset(m1Hash0, 0U, hLen * sizeof (uint8_t));
-  uint32_t dbLen = emLen1 - hLen - (uint32_t)1U;
+  uint32_t dbLen = emLen1 - hLen - 1U;
   uint8_t *maskedDB = em;
   uint8_t *m1Hash = em + dbLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), dbLen);
   uint8_t dbMask[dbLen];
   memset(dbMask, 0U, dbLen * sizeof (uint8_t));
   mgf_hash(a, hLen, m1Hash, dbLen, dbMask);
-  for (uint32_t i = (uint32_t)0U; i < dbLen; i++)
+  for (uint32_t i = 0U; i < dbLen; i++)
   {
     uint8_t *os = dbMask;
-    uint8_t x = dbMask[i] ^ maskedDB[i];
+    uint8_t x = (uint32_t)dbMask[i] ^ (uint32_t)maskedDB[i];
     os[i] = x;
   }
-  uint32_t msBits1 = emBits % (uint32_t)8U;
-  if (msBits1 > (uint32_t)0U)
+  uint32_t msBits1 = emBits % 8U;
+  if (msBits1 > 0U)
   {
-    dbMask[0U] = dbMask[0U] & (uint8_t)0xffU >> ((uint32_t)8U - msBits1);
+    dbMask[0U] = (uint32_t)dbMask[0U] & 0xffU >> (8U - msBits1);
   }
-  uint32_t padLen = emLen1 - saltLen - hLen - (uint32_t)1U;
+  uint32_t padLen = emLen1 - saltLen - hLen - 1U;
   KRML_CHECK_SIZE(sizeof (uint8_t), padLen);
   uint8_t pad2[padLen];
   memset(pad2, 0U, padLen * sizeof (uint8_t));
-  pad2[padLen - (uint32_t)1U] = (uint8_t)0x01U;
+  pad2[padLen - 1U] = 0x01U;
   uint8_t *pad = dbMask;
   uint8_t *salt = dbMask + padLen;
-  uint8_t res = (uint8_t)255U;
-  for (uint32_t i = (uint32_t)0U; i < padLen; i++)
+  uint8_t res = 255U;
+  for (uint32_t i = 0U; i < padLen; i++)
   {
     uint8_t uu____0 = FStar_UInt8_eq_mask(pad[i], pad2[i]);
-    res = uu____0 & res;
+    res = (uint32_t)uu____0 & (uint32_t)res;
   }
   uint8_t z = res;
-  if (!(z == (uint8_t)255U))
+  if (!(z == 255U))
   {
     return false;
   }
-  uint32_t m1Len = (uint32_t)8U + hLen + saltLen;
+  uint32_t m1Len = 8U + hLen + saltLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), m1Len);
   uint8_t m1[m1Len];
   memset(m1, 0U, m1Len * sizeof (uint8_t));
-  hash(a, m1 + (uint32_t)8U, msgLen, msg);
-  memcpy(m1 + (uint32_t)8U + hLen, salt, saltLen * sizeof (uint8_t));
+  hash(a, m1 + 8U, msgLen, msg);
+  memcpy(m1 + 8U + hLen, salt, saltLen * sizeof (uint8_t));
   hash(a, m1Hash0, m1Len, m1);
-  uint8_t res0 = (uint8_t)255U;
-  for (uint32_t i = (uint32_t)0U; i < hLen; i++)
+  uint8_t res0 = 255U;
+  for (uint32_t i = 0U; i < hLen; i++)
   {
     uint8_t uu____1 = FStar_UInt8_eq_mask(m1Hash0[i], m1Hash[i]);
-    res0 = uu____1 & res0;
+    res0 = (uint32_t)uu____1 & (uint32_t)res0;
   }
   uint8_t z0 = res0;
-  return z0 == (uint8_t)255U;
+  return z0 == 255U;
 }
 
 static inline bool
 load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb, uint64_t *pkey)
 {
-  uint32_t nbLen = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t ebLen = (eBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nbLen = (modBits - 1U) / 8U + 1U;
+  uint32_t ebLen = (eBits - 1U) / 8U + 1U;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
   uint64_t *n = pkey;
   uint64_t *r2 = pkey + nLen;
   uint64_t *e = pkey + nLen + nLen;
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen, nb, n);
-  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - (uint32_t)1U)
-    / (uint32_t)64U
-    + (uint32_t)1U,
-    modBits - (uint32_t)1U,
-    n,
-    r2);
+  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen, eb, e);
   uint64_t m0 = check_modulus_u64(modBits, n);
   uint64_t m1 = check_exponent_u64(eBits, e);
   uint64_t m = m0 & m1;
-  return m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static inline bool
@@ -388,16 +383,16 @@ load_skey(
   uint64_t *skey
 )
 {
-  uint32_t dbLen = (dBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t dbLen = (dBits - 1U) / 8U + 1U;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
+  uint32_t eLen = (eBits - 1U) / 64U + 1U;
   uint32_t pkeyLen = nLen + nLen + eLen;
   uint64_t *pkey = skey;
   uint64_t *d = skey + pkeyLen;
   bool b = load_pkey(modBits, eBits, nb, eb, pkey);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(dbLen, db, d);
   uint64_t m1 = check_exponent_u64(dBits, d);
-  return b && m1 == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return b && m1 == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -435,45 +430,36 @@ Hacl_RSAPSS_rsapss_sign(
 {
   uint32_t hLen = hash_len(a);
   bool
-  b =
-    saltLen
-    <= (uint32_t)0xffffffffU - hLen - (uint32_t)8U
-    &&
-      saltLen
-      + hLen
-      + (uint32_t)2U
-      <= (modBits - (uint32_t)1U - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  b = saltLen <= 0xffffffffU - hLen - 8U && saltLen + hLen + 2U <= (modBits - 1U - 1U) / 8U + 1U;
   if (b)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
     uint64_t m[nLen];
     memset(m, 0U, nLen * sizeof (uint64_t));
-    uint32_t emBits = modBits - (uint32_t)1U;
-    uint32_t emLen = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+    uint32_t emBits = modBits - 1U;
+    uint32_t emLen = (emBits - 1U) / 8U + 1U;
     KRML_CHECK_SIZE(sizeof (uint8_t), emLen);
     uint8_t em[emLen];
     memset(em, 0U, emLen * sizeof (uint8_t));
     pss_encode(a, saltLen, salt, msgLen, msg, emBits, em);
     Hacl_Bignum_Convert_bn_from_bytes_be_uint64(emLen, em, m);
-    uint32_t nLen1 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t k = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+    uint32_t nLen1 = (modBits - 1U) / 64U + 1U;
+    uint32_t k = (modBits - 1U) / 8U + 1U;
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen1);
     uint64_t s[nLen1];
     memset(s, 0U, nLen1 * sizeof (uint64_t));
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen1);
     uint64_t m_[nLen1];
     memset(m_, 0U, nLen1 * sizeof (uint64_t));
-    uint32_t nLen2 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    uint32_t nLen2 = (modBits - 1U) / 64U + 1U;
+    uint32_t eLen = (eBits - 1U) / 64U + 1U;
     uint64_t *n = skey;
     uint64_t *r2 = skey + nLen2;
     uint64_t *e = skey + nLen2 + nLen2;
     uint64_t *d = skey + nLen2 + nLen2 + eLen;
     uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-    Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((modBits - (uint32_t)1U)
-      / (uint32_t)64U
-      + (uint32_t)1U,
+    Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((modBits - 1U) / 64U + 1U,
       n,
       mu,
       r2,
@@ -482,9 +468,7 @@ Hacl_RSAPSS_rsapss_sign(
       d,
       s);
     uint64_t mu0 = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - (uint32_t)1U)
-      / (uint32_t)64U
-      + (uint32_t)1U,
+    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U,
       n,
       mu0,
       r2,
@@ -492,22 +476,22 @@ Hacl_RSAPSS_rsapss_sign(
       eBits,
       e,
       m_);
-    uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-    for (uint32_t i = (uint32_t)0U; i < nLen2; i++)
+    uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+    for (uint32_t i = 0U; i < nLen2; i++)
     {
       uint64_t uu____0 = FStar_UInt64_eq_mask(m[i], m_[i]);
       mask = uu____0 & mask;
     }
     uint64_t mask1 = mask;
     uint64_t eq_m = mask1;
-    for (uint32_t i = (uint32_t)0U; i < nLen2; i++)
+    for (uint32_t i = 0U; i < nLen2; i++)
     {
       uint64_t *os = s;
       uint64_t x = s[i];
       uint64_t x0 = eq_m & x;
       os[i] = x0;
     }
-    bool eq_b = eq_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    bool eq_b = eq_m == 0xFFFFFFFFFFFFFFFFULL;
     Hacl_Bignum_Convert_bn_to_bytes_be_uint64(k, s, sgnt);
     bool eq_b0 = eq_b;
     return eq_b0;
@@ -547,42 +531,36 @@ Hacl_RSAPSS_rsapss_verify(
 )
 {
   uint32_t hLen = hash_len(a);
-  bool
-  b =
-    saltLen
-    <= (uint32_t)0xffffffffU - hLen - (uint32_t)8U
-    && sgntLen == (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  bool b = saltLen <= 0xffffffffU - hLen - 8U && sgntLen == (modBits - 1U) / 8U + 1U;
   if (b)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
     uint64_t m[nLen];
     memset(m, 0U, nLen * sizeof (uint64_t));
-    uint32_t nLen1 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t k = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+    uint32_t nLen1 = (modBits - 1U) / 64U + 1U;
+    uint32_t k = (modBits - 1U) / 8U + 1U;
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen1);
     uint64_t s[nLen1];
     memset(s, 0U, nLen1 * sizeof (uint64_t));
     Hacl_Bignum_Convert_bn_from_bytes_be_uint64(k, sgnt, s);
-    uint32_t nLen2 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    uint32_t nLen2 = (modBits - 1U) / 64U + 1U;
     uint64_t *n = pkey;
     uint64_t *r2 = pkey + nLen2;
     uint64_t *e = pkey + nLen2 + nLen2;
-    uint64_t acc = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < nLen2; i++)
+    uint64_t acc = 0ULL;
+    for (uint32_t i = 0U; i < nLen2; i++)
     {
       uint64_t beq = FStar_UInt64_eq_mask(s[i], n[i]);
       uint64_t blt = ~FStar_UInt64_gte_mask(s[i], n[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
     }
     uint64_t mask = acc;
     bool res;
-    if (mask == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+    if (mask == 0xFFFFFFFFFFFFFFFFULL)
     {
       uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-      Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - (uint32_t)1U)
-        / (uint32_t)64U
-        + (uint32_t)1U,
+      Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U,
         n,
         mu,
         r2,
@@ -591,17 +569,17 @@ Hacl_RSAPSS_rsapss_verify(
         e,
         m);
       bool ite;
-      if (!((modBits - (uint32_t)1U) % (uint32_t)8U == (uint32_t)0U))
+      if (!((modBits - 1U) % 8U == 0U))
       {
         ite = true;
       }
       else
       {
-        uint32_t i = (modBits - (uint32_t)1U) / (uint32_t)64U;
-        uint32_t j = (modBits - (uint32_t)1U) % (uint32_t)64U;
+        uint32_t i = (modBits - 1U) / 64U;
+        uint32_t j = (modBits - 1U) % 64U;
         uint64_t tmp = m[i];
-        uint64_t get_bit = tmp >> j & (uint64_t)1U;
-        ite = get_bit == (uint64_t)0U;
+        uint64_t get_bit = tmp >> j & 1ULL;
+        ite = get_bit == 0ULL;
       }
       if (ite)
       {
@@ -620,8 +598,8 @@ Hacl_RSAPSS_rsapss_verify(
     bool b10 = b1;
     if (b10)
     {
-      uint32_t emBits = modBits - (uint32_t)1U;
-      uint32_t emLen = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+      uint32_t emBits = modBits - 1U;
+      uint32_t emLen = (emBits - 1U) / 8U + 1U;
       KRML_CHECK_SIZE(sizeof (uint8_t), emLen);
       uint8_t em[emLen];
       memset(em, 0U, emLen * sizeof (uint8_t));
@@ -649,15 +627,11 @@ uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb)
 {
   bool ite;
-  if ((uint32_t)1U < modBits && (uint32_t)0U < eBits)
+  if (1U < modBits && 0U < eBits)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    ite =
-      nLen
-      <= (uint32_t)33554431U
-      && eLen <= (uint32_t)67108863U
-      && nLen + nLen <= (uint32_t)0xffffffffU - eLen;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
+    uint32_t eLen = (eBits - 1U) / 64U + 1U;
+    ite = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen;
   }
   else
   {
@@ -667,8 +641,8 @@ uint64_t
   {
     return NULL;
   }
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
+  uint32_t eLen = (eBits - 1U) / 64U + 1U;
   uint32_t pkeyLen = nLen + nLen + eLen;
   KRML_CHECK_SIZE(sizeof (uint64_t), pkeyLen);
   uint64_t *pkey = (uint64_t *)KRML_HOST_CALLOC(pkeyLen, sizeof (uint64_t));
@@ -678,24 +652,19 @@ uint64_t
   }
   uint64_t *pkey1 = pkey;
   uint64_t *pkey2 = pkey1;
-  uint32_t nbLen = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t ebLen = (eBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen1 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nbLen = (modBits - 1U) / 8U + 1U;
+  uint32_t ebLen = (eBits - 1U) / 8U + 1U;
+  uint32_t nLen1 = (modBits - 1U) / 64U + 1U;
   uint64_t *n = pkey2;
   uint64_t *r2 = pkey2 + nLen1;
   uint64_t *e = pkey2 + nLen1 + nLen1;
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen, nb, n);
-  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - (uint32_t)1U)
-    / (uint32_t)64U
-    + (uint32_t)1U,
-    modBits - (uint32_t)1U,
-    n,
-    r2);
+  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen, eb, e);
   uint64_t m0 = check_modulus_u64(modBits, n);
   uint64_t m1 = check_exponent_u64(eBits, e);
   uint64_t m = m0 & m1;
-  bool b = m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool b = m == 0xFFFFFFFFFFFFFFFFULL;
   if (b)
   {
     return pkey2;
@@ -727,27 +696,23 @@ uint64_t
 )
 {
   bool ite0;
-  if ((uint32_t)1U < modBits && (uint32_t)0U < eBits)
+  if (1U < modBits && 0U < eBits)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    ite0 =
-      nLen
-      <= (uint32_t)33554431U
-      && eLen <= (uint32_t)67108863U
-      && nLen + nLen <= (uint32_t)0xffffffffU - eLen;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
+    uint32_t eLen = (eBits - 1U) / 64U + 1U;
+    ite0 = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen;
   }
   else
   {
     ite0 = false;
   }
   bool ite;
-  if (ite0 && (uint32_t)0U < dBits)
+  if (ite0 && 0U < dBits)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t dLen = (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    ite = dLen <= (uint32_t)67108863U && (uint32_t)2U * nLen <= (uint32_t)0xffffffffU - eLen - dLen;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
+    uint32_t eLen = (eBits - 1U) / 64U + 1U;
+    uint32_t dLen = (dBits - 1U) / 64U + 1U;
+    ite = dLen <= 67108863U && 2U * nLen <= 0xffffffffU - eLen - dLen;
   }
   else
   {
@@ -757,9 +722,9 @@ uint64_t
   {
     return NULL;
   }
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t dLen = (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
+  uint32_t eLen = (eBits - 1U) / 64U + 1U;
+  uint32_t dLen = (dBits - 1U) / 64U + 1U;
   uint32_t skeyLen = nLen + nLen + eLen + dLen;
   KRML_CHECK_SIZE(sizeof (uint64_t), skeyLen);
   uint64_t *skey = (uint64_t *)KRML_HOST_CALLOC(skeyLen, sizeof (uint64_t));
@@ -769,33 +734,28 @@ uint64_t
   }
   uint64_t *skey1 = skey;
   uint64_t *skey2 = skey1;
-  uint32_t dbLen = (dBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen1 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t eLen1 = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t dbLen = (dBits - 1U) / 8U + 1U;
+  uint32_t nLen1 = (modBits - 1U) / 64U + 1U;
+  uint32_t eLen1 = (eBits - 1U) / 64U + 1U;
   uint32_t pkeyLen = nLen1 + nLen1 + eLen1;
   uint64_t *pkey = skey2;
   uint64_t *d = skey2 + pkeyLen;
-  uint32_t nbLen1 = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t ebLen1 = (eBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen2 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nbLen1 = (modBits - 1U) / 8U + 1U;
+  uint32_t ebLen1 = (eBits - 1U) / 8U + 1U;
+  uint32_t nLen2 = (modBits - 1U) / 64U + 1U;
   uint64_t *n = pkey;
   uint64_t *r2 = pkey + nLen2;
   uint64_t *e = pkey + nLen2 + nLen2;
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen1, nb, n);
-  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - (uint32_t)1U)
-    / (uint32_t)64U
-    + (uint32_t)1U,
-    modBits - (uint32_t)1U,
-    n,
-    r2);
+  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen1, eb, e);
   uint64_t m0 = check_modulus_u64(modBits, n);
   uint64_t m10 = check_exponent_u64(eBits, e);
   uint64_t m = m0 & m10;
-  bool b = m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool b = m == 0xFFFFFFFFFFFFFFFFULL;
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(dbLen, db, d);
   uint64_t m1 = check_exponent_u64(dBits, d);
-  bool b0 = b && m1 == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool b0 = b && m1 == 0xFFFFFFFFFFFFFFFFULL;
   if (b0)
   {
     return skey2;
@@ -842,21 +802,12 @@ Hacl_RSAPSS_rsapss_skey_sign(
 )
 {
   KRML_CHECK_SIZE(sizeof (uint64_t),
-    (uint32_t)2U
-    * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U
-    + (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U);
+    2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U + (dBits - 1U) / 64U + 1U);
   uint64_t
-  skey[(uint32_t)2U
-  * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-  + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U
-  + (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U];
+  skey[2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U + (dBits - 1U) / 64U + 1U];
   memset(skey,
     0U,
-    ((uint32_t)2U
-    * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U
-    + (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
+    (2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U + (dBits - 1U) / 64U + 1U)
     * sizeof (uint64_t));
   bool b = load_skey(modBits, eBits, dBits, nb, eb, db, skey);
   if (b)
@@ -909,20 +860,11 @@ Hacl_RSAPSS_rsapss_pkey_verify(
   uint8_t *msg
 )
 {
-  KRML_CHECK_SIZE(sizeof (uint64_t),
-    (uint32_t)2U
-    * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U);
-  uint64_t
-  pkey[(uint32_t)2U
-  * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-  + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U];
+  KRML_CHECK_SIZE(sizeof (uint64_t), 2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U);
+  uint64_t pkey[2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U];
   memset(pkey,
     0U,
-    ((uint32_t)2U
-    * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    * sizeof (uint64_t));
+    (2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U) * sizeof (uint64_t));
   bool b = load_pkey(modBits, eBits, nb, eb, pkey);
   if (b)
   {
diff --git a/src/Hacl_SHA2_Vec128.c b/src/Hacl_SHA2_Vec128.c
index e1b6e304..02af75b1 100644
--- a/src/Hacl_SHA2_Vec128.c
+++ b/src/Hacl_SHA2_Vec128.c
@@ -32,21 +32,21 @@
 static inline void sha224_init4(Lib_IntVector_Intrinsics_vec128 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = hash;
-    uint32_t hi = Hacl_Impl_SHA2_Generic_h224[i];
+    uint32_t hi = Hacl_Hash_SHA2_h224[i];
     Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_load32(hi);
     os[i] = x;);
 }
 
 static inline void
-sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash)
+sha224_update4(Hacl_Hash_SHA2_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash)
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 hash_old[8U] KRML_POST_ALIGN(16) = { 0U };
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ws[16U] KRML_POST_ALIGN(16) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec128));
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b10 = b.snd.fst;
@@ -55,18 +55,18 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
   ws[1U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10);
   ws[2U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2);
   ws[3U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3);
-  ws[4U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)16U);
-  ws[5U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)16U);
-  ws[6U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)16U);
-  ws[7U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)16U);
-  ws[8U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)32U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)32U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)32U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)32U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)48U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)48U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)48U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)48U);
+  ws[4U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 16U);
+  ws[5U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 16U);
+  ws[6U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 16U);
+  ws[7U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 16U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 32U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 32U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 32U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 32U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 48U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 48U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 48U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 48U);
   Lib_IntVector_Intrinsics_vec128 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec128 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec128 v20 = ws[2U];
@@ -196,14 +196,14 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec128 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec128 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec128 b0 = hash[1U];
@@ -218,10 +218,10 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       t1 =
         Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(h02,
                 Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(e0,
-                    (uint32_t)6U),
+                    6U),
                   Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(e0,
-                      (uint32_t)11U),
-                    Lib_IntVector_Intrinsics_vec128_rotate_right32(e0, (uint32_t)25U)))),
+                      11U),
+                    Lib_IntVector_Intrinsics_vec128_rotate_right32(e0, 25U)))),
               Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_lognot(e0), g0))),
             k_e_t),
@@ -229,10 +229,10 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       Lib_IntVector_Intrinsics_vec128
       t2 =
         Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(a0,
-              (uint32_t)2U),
+              2U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(a0,
-                (uint32_t)13U),
-              Lib_IntVector_Intrinsics_vec128_rotate_right32(a0, (uint32_t)22U))),
+                13U),
+              Lib_IntVector_Intrinsics_vec128_rotate_right32(a0, 22U))),
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(a0, b0),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(a0, c0),
               Lib_IntVector_Intrinsics_vec128_and(b0, c0))));
@@ -252,30 +252,30 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec128 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec128 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec128 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec128 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec128 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec128 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec128 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec128
         s1 =
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t2,
-              (uint32_t)17U),
+              17U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t2,
-                (uint32_t)19U),
-              Lib_IntVector_Intrinsics_vec128_shift_right32(t2, (uint32_t)10U)));
+                19U),
+              Lib_IntVector_Intrinsics_vec128_shift_right32(t2, 10U)));
         Lib_IntVector_Intrinsics_vec128
         s0 =
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t15,
-              (uint32_t)7U),
+              7U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t15,
-                (uint32_t)18U),
-              Lib_IntVector_Intrinsics_vec128_shift_right32(t15, (uint32_t)3U)));
+                18U),
+              Lib_IntVector_Intrinsics_vec128_shift_right32(t15, 3U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(s1,
                 t7),
@@ -283,9 +283,9 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = hash;
     Lib_IntVector_Intrinsics_vec128
     x = Lib_IntVector_Intrinsics_vec128_add32(hash[i], hash_old[i]);
@@ -295,22 +295,22 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
 static inline void
 sha224_update_nblocks4(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec128 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b3 = b.snd.snd.snd;
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)64U;
-    uint8_t *bl1 = b1 + i * (uint32_t)64U;
-    uint8_t *bl2 = b2 + i * (uint32_t)64U;
-    uint8_t *bl3 = b3 + i * (uint32_t)64U;
-    Hacl_Impl_SHA2_Types_uint8_4p
+    uint8_t *bl0 = b0 + i * 64U;
+    uint8_t *bl1 = b1 + i * 64U;
+    uint8_t *bl2 = b2 + i * 64U;
+    uint8_t *bl3 = b3 + i * 64U;
+    Hacl_Hash_SHA2_uint8_4p
     mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
     sha224_update4(mb, st);
   }
@@ -320,69 +320,69 @@ static inline void
 sha224_update_last4(
   uint64_t totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec128 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[512U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
-  uint8_t *last2 = last + (uint32_t)256U;
-  uint8_t *last3 = last + (uint32_t)384U;
+  uint8_t *last10 = last + 128U;
+  uint8_t *last2 = last + 256U;
+  uint8_t *last3 = last + 384U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)64U;
+  uint8_t *last110 = last00 + 64U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)64U;
+  uint8_t *last111 = last10 + 64U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)64U;
+  uint8_t *last112 = last2 + 64U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last01 = last3;
-  uint8_t *last11 = last3 + (uint32_t)64U;
+  uint8_t *last11 = last3 + 64U;
   uint8_t *l30 = last01;
   uint8_t *l31 = last11;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb0 = { .fst = l00, .snd = { .fst = l10, .snd = { .fst = l20, .snd = l30 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb1 = { .fst = l01, .snd = { .fst = l11, .snd = { .fst = l21, .snd = l31 } } };
-  Hacl_Impl_SHA2_Types_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_4p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_4p last1 = scrut.snd;
   sha224_update4(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha224_update4(last1, hash);
     return;
@@ -390,7 +390,7 @@ sha224_update_last4(
 }
 
 static inline void
-sha224_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4p h)
+sha224_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Hash_SHA2_uint8_4p h)
 {
   uint8_t hbuf[128U] = { 0U };
   Lib_IntVector_Intrinsics_vec128 v00 = st[0U];
@@ -458,18 +458,18 @@ sha224_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4
   st[6U] = st3_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * (uint32_t)16U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * 16U, st[i]););
   uint8_t *b3 = h.snd.snd.snd;
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)28U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 28U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 32U, 28U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 64U, 28U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 96U, 28U * sizeof (uint8_t));
 }
 
 void
@@ -485,16 +485,16 @@ Hacl_SHA2_Vec128_sha224_4(
   uint8_t *input3
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } };
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 st[8U] KRML_POST_ALIGN(16) = { 0U };
   sha224_init4(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha224_update_nblocks4(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b3 = ib.snd.snd.snd;
   uint8_t *b2 = ib.snd.snd.fst;
   uint8_t *b1 = ib.snd.fst;
@@ -503,7 +503,7 @@ Hacl_SHA2_Vec128_sha224_4(
   uint8_t *bl1 = b1 + input_len - rem1;
   uint8_t *bl2 = b2 + input_len - rem1;
   uint8_t *bl3 = b3 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
   sha224_update_last4(len_, rem, lb, st);
   sha224_finish4(st, rb);
@@ -512,21 +512,21 @@ Hacl_SHA2_Vec128_sha224_4(
 static inline void sha256_init4(Lib_IntVector_Intrinsics_vec128 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = hash;
-    uint32_t hi = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t hi = Hacl_Hash_SHA2_h256[i];
     Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_load32(hi);
     os[i] = x;);
 }
 
 static inline void
-sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash)
+sha256_update4(Hacl_Hash_SHA2_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash)
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 hash_old[8U] KRML_POST_ALIGN(16) = { 0U };
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ws[16U] KRML_POST_ALIGN(16) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec128));
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b10 = b.snd.fst;
@@ -535,18 +535,18 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
   ws[1U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10);
   ws[2U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2);
   ws[3U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3);
-  ws[4U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)16U);
-  ws[5U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)16U);
-  ws[6U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)16U);
-  ws[7U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)16U);
-  ws[8U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)32U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)32U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)32U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)32U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)48U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)48U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)48U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)48U);
+  ws[4U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 16U);
+  ws[5U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 16U);
+  ws[6U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 16U);
+  ws[7U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 16U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 32U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 32U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 32U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 32U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 48U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 48U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 48U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 48U);
   Lib_IntVector_Intrinsics_vec128 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec128 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec128 v20 = ws[2U];
@@ -676,14 +676,14 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec128 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec128 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec128 b0 = hash[1U];
@@ -698,10 +698,10 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       t1 =
         Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(h02,
                 Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(e0,
-                    (uint32_t)6U),
+                    6U),
                   Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(e0,
-                      (uint32_t)11U),
-                    Lib_IntVector_Intrinsics_vec128_rotate_right32(e0, (uint32_t)25U)))),
+                      11U),
+                    Lib_IntVector_Intrinsics_vec128_rotate_right32(e0, 25U)))),
               Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_lognot(e0), g0))),
             k_e_t),
@@ -709,10 +709,10 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       Lib_IntVector_Intrinsics_vec128
       t2 =
         Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(a0,
-              (uint32_t)2U),
+              2U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(a0,
-                (uint32_t)13U),
-              Lib_IntVector_Intrinsics_vec128_rotate_right32(a0, (uint32_t)22U))),
+                13U),
+              Lib_IntVector_Intrinsics_vec128_rotate_right32(a0, 22U))),
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(a0, b0),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(a0, c0),
               Lib_IntVector_Intrinsics_vec128_and(b0, c0))));
@@ -732,30 +732,30 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec128 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec128 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec128 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec128 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec128 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec128 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec128 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec128
         s1 =
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t2,
-              (uint32_t)17U),
+              17U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t2,
-                (uint32_t)19U),
-              Lib_IntVector_Intrinsics_vec128_shift_right32(t2, (uint32_t)10U)));
+                19U),
+              Lib_IntVector_Intrinsics_vec128_shift_right32(t2, 10U)));
         Lib_IntVector_Intrinsics_vec128
         s0 =
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t15,
-              (uint32_t)7U),
+              7U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t15,
-                (uint32_t)18U),
-              Lib_IntVector_Intrinsics_vec128_shift_right32(t15, (uint32_t)3U)));
+                18U),
+              Lib_IntVector_Intrinsics_vec128_shift_right32(t15, 3U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(s1,
                 t7),
@@ -763,9 +763,9 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = hash;
     Lib_IntVector_Intrinsics_vec128
     x = Lib_IntVector_Intrinsics_vec128_add32(hash[i], hash_old[i]);
@@ -775,22 +775,22 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
 static inline void
 sha256_update_nblocks4(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec128 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b3 = b.snd.snd.snd;
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)64U;
-    uint8_t *bl1 = b1 + i * (uint32_t)64U;
-    uint8_t *bl2 = b2 + i * (uint32_t)64U;
-    uint8_t *bl3 = b3 + i * (uint32_t)64U;
-    Hacl_Impl_SHA2_Types_uint8_4p
+    uint8_t *bl0 = b0 + i * 64U;
+    uint8_t *bl1 = b1 + i * 64U;
+    uint8_t *bl2 = b2 + i * 64U;
+    uint8_t *bl3 = b3 + i * 64U;
+    Hacl_Hash_SHA2_uint8_4p
     mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
     sha256_update4(mb, st);
   }
@@ -800,69 +800,69 @@ static inline void
 sha256_update_last4(
   uint64_t totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec128 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[512U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
-  uint8_t *last2 = last + (uint32_t)256U;
-  uint8_t *last3 = last + (uint32_t)384U;
+  uint8_t *last10 = last + 128U;
+  uint8_t *last2 = last + 256U;
+  uint8_t *last3 = last + 384U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)64U;
+  uint8_t *last110 = last00 + 64U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)64U;
+  uint8_t *last111 = last10 + 64U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)64U;
+  uint8_t *last112 = last2 + 64U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last01 = last3;
-  uint8_t *last11 = last3 + (uint32_t)64U;
+  uint8_t *last11 = last3 + 64U;
   uint8_t *l30 = last01;
   uint8_t *l31 = last11;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb0 = { .fst = l00, .snd = { .fst = l10, .snd = { .fst = l20, .snd = l30 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb1 = { .fst = l01, .snd = { .fst = l11, .snd = { .fst = l21, .snd = l31 } } };
-  Hacl_Impl_SHA2_Types_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_4p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_4p last1 = scrut.snd;
   sha256_update4(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha256_update4(last1, hash);
     return;
@@ -870,7 +870,7 @@ sha256_update_last4(
 }
 
 static inline void
-sha256_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4p h)
+sha256_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Hash_SHA2_uint8_4p h)
 {
   uint8_t hbuf[128U] = { 0U };
   Lib_IntVector_Intrinsics_vec128 v00 = st[0U];
@@ -938,18 +938,18 @@ sha256_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4
   st[6U] = st3_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * (uint32_t)16U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * 16U, st[i]););
   uint8_t *b3 = h.snd.snd.snd;
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 32U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 32U, 32U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 64U, 32U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 96U, 32U * sizeof (uint8_t));
 }
 
 void
@@ -965,16 +965,16 @@ Hacl_SHA2_Vec128_sha256_4(
   uint8_t *input3
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } };
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 st[8U] KRML_POST_ALIGN(16) = { 0U };
   sha256_init4(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha256_update_nblocks4(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b3 = ib.snd.snd.snd;
   uint8_t *b2 = ib.snd.snd.fst;
   uint8_t *b1 = ib.snd.fst;
@@ -983,7 +983,7 @@ Hacl_SHA2_Vec128_sha256_4(
   uint8_t *bl1 = b1 + input_len - rem1;
   uint8_t *bl2 = b2 + input_len - rem1;
   uint8_t *bl3 = b3 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
   sha256_update_last4(len_, rem, lb, st);
   sha256_finish4(st, rb);
diff --git a/src/Hacl_SHA2_Vec256.c b/src/Hacl_SHA2_Vec256.c
index b74ce621..c34767f5 100644
--- a/src/Hacl_SHA2_Vec256.c
+++ b/src/Hacl_SHA2_Vec256.c
@@ -33,21 +33,21 @@
 static inline void sha224_init8(Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
-    uint32_t hi = Hacl_Impl_SHA2_Generic_h224[i];
+    uint32_t hi = Hacl_Hash_SHA2_h224[i];
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load32(hi);
     os[i] = x;);
 }
 
 static inline void
-sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash)
+sha224_update8(Hacl_Hash_SHA2_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec256));
   uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = b.snd.snd.snd.snd.snd.fst;
@@ -64,14 +64,14 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
   ws[5U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5);
   ws[6U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6);
   ws[7U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7);
-  ws[8U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00 + (uint32_t)32U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10 + (uint32_t)32U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2 + (uint32_t)32U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec256_load32_be(b3 + (uint32_t)32U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec256_load32_be(b4 + (uint32_t)32U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5 + (uint32_t)32U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6 + (uint32_t)32U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7 + (uint32_t)32U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00 + 32U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10 + 32U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2 + 32U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec256_load32_be(b3 + 32U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec256_load32_be(b4 + 32U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5 + 32U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6 + 32U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7 + 32U);
   Lib_IntVector_Intrinsics_vec256 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec256 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec256 v20 = ws[2U];
@@ -281,14 +281,14 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec256 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec256 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec256 b0 = hash[1U];
@@ -303,10 +303,10 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       t1 =
         Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(h02,
                 Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(e0,
-                    (uint32_t)6U),
+                    6U),
                   Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(e0,
-                      (uint32_t)11U),
-                    Lib_IntVector_Intrinsics_vec256_rotate_right32(e0, (uint32_t)25U)))),
+                      11U),
+                    Lib_IntVector_Intrinsics_vec256_rotate_right32(e0, 25U)))),
               Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_lognot(e0), g0))),
             k_e_t),
@@ -314,10 +314,10 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       Lib_IntVector_Intrinsics_vec256
       t2 =
         Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(a0,
-              (uint32_t)2U),
+              2U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(a0,
-                (uint32_t)13U),
-              Lib_IntVector_Intrinsics_vec256_rotate_right32(a0, (uint32_t)22U))),
+                13U),
+              Lib_IntVector_Intrinsics_vec256_rotate_right32(a0, 22U))),
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, b0),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, c0),
               Lib_IntVector_Intrinsics_vec256_and(b0, c0))));
@@ -337,30 +337,30 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec256 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec256
         s1 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t2,
-              (uint32_t)17U),
+              17U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t2,
-                (uint32_t)19U),
-              Lib_IntVector_Intrinsics_vec256_shift_right32(t2, (uint32_t)10U)));
+                19U),
+              Lib_IntVector_Intrinsics_vec256_shift_right32(t2, 10U)));
         Lib_IntVector_Intrinsics_vec256
         s0 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t15,
-              (uint32_t)7U),
+              7U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t15,
-                (uint32_t)18U),
-              Lib_IntVector_Intrinsics_vec256_shift_right32(t15, (uint32_t)3U)));
+                18U),
+              Lib_IntVector_Intrinsics_vec256_shift_right32(t15, 3U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(s1,
                 t7),
@@ -368,9 +368,9 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
     Lib_IntVector_Intrinsics_vec256
     x = Lib_IntVector_Intrinsics_vec256_add32(hash[i], hash_old[i]);
@@ -380,12 +380,12 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
 static inline void
 sha224_update_nblocks8(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_8p b,
+  Hacl_Hash_SHA2_uint8_8p b,
   Lib_IntVector_Intrinsics_vec256 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
     uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
@@ -395,15 +395,15 @@ sha224_update_nblocks8(
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)64U;
-    uint8_t *bl1 = b1 + i * (uint32_t)64U;
-    uint8_t *bl2 = b2 + i * (uint32_t)64U;
-    uint8_t *bl3 = b3 + i * (uint32_t)64U;
-    uint8_t *bl4 = b4 + i * (uint32_t)64U;
-    uint8_t *bl5 = b5 + i * (uint32_t)64U;
-    uint8_t *bl6 = b6 + i * (uint32_t)64U;
-    uint8_t *bl7 = b7 + i * (uint32_t)64U;
-    Hacl_Impl_SHA2_Types_uint8_8p
+    uint8_t *bl0 = b0 + i * 64U;
+    uint8_t *bl1 = b1 + i * 64U;
+    uint8_t *bl2 = b2 + i * 64U;
+    uint8_t *bl3 = b3 + i * 64U;
+    uint8_t *bl4 = b4 + i * 64U;
+    uint8_t *bl5 = b5 + i * 64U;
+    uint8_t *bl6 = b6 + i * 64U;
+    uint8_t *bl7 = b7 + i * 64U;
+    Hacl_Hash_SHA2_uint8_8p
     mb =
       {
         .fst = bl0,
@@ -426,23 +426,23 @@ static inline void
 sha224_update_last8(
   uint64_t totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_8p b,
+  Hacl_Hash_SHA2_uint8_8p b,
   Lib_IntVector_Intrinsics_vec256 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[1024U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
@@ -453,70 +453,70 @@ sha224_update_last8(
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
-  uint8_t *last2 = last + (uint32_t)256U;
-  uint8_t *last3 = last + (uint32_t)384U;
-  uint8_t *last4 = last + (uint32_t)512U;
-  uint8_t *last5 = last + (uint32_t)640U;
-  uint8_t *last6 = last + (uint32_t)768U;
-  uint8_t *last7 = last + (uint32_t)896U;
+  uint8_t *last10 = last + 128U;
+  uint8_t *last2 = last + 256U;
+  uint8_t *last3 = last + 384U;
+  uint8_t *last4 = last + 512U;
+  uint8_t *last5 = last + 640U;
+  uint8_t *last6 = last + 768U;
+  uint8_t *last7 = last + 896U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)64U;
+  uint8_t *last110 = last00 + 64U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)64U;
+  uint8_t *last111 = last10 + 64U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)64U;
+  uint8_t *last112 = last2 + 64U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last013 = last3;
-  uint8_t *last113 = last3 + (uint32_t)64U;
+  uint8_t *last113 = last3 + 64U;
   uint8_t *l30 = last013;
   uint8_t *l31 = last113;
   memcpy(last4, b4, len * sizeof (uint8_t));
-  last4[len] = (uint8_t)0x80U;
-  memcpy(last4 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last4[len] = 0x80U;
+  memcpy(last4 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last014 = last4;
-  uint8_t *last114 = last4 + (uint32_t)64U;
+  uint8_t *last114 = last4 + 64U;
   uint8_t *l40 = last014;
   uint8_t *l41 = last114;
   memcpy(last5, b5, len * sizeof (uint8_t));
-  last5[len] = (uint8_t)0x80U;
-  memcpy(last5 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last5[len] = 0x80U;
+  memcpy(last5 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last015 = last5;
-  uint8_t *last115 = last5 + (uint32_t)64U;
+  uint8_t *last115 = last5 + 64U;
   uint8_t *l50 = last015;
   uint8_t *l51 = last115;
   memcpy(last6, b6, len * sizeof (uint8_t));
-  last6[len] = (uint8_t)0x80U;
-  memcpy(last6 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last6[len] = 0x80U;
+  memcpy(last6 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last016 = last6;
-  uint8_t *last116 = last6 + (uint32_t)64U;
+  uint8_t *last116 = last6 + 64U;
   uint8_t *l60 = last016;
   uint8_t *l61 = last116;
   memcpy(last7, b7, len * sizeof (uint8_t));
-  last7[len] = (uint8_t)0x80U;
-  memcpy(last7 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last7[len] = 0x80U;
+  memcpy(last7 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last01 = last7;
-  uint8_t *last11 = last7 + (uint32_t)64U;
+  uint8_t *last11 = last7 + 64U;
   uint8_t *l70 = last01;
   uint8_t *l71 = last11;
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   mb0 =
     {
       .fst = l00,
@@ -531,7 +531,7 @@ sha224_update_last8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   mb1 =
     {
       .fst = l01,
@@ -546,11 +546,11 @@ sha224_update_last8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_2x8p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_8p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_8p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x8p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_8p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_8p last1 = scrut.snd;
   sha224_update8(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha224_update8(last1, hash);
     return;
@@ -558,7 +558,7 @@ sha224_update_last8(
 }
 
 static inline void
-sha224_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8p h)
+sha224_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Hash_SHA2_uint8_8p h)
 {
   uint8_t hbuf[256U] = { 0U };
   Lib_IntVector_Intrinsics_vec256 v0 = st[0U];
@@ -662,10 +662,10 @@ sha224_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8
   st[6U] = st6_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * (uint32_t)32U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * 32U, st[i]););
   uint8_t *b7 = h.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = h.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = h.snd.snd.snd.snd.snd.fst;
@@ -674,14 +674,14 @@ sha224_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b4, hbuf + (uint32_t)128U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b5, hbuf + (uint32_t)160U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b6, hbuf + (uint32_t)192U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b7, hbuf + (uint32_t)224U, (uint32_t)28U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 28U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 32U, 28U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 64U, 28U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 96U, 28U * sizeof (uint8_t));
+  memcpy(b4, hbuf + 128U, 28U * sizeof (uint8_t));
+  memcpy(b5, hbuf + 160U, 28U * sizeof (uint8_t));
+  memcpy(b6, hbuf + 192U, 28U * sizeof (uint8_t));
+  memcpy(b7, hbuf + 224U, 28U * sizeof (uint8_t));
 }
 
 void
@@ -705,7 +705,7 @@ Hacl_SHA2_Vec256_sha224_8(
   uint8_t *input7
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   ib =
     {
       .fst = input0,
@@ -723,7 +723,7 @@ Hacl_SHA2_Vec256_sha224_8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   rb =
     {
       .fst = dst0,
@@ -740,10 +740,10 @@ Hacl_SHA2_Vec256_sha224_8(
     };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U };
   sha224_init8(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha224_update_nblocks8(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = ib.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = ib.snd.snd.snd.snd.snd.fst;
@@ -760,7 +760,7 @@ Hacl_SHA2_Vec256_sha224_8(
   uint8_t *bl5 = b5 + input_len - rem1;
   uint8_t *bl6 = b6 + input_len - rem1;
   uint8_t *bl7 = b7 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   lb =
     {
       .fst = bl0,
@@ -782,21 +782,21 @@ Hacl_SHA2_Vec256_sha224_8(
 static inline void sha256_init8(Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
-    uint32_t hi = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t hi = Hacl_Hash_SHA2_h256[i];
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load32(hi);
     os[i] = x;);
 }
 
 static inline void
-sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash)
+sha256_update8(Hacl_Hash_SHA2_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec256));
   uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = b.snd.snd.snd.snd.snd.fst;
@@ -813,14 +813,14 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
   ws[5U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5);
   ws[6U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6);
   ws[7U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7);
-  ws[8U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00 + (uint32_t)32U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10 + (uint32_t)32U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2 + (uint32_t)32U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec256_load32_be(b3 + (uint32_t)32U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec256_load32_be(b4 + (uint32_t)32U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5 + (uint32_t)32U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6 + (uint32_t)32U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7 + (uint32_t)32U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00 + 32U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10 + 32U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2 + 32U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec256_load32_be(b3 + 32U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec256_load32_be(b4 + 32U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5 + 32U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6 + 32U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7 + 32U);
   Lib_IntVector_Intrinsics_vec256 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec256 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec256 v20 = ws[2U];
@@ -1030,14 +1030,14 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec256 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec256 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec256 b0 = hash[1U];
@@ -1052,10 +1052,10 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       t1 =
         Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(h02,
                 Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(e0,
-                    (uint32_t)6U),
+                    6U),
                   Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(e0,
-                      (uint32_t)11U),
-                    Lib_IntVector_Intrinsics_vec256_rotate_right32(e0, (uint32_t)25U)))),
+                      11U),
+                    Lib_IntVector_Intrinsics_vec256_rotate_right32(e0, 25U)))),
               Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_lognot(e0), g0))),
             k_e_t),
@@ -1063,10 +1063,10 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       Lib_IntVector_Intrinsics_vec256
       t2 =
         Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(a0,
-              (uint32_t)2U),
+              2U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(a0,
-                (uint32_t)13U),
-              Lib_IntVector_Intrinsics_vec256_rotate_right32(a0, (uint32_t)22U))),
+                13U),
+              Lib_IntVector_Intrinsics_vec256_rotate_right32(a0, 22U))),
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, b0),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, c0),
               Lib_IntVector_Intrinsics_vec256_and(b0, c0))));
@@ -1086,30 +1086,30 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec256 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec256
         s1 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t2,
-              (uint32_t)17U),
+              17U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t2,
-                (uint32_t)19U),
-              Lib_IntVector_Intrinsics_vec256_shift_right32(t2, (uint32_t)10U)));
+                19U),
+              Lib_IntVector_Intrinsics_vec256_shift_right32(t2, 10U)));
         Lib_IntVector_Intrinsics_vec256
         s0 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t15,
-              (uint32_t)7U),
+              7U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t15,
-                (uint32_t)18U),
-              Lib_IntVector_Intrinsics_vec256_shift_right32(t15, (uint32_t)3U)));
+                18U),
+              Lib_IntVector_Intrinsics_vec256_shift_right32(t15, 3U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(s1,
                 t7),
@@ -1117,9 +1117,9 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
     Lib_IntVector_Intrinsics_vec256
     x = Lib_IntVector_Intrinsics_vec256_add32(hash[i], hash_old[i]);
@@ -1129,12 +1129,12 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
 static inline void
 sha256_update_nblocks8(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_8p b,
+  Hacl_Hash_SHA2_uint8_8p b,
   Lib_IntVector_Intrinsics_vec256 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
     uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
@@ -1144,15 +1144,15 @@ sha256_update_nblocks8(
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)64U;
-    uint8_t *bl1 = b1 + i * (uint32_t)64U;
-    uint8_t *bl2 = b2 + i * (uint32_t)64U;
-    uint8_t *bl3 = b3 + i * (uint32_t)64U;
-    uint8_t *bl4 = b4 + i * (uint32_t)64U;
-    uint8_t *bl5 = b5 + i * (uint32_t)64U;
-    uint8_t *bl6 = b6 + i * (uint32_t)64U;
-    uint8_t *bl7 = b7 + i * (uint32_t)64U;
-    Hacl_Impl_SHA2_Types_uint8_8p
+    uint8_t *bl0 = b0 + i * 64U;
+    uint8_t *bl1 = b1 + i * 64U;
+    uint8_t *bl2 = b2 + i * 64U;
+    uint8_t *bl3 = b3 + i * 64U;
+    uint8_t *bl4 = b4 + i * 64U;
+    uint8_t *bl5 = b5 + i * 64U;
+    uint8_t *bl6 = b6 + i * 64U;
+    uint8_t *bl7 = b7 + i * 64U;
+    Hacl_Hash_SHA2_uint8_8p
     mb =
       {
         .fst = bl0,
@@ -1175,23 +1175,23 @@ static inline void
 sha256_update_last8(
   uint64_t totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_8p b,
+  Hacl_Hash_SHA2_uint8_8p b,
   Lib_IntVector_Intrinsics_vec256 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[1024U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
@@ -1202,70 +1202,70 @@ sha256_update_last8(
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
-  uint8_t *last2 = last + (uint32_t)256U;
-  uint8_t *last3 = last + (uint32_t)384U;
-  uint8_t *last4 = last + (uint32_t)512U;
-  uint8_t *last5 = last + (uint32_t)640U;
-  uint8_t *last6 = last + (uint32_t)768U;
-  uint8_t *last7 = last + (uint32_t)896U;
+  uint8_t *last10 = last + 128U;
+  uint8_t *last2 = last + 256U;
+  uint8_t *last3 = last + 384U;
+  uint8_t *last4 = last + 512U;
+  uint8_t *last5 = last + 640U;
+  uint8_t *last6 = last + 768U;
+  uint8_t *last7 = last + 896U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)64U;
+  uint8_t *last110 = last00 + 64U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)64U;
+  uint8_t *last111 = last10 + 64U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)64U;
+  uint8_t *last112 = last2 + 64U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last013 = last3;
-  uint8_t *last113 = last3 + (uint32_t)64U;
+  uint8_t *last113 = last3 + 64U;
   uint8_t *l30 = last013;
   uint8_t *l31 = last113;
   memcpy(last4, b4, len * sizeof (uint8_t));
-  last4[len] = (uint8_t)0x80U;
-  memcpy(last4 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last4[len] = 0x80U;
+  memcpy(last4 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last014 = last4;
-  uint8_t *last114 = last4 + (uint32_t)64U;
+  uint8_t *last114 = last4 + 64U;
   uint8_t *l40 = last014;
   uint8_t *l41 = last114;
   memcpy(last5, b5, len * sizeof (uint8_t));
-  last5[len] = (uint8_t)0x80U;
-  memcpy(last5 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last5[len] = 0x80U;
+  memcpy(last5 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last015 = last5;
-  uint8_t *last115 = last5 + (uint32_t)64U;
+  uint8_t *last115 = last5 + 64U;
   uint8_t *l50 = last015;
   uint8_t *l51 = last115;
   memcpy(last6, b6, len * sizeof (uint8_t));
-  last6[len] = (uint8_t)0x80U;
-  memcpy(last6 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last6[len] = 0x80U;
+  memcpy(last6 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last016 = last6;
-  uint8_t *last116 = last6 + (uint32_t)64U;
+  uint8_t *last116 = last6 + 64U;
   uint8_t *l60 = last016;
   uint8_t *l61 = last116;
   memcpy(last7, b7, len * sizeof (uint8_t));
-  last7[len] = (uint8_t)0x80U;
-  memcpy(last7 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last7[len] = 0x80U;
+  memcpy(last7 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last01 = last7;
-  uint8_t *last11 = last7 + (uint32_t)64U;
+  uint8_t *last11 = last7 + 64U;
   uint8_t *l70 = last01;
   uint8_t *l71 = last11;
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   mb0 =
     {
       .fst = l00,
@@ -1280,7 +1280,7 @@ sha256_update_last8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   mb1 =
     {
       .fst = l01,
@@ -1295,11 +1295,11 @@ sha256_update_last8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_2x8p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_8p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_8p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x8p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_8p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_8p last1 = scrut.snd;
   sha256_update8(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha256_update8(last1, hash);
     return;
@@ -1307,7 +1307,7 @@ sha256_update_last8(
 }
 
 static inline void
-sha256_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8p h)
+sha256_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Hash_SHA2_uint8_8p h)
 {
   uint8_t hbuf[256U] = { 0U };
   Lib_IntVector_Intrinsics_vec256 v0 = st[0U];
@@ -1411,10 +1411,10 @@ sha256_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8
   st[6U] = st6_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * (uint32_t)32U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * 32U, st[i]););
   uint8_t *b7 = h.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = h.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = h.snd.snd.snd.snd.snd.fst;
@@ -1423,14 +1423,14 @@ sha256_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b4, hbuf + (uint32_t)128U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b5, hbuf + (uint32_t)160U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b6, hbuf + (uint32_t)192U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b7, hbuf + (uint32_t)224U, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 32U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 32U, 32U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 64U, 32U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 96U, 32U * sizeof (uint8_t));
+  memcpy(b4, hbuf + 128U, 32U * sizeof (uint8_t));
+  memcpy(b5, hbuf + 160U, 32U * sizeof (uint8_t));
+  memcpy(b6, hbuf + 192U, 32U * sizeof (uint8_t));
+  memcpy(b7, hbuf + 224U, 32U * sizeof (uint8_t));
 }
 
 void
@@ -1454,7 +1454,7 @@ Hacl_SHA2_Vec256_sha256_8(
   uint8_t *input7
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   ib =
     {
       .fst = input0,
@@ -1472,7 +1472,7 @@ Hacl_SHA2_Vec256_sha256_8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   rb =
     {
       .fst = dst0,
@@ -1489,10 +1489,10 @@ Hacl_SHA2_Vec256_sha256_8(
     };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U };
   sha256_init8(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha256_update_nblocks8(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = ib.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = ib.snd.snd.snd.snd.snd.fst;
@@ -1509,7 +1509,7 @@ Hacl_SHA2_Vec256_sha256_8(
   uint8_t *bl5 = b5 + input_len - rem1;
   uint8_t *bl6 = b6 + input_len - rem1;
   uint8_t *bl7 = b7 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   lb =
     {
       .fst = bl0,
@@ -1531,21 +1531,21 @@ Hacl_SHA2_Vec256_sha256_8(
 static inline void sha384_init4(Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
-    uint64_t hi = Hacl_Impl_SHA2_Generic_h384[i];
+    uint64_t hi = Hacl_Hash_SHA2_h384[i];
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load64(hi);
     os[i] = x;);
 }
 
 static inline void
-sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash)
+sha384_update4(Hacl_Hash_SHA2_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec256));
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b10 = b.snd.fst;
@@ -1554,18 +1554,18 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
   ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10);
   ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2);
   ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3);
-  ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)32U);
-  ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)32U);
-  ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)32U);
-  ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)32U);
-  ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)64U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)64U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)64U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)64U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)96U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)96U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)96U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)96U);
+  ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 32U);
+  ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 32U);
+  ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 32U);
+  ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 32U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 64U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 64U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 64U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 64U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 96U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 96U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 96U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 96U);
   Lib_IntVector_Intrinsics_vec256 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec256 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec256 v20 = ws[2U];
@@ -1679,14 +1679,14 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR5(i0,
-    (uint32_t)0U,
-    (uint32_t)5U,
-    (uint32_t)1U,
+    0U,
+    5U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t k_t = Hacl_Impl_SHA2_Generic_k384_512[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint64_t k_t = Hacl_Hash_SHA2_k384_512[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec256 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec256 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec256 b0 = hash[1U];
@@ -1701,10 +1701,10 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       t1 =
         Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(h02,
                 Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(e0,
-                    (uint32_t)14U),
+                    14U),
                   Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(e0,
-                      (uint32_t)18U),
-                    Lib_IntVector_Intrinsics_vec256_rotate_right64(e0, (uint32_t)41U)))),
+                      18U),
+                    Lib_IntVector_Intrinsics_vec256_rotate_right64(e0, 41U)))),
               Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_lognot(e0), g0))),
             k_e_t),
@@ -1712,10 +1712,10 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       Lib_IntVector_Intrinsics_vec256
       t2 =
         Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(a0,
-              (uint32_t)28U),
+              28U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(a0,
-                (uint32_t)34U),
-              Lib_IntVector_Intrinsics_vec256_rotate_right64(a0, (uint32_t)39U))),
+                34U),
+              Lib_IntVector_Intrinsics_vec256_rotate_right64(a0, 39U))),
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, b0),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, c0),
               Lib_IntVector_Intrinsics_vec256_and(b0, c0))));
@@ -1735,30 +1735,30 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)4U)
+    if (i0 < 4U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec256 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec256
         s1 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t2,
-              (uint32_t)19U),
+              19U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t2,
-                (uint32_t)61U),
-              Lib_IntVector_Intrinsics_vec256_shift_right64(t2, (uint32_t)6U)));
+                61U),
+              Lib_IntVector_Intrinsics_vec256_shift_right64(t2, 6U)));
         Lib_IntVector_Intrinsics_vec256
         s0 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t15,
-              (uint32_t)1U),
+              1U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t15,
-                (uint32_t)8U),
-              Lib_IntVector_Intrinsics_vec256_shift_right64(t15, (uint32_t)7U)));
+                8U),
+              Lib_IntVector_Intrinsics_vec256_shift_right64(t15, 7U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(s1,
                 t7),
@@ -1766,9 +1766,9 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
     Lib_IntVector_Intrinsics_vec256
     x = Lib_IntVector_Intrinsics_vec256_add64(hash[i], hash_old[i]);
@@ -1778,22 +1778,22 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
 static inline void
 sha384_update_nblocks4(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec256 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)128U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 128U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b3 = b.snd.snd.snd;
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)128U;
-    uint8_t *bl1 = b1 + i * (uint32_t)128U;
-    uint8_t *bl2 = b2 + i * (uint32_t)128U;
-    uint8_t *bl3 = b3 + i * (uint32_t)128U;
-    Hacl_Impl_SHA2_Types_uint8_4p
+    uint8_t *bl0 = b0 + i * 128U;
+    uint8_t *bl1 = b1 + i * 128U;
+    uint8_t *bl2 = b2 + i * 128U;
+    uint8_t *bl3 = b3 + i * 128U;
+    Hacl_Hash_SHA2_uint8_4p
     mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
     sha384_update4(mb, st);
   }
@@ -1803,69 +1803,69 @@ static inline void
 sha384_update_last4(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec256 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U)
+  if (len + 16U + 1U <= 128U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)128U;
+  uint32_t fin = blocks * 128U;
   uint8_t last[1024U] = { 0U };
   uint8_t totlen_buf[16U] = { 0U };
-  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U);
+  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, 3U);
   store128_be(totlen_buf, total_len_bits);
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)256U;
-  uint8_t *last2 = last + (uint32_t)512U;
-  uint8_t *last3 = last + (uint32_t)768U;
+  uint8_t *last10 = last + 256U;
+  uint8_t *last2 = last + 512U;
+  uint8_t *last3 = last + 768U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)128U;
+  uint8_t *last110 = last00 + 128U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)128U;
+  uint8_t *last111 = last10 + 128U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)128U;
+  uint8_t *last112 = last2 + 128U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last01 = last3;
-  uint8_t *last11 = last3 + (uint32_t)128U;
+  uint8_t *last11 = last3 + 128U;
   uint8_t *l30 = last01;
   uint8_t *l31 = last11;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb0 = { .fst = l00, .snd = { .fst = l10, .snd = { .fst = l20, .snd = l30 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb1 = { .fst = l01, .snd = { .fst = l11, .snd = { .fst = l21, .snd = l31 } } };
-  Hacl_Impl_SHA2_Types_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_4p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_4p last1 = scrut.snd;
   sha384_update4(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha384_update4(last1, hash);
     return;
@@ -1873,7 +1873,7 @@ sha384_update_last4(
 }
 
 static inline void
-sha384_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4p h)
+sha384_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Hash_SHA2_uint8_4p h)
 {
   uint8_t hbuf[256U] = { 0U };
   Lib_IntVector_Intrinsics_vec256 v00 = st[0U];
@@ -1933,18 +1933,18 @@ sha384_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4
   st[6U] = st3_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * (uint32_t)32U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * 32U, st[i]););
   uint8_t *b3 = h.snd.snd.snd;
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)48U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)64U, (uint32_t)48U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)128U, (uint32_t)48U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)192U, (uint32_t)48U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 48U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 64U, 48U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 128U, 48U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 192U, 48U * sizeof (uint8_t));
 }
 
 void
@@ -1960,16 +1960,16 @@ Hacl_SHA2_Vec256_sha384_4(
   uint8_t *input3
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U };
   sha384_init4(st);
-  uint32_t rem = input_len % (uint32_t)128U;
+  uint32_t rem = input_len % 128U;
   FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len);
   sha384_update_nblocks4(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)128U;
+  uint32_t rem1 = input_len % 128U;
   uint8_t *b3 = ib.snd.snd.snd;
   uint8_t *b2 = ib.snd.snd.fst;
   uint8_t *b1 = ib.snd.fst;
@@ -1978,7 +1978,7 @@ Hacl_SHA2_Vec256_sha384_4(
   uint8_t *bl1 = b1 + input_len - rem1;
   uint8_t *bl2 = b2 + input_len - rem1;
   uint8_t *bl3 = b3 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
   sha384_update_last4(len_, rem, lb, st);
   sha384_finish4(st, rb);
@@ -1987,21 +1987,21 @@ Hacl_SHA2_Vec256_sha384_4(
 static inline void sha512_init4(Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
-    uint64_t hi = Hacl_Impl_SHA2_Generic_h512[i];
+    uint64_t hi = Hacl_Hash_SHA2_h512[i];
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load64(hi);
     os[i] = x;);
 }
 
 static inline void
-sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash)
+sha512_update4(Hacl_Hash_SHA2_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec256));
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b10 = b.snd.fst;
@@ -2010,18 +2010,18 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
   ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10);
   ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2);
   ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3);
-  ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)32U);
-  ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)32U);
-  ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)32U);
-  ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)32U);
-  ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)64U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)64U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)64U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)64U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)96U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)96U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)96U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)96U);
+  ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 32U);
+  ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 32U);
+  ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 32U);
+  ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 32U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 64U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 64U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 64U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 64U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 96U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 96U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 96U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 96U);
   Lib_IntVector_Intrinsics_vec256 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec256 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec256 v20 = ws[2U];
@@ -2135,14 +2135,14 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR5(i0,
-    (uint32_t)0U,
-    (uint32_t)5U,
-    (uint32_t)1U,
+    0U,
+    5U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t k_t = Hacl_Impl_SHA2_Generic_k384_512[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint64_t k_t = Hacl_Hash_SHA2_k384_512[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec256 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec256 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec256 b0 = hash[1U];
@@ -2157,10 +2157,10 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       t1 =
         Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(h02,
                 Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(e0,
-                    (uint32_t)14U),
+                    14U),
                   Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(e0,
-                      (uint32_t)18U),
-                    Lib_IntVector_Intrinsics_vec256_rotate_right64(e0, (uint32_t)41U)))),
+                      18U),
+                    Lib_IntVector_Intrinsics_vec256_rotate_right64(e0, 41U)))),
               Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_lognot(e0), g0))),
             k_e_t),
@@ -2168,10 +2168,10 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       Lib_IntVector_Intrinsics_vec256
       t2 =
         Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(a0,
-              (uint32_t)28U),
+              28U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(a0,
-                (uint32_t)34U),
-              Lib_IntVector_Intrinsics_vec256_rotate_right64(a0, (uint32_t)39U))),
+                34U),
+              Lib_IntVector_Intrinsics_vec256_rotate_right64(a0, 39U))),
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, b0),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, c0),
               Lib_IntVector_Intrinsics_vec256_and(b0, c0))));
@@ -2191,30 +2191,30 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)4U)
+    if (i0 < 4U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec256 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec256
         s1 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t2,
-              (uint32_t)19U),
+              19U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t2,
-                (uint32_t)61U),
-              Lib_IntVector_Intrinsics_vec256_shift_right64(t2, (uint32_t)6U)));
+                61U),
+              Lib_IntVector_Intrinsics_vec256_shift_right64(t2, 6U)));
         Lib_IntVector_Intrinsics_vec256
         s0 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t15,
-              (uint32_t)1U),
+              1U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t15,
-                (uint32_t)8U),
-              Lib_IntVector_Intrinsics_vec256_shift_right64(t15, (uint32_t)7U)));
+                8U),
+              Lib_IntVector_Intrinsics_vec256_shift_right64(t15, 7U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(s1,
                 t7),
@@ -2222,9 +2222,9 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
     Lib_IntVector_Intrinsics_vec256
     x = Lib_IntVector_Intrinsics_vec256_add64(hash[i], hash_old[i]);
@@ -2234,22 +2234,22 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
 static inline void
 sha512_update_nblocks4(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec256 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)128U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 128U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b3 = b.snd.snd.snd;
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)128U;
-    uint8_t *bl1 = b1 + i * (uint32_t)128U;
-    uint8_t *bl2 = b2 + i * (uint32_t)128U;
-    uint8_t *bl3 = b3 + i * (uint32_t)128U;
-    Hacl_Impl_SHA2_Types_uint8_4p
+    uint8_t *bl0 = b0 + i * 128U;
+    uint8_t *bl1 = b1 + i * 128U;
+    uint8_t *bl2 = b2 + i * 128U;
+    uint8_t *bl3 = b3 + i * 128U;
+    Hacl_Hash_SHA2_uint8_4p
     mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
     sha512_update4(mb, st);
   }
@@ -2259,69 +2259,69 @@ static inline void
 sha512_update_last4(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec256 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U)
+  if (len + 16U + 1U <= 128U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)128U;
+  uint32_t fin = blocks * 128U;
   uint8_t last[1024U] = { 0U };
   uint8_t totlen_buf[16U] = { 0U };
-  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U);
+  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, 3U);
   store128_be(totlen_buf, total_len_bits);
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)256U;
-  uint8_t *last2 = last + (uint32_t)512U;
-  uint8_t *last3 = last + (uint32_t)768U;
+  uint8_t *last10 = last + 256U;
+  uint8_t *last2 = last + 512U;
+  uint8_t *last3 = last + 768U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)128U;
+  uint8_t *last110 = last00 + 128U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)128U;
+  uint8_t *last111 = last10 + 128U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)128U;
+  uint8_t *last112 = last2 + 128U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last01 = last3;
-  uint8_t *last11 = last3 + (uint32_t)128U;
+  uint8_t *last11 = last3 + 128U;
   uint8_t *l30 = last01;
   uint8_t *l31 = last11;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb0 = { .fst = l00, .snd = { .fst = l10, .snd = { .fst = l20, .snd = l30 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb1 = { .fst = l01, .snd = { .fst = l11, .snd = { .fst = l21, .snd = l31 } } };
-  Hacl_Impl_SHA2_Types_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_4p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_4p last1 = scrut.snd;
   sha512_update4(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha512_update4(last1, hash);
     return;
@@ -2329,7 +2329,7 @@ sha512_update_last4(
 }
 
 static inline void
-sha512_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4p h)
+sha512_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Hash_SHA2_uint8_4p h)
 {
   uint8_t hbuf[256U] = { 0U };
   Lib_IntVector_Intrinsics_vec256 v00 = st[0U];
@@ -2389,18 +2389,18 @@ sha512_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4
   st[6U] = st3_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * (uint32_t)32U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * 32U, st[i]););
   uint8_t *b3 = h.snd.snd.snd;
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)64U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)64U, (uint32_t)64U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)128U, (uint32_t)64U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)192U, (uint32_t)64U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 64U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 64U, 64U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 128U, 64U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 192U, 64U * sizeof (uint8_t));
 }
 
 void
@@ -2416,16 +2416,16 @@ Hacl_SHA2_Vec256_sha512_4(
   uint8_t *input3
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U };
   sha512_init4(st);
-  uint32_t rem = input_len % (uint32_t)128U;
+  uint32_t rem = input_len % 128U;
   FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len);
   sha512_update_nblocks4(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)128U;
+  uint32_t rem1 = input_len % 128U;
   uint8_t *b3 = ib.snd.snd.snd;
   uint8_t *b2 = ib.snd.snd.fst;
   uint8_t *b1 = ib.snd.fst;
@@ -2434,7 +2434,7 @@ Hacl_SHA2_Vec256_sha512_4(
   uint8_t *bl1 = b1 + input_len - rem1;
   uint8_t *bl2 = b2 + input_len - rem1;
   uint8_t *bl3 = b3 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
   sha512_update_last4(len_, rem, lb, st);
   sha512_finish4(st, rb);
diff --git a/src/Hacl_Salsa20.c b/src/Hacl_Salsa20.c
index 2758f8a4..151df07d 100644
--- a/src/Hacl_Salsa20.c
+++ b/src/Hacl_Salsa20.c
@@ -30,35 +30,35 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t sta = st[b];
   uint32_t stb0 = st[a];
   uint32_t std0 = st[d];
-  uint32_t sta1 = sta ^ ((stb0 + std0) << (uint32_t)7U | (stb0 + std0) >> (uint32_t)25U);
+  uint32_t sta1 = sta ^ ((stb0 + std0) << 7U | (stb0 + std0) >> 25U);
   st[b] = sta1;
   uint32_t sta0 = st[c];
   uint32_t stb1 = st[b];
   uint32_t std1 = st[a];
-  uint32_t sta10 = sta0 ^ ((stb1 + std1) << (uint32_t)9U | (stb1 + std1) >> (uint32_t)23U);
+  uint32_t sta10 = sta0 ^ ((stb1 + std1) << 9U | (stb1 + std1) >> 23U);
   st[c] = sta10;
   uint32_t sta2 = st[d];
   uint32_t stb2 = st[c];
   uint32_t std2 = st[b];
-  uint32_t sta11 = sta2 ^ ((stb2 + std2) << (uint32_t)13U | (stb2 + std2) >> (uint32_t)19U);
+  uint32_t sta11 = sta2 ^ ((stb2 + std2) << 13U | (stb2 + std2) >> 19U);
   st[d] = sta11;
   uint32_t sta3 = st[a];
   uint32_t stb = st[d];
   uint32_t std = st[c];
-  uint32_t sta12 = sta3 ^ ((stb + std) << (uint32_t)18U | (stb + std) >> (uint32_t)14U);
+  uint32_t sta12 = sta3 ^ ((stb + std) << 18U | (stb + std) >> 14U);
   st[a] = sta12;
 }
 
 static inline void double_round(uint32_t *st)
 {
-  quarter_round(st, (uint32_t)0U, (uint32_t)4U, (uint32_t)8U, (uint32_t)12U);
-  quarter_round(st, (uint32_t)5U, (uint32_t)9U, (uint32_t)13U, (uint32_t)1U);
-  quarter_round(st, (uint32_t)10U, (uint32_t)14U, (uint32_t)2U, (uint32_t)6U);
-  quarter_round(st, (uint32_t)15U, (uint32_t)3U, (uint32_t)7U, (uint32_t)11U);
-  quarter_round(st, (uint32_t)0U, (uint32_t)1U, (uint32_t)2U, (uint32_t)3U);
-  quarter_round(st, (uint32_t)5U, (uint32_t)6U, (uint32_t)7U, (uint32_t)4U);
-  quarter_round(st, (uint32_t)10U, (uint32_t)11U, (uint32_t)8U, (uint32_t)9U);
-  quarter_round(st, (uint32_t)15U, (uint32_t)12U, (uint32_t)13U, (uint32_t)14U);
+  quarter_round(st, 0U, 4U, 8U, 12U);
+  quarter_round(st, 5U, 9U, 13U, 1U);
+  quarter_round(st, 10U, 14U, 2U, 6U);
+  quarter_round(st, 15U, 3U, 7U, 11U);
+  quarter_round(st, 0U, 1U, 2U, 3U);
+  quarter_round(st, 5U, 6U, 7U, 4U);
+  quarter_round(st, 10U, 11U, 8U, 9U);
+  quarter_round(st, 15U, 12U, 13U, 14U);
 }
 
 static inline void rounds(uint32_t *st)
@@ -77,14 +77,14 @@ static inline void rounds(uint32_t *st)
 
 static inline void salsa20_core(uint32_t *k, uint32_t *ctx, uint32_t ctr)
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (uint32_t));
+  memcpy(k, ctx, 16U * sizeof (uint32_t));
   uint32_t ctr_u32 = ctr;
   k[8U] = k[8U] + ctr_u32;
   rounds(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = k;
     uint32_t x = k[i] + ctx[i];
     os[i] = x;);
@@ -98,42 +98,38 @@ static inline void salsa20_key_block0(uint8_t *out, uint8_t *key, uint8_t *n)
   uint32_t k32[8U] = { 0U };
   uint32_t n32[2U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = k32;
-    uint8_t *bj = key + i * (uint32_t)4U;
+    uint8_t *bj = key + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
+    0U,
+    2U,
+    1U,
     uint32_t *os = n32;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
-  ctx[0U] = (uint32_t)0x61707865U;
+  ctx[0U] = 0x61707865U;
   uint32_t *k0 = k32;
-  uint32_t *k1 = k32 + (uint32_t)4U;
-  memcpy(ctx + (uint32_t)1U, k0, (uint32_t)4U * sizeof (uint32_t));
-  ctx[5U] = (uint32_t)0x3320646eU;
-  memcpy(ctx + (uint32_t)6U, n32, (uint32_t)2U * sizeof (uint32_t));
-  ctx[8U] = (uint32_t)0U;
-  ctx[9U] = (uint32_t)0U;
-  ctx[10U] = (uint32_t)0x79622d32U;
-  memcpy(ctx + (uint32_t)11U, k1, (uint32_t)4U * sizeof (uint32_t));
-  ctx[15U] = (uint32_t)0x6b206574U;
-  salsa20_core(k, ctx, (uint32_t)0U);
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    store32_le(out + i * (uint32_t)4U, k[i]););
+  uint32_t *k1 = k32 + 4U;
+  memcpy(ctx + 1U, k0, 4U * sizeof (uint32_t));
+  ctx[5U] = 0x3320646eU;
+  memcpy(ctx + 6U, n32, 2U * sizeof (uint32_t));
+  ctx[8U] = 0U;
+  ctx[9U] = 0U;
+  ctx[10U] = 0x79622d32U;
+  memcpy(ctx + 11U, k1, 4U * sizeof (uint32_t));
+  ctx[15U] = 0x6b206574U;
+  salsa20_core(k, ctx, 0U);
+  KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(out + i * 4U, k[i]););
 }
 
 static inline void
@@ -150,101 +146,93 @@ salsa20_encrypt(
   uint32_t k32[8U] = { 0U };
   uint32_t n32[2U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = k32;
-    uint8_t *bj = key + i * (uint32_t)4U;
+    uint8_t *bj = key + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
+    0U,
+    2U,
+    1U,
     uint32_t *os = n32;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
-  ctx[0U] = (uint32_t)0x61707865U;
+  ctx[0U] = 0x61707865U;
   uint32_t *k0 = k32;
-  uint32_t *k10 = k32 + (uint32_t)4U;
-  memcpy(ctx + (uint32_t)1U, k0, (uint32_t)4U * sizeof (uint32_t));
-  ctx[5U] = (uint32_t)0x3320646eU;
-  memcpy(ctx + (uint32_t)6U, n32, (uint32_t)2U * sizeof (uint32_t));
+  uint32_t *k10 = k32 + 4U;
+  memcpy(ctx + 1U, k0, 4U * sizeof (uint32_t));
+  ctx[5U] = 0x3320646eU;
+  memcpy(ctx + 6U, n32, 2U * sizeof (uint32_t));
   ctx[8U] = ctr;
-  ctx[9U] = (uint32_t)0U;
-  ctx[10U] = (uint32_t)0x79622d32U;
-  memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
-  ctx[15U] = (uint32_t)0x6b206574U;
+  ctx[9U] = 0U;
+  ctx[10U] = 0x79622d32U;
+  memcpy(ctx + 11U, k10, 4U * sizeof (uint32_t));
+  ctx[15U] = 0x6b206574U;
   uint32_t k[16U] = { 0U };
-  KRML_HOST_IGNORE(k);
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < nb; i0++)
+  KRML_MAYBE_UNUSED_VAR(k);
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i0 = 0U; i0 < nb; i0++)
   {
-    uint8_t *uu____0 = out + i0 * (uint32_t)64U;
-    uint8_t *uu____1 = text + i0 * (uint32_t)64U;
+    uint8_t *uu____0 = out + i0 * 64U;
+    uint8_t *uu____1 = text + i0 * 64U;
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, i0);
     uint32_t bl[16U] = { 0U };
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
-      uint8_t *bj = uu____1 + i * (uint32_t)4U;
+      uint8_t *bj = uu____1 + i * 4U;
       uint32_t u = load32_le(bj);
       uint32_t r = u;
       uint32_t x = r;
       os[i] = x;);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
       uint32_t x = bl[i] ^ k1[i];
       os[i] = x;);
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      store32_le(uu____0 + i * (uint32_t)4U, bl[i]););
+    KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(uu____0 + i * 4U, bl[i]););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)64U;
+    uint8_t *uu____2 = out + nb * 64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * 64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
-      uint8_t *bj = plain + i * (uint32_t)4U;
+      uint8_t *bj = plain + i * 4U;
       uint32_t u = load32_le(bj);
       uint32_t r = u;
       uint32_t x = r;
       os[i] = x;);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
       uint32_t x = bl[i] ^ k1[i];
       os[i] = x;);
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      store32_le(plain + i * (uint32_t)4U, bl[i]););
+    KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(plain + i * 4U, bl[i]););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -263,101 +251,93 @@ salsa20_decrypt(
   uint32_t k32[8U] = { 0U };
   uint32_t n32[2U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = k32;
-    uint8_t *bj = key + i * (uint32_t)4U;
+    uint8_t *bj = key + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
+    0U,
+    2U,
+    1U,
     uint32_t *os = n32;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
-  ctx[0U] = (uint32_t)0x61707865U;
+  ctx[0U] = 0x61707865U;
   uint32_t *k0 = k32;
-  uint32_t *k10 = k32 + (uint32_t)4U;
-  memcpy(ctx + (uint32_t)1U, k0, (uint32_t)4U * sizeof (uint32_t));
-  ctx[5U] = (uint32_t)0x3320646eU;
-  memcpy(ctx + (uint32_t)6U, n32, (uint32_t)2U * sizeof (uint32_t));
+  uint32_t *k10 = k32 + 4U;
+  memcpy(ctx + 1U, k0, 4U * sizeof (uint32_t));
+  ctx[5U] = 0x3320646eU;
+  memcpy(ctx + 6U, n32, 2U * sizeof (uint32_t));
   ctx[8U] = ctr;
-  ctx[9U] = (uint32_t)0U;
-  ctx[10U] = (uint32_t)0x79622d32U;
-  memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
-  ctx[15U] = (uint32_t)0x6b206574U;
+  ctx[9U] = 0U;
+  ctx[10U] = 0x79622d32U;
+  memcpy(ctx + 11U, k10, 4U * sizeof (uint32_t));
+  ctx[15U] = 0x6b206574U;
   uint32_t k[16U] = { 0U };
-  KRML_HOST_IGNORE(k);
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < nb; i0++)
+  KRML_MAYBE_UNUSED_VAR(k);
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i0 = 0U; i0 < nb; i0++)
   {
-    uint8_t *uu____0 = out + i0 * (uint32_t)64U;
-    uint8_t *uu____1 = cipher + i0 * (uint32_t)64U;
+    uint8_t *uu____0 = out + i0 * 64U;
+    uint8_t *uu____1 = cipher + i0 * 64U;
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, i0);
     uint32_t bl[16U] = { 0U };
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
-      uint8_t *bj = uu____1 + i * (uint32_t)4U;
+      uint8_t *bj = uu____1 + i * 4U;
       uint32_t u = load32_le(bj);
       uint32_t r = u;
       uint32_t x = r;
       os[i] = x;);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
       uint32_t x = bl[i] ^ k1[i];
       os[i] = x;);
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      store32_le(uu____0 + i * (uint32_t)4U, bl[i]););
+    KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(uu____0 + i * 4U, bl[i]););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)64U;
+    uint8_t *uu____2 = out + nb * 64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * 64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
-      uint8_t *bj = plain + i * (uint32_t)4U;
+      uint8_t *bj = plain + i * 4U;
       uint32_t u = load32_le(bj);
       uint32_t r = u;
       uint32_t x = r;
       os[i] = x;);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
       uint32_t x = bl[i] ^ k1[i];
       os[i] = x;);
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      store32_le(plain + i * (uint32_t)4U, bl[i]););
+    KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(plain + i * 4U, bl[i]););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -368,34 +348,34 @@ static inline void hsalsa20(uint8_t *out, uint8_t *key, uint8_t *n)
   uint32_t k32[8U] = { 0U };
   uint32_t n32[4U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = k32;
-    uint8_t *bj = key + i * (uint32_t)4U;
+    uint8_t *bj = key + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = n32;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   uint32_t *k0 = k32;
-  uint32_t *k1 = k32 + (uint32_t)4U;
-  ctx[0U] = (uint32_t)0x61707865U;
-  memcpy(ctx + (uint32_t)1U, k0, (uint32_t)4U * sizeof (uint32_t));
-  ctx[5U] = (uint32_t)0x3320646eU;
-  memcpy(ctx + (uint32_t)6U, n32, (uint32_t)4U * sizeof (uint32_t));
-  ctx[10U] = (uint32_t)0x79622d32U;
-  memcpy(ctx + (uint32_t)11U, k1, (uint32_t)4U * sizeof (uint32_t));
-  ctx[15U] = (uint32_t)0x6b206574U;
+  uint32_t *k1 = k32 + 4U;
+  ctx[0U] = 0x61707865U;
+  memcpy(ctx + 1U, k0, 4U * sizeof (uint32_t));
+  ctx[5U] = 0x3320646eU;
+  memcpy(ctx + 6U, n32, 4U * sizeof (uint32_t));
+  ctx[10U] = 0x79622d32U;
+  memcpy(ctx + 11U, k1, 4U * sizeof (uint32_t));
+  ctx[15U] = 0x6b206574U;
   rounds(ctx);
   uint32_t r0 = ctx[0U];
   uint32_t r1 = ctx[5U];
@@ -406,11 +386,7 @@ static inline void hsalsa20(uint8_t *out, uint8_t *key, uint8_t *n)
   uint32_t r6 = ctx[8U];
   uint32_t r7 = ctx[9U];
   uint32_t res[8U] = { r0, r1, r2, r3, r4, r5, r6, r7 };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_le(out + i * (uint32_t)4U, res[i]););
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_le(out + i * 4U, res[i]););
 }
 
 void
diff --git a/src/Hacl_Streaming_Blake2.c b/src/Hacl_Streaming_Blake2.c
deleted file mode 100644
index 948d56c2..00000000
--- a/src/Hacl_Streaming_Blake2.c
+++ /dev/null
@@ -1,655 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Blake2.h"
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2_blake2s_32_state *Hacl_Streaming_Blake2_blake2s_32_no_key_create_in(void)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *wv = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
-  uint32_t *b = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state = { .fst = wv, .snd = b };
-  Hacl_Streaming_Blake2_blake2s_32_state
-  s1 = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Blake2_blake2s_32_state
-  *p =
-    (Hacl_Streaming_Blake2_blake2s_32_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Blake2_blake2s_32_state
-      ));
-  p[0U] = s1;
-  Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
-  return p;
-}
-
-/**
-  (Re-)initialization function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_32_state *s1)
-{
-  Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
-  Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
-  Hacl_Streaming_Blake2_blake2s_32_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s1[0U] = tmp;
-}
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2_blake2s_32_no_key_update(
-  Hacl_Streaming_Blake2_blake2s_32_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Blake2_blake2s_32_state s1 = *p;
-  uint64_t total_len = s1.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)64U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  if (len <= (uint32_t)64U - sz)
-  {
-    Hacl_Streaming_Blake2_blake2s_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2s_32_block_state block_state1 = s2.block_state;
-    uint8_t *buf = s2.buf;
-    uint64_t total_len1 = s2.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2s_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Blake2_blake2s_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2s_32_block_state block_state1 = s2.block_state;
-    uint8_t *buf = s2.buf;
-    uint64_t total_len1 = s2.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      uint32_t *wv = block_state1.fst;
-      uint32_t *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, hash, prevlen, buf, nb);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    uint32_t *wv = block_state1.fst;
-    uint32_t *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)64U;
-    Hacl_Blake2s_32_blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2s_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Blake2_blake2s_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2s_32_block_state block_state10 = s2.block_state;
-    uint8_t *buf0 = s2.buf;
-    uint64_t total_len10 = s2.total_len;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)64U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2s_32_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2
-        }
-      );
-    Hacl_Streaming_Blake2_blake2s_32_state s20 = *p;
-    Hacl_Streaming_Blake2_blake2s_32_block_state block_state1 = s20.block_state;
-    uint8_t *buf = s20.buf;
-    uint64_t total_len1 = s20.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      uint32_t *wv = block_state1.fst;
-      uint32_t *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, hash, prevlen, buf, nb);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    uint32_t *wv = block_state1.fst;
-    uint32_t *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)64U;
-    Hacl_Blake2s_32_blake2s_update_multi(data1_len, wv, hash, total_len1, data11, nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2s_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2_blake2s_32_no_key_finish(
-  Hacl_Streaming_Blake2_blake2s_32_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Blake2_blake2s_32_state scrut = *p;
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)64U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  uint8_t *buf_1 = buf_;
-  uint32_t wv0[16U] = { 0U };
-  uint32_t b[16U] = { 0U };
-  Hacl_Streaming_Blake2_blake2s_32_block_state tmp_block_state = { .fst = wv0, .snd = b };
-  uint32_t *src_b = block_state.snd;
-  uint32_t *dst_b = tmp_block_state.snd;
-  memcpy(dst_b, src_b, (uint32_t)16U * sizeof (uint32_t));
-  uint64_t prev_len = total_len - (uint64_t)r;
-  uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)64U;
-  }
-  else
-  {
-    ite = r % (uint32_t)64U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  uint32_t *wv1 = tmp_block_state.fst;
-  uint32_t *hash0 = tmp_block_state.snd;
-  uint32_t nb = (uint32_t)0U;
-  Hacl_Blake2s_32_blake2s_update_multi((uint32_t)0U, wv1, hash0, prev_len, buf_multi, nb);
-  uint64_t prev_len_last = total_len - (uint64_t)r;
-  uint32_t *wv = tmp_block_state.fst;
-  uint32_t *hash = tmp_block_state.snd;
-  Hacl_Blake2s_32_blake2s_update_last(r, wv, hash, prev_len_last, r, buf_last);
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst, tmp_block_state.snd);
-}
-
-/**
-  Free state function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2s_32_no_key_free(Hacl_Streaming_Blake2_blake2s_32_state *s1)
-{
-  Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
-  uint32_t *wv = block_state.fst;
-  uint32_t *b = block_state.snd;
-  KRML_HOST_FREE(wv);
-  KRML_HOST_FREE(b);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s1);
-}
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2_blake2b_32_state *Hacl_Streaming_Blake2_blake2b_32_no_key_create_in(void)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  uint64_t *wv = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
-  uint64_t *b = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state = { .fst = wv, .snd = b };
-  Hacl_Streaming_Blake2_blake2b_32_state
-  s1 = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Blake2_blake2b_32_state
-  *p =
-    (Hacl_Streaming_Blake2_blake2b_32_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Blake2_blake2b_32_state
-      ));
-  p[0U] = s1;
-  Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
-  return p;
-}
-
-/**
-  (Re)-initialization function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_32_state *s1)
-{
-  Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
-  Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
-  Hacl_Streaming_Blake2_blake2b_32_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s1[0U] = tmp;
-}
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2_blake2b_32_no_key_update(
-  Hacl_Streaming_Blake2_blake2b_32_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Blake2_blake2b_32_state s1 = *p;
-  uint64_t total_len = s1.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)128U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
-  }
-  if (len <= (uint32_t)128U - sz)
-  {
-    Hacl_Streaming_Blake2_blake2b_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2b_32_block_state block_state1 = s2.block_state;
-    uint8_t *buf = s2.buf;
-    uint64_t total_len1 = s2.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2b_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Blake2_blake2b_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2b_32_block_state block_state1 = s2.block_state;
-    uint8_t *buf = s2.buf;
-    uint64_t total_len1 = s2.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      uint64_t *wv = block_state1.fst;
-      uint64_t *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-        wv,
-        hash,
-        FStar_UInt128_uint64_to_uint128(prevlen),
-        buf,
-        nb);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)128U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)128U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)128U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    uint64_t *wv = block_state1.fst;
-    uint64_t *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)128U;
-    Hacl_Blake2b_32_blake2b_update_multi(data1_len,
-      wv,
-      hash,
-      FStar_UInt128_uint64_to_uint128(total_len1),
-      data1,
-      nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2b_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)128U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Blake2_blake2b_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2b_32_block_state block_state10 = s2.block_state;
-    uint8_t *buf0 = s2.buf;
-    uint64_t total_len10 = s2.total_len;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)128U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)128U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2b_32_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2
-        }
-      );
-    Hacl_Streaming_Blake2_blake2b_32_state s20 = *p;
-    Hacl_Streaming_Blake2_blake2b_32_block_state block_state1 = s20.block_state;
-    uint8_t *buf = s20.buf;
-    uint64_t total_len1 = s20.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      uint64_t *wv = block_state1.fst;
-      uint64_t *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-        wv,
-        hash,
-        FStar_UInt128_uint64_to_uint128(prevlen),
-        buf,
-        nb);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)128U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)128U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)128U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    uint64_t *wv = block_state1.fst;
-    uint64_t *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)128U;
-    Hacl_Blake2b_32_blake2b_update_multi(data1_len,
-      wv,
-      hash,
-      FStar_UInt128_uint64_to_uint128(total_len1),
-      data11,
-      nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2b_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2_blake2b_32_no_key_finish(
-  Hacl_Streaming_Blake2_blake2b_32_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Blake2_blake2b_32_state scrut = *p;
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)128U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
-  }
-  uint8_t *buf_1 = buf_;
-  uint64_t wv0[16U] = { 0U };
-  uint64_t b[16U] = { 0U };
-  Hacl_Streaming_Blake2_blake2b_32_block_state tmp_block_state = { .fst = wv0, .snd = b };
-  uint64_t *src_b = block_state.snd;
-  uint64_t *dst_b = tmp_block_state.snd;
-  memcpy(dst_b, src_b, (uint32_t)16U * sizeof (uint64_t));
-  uint64_t prev_len = total_len - (uint64_t)r;
-  uint32_t ite;
-  if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)128U;
-  }
-  else
-  {
-    ite = r % (uint32_t)128U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  uint64_t *wv1 = tmp_block_state.fst;
-  uint64_t *hash0 = tmp_block_state.snd;
-  uint32_t nb = (uint32_t)0U;
-  Hacl_Blake2b_32_blake2b_update_multi((uint32_t)0U,
-    wv1,
-    hash0,
-    FStar_UInt128_uint64_to_uint128(prev_len),
-    buf_multi,
-    nb);
-  uint64_t prev_len_last = total_len - (uint64_t)r;
-  uint64_t *wv = tmp_block_state.fst;
-  uint64_t *hash = tmp_block_state.snd;
-  Hacl_Blake2b_32_blake2b_update_last(r,
-    wv,
-    hash,
-    FStar_UInt128_uint64_to_uint128(prev_len_last),
-    r,
-    buf_last);
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst, tmp_block_state.snd);
-}
-
-/**
-  Free state function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2b_32_no_key_free(Hacl_Streaming_Blake2_blake2b_32_state *s1)
-{
-  Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
-  uint64_t *wv = block_state.fst;
-  uint64_t *b = block_state.snd;
-  KRML_HOST_FREE(wv);
-  KRML_HOST_FREE(b);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s1);
-}
-
diff --git a/src/Hacl_Streaming_Blake2b_256.c b/src/Hacl_Streaming_Blake2b_256.c
deleted file mode 100644
index bdb5433f..00000000
--- a/src/Hacl_Streaming_Blake2b_256.c
+++ /dev/null
@@ -1,371 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Blake2b_256.h"
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2b_256_blake2b_256_state
-*Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in(void)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  Lib_IntVector_Intrinsics_vec256
-  *wv =
-    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
-      sizeof (Lib_IntVector_Intrinsics_vec256) * (uint32_t)4U);
-  memset(wv, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Lib_IntVector_Intrinsics_vec256
-  *b =
-    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
-      sizeof (Lib_IntVector_Intrinsics_vec256) * (uint32_t)4U);
-  memset(b, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = { .fst = wv, .snd = b };
-  Hacl_Streaming_Blake2b_256_blake2b_256_state
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Blake2b_256_blake2b_256_state
-  *p =
-    (Hacl_Streaming_Blake2b_256_blake2b_256_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Blake2b_256_blake2b_256_state
-      ));
-  p[0U] = s;
-  Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
-  return p;
-}
-
-/**
-  (Re-)initialization function when there is no key
-*/
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *s
-)
-{
-  Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
-  Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
-  Hacl_Streaming_Blake2b_256_blake2b_256_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
-}
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Blake2b_256_blake2b_256_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)128U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
-  }
-  if (len <= (uint32_t)128U - sz)
-  {
-    Hacl_Streaming_Blake2b_256_blake2b_256_state s1 = *p;
-    Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2b_256_blake2b_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Blake2b_256_blake2b_256_state s1 = *p;
-    Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
-      Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2b_256_blake2b_update_multi((uint32_t)128U,
-        wv,
-        hash,
-        FStar_UInt128_uint64_to_uint128(prevlen),
-        buf,
-        nb);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)128U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)128U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)128U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
-    Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)128U;
-    Hacl_Blake2b_256_blake2b_update_multi(data1_len,
-      wv,
-      hash,
-      FStar_UInt128_uint64_to_uint128(total_len1),
-      data1,
-      nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2b_256_blake2b_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)128U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Blake2b_256_blake2b_256_state s1 = *p;
-    Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)128U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)128U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2b_256_blake2b_256_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2
-        }
-      );
-    Hacl_Streaming_Blake2b_256_blake2b_256_state s10 = *p;
-    Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
-      Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2b_256_blake2b_update_multi((uint32_t)128U,
-        wv,
-        hash,
-        FStar_UInt128_uint64_to_uint128(prevlen),
-        buf,
-        nb);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)128U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)128U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)128U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
-    Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)128U;
-    Hacl_Blake2b_256_blake2b_update_multi(data1_len,
-      wv,
-      hash,
-      FStar_UInt128_uint64_to_uint128(total_len1),
-      data11,
-      nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2b_256_blake2b_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *p;
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)128U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
-  }
-  uint8_t *buf_1 = buf_;
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv0[4U] KRML_POST_ALIGN(32) = { 0U };
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state tmp_block_state = { .fst = wv0, .snd = b };
-  Lib_IntVector_Intrinsics_vec256 *src_b = block_state.snd;
-  Lib_IntVector_Intrinsics_vec256 *dst_b = tmp_block_state.snd;
-  memcpy(dst_b, src_b, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  uint64_t prev_len = total_len - (uint64_t)r;
-  uint32_t ite;
-  if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)128U;
-  }
-  else
-  {
-    ite = r % (uint32_t)128U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  Lib_IntVector_Intrinsics_vec256 *wv1 = tmp_block_state.fst;
-  Lib_IntVector_Intrinsics_vec256 *hash0 = tmp_block_state.snd;
-  uint32_t nb = (uint32_t)0U;
-  Hacl_Blake2b_256_blake2b_update_multi((uint32_t)0U,
-    wv1,
-    hash0,
-    FStar_UInt128_uint64_to_uint128(prev_len),
-    buf_multi,
-    nb);
-  uint64_t prev_len_last = total_len - (uint64_t)r;
-  Lib_IntVector_Intrinsics_vec256 *wv = tmp_block_state.fst;
-  Lib_IntVector_Intrinsics_vec256 *hash = tmp_block_state.snd;
-  Hacl_Blake2b_256_blake2b_update_last(r,
-    wv,
-    hash,
-    FStar_UInt128_uint64_to_uint128(prev_len_last),
-    r,
-    buf_last);
-  Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, tmp_block_state.snd);
-}
-
-/**
-  Free state function when there is no key
-*/
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *s
-)
-{
-  Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
-  Lib_IntVector_Intrinsics_vec256 *wv = block_state.fst;
-  Lib_IntVector_Intrinsics_vec256 *b = block_state.snd;
-  KRML_ALIGNED_FREE(wv);
-  KRML_ALIGNED_FREE(b);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/Hacl_Streaming_Blake2s_128.c b/src/Hacl_Streaming_Blake2s_128.c
deleted file mode 100644
index f97bf5d0..00000000
--- a/src/Hacl_Streaming_Blake2s_128.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Blake2s_128.h"
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2s_128_blake2s_128_state
-*Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in(void)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  Lib_IntVector_Intrinsics_vec128
-  *wv =
-    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
-      sizeof (Lib_IntVector_Intrinsics_vec128) * (uint32_t)4U);
-  memset(wv, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Lib_IntVector_Intrinsics_vec128
-  *b =
-    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
-      sizeof (Lib_IntVector_Intrinsics_vec128) * (uint32_t)4U);
-  memset(b, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = { .fst = wv, .snd = b };
-  Hacl_Streaming_Blake2s_128_blake2s_128_state
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Blake2s_128_blake2s_128_state
-  *p =
-    (Hacl_Streaming_Blake2s_128_blake2s_128_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Blake2s_128_blake2s_128_state
-      ));
-  p[0U] = s;
-  Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
-  return p;
-}
-
-/**
-  (Re-)initialization function when there is no key
-*/
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *s
-)
-{
-  Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
-  Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
-  Hacl_Streaming_Blake2s_128_blake2s_128_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
-}
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Blake2s_128_blake2s_128_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)64U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  if (len <= (uint32_t)64U - sz)
-  {
-    Hacl_Streaming_Blake2s_128_blake2s_128_state s1 = *p;
-    Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2s_128_blake2s_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Blake2s_128_blake2s_128_state s1 = *p;
-    Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
-      Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2s_128_blake2s_update_multi((uint32_t)64U, wv, hash, prevlen, buf, nb);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
-    Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)64U;
-    Hacl_Blake2s_128_blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2s_128_blake2s_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Blake2s_128_blake2s_128_state s1 = *p;
-    Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)64U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2s_128_blake2s_128_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2
-        }
-      );
-    Hacl_Streaming_Blake2s_128_blake2s_128_state s10 = *p;
-    Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
-      Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2s_128_blake2s_update_multi((uint32_t)64U, wv, hash, prevlen, buf, nb);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
-    Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)64U;
-    Hacl_Blake2s_128_blake2s_update_multi(data1_len, wv, hash, total_len1, data11, nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2s_128_blake2s_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *p;
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)64U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  uint8_t *buf_1 = buf_;
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv0[4U] KRML_POST_ALIGN(16) = { 0U };
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state tmp_block_state = { .fst = wv0, .snd = b };
-  Lib_IntVector_Intrinsics_vec128 *src_b = block_state.snd;
-  Lib_IntVector_Intrinsics_vec128 *dst_b = tmp_block_state.snd;
-  memcpy(dst_b, src_b, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  uint64_t prev_len = total_len - (uint64_t)r;
-  uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)64U;
-  }
-  else
-  {
-    ite = r % (uint32_t)64U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  Lib_IntVector_Intrinsics_vec128 *wv1 = tmp_block_state.fst;
-  Lib_IntVector_Intrinsics_vec128 *hash0 = tmp_block_state.snd;
-  uint32_t nb = (uint32_t)0U;
-  Hacl_Blake2s_128_blake2s_update_multi((uint32_t)0U, wv1, hash0, prev_len, buf_multi, nb);
-  uint64_t prev_len_last = total_len - (uint64_t)r;
-  Lib_IntVector_Intrinsics_vec128 *wv = tmp_block_state.fst;
-  Lib_IntVector_Intrinsics_vec128 *hash = tmp_block_state.snd;
-  Hacl_Blake2s_128_blake2s_update_last(r, wv, hash, prev_len_last, r, buf_last);
-  Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, tmp_block_state.snd);
-}
-
-/**
-  Free state function when there is no key
-*/
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *s
-)
-{
-  Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
-  Lib_IntVector_Intrinsics_vec128 *wv = block_state.fst;
-  Lib_IntVector_Intrinsics_vec128 *b = block_state.snd;
-  KRML_ALIGNED_FREE(wv);
-  KRML_ALIGNED_FREE(b);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/Hacl_Streaming_Poly1305_128.c b/src/Hacl_Streaming_Poly1305_128.c
deleted file mode 100644
index c3f7c19a..00000000
--- a/src/Hacl_Streaming_Poly1305_128.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Poly1305_128.h"
-
-Hacl_Streaming_Poly1305_128_poly1305_128_state
-*Hacl_Streaming_Poly1305_128_create_in(uint8_t *k)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-  Lib_IntVector_Intrinsics_vec128
-  *r1 =
-    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
-      sizeof (Lib_IntVector_Intrinsics_vec128) * (uint32_t)25U);
-  memset(r1, 0U, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Lib_IntVector_Intrinsics_vec128 *block_state = r1;
-  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_0 = k_;
-  Hacl_Streaming_Poly1305_128_poly1305_128_state
-  s =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_0 };
-  Hacl_Streaming_Poly1305_128_poly1305_128_state
-  *p =
-    (Hacl_Streaming_Poly1305_128_poly1305_128_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Poly1305_128_poly1305_128_state
-      ));
-  p[0U] = s;
-  Hacl_Poly1305_128_poly1305_init(block_state, k);
-  return p;
-}
-
-void
-Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly1305_128_state *s)
-{
-  Hacl_Streaming_Poly1305_128_poly1305_128_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
-  Hacl_Poly1305_128_poly1305_init(block_state, k);
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_1 = k_;
-  Hacl_Streaming_Poly1305_128_poly1305_128_state
-  tmp =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_1 };
-  s[0U] = tmp;
-}
-
-/**
-0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_128_update(
-  Hacl_Streaming_Poly1305_128_poly1305_128_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Poly1305_128_poly1305_128_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)32U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)32U);
-  }
-  if (len <= (uint32_t)32U - sz)
-  {
-    Hacl_Streaming_Poly1305_128_poly1305_128_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec128 *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)32U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)32U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_128_poly1305_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Poly1305_128_poly1305_128_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec128 *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)32U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)32U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_128_poly1305_update(block_state1, (uint32_t)32U, buf);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)32U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)32U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)32U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)32U;
-    uint32_t data1_len = n_blocks * (uint32_t)32U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Poly1305_128_poly1305_update(block_state1, data1_len, data1);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_128_poly1305_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len,
-          .p_key = k_1
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)32U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Poly1305_128_poly1305_128_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec128 *block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)32U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)32U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_128_poly1305_128_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-    Hacl_Streaming_Poly1305_128_poly1305_128_state s10 = *p;
-    Lib_IntVector_Intrinsics_vec128 *block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint8_t *k_10 = s10.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)32U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)32U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_128_poly1305_update(block_state1, (uint32_t)32U, buf);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)32U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)32U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)32U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)32U;
-    uint32_t data1_len = n_blocks * (uint32_t)32U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Poly1305_128_poly1305_update(block_state1, data1_len, data11);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_128_poly1305_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff),
-          .p_key = k_10
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-void
-Hacl_Streaming_Poly1305_128_finish(
-  Hacl_Streaming_Poly1305_128_poly1305_128_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Poly1305_128_poly1305_128_state scrut = *p;
-  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint8_t *k_ = scrut.p_key;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)32U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)32U);
-  }
-  uint8_t *buf_1 = buf_;
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 r1[25U] KRML_POST_ALIGN(16) = { 0U };
-  Lib_IntVector_Intrinsics_vec128 *tmp_block_state = r1;
-  memcpy(tmp_block_state, block_state, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  uint32_t ite0;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite0 = (uint32_t)16U;
-  }
-  else
-  {
-    ite0 = r % (uint32_t)16U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite0;
-  uint8_t *buf_multi = buf_1;
-  uint32_t ite;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)16U;
-  }
-  else
-  {
-    ite = r % (uint32_t)16U;
-  }
-  Hacl_Poly1305_128_poly1305_update(tmp_block_state, r - ite, buf_multi);
-  uint32_t ite1;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite1 = (uint32_t)16U;
-  }
-  else
-  {
-    ite1 = r % (uint32_t)16U;
-  }
-  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
-  uint32_t ite2;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite2 = (uint32_t)16U;
-  }
-  else
-  {
-    ite2 = r % (uint32_t)16U;
-  }
-  Hacl_Poly1305_128_poly1305_update(tmp_block_state, ite2, buf_last);
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 tmp[25U] KRML_POST_ALIGN(16) = { 0U };
-  memcpy(tmp, tmp_block_state, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Hacl_Poly1305_128_poly1305_finish(dst, k_, tmp);
-}
-
-void Hacl_Streaming_Poly1305_128_free(Hacl_Streaming_Poly1305_128_poly1305_128_state *s)
-{
-  Hacl_Streaming_Poly1305_128_poly1305_128_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
-  KRML_HOST_FREE(k_);
-  KRML_ALIGNED_FREE(block_state);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/Hacl_Streaming_Poly1305_256.c b/src/Hacl_Streaming_Poly1305_256.c
deleted file mode 100644
index e56275a4..00000000
--- a/src/Hacl_Streaming_Poly1305_256.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Poly1305_256.h"
-
-Hacl_Streaming_Poly1305_256_poly1305_256_state
-*Hacl_Streaming_Poly1305_256_create_in(uint8_t *k)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  Lib_IntVector_Intrinsics_vec256
-  *r1 =
-    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
-      sizeof (Lib_IntVector_Intrinsics_vec256) * (uint32_t)25U);
-  memset(r1, 0U, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Lib_IntVector_Intrinsics_vec256 *block_state = r1;
-  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_0 = k_;
-  Hacl_Streaming_Poly1305_256_poly1305_256_state
-  s =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_0 };
-  Hacl_Streaming_Poly1305_256_poly1305_256_state
-  *p =
-    (Hacl_Streaming_Poly1305_256_poly1305_256_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Poly1305_256_poly1305_256_state
-      ));
-  p[0U] = s;
-  Hacl_Poly1305_256_poly1305_init(block_state, k);
-  return p;
-}
-
-void
-Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly1305_256_state *s)
-{
-  Hacl_Streaming_Poly1305_256_poly1305_256_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
-  Hacl_Poly1305_256_poly1305_init(block_state, k);
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_1 = k_;
-  Hacl_Streaming_Poly1305_256_poly1305_256_state
-  tmp =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_1 };
-  s[0U] = tmp;
-}
-
-/**
-0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_256_update(
-  Hacl_Streaming_Poly1305_256_poly1305_256_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Poly1305_256_poly1305_256_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)64U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  if (len <= (uint32_t)64U - sz)
-  {
-    Hacl_Streaming_Poly1305_256_poly1305_256_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec256 *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_256_poly1305_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Poly1305_256_poly1305_256_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec256 *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_256_poly1305_update(block_state1, (uint32_t)64U, buf);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Poly1305_256_poly1305_update(block_state1, data1_len, data1);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_256_poly1305_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len,
-          .p_key = k_1
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Poly1305_256_poly1305_256_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec256 *block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)64U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_256_poly1305_256_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-    Hacl_Streaming_Poly1305_256_poly1305_256_state s10 = *p;
-    Lib_IntVector_Intrinsics_vec256 *block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint8_t *k_10 = s10.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_256_poly1305_update(block_state1, (uint32_t)64U, buf);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Poly1305_256_poly1305_update(block_state1, data1_len, data11);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_256_poly1305_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff),
-          .p_key = k_10
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-void
-Hacl_Streaming_Poly1305_256_finish(
-  Hacl_Streaming_Poly1305_256_poly1305_256_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Poly1305_256_poly1305_256_state scrut = *p;
-  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint8_t *k_ = scrut.p_key;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)64U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  uint8_t *buf_1 = buf_;
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 r1[25U] KRML_POST_ALIGN(32) = { 0U };
-  Lib_IntVector_Intrinsics_vec256 *tmp_block_state = r1;
-  memcpy(tmp_block_state, block_state, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  uint32_t ite0;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite0 = (uint32_t)16U;
-  }
-  else
-  {
-    ite0 = r % (uint32_t)16U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite0;
-  uint8_t *buf_multi = buf_1;
-  uint32_t ite;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)16U;
-  }
-  else
-  {
-    ite = r % (uint32_t)16U;
-  }
-  Hacl_Poly1305_256_poly1305_update(tmp_block_state, r - ite, buf_multi);
-  uint32_t ite1;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite1 = (uint32_t)16U;
-  }
-  else
-  {
-    ite1 = r % (uint32_t)16U;
-  }
-  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
-  uint32_t ite2;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite2 = (uint32_t)16U;
-  }
-  else
-  {
-    ite2 = r % (uint32_t)16U;
-  }
-  Hacl_Poly1305_256_poly1305_update(tmp_block_state, ite2, buf_last);
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 tmp[25U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(tmp, tmp_block_state, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Hacl_Poly1305_256_poly1305_finish(dst, k_, tmp);
-}
-
-void Hacl_Streaming_Poly1305_256_free(Hacl_Streaming_Poly1305_256_poly1305_256_state *s)
-{
-  Hacl_Streaming_Poly1305_256_poly1305_256_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
-  KRML_HOST_FREE(k_);
-  KRML_ALIGNED_FREE(block_state);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/Hacl_Streaming_Poly1305_32.c b/src/Hacl_Streaming_Poly1305_32.c
deleted file mode 100644
index 249a622f..00000000
--- a/src/Hacl_Streaming_Poly1305_32.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Poly1305_32.h"
-
-Hacl_Streaming_Poly1305_32_poly1305_32_state *Hacl_Streaming_Poly1305_32_create_in(uint8_t *k)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint8_t));
-  uint64_t *r1 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
-  uint64_t *block_state = r1;
-  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_0 = k_;
-  Hacl_Streaming_Poly1305_32_poly1305_32_state
-  s =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_0 };
-  Hacl_Streaming_Poly1305_32_poly1305_32_state
-  *p =
-    (Hacl_Streaming_Poly1305_32_poly1305_32_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Poly1305_32_poly1305_32_state
-      ));
-  p[0U] = s;
-  Hacl_Poly1305_32_poly1305_init(block_state, k);
-  return p;
-}
-
-void
-Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_32_state *s)
-{
-  Hacl_Streaming_Poly1305_32_poly1305_32_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  uint64_t *block_state = scrut.block_state;
-  Hacl_Poly1305_32_poly1305_init(block_state, k);
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_1 = k_;
-  Hacl_Streaming_Poly1305_32_poly1305_32_state
-  tmp =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_1 };
-  s[0U] = tmp;
-}
-
-/**
-0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_32_update(
-  Hacl_Streaming_Poly1305_32_poly1305_32_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Poly1305_32_poly1305_32_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)16U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)16U);
-  }
-  if (len <= (uint32_t)16U - sz)
-  {
-    Hacl_Streaming_Poly1305_32_poly1305_32_state s1 = *p;
-    uint64_t *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)16U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)16U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_32_poly1305_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Poly1305_32_poly1305_32_state s1 = *p;
-    uint64_t *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)16U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)16U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_32_poly1305_update(block_state1, (uint32_t)16U, buf);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)16U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)16U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)16U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)16U;
-    uint32_t data1_len = n_blocks * (uint32_t)16U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Poly1305_32_poly1305_update(block_state1, data1_len, data1);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_32_poly1305_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len,
-          .p_key = k_1
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)16U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Poly1305_32_poly1305_32_state s1 = *p;
-    uint64_t *block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)16U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)16U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_32_poly1305_32_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-    Hacl_Streaming_Poly1305_32_poly1305_32_state s10 = *p;
-    uint64_t *block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint8_t *k_10 = s10.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)16U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)16U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_32_poly1305_update(block_state1, (uint32_t)16U, buf);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)16U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)16U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)16U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)16U;
-    uint32_t data1_len = n_blocks * (uint32_t)16U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Poly1305_32_poly1305_update(block_state1, data1_len, data11);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_32_poly1305_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff),
-          .p_key = k_10
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-void
-Hacl_Streaming_Poly1305_32_finish(
-  Hacl_Streaming_Poly1305_32_poly1305_32_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Poly1305_32_poly1305_32_state scrut = *p;
-  uint64_t *block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint8_t *k_ = scrut.p_key;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)16U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)16U);
-  }
-  uint8_t *buf_1 = buf_;
-  uint64_t r1[25U] = { 0U };
-  uint64_t *tmp_block_state = r1;
-  memcpy(tmp_block_state, block_state, (uint32_t)25U * sizeof (uint64_t));
-  uint32_t ite;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)16U;
-  }
-  else
-  {
-    ite = r % (uint32_t)16U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  Hacl_Poly1305_32_poly1305_update(tmp_block_state, (uint32_t)0U, buf_multi);
-  Hacl_Poly1305_32_poly1305_update(tmp_block_state, r, buf_last);
-  uint64_t tmp[25U] = { 0U };
-  memcpy(tmp, tmp_block_state, (uint32_t)25U * sizeof (uint64_t));
-  Hacl_Poly1305_32_poly1305_finish(dst, k_, tmp);
-}
-
-void Hacl_Streaming_Poly1305_32_free(Hacl_Streaming_Poly1305_32_poly1305_32_state *s)
-{
-  Hacl_Streaming_Poly1305_32_poly1305_32_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  uint64_t *block_state = scrut.block_state;
-  KRML_HOST_FREE(k_);
-  KRML_HOST_FREE(block_state);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/msvc/EverCrypt_AEAD.c b/src/msvc/EverCrypt_AEAD.c
index d3a4ffbe..b0fb4826 100644
--- a/src/msvc/EverCrypt_AEAD.c
+++ b/src/msvc/EverCrypt_AEAD.c
@@ -46,8 +46,8 @@ The state may be reused as many times as desired.
 */
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee)
 {
-  KRML_HOST_IGNORE(a);
-  KRML_HOST_IGNORE(projectee);
+  KRML_MAYBE_UNUSED_VAR(a);
+  KRML_MAYBE_UNUSED_VAR(projectee);
   return true;
 }
 
@@ -86,11 +86,11 @@ Spec_Agile_AEAD_alg EverCrypt_AEAD_alg_of_state(EverCrypt_AEAD_state_s *s)
 static EverCrypt_Error_error_code
 create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
-  uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
+  uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
   EverCrypt_AEAD_state_s
   *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
   p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek });
-  memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(ek, k, 32U * sizeof (uint8_t));
   dst[0U] = p;
   return EverCrypt_Error_Success;
 }
@@ -98,8 +98,8 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
-  KRML_HOST_IGNORE(dst);
-  KRML_HOST_IGNORE(k);
+  KRML_MAYBE_UNUSED_VAR(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
   #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
@@ -108,11 +108,11 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
-    uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t));
+    uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC(480U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
-    uint8_t *hkeys_b = ek + (uint32_t)176U;
-    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b));
-    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b, hkeys_b));
+    uint8_t *hkeys_b = ek + 176U;
+    aes128_key_expansion(k, keys_b);
+    aes128_keyhash_init(keys_b, hkeys_b);
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek });
@@ -128,8 +128,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
-  KRML_HOST_IGNORE(dst);
-  KRML_HOST_IGNORE(k);
+  KRML_MAYBE_UNUSED_VAR(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
   #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
@@ -138,11 +138,11 @@ create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
-    uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t));
+    uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC(544U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
-    uint8_t *hkeys_b = ek + (uint32_t)240U;
-    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b));
-    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b, hkeys_b));
+    uint8_t *hkeys_b = ek + 240U;
+    aes256_key_expansion(k, keys_b);
+    aes256_keyhash_init(keys_b, hkeys_b);
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek });
@@ -208,115 +208,106 @@ encrypt_aes128_gcm(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(s);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(s);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
-  uint8_t *scratch_b = ek + (uint32_t)304U;
+  uint8_t *scratch_b = ek + 304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+  uint8_t *hkeys_b = ek1 + 176U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *plain_b_ = plain;
   uint8_t *out_b_ = cipher;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    plain + plain_len_,
-    (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+  memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+  if (len128x6 / 16ULL >= 18ULL)
   {
-    uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = plain_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-        (uint64_t)ad_len,
-        auth_num,
-        keys_b,
-        tmp_iv,
-        hkeys_b,
-        abytes_b,
-        in128x6_b,
-        out128x6_b,
-        len128x6_,
-        in128_b,
-        out128_b,
-        len128_num_,
-        inout_b,
-        (uint64_t)plain_len,
-        scratch_b1,
-        tag));
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    gcm128_encrypt_opt(auth_b_,
+      (uint64_t)ad_len,
+      auth_num,
+      keys_b,
+      tmp_iv,
+      hkeys_b,
+      abytes_b,
+      in128x6_b,
+      out128x6_b,
+      len128x6_,
+      in128_b,
+      out128_b,
+      len128_num_,
+      inout_b,
+      (uint64_t)plain_len,
+      scratch_b1,
+      tag);
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = plain_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = plain_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
-    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-        (uint64_t)ad_len,
-        auth_num,
-        keys_b,
-        tmp_iv,
-        hkeys_b,
-        abytes_b,
-        in128x6_b,
-        out128x6_b,
-        len128x6_,
-        in128_b,
-        out128_b,
-        len128_num_,
-        inout_b,
-        (uint64_t)plain_len,
-        scratch_b1,
-        tag));
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
+    gcm128_encrypt_opt(auth_b_,
+      (uint64_t)ad_len,
+      auth_num,
+      keys_b,
+      tmp_iv,
+      hkeys_b,
+      abytes_b,
+      in128x6_b,
+      out128x6_b,
+      len128x6_,
+      in128_b,
+      out128_b,
+      len128_num_,
+      inout_b,
+      (uint64_t)plain_len,
+      scratch_b1,
+      tag);
   }
-  memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
   return EverCrypt_Error_Success;
   #else
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n",
@@ -340,115 +331,106 @@ encrypt_aes256_gcm(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(s);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(s);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
-  uint8_t *scratch_b = ek + (uint32_t)368U;
+  uint8_t *scratch_b = ek + 368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+  uint8_t *hkeys_b = ek1 + 240U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *plain_b_ = plain;
   uint8_t *out_b_ = cipher;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    plain + plain_len_,
-    (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+  memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+  if (len128x6 / 16ULL >= 18ULL)
   {
-    uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = plain_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-        (uint64_t)ad_len,
-        auth_num,
-        keys_b,
-        tmp_iv,
-        hkeys_b,
-        abytes_b,
-        in128x6_b,
-        out128x6_b,
-        len128x6_,
-        in128_b,
-        out128_b,
-        len128_num_,
-        inout_b,
-        (uint64_t)plain_len,
-        scratch_b1,
-        tag));
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    gcm256_encrypt_opt(auth_b_,
+      (uint64_t)ad_len,
+      auth_num,
+      keys_b,
+      tmp_iv,
+      hkeys_b,
+      abytes_b,
+      in128x6_b,
+      out128x6_b,
+      len128x6_,
+      in128_b,
+      out128_b,
+      len128_num_,
+      inout_b,
+      (uint64_t)plain_len,
+      scratch_b1,
+      tag);
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = plain_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = plain_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
-    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-        (uint64_t)ad_len,
-        auth_num,
-        keys_b,
-        tmp_iv,
-        hkeys_b,
-        abytes_b,
-        in128x6_b,
-        out128x6_b,
-        len128x6_,
-        in128_b,
-        out128_b,
-        len128_num_,
-        inout_b,
-        (uint64_t)plain_len,
-        scratch_b1,
-        tag));
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
+    gcm256_encrypt_opt(auth_b_,
+      (uint64_t)ad_len,
+      auth_num,
+      keys_b,
+      tmp_iv,
+      hkeys_b,
+      abytes_b,
+      in128x6_b,
+      out128x6_b,
+      len128x6_,
+      in128_b,
+      out128_b,
+      len128_num_,
+      inout_b,
+      (uint64_t)plain_len,
+      scratch_b1,
+      tag);
   }
-  memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
   return EverCrypt_Error_Success;
   #else
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n",
@@ -510,7 +492,7 @@ EverCrypt_AEAD_encrypt(
       }
     case Spec_Cipher_Expansion_Hacl_CHACHA20:
       {
-        if (iv_len != (uint32_t)12U)
+        if (iv_len != 12U)
         {
           return EverCrypt_Error_InvalidIVLength;
         }
@@ -546,124 +528,115 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
-  uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
-  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
+  uint8_t *hkeys_b0 = ek + 176U;
+  aes128_key_expansion(k, keys_b0);
+  aes128_keyhash_init(keys_b0, hkeys_b0);
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
   {
     KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
-  else if (iv_len == (uint32_t)0U)
+  else if (iv_len == 0U)
   {
     KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
     uint8_t *ek0 = (*s).ek;
-    uint8_t *scratch_b = ek0 + (uint32_t)304U;
+    uint8_t *scratch_b = ek0 + 304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
-    uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+    uint8_t *hkeys_b = ek1 + 176U;
     uint8_t tmp_iv[16U] = { 0U };
-    uint32_t len = iv_len / (uint32_t)16U;
-    uint32_t bytes_len = len * (uint32_t)16U;
+    uint32_t len = iv_len / 16U;
+    uint32_t bytes_len = len * 16U;
     uint8_t *iv_b = iv;
-    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-        (uint64_t)iv_len,
-        (uint64_t)len,
-        tmp_iv,
-        tmp_iv,
-        hkeys_b));
+    memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+    compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
     uint8_t *inout_b = scratch_b;
-    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-    uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *abytes_b = scratch_b + 16U;
+    uint8_t *scratch_b1 = scratch_b + 32U;
+    uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
     uint8_t *plain_b_ = plain;
     uint8_t *out_b_ = cipher;
     uint8_t *auth_b_ = ad;
-    memcpy(inout_b,
-      plain + plain_len_,
-      (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    memcpy(abytes_b,
-      ad + auth_len_,
-      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-    if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+    memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+    memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+    if (len128x6 / 16ULL >= 18ULL)
     {
-      uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
       uint8_t *in128x6_b = plain_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
       uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-          (uint64_t)ad_len,
-          auth_num,
-          keys_b,
-          tmp_iv,
-          hkeys_b,
-          abytes_b,
-          in128x6_b,
-          out128x6_b,
-          len128x6_,
-          in128_b,
-          out128_b,
-          len128_num_,
-          inout_b,
-          (uint64_t)plain_len,
-          scratch_b1,
-          tag));
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128x6_ = len128x6 / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      gcm128_encrypt_opt(auth_b_,
+        (uint64_t)ad_len,
+        auth_num,
+        keys_b,
+        tmp_iv,
+        hkeys_b,
+        abytes_b,
+        in128x6_b,
+        out128x6_b,
+        len128x6_,
+        in128_b,
+        out128_b,
+        len128_num_,
+        inout_b,
+        (uint64_t)plain_len,
+        scratch_b1,
+        tag);
     }
     else
     {
-      uint32_t len128x61 = (uint32_t)0U;
-      uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+      uint32_t len128x61 = 0U;
+      uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
       uint8_t *in128x6_b = plain_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = plain_b_ + len128x61;
       uint8_t *out128_b = out_b_ + len128x61;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t len128x6_ = (uint64_t)0U;
-      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-          (uint64_t)ad_len,
-          auth_num,
-          keys_b,
-          tmp_iv,
-          hkeys_b,
-          abytes_b,
-          in128x6_b,
-          out128x6_b,
-          len128x6_,
-          in128_b,
-          out128_b,
-          len128_num_,
-          inout_b,
-          (uint64_t)plain_len,
-          scratch_b1,
-          tag));
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      uint64_t len128x6_ = 0ULL;
+      gcm128_encrypt_opt(auth_b_,
+        (uint64_t)ad_len,
+        auth_num,
+        keys_b,
+        tmp_iv,
+        hkeys_b,
+        abytes_b,
+        in128x6_b,
+        out128x6_b,
+        len128x6_,
+        in128_b,
+        out128_b,
+        len128_num_,
+        inout_b,
+        (uint64_t)plain_len,
+        scratch_b1,
+        tag);
     }
-    memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+    memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
       inout_b,
-      (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+      (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
     KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
@@ -697,124 +670,115 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
-  uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
-  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
+  uint8_t *hkeys_b0 = ek + 240U;
+  aes256_key_expansion(k, keys_b0);
+  aes256_keyhash_init(keys_b0, hkeys_b0);
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
   {
     KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
-  else if (iv_len == (uint32_t)0U)
+  else if (iv_len == 0U)
   {
     KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
     uint8_t *ek0 = (*s).ek;
-    uint8_t *scratch_b = ek0 + (uint32_t)368U;
+    uint8_t *scratch_b = ek0 + 368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
-    uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+    uint8_t *hkeys_b = ek1 + 240U;
     uint8_t tmp_iv[16U] = { 0U };
-    uint32_t len = iv_len / (uint32_t)16U;
-    uint32_t bytes_len = len * (uint32_t)16U;
+    uint32_t len = iv_len / 16U;
+    uint32_t bytes_len = len * 16U;
     uint8_t *iv_b = iv;
-    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-        (uint64_t)iv_len,
-        (uint64_t)len,
-        tmp_iv,
-        tmp_iv,
-        hkeys_b));
+    memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+    compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
     uint8_t *inout_b = scratch_b;
-    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-    uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *abytes_b = scratch_b + 16U;
+    uint8_t *scratch_b1 = scratch_b + 32U;
+    uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
     uint8_t *plain_b_ = plain;
     uint8_t *out_b_ = cipher;
     uint8_t *auth_b_ = ad;
-    memcpy(inout_b,
-      plain + plain_len_,
-      (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    memcpy(abytes_b,
-      ad + auth_len_,
-      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-    if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+    memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+    memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+    if (len128x6 / 16ULL >= 18ULL)
     {
-      uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
       uint8_t *in128x6_b = plain_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
       uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-          (uint64_t)ad_len,
-          auth_num,
-          keys_b,
-          tmp_iv,
-          hkeys_b,
-          abytes_b,
-          in128x6_b,
-          out128x6_b,
-          len128x6_,
-          in128_b,
-          out128_b,
-          len128_num_,
-          inout_b,
-          (uint64_t)plain_len,
-          scratch_b1,
-          tag));
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128x6_ = len128x6 / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      gcm256_encrypt_opt(auth_b_,
+        (uint64_t)ad_len,
+        auth_num,
+        keys_b,
+        tmp_iv,
+        hkeys_b,
+        abytes_b,
+        in128x6_b,
+        out128x6_b,
+        len128x6_,
+        in128_b,
+        out128_b,
+        len128_num_,
+        inout_b,
+        (uint64_t)plain_len,
+        scratch_b1,
+        tag);
     }
     else
     {
-      uint32_t len128x61 = (uint32_t)0U;
-      uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+      uint32_t len128x61 = 0U;
+      uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
       uint8_t *in128x6_b = plain_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = plain_b_ + len128x61;
       uint8_t *out128_b = out_b_ + len128x61;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t len128x6_ = (uint64_t)0U;
-      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-          (uint64_t)ad_len,
-          auth_num,
-          keys_b,
-          tmp_iv,
-          hkeys_b,
-          abytes_b,
-          in128x6_b,
-          out128x6_b,
-          len128x6_,
-          in128_b,
-          out128_b,
-          len128_num_,
-          inout_b,
-          (uint64_t)plain_len,
-          scratch_b1,
-          tag));
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      uint64_t len128x6_ = 0ULL;
+      gcm256_encrypt_opt(auth_b_,
+        (uint64_t)ad_len,
+        auth_num,
+        keys_b,
+        tmp_iv,
+        hkeys_b,
+        abytes_b,
+        in128x6_b,
+        out128x6_b,
+        len128x6_,
+        in128_b,
+        out128_b,
+        len128_num_,
+        inout_b,
+        (uint64_t)plain_len,
+        scratch_b1,
+        tag);
     }
-    memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+    memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
       inout_b,
-      (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+      (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
     KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
@@ -840,15 +804,15 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -859,112 +823,103 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   {
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
-    uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
-    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
+    uint8_t *hkeys_b0 = ek + 176U;
+    aes128_key_expansion(k, keys_b0);
+    aes128_keyhash_init(keys_b0, hkeys_b0);
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
-    else if (iv_len == (uint32_t)0U)
+    else if (iv_len == 0U)
     {
       KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
       uint8_t *ek0 = (*s).ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)304U;
+      uint8_t *scratch_b = ek0 + 304U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+      uint8_t *hkeys_b = ek1 + 176U;
       uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
+      uint32_t len = iv_len / 16U;
+      uint32_t bytes_len = len * 16U;
       uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-          (uint64_t)iv_len,
-          (uint64_t)len,
-          tmp_iv,
-          tmp_iv,
-          hkeys_b));
+      memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+      compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
       uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+      uint8_t *abytes_b = scratch_b + 16U;
+      uint8_t *scratch_b1 = scratch_b + 32U;
+      uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
       uint8_t *plain_b_ = plain;
       uint8_t *out_b_ = cipher;
       uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        plain + plain_len_,
-        (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+      memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+      memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+      uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+      if (len128x6 / 16ULL >= 18ULL)
       {
-        uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+        uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
         uint8_t *in128x6_b = plain_b_;
         uint8_t *out128x6_b = out_b_;
         uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
         uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)plain_len,
-            scratch_b1,
-            tag));
+        uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+        uint64_t len128x6_ = len128x6 / 16ULL;
+        uint64_t len128_num_ = len128_num / 16ULL;
+        gcm128_encrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)plain_len,
+          scratch_b1,
+          tag);
       }
       else
       {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+        uint32_t len128x61 = 0U;
+        uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
         uint8_t *in128x6_b = plain_b_;
         uint8_t *out128x6_b = out_b_;
         uint8_t *in128_b = plain_b_ + len128x61;
         uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)plain_len,
-            scratch_b1,
-            tag));
+        uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+        uint64_t len128_num_ = len128_num / 16ULL;
+        uint64_t len128x6_ = 0ULL;
+        gcm128_encrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)plain_len,
+          scratch_b1,
+          tag);
       }
-      memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+      memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
         inout_b,
-        (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+        (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
       KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
@@ -988,15 +943,15 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(plain);
-  KRML_HOST_IGNORE(plain_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(tag);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(plain);
+  KRML_MAYBE_UNUSED_VAR(plain_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(tag);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -1007,112 +962,103 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   {
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
-    uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
-    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
+    uint8_t *hkeys_b0 = ek + 240U;
+    aes256_key_expansion(k, keys_b0);
+    aes256_keyhash_init(keys_b0, hkeys_b0);
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
-    else if (iv_len == (uint32_t)0U)
+    else if (iv_len == 0U)
     {
       KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
       uint8_t *ek0 = (*s).ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)368U;
+      uint8_t *scratch_b = ek0 + 368U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+      uint8_t *hkeys_b = ek1 + 240U;
       uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
+      uint32_t len = iv_len / 16U;
+      uint32_t bytes_len = len * 16U;
       uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-          (uint64_t)iv_len,
-          (uint64_t)len,
-          tmp_iv,
-          tmp_iv,
-          hkeys_b));
+      memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+      compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
       uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+      uint8_t *abytes_b = scratch_b + 16U;
+      uint8_t *scratch_b1 = scratch_b + 32U;
+      uint32_t plain_len_ = (uint32_t)(uint64_t)plain_len / 16U * 16U;
+      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
       uint8_t *plain_b_ = plain;
       uint8_t *out_b_ = cipher;
       uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        plain + plain_len_,
-        (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)plain_len / (uint64_t)96U * (uint64_t)96U;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)18U)
+      memcpy(inout_b, plain + plain_len_, (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
+      memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+      uint64_t len128x6 = (uint64_t)plain_len / 96ULL * 96ULL;
+      if (len128x6 / 16ULL >= 18ULL)
       {
-        uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+        uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL - len128x6;
         uint8_t *in128x6_b = plain_b_;
         uint8_t *out128x6_b = out_b_;
         uint8_t *in128_b = plain_b_ + (uint32_t)len128x6;
         uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)plain_len,
-            scratch_b1,
-            tag));
+        uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+        uint64_t len128x6_ = len128x6 / 16ULL;
+        uint64_t len128_num_ = len128_num / 16ULL;
+        gcm256_encrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)plain_len,
+          scratch_b1,
+          tag);
       }
       else
       {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)plain_len / (uint64_t)16U * (uint64_t)16U;
+        uint32_t len128x61 = 0U;
+        uint64_t len128_num = (uint64_t)plain_len / 16ULL * 16ULL;
         uint8_t *in128x6_b = plain_b_;
         uint8_t *out128x6_b = out_b_;
         uint8_t *in128_b = plain_b_ + len128x61;
         uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)plain_len,
-            scratch_b1,
-            tag));
+        uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+        uint64_t len128_num_ = len128_num / 16ULL;
+        uint64_t len128x6_ = 0ULL;
+        gcm256_encrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)plain_len,
+          scratch_b1,
+          tag);
       }
-      memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
+      memcpy(cipher + (uint32_t)(uint64_t)plain_len / 16U * 16U,
         inout_b,
-        (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
+        (uint32_t)(uint64_t)plain_len % 16U * sizeof (uint8_t));
       KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
@@ -1136,10 +1082,10 @@ EverCrypt_AEAD_encrypt_expand_chacha20_poly1305(
   uint8_t *tag
 )
 {
-  KRML_HOST_IGNORE(iv_len);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
   uint8_t ek[32U] = { 0U };
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek };
-  memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(ek, k, 32U * sizeof (uint8_t));
   EverCrypt_AEAD_state_s *s = &p;
   uint8_t *ek0 = (*s).ek;
   EverCrypt_Chacha20Poly1305_aead_encrypt(ek0, iv, ad_len, ad, plain_len, plain, cipher, tag);
@@ -1222,66 +1168,57 @@ decrypt_aes128_gcm(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(s);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(s);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
-  uint8_t *scratch_b = ek + (uint32_t)304U;
+  uint8_t *scratch_b = ek + 304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+  uint8_t *hkeys_b = ek1 + 176U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *cipher_b_ = cipher;
   uint8_t *out_b_ = dst;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    cipher + cipher_len_,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+  memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
   uint64_t c;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+  if (len128x6 / 16ULL >= 6ULL)
   {
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
     uint64_t
     c0 =
       gcm128_decrypt_opt(auth_b_,
@@ -1305,15 +1242,15 @@ decrypt_aes128_gcm(
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
     uint64_t
     c0 =
       gcm128_decrypt_opt(auth_b_,
@@ -1335,11 +1272,11 @@ decrypt_aes128_gcm(
         tag);
     c = c0;
   }
-  memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
   uint64_t r = c;
-  if (r == (uint64_t)0U)
+  if (r == 0ULL)
   {
     return EverCrypt_Error_Success;
   }
@@ -1366,66 +1303,57 @@ decrypt_aes256_gcm(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(s);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(s);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
-  uint8_t *scratch_b = ek + (uint32_t)368U;
+  uint8_t *scratch_b = ek + 368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+  uint8_t *hkeys_b = ek1 + 240U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *cipher_b_ = cipher;
   uint8_t *out_b_ = dst;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    cipher + cipher_len_,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+  memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
   uint64_t c;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+  if (len128x6 / 16ULL >= 6ULL)
   {
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
     uint64_t
     c0 =
       gcm256_decrypt_opt(auth_b_,
@@ -1449,15 +1377,15 @@ decrypt_aes256_gcm(
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
     uint64_t
     c0 =
       gcm256_decrypt_opt(auth_b_,
@@ -1479,11 +1407,11 @@ decrypt_aes256_gcm(
         tag);
     c = c0;
   }
-  memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
   uint64_t r = c;
-  if (r == (uint64_t)0U)
+  if (r == 0ULL)
   {
     return EverCrypt_Error_Success;
   }
@@ -1514,14 +1442,14 @@ decrypt_chacha20_poly1305(
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len != (uint32_t)12U)
+  if (iv_len != 12U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek = (*s).ek;
   uint32_t
   r = EverCrypt_Chacha20Poly1305_aead_decrypt(ek, iv, ad_len, ad, cipher_len, dst, cipher, tag);
-  if (r == (uint32_t)0U)
+  if (r == 0U)
   {
     return EverCrypt_Error_Success;
   }
@@ -1620,73 +1548,64 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
-  uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
-  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
+  uint8_t *hkeys_b0 = ek + 176U;
+  aes128_key_expansion(k, keys_b0);
+  aes128_keyhash_init(keys_b0, hkeys_b0);
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek0 = (*s).ek;
-  uint8_t *scratch_b = ek0 + (uint32_t)304U;
+  uint8_t *scratch_b = ek0 + 304U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+  uint8_t *hkeys_b = ek1 + 176U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *cipher_b_ = cipher;
   uint8_t *out_b_ = dst;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    cipher + cipher_len_,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+  memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
   uint64_t c;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+  if (len128x6 / 16ULL >= 6ULL)
   {
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
     uint64_t
     c0 =
       gcm128_decrypt_opt(auth_b_,
@@ -1710,15 +1629,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
     uint64_t
     c0 =
       gcm128_decrypt_opt(auth_b_,
@@ -1740,11 +1659,11 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         tag);
     c = c0;
   }
-  memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
   uint64_t r = c;
-  if (r == (uint64_t)0U)
+  if (r == 0ULL)
   {
     return EverCrypt_Error_Success;
   }
@@ -1779,73 +1698,64 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
-  uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
-  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
+  uint8_t *hkeys_b0 = ek + 240U;
+  aes256_key_expansion(k, keys_b0);
+  aes256_keyhash_init(keys_b0, hkeys_b0);
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
   {
     return EverCrypt_Error_InvalidKey;
   }
-  if (iv_len == (uint32_t)0U)
+  if (iv_len == 0U)
   {
     return EverCrypt_Error_InvalidIVLength;
   }
   uint8_t *ek0 = (*s).ek;
-  uint8_t *scratch_b = ek0 + (uint32_t)368U;
+  uint8_t *scratch_b = ek0 + 368U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
-  uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+  uint8_t *hkeys_b = ek1 + 240U;
   uint8_t tmp_iv[16U] = { 0U };
-  uint32_t len = iv_len / (uint32_t)16U;
-  uint32_t bytes_len = len * (uint32_t)16U;
+  uint32_t len = iv_len / 16U;
+  uint32_t bytes_len = len * 16U;
   uint8_t *iv_b = iv;
-  memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-      (uint64_t)iv_len,
-      (uint64_t)len,
-      tmp_iv,
-      tmp_iv,
-      hkeys_b));
+  memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+  compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
   uint8_t *inout_b = scratch_b;
-  uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-  uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+  uint8_t *abytes_b = scratch_b + 16U;
+  uint8_t *scratch_b1 = scratch_b + 32U;
+  uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+  uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
   uint8_t *cipher_b_ = cipher;
   uint8_t *out_b_ = dst;
   uint8_t *auth_b_ = ad;
-  memcpy(inout_b,
-    cipher + cipher_len_,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-  memcpy(abytes_b,
-    ad + auth_len_,
-    (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+  memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+  memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+  uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
   uint64_t c;
-  if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+  if (len128x6 / 16ULL >= 6ULL)
   {
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
     uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128x6_ = len128x6 / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
     uint64_t
     c0 =
       gcm256_decrypt_opt(auth_b_,
@@ -1869,15 +1779,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   }
   else
   {
-    uint32_t len128x61 = (uint32_t)0U;
-    uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+    uint32_t len128x61 = 0U;
+    uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
     uint8_t *in128x6_b = cipher_b_;
     uint8_t *out128x6_b = out_b_;
     uint8_t *in128_b = cipher_b_ + len128x61;
     uint8_t *out128_b = out_b_ + len128x61;
-    uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-    uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t len128x6_ = (uint64_t)0U;
+    uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+    uint64_t len128_num_ = len128_num / 16ULL;
+    uint64_t len128x6_ = 0ULL;
     uint64_t
     c0 =
       gcm256_decrypt_opt(auth_b_,
@@ -1899,11 +1809,11 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         tag);
     c = c0;
   }
-  memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+  memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
     inout_b,
-    (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
   uint64_t r = c;
-  if (r == (uint64_t)0U)
+  if (r == 0ULL)
   {
     return EverCrypt_Error_Success;
   }
@@ -1930,15 +1840,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -1949,61 +1859,52 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   {
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
-    uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
-    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
+    uint8_t *hkeys_b0 = ek + 176U;
+    aes128_key_expansion(k, keys_b0);
+    aes128_keyhash_init(keys_b0, hkeys_b0);
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       return EverCrypt_Error_InvalidKey;
     }
-    if (iv_len == (uint32_t)0U)
+    if (iv_len == 0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
     uint8_t *ek0 = (*s).ek;
-    uint8_t *scratch_b = ek0 + (uint32_t)304U;
+    uint8_t *scratch_b = ek0 + 304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
-    uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+    uint8_t *hkeys_b = ek1 + 176U;
     uint8_t tmp_iv[16U] = { 0U };
-    uint32_t len = iv_len / (uint32_t)16U;
-    uint32_t bytes_len = len * (uint32_t)16U;
+    uint32_t len = iv_len / 16U;
+    uint32_t bytes_len = len * 16U;
     uint8_t *iv_b = iv;
-    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-        (uint64_t)iv_len,
-        (uint64_t)len,
-        tmp_iv,
-        tmp_iv,
-        hkeys_b));
+    memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+    compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
     uint8_t *inout_b = scratch_b;
-    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *abytes_b = scratch_b + 16U;
+    uint8_t *scratch_b1 = scratch_b + 32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
     uint8_t *cipher_b_ = cipher;
     uint8_t *out_b_ = dst;
     uint8_t *auth_b_ = ad;
-    memcpy(inout_b,
-      cipher + cipher_len_,
-      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-    memcpy(abytes_b,
-      ad + auth_len_,
-      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+    memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
     uint64_t c;
-    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    if (len128x6 / 16ULL >= 6ULL)
     {
-      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
       uint8_t *in128x6_b = cipher_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
       uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128x6_ = len128x6 / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
       uint64_t
       c0 =
         gcm128_decrypt_opt(auth_b_,
@@ -2027,15 +1928,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
     }
     else
     {
-      uint32_t len128x61 = (uint32_t)0U;
-      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint32_t len128x61 = 0U;
+      uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
       uint8_t *in128x6_b = cipher_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = cipher_b_ + len128x61;
       uint8_t *out128_b = out_b_ + len128x61;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t len128x6_ = (uint64_t)0U;
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      uint64_t len128x6_ = 0ULL;
       uint64_t
       c0 =
         gcm128_decrypt_opt(auth_b_,
@@ -2057,11 +1958,11 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
           tag);
       c = c0;
     }
-    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
       inout_b,
-      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+      (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
     uint64_t r = c;
-    if (r == (uint64_t)0U)
+    if (r == 0ULL)
     {
       return EverCrypt_Error_Success;
     }
@@ -2086,15 +1987,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   uint8_t *dst
 )
 {
-  KRML_HOST_IGNORE(k);
-  KRML_HOST_IGNORE(iv);
-  KRML_HOST_IGNORE(iv_len);
-  KRML_HOST_IGNORE(ad);
-  KRML_HOST_IGNORE(ad_len);
-  KRML_HOST_IGNORE(cipher);
-  KRML_HOST_IGNORE(cipher_len);
-  KRML_HOST_IGNORE(tag);
-  KRML_HOST_IGNORE(dst);
+  KRML_MAYBE_UNUSED_VAR(k);
+  KRML_MAYBE_UNUSED_VAR(iv);
+  KRML_MAYBE_UNUSED_VAR(iv_len);
+  KRML_MAYBE_UNUSED_VAR(ad);
+  KRML_MAYBE_UNUSED_VAR(ad_len);
+  KRML_MAYBE_UNUSED_VAR(cipher);
+  KRML_MAYBE_UNUSED_VAR(cipher_len);
+  KRML_MAYBE_UNUSED_VAR(tag);
+  KRML_MAYBE_UNUSED_VAR(dst);
   #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
@@ -2105,61 +2006,52 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   {
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
-    uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
-    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
+    uint8_t *hkeys_b0 = ek + 240U;
+    aes256_key_expansion(k, keys_b0);
+    aes256_keyhash_init(keys_b0, hkeys_b0);
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       return EverCrypt_Error_InvalidKey;
     }
-    if (iv_len == (uint32_t)0U)
+    if (iv_len == 0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
     uint8_t *ek0 = (*s).ek;
-    uint8_t *scratch_b = ek0 + (uint32_t)368U;
+    uint8_t *scratch_b = ek0 + 368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
-    uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+    uint8_t *hkeys_b = ek1 + 240U;
     uint8_t tmp_iv[16U] = { 0U };
-    uint32_t len = iv_len / (uint32_t)16U;
-    uint32_t bytes_len = len * (uint32_t)16U;
+    uint32_t len = iv_len / 16U;
+    uint32_t bytes_len = len * 16U;
     uint8_t *iv_b = iv;
-    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
-        (uint64_t)iv_len,
-        (uint64_t)len,
-        tmp_iv,
-        tmp_iv,
-        hkeys_b));
+    memcpy(tmp_iv, iv + bytes_len, iv_len % 16U * sizeof (uint8_t));
+    compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
     uint8_t *inout_b = scratch_b;
-    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *abytes_b = scratch_b + 16U;
+    uint8_t *scratch_b1 = scratch_b + 32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / 16U * 16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / 16U * 16U;
     uint8_t *cipher_b_ = cipher;
     uint8_t *out_b_ = dst;
     uint8_t *auth_b_ = ad;
-    memcpy(inout_b,
-      cipher + cipher_len_,
-      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-    memcpy(abytes_b,
-      ad + auth_len_,
-      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    memcpy(inout_b, cipher + cipher_len_, (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
+    memcpy(abytes_b, ad + auth_len_, (uint32_t)(uint64_t)ad_len % 16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / 96ULL * 96ULL;
     uint64_t c;
-    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    if (len128x6 / 16ULL >= 6ULL)
     {
-      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL - len128x6;
       uint8_t *in128x6_b = cipher_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
       uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128x6_ = len128x6 / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
       uint64_t
       c0 =
         gcm256_decrypt_opt(auth_b_,
@@ -2183,15 +2075,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
     }
     else
     {
-      uint32_t len128x61 = (uint32_t)0U;
-      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint32_t len128x61 = 0U;
+      uint64_t len128_num = (uint64_t)cipher_len / 16ULL * 16ULL;
       uint8_t *in128x6_b = cipher_b_;
       uint8_t *out128x6_b = out_b_;
       uint8_t *in128_b = cipher_b_ + len128x61;
       uint8_t *out128_b = out_b_ + len128x61;
-      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-      uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t len128x6_ = (uint64_t)0U;
+      uint64_t auth_num = (uint64_t)ad_len / 16ULL;
+      uint64_t len128_num_ = len128_num / 16ULL;
+      uint64_t len128x6_ = 0ULL;
       uint64_t
       c0 =
         gcm256_decrypt_opt(auth_b_,
@@ -2213,11 +2105,11 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
           tag);
       c = c0;
     }
-    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / 16U * 16U,
       inout_b,
-      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+      (uint32_t)(uint64_t)cipher_len % 16U * sizeof (uint8_t));
     uint64_t r = c;
-    if (r == (uint64_t)0U)
+    if (r == 0ULL)
     {
       return EverCrypt_Error_Success;
     }
@@ -2244,7 +2136,7 @@ EverCrypt_AEAD_decrypt_expand_chacha20_poly1305(
 {
   uint8_t ek[32U] = { 0U };
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek };
-  memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(ek, k, 32U * sizeof (uint8_t));
   EverCrypt_AEAD_state_s *s = &p;
   EverCrypt_Error_error_code
   r = decrypt_chacha20_poly1305(s, iv, iv_len, ad, ad_len, cipher, cipher_len, tag, dst);
diff --git a/src/msvc/EverCrypt_AutoConfig2.c b/src/msvc/EverCrypt_AutoConfig2.c
index b549d020..5a92d995 100644
--- a/src/msvc/EverCrypt_AutoConfig2.c
+++ b/src/msvc/EverCrypt_AutoConfig2.c
@@ -113,59 +113,59 @@ void EverCrypt_AutoConfig2_recall(void)
 void EverCrypt_AutoConfig2_init(void)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (check_aesni() != (uint64_t)0U)
+  if (check_aesni() != 0ULL)
   {
     cpu_has_aesni[0U] = true;
     cpu_has_pclmulqdq[0U] = true;
   }
-  if (check_sha() != (uint64_t)0U)
+  if (check_sha() != 0ULL)
   {
     cpu_has_shaext[0U] = true;
   }
-  if (check_adx_bmi2() != (uint64_t)0U)
+  if (check_adx_bmi2() != 0ULL)
   {
     cpu_has_bmi2[0U] = true;
     cpu_has_adx[0U] = true;
   }
-  if (check_avx() != (uint64_t)0U)
+  if (check_avx() != 0ULL)
   {
-    if (check_osxsave() != (uint64_t)0U)
+    if (check_osxsave() != 0ULL)
     {
-      if (check_avx_xcr0() != (uint64_t)0U)
+      if (check_avx_xcr0() != 0ULL)
       {
         cpu_has_avx[0U] = true;
       }
     }
   }
-  if (check_avx2() != (uint64_t)0U)
+  if (check_avx2() != 0ULL)
   {
-    if (check_osxsave() != (uint64_t)0U)
+    if (check_osxsave() != 0ULL)
     {
-      if (check_avx_xcr0() != (uint64_t)0U)
+      if (check_avx_xcr0() != 0ULL)
       {
         cpu_has_avx2[0U] = true;
       }
     }
   }
-  if (check_sse() != (uint64_t)0U)
+  if (check_sse() != 0ULL)
   {
     cpu_has_sse[0U] = true;
   }
-  if (check_movbe() != (uint64_t)0U)
+  if (check_movbe() != 0ULL)
   {
     cpu_has_movbe[0U] = true;
   }
-  if (check_rdrand() != (uint64_t)0U)
+  if (check_rdrand() != 0ULL)
   {
     cpu_has_rdrand[0U] = true;
   }
-  if (check_avx512() != (uint64_t)0U)
+  if (check_avx512() != 0ULL)
   {
-    if (check_osxsave() != (uint64_t)0U)
+    if (check_osxsave() != 0ULL)
     {
-      if (check_avx_xcr0() != (uint64_t)0U)
+      if (check_avx_xcr0() != 0ULL)
       {
-        if (check_avx512_xcr0() != (uint64_t)0U)
+        if (check_avx512_xcr0() != 0ULL)
         {
           cpu_has_avx512[0U] = true;
           return;
diff --git a/src/msvc/EverCrypt_Chacha20Poly1305.c b/src/msvc/EverCrypt_Chacha20Poly1305.c
index 9a110bbf..e762f031 100644
--- a/src/msvc/EverCrypt_Chacha20Poly1305.c
+++ b/src/msvc/EverCrypt_Chacha20Poly1305.c
@@ -44,22 +44,22 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
-    KRML_HOST_IGNORE(vec128);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+    KRML_MAYBE_UNUSED_VAR(vec128);
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher, tag, m, mlen, aad, aadlen, k, n);
     return;
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
-    KRML_HOST_IGNORE(vec256);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+    KRML_MAYBE_UNUSED_VAR(vec256);
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher, tag, m, mlen, aad, aadlen, k, n);
     return;
   }
   #endif
-  KRML_HOST_IGNORE(vec128);
-  KRML_HOST_IGNORE(vec256);
-  Hacl_Chacha20Poly1305_32_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+  KRML_MAYBE_UNUSED_VAR(vec128);
+  KRML_MAYBE_UNUSED_VAR(vec256);
+  Hacl_AEAD_Chacha20Poly1305_encrypt(cipher, tag, m, mlen, aad, aadlen, k, n);
 }
 
 uint32_t
@@ -79,19 +79,19 @@ EverCrypt_Chacha20Poly1305_aead_decrypt(
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
-    KRML_HOST_IGNORE(vec128);
-    return Hacl_Chacha20Poly1305_256_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+    KRML_MAYBE_UNUSED_VAR(vec128);
+    return Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(m, cipher, mlen, aad, aadlen, k, n, tag);
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
-    KRML_HOST_IGNORE(vec256);
-    return Hacl_Chacha20Poly1305_128_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+    KRML_MAYBE_UNUSED_VAR(vec256);
+    return Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(m, cipher, mlen, aad, aadlen, k, n, tag);
   }
   #endif
-  KRML_HOST_IGNORE(vec128);
-  KRML_HOST_IGNORE(vec256);
-  return Hacl_Chacha20Poly1305_32_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
+  KRML_MAYBE_UNUSED_VAR(vec128);
+  KRML_MAYBE_UNUSED_VAR(vec256);
+  return Hacl_AEAD_Chacha20Poly1305_decrypt(m, cipher, mlen, aad, aadlen, k, n, tag);
 }
 
diff --git a/src/msvc/EverCrypt_DRBG.c b/src/msvc/EverCrypt_DRBG.c
index 9591823c..1395f59f 100644
--- a/src/msvc/EverCrypt_DRBG.c
+++ b/src/msvc/EverCrypt_DRBG.c
@@ -28,15 +28,15 @@
 #include "internal/EverCrypt_HMAC.h"
 #include "lib_memzero0.h"
 
-uint32_t EverCrypt_DRBG_reseed_interval = (uint32_t)1024U;
+uint32_t EverCrypt_DRBG_reseed_interval = 1024U;
 
-uint32_t EverCrypt_DRBG_max_output_length = (uint32_t)65536U;
+uint32_t EverCrypt_DRBG_max_output_length = 65536U;
 
-uint32_t EverCrypt_DRBG_max_length = (uint32_t)65536U;
+uint32_t EverCrypt_DRBG_max_length = 65536U;
 
-uint32_t EverCrypt_DRBG_max_personalization_string_length = (uint32_t)65536U;
+uint32_t EverCrypt_DRBG_max_personalization_string_length = 65536U;
 
-uint32_t EverCrypt_DRBG_max_additional_input_length = (uint32_t)65536U;
+uint32_t EverCrypt_DRBG_max_additional_input_length = 65536U;
 
 uint32_t EverCrypt_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
 {
@@ -44,19 +44,19 @@ uint32_t EverCrypt_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)16U;
+        return 16U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     default:
       {
@@ -92,7 +92,7 @@ EverCrypt_DRBG_uu___is_SHA1_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   if (projectee.tag == SHA1_s)
   {
     return true;
@@ -106,7 +106,7 @@ EverCrypt_DRBG_uu___is_SHA2_256_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   if (projectee.tag == SHA2_256_s)
   {
     return true;
@@ -120,7 +120,7 @@ EverCrypt_DRBG_uu___is_SHA2_384_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   if (projectee.tag == SHA2_384_s)
   {
     return true;
@@ -134,7 +134,7 @@ EverCrypt_DRBG_uu___is_SHA2_512_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   if (projectee.tag == SHA2_512_s)
   {
     return true;
@@ -149,10 +149,10 @@ EverCrypt_DRBG_state_s *EverCrypt_DRBG_create_in(Spec_Hash_Definitions_hash_alg
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC((uint32_t)20U, sizeof (uint8_t));
-        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC((uint32_t)20U, sizeof (uint8_t));
+        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC(20U, sizeof (uint8_t));
+        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC(20U, sizeof (uint8_t));
         uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         st =
           (
             (EverCrypt_DRBG_state_s){
@@ -164,10 +164,10 @@ EverCrypt_DRBG_state_s *EverCrypt_DRBG_create_in(Spec_Hash_Definitions_hash_alg
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
+        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
         uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         st =
           (
             (EverCrypt_DRBG_state_s){
@@ -179,10 +179,10 @@ EverCrypt_DRBG_state_s *EverCrypt_DRBG_create_in(Spec_Hash_Definitions_hash_alg
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC((uint32_t)48U, sizeof (uint8_t));
-        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC((uint32_t)48U, sizeof (uint8_t));
+        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC(48U, sizeof (uint8_t));
+        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC(48U, sizeof (uint8_t));
         uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         st =
           (
             (EverCrypt_DRBG_state_s){
@@ -194,10 +194,10 @@ EverCrypt_DRBG_state_s *EverCrypt_DRBG_create_in(Spec_Hash_Definitions_hash_alg
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
+        uint8_t *k = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+        uint8_t *v = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
         uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         st =
           (
             (EverCrypt_DRBG_state_s){
@@ -247,7 +247,7 @@ instantiate_sha1(
     return false;
   }
   uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
-  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1) / (uint32_t)2U;
+  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1) / 2U;
   uint32_t min_entropy = entropy_input_len + nonce_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), min_entropy);
   uint8_t *entropy = (uint8_t *)alloca(min_entropy * sizeof (uint8_t));
@@ -285,45 +285,43 @@ instantiate_sha1(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  memset(k, 0U, (uint32_t)20U * sizeof (uint8_t));
-  memset(v, (uint8_t)1U, (uint32_t)20U * sizeof (uint8_t));
-  ctr[0U] = (uint32_t)1U;
-  uint32_t
-  input_len = (uint32_t)21U + entropy_input_len + nonce_len + personalization_string_len;
+  memset(k, 0U, 20U * sizeof (uint8_t));
+  memset(v, 1U, 20U * sizeof (uint8_t));
+  ctr[0U] = 1U;
+  uint32_t input_len = 21U + entropy_input_len + nonce_len + personalization_string_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  memcpy(k_, v, 20U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    memcpy(input0 + (uint32_t)21U,
+    memcpy(input0 + 21U,
       seed_material,
       (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
   }
-  input0[20U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  input0[20U] = 0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+  memcpy(k, k_, 20U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    uint32_t
-    input_len0 = (uint32_t)21U + entropy_input_len + nonce_len + personalization_string_len;
+    uint32_t input_len0 = 21U + entropy_input_len + nonce_len + personalization_string_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-    if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+    memcpy(k_0, v, 20U * sizeof (uint8_t));
+    if (entropy_input_len + nonce_len + personalization_string_len != 0U)
     {
-      memcpy(input + (uint32_t)21U,
+      memcpy(input + 21U,
         seed_material,
         (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
     }
-    input[20U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+    input[20U] = 1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+    memcpy(k, k_0, 20U * sizeof (uint8_t));
   }
   return true;
 }
@@ -340,7 +338,7 @@ instantiate_sha2_256(
     return false;
   }
   uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
-  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256) / (uint32_t)2U;
+  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256) / 2U;
   uint32_t min_entropy = entropy_input_len + nonce_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), min_entropy);
   uint8_t *entropy = (uint8_t *)alloca(min_entropy * sizeof (uint8_t));
@@ -378,45 +376,43 @@ instantiate_sha2_256(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  memset(k, 0U, (uint32_t)32U * sizeof (uint8_t));
-  memset(v, (uint8_t)1U, (uint32_t)32U * sizeof (uint8_t));
-  ctr[0U] = (uint32_t)1U;
-  uint32_t
-  input_len = (uint32_t)33U + entropy_input_len + nonce_len + personalization_string_len;
+  memset(k, 0U, 32U * sizeof (uint8_t));
+  memset(v, 1U, 32U * sizeof (uint8_t));
+  ctr[0U] = 1U;
+  uint32_t input_len = 33U + entropy_input_len + nonce_len + personalization_string_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  memcpy(k_, v, 32U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    memcpy(input0 + (uint32_t)33U,
+    memcpy(input0 + 33U,
       seed_material,
       (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
   }
-  input0[32U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  input0[32U] = 0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+  memcpy(k, k_, 32U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    uint32_t
-    input_len0 = (uint32_t)33U + entropy_input_len + nonce_len + personalization_string_len;
+    uint32_t input_len0 = 33U + entropy_input_len + nonce_len + personalization_string_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-    if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+    memcpy(k_0, v, 32U * sizeof (uint8_t));
+    if (entropy_input_len + nonce_len + personalization_string_len != 0U)
     {
-      memcpy(input + (uint32_t)33U,
+      memcpy(input + 33U,
         seed_material,
         (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
     }
-    input[32U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+    input[32U] = 1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+    memcpy(k, k_0, 32U * sizeof (uint8_t));
   }
   return true;
 }
@@ -433,7 +429,7 @@ instantiate_sha2_384(
     return false;
   }
   uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
-  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384) / (uint32_t)2U;
+  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384) / 2U;
   uint32_t min_entropy = entropy_input_len + nonce_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), min_entropy);
   uint8_t *entropy = (uint8_t *)alloca(min_entropy * sizeof (uint8_t));
@@ -471,45 +467,43 @@ instantiate_sha2_384(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  memset(k, 0U, (uint32_t)48U * sizeof (uint8_t));
-  memset(v, (uint8_t)1U, (uint32_t)48U * sizeof (uint8_t));
-  ctr[0U] = (uint32_t)1U;
-  uint32_t
-  input_len = (uint32_t)49U + entropy_input_len + nonce_len + personalization_string_len;
+  memset(k, 0U, 48U * sizeof (uint8_t));
+  memset(v, 1U, 48U * sizeof (uint8_t));
+  ctr[0U] = 1U;
+  uint32_t input_len = 49U + entropy_input_len + nonce_len + personalization_string_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  memcpy(k_, v, 48U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    memcpy(input0 + (uint32_t)49U,
+    memcpy(input0 + 49U,
       seed_material,
       (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
   }
-  input0[48U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  input0[48U] = 0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+  memcpy(k, k_, 48U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    uint32_t
-    input_len0 = (uint32_t)49U + entropy_input_len + nonce_len + personalization_string_len;
+    uint32_t input_len0 = 49U + entropy_input_len + nonce_len + personalization_string_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-    if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+    memcpy(k_0, v, 48U * sizeof (uint8_t));
+    if (entropy_input_len + nonce_len + personalization_string_len != 0U)
     {
-      memcpy(input + (uint32_t)49U,
+      memcpy(input + 49U,
         seed_material,
         (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
     }
-    input[48U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+    input[48U] = 1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+    memcpy(k, k_0, 48U * sizeof (uint8_t));
   }
   return true;
 }
@@ -526,7 +520,7 @@ instantiate_sha2_512(
     return false;
   }
   uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
-  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512) / (uint32_t)2U;
+  uint32_t nonce_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512) / 2U;
   uint32_t min_entropy = entropy_input_len + nonce_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), min_entropy);
   uint8_t *entropy = (uint8_t *)alloca(min_entropy * sizeof (uint8_t));
@@ -564,45 +558,43 @@ instantiate_sha2_512(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  memset(k, 0U, (uint32_t)64U * sizeof (uint8_t));
-  memset(v, (uint8_t)1U, (uint32_t)64U * sizeof (uint8_t));
-  ctr[0U] = (uint32_t)1U;
-  uint32_t
-  input_len = (uint32_t)65U + entropy_input_len + nonce_len + personalization_string_len;
+  memset(k, 0U, 64U * sizeof (uint8_t));
+  memset(v, 1U, 64U * sizeof (uint8_t));
+  ctr[0U] = 1U;
+  uint32_t input_len = 65U + entropy_input_len + nonce_len + personalization_string_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  memcpy(k_, v, 64U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    memcpy(input0 + (uint32_t)65U,
+    memcpy(input0 + 65U,
       seed_material,
       (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
   }
-  input0[64U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-  if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+  input0[64U] = 0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+  memcpy(k, k_, 64U * sizeof (uint8_t));
+  if (entropy_input_len + nonce_len + personalization_string_len != 0U)
   {
-    uint32_t
-    input_len0 = (uint32_t)65U + entropy_input_len + nonce_len + personalization_string_len;
+    uint32_t input_len0 = 65U + entropy_input_len + nonce_len + personalization_string_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-    if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+    memcpy(k_0, v, 64U * sizeof (uint8_t));
+    if (entropy_input_len + nonce_len + personalization_string_len != 0U)
     {
-      memcpy(input + (uint32_t)65U,
+      memcpy(input + 65U,
         seed_material,
         (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
     }
-    input[64U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+    input[64U] = 1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+    memcpy(k, k_0, 64U * sizeof (uint8_t));
   }
   return true;
 }
@@ -649,42 +641,42 @@ reseed_sha1(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
+  uint32_t input_len = 21U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 20U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)21U,
+    memcpy(input0 + 21U,
       seed_material,
       (entropy_input_len + additional_input_len) * sizeof (uint8_t));
   }
-  input0[20U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  input0[20U] = 0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+  memcpy(k, k_, 20U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_len;
+    uint32_t input_len0 = 21U + entropy_input_len + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-    if (entropy_input_len + additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 20U * sizeof (uint8_t));
+    if (entropy_input_len + additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)21U,
+      memcpy(input + 21U,
         seed_material,
         (entropy_input_len + additional_input_len) * sizeof (uint8_t));
     }
-    input[20U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+    input[20U] = 1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+    memcpy(k, k_0, 20U * sizeof (uint8_t));
   }
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return true;
 }
 
@@ -730,42 +722,42 @@ reseed_sha2_256(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
+  uint32_t input_len = 33U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 32U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)33U,
+    memcpy(input0 + 33U,
       seed_material,
       (entropy_input_len + additional_input_len) * sizeof (uint8_t));
   }
-  input0[32U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  input0[32U] = 0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+  memcpy(k, k_, 32U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_len;
+    uint32_t input_len0 = 33U + entropy_input_len + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-    if (entropy_input_len + additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 32U * sizeof (uint8_t));
+    if (entropy_input_len + additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)33U,
+      memcpy(input + 33U,
         seed_material,
         (entropy_input_len + additional_input_len) * sizeof (uint8_t));
     }
-    input[32U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+    input[32U] = 1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+    memcpy(k, k_0, 32U * sizeof (uint8_t));
   }
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return true;
 }
 
@@ -811,42 +803,42 @@ reseed_sha2_384(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
+  uint32_t input_len = 49U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 48U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)49U,
+    memcpy(input0 + 49U,
       seed_material,
       (entropy_input_len + additional_input_len) * sizeof (uint8_t));
   }
-  input0[48U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  input0[48U] = 0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+  memcpy(k, k_, 48U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_len;
+    uint32_t input_len0 = 49U + entropy_input_len + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-    if (entropy_input_len + additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 48U * sizeof (uint8_t));
+    if (entropy_input_len + additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)49U,
+      memcpy(input + 49U,
         seed_material,
         (entropy_input_len + additional_input_len) * sizeof (uint8_t));
     }
-    input[48U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+    input[48U] = 1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+    memcpy(k, k_0, 48U * sizeof (uint8_t));
   }
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return true;
 }
 
@@ -892,42 +884,42 @@ reseed_sha2_512(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
+  uint32_t input_len = 65U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 64U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)65U,
+    memcpy(input0 + 65U,
       seed_material,
       (entropy_input_len + additional_input_len) * sizeof (uint8_t));
   }
-  input0[64U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-  if (entropy_input_len + additional_input_len != (uint32_t)0U)
+  input0[64U] = 0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+  memcpy(k, k_, 64U * sizeof (uint8_t));
+  if (entropy_input_len + additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_len;
+    uint32_t input_len0 = 65U + entropy_input_len + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-    if (entropy_input_len + additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 64U * sizeof (uint8_t));
+    if (entropy_input_len + additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)65U,
+      memcpy(input + 65U,
         seed_material,
         (entropy_input_len + additional_input_len) * sizeof (uint8_t));
     }
-    input[64U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+    input[64U] = 1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+    memcpy(k, k_0, 64U * sizeof (uint8_t));
   }
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return true;
 }
 
@@ -992,42 +984,42 @@ generate_sha1(
       uint8_t *k = scrut.k;
       uint8_t *v = scrut.v;
       uint32_t *ctr = scrut.reseed_counter;
-      uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
+      uint32_t input_len = 21U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      memcpy(k_, v, 20U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        memcpy(input0 + (uint32_t)21U,
+        memcpy(input0 + 21U,
           seed_material,
           (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
-      input0[20U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-      EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      input0[20U] = 0U;
+      EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+      EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+      memcpy(k, k_, 20U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_len;
+        uint32_t input_len0 = 21U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_len != (uint32_t)0U)
+        memcpy(k_0, v, 20U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_len != 0U)
         {
-          memcpy(input + (uint32_t)21U,
+          memcpy(input + 21U,
             seed_material,
             (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
-        input[20U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-        EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+        input[20U] = 1U;
+        EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+        EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+        memcpy(k, k_0, 20U * sizeof (uint8_t));
       }
-      ctr[0U] = (uint32_t)1U;
+      ctr[0U] = 1U;
       result = true;
     }
     ok0 = result;
@@ -1037,16 +1029,16 @@ generate_sha1(
     return false;
   }
   EverCrypt_DRBG_state_s st_s = *st;
-  Hacl_HMAC_DRBG_state x1;
+  Hacl_HMAC_DRBG_state ite;
   if (st_s.tag == SHA1_s)
   {
-    x1 = st_s.case_SHA1_s;
+    ite = st_s.case_SHA1_s;
   }
   else
   {
-    x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+    ite = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
+  if (ite.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
     return false;
   }
@@ -1062,87 +1054,87 @@ generate_sha1(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  if (additional_input_len > (uint32_t)0U)
+  if (additional_input_len > 0U)
   {
-    uint32_t input_len = (uint32_t)21U + additional_input_len;
+    uint32_t input_len = 21U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
     memset(input0, 0U, input_len * sizeof (uint8_t));
     uint8_t *k_ = input0;
-    memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_, v, 20U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input0 + 21U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input0[20U] = (uint8_t)0U;
-    EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-    EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    input0[20U] = 0U;
+    EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+    EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+    memcpy(k, k_, 20U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+      uint32_t input_len0 = 21U + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
       uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
       memset(input, 0U, input_len0 * sizeof (uint8_t));
       uint8_t *k_0 = input;
-      memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
+      memcpy(k_0, v, 20U * sizeof (uint8_t));
+      if (additional_input_len != 0U)
       {
-        memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+        memcpy(input + 21U, additional_input, additional_input_len * sizeof (uint8_t));
       }
-      input[20U] = (uint8_t)1U;
-      EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-      EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+      input[20U] = 1U;
+      EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+      EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+      memcpy(k, k_0, 20U * sizeof (uint8_t));
     }
   }
   uint8_t *output1 = output;
-  uint32_t max = n / (uint32_t)20U;
+  uint32_t max = n / 20U;
   uint8_t *out = output1;
-  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  for (uint32_t i = 0U; i < max; i++)
   {
-    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
+    EverCrypt_HMAC_compute_sha1(v, k, 20U, v, 20U);
+    memcpy(out + i * 20U, v, 20U * sizeof (uint8_t));
   }
-  if (max * (uint32_t)20U < n)
+  if (max * 20U < n)
   {
-    uint8_t *block = output1 + max * (uint32_t)20U;
-    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
+    uint8_t *block = output1 + max * 20U;
+    EverCrypt_HMAC_compute_sha1(v, k, 20U, v, 20U);
+    memcpy(block, v, (n - max * 20U) * sizeof (uint8_t));
   }
-  uint32_t input_len = (uint32_t)21U + additional_input_len;
+  uint32_t input_len = 21U + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 20U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+    memcpy(input0 + 21U, additional_input, additional_input_len * sizeof (uint8_t));
   }
-  input0[20U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  input0[20U] = 0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+  memcpy(k, k_, 20U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+    uint32_t input_len0 = 21U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 20U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input + 21U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input[20U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+    input[20U] = 1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+    memcpy(k, k_0, 20U * sizeof (uint8_t));
   }
   uint32_t old_ctr = ctr[0U];
-  ctr[0U] = old_ctr + (uint32_t)1U;
+  ctr[0U] = old_ctr + 1U;
   return true;
 }
 
@@ -1207,42 +1199,42 @@ generate_sha2_256(
       uint8_t *k = scrut.k;
       uint8_t *v = scrut.v;
       uint32_t *ctr = scrut.reseed_counter;
-      uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
+      uint32_t input_len = 33U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      memcpy(k_, v, 32U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        memcpy(input0 + (uint32_t)33U,
+        memcpy(input0 + 33U,
           seed_material,
           (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
-      input0[32U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      input0[32U] = 0U;
+      EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+      EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+      memcpy(k, k_, 32U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_len;
+        uint32_t input_len0 = 33U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_len != (uint32_t)0U)
+        memcpy(k_0, v, 32U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_len != 0U)
         {
-          memcpy(input + (uint32_t)33U,
+          memcpy(input + 33U,
             seed_material,
             (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
-        input[32U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+        input[32U] = 1U;
+        EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+        EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+        memcpy(k, k_0, 32U * sizeof (uint8_t));
       }
-      ctr[0U] = (uint32_t)1U;
+      ctr[0U] = 1U;
       result = true;
     }
     ok0 = result;
@@ -1252,16 +1244,16 @@ generate_sha2_256(
     return false;
   }
   EverCrypt_DRBG_state_s st_s = *st;
-  Hacl_HMAC_DRBG_state x1;
+  Hacl_HMAC_DRBG_state ite;
   if (st_s.tag == SHA2_256_s)
   {
-    x1 = st_s.case_SHA2_256_s;
+    ite = st_s.case_SHA2_256_s;
   }
   else
   {
-    x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+    ite = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
+  if (ite.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
     return false;
   }
@@ -1277,87 +1269,87 @@ generate_sha2_256(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  if (additional_input_len > (uint32_t)0U)
+  if (additional_input_len > 0U)
   {
-    uint32_t input_len = (uint32_t)33U + additional_input_len;
+    uint32_t input_len = 33U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
     memset(input0, 0U, input_len * sizeof (uint8_t));
     uint8_t *k_ = input0;
-    memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_, v, 32U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input0 + 33U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input0[32U] = (uint8_t)0U;
-    EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-    EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    input0[32U] = 0U;
+    EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+    EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+    memcpy(k, k_, 32U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+      uint32_t input_len0 = 33U + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
       uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
       memset(input, 0U, input_len0 * sizeof (uint8_t));
       uint8_t *k_0 = input;
-      memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
+      memcpy(k_0, v, 32U * sizeof (uint8_t));
+      if (additional_input_len != 0U)
       {
-        memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+        memcpy(input + 33U, additional_input, additional_input_len * sizeof (uint8_t));
       }
-      input[32U] = (uint8_t)1U;
-      EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-      EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+      input[32U] = 1U;
+      EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+      EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+      memcpy(k, k_0, 32U * sizeof (uint8_t));
     }
   }
   uint8_t *output1 = output;
-  uint32_t max = n / (uint32_t)32U;
+  uint32_t max = n / 32U;
   uint8_t *out = output1;
-  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  for (uint32_t i = 0U; i < max; i++)
   {
-    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
+    EverCrypt_HMAC_compute_sha2_256(v, k, 32U, v, 32U);
+    memcpy(out + i * 32U, v, 32U * sizeof (uint8_t));
   }
-  if (max * (uint32_t)32U < n)
+  if (max * 32U < n)
   {
-    uint8_t *block = output1 + max * (uint32_t)32U;
-    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
+    uint8_t *block = output1 + max * 32U;
+    EverCrypt_HMAC_compute_sha2_256(v, k, 32U, v, 32U);
+    memcpy(block, v, (n - max * 32U) * sizeof (uint8_t));
   }
-  uint32_t input_len = (uint32_t)33U + additional_input_len;
+  uint32_t input_len = 33U + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 32U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+    memcpy(input0 + 33U, additional_input, additional_input_len * sizeof (uint8_t));
   }
-  input0[32U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  input0[32U] = 0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+  memcpy(k, k_, 32U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+    uint32_t input_len0 = 33U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 32U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input + 33U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input[32U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+    input[32U] = 1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+    memcpy(k, k_0, 32U * sizeof (uint8_t));
   }
   uint32_t old_ctr = ctr[0U];
-  ctr[0U] = old_ctr + (uint32_t)1U;
+  ctr[0U] = old_ctr + 1U;
   return true;
 }
 
@@ -1422,42 +1414,42 @@ generate_sha2_384(
       uint8_t *k = scrut.k;
       uint8_t *v = scrut.v;
       uint32_t *ctr = scrut.reseed_counter;
-      uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
+      uint32_t input_len = 49U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      memcpy(k_, v, 48U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        memcpy(input0 + (uint32_t)49U,
+        memcpy(input0 + 49U,
           seed_material,
           (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
-      input0[48U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      input0[48U] = 0U;
+      EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+      EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+      memcpy(k, k_, 48U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_len;
+        uint32_t input_len0 = 49U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_len != (uint32_t)0U)
+        memcpy(k_0, v, 48U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_len != 0U)
         {
-          memcpy(input + (uint32_t)49U,
+          memcpy(input + 49U,
             seed_material,
             (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
-        input[48U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+        input[48U] = 1U;
+        EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+        EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+        memcpy(k, k_0, 48U * sizeof (uint8_t));
       }
-      ctr[0U] = (uint32_t)1U;
+      ctr[0U] = 1U;
       result = true;
     }
     ok0 = result;
@@ -1467,16 +1459,16 @@ generate_sha2_384(
     return false;
   }
   EverCrypt_DRBG_state_s st_s = *st;
-  Hacl_HMAC_DRBG_state x1;
+  Hacl_HMAC_DRBG_state ite;
   if (st_s.tag == SHA2_384_s)
   {
-    x1 = st_s.case_SHA2_384_s;
+    ite = st_s.case_SHA2_384_s;
   }
   else
   {
-    x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+    ite = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
+  if (ite.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
     return false;
   }
@@ -1492,87 +1484,87 @@ generate_sha2_384(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  if (additional_input_len > (uint32_t)0U)
+  if (additional_input_len > 0U)
   {
-    uint32_t input_len = (uint32_t)49U + additional_input_len;
+    uint32_t input_len = 49U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
     memset(input0, 0U, input_len * sizeof (uint8_t));
     uint8_t *k_ = input0;
-    memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_, v, 48U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input0 + 49U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input0[48U] = (uint8_t)0U;
-    EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-    EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    input0[48U] = 0U;
+    EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+    EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+    memcpy(k, k_, 48U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+      uint32_t input_len0 = 49U + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
       uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
       memset(input, 0U, input_len0 * sizeof (uint8_t));
       uint8_t *k_0 = input;
-      memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
+      memcpy(k_0, v, 48U * sizeof (uint8_t));
+      if (additional_input_len != 0U)
       {
-        memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+        memcpy(input + 49U, additional_input, additional_input_len * sizeof (uint8_t));
       }
-      input[48U] = (uint8_t)1U;
-      EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-      EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+      input[48U] = 1U;
+      EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+      EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+      memcpy(k, k_0, 48U * sizeof (uint8_t));
     }
   }
   uint8_t *output1 = output;
-  uint32_t max = n / (uint32_t)48U;
+  uint32_t max = n / 48U;
   uint8_t *out = output1;
-  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  for (uint32_t i = 0U; i < max; i++)
   {
-    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
+    EverCrypt_HMAC_compute_sha2_384(v, k, 48U, v, 48U);
+    memcpy(out + i * 48U, v, 48U * sizeof (uint8_t));
   }
-  if (max * (uint32_t)48U < n)
+  if (max * 48U < n)
   {
-    uint8_t *block = output1 + max * (uint32_t)48U;
-    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
+    uint8_t *block = output1 + max * 48U;
+    EverCrypt_HMAC_compute_sha2_384(v, k, 48U, v, 48U);
+    memcpy(block, v, (n - max * 48U) * sizeof (uint8_t));
   }
-  uint32_t input_len = (uint32_t)49U + additional_input_len;
+  uint32_t input_len = 49U + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 48U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+    memcpy(input0 + 49U, additional_input, additional_input_len * sizeof (uint8_t));
   }
-  input0[48U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  input0[48U] = 0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+  memcpy(k, k_, 48U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+    uint32_t input_len0 = 49U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 48U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input + 49U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input[48U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+    input[48U] = 1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+    memcpy(k, k_0, 48U * sizeof (uint8_t));
   }
   uint32_t old_ctr = ctr[0U];
-  ctr[0U] = old_ctr + (uint32_t)1U;
+  ctr[0U] = old_ctr + 1U;
   return true;
 }
 
@@ -1637,42 +1629,42 @@ generate_sha2_512(
       uint8_t *k = scrut.k;
       uint8_t *v = scrut.v;
       uint32_t *ctr = scrut.reseed_counter;
-      uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
+      uint32_t input_len = 65U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      memcpy(k_, v, 64U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        memcpy(input0 + (uint32_t)65U,
+        memcpy(input0 + 65U,
           seed_material,
           (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
-      input0[64U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len + additional_input_len != (uint32_t)0U)
+      input0[64U] = 0U;
+      EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+      EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+      memcpy(k, k_, 64U * sizeof (uint8_t));
+      if (entropy_input_len + additional_input_len != 0U)
       {
-        uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_len;
+        uint32_t input_len0 = 65U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_len != (uint32_t)0U)
+        memcpy(k_0, v, 64U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_len != 0U)
         {
-          memcpy(input + (uint32_t)65U,
+          memcpy(input + 65U,
             seed_material,
             (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
-        input[64U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+        input[64U] = 1U;
+        EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+        EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+        memcpy(k, k_0, 64U * sizeof (uint8_t));
       }
-      ctr[0U] = (uint32_t)1U;
+      ctr[0U] = 1U;
       result = true;
     }
     ok0 = result;
@@ -1682,16 +1674,16 @@ generate_sha2_512(
     return false;
   }
   EverCrypt_DRBG_state_s st_s = *st;
-  Hacl_HMAC_DRBG_state x1;
+  Hacl_HMAC_DRBG_state ite;
   if (st_s.tag == SHA2_512_s)
   {
-    x1 = st_s.case_SHA2_512_s;
+    ite = st_s.case_SHA2_512_s;
   }
   else
   {
-    x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+    ite = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
+  if (ite.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
     return false;
   }
@@ -1707,87 +1699,87 @@ generate_sha2_512(
   uint8_t *k = scrut.k;
   uint8_t *v = scrut.v;
   uint32_t *ctr = scrut.reseed_counter;
-  if (additional_input_len > (uint32_t)0U)
+  if (additional_input_len > 0U)
   {
-    uint32_t input_len = (uint32_t)65U + additional_input_len;
+    uint32_t input_len = 65U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
     memset(input0, 0U, input_len * sizeof (uint8_t));
     uint8_t *k_ = input0;
-    memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_, v, 64U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input0 + 65U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input0[64U] = (uint8_t)0U;
-    EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-    EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    input0[64U] = 0U;
+    EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+    EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+    memcpy(k, k_, 64U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+      uint32_t input_len0 = 65U + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
       uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
       memset(input, 0U, input_len0 * sizeof (uint8_t));
       uint8_t *k_0 = input;
-      memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
+      memcpy(k_0, v, 64U * sizeof (uint8_t));
+      if (additional_input_len != 0U)
       {
-        memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+        memcpy(input + 65U, additional_input, additional_input_len * sizeof (uint8_t));
       }
-      input[64U] = (uint8_t)1U;
-      EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-      EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+      input[64U] = 1U;
+      EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+      EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+      memcpy(k, k_0, 64U * sizeof (uint8_t));
     }
   }
   uint8_t *output1 = output;
-  uint32_t max = n / (uint32_t)64U;
+  uint32_t max = n / 64U;
   uint8_t *out = output1;
-  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  for (uint32_t i = 0U; i < max; i++)
   {
-    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
+    EverCrypt_HMAC_compute_sha2_512(v, k, 64U, v, 64U);
+    memcpy(out + i * 64U, v, 64U * sizeof (uint8_t));
   }
-  if (max * (uint32_t)64U < n)
+  if (max * 64U < n)
   {
-    uint8_t *block = output1 + max * (uint32_t)64U;
-    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
+    uint8_t *block = output1 + max * 64U;
+    EverCrypt_HMAC_compute_sha2_512(v, k, 64U, v, 64U);
+    memcpy(block, v, (n - max * 64U) * sizeof (uint8_t));
   }
-  uint32_t input_len = (uint32_t)65U + additional_input_len;
+  uint32_t input_len = 65U + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
   memset(input0, 0U, input_len * sizeof (uint8_t));
   uint8_t *k_ = input0;
-  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  memcpy(k_, v, 64U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+    memcpy(input0 + 65U, additional_input, additional_input_len * sizeof (uint8_t));
   }
-  input0[64U] = (uint8_t)0U;
-  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-  if (additional_input_len != (uint32_t)0U)
+  input0[64U] = 0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+  memcpy(k, k_, 64U * sizeof (uint8_t));
+  if (additional_input_len != 0U)
   {
-    uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+    uint32_t input_len0 = 65U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
     uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
     memset(input, 0U, input_len0 * sizeof (uint8_t));
     uint8_t *k_0 = input;
-    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-    if (additional_input_len != (uint32_t)0U)
+    memcpy(k_0, v, 64U * sizeof (uint8_t));
+    if (additional_input_len != 0U)
     {
-      memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+      memcpy(input + 65U, additional_input, additional_input_len * sizeof (uint8_t));
     }
-    input[64U] = (uint8_t)1U;
-    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+    input[64U] = 1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+    memcpy(k, k_0, 64U * sizeof (uint8_t));
   }
   uint32_t old_ctr = ctr[0U];
-  ctr[0U] = old_ctr + (uint32_t)1U;
+  ctr[0U] = old_ctr + 1U;
   return true;
 }
 
@@ -1806,9 +1798,9 @@ static void uninstantiate_sha1(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)20U, uint8_t);
-  Lib_Memzero0_memzero(v, (uint32_t)20U, uint8_t);
-  ctr[0U] = (uint32_t)0U;
+  Lib_Memzero0_memzero(k, 20U, uint8_t);
+  Lib_Memzero0_memzero(v, 20U, uint8_t);
+  ctr[0U] = 0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
   KRML_HOST_FREE(ctr);
@@ -1830,9 +1822,9 @@ static void uninstantiate_sha2_256(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(v, (uint32_t)32U, uint8_t);
-  ctr[0U] = (uint32_t)0U;
+  Lib_Memzero0_memzero(k, 32U, uint8_t);
+  Lib_Memzero0_memzero(v, 32U, uint8_t);
+  ctr[0U] = 0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
   KRML_HOST_FREE(ctr);
@@ -1854,9 +1846,9 @@ static void uninstantiate_sha2_384(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)48U, uint8_t);
-  Lib_Memzero0_memzero(v, (uint32_t)48U, uint8_t);
-  ctr[0U] = (uint32_t)0U;
+  Lib_Memzero0_memzero(k, 48U, uint8_t);
+  Lib_Memzero0_memzero(v, 48U, uint8_t);
+  ctr[0U] = 0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
   KRML_HOST_FREE(ctr);
@@ -1878,9 +1870,9 @@ static void uninstantiate_sha2_512(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)64U, uint8_t);
-  Lib_Memzero0_memzero(v, (uint32_t)64U, uint8_t);
-  ctr[0U] = (uint32_t)0U;
+  Lib_Memzero0_memzero(k, 64U, uint8_t);
+  Lib_Memzero0_memzero(v, 64U, uint8_t);
+  ctr[0U] = 0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
   KRML_HOST_FREE(ctr);
diff --git a/src/msvc/EverCrypt_HKDF.c b/src/msvc/EverCrypt_HKDF.c
index a802095d..cbccb94f 100644
--- a/src/msvc/EverCrypt_HKDF.c
+++ b/src/msvc/EverCrypt_HKDF.c
@@ -37,39 +37,39 @@ expand_sha1(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)20U;
+  uint32_t tlen = 20U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha1(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -92,39 +92,39 @@ expand_sha2_256(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -147,39 +147,39 @@ expand_sha2_384(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)48U;
+  uint32_t tlen = 48U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -202,39 +202,39 @@ expand_sha2_512(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -257,39 +257,39 @@ expand_blake2s(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2s(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -312,39 +312,39 @@ expand_blake2b(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      EverCrypt_HMAC_compute_blake2b(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
diff --git a/src/msvc/EverCrypt_HMAC.c b/src/msvc/EverCrypt_HMAC.c
index f279dfb8..386cb17f 100644
--- a/src/msvc/EverCrypt_HMAC.c
+++ b/src/msvc/EverCrypt_HMAC.c
@@ -28,7 +28,9 @@
 #include "internal/Hacl_Krmllib.h"
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b.h"
+#include "internal/Hacl_HMAC.h"
 #include "internal/EverCrypt_Hash.h"
 
 bool EverCrypt_HMAC_is_supported_alg(Spec_Hash_Definitions_hash_alg uu___)
@@ -67,7 +69,7 @@ bool EverCrypt_HMAC_is_supported_alg(Spec_Hash_Definitions_hash_alg uu___)
 }
 
 void
-(*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint32_t x1, uint8_t *x2) =
+(*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint8_t *x1, uint32_t x2) =
   EverCrypt_Hash_Incremental_hash_256;
 
 void
@@ -79,68 +81,63 @@ EverCrypt_HMAC_compute_sha1(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)20U;
+    ite = 20U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Hash_SHA1_legacy_hash(key, key_len, nkey);
+    Hacl_Hash_SHA1_hash_oneshot(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
-  uint32_t
-  s[5U] =
-    {
-      (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
-      (uint32_t)0xc3d2e1f0U
-    };
+  uint32_t s[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_Hash_SHA1_legacy_update_last(s, (uint64_t)0U, ipad, (uint32_t)64U);
+    Hacl_Hash_SHA1_update_last(s, 0ULL, ipad, 64U);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -152,25 +149,21 @@ EverCrypt_HMAC_compute_sha1(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_Hash_SHA1_legacy_update_multi(s, ipad, (uint32_t)1U);
-    Hacl_Hash_SHA1_legacy_update_multi(s, full_blocks, n_blocks);
-    Hacl_Hash_SHA1_legacy_update_last(s,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
-      rem,
-      rem_len);
+    Hacl_Hash_SHA1_update_multi(s, ipad, 1U);
+    Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks);
+    Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len);
   }
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst1);
+  Hacl_Hash_SHA1_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_Hash_Core_SHA1_legacy_init(s);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)20U / block_len;
-  uint32_t rem0 = (uint32_t)20U % block_len;
+  Hacl_Hash_SHA1_init(s);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 20U / block_len;
+  uint32_t rem0 = 20U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)20U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 20U - n_blocks_ * block_len });
   }
   else
   {
@@ -181,13 +174,10 @@ EverCrypt_HMAC_compute_sha1(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_Hash_SHA1_legacy_update_multi(s, opad, (uint32_t)1U);
-  Hacl_Hash_SHA1_legacy_update_multi(s, full_blocks, n_blocks);
-  Hacl_Hash_SHA1_legacy_update_last(s,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
-    rem,
-    rem_len);
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst);
+  Hacl_Hash_SHA1_update_multi(s, opad, 1U);
+  Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks);
+  Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len);
+  Hacl_Hash_SHA1_finish(s, dst);
 }
 
 void
@@ -199,74 +189,71 @@ EverCrypt_HMAC_compute_sha2_256(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    EverCrypt_HMAC_hash_256(key, key_len, nkey);
+    EverCrypt_HMAC_hash_256(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint32_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = st;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t x = Hacl_Hash_SHA2_h256[i];
     os[i] = x;);
   uint32_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)0U + (uint64_t)(uint32_t)64U,
-      (uint32_t)64U,
-      ipad,
-      s);
+    Hacl_Hash_SHA2_sha256_update_last(0ULL + (uint64_t)64U, 64U, ipad, s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -278,27 +265,24 @@ EverCrypt_HMAC_compute_sha2_256(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    EverCrypt_Hash_update_multi_256(s, ipad, (uint32_t)1U);
+    EverCrypt_Hash_update_multi_256(s, ipad, 1U);
     EverCrypt_Hash_update_multi_256(s, full_blocks, n_blocks);
-    Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)(uint32_t)64U
-      + (uint64_t)full_blocks_len
-      + (uint64_t)rem_len,
+    Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len,
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst1);
+  Hacl_Hash_SHA2_sha256_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha256_init(s);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_SHA2_sha256_init(s);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -309,15 +293,13 @@ EverCrypt_HMAC_compute_sha2_256(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  EverCrypt_Hash_update_multi_256(s, opad, (uint32_t)1U);
+  EverCrypt_Hash_update_multi_256(s, opad, 1U);
   EverCrypt_Hash_update_multi_256(s, full_blocks, n_blocks);
-  Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)(uint32_t)64U
-    + (uint64_t)full_blocks_len
-    + (uint64_t)rem_len,
+  Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len,
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst);
+  Hacl_Hash_SHA2_sha256_finish(s, dst);
 }
 
 void
@@ -329,75 +311,75 @@ EverCrypt_HMAC_compute_sha2_384(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)48U;
+    ite = 48U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_384(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_384(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = st;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h384[i];
+    uint64_t x = Hacl_Hash_SHA2_h384[i];
     os[i] = x;);
   uint64_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-        FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U)),
-      (uint32_t)128U,
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL),
+        FStar_UInt128_uint64_to_uint128((uint64_t)128U)),
+      128U,
       ipad,
       s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -409,27 +391,26 @@ EverCrypt_HMAC_compute_sha2_384(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)128U, ipad, s);
-    Hacl_SHA2_Scalar32_sha384_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    Hacl_Hash_SHA2_sha384_update_nblocks(128U, ipad, s);
+    Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s);
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
           FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
         FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha384_finish(s, dst1);
+  Hacl_Hash_SHA2_sha384_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha384_init(s);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)48U / block_len;
-  uint32_t rem0 = (uint32_t)48U % block_len;
+  Hacl_Hash_SHA2_sha384_init(s);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 48U / block_len;
+  uint32_t rem0 = 48U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)48U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 48U - n_blocks_ * block_len });
   }
   else
   {
@@ -440,15 +421,15 @@ EverCrypt_HMAC_compute_sha2_384(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)128U, opad, s);
-  Hacl_SHA2_Scalar32_sha384_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+  Hacl_Hash_SHA2_sha384_update_nblocks(128U, opad, s);
+  Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s);
+  Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha384_finish(s, dst);
+  Hacl_Hash_SHA2_sha384_finish(s, dst);
 }
 
 void
@@ -460,75 +441,75 @@ EverCrypt_HMAC_compute_sha2_512(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_512(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_512(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = st;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h512[i];
+    uint64_t x = Hacl_Hash_SHA2_h512[i];
     os[i] = x;);
   uint64_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-        FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U)),
-      (uint32_t)128U,
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL),
+        FStar_UInt128_uint64_to_uint128((uint64_t)128U)),
+      128U,
       ipad,
       s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -540,27 +521,26 @@ EverCrypt_HMAC_compute_sha2_512(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, ipad, s);
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    Hacl_Hash_SHA2_sha512_update_nblocks(128U, ipad, s);
+    Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s);
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
           FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
         FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha512_finish(s, dst1);
+  Hacl_Hash_SHA2_sha512_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha512_init(s);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_SHA2_sha512_init(s);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -571,15 +551,15 @@ EverCrypt_HMAC_compute_sha2_512(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, opad, s);
-  Hacl_SHA2_Scalar32_sha512_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+  Hacl_Hash_SHA2_sha512_update_nblocks(128U, opad, s);
+  Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s);
+  Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha512_finish(s, dst);
+  Hacl_Hash_SHA2_sha512_finish(s, dst);
 }
 
 void
@@ -591,66 +571,66 @@ EverCrypt_HMAC_compute_blake2s(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2s_32_blake2s((uint32_t)32U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2s_hash_with_key(nkey, 32U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint32_t s[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_init(s, (uint32_t)0U, (uint32_t)32U);
+  Hacl_Hash_Blake2s_init(s, 0U, 32U);
   uint32_t *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last((uint32_t)64U, wv, s0, (uint64_t)0U, (uint32_t)64U, ipad);
+    Hacl_Hash_Blake2s_update_last(64U, wv, s0, 0ULL, 64U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -663,34 +643,33 @@ EverCrypt_HMAC_compute_blake2s(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, ipad, (uint32_t)1U);
+    Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, ipad, 1U);
     uint32_t wv0[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi(n_blocks * (uint32_t)64U,
+    Hacl_Hash_Blake2s_update_multi(n_blocks * 64U,
       wv0,
       s0,
       (uint64_t)block_len,
       full_blocks,
       n_blocks);
     uint32_t wv1[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last(rem_len,
+    Hacl_Hash_Blake2s_update_last(rem_len,
       wv1,
       s0,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+      (uint64_t)64U + (uint64_t)full_blocks_len,
       rem_len,
       rem);
   }
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst1, s0);
+  Hacl_Hash_Blake2s_finish(32U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2s_32_blake2s_init(s0, (uint32_t)0U, (uint32_t)32U);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_Blake2s_init(s0, 0U, 32U);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -702,22 +681,22 @@ EverCrypt_HMAC_compute_blake2s(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   uint32_t wv[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, opad, (uint32_t)1U);
+  Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, opad, 1U);
   uint32_t wv0[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_multi(n_blocks * (uint32_t)64U,
+  Hacl_Hash_Blake2s_update_multi(n_blocks * 64U,
     wv0,
     s0,
     (uint64_t)block_len,
     full_blocks,
     n_blocks);
   uint32_t wv1[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_last(rem_len,
+  Hacl_Hash_Blake2s_update_last(rem_len,
     wv1,
     s0,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+    (uint64_t)64U + (uint64_t)full_blocks_len,
     rem_len,
     rem);
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst, s0);
+  Hacl_Hash_Blake2s_finish(32U, dst, s0);
 }
 
 void
@@ -729,71 +708,66 @@ EverCrypt_HMAC_compute_blake2b(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2b_32_blake2b((uint32_t)64U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2b_hash_with_key(nkey, 64U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t s[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_init(s, (uint32_t)0U, (uint32_t)64U);
+  Hacl_Hash_Blake2b_init(s, 0U, 64U);
   uint64_t *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last((uint32_t)128U,
-      wv,
-      s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      (uint32_t)128U,
-      ipad);
+    Hacl_Hash_Blake2b_update_last(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), 128U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -806,40 +780,34 @@ EverCrypt_HMAC_compute_blake2b(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-      wv,
-      s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      ipad,
-      (uint32_t)1U);
+    Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), ipad, 1U);
     uint64_t wv0[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi(n_blocks * (uint32_t)128U,
+    Hacl_Hash_Blake2b_update_multi(n_blocks * 128U,
       wv0,
       s0,
       FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
       full_blocks,
       n_blocks);
     uint64_t wv1[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last(rem_len,
+    Hacl_Hash_Blake2b_update_last(rem_len,
       wv1,
       s0,
-      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       rem_len,
       rem);
   }
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst1, s0);
+  Hacl_Hash_Blake2b_finish(64U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2b_32_blake2b_init(s0, (uint32_t)0U, (uint32_t)64U);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_Blake2b_init(s0, 0U, 64U);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -851,28 +819,23 @@ EverCrypt_HMAC_compute_blake2b(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   uint64_t wv[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-    wv,
-    s0,
-    FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-    opad,
-    (uint32_t)1U);
+  Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), opad, 1U);
   uint64_t wv0[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_multi(n_blocks * (uint32_t)128U,
+  Hacl_Hash_Blake2b_update_multi(n_blocks * 128U,
     wv0,
     s0,
     FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
     full_blocks,
     n_blocks);
   uint64_t wv1[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_last(rem_len,
+  Hacl_Hash_Blake2b_update_last(rem_len,
     wv1,
     s0,
-    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
       FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
     rem_len,
     rem);
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst, s0);
+  Hacl_Hash_Blake2b_finish(64U, dst, s0);
 }
 
 void
diff --git a/src/msvc/EverCrypt_Hash.c b/src/msvc/EverCrypt_Hash.c
index b88df9e2..92b3c227 100644
--- a/src/msvc/EverCrypt_Hash.c
+++ b/src/msvc/EverCrypt_Hash.c
@@ -31,6 +31,10 @@
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
 #include "internal/Hacl_Hash_MD5.h"
+#include "internal/Hacl_Hash_Blake2s_Simd128.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b_Simd256.h"
+#include "internal/Hacl_Hash_Blake2b.h"
 #include "config.h"
 
 #define MD5_s 0
@@ -146,61 +150,61 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(4U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = MD5_s, { .case_MD5_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(5U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA1_s, { .case_SHA1_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA2_224_s, { .case_SHA2_224_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA2_256_s, { .case_SHA2_256_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA2_384_s, { .case_SHA2_384_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA2_512_s, { .case_SHA2_512_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA3_224_s, { .case_SHA3_224_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA3_256_s, { .case_SHA3_256_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA3_384_s, { .case_SHA3_384_s = buf } });
         break;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = SHA3_512_s, { .case_SHA3_512_s = buf } });
         break;
       }
@@ -214,17 +218,17 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
             (
               (EverCrypt_Hash_state_s){
                 .tag = Blake2S_128_s,
-                { .case_Blake2S_128_s = Hacl_Blake2s_128_blake2s_malloc() }
+                { .case_Blake2S_128_s = Hacl_Hash_Blake2s_Simd128_malloc_with_key() }
               }
             );
         }
         else
         {
-          uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
+          uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(16U, sizeof (uint32_t));
           s = ((EverCrypt_Hash_state_s){ .tag = Blake2S_s, { .case_Blake2S_s = buf } });
         }
         #else
-        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
+        uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC(16U, sizeof (uint32_t));
         s = ((EverCrypt_Hash_state_s){ .tag = Blake2S_s, { .case_Blake2S_s = buf } });
         #endif
         break;
@@ -239,17 +243,17 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
             (
               (EverCrypt_Hash_state_s){
                 .tag = Blake2B_256_s,
-                { .case_Blake2B_256_s = Hacl_Blake2b_256_blake2b_malloc() }
+                { .case_Blake2B_256_s = Hacl_Hash_Blake2b_Simd256_malloc_with_key() }
               }
             );
         }
         else
         {
-          uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
+          uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(16U, sizeof (uint64_t));
           s = ((EverCrypt_Hash_state_s){ .tag = Blake2B_s, { .case_Blake2B_s = buf } });
         }
         #else
-        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
+        uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(16U, sizeof (uint64_t));
         s = ((EverCrypt_Hash_state_s){ .tag = Blake2B_s, { .case_Blake2B_s = buf } });
         #endif
         break;
@@ -272,94 +276,94 @@ static void init(EverCrypt_Hash_state_s *s)
   if (scrut.tag == MD5_s)
   {
     uint32_t *p1 = scrut.case_MD5_s;
-    Hacl_Hash_Core_MD5_legacy_init(p1);
+    Hacl_Hash_MD5_init(p1);
     return;
   }
   if (scrut.tag == SHA1_s)
   {
     uint32_t *p1 = scrut.case_SHA1_s;
-    Hacl_Hash_Core_SHA1_legacy_init(p1);
+    Hacl_Hash_SHA1_init(p1);
     return;
   }
   if (scrut.tag == SHA2_224_s)
   {
     uint32_t *p1 = scrut.case_SHA2_224_s;
-    Hacl_SHA2_Scalar32_sha224_init(p1);
+    Hacl_Hash_SHA2_sha224_init(p1);
     return;
   }
   if (scrut.tag == SHA2_256_s)
   {
     uint32_t *p1 = scrut.case_SHA2_256_s;
-    Hacl_SHA2_Scalar32_sha256_init(p1);
+    Hacl_Hash_SHA2_sha256_init(p1);
     return;
   }
   if (scrut.tag == SHA2_384_s)
   {
     uint64_t *p1 = scrut.case_SHA2_384_s;
-    Hacl_SHA2_Scalar32_sha384_init(p1);
+    Hacl_Hash_SHA2_sha384_init(p1);
     return;
   }
   if (scrut.tag == SHA2_512_s)
   {
     uint64_t *p1 = scrut.case_SHA2_512_s;
-    Hacl_SHA2_Scalar32_sha512_init(p1);
+    Hacl_Hash_SHA2_sha512_init(p1);
     return;
   }
   if (scrut.tag == SHA3_224_s)
   {
     uint64_t *p1 = scrut.case_SHA3_224_s;
-    memset(p1, 0U, (uint32_t)25U * sizeof (uint64_t));
+    memset(p1, 0U, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut.tag == SHA3_256_s)
   {
     uint64_t *p1 = scrut.case_SHA3_256_s;
-    memset(p1, 0U, (uint32_t)25U * sizeof (uint64_t));
+    memset(p1, 0U, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut.tag == SHA3_384_s)
   {
     uint64_t *p1 = scrut.case_SHA3_384_s;
-    memset(p1, 0U, (uint32_t)25U * sizeof (uint64_t));
+    memset(p1, 0U, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut.tag == SHA3_512_s)
   {
     uint64_t *p1 = scrut.case_SHA3_512_s;
-    memset(p1, 0U, (uint32_t)25U * sizeof (uint64_t));
+    memset(p1, 0U, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut.tag == Blake2S_s)
   {
     uint32_t *p1 = scrut.case_Blake2S_s;
-    Hacl_Blake2s_32_blake2s_init(p1, (uint32_t)0U, (uint32_t)32U);
+    Hacl_Hash_Blake2s_init(p1, 0U, 32U);
     return;
   }
   if (scrut.tag == Blake2S_128_s)
   {
     Lib_IntVector_Intrinsics_vec128 *p1 = scrut.case_Blake2S_128_s;
     #if HACL_CAN_COMPILE_VEC128
-    Hacl_Blake2s_128_blake2s_init(p1, (uint32_t)0U, (uint32_t)32U);
+    Hacl_Hash_Blake2s_Simd128_init(p1, 0U, 32U);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
   if (scrut.tag == Blake2B_s)
   {
     uint64_t *p1 = scrut.case_Blake2B_s;
-    Hacl_Blake2b_32_blake2b_init(p1, (uint32_t)0U, (uint32_t)64U);
+    Hacl_Hash_Blake2b_init(p1, 0U, 64U);
     return;
   }
   if (scrut.tag == Blake2B_256_s)
   {
     Lib_IntVector_Intrinsics_vec256 *p1 = scrut.case_Blake2B_256_s;
     #if HACL_CAN_COMPILE_VEC256
-    Hacl_Blake2b_256_blake2b_init(p1, (uint32_t)0U, (uint32_t)64U);
+    Hacl_Hash_Blake2b_Simd256_init(p1, 0U, 64U);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -373,22 +377,16 @@ static void init(EverCrypt_Hash_state_s *s)
 static uint32_t
 k224_256[64U] =
   {
-    (uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, (uint32_t)0xe9b5dba5U,
-    (uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U,
-    (uint32_t)0xd807aa98U, (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U,
-    (uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, (uint32_t)0xc19bf174U,
-    (uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU,
-    (uint32_t)0x2de92c6fU, (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU,
-    (uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, (uint32_t)0xbf597fc7U,
-    (uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, (uint32_t)0x06ca6351U, (uint32_t)0x14292967U,
-    (uint32_t)0x27b70a85U, (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U,
-    (uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, (uint32_t)0x92722c85U,
-    (uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U,
-    (uint32_t)0xd192e819U, (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U,
-    (uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, (uint32_t)0x34b0bcb5U,
-    (uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U,
-    (uint32_t)0x748f82eeU, (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U,
-    (uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, (uint32_t)0xc67178f2U
+    0x428a2f98U, 0x71374491U, 0xb5c0fbcfU, 0xe9b5dba5U, 0x3956c25bU, 0x59f111f1U, 0x923f82a4U,
+    0xab1c5ed5U, 0xd807aa98U, 0x12835b01U, 0x243185beU, 0x550c7dc3U, 0x72be5d74U, 0x80deb1feU,
+    0x9bdc06a7U, 0xc19bf174U, 0xe49b69c1U, 0xefbe4786U, 0x0fc19dc6U, 0x240ca1ccU, 0x2de92c6fU,
+    0x4a7484aaU, 0x5cb0a9dcU, 0x76f988daU, 0x983e5152U, 0xa831c66dU, 0xb00327c8U, 0xbf597fc7U,
+    0xc6e00bf3U, 0xd5a79147U, 0x06ca6351U, 0x14292967U, 0x27b70a85U, 0x2e1b2138U, 0x4d2c6dfcU,
+    0x53380d13U, 0x650a7354U, 0x766a0abbU, 0x81c2c92eU, 0x92722c85U, 0xa2bfe8a1U, 0xa81a664bU,
+    0xc24b8b70U, 0xc76c51a3U, 0xd192e819U, 0xd6990624U, 0xf40e3585U, 0x106aa070U, 0x19a4c116U,
+    0x1e376c08U, 0x2748774cU, 0x34b0bcb5U, 0x391c0cb3U, 0x4ed8aa4aU, 0x5b9cca4fU, 0x682e6ff3U,
+    0x748f82eeU, 0x78a5636fU, 0x84c87814U, 0x8cc70208U, 0x90befffaU, 0xa4506cebU, 0xbef9a3f7U,
+    0xc67178f2U
   };
 
 void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
@@ -399,13 +397,13 @@ void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
   if (has_shaext && has_sse)
   {
     uint64_t n1 = (uint64_t)n;
-    KRML_HOST_IGNORE(sha256_update(s, blocks, n1, k224_256));
+    sha256_update(s, blocks, n1, k224_256);
     return;
   }
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  Hacl_Hash_SHA2_sha256_update_nblocks(n * 64U, blocks, s);
   #else
   KRML_HOST_IGNORE(k224_256);
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  Hacl_Hash_SHA2_sha256_update_nblocks(n * 64U, blocks, s);
   #endif
 }
 
@@ -416,100 +414,100 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
   if (scrut.tag == MD5_s)
   {
     uint32_t *p1 = scrut.case_MD5_s;
-    uint32_t n = len / (uint32_t)64U;
-    Hacl_Hash_MD5_legacy_update_multi(p1, blocks, n);
+    uint32_t n = len / 64U;
+    Hacl_Hash_MD5_update_multi(p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA1_s)
   {
     uint32_t *p1 = scrut.case_SHA1_s;
-    uint32_t n = len / (uint32_t)64U;
-    Hacl_Hash_SHA1_legacy_update_multi(p1, blocks, n);
+    uint32_t n = len / 64U;
+    Hacl_Hash_SHA1_update_multi(p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA2_224_s)
   {
     uint32_t *p1 = scrut.case_SHA2_224_s;
-    uint32_t n = len / (uint32_t)64U;
+    uint32_t n = len / 64U;
     EverCrypt_Hash_update_multi_256(p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA2_256_s)
   {
     uint32_t *p1 = scrut.case_SHA2_256_s;
-    uint32_t n = len / (uint32_t)64U;
+    uint32_t n = len / 64U;
     EverCrypt_Hash_update_multi_256(p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA2_384_s)
   {
     uint64_t *p1 = scrut.case_SHA2_384_s;
-    uint32_t n = len / (uint32_t)128U;
-    Hacl_SHA2_Scalar32_sha384_update_nblocks(n * (uint32_t)128U, blocks, p1);
+    uint32_t n = len / 128U;
+    Hacl_Hash_SHA2_sha384_update_nblocks(n * 128U, blocks, p1);
     return;
   }
   if (scrut.tag == SHA2_512_s)
   {
     uint64_t *p1 = scrut.case_SHA2_512_s;
-    uint32_t n = len / (uint32_t)128U;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(n * (uint32_t)128U, blocks, p1);
+    uint32_t n = len / 128U;
+    Hacl_Hash_SHA2_sha512_update_nblocks(n * 128U, blocks, p1);
     return;
   }
   if (scrut.tag == SHA3_224_s)
   {
     uint64_t *p1 = scrut.case_SHA3_224_s;
-    uint32_t n = len / (uint32_t)144U;
+    uint32_t n = len / 144U;
     Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA3_256_s)
   {
     uint64_t *p1 = scrut.case_SHA3_256_s;
-    uint32_t n = len / (uint32_t)136U;
+    uint32_t n = len / 136U;
     Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA3_384_s)
   {
     uint64_t *p1 = scrut.case_SHA3_384_s;
-    uint32_t n = len / (uint32_t)104U;
+    uint32_t n = len / 104U;
     Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, p1, blocks, n);
     return;
   }
   if (scrut.tag == SHA3_512_s)
   {
     uint64_t *p1 = scrut.case_SHA3_512_s;
-    uint32_t n = len / (uint32_t)72U;
+    uint32_t n = len / 72U;
     Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, p1, blocks, n);
     return;
   }
   if (scrut.tag == Blake2S_s)
   {
     uint32_t *p1 = scrut.case_Blake2S_s;
-    uint32_t n = len / (uint32_t)64U;
+    uint32_t n = len / 64U;
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi(n * (uint32_t)64U, wv, p1, prevlen, blocks, n);
+    Hacl_Hash_Blake2s_update_multi(n * 64U, wv, p1, prevlen, blocks, n);
     return;
   }
   if (scrut.tag == Blake2S_128_s)
   {
     Lib_IntVector_Intrinsics_vec128 *p1 = scrut.case_Blake2S_128_s;
     #if HACL_CAN_COMPILE_VEC128
-    uint32_t n = len / (uint32_t)64U;
+    uint32_t n = len / 64U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_multi(n * (uint32_t)64U, wv, p1, prevlen, blocks, n);
+    Hacl_Hash_Blake2s_Simd128_update_multi(n * 64U, wv, p1, prevlen, blocks, n);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
   if (scrut.tag == Blake2B_s)
   {
     uint64_t *p1 = scrut.case_Blake2B_s;
-    uint32_t n = len / (uint32_t)128U;
+    uint32_t n = len / 128U;
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi(n * (uint32_t)128U,
+    Hacl_Hash_Blake2b_update_multi(n * 128U,
       wv,
       p1,
       FStar_UInt128_uint64_to_uint128(prevlen),
@@ -521,9 +519,9 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
   {
     Lib_IntVector_Intrinsics_vec256 *p1 = scrut.case_Blake2B_256_s;
     #if HACL_CAN_COMPILE_VEC256
-    uint32_t n = len / (uint32_t)128U;
+    uint32_t n = len / 128U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_multi(n * (uint32_t)128U,
+    Hacl_Hash_Blake2b_Simd256_update_multi(n * 128U,
       wv,
       p1,
       FStar_UInt128_uint64_to_uint128(prevlen),
@@ -531,7 +529,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
       n);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -549,31 +547,31 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
   if (scrut.tag == MD5_s)
   {
     uint32_t *p1 = scrut.case_MD5_s;
-    Hacl_Hash_MD5_legacy_update_last(p1, prev_len, last, last_len);
+    Hacl_Hash_MD5_update_last(p1, prev_len, last, last_len);
     return;
   }
   if (scrut.tag == SHA1_s)
   {
     uint32_t *p1 = scrut.case_SHA1_s;
-    Hacl_Hash_SHA1_legacy_update_last(p1, prev_len, last, last_len);
+    Hacl_Hash_SHA1_update_last(p1, prev_len, last, last_len);
     return;
   }
   if (scrut.tag == SHA2_224_s)
   {
     uint32_t *p1 = scrut.case_SHA2_224_s;
-    Hacl_SHA2_Scalar32_sha224_update_last(prev_len + (uint64_t)last_len, last_len, last, p1);
+    Hacl_Hash_SHA2_sha224_update_last(prev_len + (uint64_t)last_len, last_len, last, p1);
     return;
   }
   if (scrut.tag == SHA2_256_s)
   {
     uint32_t *p1 = scrut.case_SHA2_256_s;
-    Hacl_SHA2_Scalar32_sha256_update_last(prev_len + (uint64_t)last_len, last_len, last, p1);
+    Hacl_Hash_SHA2_sha256_update_last(prev_len + (uint64_t)last_len, last_len, last, p1);
     return;
   }
   if (scrut.tag == SHA2_384_s)
   {
     uint64_t *p1 = scrut.case_SHA2_384_s;
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len),
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len),
         FStar_UInt128_uint64_to_uint128((uint64_t)last_len)),
       last_len,
       last,
@@ -583,7 +581,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
   if (scrut.tag == SHA2_512_s)
   {
     uint64_t *p1 = scrut.case_SHA2_512_s;
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len),
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len),
         FStar_UInt128_uint64_to_uint128((uint64_t)last_len)),
       last_len,
       last,
@@ -618,7 +616,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
   {
     uint32_t *p1 = scrut.case_Blake2S_s;
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
+    Hacl_Hash_Blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
     return;
   }
   if (scrut.tag == Blake2S_128_s)
@@ -626,10 +624,10 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
     Lib_IntVector_Intrinsics_vec128 *p1 = scrut.case_Blake2S_128_s;
     #if HACL_CAN_COMPILE_VEC128
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
+    Hacl_Hash_Blake2s_Simd128_update_last(last_len, wv, p1, prev_len, last_len, last);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -637,7 +635,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
   {
     uint64_t *p1 = scrut.case_Blake2B_s;
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last(last_len,
+    Hacl_Hash_Blake2b_update_last(last_len,
       wv,
       p1,
       FStar_UInt128_uint64_to_uint128(prev_len),
@@ -650,7 +648,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
     Lib_IntVector_Intrinsics_vec256 *p1 = scrut.case_Blake2B_256_s;
     #if HACL_CAN_COMPILE_VEC256
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_last(last_len,
+    Hacl_Hash_Blake2b_Simd256_update_last(last_len,
       wv,
       p1,
       FStar_UInt128_uint64_to_uint128(prev_len),
@@ -658,7 +656,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
       last);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -675,94 +673,94 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
   if (scrut.tag == MD5_s)
   {
     uint32_t *p1 = scrut.case_MD5_s;
-    Hacl_Hash_Core_MD5_legacy_finish(p1, dst);
+    Hacl_Hash_MD5_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA1_s)
   {
     uint32_t *p1 = scrut.case_SHA1_s;
-    Hacl_Hash_Core_SHA1_legacy_finish(p1, dst);
+    Hacl_Hash_SHA1_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA2_224_s)
   {
     uint32_t *p1 = scrut.case_SHA2_224_s;
-    Hacl_SHA2_Scalar32_sha224_finish(p1, dst);
+    Hacl_Hash_SHA2_sha224_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA2_256_s)
   {
     uint32_t *p1 = scrut.case_SHA2_256_s;
-    Hacl_SHA2_Scalar32_sha256_finish(p1, dst);
+    Hacl_Hash_SHA2_sha256_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA2_384_s)
   {
     uint64_t *p1 = scrut.case_SHA2_384_s;
-    Hacl_SHA2_Scalar32_sha384_finish(p1, dst);
+    Hacl_Hash_SHA2_sha384_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA2_512_s)
   {
     uint64_t *p1 = scrut.case_SHA2_512_s;
-    Hacl_SHA2_Scalar32_sha512_finish(p1, dst);
+    Hacl_Hash_SHA2_sha512_finish(p1, dst);
     return;
   }
   if (scrut.tag == SHA3_224_s)
   {
     uint64_t *p1 = scrut.case_SHA3_224_s;
-    Hacl_Impl_SHA3_squeeze(p1, (uint32_t)144U, (uint32_t)28U, dst);
+    Hacl_Hash_SHA3_squeeze0(p1, 144U, 28U, dst);
     return;
   }
   if (scrut.tag == SHA3_256_s)
   {
     uint64_t *p1 = scrut.case_SHA3_256_s;
-    Hacl_Impl_SHA3_squeeze(p1, (uint32_t)136U, (uint32_t)32U, dst);
+    Hacl_Hash_SHA3_squeeze0(p1, 136U, 32U, dst);
     return;
   }
   if (scrut.tag == SHA3_384_s)
   {
     uint64_t *p1 = scrut.case_SHA3_384_s;
-    Hacl_Impl_SHA3_squeeze(p1, (uint32_t)104U, (uint32_t)48U, dst);
+    Hacl_Hash_SHA3_squeeze0(p1, 104U, 48U, dst);
     return;
   }
   if (scrut.tag == SHA3_512_s)
   {
     uint64_t *p1 = scrut.case_SHA3_512_s;
-    Hacl_Impl_SHA3_squeeze(p1, (uint32_t)72U, (uint32_t)64U, dst);
+    Hacl_Hash_SHA3_squeeze0(p1, 72U, 64U, dst);
     return;
   }
   if (scrut.tag == Blake2S_s)
   {
     uint32_t *p1 = scrut.case_Blake2S_s;
-    Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst, p1);
+    Hacl_Hash_Blake2s_finish(32U, dst, p1);
     return;
   }
   if (scrut.tag == Blake2S_128_s)
   {
     Lib_IntVector_Intrinsics_vec128 *p1 = scrut.case_Blake2S_128_s;
     #if HACL_CAN_COMPILE_VEC128
-    Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, p1);
+    Hacl_Hash_Blake2s_Simd128_finish(32U, dst, p1);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
   if (scrut.tag == Blake2B_s)
   {
     uint64_t *p1 = scrut.case_Blake2B_s;
-    Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst, p1);
+    Hacl_Hash_Blake2b_finish(64U, dst, p1);
     return;
   }
   if (scrut.tag == Blake2B_256_s)
   {
     Lib_IntVector_Intrinsics_vec256 *p1 = scrut.case_Blake2B_256_s;
     #if HACL_CAN_COMPILE_VEC256
-    Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, p1);
+    Hacl_Hash_Blake2b_Simd256_finish(64U, dst, p1);
     return;
     #else
-    KRML_HOST_IGNORE(p1);
+    KRML_MAYBE_UNUSED_VAR(p1);
     return;
     #endif
   }
@@ -873,7 +871,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint32_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)4U * sizeof (uint32_t));
+    memcpy(p_dst, p_src, 4U * sizeof (uint32_t));
     return;
   }
   if (scrut0.tag == SHA1_s)
@@ -889,7 +887,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint32_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)5U * sizeof (uint32_t));
+    memcpy(p_dst, p_src, 5U * sizeof (uint32_t));
     return;
   }
   if (scrut0.tag == SHA2_224_s)
@@ -905,7 +903,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint32_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)8U * sizeof (uint32_t));
+    memcpy(p_dst, p_src, 8U * sizeof (uint32_t));
     return;
   }
   if (scrut0.tag == SHA2_256_s)
@@ -921,7 +919,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint32_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)8U * sizeof (uint32_t));
+    memcpy(p_dst, p_src, 8U * sizeof (uint32_t));
     return;
   }
   if (scrut0.tag == SHA2_384_s)
@@ -937,7 +935,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)8U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 8U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA2_512_s)
@@ -953,7 +951,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)8U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 8U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA3_224_s)
@@ -969,7 +967,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)25U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA3_256_s)
@@ -985,7 +983,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)25U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA3_384_s)
@@ -1001,7 +999,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)25U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == SHA3_512_s)
@@ -1017,7 +1015,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     {
       p_dst = KRML_EABORT(uint64_t *, "unreachable (pattern matches are exhaustive in F*)");
     }
-    memcpy(p_dst, p_src, (uint32_t)25U * sizeof (uint64_t));
+    memcpy(p_dst, p_src, 25U * sizeof (uint64_t));
     return;
   }
   if (scrut0.tag == Blake2S_s)
@@ -1027,17 +1025,17 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     if (scrut.tag == Blake2S_s)
     {
       uint32_t *p_dst = scrut.case_Blake2S_s;
-      memcpy(p_dst, p_src, (uint32_t)16U * sizeof (uint32_t));
+      memcpy(p_dst, p_src, 16U * sizeof (uint32_t));
       return;
     }
     if (scrut.tag == Blake2S_128_s)
     {
       Lib_IntVector_Intrinsics_vec128 *p_dst = scrut.case_Blake2S_128_s;
       #if HACL_CAN_COMPILE_VEC128
-      Hacl_Blake2s_128_load_state128s_from_state32(p_dst, p_src);
+      Hacl_Hash_Blake2s_Simd128_load_state128s_from_state32(p_dst, p_src);
       return;
       #else
-      KRML_HOST_IGNORE(p_dst);
+      KRML_MAYBE_UNUSED_VAR(p_dst);
       return;
       #endif
     }
@@ -1054,17 +1052,17 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     if (scrut.tag == Blake2B_s)
     {
       uint64_t *p_dst = scrut.case_Blake2B_s;
-      memcpy(p_dst, p_src, (uint32_t)16U * sizeof (uint64_t));
+      memcpy(p_dst, p_src, 16U * sizeof (uint64_t));
       return;
     }
     if (scrut.tag == Blake2B_256_s)
     {
       Lib_IntVector_Intrinsics_vec256 *p_dst = scrut.case_Blake2B_256_s;
       #if HACL_CAN_COMPILE_VEC256
-      Hacl_Blake2b_256_load_state256b_from_state32(p_dst, p_src);
+      Hacl_Hash_Blake2b_Simd256_load_state256b_from_state32(p_dst, p_src);
       return;
       #else
-      KRML_HOST_IGNORE(p_dst);
+      KRML_MAYBE_UNUSED_VAR(p_dst);
       return;
       #endif
     }
@@ -1081,17 +1079,17 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     if (scrut.tag == Blake2S_128_s)
     {
       Lib_IntVector_Intrinsics_vec128 *p_dst = scrut.case_Blake2S_128_s;
-      memcpy(p_dst, p_src, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+      memcpy(p_dst, p_src, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
       return;
     }
     if (scrut.tag == Blake2S_s)
     {
       uint32_t *p_dst = scrut.case_Blake2S_s;
       #if HACL_CAN_COMPILE_VEC128
-      Hacl_Blake2s_128_store_state128s_to_state32(p_dst, p_src);
+      Hacl_Hash_Blake2s_Simd128_store_state128s_to_state32(p_dst, p_src);
       return;
       #else
-      KRML_HOST_IGNORE(p_dst);
+      KRML_MAYBE_UNUSED_VAR(p_dst);
       return;
       #endif
     }
@@ -1108,17 +1106,17 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
     if (scrut.tag == Blake2B_256_s)
     {
       Lib_IntVector_Intrinsics_vec256 *p_dst = scrut.case_Blake2B_256_s;
-      memcpy(p_dst, p_src, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+      memcpy(p_dst, p_src, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
       return;
     }
     if (scrut.tag == Blake2B_s)
     {
       uint64_t *p_dst = scrut.case_Blake2B_s;
       #if HACL_CAN_COMPILE_VEC256
-      Hacl_Blake2b_256_store_state256b_to_state32(p_dst, p_src);
+      Hacl_Hash_Blake2b_Simd256_store_state256b_to_state32(p_dst, p_src);
       return;
       #else
-      KRML_HOST_IGNORE(p_dst);
+      KRML_MAYBE_UNUSED_VAR(p_dst);
       return;
       #endif
     }
@@ -1201,59 +1199,59 @@ static uint32_t block_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)144U;
+        return 144U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)104U;
+        return 104U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)72U;
+        return 72U;
       }
     case Spec_Hash_Definitions_Shake128:
       {
-        return (uint32_t)168U;
+        return 168U;
       }
     case Spec_Hash_Definitions_Shake256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     default:
       {
@@ -1269,18 +1267,18 @@ choice of algorithm (see Hacl_Spec.h). This API will automatically pick the most
 efficient implementation, provided you have called EverCrypt_AutoConfig2_init()
 before. The state is to be freed by calling `free`.
 */
-EverCrypt_Hash_Incremental_hash_state
-*EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_hash_alg a)
+EverCrypt_Hash_Incremental_state_t
+*EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_hash_alg a)
 {
   KRML_CHECK_SIZE(sizeof (uint8_t), block_len(a));
   uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(block_len(a), sizeof (uint8_t));
   EverCrypt_Hash_state_s *block_state = create_in(a);
-  EverCrypt_Hash_Incremental_hash_state
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  EverCrypt_Hash_Incremental_hash_state
+  EverCrypt_Hash_Incremental_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  EverCrypt_Hash_Incremental_state_t
   *p =
-    (EverCrypt_Hash_Incremental_hash_state *)KRML_HOST_MALLOC(sizeof (
-        EverCrypt_Hash_Incremental_hash_state
+    (EverCrypt_Hash_Incremental_state_t *)KRML_HOST_MALLOC(sizeof (
+        EverCrypt_Hash_Incremental_state_t
       ));
   p[0U] = s;
   init(block_state);
@@ -1290,17 +1288,17 @@ EverCrypt_Hash_Incremental_hash_state
 /**
 Reset an existing state to the initial hash state with empty data.
 */
-void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s)
+void EverCrypt_Hash_Incremental_reset(EverCrypt_Hash_Incremental_state_t *state)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *s;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   uint8_t *buf = scrut.buf;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   Spec_Hash_Definitions_hash_alg i = alg_of_state(block_state);
-  KRML_HOST_IGNORE(i);
+  KRML_MAYBE_UNUSED_VAR(i);
   init(block_state);
-  EverCrypt_Hash_Incremental_hash_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  EverCrypt_Hash_Incremental_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 /**
@@ -1312,86 +1310,86 @@ algorithm. Both limits are unlikely to be attained in practice.
 */
 EverCrypt_Error_error_code
 EverCrypt_Hash_Incremental_update(
-  EverCrypt_Hash_Incremental_hash_state *s,
-  uint8_t *data,
-  uint32_t len
+  EverCrypt_Hash_Incremental_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
 )
 {
-  EverCrypt_Hash_Incremental_hash_state s1 = *s;
-  EverCrypt_Hash_state_s *block_state = s1.block_state;
-  uint64_t total_len = s1.total_len;
+  EverCrypt_Hash_Incremental_state_t s = *state;
+  EverCrypt_Hash_state_s *block_state = s.block_state;
+  uint64_t total_len = s.total_len;
   Spec_Hash_Definitions_hash_alg i1 = alg_of_state(block_state);
   uint64_t sw;
   switch (i1)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        sw = (uint64_t)2305843009213693951U;
+        sw = 2305843009213693951ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        sw = (uint64_t)2305843009213693951U;
+        sw = 2305843009213693951ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        sw = (uint64_t)2305843009213693951U;
+        sw = 2305843009213693951ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        sw = (uint64_t)2305843009213693951U;
+        sw = 2305843009213693951ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_Shake128:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     case Spec_Hash_Definitions_Shake256:
       {
-        sw = (uint64_t)18446744073709551615U;
+        sw = 18446744073709551615ULL;
         break;
       }
     default:
@@ -1401,14 +1399,14 @@ EverCrypt_Hash_Incremental_update(
       }
   }
   Hacl_Streaming_Types_error_code ite;
-  if ((uint64_t)len > sw - total_len)
+  if ((uint64_t)chunk_len > sw - total_len)
   {
     ite = Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   else
   {
     uint32_t sz;
-    if (total_len % (uint64_t)block_len(i1) == (uint64_t)0U && total_len > (uint64_t)0U)
+    if (total_len % (uint64_t)block_len(i1) == 0ULL && total_len > 0ULL)
     {
       sz = block_len(i1);
     }
@@ -1416,14 +1414,14 @@ EverCrypt_Hash_Incremental_update(
     {
       sz = (uint32_t)(total_len % (uint64_t)block_len(i1));
     }
-    if (len <= block_len(i1) - sz)
+    if (chunk_len <= block_len(i1) - sz)
     {
-      EverCrypt_Hash_Incremental_hash_state s2 = *s;
-      EverCrypt_Hash_state_s *block_state1 = s2.block_state;
-      uint8_t *buf = s2.buf;
-      uint64_t total_len1 = s2.total_len;
+      EverCrypt_Hash_Incremental_state_t s1 = *state;
+      EverCrypt_Hash_state_s *block_state1 = s1.block_state;
+      uint8_t *buf = s1.buf;
+      uint64_t total_len1 = s1.total_len;
       uint32_t sz1;
-      if (total_len1 % (uint64_t)block_len(i1) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+      if (total_len1 % (uint64_t)block_len(i1) == 0ULL && total_len1 > 0ULL)
       {
         sz1 = block_len(i1);
       }
@@ -1432,26 +1430,26 @@ EverCrypt_Hash_Incremental_update(
         sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i1));
       }
       uint8_t *buf2 = buf + sz1;
-      memcpy(buf2, data, len * sizeof (uint8_t));
-      uint64_t total_len2 = total_len1 + (uint64_t)len;
-      *s
+      memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+      uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+      *state
       =
         (
-          (EverCrypt_Hash_Incremental_hash_state){
+          (EverCrypt_Hash_Incremental_state_t){
             .block_state = block_state1,
             .buf = buf,
             .total_len = total_len2
           }
         );
     }
-    else if (sz == (uint32_t)0U)
+    else if (sz == 0U)
     {
-      EverCrypt_Hash_Incremental_hash_state s2 = *s;
-      EverCrypt_Hash_state_s *block_state1 = s2.block_state;
-      uint8_t *buf = s2.buf;
-      uint64_t total_len1 = s2.total_len;
+      EverCrypt_Hash_Incremental_state_t s1 = *state;
+      EverCrypt_Hash_state_s *block_state1 = s1.block_state;
+      uint8_t *buf = s1.buf;
+      uint64_t total_len1 = s1.total_len;
       uint32_t sz1;
-      if (total_len1 % (uint64_t)block_len(i1) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+      if (total_len1 % (uint64_t)block_len(i1) == 0ULL && total_len1 > 0ULL)
       {
         sz1 = block_len(i1);
       }
@@ -1459,49 +1457,49 @@ EverCrypt_Hash_Incremental_update(
       {
         sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i1));
       }
-      if (!(sz1 == (uint32_t)0U))
+      if (!(sz1 == 0U))
       {
         uint64_t prevlen = total_len1 - (uint64_t)sz1;
         update_multi(block_state1, prevlen, buf, block_len(i1));
       }
       uint32_t ite0;
-      if ((uint64_t)len % (uint64_t)block_len(i1) == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+      if ((uint64_t)chunk_len % (uint64_t)block_len(i1) == 0ULL && (uint64_t)chunk_len > 0ULL)
       {
         ite0 = block_len(i1);
       }
       else
       {
-        ite0 = (uint32_t)((uint64_t)len % (uint64_t)block_len(i1));
+        ite0 = (uint32_t)((uint64_t)chunk_len % (uint64_t)block_len(i1));
       }
-      uint32_t n_blocks = (len - ite0) / block_len(i1);
+      uint32_t n_blocks = (chunk_len - ite0) / block_len(i1);
       uint32_t data1_len = n_blocks * block_len(i1);
-      uint32_t data2_len = len - data1_len;
-      uint8_t *data1 = data;
-      uint8_t *data2 = data + data1_len;
+      uint32_t data2_len = chunk_len - data1_len;
+      uint8_t *data1 = chunk;
+      uint8_t *data2 = chunk + data1_len;
       update_multi(block_state1, total_len1, data1, data1_len);
       uint8_t *dst = buf;
       memcpy(dst, data2, data2_len * sizeof (uint8_t));
-      *s
+      *state
       =
         (
-          (EverCrypt_Hash_Incremental_hash_state){
+          (EverCrypt_Hash_Incremental_state_t){
             .block_state = block_state1,
             .buf = buf,
-            .total_len = total_len1 + (uint64_t)len
+            .total_len = total_len1 + (uint64_t)chunk_len
           }
         );
     }
     else
     {
       uint32_t diff = block_len(i1) - sz;
-      uint8_t *data1 = data;
-      uint8_t *data2 = data + diff;
-      EverCrypt_Hash_Incremental_hash_state s2 = *s;
-      EverCrypt_Hash_state_s *block_state10 = s2.block_state;
-      uint8_t *buf0 = s2.buf;
-      uint64_t total_len10 = s2.total_len;
+      uint8_t *chunk1 = chunk;
+      uint8_t *chunk2 = chunk + diff;
+      EverCrypt_Hash_Incremental_state_t s1 = *state;
+      EverCrypt_Hash_state_s *block_state10 = s1.block_state;
+      uint8_t *buf0 = s1.buf;
+      uint64_t total_len10 = s1.total_len;
       uint32_t sz10;
-      if (total_len10 % (uint64_t)block_len(i1) == (uint64_t)0U && total_len10 > (uint64_t)0U)
+      if (total_len10 % (uint64_t)block_len(i1) == 0ULL && total_len10 > 0ULL)
       {
         sz10 = block_len(i1);
       }
@@ -1510,23 +1508,23 @@ EverCrypt_Hash_Incremental_update(
         sz10 = (uint32_t)(total_len10 % (uint64_t)block_len(i1));
       }
       uint8_t *buf2 = buf0 + sz10;
-      memcpy(buf2, data1, diff * sizeof (uint8_t));
+      memcpy(buf2, chunk1, diff * sizeof (uint8_t));
       uint64_t total_len2 = total_len10 + (uint64_t)diff;
-      *s
+      *state
       =
         (
-          (EverCrypt_Hash_Incremental_hash_state){
+          (EverCrypt_Hash_Incremental_state_t){
             .block_state = block_state10,
             .buf = buf0,
             .total_len = total_len2
           }
         );
-      EverCrypt_Hash_Incremental_hash_state s20 = *s;
-      EverCrypt_Hash_state_s *block_state1 = s20.block_state;
-      uint8_t *buf = s20.buf;
-      uint64_t total_len1 = s20.total_len;
+      EverCrypt_Hash_Incremental_state_t s10 = *state;
+      EverCrypt_Hash_state_s *block_state1 = s10.block_state;
+      uint8_t *buf = s10.buf;
+      uint64_t total_len1 = s10.total_len;
       uint32_t sz1;
-      if (total_len1 % (uint64_t)block_len(i1) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+      if (total_len1 % (uint64_t)block_len(i1) == 0ULL && total_len1 > 0ULL)
       {
         sz1 = block_len(i1);
       }
@@ -1534,7 +1532,7 @@ EverCrypt_Hash_Incremental_update(
       {
         sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i1));
       }
-      if (!(sz1 == (uint32_t)0U))
+      if (!(sz1 == 0U))
       {
         uint64_t prevlen = total_len1 - (uint64_t)sz1;
         update_multi(block_state1, prevlen, buf, block_len(i1));
@@ -1542,33 +1540,33 @@ EverCrypt_Hash_Incremental_update(
       uint32_t ite0;
       if
       (
-        (uint64_t)(len - diff)
+        (uint64_t)(chunk_len - diff)
         % (uint64_t)block_len(i1)
-        == (uint64_t)0U
-        && (uint64_t)(len - diff) > (uint64_t)0U
+        == 0ULL
+        && (uint64_t)(chunk_len - diff) > 0ULL
       )
       {
         ite0 = block_len(i1);
       }
       else
       {
-        ite0 = (uint32_t)((uint64_t)(len - diff) % (uint64_t)block_len(i1));
+        ite0 = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)block_len(i1));
       }
-      uint32_t n_blocks = (len - diff - ite0) / block_len(i1);
+      uint32_t n_blocks = (chunk_len - diff - ite0) / block_len(i1);
       uint32_t data1_len = n_blocks * block_len(i1);
-      uint32_t data2_len = len - diff - data1_len;
-      uint8_t *data11 = data2;
-      uint8_t *data21 = data2 + data1_len;
-      update_multi(block_state1, total_len1, data11, data1_len);
+      uint32_t data2_len = chunk_len - diff - data1_len;
+      uint8_t *data1 = chunk2;
+      uint8_t *data2 = chunk2 + data1_len;
+      update_multi(block_state1, total_len1, data1, data1_len);
       uint8_t *dst = buf;
-      memcpy(dst, data21, data2_len * sizeof (uint8_t));
-      *s
+      memcpy(dst, data2, data2_len * sizeof (uint8_t));
+      *state
       =
         (
-          (EverCrypt_Hash_Incremental_hash_state){
+          (EverCrypt_Hash_Incremental_state_t){
             .block_state = block_state1,
             .buf = buf,
-            .total_len = total_len1 + (uint64_t)(len - diff)
+            .total_len = total_len1 + (uint64_t)(chunk_len - diff)
           }
         );
     }
@@ -1592,20 +1590,14 @@ EverCrypt_Hash_Incremental_update(
   }
 }
 
-static void finish_md5(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_md5(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_MD5)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  if (total_len % (uint64_t)block_len(Spec_Hash_Definitions_MD5) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_MD5);
   }
@@ -1620,7 +1612,7 @@ static void finish_md5(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_MD5) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_MD5) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_MD5);
   }
@@ -1630,26 +1622,20 @@ static void finish_md5(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha1(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha1(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA1)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  if (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA1) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA1);
   }
@@ -1664,7 +1650,7 @@ static void finish_sha1(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA1) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA1) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA1);
   }
@@ -1674,26 +1660,21 @@ static void finish_sha1(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha224(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_224)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_224) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA2_224);
   }
@@ -1708,7 +1689,7 @@ static void finish_sha224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA2_224) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA2_224) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA2_224);
   }
@@ -1718,26 +1699,21 @@ static void finish_sha224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha256(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_256)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_256) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA2_256);
   }
@@ -1752,7 +1728,7 @@ static void finish_sha256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA2_256) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA2_256) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA2_256);
   }
@@ -1762,26 +1738,21 @@ static void finish_sha256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha3_224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha3_224(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_224)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_224) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA3_224);
   }
@@ -1796,7 +1767,7 @@ static void finish_sha3_224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA3_224) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA3_224) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA3_224);
   }
@@ -1806,26 +1777,21 @@ static void finish_sha3_224(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha3_256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha3_256(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_256)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_256) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA3_256);
   }
@@ -1840,7 +1806,7 @@ static void finish_sha3_256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA3_256) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA3_256) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA3_256);
   }
@@ -1850,26 +1816,21 @@ static void finish_sha3_256(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha3_384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha3_384(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_384)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_384) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA3_384);
   }
@@ -1884,7 +1845,7 @@ static void finish_sha3_384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA3_384) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA3_384) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA3_384);
   }
@@ -1894,26 +1855,21 @@ static void finish_sha3_384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha3_512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha3_512(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_512)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA3_512) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA3_512);
   }
@@ -1928,7 +1884,7 @@ static void finish_sha3_512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA3_512) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA3_512) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA3_512);
   }
@@ -1938,26 +1894,21 @@ static void finish_sha3_512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *d
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha384(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_384)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_384) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA2_384);
   }
@@ -1972,7 +1923,7 @@ static void finish_sha384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA2_384) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA2_384) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA2_384);
   }
@@ -1982,26 +1933,21 @@ static void finish_sha384(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_sha512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_sha512(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
   if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_512)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  (total_len % (uint64_t)block_len(Spec_Hash_Definitions_SHA2_512) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_SHA2_512);
   }
@@ -2016,7 +1962,7 @@ static void finish_sha512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_SHA2_512) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_SHA2_512) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_SHA2_512);
   }
@@ -2026,26 +1972,20 @@ static void finish_sha512(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_blake2s(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_Blake2S)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  if (total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2S) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_Blake2S);
   }
@@ -2075,7 +2015,7 @@ static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_Blake2S) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_Blake2S) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_Blake2S);
   }
@@ -2085,26 +2025,20 @@ static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
-static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *dst)
+static void digest_blake2b(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *p;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if
-  (
-    total_len
-    % (uint64_t)block_len(Spec_Hash_Definitions_Blake2B)
-    == (uint64_t)0U
-    && total_len > (uint64_t)0U
-  )
+  if (total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2B) == 0ULL && total_len > 0ULL)
   {
     r = block_len(Spec_Hash_Definitions_Blake2B);
   }
@@ -2134,7 +2068,7 @@ static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
   copy(block_state, &tmp_block_state);
   uint64_t prev_len = total_len - (uint64_t)r;
   uint32_t ite;
-  if (r % block_len(Spec_Hash_Definitions_Blake2B) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(Spec_Hash_Definitions_Blake2B) == 0U && r > 0U)
   {
     ite = block_len(Spec_Hash_Definitions_Blake2B);
   }
@@ -2144,93 +2078,94 @@ static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  update_multi(&tmp_block_state, prev_len, buf_multi, (uint32_t)0U);
+  update_multi(&tmp_block_state, prev_len, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
   update_last(&tmp_block_state, prev_len_last, buf_last, r);
-  finish(&tmp_block_state, dst);
+  finish(&tmp_block_state, output);
 }
 
 /**
 Perform a run-time test to determine which algorithm was chosen for the given piece of state.
 */
 Spec_Hash_Definitions_hash_alg
-EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s)
+EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_state_t *s)
 {
   EverCrypt_Hash_state_s *block_state = (*s).block_state;
   return alg_of_state(block_state);
 }
 
 /**
-Write the resulting hash into `dst`, an array whose length is
+Write the resulting hash into `output`, an array whose length is
 algorithm-specific. You can use the macros defined earlier in this file to
 allocate a destination buffer of the right length. The state remains valid after
-a call to `finish`, meaning the user may feed more data into the hash via
+a call to `digest`, meaning the user may feed more data into the hash via
 `update`. (The finish function operates on an internal copy of the state and
 therefore does not invalidate the client-held state.)
 */
-void EverCrypt_Hash_Incremental_finish(EverCrypt_Hash_Incremental_hash_state *s, uint8_t *dst)
+void
+EverCrypt_Hash_Incremental_digest(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output)
 {
-  Spec_Hash_Definitions_hash_alg a1 = EverCrypt_Hash_Incremental_alg_of_state(s);
+  Spec_Hash_Definitions_hash_alg a1 = EverCrypt_Hash_Incremental_alg_of_state(state);
   switch (a1)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        finish_md5(s, dst);
+        digest_md5(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        finish_sha1(s, dst);
+        digest_sha1(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        finish_sha224(s, dst);
+        digest_sha224(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        finish_sha256(s, dst);
+        digest_sha256(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        finish_sha384(s, dst);
+        digest_sha384(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        finish_sha512(s, dst);
+        digest_sha512(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        finish_sha3_224(s, dst);
+        digest_sha3_224(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        finish_sha3_256(s, dst);
+        digest_sha3_256(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        finish_sha3_384(s, dst);
+        digest_sha3_384(state, output);
         break;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        finish_sha3_512(s, dst);
+        digest_sha3_512(state, output);
         break;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        finish_blake2s(s, dst);
+        digest_blake2s(state, output);
         break;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        finish_blake2b(s, dst);
+        digest_blake2b(state, output);
         break;
       }
     default:
@@ -2244,38 +2179,38 @@ void EverCrypt_Hash_Incremental_finish(EverCrypt_Hash_Incremental_hash_state *s,
 /**
 Free a state previously allocated with `create_in`.
 */
-void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_hash_state *s)
+void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_state_t *state)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *s;
+  EverCrypt_Hash_Incremental_state_t scrut = *state;
   uint8_t *buf = scrut.buf;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   free_(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
-void EverCrypt_Hash_Incremental_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void EverCrypt_Hash_Incremental_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint32_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = st;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t x = Hacl_Hash_SHA2_h256[i];
     os[i] = x;);
   uint32_t *s = st;
-  uint32_t blocks_n0 = input_len / (uint32_t)64U;
+  uint32_t blocks_n0 = input_len / 64U;
   uint32_t blocks_n1;
-  if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
+  if (input_len % 64U == 0U && blocks_n0 > 0U)
   {
-    blocks_n1 = blocks_n0 - (uint32_t)1U;
+    blocks_n1 = blocks_n0 - 1U;
   }
   else
   {
     blocks_n1 = blocks_n0;
   }
-  uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
+  uint32_t blocks_len0 = blocks_n1 * 64U;
   uint8_t *blocks0 = input;
   uint32_t rest_len0 = input_len - blocks_len0;
   uint8_t *rest0 = input + blocks_len0;
@@ -2285,35 +2220,35 @@ void EverCrypt_Hash_Incremental_hash_256(uint8_t *input, uint32_t input_len, uin
   uint32_t rest_len = rest_len0;
   uint8_t *rest = rest0;
   EverCrypt_Hash_update_multi_256(s, blocks, blocks_n);
-  Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)blocks_len + (uint64_t)rest_len,
+  Hacl_Hash_SHA2_sha256_update_last((uint64_t)blocks_len + (uint64_t)rest_len,
     rest_len,
     rest,
     s);
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst);
+  Hacl_Hash_SHA2_sha256_finish(s, output);
 }
 
-static void hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst)
+static void hash_224(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint32_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = st;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h224[i];
+    uint32_t x = Hacl_Hash_SHA2_h224[i];
     os[i] = x;);
   uint32_t *s = st;
-  uint32_t blocks_n0 = input_len / (uint32_t)64U;
+  uint32_t blocks_n0 = input_len / 64U;
   uint32_t blocks_n1;
-  if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
+  if (input_len % 64U == 0U && blocks_n0 > 0U)
   {
-    blocks_n1 = blocks_n0 - (uint32_t)1U;
+    blocks_n1 = blocks_n0 - 1U;
   }
   else
   {
     blocks_n1 = blocks_n0;
   }
-  uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
+  uint32_t blocks_len0 = blocks_n1 * 64U;
   uint8_t *blocks0 = input;
   uint32_t rest_len0 = input_len - blocks_len0;
   uint8_t *rest0 = input + blocks_len0;
@@ -2323,15 +2258,15 @@ static void hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst)
   uint32_t rest_len = rest_len0;
   uint8_t *rest = rest0;
   EverCrypt_Hash_update_multi_256(s, blocks, blocks_n);
-  Hacl_SHA2_Scalar32_sha224_update_last((uint64_t)blocks_len + (uint64_t)rest_len,
+  Hacl_Hash_SHA2_sha224_update_last((uint64_t)blocks_len + (uint64_t)rest_len,
     rest_len,
     rest,
     s);
-  Hacl_SHA2_Scalar32_sha224_finish(s, dst);
+  Hacl_Hash_SHA2_sha224_finish(s, output);
 }
 
 /**
-Hash `input`, of len `len`, into `dst`, an array whose length is determined by
+Hash `input`, of len `input_len`, into `output`, an array whose length is determined by
 your choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined
 earlier in this file to allocate a destination buffer of the right length. This
 API will automatically pick the most efficient implementation, provided you have
@@ -2340,61 +2275,61 @@ called EverCrypt_AutoConfig2_init() before.
 void
 EverCrypt_Hash_Incremental_hash(
   Spec_Hash_Definitions_hash_alg a,
-  uint8_t *dst,
+  uint8_t *output,
   uint8_t *input,
-  uint32_t len
+  uint32_t input_len
 )
 {
   switch (a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        Hacl_Hash_MD5_legacy_hash(input, len, dst);
+        Hacl_Hash_MD5_hash_oneshot(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        Hacl_Hash_SHA1_legacy_hash(input, len, dst);
+        Hacl_Hash_SHA1_hash_oneshot(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        hash_224(input, len, dst);
+        hash_224(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        EverCrypt_Hash_Incremental_hash_256(input, len, dst);
+        EverCrypt_Hash_Incremental_hash_256(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        Hacl_Streaming_SHA2_hash_384(input, len, dst);
+        Hacl_Hash_SHA2_hash_384(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        Hacl_Streaming_SHA2_hash_512(input, len, dst);
+        Hacl_Hash_SHA2_hash_512(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        Hacl_SHA3_sha3_224(len, input, dst);
+        Hacl_Hash_SHA3_sha3_224(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        Hacl_SHA3_sha3_256(len, input, dst);
+        Hacl_Hash_SHA3_sha3_256(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        Hacl_SHA3_sha3_384(len, input, dst);
+        Hacl_Hash_SHA3_sha3_384(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        Hacl_SHA3_sha3_512(len, input, dst);
+        Hacl_Hash_SHA3_sha3_512(output, input, input_len);
         break;
       }
     case Spec_Hash_Definitions_Blake2S:
@@ -2403,12 +2338,12 @@ EverCrypt_Hash_Incremental_hash(
         bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
-          Hacl_Blake2s_128_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+          Hacl_Hash_Blake2s_Simd128_hash_with_key(output, 32U, input, input_len, NULL, 0U);
           return;
         }
-        Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        Hacl_Hash_Blake2s_hash_with_key(output, 32U, input, input_len, NULL, 0U);
         #else
-        Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        Hacl_Hash_Blake2s_hash_with_key(output, 32U, input, input_len, NULL, 0U);
         #endif
         break;
       }
@@ -2418,12 +2353,12 @@ EverCrypt_Hash_Incremental_hash(
         bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
-          Hacl_Blake2b_256_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+          Hacl_Hash_Blake2b_Simd256_hash_with_key(output, 64U, input, input_len, NULL, 0U);
           return;
         }
-        Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        Hacl_Hash_Blake2b_hash_with_key(output, 64U, input, input_len, NULL, 0U);
         #else
-        Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        Hacl_Hash_Blake2b_hash_with_key(output, 64U, input, input_len, NULL, 0U);
         #endif
         break;
       }
diff --git a/src/msvc/EverCrypt_Poly1305.c b/src/msvc/EverCrypt_Poly1305.c
index 454c0fce..33ee20f3 100644
--- a/src/msvc/EverCrypt_Poly1305.c
+++ b/src/msvc/EverCrypt_Poly1305.c
@@ -31,60 +31,60 @@
 KRML_MAYBE_UNUSED static void
 poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key)
 {
-  KRML_HOST_IGNORE(dst);
-  KRML_HOST_IGNORE(src);
-  KRML_HOST_IGNORE(len);
-  KRML_HOST_IGNORE(key);
+  KRML_MAYBE_UNUSED_VAR(dst);
+  KRML_MAYBE_UNUSED_VAR(src);
+  KRML_MAYBE_UNUSED_VAR(len);
+  KRML_MAYBE_UNUSED_VAR(key);
   #if HACL_CAN_COMPILE_VALE
   uint8_t ctx[192U] = { 0U };
-  memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
-  uint32_t n_blocks = len / (uint32_t)16U;
-  uint32_t n_extra = len % (uint32_t)16U;
+  memcpy(ctx + 24U, key, 32U * sizeof (uint8_t));
+  uint32_t n_blocks = len / 16U;
+  uint32_t n_extra = len % 16U;
   uint8_t tmp[16U] = { 0U };
-  if (n_extra == (uint32_t)0U)
+  if (n_extra == 0U)
   {
-    KRML_HOST_IGNORE(x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U));
+    x64_poly1305(ctx, src, (uint64_t)len, 1ULL);
   }
   else
   {
-    uint32_t len16 = n_blocks * (uint32_t)16U;
+    uint32_t len16 = n_blocks * 16U;
     uint8_t *src16 = src;
     memcpy(tmp, src + len16, n_extra * sizeof (uint8_t));
-    KRML_HOST_IGNORE(x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U));
-    memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
-    KRML_HOST_IGNORE(x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U));
+    x64_poly1305(ctx, src16, (uint64_t)len16, 0ULL);
+    memcpy(ctx + 24U, key, 32U * sizeof (uint8_t));
+    x64_poly1305(ctx, tmp, (uint64_t)n_extra, 1ULL);
   }
-  memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t));
+  memcpy(dst, ctx, 16U * sizeof (uint8_t));
   #endif
 }
 
-void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key)
+void EverCrypt_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key)
 {
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
-    KRML_HOST_IGNORE(vec128);
-    Hacl_Poly1305_256_poly1305_mac(dst, len, src, key);
+    KRML_MAYBE_UNUSED_VAR(vec128);
+    Hacl_MAC_Poly1305_Simd256_mac(output, input, input_len, key);
     return;
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
-    KRML_HOST_IGNORE(vec256);
-    Hacl_Poly1305_128_poly1305_mac(dst, len, src, key);
+    KRML_MAYBE_UNUSED_VAR(vec256);
+    Hacl_MAC_Poly1305_Simd128_mac(output, input, input_len, key);
     return;
   }
   #endif
-  KRML_HOST_IGNORE(vec256);
-  KRML_HOST_IGNORE(vec128);
+  KRML_MAYBE_UNUSED_VAR(vec256);
+  KRML_MAYBE_UNUSED_VAR(vec128);
   #if HACL_CAN_COMPILE_VALE
-  poly1305_vale(dst, src, len, key);
+  poly1305_vale(output, input, input_len, key);
   #else
   KRML_HOST_IGNORE(poly1305_vale);
-  Hacl_Poly1305_32_poly1305_mac(dst, len, src, key);
+  Hacl_MAC_Poly1305_mac(output, input, input_len, key);
   #endif
 }
 
diff --git a/src/msvc/Hacl_Chacha20Poly1305_32.c b/src/msvc/Hacl_AEAD_Chacha20Poly1305.c
similarity index 65%
rename from src/msvc/Hacl_Chacha20Poly1305_32.c
rename to src/msvc/Hacl_AEAD_Chacha20Poly1305.c
index 179af485..d5926093 100644
--- a/src/msvc/Hacl_Chacha20Poly1305_32.c
+++ b/src/msvc/Hacl_AEAD_Chacha20Poly1305.c
@@ -23,35 +23,36 @@
  */
 
 
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 
+#include "internal/Hacl_MAC_Poly1305.h"
 #include "internal/Hacl_Krmllib.h"
 
 static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text)
 {
-  uint32_t n = len / (uint32_t)16U;
-  uint32_t r = len % (uint32_t)16U;
+  uint32_t n = len / 16U;
+  uint32_t r = len % 16U;
   uint8_t *blocks = text;
-  uint8_t *rem = text + n * (uint32_t)16U;
-  uint64_t *pre0 = ctx + (uint32_t)5U;
+  uint8_t *rem = text + n * 16U;
+  uint64_t *pre0 = ctx + 5U;
   uint64_t *acc0 = ctx;
-  uint32_t nb = n * (uint32_t)16U / (uint32_t)16U;
-  uint32_t rem1 = n * (uint32_t)16U % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = n * 16U / 16U;
+  uint32_t rem1 = n * 16U % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = blocks + i * (uint32_t)16U;
+    uint8_t *block = blocks + i * 16U;
     uint64_t e[5U] = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     uint64_t f0 = lo;
     uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
     uint64_t f01 = f010;
     uint64_t f111 = f110;
     uint64_t f2 = f20;
@@ -62,12 +63,12 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     uint64_t mask = b;
     uint64_t f4 = e[4U];
     e[4U] = f4 | mask;
     uint64_t *r1 = pre0;
-    uint64_t *r5 = pre0 + (uint32_t)5U;
+    uint64_t *r5 = pre0 + 5U;
     uint64_t r0 = r1[0U];
     uint64_t r11 = r1[1U];
     uint64_t r2 = r1[2U];
@@ -122,28 +123,28 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     uint64_t t2 = a26;
     uint64_t t3 = a36;
     uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
     uint64_t x0 = t0 & mask26;
     uint64_t x3 = t3 & mask26;
     uint64_t x1 = t1 + z0;
     uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
     uint64_t z12 = z11 + t;
     uint64_t x11 = x1 & mask26;
     uint64_t x41 = x4 & mask26;
     uint64_t x2 = t2 + z01;
     uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
     uint64_t x21 = x2 & mask26;
     uint64_t x02 = x01 & mask26;
     uint64_t x31 = x3 + z02;
     uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
+    uint64_t z03 = x31 >> 26U;
     uint64_t x32 = x31 & mask26;
     uint64_t x42 = x41 + z03;
     uint64_t o0 = x02;
@@ -157,23 +158,23 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     acc0[3U] = o3;
     acc0[4U] = o4;
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *last = blocks + nb * (uint32_t)16U;
+    uint8_t *last = blocks + nb * 16U;
     uint64_t e[5U] = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem1 * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     uint64_t f0 = lo;
     uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
     uint64_t f01 = f010;
     uint64_t f111 = f110;
     uint64_t f2 = f20;
@@ -184,12 +185,12 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem1 * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem1 * 8U % 26U;
     uint64_t mask = b;
-    uint64_t fi = e[rem1 * (uint32_t)8U / (uint32_t)26U];
-    e[rem1 * (uint32_t)8U / (uint32_t)26U] = fi | mask;
+    uint64_t fi = e[rem1 * 8U / 26U];
+    e[rem1 * 8U / 26U] = fi | mask;
     uint64_t *r1 = pre0;
-    uint64_t *r5 = pre0 + (uint32_t)5U;
+    uint64_t *r5 = pre0 + 5U;
     uint64_t r0 = r1[0U];
     uint64_t r11 = r1[1U];
     uint64_t r2 = r1[2U];
@@ -244,28 +245,28 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     uint64_t t2 = a26;
     uint64_t t3 = a36;
     uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
     uint64_t x0 = t0 & mask26;
     uint64_t x3 = t3 & mask26;
     uint64_t x1 = t1 + z0;
     uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
     uint64_t z12 = z11 + t;
     uint64_t x11 = x1 & mask26;
     uint64_t x41 = x4 & mask26;
     uint64_t x2 = t2 + z01;
     uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
     uint64_t x21 = x2 & mask26;
     uint64_t x02 = x01 & mask26;
     uint64_t x31 = x3 + z02;
     uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
+    uint64_t z03 = x31 >> 26U;
     uint64_t x32 = x31 & mask26;
     uint64_t x42 = x41 + z03;
     uint64_t o0 = x02;
@@ -281,22 +282,22 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
   }
   uint8_t tmp[16U] = { 0U };
   memcpy(tmp, rem, r * sizeof (uint8_t));
-  if (r > (uint32_t)0U)
+  if (r > 0U)
   {
-    uint64_t *pre = ctx + (uint32_t)5U;
+    uint64_t *pre = ctx + 5U;
     uint64_t *acc = ctx;
     uint64_t e[5U] = { 0U };
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     uint64_t f0 = lo;
     uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
     uint64_t f01 = f010;
     uint64_t f111 = f110;
     uint64_t f2 = f20;
@@ -307,12 +308,12 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     uint64_t mask = b;
     uint64_t f4 = e[4U];
     e[4U] = f4 | mask;
     uint64_t *r1 = pre;
-    uint64_t *r5 = pre + (uint32_t)5U;
+    uint64_t *r5 = pre + 5U;
     uint64_t r0 = r1[0U];
     uint64_t r11 = r1[1U];
     uint64_t r2 = r1[2U];
@@ -367,28 +368,28 @@ static inline void poly1305_padded_32(uint64_t *ctx, uint32_t len, uint8_t *text
     uint64_t t2 = a26;
     uint64_t t3 = a36;
     uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
     uint64_t x0 = t0 & mask26;
     uint64_t x3 = t3 & mask26;
     uint64_t x1 = t1 + z0;
     uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
     uint64_t z12 = z11 + t;
     uint64_t x11 = x1 & mask26;
     uint64_t x41 = x4 & mask26;
     uint64_t x2 = t2 + z01;
     uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
     uint64_t x21 = x2 & mask26;
     uint64_t x02 = x01 & mask26;
     uint64_t x31 = x3 + z02;
     uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
+    uint64_t z03 = x31 >> 26U;
     uint64_t x32 = x31 & mask26;
     uint64_t x42 = x41 + z03;
     uint64_t o0 = x02;
@@ -417,31 +418,31 @@ poly1305_do_32(
 {
   uint64_t ctx[25U] = { 0U };
   uint8_t block[16U] = { 0U };
-  Hacl_Poly1305_32_poly1305_init(ctx, k);
-  if (aadlen != (uint32_t)0U)
+  Hacl_MAC_Poly1305_poly1305_init(ctx, k);
+  if (aadlen != 0U)
   {
     poly1305_padded_32(ctx, aadlen, aad);
   }
-  if (mlen != (uint32_t)0U)
+  if (mlen != 0U)
   {
     poly1305_padded_32(ctx, mlen, m);
   }
   store64_le(block, (uint64_t)aadlen);
-  store64_le(block + (uint32_t)8U, (uint64_t)mlen);
-  uint64_t *pre = ctx + (uint32_t)5U;
+  store64_le(block + 8U, (uint64_t)mlen);
+  uint64_t *pre = ctx + 5U;
   uint64_t *acc = ctx;
   uint64_t e[5U] = { 0U };
   uint64_t u0 = load64_le(block);
   uint64_t lo = u0;
-  uint64_t u = load64_le(block + (uint32_t)8U);
+  uint64_t u = load64_le(block + 8U);
   uint64_t hi = u;
   uint64_t f0 = lo;
   uint64_t f1 = hi;
-  uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-  uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-  uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-  uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-  uint64_t f40 = f1 >> (uint32_t)40U;
+  uint64_t f010 = f0 & 0x3ffffffULL;
+  uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+  uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+  uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+  uint64_t f40 = f1 >> 40U;
   uint64_t f01 = f010;
   uint64_t f111 = f110;
   uint64_t f2 = f20;
@@ -452,12 +453,12 @@ poly1305_do_32(
   e[2U] = f2;
   e[3U] = f3;
   e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
+  uint64_t b = 0x1000000ULL;
   uint64_t mask = b;
   uint64_t f4 = e[4U];
   e[4U] = f4 | mask;
   uint64_t *r = pre;
-  uint64_t *r5 = pre + (uint32_t)5U;
+  uint64_t *r5 = pre + 5U;
   uint64_t r0 = r[0U];
   uint64_t r1 = r[1U];
   uint64_t r2 = r[2U];
@@ -512,28 +513,28 @@ poly1305_do_32(
   uint64_t t2 = a26;
   uint64_t t3 = a36;
   uint64_t t4 = a46;
-  uint64_t mask26 = (uint64_t)0x3ffffffU;
-  uint64_t z0 = t0 >> (uint32_t)26U;
-  uint64_t z1 = t3 >> (uint32_t)26U;
+  uint64_t mask26 = 0x3ffffffULL;
+  uint64_t z0 = t0 >> 26U;
+  uint64_t z1 = t3 >> 26U;
   uint64_t x0 = t0 & mask26;
   uint64_t x3 = t3 & mask26;
   uint64_t x1 = t1 + z0;
   uint64_t x4 = t4 + z1;
-  uint64_t z01 = x1 >> (uint32_t)26U;
-  uint64_t z11 = x4 >> (uint32_t)26U;
-  uint64_t t = z11 << (uint32_t)2U;
+  uint64_t z01 = x1 >> 26U;
+  uint64_t z11 = x4 >> 26U;
+  uint64_t t = z11 << 2U;
   uint64_t z12 = z11 + t;
   uint64_t x11 = x1 & mask26;
   uint64_t x41 = x4 & mask26;
   uint64_t x2 = t2 + z01;
   uint64_t x01 = x0 + z12;
-  uint64_t z02 = x2 >> (uint32_t)26U;
-  uint64_t z13 = x01 >> (uint32_t)26U;
+  uint64_t z02 = x2 >> 26U;
+  uint64_t z13 = x01 >> 26U;
   uint64_t x21 = x2 & mask26;
   uint64_t x02 = x01 & mask26;
   uint64_t x31 = x3 + z02;
   uint64_t x12 = x11 + z13;
-  uint64_t z03 = x31 >> (uint32_t)26U;
+  uint64_t z03 = x31 >> 26U;
   uint64_t x32 = x31 & mask26;
   uint64_t x42 = x41 + z03;
   uint64_t o0 = x02;
@@ -546,95 +547,93 @@ poly1305_do_32(
   acc[2U] = o2;
   acc[3U] = o3;
   acc[4U] = o4;
-  Hacl_Poly1305_32_poly1305_finish(out, k, ctx);
+  Hacl_MAC_Poly1305_poly1305_finish(out, k, ctx);
 }
 
 /**
-Encrypt a message `m` with key `k`.
+Encrypt a message `input` with key `key`.
 
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
 */
 void
-Hacl_Chacha20Poly1305_32_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
 )
 {
-  Hacl_Chacha20_chacha20_encrypt(mlen, cipher, m, k, n, (uint32_t)1U);
+  Hacl_Chacha20_chacha20_encrypt(input_len, output, input, key, nonce, 1U);
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_chacha20_encrypt((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_32(key, aadlen, aad, mlen, cipher, mac);
+  Hacl_Chacha20_chacha20_encrypt(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_32(key1, data_len, data, input_len, output, tag);
 }
 
 /**
-Decrypt a ciphertext `cipher` with key `k`.
+Decrypt a ciphertext `input` with key `key`.
 
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `output` and `input` can point to the same memory.
 
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
 
 @returns 0 on succeess; 1 on failure.
 */
 uint32_t
-Hacl_Chacha20Poly1305_32_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
 )
 {
-  uint8_t computed_mac[16U] = { 0U };
+  uint8_t computed_tag[16U] = { 0U };
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_chacha20_encrypt((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_32(key, aadlen, aad, mlen, cipher, computed_mac);
-  uint8_t res = (uint8_t)255U;
+  Hacl_Chacha20_chacha20_encrypt(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_32(key1, data_len, data, input_len, input, computed_tag);
+  uint8_t res = 255U;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_mac[i], mac[i]);
-    res = uu____0 & res;);
+    0U,
+    16U,
+    1U,
+    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_tag[i], tag[i]);
+    res = (uint32_t)uu____0 & (uint32_t)res;);
   uint8_t z = res;
-  if (z == (uint8_t)255U)
+  if (z == 255U)
   {
-    Hacl_Chacha20_chacha20_encrypt(mlen, m, cipher, k, n, (uint32_t)1U);
-    return (uint32_t)0U;
+    Hacl_Chacha20_chacha20_encrypt(input_len, output, input, key, nonce, 1U);
+    return 0U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_Chacha20Poly1305_128.c b/src/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.c
similarity index 77%
rename from src/msvc/Hacl_Chacha20Poly1305_128.c
rename to src/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.c
index 4cf2eae9..0cfa41fd 100644
--- a/src/msvc/Hacl_Chacha20Poly1305_128.c
+++ b/src/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.c
@@ -23,65 +23,60 @@
  */
 
 
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 
-#include "internal/Hacl_Poly1305_128.h"
+#include "internal/Hacl_MAC_Poly1305_Simd128.h"
 #include "internal/Hacl_Krmllib.h"
 #include "libintvector.h"
 
 static inline void
 poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t *text)
 {
-  uint32_t n = len / (uint32_t)16U;
-  uint32_t r = len % (uint32_t)16U;
+  uint32_t n = len / 16U;
+  uint32_t r = len % 16U;
   uint8_t *blocks = text;
-  uint8_t *rem = text + n * (uint32_t)16U;
-  Lib_IntVector_Intrinsics_vec128 *pre0 = ctx + (uint32_t)5U;
+  uint8_t *rem = text + n * 16U;
+  Lib_IntVector_Intrinsics_vec128 *pre0 = ctx + 5U;
   Lib_IntVector_Intrinsics_vec128 *acc0 = ctx;
-  uint32_t sz_block = (uint32_t)32U;
-  uint32_t len0 = n * (uint32_t)16U / sz_block * sz_block;
+  uint32_t sz_block = 32U;
+  uint32_t len0 = n * 16U / sz_block * sz_block;
   uint8_t *t00 = blocks;
-  if (len0 > (uint32_t)0U)
+  if (len0 > 0U)
   {
-    uint32_t bs = (uint32_t)32U;
+    uint32_t bs = 32U;
     uint8_t *text0 = t00;
-    Hacl_Impl_Poly1305_Field32xN_128_load_acc2(acc0, text0);
+    Hacl_MAC_Poly1305_Simd128_load_acc2(acc0, text0);
     uint32_t len1 = len0 - bs;
     uint8_t *text1 = t00 + bs;
     uint32_t nb = len1 / bs;
-    for (uint32_t i = (uint32_t)0U; i < nb; i++)
+    for (uint32_t i = 0U; i < nb; i++)
     {
       uint8_t *block = text1 + i * bs;
       KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
       Lib_IntVector_Intrinsics_vec128 b1 = Lib_IntVector_Intrinsics_vec128_load64_le(block);
-      Lib_IntVector_Intrinsics_vec128
-      b2 = Lib_IntVector_Intrinsics_vec128_load64_le(block + (uint32_t)16U);
+      Lib_IntVector_Intrinsics_vec128 b2 = Lib_IntVector_Intrinsics_vec128_load64_le(block + 16U);
       Lib_IntVector_Intrinsics_vec128 lo = Lib_IntVector_Intrinsics_vec128_interleave_low64(b1, b2);
       Lib_IntVector_Intrinsics_vec128
       hi = Lib_IntVector_Intrinsics_vec128_interleave_high64(b1, b2);
       Lib_IntVector_Intrinsics_vec128
       f00 =
         Lib_IntVector_Intrinsics_vec128_and(lo,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
       Lib_IntVector_Intrinsics_vec128
       f15 =
-        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-            (uint32_t)26U),
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 26U),
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
       Lib_IntVector_Intrinsics_vec128
       f25 =
-        Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-            (uint32_t)52U),
+        Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 52U),
           Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(hi,
-              Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-            (uint32_t)12U));
+              Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+            12U));
       Lib_IntVector_Intrinsics_vec128
       f30 =
-        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi,
-            (uint32_t)14U),
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-      Lib_IntVector_Intrinsics_vec128
-      f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, (uint32_t)40U);
+        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 14U),
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+      Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 40U);
       Lib_IntVector_Intrinsics_vec128 f0 = f00;
       Lib_IntVector_Intrinsics_vec128 f1 = f15;
       Lib_IntVector_Intrinsics_vec128 f2 = f25;
@@ -92,12 +87,12 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
       e[2U] = f2;
       e[3U] = f3;
       e[4U] = f41;
-      uint64_t b = (uint64_t)0x1000000U;
+      uint64_t b = 0x1000000ULL;
       Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
       Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
       e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
-      Lib_IntVector_Intrinsics_vec128 *rn = pre0 + (uint32_t)10U;
-      Lib_IntVector_Intrinsics_vec128 *rn5 = pre0 + (uint32_t)15U;
+      Lib_IntVector_Intrinsics_vec128 *rn = pre0 + 10U;
+      Lib_IntVector_Intrinsics_vec128 *rn5 = pre0 + 15U;
       Lib_IntVector_Intrinsics_vec128 r0 = rn[0U];
       Lib_IntVector_Intrinsics_vec128 r1 = rn[1U];
       Lib_IntVector_Intrinsics_vec128 r2 = rn[2U];
@@ -202,37 +197,28 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
       Lib_IntVector_Intrinsics_vec128 t2 = a24;
       Lib_IntVector_Intrinsics_vec128 t3 = a34;
       Lib_IntVector_Intrinsics_vec128 t4 = a44;
-      Lib_IntVector_Intrinsics_vec128
-      mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-      Lib_IntVector_Intrinsics_vec128
-      z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+      Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+      Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
       Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
       Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
       Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
       Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-      Lib_IntVector_Intrinsics_vec128
-      z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+      Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+      Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+      Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
       Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
       Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
       Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
       Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
       Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-      Lib_IntVector_Intrinsics_vec128
-      z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+      Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
       Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
       Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
       Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
       Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-      Lib_IntVector_Intrinsics_vec128
-      z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
       Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
       Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
       Lib_IntVector_Intrinsics_vec128 o00 = x02;
@@ -266,45 +252,41 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
       acc0[3U] = o3;
       acc0[4U] = o4;
     }
-    Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(acc0, pre0);
+    Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize(acc0, pre0);
   }
-  uint32_t len1 = n * (uint32_t)16U - len0;
+  uint32_t len1 = n * 16U - len0;
   uint8_t *t10 = blocks + len0;
-  uint32_t nb = len1 / (uint32_t)16U;
-  uint32_t rem1 = len1 % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = len1 / 16U;
+  uint32_t rem1 = len1 % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = t10 + i * (uint32_t)16U;
+    uint8_t *block = t10 + i * 16U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -315,12 +297,12 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
     Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
     Lib_IntVector_Intrinsics_vec128 *r1 = pre0;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre0 + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre0 + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec128 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r1[2U];
@@ -435,37 +417,28 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -479,41 +452,37 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     acc0[3U] = o3;
     acc0[4U] = o4;
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *last = t10 + nb * (uint32_t)16U;
+    uint8_t *last = t10 + nb * 16U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem1 * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -524,12 +493,12 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem1 * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem1 * 8U % 26U;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
-    Lib_IntVector_Intrinsics_vec128 fi = e[rem1 * (uint32_t)8U / (uint32_t)26U];
-    e[rem1 * (uint32_t)8U / (uint32_t)26U] = Lib_IntVector_Intrinsics_vec128_or(fi, mask);
+    Lib_IntVector_Intrinsics_vec128 fi = e[rem1 * 8U / 26U];
+    e[rem1 * 8U / 26U] = Lib_IntVector_Intrinsics_vec128_or(fi, mask);
     Lib_IntVector_Intrinsics_vec128 *r1 = pre0;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre0 + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre0 + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec128 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r1[2U];
@@ -644,37 +613,28 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -690,40 +650,36 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
   }
   uint8_t tmp[16U] = { 0U };
   memcpy(tmp, rem, r * sizeof (uint8_t));
-  if (r > (uint32_t)0U)
+  if (r > 0U)
   {
-    Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *pre = ctx + 5U;
     Lib_IntVector_Intrinsics_vec128 *acc = ctx;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -734,12 +690,12 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
     Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
     Lib_IntVector_Intrinsics_vec128 *r1 = pre;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec128 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r1[2U];
@@ -854,37 +810,28 @@ poly1305_padded_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -913,49 +860,45 @@ poly1305_do_128(
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ctx[25U] KRML_POST_ALIGN(16) = { 0U };
   uint8_t block[16U] = { 0U };
-  Hacl_Poly1305_128_poly1305_init(ctx, k);
-  if (aadlen != (uint32_t)0U)
+  Hacl_MAC_Poly1305_Simd128_poly1305_init(ctx, k);
+  if (aadlen != 0U)
   {
     poly1305_padded_128(ctx, aadlen, aad);
   }
-  if (mlen != (uint32_t)0U)
+  if (mlen != 0U)
   {
     poly1305_padded_128(ctx, mlen, m);
   }
   store64_le(block, (uint64_t)aadlen);
-  store64_le(block + (uint32_t)8U, (uint64_t)mlen);
-  Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
+  store64_le(block + 8U, (uint64_t)mlen);
+  Lib_IntVector_Intrinsics_vec128 *pre = ctx + 5U;
   Lib_IntVector_Intrinsics_vec128 *acc = ctx;
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
   uint64_t u0 = load64_le(block);
   uint64_t lo = u0;
-  uint64_t u = load64_le(block + (uint32_t)8U);
+  uint64_t u = load64_le(block + 8U);
   uint64_t hi = u;
   Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
   Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
   Lib_IntVector_Intrinsics_vec128
   f010 =
     Lib_IntVector_Intrinsics_vec128_and(f0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f110 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f20 =
-    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
       Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec128
   f30 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
   Lib_IntVector_Intrinsics_vec128 f01 = f010;
   Lib_IntVector_Intrinsics_vec128 f111 = f110;
   Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -966,12 +909,12 @@ poly1305_do_128(
   e[2U] = f2;
   e[3U] = f3;
   e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
+  uint64_t b = 0x1000000ULL;
   Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
   Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
   e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
   Lib_IntVector_Intrinsics_vec128 *r = pre;
-  Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
   Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
   Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
   Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
@@ -1086,37 +1029,28 @@ poly1305_do_128(
   Lib_IntVector_Intrinsics_vec128 t2 = a26;
   Lib_IntVector_Intrinsics_vec128 t3 = a36;
   Lib_IntVector_Intrinsics_vec128 t4 = a46;
-  Lib_IntVector_Intrinsics_vec128
-  mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec128
-  z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
   Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec128
-  z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec128
-  z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -1129,95 +1063,93 @@ poly1305_do_128(
   acc[2U] = o2;
   acc[3U] = o3;
   acc[4U] = o4;
-  Hacl_Poly1305_128_poly1305_finish(out, k, ctx);
+  Hacl_MAC_Poly1305_Simd128_poly1305_finish(out, k, ctx);
 }
 
 /**
-Encrypt a message `m` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+Encrypt a message `input` with key `key`.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
 */
 void
-Hacl_Chacha20Poly1305_128_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
 )
 {
-  Hacl_Chacha20_Vec128_chacha20_encrypt_128(mlen, cipher, m, k, n, (uint32_t)1U);
+  Hacl_Chacha20_Vec128_chacha20_encrypt_128(input_len, output, input, key, nonce, 1U);
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_Vec128_chacha20_encrypt_128((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_128(key, aadlen, aad, mlen, cipher, mac);
+  Hacl_Chacha20_Vec128_chacha20_encrypt_128(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_128(key1, data_len, data, input_len, output, tag);
 }
 
 /**
-Decrypt a ciphertext `cipher` with key `k`.
-
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+Decrypt a ciphertext `input` with key `key`.
 
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
 
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
 
 @returns 0 on succeess; 1 on failure.
 */
 uint32_t
-Hacl_Chacha20Poly1305_128_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
 )
 {
-  uint8_t computed_mac[16U] = { 0U };
+  uint8_t computed_tag[16U] = { 0U };
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_Vec128_chacha20_encrypt_128((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_128(key, aadlen, aad, mlen, cipher, computed_mac);
-  uint8_t res = (uint8_t)255U;
+  Hacl_Chacha20_Vec128_chacha20_encrypt_128(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_128(key1, data_len, data, input_len, input, computed_tag);
+  uint8_t res = 255U;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_mac[i], mac[i]);
-    res = uu____0 & res;);
+    0U,
+    16U,
+    1U,
+    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_tag[i], tag[i]);
+    res = (uint32_t)uu____0 & (uint32_t)res;);
   uint8_t z = res;
-  if (z == (uint8_t)255U)
+  if (z == 255U)
   {
-    Hacl_Chacha20_Vec128_chacha20_encrypt_128(mlen, m, cipher, k, n, (uint32_t)1U);
-    return (uint32_t)0U;
+    Hacl_Chacha20_Vec128_chacha20_encrypt_128(input_len, output, input, key, nonce, 1U);
+    return 0U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/Hacl_Chacha20Poly1305_256.c b/src/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.c
similarity index 77%
rename from src/Hacl_Chacha20Poly1305_256.c
rename to src/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.c
index c3dfec03..28414516 100644
--- a/src/Hacl_Chacha20Poly1305_256.c
+++ b/src/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.c
@@ -23,67 +23,61 @@
  */
 
 
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 
-#include "internal/Hacl_Poly1305_256.h"
+#include "internal/Hacl_MAC_Poly1305_Simd256.h"
 #include "internal/Hacl_Krmllib.h"
 #include "libintvector.h"
 
 static inline void
 poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t *text)
 {
-  uint32_t n = len / (uint32_t)16U;
-  uint32_t r = len % (uint32_t)16U;
+  uint32_t n = len / 16U;
+  uint32_t r = len % 16U;
   uint8_t *blocks = text;
-  uint8_t *rem = text + n * (uint32_t)16U;
-  Lib_IntVector_Intrinsics_vec256 *pre0 = ctx + (uint32_t)5U;
+  uint8_t *rem = text + n * 16U;
+  Lib_IntVector_Intrinsics_vec256 *pre0 = ctx + 5U;
   Lib_IntVector_Intrinsics_vec256 *acc0 = ctx;
-  uint32_t sz_block = (uint32_t)64U;
-  uint32_t len0 = n * (uint32_t)16U / sz_block * sz_block;
+  uint32_t sz_block = 64U;
+  uint32_t len0 = n * 16U / sz_block * sz_block;
   uint8_t *t00 = blocks;
-  if (len0 > (uint32_t)0U)
+  if (len0 > 0U)
   {
-    uint32_t bs = (uint32_t)64U;
+    uint32_t bs = 64U;
     uint8_t *text0 = t00;
-    Hacl_Impl_Poly1305_Field32xN_256_load_acc4(acc0, text0);
+    Hacl_MAC_Poly1305_Simd256_load_acc4(acc0, text0);
     uint32_t len1 = len0 - bs;
     uint8_t *text1 = t00 + bs;
     uint32_t nb = len1 / bs;
-    for (uint32_t i = (uint32_t)0U; i < nb; i++)
+    for (uint32_t i = 0U; i < nb; i++)
     {
       uint8_t *block = text1 + i * bs;
       KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
       Lib_IntVector_Intrinsics_vec256 lo = Lib_IntVector_Intrinsics_vec256_load64_le(block);
+      Lib_IntVector_Intrinsics_vec256 hi = Lib_IntVector_Intrinsics_vec256_load64_le(block + 32U);
       Lib_IntVector_Intrinsics_vec256
-      hi = Lib_IntVector_Intrinsics_vec256_load64_le(block + (uint32_t)32U);
-      Lib_IntVector_Intrinsics_vec256
-      mask260 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
+      mask260 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
       Lib_IntVector_Intrinsics_vec256
       m0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(lo, hi);
       Lib_IntVector_Intrinsics_vec256
       m1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(lo, hi);
-      Lib_IntVector_Intrinsics_vec256
-      m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, (uint32_t)48U);
-      Lib_IntVector_Intrinsics_vec256
-      m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, (uint32_t)48U);
+      Lib_IntVector_Intrinsics_vec256 m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, 48U);
+      Lib_IntVector_Intrinsics_vec256 m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, 48U);
       Lib_IntVector_Intrinsics_vec256
       m4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(m0, m1);
       Lib_IntVector_Intrinsics_vec256
       t010 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m0, m1);
       Lib_IntVector_Intrinsics_vec256
       t30 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m2, m3);
-      Lib_IntVector_Intrinsics_vec256
-      t20 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)4U);
+      Lib_IntVector_Intrinsics_vec256 t20 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 4U);
       Lib_IntVector_Intrinsics_vec256 o20 = Lib_IntVector_Intrinsics_vec256_and(t20, mask260);
       Lib_IntVector_Intrinsics_vec256
-      t10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t010, (uint32_t)26U);
+      t10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t010, 26U);
       Lib_IntVector_Intrinsics_vec256 o10 = Lib_IntVector_Intrinsics_vec256_and(t10, mask260);
       Lib_IntVector_Intrinsics_vec256 o5 = Lib_IntVector_Intrinsics_vec256_and(t010, mask260);
-      Lib_IntVector_Intrinsics_vec256
-      t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)30U);
+      Lib_IntVector_Intrinsics_vec256 t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 30U);
       Lib_IntVector_Intrinsics_vec256 o30 = Lib_IntVector_Intrinsics_vec256_and(t31, mask260);
-      Lib_IntVector_Intrinsics_vec256
-      o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256 o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, 40U);
       Lib_IntVector_Intrinsics_vec256 o00 = o5;
       Lib_IntVector_Intrinsics_vec256 o11 = o10;
       Lib_IntVector_Intrinsics_vec256 o21 = o20;
@@ -94,12 +88,12 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
       e[2U] = o21;
       e[3U] = o31;
       e[4U] = o41;
-      uint64_t b = (uint64_t)0x1000000U;
+      uint64_t b = 0x1000000ULL;
       Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
       Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
       e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
-      Lib_IntVector_Intrinsics_vec256 *rn = pre0 + (uint32_t)10U;
-      Lib_IntVector_Intrinsics_vec256 *rn5 = pre0 + (uint32_t)15U;
+      Lib_IntVector_Intrinsics_vec256 *rn = pre0 + 10U;
+      Lib_IntVector_Intrinsics_vec256 *rn5 = pre0 + 15U;
       Lib_IntVector_Intrinsics_vec256 r0 = rn[0U];
       Lib_IntVector_Intrinsics_vec256 r1 = rn[1U];
       Lib_IntVector_Intrinsics_vec256 r2 = rn[2U];
@@ -204,37 +198,28 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
       Lib_IntVector_Intrinsics_vec256 t2 = a24;
       Lib_IntVector_Intrinsics_vec256 t3 = a34;
       Lib_IntVector_Intrinsics_vec256 t4 = a44;
-      Lib_IntVector_Intrinsics_vec256
-      mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-      Lib_IntVector_Intrinsics_vec256
-      z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+      Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+      Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
       Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
       Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
       Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
       Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-      Lib_IntVector_Intrinsics_vec256
-      z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+      Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+      Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+      Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
       Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
       Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
       Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
       Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
       Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-      Lib_IntVector_Intrinsics_vec256
-      z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+      Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
       Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
       Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
       Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
       Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-      Lib_IntVector_Intrinsics_vec256
-      z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
       Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
       Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
       Lib_IntVector_Intrinsics_vec256 o01 = x02;
@@ -268,45 +253,41 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
       acc0[3U] = o3;
       acc0[4U] = o4;
     }
-    Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(acc0, pre0);
+    Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize(acc0, pre0);
   }
-  uint32_t len1 = n * (uint32_t)16U - len0;
+  uint32_t len1 = n * 16U - len0;
   uint8_t *t10 = blocks + len0;
-  uint32_t nb = len1 / (uint32_t)16U;
-  uint32_t rem1 = len1 % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = len1 / 16U;
+  uint32_t rem1 = len1 % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = t10 + i * (uint32_t)16U;
+    uint8_t *block = t10 + i * 16U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -317,12 +298,12 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
     Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
     Lib_IntVector_Intrinsics_vec256 *r1 = pre0;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre0 + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre0 + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec256 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r1[2U];
@@ -437,37 +418,28 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -481,41 +453,37 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     acc0[3U] = o3;
     acc0[4U] = o4;
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *last = t10 + nb * (uint32_t)16U;
+    uint8_t *last = t10 + nb * 16U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem1 * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -526,12 +494,12 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem1 * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem1 * 8U % 26U;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
-    Lib_IntVector_Intrinsics_vec256 fi = e[rem1 * (uint32_t)8U / (uint32_t)26U];
-    e[rem1 * (uint32_t)8U / (uint32_t)26U] = Lib_IntVector_Intrinsics_vec256_or(fi, mask);
+    Lib_IntVector_Intrinsics_vec256 fi = e[rem1 * 8U / 26U];
+    e[rem1 * 8U / 26U] = Lib_IntVector_Intrinsics_vec256_or(fi, mask);
     Lib_IntVector_Intrinsics_vec256 *r1 = pre0;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre0 + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre0 + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec256 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r1[2U];
@@ -646,37 +614,28 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -692,40 +651,36 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
   }
   uint8_t tmp[16U] = { 0U };
   memcpy(tmp, rem, r * sizeof (uint8_t));
-  if (r > (uint32_t)0U)
+  if (r > 0U)
   {
-    Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *pre = ctx + 5U;
     Lib_IntVector_Intrinsics_vec256 *acc = ctx;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -736,12 +691,12 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
     Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
     Lib_IntVector_Intrinsics_vec256 *r1 = pre;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r1[0U];
     Lib_IntVector_Intrinsics_vec256 r11 = r1[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r1[2U];
@@ -856,37 +811,28 @@ poly1305_padded_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -915,49 +861,45 @@ poly1305_do_256(
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ctx[25U] KRML_POST_ALIGN(32) = { 0U };
   uint8_t block[16U] = { 0U };
-  Hacl_Poly1305_256_poly1305_init(ctx, k);
-  if (aadlen != (uint32_t)0U)
+  Hacl_MAC_Poly1305_Simd256_poly1305_init(ctx, k);
+  if (aadlen != 0U)
   {
     poly1305_padded_256(ctx, aadlen, aad);
   }
-  if (mlen != (uint32_t)0U)
+  if (mlen != 0U)
   {
     poly1305_padded_256(ctx, mlen, m);
   }
   store64_le(block, (uint64_t)aadlen);
-  store64_le(block + (uint32_t)8U, (uint64_t)mlen);
-  Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
+  store64_le(block + 8U, (uint64_t)mlen);
+  Lib_IntVector_Intrinsics_vec256 *pre = ctx + 5U;
   Lib_IntVector_Intrinsics_vec256 *acc = ctx;
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
   uint64_t u0 = load64_le(block);
   uint64_t lo = u0;
-  uint64_t u = load64_le(block + (uint32_t)8U);
+  uint64_t u = load64_le(block + 8U);
   uint64_t hi = u;
   Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
   Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
   Lib_IntVector_Intrinsics_vec256
   f010 =
     Lib_IntVector_Intrinsics_vec256_and(f0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
   f110 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
   f20 =
-    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
       Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-          Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec256
   f30 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
   Lib_IntVector_Intrinsics_vec256 f01 = f010;
   Lib_IntVector_Intrinsics_vec256 f111 = f110;
   Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -968,12 +910,12 @@ poly1305_do_256(
   e[2U] = f2;
   e[3U] = f3;
   e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
+  uint64_t b = 0x1000000ULL;
   Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
   Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
   e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
   Lib_IntVector_Intrinsics_vec256 *r = pre;
-  Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
   Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
   Lib_IntVector_Intrinsics_vec256 r1 = r[1U];
   Lib_IntVector_Intrinsics_vec256 r2 = r[2U];
@@ -1088,37 +1030,28 @@ poly1305_do_256(
   Lib_IntVector_Intrinsics_vec256 t2 = a26;
   Lib_IntVector_Intrinsics_vec256 t3 = a36;
   Lib_IntVector_Intrinsics_vec256 t4 = a46;
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec256
-  z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
   Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec256
-  z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec256
-  z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -1131,95 +1064,93 @@ poly1305_do_256(
   acc[2U] = o2;
   acc[3U] = o3;
   acc[4U] = o4;
-  Hacl_Poly1305_256_poly1305_finish(out, k, ctx);
+  Hacl_MAC_Poly1305_Simd256_poly1305_finish(out, k, ctx);
 }
 
 /**
-Encrypt a message `m` with key `k`.
+Encrypt a message `input` with key `key`.
 
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the message.
-@param m Pointer to `mlen` bytes of memory where the message is read from.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.
-@param mac Pointer to 16 bytes of memory where the mac is written to.
+@param output Pointer to `input_len` bytes of memory where the ciphertext is written to.
+@param tag Pointer to 16 bytes of memory where the mac is written to.
+@param input Pointer to `input_len` bytes of memory where the message is read from.
+@param input_len Length of the message.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
 */
 void
-Hacl_Chacha20Poly1305_256_aead_encrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(
+  uint8_t *output,
+  uint8_t *tag,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce
 )
 {
-  Hacl_Chacha20_Vec256_chacha20_encrypt_256(mlen, cipher, m, k, n, (uint32_t)1U);
+  Hacl_Chacha20_Vec256_chacha20_encrypt_256(input_len, output, input, key, nonce, 1U);
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_Vec256_chacha20_encrypt_256((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_256(key, aadlen, aad, mlen, cipher, mac);
+  Hacl_Chacha20_Vec256_chacha20_encrypt_256(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_256(key1, data_len, data, input_len, output, tag);
 }
 
 /**
-Decrypt a ciphertext `cipher` with key `k`.
+Decrypt a ciphertext `input` with key `key`.
 
-The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.
-Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.
+The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption.
+Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory.
 
-If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.
-If decryption fails, the array `m` remains unchanged and the function returns the error code 1.
+If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0.
+If decryption fails, the array `output` remains unchanged and the function returns the error code 1.
 
-@param k Pointer to 32 bytes of memory where the AEAD key is read from.
-@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.
-@param aadlen Length of the associated data.
-@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.
-
-@param mlen Length of the ciphertext.
-@param m Pointer to `mlen` bytes of memory where the message is written to.
-@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.
-@param mac Pointer to 16 bytes of memory where the mac is read from.
+@param output Pointer to `input_len` bytes of memory where the message is written to.
+@param input Pointer to `input_len` bytes of memory where the ciphertext is read from.
+@param input_len Length of the ciphertext.
+@param data Pointer to `data_len` bytes of memory where the associated data is read from.
+@param data_len Length of the associated data.
+@param key Pointer to 32 bytes of memory where the AEAD key is read from.
+@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from.
+@param tag Pointer to 16 bytes of memory where the mac is read from.
 
 @returns 0 on succeess; 1 on failure.
 */
 uint32_t
-Hacl_Chacha20Poly1305_256_aead_decrypt(
-  uint8_t *k,
-  uint8_t *n,
-  uint32_t aadlen,
-  uint8_t *aad,
-  uint32_t mlen,
-  uint8_t *m,
-  uint8_t *cipher,
-  uint8_t *mac
+Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *data,
+  uint32_t data_len,
+  uint8_t *key,
+  uint8_t *nonce,
+  uint8_t *tag
 )
 {
-  uint8_t computed_mac[16U] = { 0U };
+  uint8_t computed_tag[16U] = { 0U };
   uint8_t tmp[64U] = { 0U };
-  Hacl_Chacha20_Vec256_chacha20_encrypt_256((uint32_t)64U, tmp, tmp, k, n, (uint32_t)0U);
-  uint8_t *key = tmp;
-  poly1305_do_256(key, aadlen, aad, mlen, cipher, computed_mac);
-  uint8_t res = (uint8_t)255U;
+  Hacl_Chacha20_Vec256_chacha20_encrypt_256(64U, tmp, tmp, key, nonce, 0U);
+  uint8_t *key1 = tmp;
+  poly1305_do_256(key1, data_len, data, input_len, input, computed_tag);
+  uint8_t res = 255U;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_mac[i], mac[i]);
-    res = uu____0 & res;);
+    0U,
+    16U,
+    1U,
+    uint8_t uu____0 = FStar_UInt8_eq_mask(computed_tag[i], tag[i]);
+    res = (uint32_t)uu____0 & (uint32_t)res;);
   uint8_t z = res;
-  if (z == (uint8_t)255U)
+  if (z == 255U)
   {
-    Hacl_Chacha20_Vec256_chacha20_encrypt_256(mlen, m, cipher, k, n, (uint32_t)1U);
-    return (uint32_t)0U;
+    Hacl_Chacha20_Vec256_chacha20_encrypt_256(input_len, output, input, key, nonce, 1U);
+    return 0U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_Bignum.c b/src/msvc/Hacl_Bignum.c
index ca093c6d..b99423f3 100644
--- a/src/msvc/Hacl_Bignum.c
+++ b/src/msvc/Hacl_Bignum.c
@@ -37,12 +37,12 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t *res
 )
 {
-  if (aLen < (uint32_t)32U || aLen % (uint32_t)2U == (uint32_t)1U)
+  if (aLen < 32U || aLen % 2U == 1U)
   {
     Hacl_Bignum_Multiplication_bn_mul_u32(aLen, a, aLen, b, res);
     return;
   }
-  uint32_t len2 = aLen / (uint32_t)2U;
+  uint32_t len2 = aLen / 2U;
   uint32_t *a0 = a;
   uint32_t *a1 = a + len2;
   uint32_t *b0 = b;
@@ -52,23 +52,23 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t *tmp_ = tmp + aLen;
   uint32_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a0, a1, tmp_);
   uint32_t c10 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a1, a0, t0);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint32_t *os = t0;
-    uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
+    uint32_t x = ((0U - c0) & t0[i]) | (~(0U - c0) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c10);
+  KRML_MAYBE_UNUSED_VAR(c10);
   uint32_t c00 = c0;
   uint32_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b0, b1, tmp_);
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b1, b0, t1);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint32_t *os = t1;
-    uint32_t x = (((uint32_t)0U - c010) & t1[i]) | (~((uint32_t)0U - c010) & tmp_[i]);
+    uint32_t x = ((0U - c010) & t1[i]) | (~(0U - c010) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   uint32_t c11 = c010;
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
@@ -81,66 +81,61 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t *r231 = res + aLen;
   uint32_t *t01 = tmp;
   uint32_t *t231 = tmp + aLen;
-  uint32_t *t45 = tmp + (uint32_t)2U * aLen;
-  uint32_t *t67 = tmp + (uint32_t)3U * aLen;
+  uint32_t *t45 = tmp + 2U * aLen;
+  uint32_t *t67 = tmp + 3U * aLen;
   uint32_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r011, r231, t01);
   uint32_t c_sign = c00 ^ c11;
   uint32_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(aLen, t01, t231, t67);
   uint32_t c31 = c2 - c3;
   uint32_t c4 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, t01, t231, t45);
   uint32_t c41 = c2 + c4;
-  uint32_t mask = (uint32_t)0U - c_sign;
-  for (uint32_t i = (uint32_t)0U; i < aLen; i++)
+  uint32_t mask = 0U - c_sign;
+  for (uint32_t i = 0U; i < aLen; i++)
   {
     uint32_t *os = t45;
     uint32_t x = (mask & t45[i]) | (~mask & t67[i]);
     os[i] = x;
   }
   uint32_t c5 = (mask & c41) | (~mask & c31);
-  uint32_t aLen2 = aLen / (uint32_t)2U;
+  uint32_t aLen2 = aLen / 2U;
   uint32_t *r0 = res + aLen2;
   uint32_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r0, t45, r0);
   uint32_t c6 = r10;
   uint32_t c60 = c6;
   uint32_t c7 = c5 + c60;
   uint32_t *r = res + aLen + aLen2;
-  uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32((uint32_t)0U, r[0U], c7, r);
+  uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32(0U, r[0U], c7, r);
   uint32_t r1;
-  if ((uint32_t)1U < aLen + aLen - (aLen + aLen2))
+  if (1U < aLen + aLen - (aLen + aLen2))
   {
-    uint32_t *a11 = r + (uint32_t)1U;
-    uint32_t *res1 = r + (uint32_t)1U;
+    uint32_t *a11 = r + 1U;
+    uint32_t *res1 = r + 1U;
     uint32_t c = c01;
-    for
-    (uint32_t
-      i = (uint32_t)0U;
-      i
-      < (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U;
-      i++)
+    for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++)
     {
-      uint32_t t11 = a11[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, (uint32_t)0U, res_i0);
-      uint32_t t110 = a11[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t110, (uint32_t)0U, res_i1);
-      uint32_t t111 = a11[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t111, (uint32_t)0U, res_i2);
-      uint32_t t112 = a11[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t112, (uint32_t)0U, res_i);
+      uint32_t t11 = a11[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, 0U, res_i0);
+      uint32_t t110 = a11[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t110, 0U, res_i1);
+      uint32_t t111 = a11[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t111, 0U, res_i2);
+      uint32_t t112 = a11[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t112, 0U, res_i);
     }
     for
     (uint32_t
-      i = (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
+      i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U;
       i
-      < aLen + aLen - (aLen + aLen2) - (uint32_t)1U;
+      < aLen + aLen - (aLen + aLen2) - 1U;
       i++)
     {
       uint32_t t11 = a11[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, (uint32_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, 0U, res_i);
     }
     uint32_t c110 = c;
     r1 = c110;
@@ -152,7 +147,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
-  KRML_HOST_IGNORE(c9);
+  KRML_MAYBE_UNUSED_VAR(c9);
 }
 
 void
@@ -164,12 +159,12 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t *res
 )
 {
-  if (aLen < (uint32_t)32U || aLen % (uint32_t)2U == (uint32_t)1U)
+  if (aLen < 32U || aLen % 2U == 1U)
   {
     Hacl_Bignum_Multiplication_bn_mul_u64(aLen, a, aLen, b, res);
     return;
   }
-  uint32_t len2 = aLen / (uint32_t)2U;
+  uint32_t len2 = aLen / 2U;
   uint64_t *a0 = a;
   uint64_t *a1 = a + len2;
   uint64_t *b0 = b;
@@ -179,23 +174,23 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t *tmp_ = tmp + aLen;
   uint64_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a0, a1, tmp_);
   uint64_t c10 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a1, a0, t0);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint64_t *os = t0;
-    uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
+    uint64_t x = ((0ULL - c0) & t0[i]) | (~(0ULL - c0) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c10);
+  KRML_MAYBE_UNUSED_VAR(c10);
   uint64_t c00 = c0;
   uint64_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b0, b1, tmp_);
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b1, b0, t1);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint64_t *os = t1;
-    uint64_t x = (((uint64_t)0U - c010) & t1[i]) | (~((uint64_t)0U - c010) & tmp_[i]);
+    uint64_t x = ((0ULL - c010) & t1[i]) | (~(0ULL - c010) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   uint64_t c11 = c010;
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
@@ -208,66 +203,61 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t *r231 = res + aLen;
   uint64_t *t01 = tmp;
   uint64_t *t231 = tmp + aLen;
-  uint64_t *t45 = tmp + (uint32_t)2U * aLen;
-  uint64_t *t67 = tmp + (uint32_t)3U * aLen;
+  uint64_t *t45 = tmp + 2U * aLen;
+  uint64_t *t67 = tmp + 3U * aLen;
   uint64_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r011, r231, t01);
   uint64_t c_sign = c00 ^ c11;
   uint64_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(aLen, t01, t231, t67);
   uint64_t c31 = c2 - c3;
   uint64_t c4 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, t01, t231, t45);
   uint64_t c41 = c2 + c4;
-  uint64_t mask = (uint64_t)0U - c_sign;
-  for (uint32_t i = (uint32_t)0U; i < aLen; i++)
+  uint64_t mask = 0ULL - c_sign;
+  for (uint32_t i = 0U; i < aLen; i++)
   {
     uint64_t *os = t45;
     uint64_t x = (mask & t45[i]) | (~mask & t67[i]);
     os[i] = x;
   }
   uint64_t c5 = (mask & c41) | (~mask & c31);
-  uint32_t aLen2 = aLen / (uint32_t)2U;
+  uint32_t aLen2 = aLen / 2U;
   uint64_t *r0 = res + aLen2;
   uint64_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r0, t45, r0);
   uint64_t c6 = r10;
   uint64_t c60 = c6;
   uint64_t c7 = c5 + c60;
   uint64_t *r = res + aLen + aLen2;
-  uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64((uint64_t)0U, r[0U], c7, r);
+  uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64(0ULL, r[0U], c7, r);
   uint64_t r1;
-  if ((uint32_t)1U < aLen + aLen - (aLen + aLen2))
+  if (1U < aLen + aLen - (aLen + aLen2))
   {
-    uint64_t *a11 = r + (uint32_t)1U;
-    uint64_t *res1 = r + (uint32_t)1U;
+    uint64_t *a11 = r + 1U;
+    uint64_t *res1 = r + 1U;
     uint64_t c = c01;
-    for
-    (uint32_t
-      i = (uint32_t)0U;
-      i
-      < (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U;
-      i++)
+    for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++)
     {
-      uint64_t t11 = a11[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, (uint64_t)0U, res_i0);
-      uint64_t t110 = a11[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t110, (uint64_t)0U, res_i1);
-      uint64_t t111 = a11[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t111, (uint64_t)0U, res_i2);
-      uint64_t t112 = a11[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t112, (uint64_t)0U, res_i);
+      uint64_t t11 = a11[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i0);
+      uint64_t t110 = a11[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t110, 0ULL, res_i1);
+      uint64_t t111 = a11[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t111, 0ULL, res_i2);
+      uint64_t t112 = a11[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t112, 0ULL, res_i);
     }
     for
     (uint32_t
-      i = (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
+      i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U;
       i
-      < aLen + aLen - (aLen + aLen2) - (uint32_t)1U;
+      < aLen + aLen - (aLen + aLen2) - 1U;
       i++)
     {
       uint64_t t11 = a11[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i);
     }
     uint64_t c110 = c;
     r1 = c110;
@@ -279,7 +269,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
-  KRML_HOST_IGNORE(c9);
+  KRML_MAYBE_UNUSED_VAR(c9);
 }
 
 void
@@ -290,27 +280,27 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t *res
 )
 {
-  if (aLen < (uint32_t)32U || aLen % (uint32_t)2U == (uint32_t)1U)
+  if (aLen < 32U || aLen % 2U == 1U)
   {
     Hacl_Bignum_Multiplication_bn_sqr_u32(aLen, a, res);
     return;
   }
-  uint32_t len2 = aLen / (uint32_t)2U;
+  uint32_t len2 = aLen / 2U;
   uint32_t *a0 = a;
   uint32_t *a1 = a + len2;
   uint32_t *t0 = tmp;
   uint32_t *tmp_ = tmp + aLen;
   uint32_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a0, a1, tmp_);
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a1, a0, t0);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint32_t *os = t0;
-    uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
+    uint32_t x = ((0U - c0) & t0[i]) | (~(0U - c0) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   uint32_t c00 = c0;
-  KRML_HOST_IGNORE(c00);
+  KRML_MAYBE_UNUSED_VAR(c00);
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len2, t0, tmp1, t23);
@@ -322,54 +312,49 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t *r231 = res + aLen;
   uint32_t *t01 = tmp;
   uint32_t *t231 = tmp + aLen;
-  uint32_t *t45 = tmp + (uint32_t)2U * aLen;
+  uint32_t *t45 = tmp + 2U * aLen;
   uint32_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r011, r231, t01);
   uint32_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(aLen, t01, t231, t45);
   uint32_t c5 = c2 - c3;
-  uint32_t aLen2 = aLen / (uint32_t)2U;
+  uint32_t aLen2 = aLen / 2U;
   uint32_t *r0 = res + aLen2;
   uint32_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r0, t45, r0);
   uint32_t c4 = r10;
   uint32_t c6 = c4;
   uint32_t c7 = c5 + c6;
   uint32_t *r = res + aLen + aLen2;
-  uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32((uint32_t)0U, r[0U], c7, r);
+  uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32(0U, r[0U], c7, r);
   uint32_t r1;
-  if ((uint32_t)1U < aLen + aLen - (aLen + aLen2))
+  if (1U < aLen + aLen - (aLen + aLen2))
   {
-    uint32_t *a11 = r + (uint32_t)1U;
-    uint32_t *res1 = r + (uint32_t)1U;
+    uint32_t *a11 = r + 1U;
+    uint32_t *res1 = r + 1U;
     uint32_t c = c01;
-    for
-    (uint32_t
-      i = (uint32_t)0U;
-      i
-      < (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U;
-      i++)
+    for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++)
     {
-      uint32_t t1 = a11[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a11[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a11[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a11[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a11[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a11[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a11[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a11[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, 0U, res_i);
     }
     for
     (uint32_t
-      i = (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
+      i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U;
       i
-      < aLen + aLen - (aLen + aLen2) - (uint32_t)1U;
+      < aLen + aLen - (aLen + aLen2) - 1U;
       i++)
     {
       uint32_t t1 = a11[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, (uint32_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, 0U, res_i);
     }
     uint32_t c10 = c;
     r1 = c10;
@@ -381,7 +366,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
-  KRML_HOST_IGNORE(c9);
+  KRML_MAYBE_UNUSED_VAR(c9);
 }
 
 void
@@ -392,27 +377,27 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t *res
 )
 {
-  if (aLen < (uint32_t)32U || aLen % (uint32_t)2U == (uint32_t)1U)
+  if (aLen < 32U || aLen % 2U == 1U)
   {
     Hacl_Bignum_Multiplication_bn_sqr_u64(aLen, a, res);
     return;
   }
-  uint32_t len2 = aLen / (uint32_t)2U;
+  uint32_t len2 = aLen / 2U;
   uint64_t *a0 = a;
   uint64_t *a1 = a + len2;
   uint64_t *t0 = tmp;
   uint64_t *tmp_ = tmp + aLen;
   uint64_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a0, a1, tmp_);
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a1, a0, t0);
-  for (uint32_t i = (uint32_t)0U; i < len2; i++)
+  for (uint32_t i = 0U; i < len2; i++)
   {
     uint64_t *os = t0;
-    uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
+    uint64_t x = ((0ULL - c0) & t0[i]) | (~(0ULL - c0) & tmp_[i]);
     os[i] = x;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   uint64_t c00 = c0;
-  KRML_HOST_IGNORE(c00);
+  KRML_MAYBE_UNUSED_VAR(c00);
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len2, t0, tmp1, t23);
@@ -424,54 +409,49 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t *r231 = res + aLen;
   uint64_t *t01 = tmp;
   uint64_t *t231 = tmp + aLen;
-  uint64_t *t45 = tmp + (uint32_t)2U * aLen;
+  uint64_t *t45 = tmp + 2U * aLen;
   uint64_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r011, r231, t01);
   uint64_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(aLen, t01, t231, t45);
   uint64_t c5 = c2 - c3;
-  uint32_t aLen2 = aLen / (uint32_t)2U;
+  uint32_t aLen2 = aLen / 2U;
   uint64_t *r0 = res + aLen2;
   uint64_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r0, t45, r0);
   uint64_t c4 = r10;
   uint64_t c6 = c4;
   uint64_t c7 = c5 + c6;
   uint64_t *r = res + aLen + aLen2;
-  uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64((uint64_t)0U, r[0U], c7, r);
+  uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64(0ULL, r[0U], c7, r);
   uint64_t r1;
-  if ((uint32_t)1U < aLen + aLen - (aLen + aLen2))
+  if (1U < aLen + aLen - (aLen + aLen2))
   {
-    uint64_t *a11 = r + (uint32_t)1U;
-    uint64_t *res1 = r + (uint32_t)1U;
+    uint64_t *a11 = r + 1U;
+    uint64_t *res1 = r + 1U;
     uint64_t c = c01;
-    for
-    (uint32_t
-      i = (uint32_t)0U;
-      i
-      < (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U;
-      i++)
+    for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++)
     {
-      uint64_t t1 = a11[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a11[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a11[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a11[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a11[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a11[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a11[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a11[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, 0ULL, res_i);
     }
     for
     (uint32_t
-      i = (aLen + aLen - (aLen + aLen2) - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
+      i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U;
       i
-      < aLen + aLen - (aLen + aLen2) - (uint32_t)1U;
+      < aLen + aLen - (aLen + aLen2) - 1U;
       i++)
     {
       uint64_t t1 = a11[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c10 = c;
     r1 = c10;
@@ -483,7 +463,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
-  KRML_HOST_IGNORE(c9);
+  KRML_MAYBE_UNUSED_VAR(c9);
 }
 
 void
@@ -495,27 +475,27 @@ Hacl_Bignum_bn_add_mod_n_u32(
   uint32_t *res
 )
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint32_t c0 = 0U;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint32_t t1 = a[i];
     uint32_t t2 = b[i];
@@ -526,27 +506,27 @@ Hacl_Bignum_bn_add_mod_n_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len1);
   uint32_t *tmp = (uint32_t *)alloca(len1 * sizeof (uint32_t));
   memset(tmp, 0U, len1 * sizeof (uint32_t));
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint32_t t1 = res[i];
     uint32_t t2 = n[i];
@@ -555,7 +535,7 @@ Hacl_Bignum_bn_add_mod_n_u32(
   }
   uint32_t c1 = c;
   uint32_t c2 = c00 - c1;
-  for (uint32_t i = (uint32_t)0U; i < len1; i++)
+  for (uint32_t i = 0U; i < len1; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -572,27 +552,27 @@ Hacl_Bignum_bn_add_mod_n_u64(
   uint64_t *res
 )
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint64_t t1 = a[i];
     uint64_t t2 = b[i];
@@ -603,27 +583,27 @@ Hacl_Bignum_bn_add_mod_n_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len1);
   uint64_t *tmp = (uint64_t *)alloca(len1 * sizeof (uint64_t));
   memset(tmp, 0U, len1 * sizeof (uint64_t));
-  uint64_t c = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint64_t c = 0ULL;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint64_t t1 = res[i];
     uint64_t t2 = n[i];
@@ -632,7 +612,7 @@ Hacl_Bignum_bn_add_mod_n_u64(
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
-  for (uint32_t i = (uint32_t)0U; i < len1; i++)
+  for (uint32_t i = 0U; i < len1; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -649,27 +629,27 @@ Hacl_Bignum_bn_sub_mod_n_u32(
   uint32_t *res
 )
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint32_t c0 = 0U;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint32_t t1 = a[i];
     uint32_t t2 = b[i];
@@ -680,27 +660,27 @@ Hacl_Bignum_bn_sub_mod_n_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len1);
   uint32_t *tmp = (uint32_t *)alloca(len1 * sizeof (uint32_t));
   memset(tmp, 0U, len1 * sizeof (uint32_t));
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint32_t t1 = res[i];
     uint32_t t2 = n[i];
@@ -708,9 +688,9 @@ Hacl_Bignum_bn_sub_mod_n_u32(
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t2, res_i);
   }
   uint32_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint32_t c2 = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len1; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t c2 = 0U - c00;
+  for (uint32_t i = 0U; i < len1; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & tmp[i]) | (~c2 & res[i]);
@@ -727,27 +707,27 @@ Hacl_Bignum_bn_sub_mod_n_u64(
   uint64_t *res
 )
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint64_t t1 = a[i];
     uint64_t t2 = b[i];
@@ -758,27 +738,27 @@ Hacl_Bignum_bn_sub_mod_n_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len1);
   uint64_t *tmp = (uint64_t *)alloca(len1 * sizeof (uint64_t));
   memset(tmp, 0U, len1 * sizeof (uint64_t));
-  uint64_t c = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len1 / (uint32_t)4U; i++)
+  uint64_t c = 0ULL;
+  for (uint32_t i = 0U; i < len1 / 4U; i++)
   {
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
-  for (uint32_t i = len1 / (uint32_t)4U * (uint32_t)4U; i < len1; i++)
+  for (uint32_t i = len1 / 4U * 4U; i < len1; i++)
   {
     uint64_t t1 = res[i];
     uint64_t t2 = n[i];
@@ -786,9 +766,9 @@ Hacl_Bignum_bn_sub_mod_n_u64(
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i);
   }
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len1; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
+  for (uint32_t i = 0U; i < len1; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & tmp[i]) | (~c2 & res[i]);
@@ -798,42 +778,42 @@ Hacl_Bignum_bn_sub_mod_n_u64(
 
 uint32_t Hacl_Bignum_ModInvLimb_mod_inv_uint32(uint32_t n0)
 {
-  uint32_t alpha = (uint32_t)2147483648U;
+  uint32_t alpha = 2147483648U;
   uint32_t beta = n0;
-  uint32_t ub = (uint32_t)0U;
-  uint32_t vb = (uint32_t)0U;
-  ub = (uint32_t)1U;
-  vb = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t ub = 0U;
+  uint32_t vb = 0U;
+  ub = 1U;
+  vb = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint32_t us = ub;
     uint32_t vs = vb;
-    uint32_t u_is_odd = (uint32_t)0U - (us & (uint32_t)1U);
+    uint32_t u_is_odd = 0U - (us & 1U);
     uint32_t beta_if_u_is_odd = beta & u_is_odd;
-    ub = ((us ^ beta_if_u_is_odd) >> (uint32_t)1U) + (us & beta_if_u_is_odd);
+    ub = ((us ^ beta_if_u_is_odd) >> 1U) + (us & beta_if_u_is_odd);
     uint32_t alpha_if_u_is_odd = alpha & u_is_odd;
-    vb = (vs >> (uint32_t)1U) + alpha_if_u_is_odd;
+    vb = (vs >> 1U) + alpha_if_u_is_odd;
   }
   return vb;
 }
 
 uint64_t Hacl_Bignum_ModInvLimb_mod_inv_uint64(uint64_t n0)
 {
-  uint64_t alpha = (uint64_t)9223372036854775808U;
+  uint64_t alpha = 9223372036854775808ULL;
   uint64_t beta = n0;
-  uint64_t ub = (uint64_t)0U;
-  uint64_t vb = (uint64_t)0U;
-  ub = (uint64_t)1U;
-  vb = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t ub = 0ULL;
+  uint64_t vb = 0ULL;
+  ub = 1ULL;
+  vb = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t us = ub;
     uint64_t vs = vb;
-    uint64_t u_is_odd = (uint64_t)0U - (us & (uint64_t)1U);
+    uint64_t u_is_odd = 0ULL - (us & 1ULL);
     uint64_t beta_if_u_is_odd = beta & u_is_odd;
-    ub = ((us ^ beta_if_u_is_odd) >> (uint32_t)1U) + (us & beta_if_u_is_odd);
+    ub = ((us ^ beta_if_u_is_odd) >> 1U) + (us & beta_if_u_is_odd);
     uint64_t alpha_if_u_is_odd = alpha & u_is_odd;
-    vb = (vs >> (uint32_t)1U) + alpha_if_u_is_odd;
+    vb = (vs >> 1U) + alpha_if_u_is_odd;
   }
   return vb;
 }
@@ -844,15 +824,15 @@ uint32_t Hacl_Bignum_Montgomery_bn_check_modulus_u32(uint32_t len, uint32_t *n)
   uint32_t *one = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc;
   return m0 & m1;
@@ -867,46 +847,40 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(
 )
 {
   memset(res, 0U, len * sizeof (uint32_t));
-  uint32_t i = nBits / (uint32_t)32U;
-  uint32_t j = nBits % (uint32_t)32U;
-  res[i] = res[i] | (uint32_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U * len - nBits; i0++)
+  uint32_t i = nBits / 32U;
+  uint32_t j = nBits % 32U;
+  res[i] = res[i] | 1U << j;
+  for (uint32_t i0 = 0U; i0 < 64U * len - nBits; i0++)
   {
     Hacl_Bignum_bn_add_mod_n_u32(len, n, res, res, res);
   }
 }
 
-void
-Hacl_Bignum_Montgomery_bn_mont_reduction_u32(
-  uint32_t len,
-  uint32_t *n,
-  uint32_t nInv,
-  uint32_t *c,
-  uint32_t *res
-)
+static void
+bn_mont_reduction_u32(uint32_t len, uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
+  uint32_t c0 = 0U;
+  for (uint32_t i0 = 0U; i0 < len; i0++)
   {
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint32_t c1 = 0U;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint32_t a_i = n[i];
       uint32_t *res_i = res_j0 + i;
@@ -923,27 +897,27 @@ Hacl_Bignum_Montgomery_bn_mont_reduction_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(tmp, 0U, len * sizeof (uint32_t));
-  uint32_t c1 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+  uint32_t c1 = 0U;
+  for (uint32_t i = 0U; i < len / 4U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t12, t2, res_i);
   }
-  for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+  for (uint32_t i = len / 4U * 4U; i < len; i++)
   {
     uint32_t t1 = res[i];
     uint32_t t2 = n[i];
@@ -952,7 +926,7 @@ Hacl_Bignum_Montgomery_bn_mont_reduction_u32(
   }
   uint32_t c10 = c1;
   uint32_t c2 = c00 - c10;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -973,11 +947,11 @@ Hacl_Bignum_Montgomery_bn_to_mont_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, nInv, c, aM);
+  bn_mont_reduction_u32(len, n, nInv, c, aM);
 }
 
 void
@@ -993,7 +967,7 @@ Hacl_Bignum_Montgomery_bn_from_mont_u32(
   uint32_t *tmp = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
   memset(tmp, 0U, (len + len) * sizeof (uint32_t));
   memcpy(tmp, aM, len * sizeof (uint32_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, nInv_u64, tmp, a);
+  bn_mont_reduction_u32(len, n, nInv_u64, tmp, a);
 }
 
 void
@@ -1009,11 +983,11 @@ Hacl_Bignum_Montgomery_bn_mont_mul_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, aM, bM, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, nInv_u64, c, resM);
+  bn_mont_reduction_u32(len, n, nInv_u64, c, resM);
 }
 
 void
@@ -1028,11 +1002,11 @@ Hacl_Bignum_Montgomery_bn_mont_sqr_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len, aM, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, nInv_u64, c, resM);
+  bn_mont_reduction_u32(len, n, nInv_u64, c, resM);
 }
 
 uint64_t Hacl_Bignum_Montgomery_bn_check_modulus_u64(uint32_t len, uint64_t *n)
@@ -1041,15 +1015,15 @@ uint64_t Hacl_Bignum_Montgomery_bn_check_modulus_u64(uint32_t len, uint64_t *n)
   uint64_t *one = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc;
   return m0 & m1;
@@ -1064,46 +1038,40 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(
 )
 {
   memset(res, 0U, len * sizeof (uint64_t));
-  uint32_t i = nBits / (uint32_t)64U;
-  uint32_t j = nBits % (uint32_t)64U;
-  res[i] = res[i] | (uint64_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)128U * len - nBits; i0++)
+  uint32_t i = nBits / 64U;
+  uint32_t j = nBits % 64U;
+  res[i] = res[i] | 1ULL << j;
+  for (uint32_t i0 = 0U; i0 < 128U * len - nBits; i0++)
   {
     Hacl_Bignum_bn_add_mod_n_u64(len, n, res, res, res);
   }
 }
 
-void
-Hacl_Bignum_Montgomery_bn_mont_reduction_u64(
-  uint32_t len,
-  uint64_t *n,
-  uint64_t nInv,
-  uint64_t *c,
-  uint64_t *res
-)
+static void
+bn_mont_reduction_u64(uint32_t len, uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i0 = 0U; i0 < len; i0++)
   {
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint64_t c1 = 0ULL;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint64_t a_i = n[4U * i];
+      uint64_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * i + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * i + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * i + 3U];
+      uint64_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint64_t a_i = n[i];
       uint64_t *res_i = res_j0 + i;
@@ -1120,27 +1088,27 @@ Hacl_Bignum_Montgomery_bn_mont_reduction_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(tmp, 0U, len * sizeof (uint64_t));
-  uint64_t c1 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+  uint64_t c1 = 0ULL;
+  for (uint32_t i = 0U; i < len / 4U; i++)
   {
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t12, t2, res_i);
   }
-  for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+  for (uint32_t i = len / 4U * 4U; i < len; i++)
   {
     uint64_t t1 = res[i];
     uint64_t t2 = n[i];
@@ -1149,7 +1117,7 @@ Hacl_Bignum_Montgomery_bn_mont_reduction_u64(
   }
   uint64_t c10 = c1;
   uint64_t c2 = c00 - c10;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -1170,11 +1138,11 @@ Hacl_Bignum_Montgomery_bn_to_mont_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, nInv, c, aM);
+  bn_mont_reduction_u64(len, n, nInv, c, aM);
 }
 
 void
@@ -1190,7 +1158,7 @@ Hacl_Bignum_Montgomery_bn_from_mont_u64(
   uint64_t *tmp = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
   memset(tmp, 0U, (len + len) * sizeof (uint64_t));
   memcpy(tmp, aM, len * sizeof (uint64_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, nInv_u64, tmp, a);
+  bn_mont_reduction_u64(len, n, nInv_u64, tmp, a);
 }
 
 void
@@ -1206,11 +1174,11 @@ Hacl_Bignum_Montgomery_bn_mont_mul_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, aM, bM, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, nInv_u64, c, resM);
+  bn_mont_reduction_u64(len, n, nInv_u64, c, resM);
 }
 
 void
@@ -1225,15 +1193,15 @@ Hacl_Bignum_Montgomery_bn_mont_sqr_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len, aM, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, nInv_u64, c, resM);
+  bn_mont_reduction_u64(len, n, nInv_u64, c, resM);
 }
 
-static void
-bn_almost_mont_reduction_u32(
+void
+Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(
   uint32_t len,
   uint32_t *n,
   uint32_t nInv,
@@ -1241,28 +1209,28 @@ bn_almost_mont_reduction_u32(
   uint32_t *res
 )
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
+  uint32_t c0 = 0U;
+  for (uint32_t i0 = 0U; i0 < len; i0++)
   {
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint32_t c1 = 0U;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint32_t a_i = n[i];
       uint32_t *res_i = res_j0 + i;
@@ -1280,9 +1248,9 @@ bn_almost_mont_reduction_u32(
   uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(tmp, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t m = 0U - c00;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t *os = res;
     uint32_t x = (m & tmp[i]) | (~m & res[i]);
@@ -1303,11 +1271,11 @@ bn_almost_mont_mul_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, aM, bM, tmp, c);
-  bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM);
 }
 
 static void
@@ -1322,15 +1290,15 @@ bn_almost_mont_sqr_u32(
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
   memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len, aM, tmp, c);
-  bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM);
 }
 
-static void
-bn_almost_mont_reduction_u64(
+void
+Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(
   uint32_t len,
   uint64_t *n,
   uint64_t nInv,
@@ -1338,28 +1306,28 @@ bn_almost_mont_reduction_u64(
   uint64_t *res
 )
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i0 = 0U; i0 < len; i0++)
   {
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint64_t c1 = 0ULL;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint64_t a_i = n[4U * i];
+      uint64_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * i + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * i + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * i + 3U];
+      uint64_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint64_t a_i = n[i];
       uint64_t *res_i = res_j0 + i;
@@ -1377,9 +1345,9 @@ bn_almost_mont_reduction_u64(
   uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(tmp, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t m = 0ULL - c00;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t *os = res;
     uint64_t x = (m & tmp[i]) | (~m & res[i]);
@@ -1400,11 +1368,11 @@ bn_almost_mont_mul_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, aM, bM, tmp, c);
-  bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM);
 }
 
 static void
@@ -1419,11 +1387,11 @@ bn_almost_mont_sqr_u64(
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
   memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len, aM, tmp, c);
-  bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM);
 }
 
 uint32_t
@@ -1439,56 +1407,56 @@ Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32(
   uint32_t *one = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m10 = acc0;
   uint32_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t m1;
-  if (bBits < (uint32_t)32U * bLen)
+  if (bBits < 32U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), bLen);
     uint32_t *b2 = (uint32_t *)alloca(bLen * sizeof (uint32_t));
     memset(b2, 0U, bLen * sizeof (uint32_t));
-    uint32_t i0 = bBits / (uint32_t)32U;
-    uint32_t j = bBits % (uint32_t)32U;
-    b2[i0] = b2[i0] | (uint32_t)1U << j;
-    uint32_t acc = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 32U;
+    uint32_t j = bBits % 32U;
+    b2[i0] = b2[i0] | 1U << j;
+    uint32_t acc = 0U;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint32_t beq = FStar_UInt32_eq_mask(b[i], b2[i]);
       uint32_t blt = ~FStar_UInt32_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
     }
     uint32_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint32_t)0xFFFFFFFFU;
+    m1 = 0xFFFFFFFFU;
   }
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m2 = acc;
   uint32_t m = m1 & m2;
@@ -1507,19 +1475,12 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t *aM = (uint32_t *)alloca(len * sizeof (uint32_t));
     memset(aM, 0U, len * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-    uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
-    memset(c, 0U, (len + len) * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-    uint32_t *tmp0 = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-    memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-    Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp0, c);
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c, aM);
+    Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM);
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t *resM = (uint32_t *)alloca(len * sizeof (uint32_t));
     memset(resM, 0U, len * sizeof (uint32_t));
@@ -1531,13 +1492,13 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
     uint32_t *ctx_n = ctx;
     uint32_t *ctx_r2 = ctx + len;
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)32U;
-      uint32_t j = i % (uint32_t)32U;
+      uint32_t i1 = i / 32U;
+      uint32_t j = i % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
-      if (!(bit == (uint32_t)0U))
+      uint32_t bit = tmp >> j & 1U;
+      if (!(bit == 0U))
       {
         uint32_t *ctx_n0 = ctx;
         bn_almost_mont_mul_u32(len, ctx_n0, mu, resM, aM, resM);
@@ -1545,44 +1506,33 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
       uint32_t *ctx_n0 = ctx;
       bn_almost_mont_sqr_u32(len, ctx_n0, mu, aM, aM);
     }
-    KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-    uint32_t *tmp = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
-    memset(tmp, 0U, (len + len) * sizeof (uint32_t));
-    memcpy(tmp, resM, len * sizeof (uint32_t));
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, tmp, res);
+    Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res);
     return;
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t *aM = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(aM, 0U, len * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
-  memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp0 = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp0, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c, aM);
+  Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM);
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t *resM = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(resM, 0U, len * sizeof (uint32_t));
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t *ctx = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
   memset(ctx, 0U, (len + len) * sizeof (uint32_t));
   memcpy(ctx, n, len * sizeof (uint32_t));
   memcpy(ctx + len, r2, len * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)16U * len);
-  uint32_t *table = (uint32_t *)alloca((uint32_t)16U * len * sizeof (uint32_t));
-  memset(table, 0U, (uint32_t)16U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len);
+  uint32_t *table = (uint32_t *)alloca(16U * len * sizeof (uint32_t));
+  memset(table, 0U, 16U * len * sizeof (uint32_t));
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(tmp, 0U, len * sizeof (uint32_t));
@@ -1593,21 +1543,21 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
   Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n0, mu, ctx_r20, t0);
   memcpy(t1, aM, len * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * len;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * len;
     uint32_t *ctx_n1 = ctx;
     bn_almost_mont_sqr_u32(len, ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len, tmp, len * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len;
+    memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * len;
     uint32_t *ctx_n = ctx;
     bn_almost_mont_mul_u32(len, ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len, tmp, len * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, 4U);
     uint32_t bits_l32 = bits_c;
     const uint32_t *a_bits_l = table + bits_l32 * len;
     memcpy(resM, (uint32_t *)a_bits_l, len * sizeof (uint32_t));
@@ -1619,29 +1569,25 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM);
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
-  uint32_t *tmp1 = (uint32_t *)alloca(len * sizeof (uint32_t));
-  memset(tmp1, 0U, len * sizeof (uint32_t));
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  uint32_t *tmp0 = (uint32_t *)alloca(len * sizeof (uint32_t));
+  memset(tmp0, 0U, len * sizeof (uint32_t));
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       bn_almost_mont_sqr_u32(len, ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
     uint32_t bits_l32 = bits_l;
     const uint32_t *a_bits_l = table + bits_l32 * len;
-    memcpy(tmp1, (uint32_t *)a_bits_l, len * sizeof (uint32_t));
+    memcpy(tmp0, (uint32_t *)a_bits_l, len * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
-    bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp1, resM);
+    bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp0, resM);
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t *tmp2 = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
-  memset(tmp2, 0U, (len + len) * sizeof (uint32_t));
-  memcpy(tmp2, resM, len * sizeof (uint32_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, tmp2, res);
+  Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res);
 }
 
 void
@@ -1656,19 +1602,12 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t *aM = (uint32_t *)alloca(len * sizeof (uint32_t));
     memset(aM, 0U, len * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-    uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
-    memset(c, 0U, (len + len) * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-    uint32_t *tmp0 = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-    memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-    Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp0, c);
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c, aM);
+    Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM);
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t *resM = (uint32_t *)alloca(len * sizeof (uint32_t));
     memset(resM, 0U, len * sizeof (uint32_t));
@@ -1677,20 +1616,20 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
     memset(ctx, 0U, (len + len) * sizeof (uint32_t));
     memcpy(ctx, n, len * sizeof (uint32_t));
     memcpy(ctx + len, r2, len * sizeof (uint32_t));
-    uint32_t sw = (uint32_t)0U;
+    uint32_t sw = 0U;
     uint32_t *ctx_n = ctx;
     uint32_t *ctx_r2 = ctx + len;
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)32U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)32U;
+      uint32_t i1 = (bBits - i0 - 1U) / 32U;
+      uint32_t j = (bBits - i0 - 1U) % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
+      uint32_t bit = tmp >> j & 1U;
       uint32_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      for (uint32_t i = 0U; i < len; i++)
       {
-        uint32_t dummy = ((uint32_t)0U - sw1) & (resM[i] ^ aM[i]);
+        uint32_t dummy = (0U - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;
       }
@@ -1701,50 +1640,39 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
       sw = bit;
     }
     uint32_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < len; i++)
+    for (uint32_t i = 0U; i < len; i++)
     {
-      uint32_t dummy = ((uint32_t)0U - sw0) & (resM[i] ^ aM[i]);
+      uint32_t dummy = (0U - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;
     }
-    KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-    uint32_t *tmp = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
-    memset(tmp, 0U, (len + len) * sizeof (uint32_t));
-    memcpy(tmp, resM, len * sizeof (uint32_t));
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, tmp, res);
+    Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res);
     return;
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t *aM = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(aM, 0U, len * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t *c0 = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
-  memset(c0, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp0 = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp0, c0);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c0, aM);
+  Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM);
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t *resM = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(resM, 0U, len * sizeof (uint32_t));
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
   uint32_t *ctx = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
   memset(ctx, 0U, (len + len) * sizeof (uint32_t));
   memcpy(ctx, n, len * sizeof (uint32_t));
   memcpy(ctx + len, r2, len * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)16U * len);
-  uint32_t *table = (uint32_t *)alloca((uint32_t)16U * len * sizeof (uint32_t));
-  memset(table, 0U, (uint32_t)16U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len);
+  uint32_t *table = (uint32_t *)alloca(16U * len * sizeof (uint32_t));
+  memset(table, 0U, 16U * len * sizeof (uint32_t));
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(tmp, 0U, len * sizeof (uint32_t));
@@ -1755,29 +1683,29 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
   Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n0, mu, ctx_r20, t0);
   memcpy(t1, aM, len * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * len;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * len;
     uint32_t *ctx_n1 = ctx;
     bn_almost_mont_sqr_u32(len, ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len, tmp, len * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len;
+    memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * len;
     uint32_t *ctx_n = ctx;
     bn_almost_mont_mul_u32(len, ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len, tmp, len * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint32_t *)(table + (uint32_t)0U * len), len * sizeof (uint32_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, 4U);
+    memcpy(resM, (uint32_t *)(table + 0U * len), len * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * len;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * len;
+      for (uint32_t i = 0U; i < len; i++)
       {
         uint32_t *os = resM;
         uint32_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -1791,39 +1719,35 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM);
   }
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
-  uint32_t *tmp1 = (uint32_t *)alloca(len * sizeof (uint32_t));
-  memset(tmp1, 0U, len * sizeof (uint32_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  uint32_t *tmp0 = (uint32_t *)alloca(len * sizeof (uint32_t));
+  memset(tmp0, 0U, len * sizeof (uint32_t));
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       bn_almost_mont_sqr_u32(len, ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp1, (uint32_t *)(table + (uint32_t)0U * len), len * sizeof (uint32_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
+    memcpy(tmp0, (uint32_t *)(table + 0U * len), len * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * len;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * len;
+      for (uint32_t i = 0U; i < len; i++)
       {
-        uint32_t *os = tmp1;
-        uint32_t x = (c & res_j[i]) | (~c & tmp1[i]);
+        uint32_t *os = tmp0;
+        uint32_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;
       });
     uint32_t *ctx_n = ctx;
-    bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp1, resM);
+    bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp0, resM);
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t *tmp2 = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
-  memset(tmp2, 0U, (len + len) * sizeof (uint32_t));
-  memcpy(tmp2, resM, len * sizeof (uint32_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, tmp2, res);
+  Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res);
 }
 
 void
@@ -1877,56 +1801,56 @@ Hacl_Bignum_Exponentiation_bn_check_mod_exp_u64(
   uint64_t *one = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m10 = acc0;
   uint64_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t m1;
-  if (bBits < (uint32_t)64U * bLen)
+  if (bBits < 64U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), bLen);
     uint64_t *b2 = (uint64_t *)alloca(bLen * sizeof (uint64_t));
     memset(b2, 0U, bLen * sizeof (uint64_t));
-    uint32_t i0 = bBits / (uint32_t)64U;
-    uint32_t j = bBits % (uint32_t)64U;
-    b2[i0] = b2[i0] | (uint64_t)1U << j;
-    uint64_t acc = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 64U;
+    uint32_t j = bBits % 64U;
+    b2[i0] = b2[i0] | 1ULL << j;
+    uint64_t acc = 0ULL;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]);
       uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
     }
     uint64_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    m1 = 0xFFFFFFFFFFFFFFFFULL;
   }
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m2 = acc;
   uint64_t m = m1 & m2;
@@ -1945,19 +1869,12 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t *aM = (uint64_t *)alloca(len * sizeof (uint64_t));
     memset(aM, 0U, len * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-    uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
-    memset(c, 0U, (len + len) * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-    uint64_t *tmp0 = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-    memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-    Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp0, c);
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c, aM);
+    Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM);
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t *resM = (uint64_t *)alloca(len * sizeof (uint64_t));
     memset(resM, 0U, len * sizeof (uint64_t));
@@ -1969,13 +1886,13 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
     uint64_t *ctx_n = ctx;
     uint64_t *ctx_r2 = ctx + len;
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)64U;
-      uint32_t j = i % (uint32_t)64U;
+      uint32_t i1 = i / 64U;
+      uint32_t j = i % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
-      if (!(bit == (uint64_t)0U))
+      uint64_t bit = tmp >> j & 1ULL;
+      if (!(bit == 0ULL))
       {
         uint64_t *ctx_n0 = ctx;
         bn_almost_mont_mul_u64(len, ctx_n0, mu, resM, aM, resM);
@@ -1983,44 +1900,33 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
       uint64_t *ctx_n0 = ctx;
       bn_almost_mont_sqr_u64(len, ctx_n0, mu, aM, aM);
     }
-    KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-    uint64_t *tmp = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
-    memset(tmp, 0U, (len + len) * sizeof (uint64_t));
-    memcpy(tmp, resM, len * sizeof (uint64_t));
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, tmp, res);
+    Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res);
     return;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t *aM = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(aM, 0U, len * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
-  memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp0 = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp0, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c, aM);
+  Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM);
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t *resM = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(resM, 0U, len * sizeof (uint64_t));
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t *ctx = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
   memset(ctx, 0U, (len + len) * sizeof (uint64_t));
   memcpy(ctx, n, len * sizeof (uint64_t));
   memcpy(ctx + len, r2, len * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)16U * len);
-  uint64_t *table = (uint64_t *)alloca((uint32_t)16U * len * sizeof (uint64_t));
-  memset(table, 0U, (uint32_t)16U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len);
+  uint64_t *table = (uint64_t *)alloca(16U * len * sizeof (uint64_t));
+  memset(table, 0U, 16U * len * sizeof (uint64_t));
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(tmp, 0U, len * sizeof (uint64_t));
@@ -2031,21 +1937,21 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
   Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n0, mu, ctx_r20, t0);
   memcpy(t1, aM, len * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * len;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * len;
     uint64_t *ctx_n1 = ctx;
     bn_almost_mont_sqr_u64(len, ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len, tmp, len * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len;
+    memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * len;
     uint64_t *ctx_n = ctx;
     bn_almost_mont_mul_u64(len, ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len, tmp, len * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, 4U);
     uint32_t bits_l32 = (uint32_t)bits_c;
     const uint64_t *a_bits_l = table + bits_l32 * len;
     memcpy(resM, (uint64_t *)a_bits_l, len * sizeof (uint64_t));
@@ -2057,29 +1963,25 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
-  uint64_t *tmp1 = (uint64_t *)alloca(len * sizeof (uint64_t));
-  memset(tmp1, 0U, len * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  uint64_t *tmp0 = (uint64_t *)alloca(len * sizeof (uint64_t));
+  memset(tmp0, 0U, len * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       bn_almost_mont_sqr_u64(len, ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
     uint32_t bits_l32 = (uint32_t)bits_l;
     const uint64_t *a_bits_l = table + bits_l32 * len;
-    memcpy(tmp1, (uint64_t *)a_bits_l, len * sizeof (uint64_t));
+    memcpy(tmp0, (uint64_t *)a_bits_l, len * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
-    bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp1, resM);
+    bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp0, resM);
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t *tmp2 = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
-  memset(tmp2, 0U, (len + len) * sizeof (uint64_t));
-  memcpy(tmp2, resM, len * sizeof (uint64_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, tmp2, res);
+  Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res);
 }
 
 void
@@ -2094,19 +1996,12 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t *aM = (uint64_t *)alloca(len * sizeof (uint64_t));
     memset(aM, 0U, len * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-    uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
-    memset(c, 0U, (len + len) * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-    uint64_t *tmp0 = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-    memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-    Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp0, c);
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c, aM);
+    Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM);
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t *resM = (uint64_t *)alloca(len * sizeof (uint64_t));
     memset(resM, 0U, len * sizeof (uint64_t));
@@ -2115,20 +2010,20 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
     memset(ctx, 0U, (len + len) * sizeof (uint64_t));
     memcpy(ctx, n, len * sizeof (uint64_t));
     memcpy(ctx + len, r2, len * sizeof (uint64_t));
-    uint64_t sw = (uint64_t)0U;
+    uint64_t sw = 0ULL;
     uint64_t *ctx_n = ctx;
     uint64_t *ctx_r2 = ctx + len;
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)64U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)64U;
+      uint32_t i1 = (bBits - i0 - 1U) / 64U;
+      uint32_t j = (bBits - i0 - 1U) % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
+      uint64_t bit = tmp >> j & 1ULL;
       uint64_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      for (uint32_t i = 0U; i < len; i++)
       {
-        uint64_t dummy = ((uint64_t)0U - sw1) & (resM[i] ^ aM[i]);
+        uint64_t dummy = (0ULL - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;
       }
@@ -2139,50 +2034,39 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
       sw = bit;
     }
     uint64_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < len; i++)
+    for (uint32_t i = 0U; i < len; i++)
     {
-      uint64_t dummy = ((uint64_t)0U - sw0) & (resM[i] ^ aM[i]);
+      uint64_t dummy = (0ULL - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;
     }
-    KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-    uint64_t *tmp = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
-    memset(tmp, 0U, (len + len) * sizeof (uint64_t));
-    memcpy(tmp, resM, len * sizeof (uint64_t));
-    Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, tmp, res);
+    Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res);
     return;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t *aM = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(aM, 0U, len * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t *c0 = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
-  memset(c0, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp0 = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp0, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp0, c0);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c0, aM);
+  Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM);
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t *resM = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(resM, 0U, len * sizeof (uint64_t));
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
   uint64_t *ctx = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
   memset(ctx, 0U, (len + len) * sizeof (uint64_t));
   memcpy(ctx, n, len * sizeof (uint64_t));
   memcpy(ctx + len, r2, len * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)16U * len);
-  uint64_t *table = (uint64_t *)alloca((uint32_t)16U * len * sizeof (uint64_t));
-  memset(table, 0U, (uint32_t)16U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len);
+  uint64_t *table = (uint64_t *)alloca(16U * len * sizeof (uint64_t));
+  memset(table, 0U, 16U * len * sizeof (uint64_t));
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(tmp, 0U, len * sizeof (uint64_t));
@@ -2193,29 +2077,29 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
   Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n0, mu, ctx_r20, t0);
   memcpy(t1, aM, len * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * len;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * len;
     uint64_t *ctx_n1 = ctx;
     bn_almost_mont_sqr_u64(len, ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len, tmp, len * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len;
+    memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * len;
     uint64_t *ctx_n = ctx;
     bn_almost_mont_mul_u64(len, ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len, tmp, len * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint64_t *)(table + (uint32_t)0U * len), len * sizeof (uint64_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, 4U);
+    memcpy(resM, (uint64_t *)(table + 0U * len), len * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * len;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * len;
+      for (uint32_t i = 0U; i < len; i++)
       {
         uint64_t *os = resM;
         uint64_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -2229,39 +2113,35 @@ Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
-  uint64_t *tmp1 = (uint64_t *)alloca(len * sizeof (uint64_t));
-  memset(tmp1, 0U, len * sizeof (uint64_t));
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  uint64_t *tmp0 = (uint64_t *)alloca(len * sizeof (uint64_t));
+  memset(tmp0, 0U, len * sizeof (uint64_t));
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       bn_almost_mont_sqr_u64(len, ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp1, (uint64_t *)(table + (uint32_t)0U * len), len * sizeof (uint64_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
+    memcpy(tmp0, (uint64_t *)(table + 0U * len), len * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * len;
-      for (uint32_t i = (uint32_t)0U; i < len; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * len;
+      for (uint32_t i = 0U; i < len; i++)
       {
-        uint64_t *os = tmp1;
-        uint64_t x = (c & res_j[i]) | (~c & tmp1[i]);
+        uint64_t *os = tmp0;
+        uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;
       });
     uint64_t *ctx_n = ctx;
-    bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp1, resM);
+    bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp0, resM);
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t *tmp2 = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
-  memset(tmp2, 0U, (len + len) * sizeof (uint64_t));
-  memcpy(tmp2, resM, len * sizeof (uint64_t));
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, tmp2, res);
+  Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res);
 }
 
 void
diff --git a/src/msvc/Hacl_Bignum256.c b/src/msvc/Hacl_Bignum256.c
index b516e70d..a4f00b83 100644
--- a/src/msvc/Hacl_Bignum256.c
+++ b/src/msvc/Hacl_Bignum256.c
@@ -60,23 +60,23 @@ Write `a + b mod 2^256` in `res`.
 */
 uint64_t Hacl_Bignum256_add(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   return c;
@@ -91,23 +91,23 @@ Write `a - b mod 2^256` in `res`.
 */
 uint64_t Hacl_Bignum256_sub(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   return c;
@@ -125,52 +125,52 @@ Write `(a + b) mod n` in `res`.
 */
 void Hacl_Bignum256_add_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
@@ -188,53 +188,53 @@ Write `(a - b) mod n` in `res`.
 */
 void Hacl_Bignum256_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & tmp[i]) | (~c2 & res[i]);
     os[i] = x;);
@@ -248,30 +248,30 @@ Write `a * b` in `res`.
 */
 void Hacl_Bignum256_mul(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t bj = b[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = a[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = a[4U * 0U];
+      uint64_t *res_i0 = res_j + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = a[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = a[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = a[4U * 0U + 3U];
+      uint64_t *res_i = res_j + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
     uint64_t r = c;
-    res[(uint32_t)4U + i0] = r;);
+    res[4U + i0] = r;);
 }
 
 /**
@@ -282,31 +282,31 @@ Write `a * a` in `res`.
 */
 void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *ab = a;
     uint64_t a_j = a[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = ab[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = ab[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = ab[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = ab[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint64_t a_i = ab[i];
       uint64_t *res_i = res_j + i;
@@ -314,29 +314,29 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     }
     uint64_t r = c;
     res[i0 + i0] = r;);
-  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, res, res);
+  KRML_MAYBE_UNUSED_VAR(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U));
+    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U));
     uint64_t lo = FStar_UInt128_uint128_to_uint64(res1);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;);
+  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, tmp, res);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
-  uint32_t i = nBits / (uint32_t)64U;
-  uint32_t j = nBits % (uint32_t)64U;
-  res[i] = res[i] | (uint64_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)512U - nBits; i0++)
+  memset(res, 0U, 4U * sizeof (uint64_t));
+  uint32_t i = nBits / 64U;
+  uint32_t j = nBits % 64U;
+  res[i] = res[i] | 1ULL << j;
+  for (uint32_t i0 = 0U; i0 < 512U - nBits; i0++)
   {
     Hacl_Bignum256_add_mod(n, res, res, res);
   }
@@ -344,112 +344,119 @@ static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
 
 static inline void reduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
+    uint64_t c1 = 0ULL;
     {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = n[4U * 0U];
+      uint64_t *res_i0 = res_j0 + 4U * 0U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * 0U + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * 0U + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * 0U + 3U];
+      uint64_t *res_i = res_j0 + 4U * 0U + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i);
     }
     uint64_t r = c1;
     uint64_t c10 = r;
-    uint64_t *resb = c + (uint32_t)4U + i0;
-    uint64_t res_j = c[(uint32_t)4U + i0];
+    uint64_t *resb = c + 4U + i0;
+    uint64_t res_j = c[4U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb););
-  memcpy(res, c + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, c + 4U, 4U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c1 = (uint64_t)0U;
+  uint64_t c1 = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t12, t2, res_i);
   }
   uint64_t c10 = c1;
   uint64_t c2 = c00 - c10;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
 }
 
+static inline void to(uint64_t *n, uint64_t nInv, uint64_t *r2, uint64_t *a, uint64_t *aM)
+{
+  uint64_t c[8U] = { 0U };
+  Hacl_Bignum256_mul(a, r2, c);
+  reduction(n, nInv, c, aM);
+}
+
 static inline void from(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *a)
 {
   uint64_t tmp[8U] = { 0U };
-  memcpy(tmp, aM, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(tmp, aM, 4U * sizeof (uint64_t));
   reduction(n, nInv_u64, tmp, a);
 }
 
 static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
+    uint64_t c1 = 0ULL;
     {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = n[4U * 0U];
+      uint64_t *res_i0 = res_j0 + 4U * 0U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * 0U + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * 0U + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * 0U + 3U];
+      uint64_t *res_i = res_j0 + 4U * 0U + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i);
     }
     uint64_t r = c1;
     uint64_t c10 = r;
-    uint64_t *resb = c + (uint32_t)4U + i0;
-    uint64_t res_j = c[(uint32_t)4U + i0];
+    uint64_t *resb = c + 4U + i0;
+    uint64_t res_j = c[4U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb););
-  memcpy(res, c + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, c + 4U, 4U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t m = 0ULL - c00;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (m & tmp[i]) | (~m & res[i]);
     os[i] = x;);
@@ -459,82 +466,14 @@ static inline void
 amont_mul(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *bM, uint64_t *resM)
 {
   uint64_t c[8U] = { 0U };
-  memset(c, 0U, (uint32_t)8U * sizeof (uint64_t));
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t bj = bM[i0];
-    uint64_t *res_j = c + i0;
-    uint64_t c1 = (uint64_t)0U;
-    {
-      uint64_t a_i = aM[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c1, res_i0);
-      uint64_t a_i0 = aM[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c1, res_i1);
-      uint64_t a_i1 = aM[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c1, res_i2);
-      uint64_t a_i2 = aM[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c1, res_i);
-    }
-    uint64_t r = c1;
-    c[(uint32_t)4U + i0] = r;);
+  Hacl_Bignum256_mul(aM, bM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
 static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *resM)
 {
   uint64_t c[8U] = { 0U };
-  memset(c, 0U, (uint32_t)8U * sizeof (uint64_t));
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *ab = aM;
-    uint64_t a_j = aM[i0];
-    uint64_t *res_j = c + i0;
-    uint64_t c1 = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
-    {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c1, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c1, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c1, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c1, res_i);
-    }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
-    {
-      uint64_t a_i = ab[i];
-      uint64_t *res_i = res_j + i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c1, res_i);
-    }
-    uint64_t r = c1;
-    c[i0 + i0] = r;);
-  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, c, c);
-  KRML_HOST_IGNORE(c0);
-  uint64_t tmp[8U] = { 0U };
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    FStar_UInt128_uint128 res = FStar_UInt128_mul_wide(aM[i], aM[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U));
-    uint64_t lo = FStar_UInt128_uint128_to_uint64(res);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, tmp, c);
-  KRML_HOST_IGNORE(c1);
+  Hacl_Bignum256_sqr(aM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -543,50 +482,9 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
 {
   uint64_t a_mod[4U] = { 0U };
   uint64_t a1[8U] = { 0U };
-  memcpy(a1, a, (uint32_t)8U * sizeof (uint64_t));
-  uint64_t c0 = (uint64_t)0U;
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t qj = mu * a1[i0];
-    uint64_t *res_j0 = a1 + i0;
-    uint64_t c = (uint64_t)0U;
-    {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i);
-    }
-    uint64_t r = c;
-    uint64_t c1 = r;
-    uint64_t *resb = a1 + (uint32_t)4U + i0;
-    uint64_t res_j = a1[(uint32_t)4U + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb););
-  memcpy(a_mod, a1 + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
-  uint64_t c00 = c0;
-  uint64_t tmp[4U] = { 0U };
-  uint64_t c1 = Hacl_Bignum256_sub(a_mod, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = a_mod;
-    uint64_t x = (m & tmp[i]) | (~m & a_mod[i]);
-    os[i] = x;);
-  uint64_t c[8U] = { 0U };
-  Hacl_Bignum256_mul(a_mod, r2, c);
-  reduction(n, mu, c, res);
+  memcpy(a1, a, 8U * sizeof (uint64_t));
+  areduction(n, mu, a1, a_mod);
+  to(n, mu, r2, a_mod, res);
 }
 
 /**
@@ -603,23 +501,22 @@ Write `a mod n` in `res`.
 bool Hacl_Bignum256_mod(uint64_t *n, uint64_t *a, uint64_t *res)
 {
   uint64_t one[4U] = { 0U };
-  memset(one, 0U, (uint32_t)4U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc = (uint64_t)0U;
+  memset(one, 0U, 4U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m1 = acc;
   uint64_t is_valid_m = m0 & m1;
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     uint64_t r2[4U] = { 0U };
     precompr2(nBits, n, r2);
@@ -628,68 +525,68 @@ bool Hacl_Bignum256_mod(uint64_t *n, uint64_t *a, uint64_t *res)
   }
   else
   {
-    memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
+    memset(res, 0U, 4U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static uint64_t exp_check(uint64_t *n, uint64_t *a, uint32_t bBits, uint64_t *b)
 {
   uint64_t one[4U] = { 0U };
-  memset(one, 0U, (uint32_t)4U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
+  memset(one, 0U, 4U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m10 = acc0;
   uint64_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t m1;
-  if (bBits < (uint32_t)64U * bLen)
+  if (bBits < 64U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), bLen);
     uint64_t *b2 = (uint64_t *)alloca(bLen * sizeof (uint64_t));
     memset(b2, 0U, bLen * sizeof (uint64_t));
-    uint32_t i0 = bBits / (uint32_t)64U;
-    uint32_t j = bBits % (uint32_t)64U;
-    b2[i0] = b2[i0] | (uint64_t)1U << j;
-    uint64_t acc = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 64U;
+    uint32_t j = bBits % 64U;
+    b2[i0] = b2[i0] | 1ULL << j;
+    uint64_t acc = 0ULL;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]);
       uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
     }
     uint64_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    m1 = 0xFFFFFFFFFFFFFFFFULL;
   }
-  uint64_t acc = (uint64_t)0U;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m2 = acc;
   uint64_t m = m1 & m2;
   return m00 & m;
@@ -706,26 +603,24 @@ exp_vartime_precomp(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint64_t aM[4U] = { 0U };
-    uint64_t c[8U] = { 0U };
-    Hacl_Bignum256_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint64_t resM[4U] = { 0U };
     uint64_t ctx[8U] = { 0U };
-    memcpy(ctx, n, (uint32_t)4U * sizeof (uint64_t));
-    memcpy(ctx + (uint32_t)4U, r2, (uint32_t)4U * sizeof (uint64_t));
+    memcpy(ctx, n, 4U * sizeof (uint64_t));
+    memcpy(ctx + 4U, r2, 4U * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)4U;
+    uint64_t *ctx_r2 = ctx + 4U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)64U;
-      uint32_t j = i % (uint32_t)64U;
+      uint32_t i1 = i / 64U;
+      uint32_t j = i % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
-      if (!(bit == (uint64_t)0U))
+      uint64_t bit = tmp >> j & 1ULL;
+      if (!(bit == 0ULL))
       {
         uint64_t *ctx_n0 = ctx;
         amont_mul(ctx_n0, mu, resM, aM, resM);
@@ -733,86 +628,76 @@ exp_vartime_precomp(
       uint64_t *ctx_n0 = ctx;
       amont_sqr(ctx_n0, mu, aM, aM);
     }
-    uint64_t tmp[8U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)4U * sizeof (uint64_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint64_t aM[4U] = { 0U };
-  uint64_t c[8U] = { 0U };
-  Hacl_Bignum256_mul(a, r2, c);
-  reduction(n, mu, c, aM);
+  to(n, mu, r2, a, aM);
   uint64_t resM[4U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t ctx[8U] = { 0U };
-  memcpy(ctx, n, (uint32_t)4U * sizeof (uint64_t));
-  memcpy(ctx + (uint32_t)4U, r2, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(ctx, n, 4U * sizeof (uint64_t));
+  memcpy(ctx + 4U, r2, 4U * sizeof (uint64_t));
   uint64_t table[64U] = { 0U };
   uint64_t tmp[4U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)4U;
+  uint64_t *t1 = table + 4U;
   uint64_t *ctx_n0 = ctx;
-  uint64_t *ctx_r20 = ctx + (uint32_t)4U;
+  uint64_t *ctx_r20 = ctx + 4U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(t1, aM, 4U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)4U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 4U;
     uint64_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)4U,
-      tmp,
-      (uint32_t)4U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)4U;
+    memcpy(table + (2U * i + 2U) * 4U, tmp, 4U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 4U;
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)4U,
-      tmp,
-      (uint32_t)4U * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 4U, tmp, 4U * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, 4U);
     uint32_t bits_l32 = (uint32_t)bits_c;
-    const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)4U;
-    memcpy(resM, (uint64_t *)a_bits_l, (uint32_t)4U * sizeof (uint64_t));
+    const uint64_t *a_bits_l = table + bits_l32 * 4U;
+    memcpy(resM, (uint64_t *)a_bits_l, 4U * sizeof (uint64_t));
   }
   else
   {
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)4U;
+    uint64_t *ctx_r2 = ctx + 4U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint64_t tmp0[4U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
     uint32_t bits_l32 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)4U;
-    memcpy(tmp0, (uint64_t *)a_bits_l, (uint32_t)4U * sizeof (uint64_t));
+    const uint64_t *a_bits_l = table + bits_l32 * 4U;
+    memcpy(tmp0, (uint64_t *)a_bits_l, 4U * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint64_t tmp1[8U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)4U * sizeof (uint64_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -826,32 +711,30 @@ exp_consttime_precomp(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint64_t aM[4U] = { 0U };
-    uint64_t c[8U] = { 0U };
-    Hacl_Bignum256_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint64_t resM[4U] = { 0U };
     uint64_t ctx[8U] = { 0U };
-    memcpy(ctx, n, (uint32_t)4U * sizeof (uint64_t));
-    memcpy(ctx + (uint32_t)4U, r2, (uint32_t)4U * sizeof (uint64_t));
-    uint64_t sw = (uint64_t)0U;
+    memcpy(ctx, n, 4U * sizeof (uint64_t));
+    memcpy(ctx + 4U, r2, 4U * sizeof (uint64_t));
+    uint64_t sw = 0ULL;
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)4U;
+    uint64_t *ctx_r2 = ctx + 4U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)64U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)64U;
+      uint32_t i1 = (bBits - i0 - 1U) / 64U;
+      uint32_t j = (bBits - i0 - 1U) % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
+      uint64_t bit = tmp >> j & 1ULL;
       uint64_t sw1 = bit ^ sw;
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
-        uint64_t dummy = ((uint64_t)0U - sw1) & (resM[i] ^ aM[i]);
+        0U,
+        4U,
+        1U,
+        uint64_t dummy = (0ULL - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;);
       uint64_t *ctx_n0 = ctx;
@@ -862,73 +745,65 @@ exp_consttime_precomp(
     }
     uint64_t sw0 = sw;
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t dummy = ((uint64_t)0U - sw0) & (resM[i] ^ aM[i]);
+      0U,
+      4U,
+      1U,
+      uint64_t dummy = (0ULL - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;);
-    uint64_t tmp[8U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)4U * sizeof (uint64_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint64_t aM[4U] = { 0U };
-  uint64_t c0[8U] = { 0U };
-  Hacl_Bignum256_mul(a, r2, c0);
-  reduction(n, mu, c0, aM);
+  to(n, mu, r2, a, aM);
   uint64_t resM[4U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t ctx[8U] = { 0U };
-  memcpy(ctx, n, (uint32_t)4U * sizeof (uint64_t));
-  memcpy(ctx + (uint32_t)4U, r2, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(ctx, n, 4U * sizeof (uint64_t));
+  memcpy(ctx + 4U, r2, 4U * sizeof (uint64_t));
   uint64_t table[64U] = { 0U };
   uint64_t tmp[4U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)4U;
+  uint64_t *t1 = table + 4U;
   uint64_t *ctx_n0 = ctx;
-  uint64_t *ctx_r20 = ctx + (uint32_t)4U;
+  uint64_t *ctx_r20 = ctx + 4U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(t1, aM, 4U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)4U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 4U;
     uint64_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)4U,
-      tmp,
-      (uint32_t)4U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)4U;
+    memcpy(table + (2U * i + 2U) * 4U, tmp, 4U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 4U;
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)4U,
-      tmp,
-      (uint32_t)4U * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 4U, tmp, 4U * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint64_t *)table, (uint32_t)4U * sizeof (uint64_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, 4U);
+    memcpy(resM, (uint64_t *)table, 4U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)4U;
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 4U;
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint64_t *os = resM;
         uint64_t x = (c & res_j[i]) | (~c & resM[i]);
         os[i] = x;););
@@ -936,40 +811,38 @@ exp_consttime_precomp(
   else
   {
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)4U;
+    uint64_t *ctx_r2 = ctx + 4U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint64_t tmp0[4U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)4U * sizeof (uint64_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 4U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)4U;
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 4U;
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;););
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint64_t tmp1[8U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)4U * sizeof (uint64_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -1034,17 +907,16 @@ Hacl_Bignum256_mod_exp_vartime(
 )
 {
   uint64_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     exp_vartime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
+    memset(res, 0U, 4U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -1077,17 +949,16 @@ Hacl_Bignum256_mod_exp_consttime(
 )
 {
   uint64_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     exp_consttime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
+    memset(res, 0U, 4U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -1108,67 +979,66 @@ Write `a ^ (-1) mod n` in `res`.
 bool Hacl_Bignum256_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *res)
 {
   uint64_t one[4U] = { 0U };
-  memset(one, 0U, (uint32_t)4U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
+  memset(one, 0U, 4U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m1 = acc0;
   uint64_t m00 = m0 & m1;
   uint64_t bn_zero[4U] = { 0U };
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
   uint64_t res10 = mask1;
   uint64_t m10 = res10;
-  uint64_t acc = (uint64_t)0U;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t m2 = acc;
   uint64_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     uint64_t n2[4U] = { 0U };
-    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, n[0U], (uint64_t)2U, n2);
-    uint64_t *a1 = n + (uint32_t)1U;
-    uint64_t *res1 = n2 + (uint32_t)1U;
+    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, n[0U], 2ULL, n2);
+    uint64_t *a1 = n + 1U;
+    uint64_t *res1 = n2 + 1U;
     uint64_t c = c0;
     KRML_MAYBE_FOR3(i,
-      (uint32_t)0U,
-      (uint32_t)3U,
-      (uint32_t)1U,
+      0U,
+      3U,
+      1U,
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
-    KRML_HOST_IGNORE(c2);
-    exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
+    KRML_MAYBE_UNUSED_VAR(c2);
+    exp_vartime(nBits, n, a, 256U, n2, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)4U * sizeof (uint64_t));
+    memset(res, 0U, 4U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 
@@ -1192,17 +1062,15 @@ Heap-allocate and initialize a montgomery context.
 */
 Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 *Hacl_Bignum256_mont_ctx_init(uint64_t *n)
 {
-  uint64_t *r2 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint64_t));
-  uint64_t *n1 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint64_t));
+  uint64_t *r2 = (uint64_t *)KRML_HOST_CALLOC(4U, sizeof (uint64_t));
+  uint64_t *n1 = (uint64_t *)KRML_HOST_CALLOC(4U, sizeof (uint64_t));
   uint64_t *r21 = r2;
   uint64_t *n11 = n1;
-  memcpy(n11, n, (uint32_t)4U * sizeof (uint64_t));
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)4U, n);
+  memcpy(n11, n, 4U * sizeof (uint64_t));
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(4U, n);
   precompr2(nBits, n, r21);
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
-  res = { .len = (uint32_t)4U, .n = n11, .mu = mu, .r2 = r21 };
+  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 res = { .len = 4U, .n = n11, .mu = mu, .r2 = r21 };
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
   *buf =
     (Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 *)KRML_HOST_MALLOC(sizeof (
@@ -1330,21 +1198,21 @@ Hacl_Bignum256_mod_inv_prime_vartime_precomp(
 {
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 k1 = *k;
   uint64_t n2[4U] = { 0U };
-  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, k1.n[0U], (uint64_t)2U, n2);
-  uint64_t *a1 = k1.n + (uint32_t)1U;
-  uint64_t *res1 = n2 + (uint32_t)1U;
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, k1.n[0U], 2ULL, n2);
+  uint64_t *a1 = k1.n + 1U;
+  uint64_t *res1 = n2 + 1U;
   uint64_t c = c0;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
+    0U,
+    3U,
+    1U,
     uint64_t t1 = a1[i];
     uint64_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
-  KRML_HOST_IGNORE(c2);
-  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
+  KRML_MAYBE_UNUSED_VAR(c2);
+  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, 256U, n2, res);
 }
 
 
@@ -1366,36 +1234,28 @@ Load a bid-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum256_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint64_t *os = res2;
-    uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;
   }
@@ -1415,36 +1275,28 @@ Load a little-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum256_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 8U + 1U; i++)
   {
     uint64_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)8U;
+    uint8_t *bj = tmp + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r1 = u;
     uint64_t x = r1;
@@ -1462,12 +1314,8 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_be(res + i * (uint32_t)8U, b[(uint32_t)4U - i - (uint32_t)1U]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(res + i * 8U, b[4U - i - 1U]););
 }
 
 /**
@@ -1479,12 +1327,8 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(res + i * (uint32_t)8U, b[i]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_le(res + i * 8U, b[i]););
 }
 
 
@@ -1500,14 +1344,14 @@ Returns 2^64 - 1 if a < b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum256_lt_mask(uint64_t *a, uint64_t *b)
 {
-  uint64_t acc = (uint64_t)0U;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(a[i], b[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   return acc;
 }
 
@@ -1518,11 +1362,11 @@ Returns 2^64 - 1 if a = b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum256_eq_mask(uint64_t *a, uint64_t *b)
 {
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
diff --git a/src/msvc/Hacl_Bignum256_32.c b/src/msvc/Hacl_Bignum256_32.c
index 1c8ce59b..29a5a52e 100644
--- a/src/msvc/Hacl_Bignum256_32.c
+++ b/src/msvc/Hacl_Bignum256_32.c
@@ -60,26 +60,26 @@ Write `a + b mod 2^256` in `res`.
 */
 uint32_t Hacl_Bignum256_32_add(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
+  uint32_t c = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i););
   return c;
 }
@@ -93,26 +93,26 @@ Write `a - b mod 2^256` in `res`.
 */
 uint32_t Hacl_Bignum256_32_sub(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
+  uint32_t c = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i););
   return c;
 }
@@ -129,56 +129,56 @@ Write `(a + b) mod n` in `res`.
 */
 void Hacl_Bignum256_32_add_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
+  uint32_t c0 = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t12, t2, res_i););
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
-  uint32_t c = (uint32_t)0U;
+  uint32_t c = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c00 - c1;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
@@ -196,57 +196,57 @@ Write `(a - b) mod n` in `res`.
 */
 void Hacl_Bignum256_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
+  uint32_t c0 = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t12, t2, res_i););
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
-  uint32_t c = (uint32_t)0U;
+  uint32_t c = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i););
   uint32_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint32_t c2 = (uint32_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t c2 = 0U - c00;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = res;
     uint32_t x = (c2 & tmp[i]) | (~c2 & res[i]);
     os[i] = x;);
@@ -260,32 +260,32 @@ Write `a * b` in `res`.
 */
 void Hacl_Bignum256_32_mul(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  memset(res, 0U, (uint32_t)16U * sizeof (uint32_t));
+  memset(res, 0U, 16U * sizeof (uint32_t));
   KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t bj = b[i0];
     uint32_t *res_j = res + i0;
-    uint32_t c = (uint32_t)0U;
+    uint32_t c = 0U;
     KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = a[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
+      0U,
+      2U,
+      1U,
+      uint32_t a_i = a[4U * i];
+      uint32_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i0);
-      uint32_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = a[4U * i + 1U];
+      uint32_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c, res_i1);
-      uint32_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = a[4U * i + 2U];
+      uint32_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c, res_i2);
-      uint32_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = a[4U * i + 3U];
+      uint32_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c, res_i););
     uint32_t r = c;
-    res[(uint32_t)8U + i0] = r;);
+    res[8U + i0] = r;);
 }
 
 /**
@@ -296,31 +296,31 @@ Write `a * a` in `res`.
 */
 void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
 {
-  memset(res, 0U, (uint32_t)16U * sizeof (uint32_t));
+  memset(res, 0U, 16U * sizeof (uint32_t));
   KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *ab = a;
     uint32_t a_j = a[i0];
     uint32_t *res_j = res + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint32_t c = 0U;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint32_t a_i = ab[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint32_t a_i = ab[4U * i];
+      uint32_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i0);
-      uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = ab[4U * i + 1U];
+      uint32_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c, res_i1);
-      uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = ab[4U * i + 2U];
+      uint32_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c, res_i2);
-      uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = ab[4U * i + 3U];
+      uint32_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint32_t a_i = ab[i];
       uint32_t *res_i = res_j + i;
@@ -328,29 +328,29 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     }
     uint32_t r = c;
     res[i0 + i0] = r;);
-  uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(16U, res, res, res);
+  KRML_MAYBE_UNUSED_VAR(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t res1 = (uint64_t)a[i] * (uint64_t)a[i];
-    uint32_t hi = (uint32_t)(res1 >> (uint32_t)32U);
+    uint32_t hi = (uint32_t)(res1 >> 32U);
     uint32_t lo = (uint32_t)res1;
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;);
+  uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(16U, res, tmp, res);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
-  uint32_t i = nBits / (uint32_t)32U;
-  uint32_t j = nBits % (uint32_t)32U;
-  res[i] = res[i] | (uint32_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)512U - nBits; i0++)
+  memset(res, 0U, 8U * sizeof (uint32_t));
+  uint32_t i = nBits / 32U;
+  uint32_t j = nBits % 32U;
+  res[i] = res[i] | 1U << j;
+  for (uint32_t i0 = 0U; i0 < 512U - nBits; i0++)
   {
     Hacl_Bignum256_32_add_mod(n, res, res, res);
   }
@@ -358,118 +358,125 @@ static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
 
 static inline void reduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
+  uint32_t c0 = 0U;
   KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
+    uint32_t c1 = 0U;
     KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      0U,
+      2U,
+      1U,
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i););
     uint32_t r = c1;
     uint32_t c10 = r;
-    uint32_t *resb = c + (uint32_t)8U + i0;
-    uint32_t res_j = c[(uint32_t)8U + i0];
+    uint32_t *resb = c + 8U + i0;
+    uint32_t res_j = c[8U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb););
-  memcpy(res, c + (uint32_t)8U, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(res, c + 8U, 8U * sizeof (uint32_t));
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
-  uint32_t c1 = (uint32_t)0U;
+  uint32_t c1 = 0U;
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    2U,
+    1U,
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t12, t2, res_i););
   uint32_t c10 = c1;
   uint32_t c2 = c00 - c10;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
 }
 
+static inline void to(uint32_t *n, uint32_t nInv, uint32_t *r2, uint32_t *a, uint32_t *aM)
+{
+  uint32_t c[16U] = { 0U };
+  Hacl_Bignum256_32_mul(a, r2, c);
+  reduction(n, nInv, c, aM);
+}
+
 static inline void from(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *a)
 {
   uint32_t tmp[16U] = { 0U };
-  memcpy(tmp, aM, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(tmp, aM, 8U * sizeof (uint32_t));
   reduction(n, nInv_u64, tmp, a);
 }
 
 static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
+  uint32_t c0 = 0U;
   KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
+    uint32_t c1 = 0U;
     KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      0U,
+      2U,
+      1U,
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i););
     uint32_t r = c1;
     uint32_t c10 = r;
-    uint32_t *resb = c + (uint32_t)8U + i0;
-    uint32_t res_j = c[(uint32_t)8U + i0];
+    uint32_t *resb = c + 8U + i0;
+    uint32_t res_j = c[8U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb););
-  memcpy(res, c + (uint32_t)8U, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(res, c + 8U, 8U * sizeof (uint32_t));
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t m = 0U - c00;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = res;
     uint32_t x = (m & tmp[i]) | (~m & res[i]);
     os[i] = x;);
@@ -479,84 +486,14 @@ static inline void
 amont_mul(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *bM, uint32_t *resM)
 {
   uint32_t c[16U] = { 0U };
-  memset(c, 0U, (uint32_t)16U * sizeof (uint32_t));
-  KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t bj = bM[i0];
-    uint32_t *res_j = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = aM[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c1, res_i0);
-      uint32_t a_i0 = aM[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c1, res_i1);
-      uint32_t a_i1 = aM[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c1, res_i2);
-      uint32_t a_i2 = aM[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c1, res_i););
-    uint32_t r = c1;
-    c[(uint32_t)8U + i0] = r;);
+  Hacl_Bignum256_32_mul(aM, bM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
 static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *resM)
 {
   uint32_t c[16U] = { 0U };
-  memset(c, 0U, (uint32_t)16U * sizeof (uint32_t));
-  KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *ab = aM;
-    uint32_t a_j = aM[i0];
-    uint32_t *res_j = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
-    {
-      uint32_t a_i = ab[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j + (uint32_t)4U * i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c1, res_i0);
-      uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c1, res_i1);
-      uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c1, res_i2);
-      uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c1, res_i);
-    }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
-    {
-      uint32_t a_i = ab[i];
-      uint32_t *res_i = res_j + i;
-      c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c1, res_i);
-    }
-    uint32_t r = c1;
-    c[i0 + i0] = r;);
-  uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, c, c);
-  KRML_HOST_IGNORE(c0);
-  uint32_t tmp[16U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint64_t res = (uint64_t)aM[i] * (uint64_t)aM[i];
-    uint32_t hi = (uint32_t)(res >> (uint32_t)32U);
-    uint32_t lo = (uint32_t)res;
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, tmp, c);
-  KRML_HOST_IGNORE(c1);
+  Hacl_Bignum256_32_sqr(aM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -565,52 +502,9 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
 {
   uint32_t a_mod[8U] = { 0U };
   uint32_t a1[16U] = { 0U };
-  memcpy(a1, a, (uint32_t)16U * sizeof (uint32_t));
-  uint32_t c0 = (uint32_t)0U;
-  KRML_MAYBE_FOR8(i0,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t qj = mu * a1[i0];
-    uint32_t *res_j0 = a1 + i0;
-    uint32_t c = (uint32_t)0U;
-    KRML_MAYBE_FOR2(i,
-      (uint32_t)0U,
-      (uint32_t)2U,
-      (uint32_t)1U,
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c, res_i););
-    uint32_t r = c;
-    uint32_t c1 = r;
-    uint32_t *resb = a1 + (uint32_t)8U + i0;
-    uint32_t res_j = a1[(uint32_t)8U + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c1, res_j, resb););
-  memcpy(a_mod, a1 + (uint32_t)8U, (uint32_t)8U * sizeof (uint32_t));
-  uint32_t c00 = c0;
-  uint32_t tmp[8U] = { 0U };
-  uint32_t c1 = Hacl_Bignum256_32_sub(a_mod, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = a_mod;
-    uint32_t x = (m & tmp[i]) | (~m & a_mod[i]);
-    os[i] = x;);
-  uint32_t c[16U] = { 0U };
-  Hacl_Bignum256_32_mul(a_mod, r2, c);
-  reduction(n, mu, c, res);
+  memcpy(a1, a, 16U * sizeof (uint32_t));
+  areduction(n, mu, a1, a_mod);
+  to(n, mu, r2, a_mod, res);
 }
 
 /**
@@ -627,22 +521,22 @@ Write `a mod n` in `res`.
 bool Hacl_Bignum256_32_mod(uint32_t *n, uint32_t *a, uint32_t *res)
 {
   uint32_t one[8U] = { 0U };
-  memset(one, 0U, (uint32_t)8U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc = (uint32_t)0U;
+  memset(one, 0U, 8U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m1 = acc;
   uint32_t is_valid_m = m0 & m1;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     uint32_t r2[8U] = { 0U };
     precompr2(nBits, n, r2);
@@ -651,68 +545,68 @@ bool Hacl_Bignum256_32_mod(uint32_t *n, uint32_t *a, uint32_t *res)
   }
   else
   {
-    memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
+    memset(res, 0U, 8U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 static uint32_t exp_check(uint32_t *n, uint32_t *a, uint32_t bBits, uint32_t *b)
 {
   uint32_t one[8U] = { 0U };
-  memset(one, 0U, (uint32_t)8U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
+  memset(one, 0U, 8U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m10 = acc0;
   uint32_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t m1;
-  if (bBits < (uint32_t)32U * bLen)
+  if (bBits < 32U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), bLen);
     uint32_t *b2 = (uint32_t *)alloca(bLen * sizeof (uint32_t));
     memset(b2, 0U, bLen * sizeof (uint32_t));
-    uint32_t i0 = bBits / (uint32_t)32U;
-    uint32_t j = bBits % (uint32_t)32U;
-    b2[i0] = b2[i0] | (uint32_t)1U << j;
-    uint32_t acc = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 32U;
+    uint32_t j = bBits % 32U;
+    b2[i0] = b2[i0] | 1U << j;
+    uint32_t acc = 0U;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint32_t beq = FStar_UInt32_eq_mask(b[i], b2[i]);
       uint32_t blt = ~FStar_UInt32_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
     }
     uint32_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint32_t)0xFFFFFFFFU;
+    m1 = 0xFFFFFFFFU;
   }
-  uint32_t acc = (uint32_t)0U;
+  uint32_t acc = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m2 = acc;
   uint32_t m = m1 & m2;
   return m00 & m;
@@ -729,26 +623,24 @@ exp_vartime_precomp(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint32_t aM[8U] = { 0U };
-    uint32_t c[16U] = { 0U };
-    Hacl_Bignum256_32_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint32_t resM[8U] = { 0U };
     uint32_t ctx[16U] = { 0U };
-    memcpy(ctx, n, (uint32_t)8U * sizeof (uint32_t));
-    memcpy(ctx + (uint32_t)8U, r2, (uint32_t)8U * sizeof (uint32_t));
+    memcpy(ctx, n, 8U * sizeof (uint32_t));
+    memcpy(ctx + 8U, r2, 8U * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)8U;
+    uint32_t *ctx_r2 = ctx + 8U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)32U;
-      uint32_t j = i % (uint32_t)32U;
+      uint32_t i1 = i / 32U;
+      uint32_t j = i % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
-      if (!(bit == (uint32_t)0U))
+      uint32_t bit = tmp >> j & 1U;
+      if (!(bit == 0U))
       {
         uint32_t *ctx_n0 = ctx;
         amont_mul(ctx_n0, mu, resM, aM, resM);
@@ -756,86 +648,76 @@ exp_vartime_precomp(
       uint32_t *ctx_n0 = ctx;
       amont_sqr(ctx_n0, mu, aM, aM);
     }
-    uint32_t tmp[16U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)8U * sizeof (uint32_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint32_t aM[8U] = { 0U };
-  uint32_t c[16U] = { 0U };
-  Hacl_Bignum256_32_mul(a, r2, c);
-  reduction(n, mu, c, aM);
+  to(n, mu, r2, a, aM);
   uint32_t resM[8U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t ctx[16U] = { 0U };
-  memcpy(ctx, n, (uint32_t)8U * sizeof (uint32_t));
-  memcpy(ctx + (uint32_t)8U, r2, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(ctx, n, 8U * sizeof (uint32_t));
+  memcpy(ctx + 8U, r2, 8U * sizeof (uint32_t));
   uint32_t table[128U] = { 0U };
   uint32_t tmp[8U] = { 0U };
   uint32_t *t0 = table;
-  uint32_t *t1 = table + (uint32_t)8U;
+  uint32_t *t1 = table + 8U;
   uint32_t *ctx_n0 = ctx;
-  uint32_t *ctx_r20 = ctx + (uint32_t)8U;
+  uint32_t *ctx_r20 = ctx + 8U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(t1, aM, 8U * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)8U;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * 8U;
     uint32_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)8U,
-      tmp,
-      (uint32_t)8U * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)8U;
+    memcpy(table + (2U * i + 2U) * 8U, tmp, 8U * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * 8U;
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)8U,
-      tmp,
-      (uint32_t)8U * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 8U, tmp, 8U * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, 4U);
     uint32_t bits_l32 = bits_c;
-    const uint32_t *a_bits_l = table + bits_l32 * (uint32_t)8U;
-    memcpy(resM, (uint32_t *)a_bits_l, (uint32_t)8U * sizeof (uint32_t));
+    const uint32_t *a_bits_l = table + bits_l32 * 8U;
+    memcpy(resM, (uint32_t *)a_bits_l, 8U * sizeof (uint32_t));
   }
   else
   {
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)8U;
+    uint32_t *ctx_r2 = ctx + 8U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint32_t tmp0[8U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
     uint32_t bits_l32 = bits_l;
-    const uint32_t *a_bits_l = table + bits_l32 * (uint32_t)8U;
-    memcpy(tmp0, (uint32_t *)a_bits_l, (uint32_t)8U * sizeof (uint32_t));
+    const uint32_t *a_bits_l = table + bits_l32 * 8U;
+    memcpy(tmp0, (uint32_t *)a_bits_l, 8U * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint32_t tmp1[16U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)8U * sizeof (uint32_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -849,32 +731,30 @@ exp_consttime_precomp(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint32_t aM[8U] = { 0U };
-    uint32_t c[16U] = { 0U };
-    Hacl_Bignum256_32_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint32_t resM[8U] = { 0U };
     uint32_t ctx[16U] = { 0U };
-    memcpy(ctx, n, (uint32_t)8U * sizeof (uint32_t));
-    memcpy(ctx + (uint32_t)8U, r2, (uint32_t)8U * sizeof (uint32_t));
-    uint32_t sw = (uint32_t)0U;
+    memcpy(ctx, n, 8U * sizeof (uint32_t));
+    memcpy(ctx + 8U, r2, 8U * sizeof (uint32_t));
+    uint32_t sw = 0U;
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)8U;
+    uint32_t *ctx_r2 = ctx + 8U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)32U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)32U;
+      uint32_t i1 = (bBits - i0 - 1U) / 32U;
+      uint32_t j = (bBits - i0 - 1U) % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
+      uint32_t bit = tmp >> j & 1U;
       uint32_t sw1 = bit ^ sw;
       KRML_MAYBE_FOR8(i,
-        (uint32_t)0U,
-        (uint32_t)8U,
-        (uint32_t)1U,
-        uint32_t dummy = ((uint32_t)0U - sw1) & (resM[i] ^ aM[i]);
+        0U,
+        8U,
+        1U,
+        uint32_t dummy = (0U - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;);
       uint32_t *ctx_n0 = ctx;
@@ -885,73 +765,65 @@ exp_consttime_precomp(
     }
     uint32_t sw0 = sw;
     KRML_MAYBE_FOR8(i,
-      (uint32_t)0U,
-      (uint32_t)8U,
-      (uint32_t)1U,
-      uint32_t dummy = ((uint32_t)0U - sw0) & (resM[i] ^ aM[i]);
+      0U,
+      8U,
+      1U,
+      uint32_t dummy = (0U - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;);
-    uint32_t tmp[16U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)8U * sizeof (uint32_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint32_t aM[8U] = { 0U };
-  uint32_t c0[16U] = { 0U };
-  Hacl_Bignum256_32_mul(a, r2, c0);
-  reduction(n, mu, c0, aM);
+  to(n, mu, r2, a, aM);
   uint32_t resM[8U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t ctx[16U] = { 0U };
-  memcpy(ctx, n, (uint32_t)8U * sizeof (uint32_t));
-  memcpy(ctx + (uint32_t)8U, r2, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(ctx, n, 8U * sizeof (uint32_t));
+  memcpy(ctx + 8U, r2, 8U * sizeof (uint32_t));
   uint32_t table[128U] = { 0U };
   uint32_t tmp[8U] = { 0U };
   uint32_t *t0 = table;
-  uint32_t *t1 = table + (uint32_t)8U;
+  uint32_t *t1 = table + 8U;
   uint32_t *ctx_n0 = ctx;
-  uint32_t *ctx_r20 = ctx + (uint32_t)8U;
+  uint32_t *ctx_r20 = ctx + 8U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(t1, aM, 8U * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)8U;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * 8U;
     uint32_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)8U,
-      tmp,
-      (uint32_t)8U * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)8U;
+    memcpy(table + (2U * i + 2U) * 8U, tmp, 8U * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * 8U;
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)8U,
-      tmp,
-      (uint32_t)8U * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 8U, tmp, 8U * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint32_t *)table, (uint32_t)8U * sizeof (uint32_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, 4U);
+    memcpy(resM, (uint32_t *)table, 8U * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)8U;
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * 8U;
       KRML_MAYBE_FOR8(i,
-        (uint32_t)0U,
-        (uint32_t)8U,
-        (uint32_t)1U,
+        0U,
+        8U,
+        1U,
         uint32_t *os = resM;
         uint32_t x = (c & res_j[i]) | (~c & resM[i]);
         os[i] = x;););
@@ -959,40 +831,38 @@ exp_consttime_precomp(
   else
   {
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)8U;
+    uint32_t *ctx_r2 = ctx + 8U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint32_t tmp0[8U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp0, (uint32_t *)table, (uint32_t)8U * sizeof (uint32_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
+    memcpy(tmp0, (uint32_t *)table, 8U * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)8U;
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * 8U;
       KRML_MAYBE_FOR8(i,
-        (uint32_t)0U,
-        (uint32_t)8U,
-        (uint32_t)1U,
+        0U,
+        8U,
+        1U,
         uint32_t *os = tmp0;
         uint32_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;););
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint32_t tmp1[16U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)8U * sizeof (uint32_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -1057,16 +927,16 @@ Hacl_Bignum256_32_mod_exp_vartime(
 )
 {
   uint32_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     exp_vartime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
+    memset(res, 0U, 8U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -1099,16 +969,16 @@ Hacl_Bignum256_32_mod_exp_consttime(
 )
 {
   uint32_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     exp_consttime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
+    memset(res, 0U, 8U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -1129,80 +999,80 @@ Write `a ^ (-1) mod n` in `res`.
 bool Hacl_Bignum256_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t *res)
 {
   uint32_t one[8U] = { 0U };
-  memset(one, 0U, (uint32_t)8U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
+  memset(one, 0U, 8U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m1 = acc0;
   uint32_t m00 = m0 & m1;
   uint32_t bn_zero[8U] = { 0U };
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
+  uint32_t mask = 0xFFFFFFFFU;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;);
   uint32_t mask1 = mask;
   uint32_t res10 = mask1;
   uint32_t m10 = res10;
-  uint32_t acc = (uint32_t)0U;
+  uint32_t acc = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   uint32_t m2 = acc;
   uint32_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     uint32_t n2[8U] = { 0U };
-    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, n[0U], (uint32_t)2U, n2);
-    uint32_t *a1 = n + (uint32_t)1U;
-    uint32_t *res1 = n2 + (uint32_t)1U;
+    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, n[0U], 2U, n2);
+    uint32_t *a1 = n + 1U;
+    uint32_t *res1 = n2 + 1U;
     uint32_t c = c0;
     {
-      uint32_t t1 = a1[(uint32_t)4U * (uint32_t)0U];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * (uint32_t)0U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a1[4U * 0U];
+      uint32_t *res_i0 = res1 + 4U * 0U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a1[4U * 0U + 1U];
+      uint32_t *res_i1 = res1 + 4U * 0U + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a1[4U * 0U + 2U];
+      uint32_t *res_i2 = res1 + 4U * 0U + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a1[4U * 0U + 3U];
+      uint32_t *res_i = res1 + 4U * 0U + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
     }
     KRML_MAYBE_FOR3(i,
-      (uint32_t)4U,
-      (uint32_t)7U,
-      (uint32_t)1U,
+      4U,
+      7U,
+      1U,
       uint32_t t1 = a1[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
-    KRML_HOST_IGNORE(c2);
-    exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
+    KRML_MAYBE_UNUSED_VAR(c2);
+    exp_vartime(nBits, n, a, 256U, n2, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)8U * sizeof (uint32_t));
+    memset(res, 0U, 8U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 
@@ -1226,16 +1096,15 @@ Heap-allocate and initialize a montgomery context.
 */
 Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 *Hacl_Bignum256_32_mont_ctx_init(uint32_t *n)
 {
-  uint32_t *r2 = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
-  uint32_t *n1 = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+  uint32_t *r2 = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
+  uint32_t *n1 = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
   uint32_t *r21 = r2;
   uint32_t *n11 = n1;
-  memcpy(n11, n, (uint32_t)8U * sizeof (uint32_t));
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)8U, n);
+  memcpy(n11, n, 8U * sizeof (uint32_t));
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(8U, n);
   precompr2(nBits, n, r21);
   uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]);
-  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
-  res = { .len = (uint32_t)8U, .n = n11, .mu = mu, .r2 = r21 };
+  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 res = { .len = 8U, .n = n11, .mu = mu, .r2 = r21 };
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
   *buf =
     (Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 *)KRML_HOST_MALLOC(sizeof (
@@ -1363,35 +1232,35 @@ Hacl_Bignum256_32_mod_inv_prime_vartime_precomp(
 {
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 k1 = *k;
   uint32_t n2[8U] = { 0U };
-  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, k1.n[0U], (uint32_t)2U, n2);
-  uint32_t *a1 = k1.n + (uint32_t)1U;
-  uint32_t *res1 = n2 + (uint32_t)1U;
+  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, k1.n[0U], 2U, n2);
+  uint32_t *a1 = k1.n + 1U;
+  uint32_t *res1 = n2 + 1U;
   uint32_t c = c0;
   {
-    uint32_t t1 = a1[(uint32_t)4U * (uint32_t)0U];
-    uint32_t *res_i0 = res1 + (uint32_t)4U * (uint32_t)0U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-    uint32_t t10 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint32_t *res_i1 = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-    uint32_t t11 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint32_t *res_i2 = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-    uint32_t t12 = a1[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint32_t *res_i = res1 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+    uint32_t t1 = a1[4U * 0U];
+    uint32_t *res_i0 = res1 + 4U * 0U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+    uint32_t t10 = a1[4U * 0U + 1U];
+    uint32_t *res_i1 = res1 + 4U * 0U + 1U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+    uint32_t t11 = a1[4U * 0U + 2U];
+    uint32_t *res_i2 = res1 + 4U * 0U + 2U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+    uint32_t t12 = a1[4U * 0U + 3U];
+    uint32_t *res_i = res1 + 4U * 0U + 3U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
   }
   KRML_MAYBE_FOR3(i,
-    (uint32_t)4U,
-    (uint32_t)7U,
-    (uint32_t)1U,
+    4U,
+    7U,
+    1U,
     uint32_t t1 = a1[i];
     uint32_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
-  KRML_HOST_IGNORE(c2);
-  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
+  KRML_MAYBE_UNUSED_VAR(c2);
+  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, 256U, n2, res);
 }
 
 
@@ -1413,36 +1282,28 @@ Load a bid-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum256_32_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint32_t *os = res2;
-    uint32_t u = load32_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)4U);
+    uint32_t u = load32_be(tmp + (bnLen - i - 1U) * 4U);
     uint32_t x = u;
     os[i] = x;
   }
@@ -1462,36 +1323,28 @@ Load a little-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum256_32_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 4U + 1U; i++)
   {
     uint32_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)4U;
+    uint8_t *bj = tmp + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r1 = u;
     uint32_t x = r1;
@@ -1509,12 +1362,8 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_be(res + i * (uint32_t)4U, b[(uint32_t)8U - i - (uint32_t)1U]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_be(res + i * 4U, b[8U - i - 1U]););
 }
 
 /**
@@ -1526,12 +1375,8 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_le(res + i * (uint32_t)4U, b[i]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_le(res + i * 4U, b[i]););
 }
 
 
@@ -1547,14 +1392,14 @@ Returns 2^32 - 1 if a < b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum256_32_lt_mask(uint32_t *a, uint32_t *b)
 {
-  uint32_t acc = (uint32_t)0U;
+  uint32_t acc = 0U;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t beq = FStar_UInt32_eq_mask(a[i], b[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))););
   return acc;
 }
 
@@ -1565,11 +1410,11 @@ Returns 2^32 - 1 if a = b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum256_32_eq_mask(uint32_t *a, uint32_t *b)
 {
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
+  uint32_t mask = 0xFFFFFFFFU;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;);
   uint32_t mask1 = mask;
diff --git a/src/msvc/Hacl_Bignum32.c b/src/msvc/Hacl_Bignum32.c
index f719a08e..55c3f90c 100644
--- a/src/msvc/Hacl_Bignum32.c
+++ b/src/msvc/Hacl_Bignum32.c
@@ -105,9 +105,9 @@ Write `a * b` in `res`.
 */
 void Hacl_Bignum32_mul(uint32_t len, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, b, tmp, res);
 }
 
@@ -119,9 +119,9 @@ Write `a * a` in `res`.
 */
 void Hacl_Bignum32_sqr(uint32_t len, uint32_t *a, uint32_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len);
+  uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint32_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len, a, tmp, res);
 }
 
@@ -142,61 +142,8 @@ bn_slow_precomp(
   uint32_t *a1 = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
   memset(a1, 0U, (len + len) * sizeof (uint32_t));
   memcpy(a1, a, (len + len) * sizeof (uint32_t));
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
-  {
-    uint32_t qj = mu * a1[i0];
-    uint32_t *res_j0 = a1 + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
-    {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c, res_i);
-    }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
-    {
-      uint32_t a_i = n[i];
-      uint32_t *res_i = res_j0 + i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c, res_i);
-    }
-    uint32_t r = c;
-    uint32_t c1 = r;
-    uint32_t *resb = a1 + len + i0;
-    uint32_t res_j = a1[len + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c1, res_j, resb);
-  }
-  memcpy(a_mod, a1 + len, (len + len - len) * sizeof (uint32_t));
-  uint32_t c00 = c0;
-  KRML_CHECK_SIZE(sizeof (uint32_t), len);
-  uint32_t *tmp0 = (uint32_t *)alloca(len * sizeof (uint32_t));
-  memset(tmp0, 0U, len * sizeof (uint32_t));
-  uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, a_mod, n, tmp0);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
-  {
-    uint32_t *os = a_mod;
-    uint32_t x = (m & tmp0[i]) | (~m & a_mod[i]);
-    os[i] = x;
-  }
-  KRML_CHECK_SIZE(sizeof (uint32_t), len + len);
-  uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t));
-  memset(c, 0U, (len + len) * sizeof (uint32_t));
-  KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)4U * len);
-  uint32_t *tmp = (uint32_t *)alloca((uint32_t)4U * len * sizeof (uint32_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint32_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a_mod, r2, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u32(len, n, mu, c, res);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(len, n, mu, a1, a_mod);
+  Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a_mod, res);
 }
 
 /**
@@ -216,20 +163,20 @@ bool Hacl_Bignum32_mod(uint32_t len, uint32_t *n, uint32_t *a, uint32_t *res)
   uint32_t *one = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc;
   uint32_t is_valid_m = m0 & m1;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t *r2 = (uint32_t *)alloca(len * sizeof (uint32_t));
@@ -242,7 +189,7 @@ bool Hacl_Bignum32_mod(uint32_t len, uint32_t *n, uint32_t *a, uint32_t *res)
   {
     memset(res, 0U, len * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -276,8 +223,8 @@ Hacl_Bignum32_mod_exp_vartime(
 )
 {
   uint32_t is_valid_m = Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32(len, n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len, nBits, n, a, bBits, b, res);
   }
@@ -285,7 +232,7 @@ Hacl_Bignum32_mod_exp_vartime(
   {
     memset(res, 0U, len * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -319,8 +266,8 @@ Hacl_Bignum32_mod_exp_consttime(
 )
 {
   uint32_t is_valid_m = Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32(len, n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_u32(len, nBits, n, a, bBits, b, res);
   }
@@ -328,7 +275,7 @@ Hacl_Bignum32_mod_exp_consttime(
   {
     memset(res, 0U, len * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -353,23 +300,23 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
   uint32_t *one = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
   memset(one, 0U, len * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc0;
   uint32_t m00 = m0 & m1;
   KRML_CHECK_SIZE(sizeof (uint32_t), len);
   uint32_t *bn_zero = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(bn_zero, 0U, len * sizeof (uint32_t));
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t mask = 0xFFFFFFFFU;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -377,53 +324,48 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
   uint32_t mask1 = mask;
   uint32_t res10 = mask1;
   uint32_t m10 = res10;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m2 = acc;
   uint32_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len);
     uint32_t *n2 = (uint32_t *)alloca(len * sizeof (uint32_t));
     memset(n2, 0U, len * sizeof (uint32_t));
-    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, n[0U], (uint32_t)2U, n2);
+    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, n[0U], 2U, n2);
     uint32_t c1;
-    if ((uint32_t)1U < len)
+    if (1U < len)
     {
-      uint32_t *a1 = n + (uint32_t)1U;
-      uint32_t *res1 = n2 + (uint32_t)1U;
+      uint32_t *a1 = n + 1U;
+      uint32_t *res1 = n2 + 1U;
       uint32_t c = c0;
-      for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U; i++)
+      for (uint32_t i = 0U; i < (len - 1U) / 4U; i++)
       {
-        uint32_t t1 = a1[(uint32_t)4U * i];
-        uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-        uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-        uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-        uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-        uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-        uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-        uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+        uint32_t t1 = a1[4U * i];
+        uint32_t *res_i0 = res1 + 4U * i;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+        uint32_t t10 = a1[4U * i + 1U];
+        uint32_t *res_i1 = res1 + 4U * i + 1U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+        uint32_t t11 = a1[4U * i + 2U];
+        uint32_t *res_i2 = res1 + 4U * i + 2U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+        uint32_t t12 = a1[4U * i + 3U];
+        uint32_t *res_i = res1 + 4U * i + 3U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
       }
-      for
-      (uint32_t
-        i = (len - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-        i
-        < len - (uint32_t)1U;
-        i++)
+      for (uint32_t i = (len - 1U) / 4U * 4U; i < len - 1U; i++)
       {
         uint32_t t1 = a1[i];
         uint32_t *res_i = res1 + i;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i);
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i);
       }
       uint32_t c10 = c;
       c1 = c10;
@@ -432,20 +374,14 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
     {
       c1 = c0;
     }
-    KRML_HOST_IGNORE(c1);
-    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len,
-      nBits,
-      n,
-      a,
-      (uint32_t)32U * len,
-      n2,
-      res);
+    KRML_MAYBE_UNUSED_VAR(c1);
+    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len, nBits, n, a, 32U * len, n2, res);
   }
   else
   {
     memset(res, 0U, len * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 
@@ -477,7 +413,7 @@ Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
   uint32_t *r21 = r2;
   uint32_t *n11 = n1;
   memcpy(n11, n, len * sizeof (uint32_t));
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
   Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(len, nBits, n, r21);
   uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 res = { .len = len, .n = n11, .mu = mu, .r2 = r21 };
@@ -632,38 +568,33 @@ Hacl_Bignum32_mod_inv_prime_vartime_precomp(
   KRML_CHECK_SIZE(sizeof (uint32_t), len1);
   uint32_t *n2 = (uint32_t *)alloca(len1 * sizeof (uint32_t));
   memset(n2, 0U, len1 * sizeof (uint32_t));
-  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, k1.n[0U], (uint32_t)2U, n2);
+  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, k1.n[0U], 2U, n2);
   uint32_t c1;
-  if ((uint32_t)1U < len1)
+  if (1U < len1)
   {
-    uint32_t *a1 = k1.n + (uint32_t)1U;
-    uint32_t *res1 = n2 + (uint32_t)1U;
+    uint32_t *a1 = k1.n + 1U;
+    uint32_t *res1 = n2 + 1U;
     uint32_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (len1 - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (len1 - 1U) / 4U; i++)
     {
-      uint32_t t1 = a1[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a1[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a1[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a1[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a1[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
     }
-    for
-    (uint32_t
-      i = (len1 - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < len1 - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (len1 - 1U) / 4U * 4U; i < len1 - 1U; i++)
     {
       uint32_t t1 = a1[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i);
     }
     uint32_t c10 = c;
     c1 = c10;
@@ -672,13 +603,13 @@ Hacl_Bignum32_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(len1,
     k1.n,
     k1.mu,
     k1.r2,
     a,
-    (uint32_t)32U * len1,
+    32U * len1,
     n2,
     res);
 }
@@ -702,36 +633,28 @@ Load a bid-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum32_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint32_t *os = res2;
-    uint32_t u = load32_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)4U);
+    uint32_t u = load32_be(tmp + (bnLen - i - 1U) * 4U);
     uint32_t x = u;
     os[i] = x;
   }
@@ -751,36 +674,28 @@ Load a little-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum32_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 4U + 1U; i++)
   {
     uint32_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)4U;
+    uint8_t *bj = tmp + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r1 = u;
     uint32_t x = r1;
@@ -797,14 +712,14 @@ Serialize a bignum into big-endian memory.
 */
 void Hacl_Bignum32_bn_to_bytes_be(uint32_t len, uint32_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store32_be(tmp + i * (uint32_t)4U, b[bnLen - i - (uint32_t)1U]);
+    store32_be(tmp + i * 4U, b[bnLen - i - 1U]);
   }
   memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t));
 }
@@ -817,14 +732,14 @@ Serialize a bignum into little-endian memory.
 */
 void Hacl_Bignum32_bn_to_bytes_le(uint32_t len, uint32_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store32_le(tmp + i * (uint32_t)4U, b[i]);
+    store32_le(tmp + i * 4U, b[i]);
   }
   memcpy(res, tmp, len * sizeof (uint8_t));
 }
@@ -842,12 +757,12 @@ Returns 2^32 - 1 if a < b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum32_lt_mask(uint32_t len, uint32_t *a, uint32_t *b)
 {
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], b[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   return acc;
 }
@@ -859,8 +774,8 @@ Returns 2^32 - 1 if a = b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum32_eq_mask(uint32_t len, uint32_t *a, uint32_t *b)
 {
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint32_t mask = 0xFFFFFFFFU;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;
diff --git a/src/msvc/Hacl_Bignum4096.c b/src/msvc/Hacl_Bignum4096.c
index ee51cc5e..920ae2fb 100644
--- a/src/msvc/Hacl_Bignum4096.c
+++ b/src/msvc/Hacl_Bignum4096.c
@@ -63,26 +63,26 @@ Write `a + b mod 2^4096` in `res`.
 */
 uint64_t Hacl_Bignum4096_add(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i););
   return c;
 }
@@ -96,26 +96,26 @@ Write `a - b mod 2^4096` in `res`.
 */
 uint64_t Hacl_Bignum4096_sub(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i););
   return c;
 }
@@ -132,53 +132,53 @@ Write `(a + b) mod n` in `res`.
 */
 void Hacl_Bignum4096_add_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i););
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -198,54 +198,54 @@ Write `(a - b) mod n` in `res`.
 */
 void Hacl_Bignum4096_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = a[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = a[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i););
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i););
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & tmp[i]) | (~c2 & res[i]);
@@ -262,7 +262,7 @@ Write `a * b` in `res`.
 void Hacl_Bignum4096_mul(uint64_t *a, uint64_t *b, uint64_t *res)
 {
   uint64_t tmp[256U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64((uint32_t)64U, a, b, tmp, res);
+  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(64U, a, b, tmp, res);
 }
 
 /**
@@ -274,16 +274,16 @@ Write `a * a` in `res`.
 void Hacl_Bignum4096_sqr(uint64_t *a, uint64_t *res)
 {
   uint64_t tmp[256U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64((uint32_t)64U, a, tmp, res);
+  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(64U, a, tmp, res);
 }
 
 static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
-  uint32_t i = nBits / (uint32_t)64U;
-  uint32_t j = nBits % (uint32_t)64U;
-  res[i] = res[i] | (uint64_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)8192U - nBits; i0++)
+  memset(res, 0U, 64U * sizeof (uint64_t));
+  uint32_t i = nBits / 64U;
+  uint32_t j = nBits % 64U;
+  res[i] = res[i] | 1ULL << j;
+  for (uint32_t i0 = 0U; i0 < 8192U - nBits; i0++)
   {
     Hacl_Bignum4096_add_mod(n, res, res, res);
   }
@@ -291,61 +291,61 @@ static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
 
 static inline void reduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
+    uint64_t c1 = 0ULL;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      0U,
+      16U,
+      1U,
+      uint64_t a_i = n[4U * i];
+      uint64_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * i + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * i + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * i + 3U];
+      uint64_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i););
     uint64_t r = c1;
     uint64_t c10 = r;
-    uint64_t *resb = c + (uint32_t)64U + i0;
-    uint64_t res_j = c[(uint32_t)64U + i0];
+    uint64_t *resb = c + 64U + i0;
+    uint64_t res_j = c[64U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb);
   }
-  memcpy(res, c + (uint32_t)64U, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(res, c + 64U, 64U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
-  uint64_t c1 = (uint64_t)0U;
+  uint64_t c1 = 0ULL;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t t1 = res[(uint32_t)4U * i];
-    uint64_t t20 = n[(uint32_t)4U * i];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * i;
+    0U,
+    16U,
+    1U,
+    uint64_t t1 = res[4U * i];
+    uint64_t t20 = n[4U * i];
+    uint64_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = res[4U * i + 1U];
+    uint64_t t21 = n[4U * i + 1U];
+    uint64_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = res[4U * i + 2U];
+    uint64_t t22 = n[4U * i + 2U];
+    uint64_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = res[4U * i + 3U];
+    uint64_t t2 = n[4U * i + 3U];
+    uint64_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t12, t2, res_i););
   uint64_t c10 = c1;
   uint64_t c2 = c00 - c10;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -353,50 +353,57 @@ static inline void reduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *
   }
 }
 
+static inline void to(uint64_t *n, uint64_t nInv, uint64_t *r2, uint64_t *a, uint64_t *aM)
+{
+  uint64_t c[128U] = { 0U };
+  Hacl_Bignum4096_mul(a, r2, c);
+  reduction(n, nInv, c, aM);
+}
+
 static inline void from(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *a)
 {
   uint64_t tmp[128U] = { 0U };
-  memcpy(tmp, aM, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(tmp, aM, 64U * sizeof (uint64_t));
   reduction(n, nInv_u64, tmp, a);
 }
 
 static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
     uint64_t qj = nInv * c[i0];
     uint64_t *res_j0 = c + i0;
-    uint64_t c1 = (uint64_t)0U;
+    uint64_t c1 = 0ULL;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      0U,
+      16U,
+      1U,
+      uint64_t a_i = n[4U * i];
+      uint64_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * i + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * i + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * i + 3U];
+      uint64_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i););
     uint64_t r = c1;
     uint64_t c10 = r;
-    uint64_t *resb = c + (uint32_t)64U + i0;
-    uint64_t res_j = c[(uint32_t)64U + i0];
+    uint64_t *resb = c + 64U + i0;
+    uint64_t res_j = c[64U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb);
   }
-  memcpy(res, c + (uint32_t)64U, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(res, c + 64U, 64U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t m = 0ULL - c00;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t *os = res;
     uint64_t x = (m & tmp[i]) | (~m & res[i]);
@@ -408,16 +415,14 @@ static inline void
 amont_mul(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *bM, uint64_t *resM)
 {
   uint64_t c[128U] = { 0U };
-  uint64_t tmp[256U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64((uint32_t)64U, aM, bM, tmp, c);
+  Hacl_Bignum4096_mul(aM, bM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
 static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint64_t *resM)
 {
   uint64_t c[128U] = { 0U };
-  uint64_t tmp[256U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64((uint32_t)64U, aM, tmp, c);
+  Hacl_Bignum4096_sqr(aM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -426,50 +431,9 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
 {
   uint64_t a_mod[64U] = { 0U };
   uint64_t a1[128U] = { 0U };
-  memcpy(a1, a, (uint32_t)128U * sizeof (uint64_t));
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
-  {
-    uint64_t qj = mu * a1[i0];
-    uint64_t *res_j0 = a1 + i0;
-    uint64_t c = (uint64_t)0U;
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i););
-    uint64_t r = c;
-    uint64_t c1 = r;
-    uint64_t *resb = a1 + (uint32_t)64U + i0;
-    uint64_t res_j = a1[(uint32_t)64U + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb);
-  }
-  memcpy(a_mod, a1 + (uint32_t)64U, (uint32_t)64U * sizeof (uint64_t));
-  uint64_t c00 = c0;
-  uint64_t tmp[64U] = { 0U };
-  uint64_t c1 = Hacl_Bignum4096_sub(a_mod, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
-  {
-    uint64_t *os = a_mod;
-    uint64_t x = (m & tmp[i]) | (~m & a_mod[i]);
-    os[i] = x;
-  }
-  uint64_t c[128U] = { 0U };
-  Hacl_Bignum4096_mul(a_mod, r2, c);
-  reduction(n, mu, c, res);
+  memcpy(a1, a, 128U * sizeof (uint64_t));
+  areduction(n, mu, a1, a_mod);
+  to(n, mu, r2, a_mod, res);
 }
 
 /**
@@ -486,22 +450,21 @@ Write `a mod n` in `res`.
 bool Hacl_Bignum4096_mod(uint64_t *n, uint64_t *a, uint64_t *res)
 {
   uint64_t one[64U] = { 0U };
-  memset(one, 0U, (uint32_t)64U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  memset(one, 0U, 64U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc;
   uint64_t is_valid_m = m0 & m1;
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     uint64_t r2[64U] = { 0U };
     precompr2(nBits, n, r2);
@@ -510,65 +473,65 @@ bool Hacl_Bignum4096_mod(uint64_t *n, uint64_t *a, uint64_t *res)
   }
   else
   {
-    memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
+    memset(res, 0U, 64U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static uint64_t exp_check(uint64_t *n, uint64_t *a, uint32_t bBits, uint64_t *b)
 {
   uint64_t one[64U] = { 0U };
-  memset(one, 0U, (uint32_t)64U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  memset(one, 0U, 64U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m10 = acc0;
   uint64_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t m1;
-  if (bBits < (uint32_t)64U * bLen)
+  if (bBits < 64U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), bLen);
     uint64_t *b2 = (uint64_t *)alloca(bLen * sizeof (uint64_t));
     memset(b2, 0U, bLen * sizeof (uint64_t));
-    uint32_t i0 = bBits / (uint32_t)64U;
-    uint32_t j = bBits % (uint32_t)64U;
-    b2[i0] = b2[i0] | (uint64_t)1U << j;
-    uint64_t acc = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 64U;
+    uint32_t j = bBits % 64U;
+    b2[i0] = b2[i0] | 1ULL << j;
+    uint64_t acc = 0ULL;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]);
       uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
     }
     uint64_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    m1 = 0xFFFFFFFFFFFFFFFFULL;
   }
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m2 = acc;
   uint64_t m = m1 & m2;
@@ -586,26 +549,24 @@ exp_vartime_precomp(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint64_t aM[64U] = { 0U };
-    uint64_t c[128U] = { 0U };
-    Hacl_Bignum4096_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint64_t resM[64U] = { 0U };
     uint64_t ctx[128U] = { 0U };
-    memcpy(ctx, n, (uint32_t)64U * sizeof (uint64_t));
-    memcpy(ctx + (uint32_t)64U, r2, (uint32_t)64U * sizeof (uint64_t));
+    memcpy(ctx, n, 64U * sizeof (uint64_t));
+    memcpy(ctx + 64U, r2, 64U * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)64U;
+    uint64_t *ctx_r2 = ctx + 64U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)64U;
-      uint32_t j = i % (uint32_t)64U;
+      uint32_t i1 = i / 64U;
+      uint32_t j = i % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
-      if (!(bit == (uint64_t)0U))
+      uint64_t bit = tmp >> j & 1ULL;
+      if (!(bit == 0ULL))
       {
         uint64_t *ctx_n0 = ctx;
         amont_mul(ctx_n0, mu, resM, aM, resM);
@@ -613,86 +574,76 @@ exp_vartime_precomp(
       uint64_t *ctx_n0 = ctx;
       amont_sqr(ctx_n0, mu, aM, aM);
     }
-    uint64_t tmp[128U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)64U * sizeof (uint64_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint64_t aM[64U] = { 0U };
-  uint64_t c[128U] = { 0U };
-  Hacl_Bignum4096_mul(a, r2, c);
-  reduction(n, mu, c, aM);
+  to(n, mu, r2, a, aM);
   uint64_t resM[64U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t ctx[128U] = { 0U };
-  memcpy(ctx, n, (uint32_t)64U * sizeof (uint64_t));
-  memcpy(ctx + (uint32_t)64U, r2, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(ctx, n, 64U * sizeof (uint64_t));
+  memcpy(ctx + 64U, r2, 64U * sizeof (uint64_t));
   uint64_t table[1024U] = { 0U };
   uint64_t tmp[64U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)64U;
+  uint64_t *t1 = table + 64U;
   uint64_t *ctx_n0 = ctx;
-  uint64_t *ctx_r20 = ctx + (uint32_t)64U;
+  uint64_t *ctx_r20 = ctx + 64U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(t1, aM, 64U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)64U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 64U;
     uint64_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)64U,
-      tmp,
-      (uint32_t)64U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)64U;
+    memcpy(table + (2U * i + 2U) * 64U, tmp, 64U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 64U;
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)64U,
-      tmp,
-      (uint32_t)64U * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 64U, tmp, 64U * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, 4U);
     uint32_t bits_l32 = (uint32_t)bits_c;
-    const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)64U;
-    memcpy(resM, (uint64_t *)a_bits_l, (uint32_t)64U * sizeof (uint64_t));
+    const uint64_t *a_bits_l = table + bits_l32 * 64U;
+    memcpy(resM, (uint64_t *)a_bits_l, 64U * sizeof (uint64_t));
   }
   else
   {
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)64U;
+    uint64_t *ctx_r2 = ctx + 64U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint64_t tmp0[64U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
     uint32_t bits_l32 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)64U;
-    memcpy(tmp0, (uint64_t *)a_bits_l, (uint32_t)64U * sizeof (uint64_t));
+    const uint64_t *a_bits_l = table + bits_l32 * 64U;
+    memcpy(tmp0, (uint64_t *)a_bits_l, 64U * sizeof (uint64_t));
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint64_t tmp1[128U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)64U * sizeof (uint64_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -706,30 +657,28 @@ exp_consttime_precomp(
   uint64_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint64_t aM[64U] = { 0U };
-    uint64_t c[128U] = { 0U };
-    Hacl_Bignum4096_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint64_t resM[64U] = { 0U };
     uint64_t ctx[128U] = { 0U };
-    memcpy(ctx, n, (uint32_t)64U * sizeof (uint64_t));
-    memcpy(ctx + (uint32_t)64U, r2, (uint32_t)64U * sizeof (uint64_t));
-    uint64_t sw = (uint64_t)0U;
+    memcpy(ctx, n, 64U * sizeof (uint64_t));
+    memcpy(ctx + 64U, r2, 64U * sizeof (uint64_t));
+    uint64_t sw = 0ULL;
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)64U;
+    uint64_t *ctx_r2 = ctx + 64U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)64U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)64U;
+      uint32_t i1 = (bBits - i0 - 1U) / 64U;
+      uint32_t j = (bBits - i0 - 1U) % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
+      uint64_t bit = tmp >> j & 1ULL;
       uint64_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+      for (uint32_t i = 0U; i < 64U; i++)
       {
-        uint64_t dummy = ((uint64_t)0U - sw1) & (resM[i] ^ aM[i]);
+        uint64_t dummy = (0ULL - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;
       }
@@ -740,70 +689,62 @@ exp_consttime_precomp(
       sw = bit;
     }
     uint64_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+    for (uint32_t i = 0U; i < 64U; i++)
     {
-      uint64_t dummy = ((uint64_t)0U - sw0) & (resM[i] ^ aM[i]);
+      uint64_t dummy = (0ULL - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;
     }
-    uint64_t tmp[128U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)64U * sizeof (uint64_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint64_t aM[64U] = { 0U };
-  uint64_t c0[128U] = { 0U };
-  Hacl_Bignum4096_mul(a, r2, c0);
-  reduction(n, mu, c0, aM);
+  to(n, mu, r2, a, aM);
   uint64_t resM[64U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 64U + 1U;
   }
   uint64_t ctx[128U] = { 0U };
-  memcpy(ctx, n, (uint32_t)64U * sizeof (uint64_t));
-  memcpy(ctx + (uint32_t)64U, r2, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(ctx, n, 64U * sizeof (uint64_t));
+  memcpy(ctx + 64U, r2, 64U * sizeof (uint64_t));
   uint64_t table[1024U] = { 0U };
   uint64_t tmp[64U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)64U;
+  uint64_t *t1 = table + 64U;
   uint64_t *ctx_n0 = ctx;
-  uint64_t *ctx_r20 = ctx + (uint32_t)64U;
+  uint64_t *ctx_r20 = ctx + 64U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)64U * sizeof (uint64_t));
+  memcpy(t1, aM, 64U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)64U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 64U;
     uint64_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)64U,
-      tmp,
-      (uint32_t)64U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)64U;
+    memcpy(table + (2U * i + 2U) * 64U, tmp, 64U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 64U;
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)64U,
-      tmp,
-      (uint32_t)64U * sizeof (uint64_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 64U, tmp, 64U * sizeof (uint64_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint64_t *)table, (uint32_t)64U * sizeof (uint64_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, 4U);
+    memcpy(resM, (uint64_t *)table, 64U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)64U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 64U;
+      for (uint32_t i = 0U; i < 64U; i++)
       {
         uint64_t *os = resM;
         uint64_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -813,28 +754,28 @@ exp_consttime_precomp(
   else
   {
     uint64_t *ctx_n = ctx;
-    uint64_t *ctx_r2 = ctx + (uint32_t)64U;
+    uint64_t *ctx_r2 = ctx + 64U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint64_t tmp0[64U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint64_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)64U * sizeof (uint64_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 64U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)64U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 64U;
+      for (uint32_t i = 0U; i < 64U; i++)
       {
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -843,9 +784,7 @@ exp_consttime_precomp(
     uint64_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint64_t tmp1[128U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)64U * sizeof (uint64_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -910,17 +849,16 @@ Hacl_Bignum4096_mod_exp_vartime(
 )
 {
   uint64_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     exp_vartime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
+    memset(res, 0U, 64U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -953,17 +891,16 @@ Hacl_Bignum4096_mod_exp_consttime(
 )
 {
   uint64_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     exp_consttime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
+    memset(res, 0U, 64U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -984,22 +921,22 @@ Write `a ^ (-1) mod n` in `res`.
 bool Hacl_Bignum4096_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *res)
 {
   uint64_t one[64U] = { 0U };
-  memset(one, 0U, (uint32_t)64U * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  memset(one, 0U, 64U * sizeof (uint64_t));
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc0;
   uint64_t m00 = m0 & m1;
   uint64_t bn_zero[64U] = { 0U };
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -1007,57 +944,56 @@ bool Hacl_Bignum4096_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *r
   uint64_t mask1 = mask;
   uint64_t res10 = mask1;
   uint64_t m10 = res10;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m2 = acc;
   uint64_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     uint64_t n2[64U] = { 0U };
-    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, n[0U], (uint64_t)2U, n2);
-    uint64_t *a1 = n + (uint32_t)1U;
-    uint64_t *res1 = n2 + (uint32_t)1U;
+    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, n[0U], 2ULL, n2);
+    uint64_t *a1 = n + 1U;
+    uint64_t *res1 = n2 + 1U;
     uint64_t c = c0;
     KRML_MAYBE_FOR15(i,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i););
+      0U,
+      15U,
+      1U,
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i););
     KRML_MAYBE_FOR3(i,
-      (uint32_t)60U,
-      (uint32_t)63U,
-      (uint32_t)1U,
+      60U,
+      63U,
+      1U,
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
-    KRML_HOST_IGNORE(c2);
-    exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
+    KRML_MAYBE_UNUSED_VAR(c2);
+    exp_vartime(nBits, n, a, 4096U, n2, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)64U * sizeof (uint64_t));
+    memset(res, 0U, 64U * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 
@@ -1081,17 +1017,15 @@ Heap-allocate and initialize a montgomery context.
 */
 Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 *Hacl_Bignum4096_mont_ctx_init(uint64_t *n)
 {
-  uint64_t *r2 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint64_t));
-  uint64_t *n1 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint64_t));
+  uint64_t *r2 = (uint64_t *)KRML_HOST_CALLOC(64U, sizeof (uint64_t));
+  uint64_t *n1 = (uint64_t *)KRML_HOST_CALLOC(64U, sizeof (uint64_t));
   uint64_t *r21 = r2;
   uint64_t *n11 = n1;
-  memcpy(n11, n, (uint32_t)64U * sizeof (uint64_t));
-  uint32_t
-  nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64((uint32_t)64U, n);
+  memcpy(n11, n, 64U * sizeof (uint64_t));
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(64U, n);
   precompr2(nBits, n, r21);
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
-  res = { .len = (uint32_t)64U, .n = n11, .mu = mu, .r2 = r21 };
+  Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 res = { .len = 64U, .n = n11, .mu = mu, .r2 = r21 };
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
   *buf =
     (Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 *)KRML_HOST_MALLOC(sizeof (
@@ -1219,37 +1153,37 @@ Hacl_Bignum4096_mod_inv_prime_vartime_precomp(
 {
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 k1 = *k;
   uint64_t n2[64U] = { 0U };
-  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, k1.n[0U], (uint64_t)2U, n2);
-  uint64_t *a1 = k1.n + (uint32_t)1U;
-  uint64_t *res1 = n2 + (uint32_t)1U;
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, k1.n[0U], 2ULL, n2);
+  uint64_t *a1 = k1.n + 1U;
+  uint64_t *res1 = n2 + 1U;
   uint64_t c = c0;
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t t1 = a1[(uint32_t)4U * i];
-    uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-    uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-    uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-    uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i););
+    0U,
+    15U,
+    1U,
+    uint64_t t1 = a1[4U * i];
+    uint64_t *res_i0 = res1 + 4U * i;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+    uint64_t t10 = a1[4U * i + 1U];
+    uint64_t *res_i1 = res1 + 4U * i + 1U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+    uint64_t t11 = a1[4U * i + 2U];
+    uint64_t *res_i2 = res1 + 4U * i + 2U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+    uint64_t t12 = a1[4U * i + 3U];
+    uint64_t *res_i = res1 + 4U * i + 3U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i););
   KRML_MAYBE_FOR3(i,
-    (uint32_t)60U,
-    (uint32_t)63U,
-    (uint32_t)1U,
+    60U,
+    63U,
+    1U,
     uint64_t t1 = a1[i];
     uint64_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
-  KRML_HOST_IGNORE(c2);
-  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
+  KRML_MAYBE_UNUSED_VAR(c2);
+  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, 4096U, n2, res);
 }
 
 
@@ -1271,36 +1205,28 @@ Load a bid-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum4096_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint64_t *os = res2;
-    uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;
   }
@@ -1320,36 +1246,28 @@ Load a little-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum4096_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 8U + 1U; i++)
   {
     uint64_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)8U;
+    uint8_t *bj = tmp + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r1 = u;
     uint64_t x = r1;
@@ -1367,10 +1285,10 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  for (uint32_t i = 0U; i < 64U; i++)
   {
-    store64_be(res + i * (uint32_t)8U, b[(uint32_t)64U - i - (uint32_t)1U]);
+    store64_be(res + i * 8U, b[64U - i - 1U]);
   }
 }
 
@@ -1383,10 +1301,10 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  for (uint32_t i = 0U; i < 64U; i++)
   {
-    store64_le(res + i * (uint32_t)8U, b[i]);
+    store64_le(res + i * 8U, b[i]);
   }
 }
 
@@ -1403,12 +1321,12 @@ Returns 2^64 - 1 if a < b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum4096_lt_mask(uint64_t *a, uint64_t *b)
 {
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], b[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   return acc;
 }
@@ -1420,8 +1338,8 @@ Returns 2^64 - 1 if a = b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum4096_eq_mask(uint64_t *a, uint64_t *b)
 {
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;
diff --git a/src/msvc/Hacl_Bignum4096_32.c b/src/msvc/Hacl_Bignum4096_32.c
index 790d0428..f3330918 100644
--- a/src/msvc/Hacl_Bignum4096_32.c
+++ b/src/msvc/Hacl_Bignum4096_32.c
@@ -64,24 +64,24 @@ Write `a + b mod 2^4096` in `res`.
 */
 uint32_t Hacl_Bignum4096_32_add(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
   return c;
@@ -96,24 +96,24 @@ Write `a - b mod 2^4096` in `res`.
 */
 uint32_t Hacl_Bignum4096_32_sub(uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i);
   }
   return c;
@@ -131,51 +131,51 @@ Write `(a + b) mod n` in `res`.
 */
 void Hacl_Bignum4096_32_add_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c0 = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t12, t2, res_i);
   }
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i);
   }
   uint32_t c1 = c;
   uint32_t c2 = c00 - c1;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -195,52 +195,52 @@ Write `(a - b) mod n` in `res`.
 */
 void Hacl_Bignum4096_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c0 = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = a[(uint32_t)4U * i];
-    uint32_t t20 = b[(uint32_t)4U * i];
-    uint32_t *res_i0 = res + (uint32_t)4U * i;
+    uint32_t t1 = a[4U * i];
+    uint32_t t20 = b[4U * i];
+    uint32_t *res_i0 = res + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t1, t20, res_i0);
-    uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = a[4U * i + 1U];
+    uint32_t t21 = b[4U * i + 1U];
+    uint32_t *res_i1 = res + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t10, t21, res_i1);
-    uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = a[4U * i + 2U];
+    uint32_t t22 = b[4U * i + 2U];
+    uint32_t *res_i2 = res + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t11, t22, res_i2);
-    uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = a[4U * i + 3U];
+    uint32_t t2 = b[4U * i + 3U];
+    uint32_t *res_i = res + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t12, t2, res_i);
   }
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
-  uint32_t c = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
   uint32_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint32_t c2 = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t c2 = 0U - c00;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & tmp[i]) | (~c2 & res[i]);
@@ -257,7 +257,7 @@ Write `a * b` in `res`.
 void Hacl_Bignum4096_32_mul(uint32_t *a, uint32_t *b, uint32_t *res)
 {
   uint32_t tmp[512U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32((uint32_t)128U, a, b, tmp, res);
+  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(128U, a, b, tmp, res);
 }
 
 /**
@@ -269,16 +269,16 @@ Write `a * a` in `res`.
 void Hacl_Bignum4096_32_sqr(uint32_t *a, uint32_t *res)
 {
   uint32_t tmp[512U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32((uint32_t)128U, a, tmp, res);
+  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(128U, a, tmp, res);
 }
 
 static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
 {
-  memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
-  uint32_t i = nBits / (uint32_t)32U;
-  uint32_t j = nBits % (uint32_t)32U;
-  res[i] = res[i] | (uint32_t)1U << j;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)8192U - nBits; i0++)
+  memset(res, 0U, 128U * sizeof (uint32_t));
+  uint32_t i = nBits / 32U;
+  uint32_t j = nBits % 32U;
+  res[i] = res[i] | 1U << j;
+  for (uint32_t i0 = 0U; i0 < 8192U - nBits; i0++)
   {
     Hacl_Bignum4096_32_add_mod(n, res, res, res);
   }
@@ -286,59 +286,59 @@ static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
 
 static inline void reduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)128U; i0++)
+  uint32_t c0 = 0U;
+  for (uint32_t i0 = 0U; i0 < 128U; i0++)
   {
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint32_t c1 = 0U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i);
     }
     uint32_t r = c1;
     uint32_t c10 = r;
-    uint32_t *resb = c + (uint32_t)128U + i0;
-    uint32_t res_j = c[(uint32_t)128U + i0];
+    uint32_t *resb = c + 128U + i0;
+    uint32_t res_j = c[128U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb);
   }
-  memcpy(res, c + (uint32_t)128U, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(res, c + 128U, 128U * sizeof (uint32_t));
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
-  uint32_t c1 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint32_t c1 = 0U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
-    uint32_t t1 = res[(uint32_t)4U * i];
-    uint32_t t20 = n[(uint32_t)4U * i];
-    uint32_t *res_i0 = tmp + (uint32_t)4U * i;
+    uint32_t t1 = res[4U * i];
+    uint32_t t20 = n[4U * i];
+    uint32_t *res_i0 = tmp + 4U * i;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t1, t20, res_i0);
-    uint32_t t10 = res[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t t21 = n[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = tmp + (uint32_t)4U * i + (uint32_t)1U;
+    uint32_t t10 = res[4U * i + 1U];
+    uint32_t t21 = n[4U * i + 1U];
+    uint32_t *res_i1 = tmp + 4U * i + 1U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t10, t21, res_i1);
-    uint32_t t11 = res[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t t22 = n[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = tmp + (uint32_t)4U * i + (uint32_t)2U;
+    uint32_t t11 = res[4U * i + 2U];
+    uint32_t t22 = n[4U * i + 2U];
+    uint32_t *res_i2 = tmp + 4U * i + 2U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t11, t22, res_i2);
-    uint32_t t12 = res[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t t2 = n[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
+    uint32_t t12 = res[4U * i + 3U];
+    uint32_t t2 = n[4U * i + 3U];
+    uint32_t *res_i = tmp + 4U * i + 3U;
     c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t12, t2, res_i);
   }
   uint32_t c10 = c1;
   uint32_t c2 = c00 - c10;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t *os = res;
     uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]);
@@ -346,49 +346,56 @@ static inline void reduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *
   }
 }
 
+static inline void to(uint32_t *n, uint32_t nInv, uint32_t *r2, uint32_t *a, uint32_t *aM)
+{
+  uint32_t c[256U] = { 0U };
+  Hacl_Bignum4096_32_mul(a, r2, c);
+  reduction(n, nInv, c, aM);
+}
+
 static inline void from(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *a)
 {
   uint32_t tmp[256U] = { 0U };
-  memcpy(tmp, aM, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(tmp, aM, 128U * sizeof (uint32_t));
   reduction(n, nInv_u64, tmp, a);
 }
 
 static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res)
 {
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)128U; i0++)
+  uint32_t c0 = 0U;
+  for (uint32_t i0 = 0U; i0 < 128U; i0++)
   {
     uint32_t qj = nInv * c[i0];
     uint32_t *res_j0 = c + i0;
-    uint32_t c1 = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint32_t c1 = 0U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
+      uint32_t a_i = n[4U * i];
+      uint32_t *res_i0 = res_j0 + 4U * i;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
+      uint32_t a_i0 = n[4U * i + 1U];
+      uint32_t *res_i1 = res_j0 + 4U * i + 1U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
+      uint32_t a_i1 = n[4U * i + 2U];
+      uint32_t *res_i2 = res_j0 + 4U * i + 2U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
+      uint32_t a_i2 = n[4U * i + 3U];
+      uint32_t *res_i = res_j0 + 4U * i + 3U;
       c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i);
     }
     uint32_t r = c1;
     uint32_t c10 = r;
-    uint32_t *resb = c + (uint32_t)128U + i0;
-    uint32_t res_j = c[(uint32_t)128U + i0];
+    uint32_t *resb = c + 128U + i0;
+    uint32_t res_j = c[128U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb);
   }
-  memcpy(res, c + (uint32_t)128U, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(res, c + 128U, 128U * sizeof (uint32_t));
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(res, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint32_t m = 0U - c00;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t *os = res;
     uint32_t x = (m & tmp[i]) | (~m & res[i]);
@@ -400,16 +407,14 @@ static inline void
 amont_mul(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *bM, uint32_t *resM)
 {
   uint32_t c[256U] = { 0U };
-  uint32_t tmp[512U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32((uint32_t)128U, aM, bM, tmp, c);
+  Hacl_Bignum4096_32_mul(aM, bM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
 static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint32_t *resM)
 {
   uint32_t c[256U] = { 0U };
-  uint32_t tmp[512U] = { 0U };
-  Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32((uint32_t)128U, aM, tmp, c);
+  Hacl_Bignum4096_32_sqr(aM, c);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -418,49 +423,9 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
 {
   uint32_t a_mod[128U] = { 0U };
   uint32_t a1[256U] = { 0U };
-  memcpy(a1, a, (uint32_t)256U * sizeof (uint32_t));
-  uint32_t c0 = (uint32_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)128U; i0++)
-  {
-    uint32_t qj = mu * a1[i0];
-    uint32_t *res_j0 = a1 + i0;
-    uint32_t c = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
-    {
-      uint32_t a_i = n[(uint32_t)4U * i];
-      uint32_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c, res_i0);
-      uint32_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c, res_i1);
-      uint32_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c, res_i2);
-      uint32_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c, res_i);
-    }
-    uint32_t r = c;
-    uint32_t c1 = r;
-    uint32_t *resb = a1 + (uint32_t)128U + i0;
-    uint32_t res_j = a1[(uint32_t)128U + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c1, res_j, resb);
-  }
-  memcpy(a_mod, a1 + (uint32_t)128U, (uint32_t)128U * sizeof (uint32_t));
-  uint32_t c00 = c0;
-  uint32_t tmp[128U] = { 0U };
-  uint32_t c1 = Hacl_Bignum4096_32_sub(a_mod, n, tmp);
-  KRML_HOST_IGNORE(c1);
-  uint32_t m = (uint32_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
-  {
-    uint32_t *os = a_mod;
-    uint32_t x = (m & tmp[i]) | (~m & a_mod[i]);
-    os[i] = x;
-  }
-  uint32_t c[256U] = { 0U };
-  Hacl_Bignum4096_32_mul(a_mod, r2, c);
-  reduction(n, mu, c, res);
+  memcpy(a1, a, 256U * sizeof (uint32_t));
+  areduction(n, mu, a1, a_mod);
+  to(n, mu, r2, a_mod, res);
 }
 
 /**
@@ -477,21 +442,21 @@ Write `a mod n` in `res`.
 bool Hacl_Bignum4096_32_mod(uint32_t *n, uint32_t *a, uint32_t *res)
 {
   uint32_t one[128U] = { 0U };
-  memset(one, 0U, (uint32_t)128U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  memset(one, 0U, 128U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc;
   uint32_t is_valid_m = m0 & m1;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     uint32_t r2[128U] = { 0U };
     precompr2(nBits, n, r2);
@@ -500,65 +465,65 @@ bool Hacl_Bignum4096_32_mod(uint32_t *n, uint32_t *a, uint32_t *res)
   }
   else
   {
-    memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
+    memset(res, 0U, 128U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 static uint32_t exp_check(uint32_t *n, uint32_t *a, uint32_t bBits, uint32_t *b)
 {
   uint32_t one[128U] = { 0U };
-  memset(one, 0U, (uint32_t)128U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  memset(one, 0U, 128U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m10 = acc0;
   uint32_t m00 = m0 & m10;
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t m1;
-  if (bBits < (uint32_t)32U * bLen)
+  if (bBits < 32U * bLen)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), bLen);
     uint32_t *b2 = (uint32_t *)alloca(bLen * sizeof (uint32_t));
     memset(b2, 0U, bLen * sizeof (uint32_t));
-    uint32_t i0 = bBits / (uint32_t)32U;
-    uint32_t j = bBits % (uint32_t)32U;
-    b2[i0] = b2[i0] | (uint32_t)1U << j;
-    uint32_t acc = (uint32_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+    uint32_t i0 = bBits / 32U;
+    uint32_t j = bBits % 32U;
+    b2[i0] = b2[i0] | 1U << j;
+    uint32_t acc = 0U;
+    for (uint32_t i = 0U; i < bLen; i++)
     {
       uint32_t beq = FStar_UInt32_eq_mask(b[i], b2[i]);
       uint32_t blt = ~FStar_UInt32_gte_mask(b[i], b2[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
     }
     uint32_t res = acc;
     m1 = res;
   }
   else
   {
-    m1 = (uint32_t)0xFFFFFFFFU;
+    m1 = 0xFFFFFFFFU;
   }
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m2 = acc;
   uint32_t m = m1 & m2;
@@ -576,26 +541,24 @@ exp_vartime_precomp(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint32_t aM[128U] = { 0U };
-    uint32_t c[256U] = { 0U };
-    Hacl_Bignum4096_32_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint32_t resM[128U] = { 0U };
     uint32_t ctx[256U] = { 0U };
-    memcpy(ctx, n, (uint32_t)128U * sizeof (uint32_t));
-    memcpy(ctx + (uint32_t)128U, r2, (uint32_t)128U * sizeof (uint32_t));
+    memcpy(ctx, n, 128U * sizeof (uint32_t));
+    memcpy(ctx + 128U, r2, 128U * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)128U;
+    uint32_t *ctx_r2 = ctx + 128U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)32U;
-      uint32_t j = i % (uint32_t)32U;
+      uint32_t i1 = i / 32U;
+      uint32_t j = i % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
-      if (!(bit == (uint32_t)0U))
+      uint32_t bit = tmp >> j & 1U;
+      if (!(bit == 0U))
       {
         uint32_t *ctx_n0 = ctx;
         amont_mul(ctx_n0, mu, resM, aM, resM);
@@ -603,86 +566,76 @@ exp_vartime_precomp(
       uint32_t *ctx_n0 = ctx;
       amont_sqr(ctx_n0, mu, aM, aM);
     }
-    uint32_t tmp[256U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)128U * sizeof (uint32_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint32_t aM[128U] = { 0U };
-  uint32_t c[256U] = { 0U };
-  Hacl_Bignum4096_32_mul(a, r2, c);
-  reduction(n, mu, c, aM);
+  to(n, mu, r2, a, aM);
   uint32_t resM[128U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t ctx[256U] = { 0U };
-  memcpy(ctx, n, (uint32_t)128U * sizeof (uint32_t));
-  memcpy(ctx + (uint32_t)128U, r2, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(ctx, n, 128U * sizeof (uint32_t));
+  memcpy(ctx + 128U, r2, 128U * sizeof (uint32_t));
   uint32_t table[2048U] = { 0U };
   uint32_t tmp[128U] = { 0U };
   uint32_t *t0 = table;
-  uint32_t *t1 = table + (uint32_t)128U;
+  uint32_t *t1 = table + 128U;
   uint32_t *ctx_n0 = ctx;
-  uint32_t *ctx_r20 = ctx + (uint32_t)128U;
+  uint32_t *ctx_r20 = ctx + 128U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(t1, aM, 128U * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)128U;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * 128U;
     uint32_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)128U,
-      tmp,
-      (uint32_t)128U * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)128U;
+    memcpy(table + (2U * i + 2U) * 128U, tmp, 128U * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * 128U;
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)128U,
-      tmp,
-      (uint32_t)128U * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 128U, tmp, 128U * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, (uint32_t)4U);
+    uint32_t i = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, 4U);
     uint32_t bits_l32 = bits_c;
-    const uint32_t *a_bits_l = table + bits_l32 * (uint32_t)128U;
-    memcpy(resM, (uint32_t *)a_bits_l, (uint32_t)128U * sizeof (uint32_t));
+    const uint32_t *a_bits_l = table + bits_l32 * 128U;
+    memcpy(resM, (uint32_t *)a_bits_l, 128U * sizeof (uint32_t));
   }
   else
   {
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)128U;
+    uint32_t *ctx_r2 = ctx + 128U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint32_t tmp0[128U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+  for (uint32_t i = 0U; i < bBits / 4U; i++)
   {
     KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
+    uint32_t k = bBits - bBits % 4U - 4U * i - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
     uint32_t bits_l32 = bits_l;
-    const uint32_t *a_bits_l = table + bits_l32 * (uint32_t)128U;
-    memcpy(tmp0, (uint32_t *)a_bits_l, (uint32_t)128U * sizeof (uint32_t));
+    const uint32_t *a_bits_l = table + bits_l32 * 128U;
+    memcpy(tmp0, (uint32_t *)a_bits_l, 128U * sizeof (uint32_t));
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint32_t tmp1[256U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)128U * sizeof (uint32_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -696,30 +649,28 @@ exp_consttime_precomp(
   uint32_t *res
 )
 {
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     uint32_t aM[128U] = { 0U };
-    uint32_t c[256U] = { 0U };
-    Hacl_Bignum4096_32_mul(a, r2, c);
-    reduction(n, mu, c, aM);
+    to(n, mu, r2, a, aM);
     uint32_t resM[128U] = { 0U };
     uint32_t ctx[256U] = { 0U };
-    memcpy(ctx, n, (uint32_t)128U * sizeof (uint32_t));
-    memcpy(ctx + (uint32_t)128U, r2, (uint32_t)128U * sizeof (uint32_t));
-    uint32_t sw = (uint32_t)0U;
+    memcpy(ctx, n, 128U * sizeof (uint32_t));
+    memcpy(ctx + 128U, r2, 128U * sizeof (uint32_t));
+    uint32_t sw = 0U;
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)128U;
+    uint32_t *ctx_r2 = ctx + 128U;
     from(ctx_n, mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)32U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)32U;
+      uint32_t i1 = (bBits - i0 - 1U) / 32U;
+      uint32_t j = (bBits - i0 - 1U) % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
+      uint32_t bit = tmp >> j & 1U;
       uint32_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+      for (uint32_t i = 0U; i < 128U; i++)
       {
-        uint32_t dummy = ((uint32_t)0U - sw1) & (resM[i] ^ aM[i]);
+        uint32_t dummy = (0U - sw1) & (resM[i] ^ aM[i]);
         resM[i] = resM[i] ^ dummy;
         aM[i] = aM[i] ^ dummy;
       }
@@ -730,70 +681,62 @@ exp_consttime_precomp(
       sw = bit;
     }
     uint32_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+    for (uint32_t i = 0U; i < 128U; i++)
     {
-      uint32_t dummy = ((uint32_t)0U - sw0) & (resM[i] ^ aM[i]);
+      uint32_t dummy = (0U - sw0) & (resM[i] ^ aM[i]);
       resM[i] = resM[i] ^ dummy;
       aM[i] = aM[i] ^ dummy;
     }
-    uint32_t tmp[256U] = { 0U };
-    memcpy(tmp, resM, (uint32_t)128U * sizeof (uint32_t));
-    reduction(n, mu, tmp, res);
+    from(n, mu, resM, res);
     return;
   }
   uint32_t aM[128U] = { 0U };
-  uint32_t c0[256U] = { 0U };
-  Hacl_Bignum4096_32_mul(a, r2, c0);
-  reduction(n, mu, c0, aM);
+  to(n, mu, r2, a, aM);
   uint32_t resM[128U] = { 0U };
   uint32_t bLen;
-  if (bBits == (uint32_t)0U)
+  if (bBits == 0U)
   {
-    bLen = (uint32_t)1U;
+    bLen = 1U;
   }
   else
   {
-    bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+    bLen = (bBits - 1U) / 32U + 1U;
   }
   uint32_t ctx[256U] = { 0U };
-  memcpy(ctx, n, (uint32_t)128U * sizeof (uint32_t));
-  memcpy(ctx + (uint32_t)128U, r2, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(ctx, n, 128U * sizeof (uint32_t));
+  memcpy(ctx + 128U, r2, 128U * sizeof (uint32_t));
   uint32_t table[2048U] = { 0U };
   uint32_t tmp[128U] = { 0U };
   uint32_t *t0 = table;
-  uint32_t *t1 = table + (uint32_t)128U;
+  uint32_t *t1 = table + 128U;
   uint32_t *ctx_n0 = ctx;
-  uint32_t *ctx_r20 = ctx + (uint32_t)128U;
+  uint32_t *ctx_r20 = ctx + 128U;
   from(ctx_n0, mu, ctx_r20, t0);
-  memcpy(t1, aM, (uint32_t)128U * sizeof (uint32_t));
+  memcpy(t1, aM, 128U * sizeof (uint32_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint32_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)128U;
+    0U,
+    7U,
+    1U,
+    uint32_t *t11 = table + (i + 1U) * 128U;
     uint32_t *ctx_n1 = ctx;
     amont_sqr(ctx_n1, mu, t11, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)128U,
-      tmp,
-      (uint32_t)128U * sizeof (uint32_t));
-    uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)128U;
+    memcpy(table + (2U * i + 2U) * 128U, tmp, 128U * sizeof (uint32_t));
+    uint32_t *t2 = table + (2U * i + 2U) * 128U;
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, aM, t2, tmp);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)128U,
-      tmp,
-      (uint32_t)128U * sizeof (uint32_t)););
-  if (bBits % (uint32_t)4U != (uint32_t)0U)
+    memcpy(table + (2U * i + 3U) * 128U, tmp, 128U * sizeof (uint32_t)););
+  if (bBits % 4U != 0U)
   {
-    uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, (uint32_t)4U);
-    memcpy(resM, (uint32_t *)table, (uint32_t)128U * sizeof (uint32_t));
+    uint32_t i0 = bBits / 4U * 4U;
+    uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, 4U);
+    memcpy(resM, (uint32_t *)table, 128U * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)128U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * 128U;
+      for (uint32_t i = 0U; i < 128U; i++)
       {
         uint32_t *os = resM;
         uint32_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -803,28 +746,28 @@ exp_consttime_precomp(
   else
   {
     uint32_t *ctx_n = ctx;
-    uint32_t *ctx_r2 = ctx + (uint32_t)128U;
+    uint32_t *ctx_r2 = ctx + 128U;
     from(ctx_n, mu, ctx_r2, resM);
   }
   uint32_t tmp0[128U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+  for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
   {
     KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
+      0U,
+      4U,
+      1U,
       uint32_t *ctx_n = ctx;
       amont_sqr(ctx_n, mu, resM, resM););
-    uint32_t k = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, (uint32_t)4U);
-    memcpy(tmp0, (uint32_t *)table, (uint32_t)128U * sizeof (uint32_t));
+    uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U;
+    uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U);
+    memcpy(tmp0, (uint32_t *)table, 128U * sizeof (uint32_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + (uint32_t)1U);
-      const uint32_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)128U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+      0U,
+      15U,
+      1U,
+      uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + 1U);
+      const uint32_t *res_j = table + (i1 + 1U) * 128U;
+      for (uint32_t i = 0U; i < 128U; i++)
       {
         uint32_t *os = tmp0;
         uint32_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -833,9 +776,7 @@ exp_consttime_precomp(
     uint32_t *ctx_n = ctx;
     amont_mul(ctx_n, mu, resM, tmp0, resM);
   }
-  uint32_t tmp1[256U] = { 0U };
-  memcpy(tmp1, resM, (uint32_t)128U * sizeof (uint32_t));
-  reduction(n, mu, tmp1, res);
+  from(n, mu, resM, res);
 }
 
 static inline void
@@ -900,16 +841,16 @@ Hacl_Bignum4096_32_mod_exp_vartime(
 )
 {
   uint32_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     exp_vartime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
+    memset(res, 0U, 128U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -942,16 +883,16 @@ Hacl_Bignum4096_32_mod_exp_consttime(
 )
 {
   uint32_t is_valid_m = exp_check(n, a, bBits, b);
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     exp_consttime(nBits, n, a, bBits, b, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
+    memset(res, 0U, 128U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 /**
@@ -972,22 +913,22 @@ Write `a ^ (-1) mod n` in `res`.
 bool Hacl_Bignum4096_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t *res)
 {
   uint32_t one[128U] = { 0U };
-  memset(one, 0U, (uint32_t)128U * sizeof (uint32_t));
-  one[0U] = (uint32_t)1U;
-  uint32_t bit0 = n[0U] & (uint32_t)1U;
-  uint32_t m0 = (uint32_t)0U - bit0;
-  uint32_t acc0 = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  memset(one, 0U, 128U * sizeof (uint32_t));
+  one[0U] = 1U;
+  uint32_t bit0 = n[0U] & 1U;
+  uint32_t m0 = 0U - bit0;
+  uint32_t acc0 = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m1 = acc0;
   uint32_t m00 = m0 & m1;
   uint32_t bn_zero[128U] = { 0U };
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t mask = 0xFFFFFFFFU;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -995,55 +936,55 @@ bool Hacl_Bignum4096_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
   uint32_t mask1 = mask;
   uint32_t res10 = mask1;
   uint32_t m10 = res10;
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   uint32_t m2 = acc;
   uint32_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
-  if (is_valid_m == (uint32_t)0xFFFFFFFFU)
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
+  if (is_valid_m == 0xFFFFFFFFU)
   {
     uint32_t n2[128U] = { 0U };
-    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, n[0U], (uint32_t)2U, n2);
-    uint32_t *a1 = n + (uint32_t)1U;
-    uint32_t *res1 = n2 + (uint32_t)1U;
+    uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, n[0U], 2U, n2);
+    uint32_t *a1 = n + 1U;
+    uint32_t *res1 = n2 + 1U;
     uint32_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)31U; i++)
+    for (uint32_t i = 0U; i < 31U; i++)
     {
-      uint32_t t1 = a1[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a1[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a1[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a1[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a1[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
     }
     KRML_MAYBE_FOR3(i,
-      (uint32_t)124U,
-      (uint32_t)127U,
-      (uint32_t)1U,
+      124U,
+      127U,
+      1U,
       uint32_t t1 = a1[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
-    KRML_HOST_IGNORE(c2);
-    exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
+    KRML_MAYBE_UNUSED_VAR(c2);
+    exp_vartime(nBits, n, a, 4096U, n2, res);
   }
   else
   {
-    memset(res, 0U, (uint32_t)128U * sizeof (uint32_t));
+    memset(res, 0U, 128U * sizeof (uint32_t));
   }
-  return is_valid_m == (uint32_t)0xFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFU;
 }
 
 
@@ -1067,16 +1008,16 @@ Heap-allocate and initialize a montgomery context.
 */
 Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 *Hacl_Bignum4096_32_mont_ctx_init(uint32_t *n)
 {
-  uint32_t *r2 = (uint32_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint32_t));
-  uint32_t *n1 = (uint32_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint32_t));
+  uint32_t *r2 = (uint32_t *)KRML_HOST_CALLOC(128U, sizeof (uint32_t));
+  uint32_t *n1 = (uint32_t *)KRML_HOST_CALLOC(128U, sizeof (uint32_t));
   uint32_t *r21 = r2;
   uint32_t *n11 = n1;
-  memcpy(n11, n, (uint32_t)128U * sizeof (uint32_t));
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32((uint32_t)128U, n);
+  memcpy(n11, n, 128U * sizeof (uint32_t));
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(128U, n);
   precompr2(nBits, n, r21);
   uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
-  res = { .len = (uint32_t)128U, .n = n11, .mu = mu, .r2 = r21 };
+  res = { .len = 128U, .n = n11, .mu = mu, .r2 = r21 };
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
   *buf =
     (Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 *)KRML_HOST_MALLOC(sizeof (
@@ -1204,36 +1145,36 @@ Hacl_Bignum4096_32_mod_inv_prime_vartime_precomp(
 {
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 k1 = *k;
   uint32_t n2[128U] = { 0U };
-  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, k1.n[0U], (uint32_t)2U, n2);
-  uint32_t *a1 = k1.n + (uint32_t)1U;
-  uint32_t *res1 = n2 + (uint32_t)1U;
+  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, k1.n[0U], 2U, n2);
+  uint32_t *a1 = k1.n + 1U;
+  uint32_t *res1 = n2 + 1U;
   uint32_t c = c0;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)31U; i++)
+  for (uint32_t i = 0U; i < 31U; i++)
   {
-    uint32_t t1 = a1[(uint32_t)4U * i];
-    uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-    uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-    uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-    uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-    uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-    uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-    uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+    uint32_t t1 = a1[4U * i];
+    uint32_t *res_i0 = res1 + 4U * i;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+    uint32_t t10 = a1[4U * i + 1U];
+    uint32_t *res_i1 = res1 + 4U * i + 1U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+    uint32_t t11 = a1[4U * i + 2U];
+    uint32_t *res_i2 = res1 + 4U * i + 2U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+    uint32_t t12 = a1[4U * i + 3U];
+    uint32_t *res_i = res1 + 4U * i + 3U;
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
   }
   KRML_MAYBE_FOR3(i,
-    (uint32_t)124U,
-    (uint32_t)127U,
-    (uint32_t)1U,
+    124U,
+    127U,
+    1U,
     uint32_t t1 = a1[i];
     uint32_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
-  KRML_HOST_IGNORE(c2);
-  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
+  KRML_MAYBE_UNUSED_VAR(c2);
+  exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, 4096U, n2, res);
 }
 
 
@@ -1255,36 +1196,28 @@ Load a bid-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum4096_32_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint32_t *os = res2;
-    uint32_t u = load32_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)4U);
+    uint32_t u = load32_be(tmp + (bnLen - i - 1U) * 4U);
     uint32_t x = u;
     os[i] = x;
   }
@@ -1304,36 +1237,28 @@ Load a little-endian bignum from memory.
 */
 uint32_t *Hacl_Bignum4096_32_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U <= (uint32_t)1073741823U)
-  )
+  if (len == 0U || !((len - 1U) / 4U + 1U <= 1073741823U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint32_t), (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U);
-  uint32_t
-  *res =
-    (uint32_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U,
-      sizeof (uint32_t));
+  KRML_CHECK_SIZE(sizeof (uint32_t), (len - 1U) / 4U + 1U);
+  uint32_t *res = (uint32_t *)KRML_HOST_CALLOC((len - 1U) / 4U + 1U, sizeof (uint32_t));
   if (res == NULL)
   {
     return res;
   }
   uint32_t *res1 = res;
   uint32_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)4U * bnLen;
+  uint32_t bnLen = (len - 1U) / 4U + 1U;
+  uint32_t tmpLen = 4U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 4U + 1U; i++)
   {
     uint32_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)4U;
+    uint8_t *bj = tmp + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r1 = u;
     uint32_t x = r1;
@@ -1351,10 +1276,10 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  for (uint32_t i = 0U; i < 128U; i++)
   {
-    store32_be(res + i * (uint32_t)4U, b[(uint32_t)128U - i - (uint32_t)1U]);
+    store32_be(res + i * 4U, b[128U - i - 1U]);
   }
 }
 
@@ -1367,10 +1292,10 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  for (uint32_t i = 0U; i < 128U; i++)
   {
-    store32_le(res + i * (uint32_t)4U, b[i]);
+    store32_le(res + i * 4U, b[i]);
   }
 }
 
@@ -1387,12 +1312,12 @@ Returns 2^32 - 1 if a < b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum4096_32_lt_mask(uint32_t *a, uint32_t *b)
 {
-  uint32_t acc = (uint32_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t acc = 0U;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t beq = FStar_UInt32_eq_mask(a[i], b[i]);
     uint32_t blt = ~FStar_UInt32_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint32_t)0xFFFFFFFFU) | (~blt & (uint32_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U)));
   }
   return acc;
 }
@@ -1404,8 +1329,8 @@ Returns 2^32 - 1 if a = b, otherwise returns 0.
 */
 uint32_t Hacl_Bignum4096_32_eq_mask(uint32_t *a, uint32_t *b)
 {
-  uint32_t mask = (uint32_t)0xFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  uint32_t mask = 0xFFFFFFFFU;
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     uint32_t uu____0 = FStar_UInt32_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;
diff --git a/src/msvc/Hacl_Bignum64.c b/src/msvc/Hacl_Bignum64.c
index 9e701c7b..e64b1a54 100644
--- a/src/msvc/Hacl_Bignum64.c
+++ b/src/msvc/Hacl_Bignum64.c
@@ -104,9 +104,9 @@ Write `a * b` in `res`.
 */
 void Hacl_Bignum64_mul(uint32_t len, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, b, tmp, res);
 }
 
@@ -118,9 +118,9 @@ Write `a * a` in `res`.
 */
 void Hacl_Bignum64_sqr(uint32_t len, uint64_t *a, uint64_t *res)
 {
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len);
+  uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t));
+  memset(tmp, 0U, 4U * len * sizeof (uint64_t));
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len, a, tmp, res);
 }
 
@@ -141,61 +141,8 @@ bn_slow_precomp(
   uint64_t *a1 = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
   memset(a1, 0U, (len + len) * sizeof (uint64_t));
   memcpy(a1, a, (len + len) * sizeof (uint64_t));
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < len; i0++)
-  {
-    uint64_t qj = mu * a1[i0];
-    uint64_t *res_j0 = a1 + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
-    {
-      uint64_t a_i = n[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i);
-    }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
-    {
-      uint64_t a_i = n[i];
-      uint64_t *res_i = res_j0 + i;
-      c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i);
-    }
-    uint64_t r = c;
-    uint64_t c1 = r;
-    uint64_t *resb = a1 + len + i0;
-    uint64_t res_j = a1[len + i0];
-    c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb);
-  }
-  memcpy(a_mod, a1 + len, (len + len - len) * sizeof (uint64_t));
-  uint64_t c00 = c0;
-  KRML_CHECK_SIZE(sizeof (uint64_t), len);
-  uint64_t *tmp0 = (uint64_t *)alloca(len * sizeof (uint64_t));
-  memset(tmp0, 0U, len * sizeof (uint64_t));
-  uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, a_mod, n, tmp0);
-  KRML_HOST_IGNORE(c1);
-  uint64_t m = (uint64_t)0U - c00;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
-  {
-    uint64_t *os = a_mod;
-    uint64_t x = (m & tmp0[i]) | (~m & a_mod[i]);
-    os[i] = x;
-  }
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + len);
-  uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t));
-  memset(c, 0U, (len + len) * sizeof (uint64_t));
-  KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)4U * len);
-  uint64_t *tmp = (uint64_t *)alloca((uint32_t)4U * len * sizeof (uint64_t));
-  memset(tmp, 0U, (uint32_t)4U * len * sizeof (uint64_t));
-  Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a_mod, r2, tmp, c);
-  Hacl_Bignum_Montgomery_bn_mont_reduction_u64(len, n, mu, c, res);
+  Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(len, n, mu, a1, a_mod);
+  Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a_mod, res);
 }
 
 /**
@@ -215,20 +162,20 @@ bool Hacl_Bignum64_mod(uint32_t len, uint64_t *n, uint64_t *a, uint64_t *res)
   uint64_t *one = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc;
   uint64_t is_valid_m = m0 & m1;
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t *r2 = (uint64_t *)alloca(len * sizeof (uint64_t));
@@ -241,7 +188,7 @@ bool Hacl_Bignum64_mod(uint32_t len, uint64_t *n, uint64_t *a, uint64_t *res)
   {
     memset(res, 0U, len * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -275,8 +222,8 @@ Hacl_Bignum64_mod_exp_vartime(
 )
 {
   uint64_t is_valid_m = Hacl_Bignum_Exponentiation_bn_check_mod_exp_u64(len, n, a, bBits, b);
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len, nBits, n, a, bBits, b, res);
   }
@@ -284,7 +231,7 @@ Hacl_Bignum64_mod_exp_vartime(
   {
     memset(res, 0U, len * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -318,8 +265,8 @@ Hacl_Bignum64_mod_exp_consttime(
 )
 {
   uint64_t is_valid_m = Hacl_Bignum_Exponentiation_bn_check_mod_exp_u64(len, n, a, bBits, b);
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_u64(len, nBits, n, a, bBits, b, res);
   }
@@ -327,7 +274,7 @@ Hacl_Bignum64_mod_exp_consttime(
   {
     memset(res, 0U, len * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -352,23 +299,23 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
   uint64_t *one = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
   memset(one, 0U, len * sizeof (uint64_t));
-  one[0U] = (uint64_t)1U;
-  uint64_t bit0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bit0;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  one[0U] = 1ULL;
+  uint64_t bit0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bit0;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc0;
   uint64_t m00 = m0 & m1;
   KRML_CHECK_SIZE(sizeof (uint64_t), len);
   uint64_t *bn_zero = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(bn_zero, 0U, len * sizeof (uint64_t));
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -376,53 +323,48 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
   uint64_t mask1 = mask;
   uint64_t res10 = mask1;
   uint64_t m10 = res10;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m2 = acc;
   uint64_t is_valid_m = (m00 & ~m10) & m2;
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
-  if (is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  if (is_valid_m == 0xFFFFFFFFFFFFFFFFULL)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len);
     uint64_t *n2 = (uint64_t *)alloca(len * sizeof (uint64_t));
     memset(n2, 0U, len * sizeof (uint64_t));
-    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, n[0U], (uint64_t)2U, n2);
+    uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, n[0U], 2ULL, n2);
     uint64_t c1;
-    if ((uint32_t)1U < len)
+    if (1U < len)
     {
-      uint64_t *a1 = n + (uint32_t)1U;
-      uint64_t *res1 = n2 + (uint32_t)1U;
+      uint64_t *a1 = n + 1U;
+      uint64_t *res1 = n2 + 1U;
       uint64_t c = c0;
-      for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)4U; i++)
+      for (uint32_t i = 0U; i < (len - 1U) / 4U; i++)
       {
-        uint64_t t1 = a1[(uint32_t)4U * i];
-        uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-        uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-        uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-        uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-        uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-        uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-        uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i);
+        uint64_t t1 = a1[4U * i];
+        uint64_t *res_i0 = res1 + 4U * i;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+        uint64_t t10 = a1[4U * i + 1U];
+        uint64_t *res_i1 = res1 + 4U * i + 1U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+        uint64_t t11 = a1[4U * i + 2U];
+        uint64_t *res_i2 = res1 + 4U * i + 2U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+        uint64_t t12 = a1[4U * i + 3U];
+        uint64_t *res_i = res1 + 4U * i + 3U;
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i);
       }
-      for
-      (uint32_t
-        i = (len - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-        i
-        < len - (uint32_t)1U;
-        i++)
+      for (uint32_t i = (len - 1U) / 4U * 4U; i < len - 1U; i++)
       {
         uint64_t t1 = a1[i];
         uint64_t *res_i = res1 + i;
-        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
+        c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i);
       }
       uint64_t c10 = c;
       c1 = c10;
@@ -431,20 +373,14 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
     {
       c1 = c0;
     }
-    KRML_HOST_IGNORE(c1);
-    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len,
-      nBits,
-      n,
-      a,
-      (uint32_t)64U * len,
-      n2,
-      res);
+    KRML_MAYBE_UNUSED_VAR(c1);
+    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len, nBits, n, a, 64U * len, n2, res);
   }
   else
   {
     memset(res, 0U, len * sizeof (uint64_t));
   }
-  return is_valid_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_valid_m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 
@@ -476,7 +412,7 @@ Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
   uint64_t *r21 = r2;
   uint64_t *n11 = n1;
   memcpy(n11, n, len * sizeof (uint64_t));
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
   Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(len, nBits, n, r21);
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 res = { .len = len, .n = n11, .mu = mu, .r2 = r21 };
@@ -631,38 +567,33 @@ Hacl_Bignum64_mod_inv_prime_vartime_precomp(
   KRML_CHECK_SIZE(sizeof (uint64_t), len1);
   uint64_t *n2 = (uint64_t *)alloca(len1 * sizeof (uint64_t));
   memset(n2, 0U, len1 * sizeof (uint64_t));
-  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, k1.n[0U], (uint64_t)2U, n2);
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, k1.n[0U], 2ULL, n2);
   uint64_t c1;
-  if ((uint32_t)1U < len1)
+  if (1U < len1)
   {
-    uint64_t *a1 = k1.n + (uint32_t)1U;
-    uint64_t *res1 = n2 + (uint32_t)1U;
+    uint64_t *a1 = k1.n + 1U;
+    uint64_t *res1 = n2 + 1U;
     uint64_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (len1 - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (len1 - 1U) / 4U; i++)
     {
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i);
     }
-    for
-    (uint32_t
-      i = (len1 - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < len1 - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (len1 - 1U) / 4U * 4U; i < len1 - 1U; i++)
     {
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c10 = c;
     c1 = c10;
@@ -671,13 +602,13 @@ Hacl_Bignum64_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
-  KRML_HOST_IGNORE(c1);
+  KRML_MAYBE_UNUSED_VAR(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(len1,
     k1.n,
     k1.mu,
     k1.r2,
     a,
-    (uint32_t)64U * len1,
+    64U * len1,
     n2,
     res);
 }
@@ -701,36 +632,28 @@ Load a bid-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum64_new_bn_from_bytes_be(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
     uint64_t *os = res2;
-    uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;
   }
@@ -750,36 +673,28 @@ Load a little-endian bignum from memory.
 */
 uint64_t *Hacl_Bignum64_new_bn_from_bytes_le(uint32_t len, uint8_t *b)
 {
-  if
-  (
-    len
-    == (uint32_t)0U
-    || !((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U <= (uint32_t)536870911U)
-  )
+  if (len == 0U || !((len - 1U) / 8U + 1U <= 536870911U))
   {
     return NULL;
   }
-  KRML_CHECK_SIZE(sizeof (uint64_t), (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U);
-  uint64_t
-  *res =
-    (uint64_t *)KRML_HOST_CALLOC((len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U,
-      sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), (len - 1U) / 8U + 1U);
+  uint64_t *res = (uint64_t *)KRML_HOST_CALLOC((len - 1U) / 8U + 1U, sizeof (uint64_t));
   if (res == NULL)
   {
     return res;
   }
   uint64_t *res1 = res;
   uint64_t *res2 = res1;
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
   memcpy(tmp, b, len * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < (len - 1U) / 8U + 1U; i++)
   {
     uint64_t *os = res2;
-    uint8_t *bj = tmp + i * (uint32_t)8U;
+    uint8_t *bj = tmp + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r1 = u;
     uint64_t x = r1;
@@ -796,14 +711,14 @@ Serialize a bignum into big-endian memory.
 */
 void Hacl_Bignum64_bn_to_bytes_be(uint32_t len, uint64_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store64_be(tmp + i * (uint32_t)8U, b[bnLen - i - (uint32_t)1U]);
+    store64_be(tmp + i * 8U, b[bnLen - i - 1U]);
   }
   memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t));
 }
@@ -816,14 +731,14 @@ Serialize a bignum into little-endian memory.
 */
 void Hacl_Bignum64_bn_to_bytes_le(uint32_t len, uint64_t *b, uint8_t *res)
 {
-  uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t tmpLen = (uint32_t)8U * bnLen;
+  uint32_t bnLen = (len - 1U) / 8U + 1U;
+  uint32_t tmpLen = 8U * bnLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen);
   uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t));
   memset(tmp, 0U, tmpLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < bnLen; i++)
+  for (uint32_t i = 0U; i < bnLen; i++)
   {
-    store64_le(tmp + i * (uint32_t)8U, b[i]);
+    store64_le(tmp + i * 8U, b[i]);
   }
   memcpy(res, tmp, len * sizeof (uint8_t));
 }
@@ -841,12 +756,12 @@ Returns 2^64 - 1 if a < b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum64_lt_mask(uint32_t len, uint64_t *a, uint64_t *b)
 {
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(a[i], b[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(a[i], b[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   return acc;
 }
@@ -858,8 +773,8 @@ Returns 2^64 - 1 if a = b, otherwise returns 0.
 */
 uint64_t Hacl_Bignum64_eq_mask(uint32_t len, uint64_t *a, uint64_t *b)
 {
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;
diff --git a/src/msvc/Hacl_Chacha20.c b/src/msvc/Hacl_Chacha20.c
index 8966e19e..38a5c373 100644
--- a/src/msvc/Hacl_Chacha20.c
+++ b/src/msvc/Hacl_Chacha20.c
@@ -28,7 +28,7 @@
 const
 uint32_t
 Hacl_Impl_Chacha20_Vec_chacha20_constants[4U] =
-  { (uint32_t)0x61707865U, (uint32_t)0x3320646eU, (uint32_t)0x79622d32U, (uint32_t)0x6b206574U };
+  { 0x61707865U, 0x3320646eU, 0x79622d32U, 0x6b206574U };
 
 static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t c, uint32_t d)
 {
@@ -37,7 +37,7 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t std0 = st[d];
   uint32_t sta10 = sta + stb0;
   uint32_t std10 = std0 ^ sta10;
-  uint32_t std2 = std10 << (uint32_t)16U | std10 >> (uint32_t)16U;
+  uint32_t std2 = std10 << 16U | std10 >> 16U;
   st[a] = sta10;
   st[d] = std2;
   uint32_t sta0 = st[c];
@@ -45,7 +45,7 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t std3 = st[b];
   uint32_t sta11 = sta0 + stb1;
   uint32_t std11 = std3 ^ sta11;
-  uint32_t std20 = std11 << (uint32_t)12U | std11 >> (uint32_t)20U;
+  uint32_t std20 = std11 << 12U | std11 >> 20U;
   st[c] = sta11;
   st[b] = std20;
   uint32_t sta2 = st[a];
@@ -53,7 +53,7 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t std4 = st[d];
   uint32_t sta12 = sta2 + stb2;
   uint32_t std12 = std4 ^ sta12;
-  uint32_t std21 = std12 << (uint32_t)8U | std12 >> (uint32_t)24U;
+  uint32_t std21 = std12 << 8U | std12 >> 24U;
   st[a] = sta12;
   st[d] = std21;
   uint32_t sta3 = st[c];
@@ -61,21 +61,21 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t std = st[b];
   uint32_t sta1 = sta3 + stb;
   uint32_t std1 = std ^ sta1;
-  uint32_t std22 = std1 << (uint32_t)7U | std1 >> (uint32_t)25U;
+  uint32_t std22 = std1 << 7U | std1 >> 25U;
   st[c] = sta1;
   st[b] = std22;
 }
 
 static inline void double_round(uint32_t *st)
 {
-  quarter_round(st, (uint32_t)0U, (uint32_t)4U, (uint32_t)8U, (uint32_t)12U);
-  quarter_round(st, (uint32_t)1U, (uint32_t)5U, (uint32_t)9U, (uint32_t)13U);
-  quarter_round(st, (uint32_t)2U, (uint32_t)6U, (uint32_t)10U, (uint32_t)14U);
-  quarter_round(st, (uint32_t)3U, (uint32_t)7U, (uint32_t)11U, (uint32_t)15U);
-  quarter_round(st, (uint32_t)0U, (uint32_t)5U, (uint32_t)10U, (uint32_t)15U);
-  quarter_round(st, (uint32_t)1U, (uint32_t)6U, (uint32_t)11U, (uint32_t)12U);
-  quarter_round(st, (uint32_t)2U, (uint32_t)7U, (uint32_t)8U, (uint32_t)13U);
-  quarter_round(st, (uint32_t)3U, (uint32_t)4U, (uint32_t)9U, (uint32_t)14U);
+  quarter_round(st, 0U, 4U, 8U, 12U);
+  quarter_round(st, 1U, 5U, 9U, 13U);
+  quarter_round(st, 2U, 6U, 10U, 14U);
+  quarter_round(st, 3U, 7U, 11U, 15U);
+  quarter_round(st, 0U, 5U, 10U, 15U);
+  quarter_round(st, 1U, 6U, 11U, 12U);
+  quarter_round(st, 2U, 7U, 8U, 13U);
+  quarter_round(st, 3U, 4U, 9U, 14U);
 }
 
 static inline void rounds(uint32_t *st)
@@ -94,14 +94,14 @@ static inline void rounds(uint32_t *st)
 
 static inline void chacha20_core(uint32_t *k, uint32_t *ctx, uint32_t ctr)
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (uint32_t));
+  memcpy(k, ctx, 16U * sizeof (uint32_t));
   uint32_t ctr_u32 = ctr;
   k[12U] = k[12U] + ctr_u32;
   rounds(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = k;
     uint32_t x = k[i] + ctx[i];
     os[i] = x;);
@@ -110,35 +110,34 @@ static inline void chacha20_core(uint32_t *k, uint32_t *ctx, uint32_t ctr)
 
 static const
 uint32_t
-chacha20_constants[4U] =
-  { (uint32_t)0x61707865U, (uint32_t)0x3320646eU, (uint32_t)0x79622d32U, (uint32_t)0x6b206574U };
+chacha20_constants[4U] = { 0x61707865U, 0x3320646eU, 0x79622d32U, 0x6b206574U };
 
 void Hacl_Impl_Chacha20_chacha20_init(uint32_t *ctx, uint8_t *k, uint8_t *n, uint32_t ctr)
 {
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = ctx;
     uint32_t x = chacha20_constants[i];
     os[i] = x;);
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = ctx + (uint32_t)4U;
-    uint8_t *bj = k + i * (uint32_t)4U;
+    0U,
+    8U,
+    1U,
+    uint32_t *os = ctx + 4U;
+    uint8_t *bj = k + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   ctx[12U] = ctr;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
-    uint32_t *os = ctx + (uint32_t)13U;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    0U,
+    3U,
+    1U,
+    uint32_t *os = ctx + 13U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
@@ -151,27 +150,23 @@ static void chacha20_encrypt_block(uint32_t *ctx, uint8_t *out, uint32_t incr, u
   chacha20_core(k, ctx, incr);
   uint32_t bl[16U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = bl;
-    uint8_t *bj = text + i * (uint32_t)4U;
+    uint8_t *bj = text + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = bl;
     uint32_t x = bl[i] ^ k[i];
     os[i] = x;);
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    store32_le(out + i * (uint32_t)4U, bl[i]););
+  KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(out + i * 4U, bl[i]););
 }
 
 static inline void
@@ -186,16 +181,16 @@ chacha20_encrypt_last(uint32_t *ctx, uint32_t len, uint8_t *out, uint32_t incr,
 void
 Hacl_Impl_Chacha20_chacha20_update(uint32_t *ctx, uint32_t len, uint8_t *out, uint8_t *text)
 {
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    chacha20_encrypt_block(ctx, out + i * (uint32_t)64U, i, text + i * (uint32_t)64U);
+    chacha20_encrypt_block(ctx, out + i * 64U, i, text + i * 64U);
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    chacha20_encrypt_last(ctx, rem, out + nb * (uint32_t)64U, nb, text + nb * (uint32_t)64U);
+    chacha20_encrypt_last(ctx, rem, out + nb * 64U, nb, text + nb * 64U);
   }
 }
 
diff --git a/src/msvc/Hacl_Chacha20_Vec128.c b/src/msvc/Hacl_Chacha20_Vec128.c
index 1e0c4ec1..deab1dfc 100644
--- a/src/msvc/Hacl_Chacha20_Vec128.c
+++ b/src/msvc/Hacl_Chacha20_Vec128.c
@@ -32,100 +32,100 @@ static inline void double_round_128(Lib_IntVector_Intrinsics_vec128 *st)
 {
   st[0U] = Lib_IntVector_Intrinsics_vec128_add32(st[0U], st[4U]);
   Lib_IntVector_Intrinsics_vec128 std = Lib_IntVector_Intrinsics_vec128_xor(st[12U], st[0U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std, (uint32_t)16U);
+  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std, 16U);
   st[8U] = Lib_IntVector_Intrinsics_vec128_add32(st[8U], st[12U]);
   Lib_IntVector_Intrinsics_vec128 std0 = Lib_IntVector_Intrinsics_vec128_xor(st[4U], st[8U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std0, (uint32_t)12U);
+  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std0, 12U);
   st[0U] = Lib_IntVector_Intrinsics_vec128_add32(st[0U], st[4U]);
   Lib_IntVector_Intrinsics_vec128 std1 = Lib_IntVector_Intrinsics_vec128_xor(st[12U], st[0U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std1, (uint32_t)8U);
+  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std1, 8U);
   st[8U] = Lib_IntVector_Intrinsics_vec128_add32(st[8U], st[12U]);
   Lib_IntVector_Intrinsics_vec128 std2 = Lib_IntVector_Intrinsics_vec128_xor(st[4U], st[8U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std2, (uint32_t)7U);
+  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std2, 7U);
   st[1U] = Lib_IntVector_Intrinsics_vec128_add32(st[1U], st[5U]);
   Lib_IntVector_Intrinsics_vec128 std3 = Lib_IntVector_Intrinsics_vec128_xor(st[13U], st[1U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std3, (uint32_t)16U);
+  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std3, 16U);
   st[9U] = Lib_IntVector_Intrinsics_vec128_add32(st[9U], st[13U]);
   Lib_IntVector_Intrinsics_vec128 std4 = Lib_IntVector_Intrinsics_vec128_xor(st[5U], st[9U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std4, (uint32_t)12U);
+  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std4, 12U);
   st[1U] = Lib_IntVector_Intrinsics_vec128_add32(st[1U], st[5U]);
   Lib_IntVector_Intrinsics_vec128 std5 = Lib_IntVector_Intrinsics_vec128_xor(st[13U], st[1U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std5, (uint32_t)8U);
+  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std5, 8U);
   st[9U] = Lib_IntVector_Intrinsics_vec128_add32(st[9U], st[13U]);
   Lib_IntVector_Intrinsics_vec128 std6 = Lib_IntVector_Intrinsics_vec128_xor(st[5U], st[9U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std6, (uint32_t)7U);
+  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std6, 7U);
   st[2U] = Lib_IntVector_Intrinsics_vec128_add32(st[2U], st[6U]);
   Lib_IntVector_Intrinsics_vec128 std7 = Lib_IntVector_Intrinsics_vec128_xor(st[14U], st[2U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std7, (uint32_t)16U);
+  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std7, 16U);
   st[10U] = Lib_IntVector_Intrinsics_vec128_add32(st[10U], st[14U]);
   Lib_IntVector_Intrinsics_vec128 std8 = Lib_IntVector_Intrinsics_vec128_xor(st[6U], st[10U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std8, (uint32_t)12U);
+  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std8, 12U);
   st[2U] = Lib_IntVector_Intrinsics_vec128_add32(st[2U], st[6U]);
   Lib_IntVector_Intrinsics_vec128 std9 = Lib_IntVector_Intrinsics_vec128_xor(st[14U], st[2U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std9, (uint32_t)8U);
+  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std9, 8U);
   st[10U] = Lib_IntVector_Intrinsics_vec128_add32(st[10U], st[14U]);
   Lib_IntVector_Intrinsics_vec128 std10 = Lib_IntVector_Intrinsics_vec128_xor(st[6U], st[10U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std10, (uint32_t)7U);
+  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std10, 7U);
   st[3U] = Lib_IntVector_Intrinsics_vec128_add32(st[3U], st[7U]);
   Lib_IntVector_Intrinsics_vec128 std11 = Lib_IntVector_Intrinsics_vec128_xor(st[15U], st[3U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std11, (uint32_t)16U);
+  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std11, 16U);
   st[11U] = Lib_IntVector_Intrinsics_vec128_add32(st[11U], st[15U]);
   Lib_IntVector_Intrinsics_vec128 std12 = Lib_IntVector_Intrinsics_vec128_xor(st[7U], st[11U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std12, (uint32_t)12U);
+  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std12, 12U);
   st[3U] = Lib_IntVector_Intrinsics_vec128_add32(st[3U], st[7U]);
   Lib_IntVector_Intrinsics_vec128 std13 = Lib_IntVector_Intrinsics_vec128_xor(st[15U], st[3U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std13, (uint32_t)8U);
+  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std13, 8U);
   st[11U] = Lib_IntVector_Intrinsics_vec128_add32(st[11U], st[15U]);
   Lib_IntVector_Intrinsics_vec128 std14 = Lib_IntVector_Intrinsics_vec128_xor(st[7U], st[11U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std14, (uint32_t)7U);
+  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std14, 7U);
   st[0U] = Lib_IntVector_Intrinsics_vec128_add32(st[0U], st[5U]);
   Lib_IntVector_Intrinsics_vec128 std15 = Lib_IntVector_Intrinsics_vec128_xor(st[15U], st[0U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std15, (uint32_t)16U);
+  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std15, 16U);
   st[10U] = Lib_IntVector_Intrinsics_vec128_add32(st[10U], st[15U]);
   Lib_IntVector_Intrinsics_vec128 std16 = Lib_IntVector_Intrinsics_vec128_xor(st[5U], st[10U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std16, (uint32_t)12U);
+  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std16, 12U);
   st[0U] = Lib_IntVector_Intrinsics_vec128_add32(st[0U], st[5U]);
   Lib_IntVector_Intrinsics_vec128 std17 = Lib_IntVector_Intrinsics_vec128_xor(st[15U], st[0U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std17, (uint32_t)8U);
+  st[15U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std17, 8U);
   st[10U] = Lib_IntVector_Intrinsics_vec128_add32(st[10U], st[15U]);
   Lib_IntVector_Intrinsics_vec128 std18 = Lib_IntVector_Intrinsics_vec128_xor(st[5U], st[10U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std18, (uint32_t)7U);
+  st[5U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std18, 7U);
   st[1U] = Lib_IntVector_Intrinsics_vec128_add32(st[1U], st[6U]);
   Lib_IntVector_Intrinsics_vec128 std19 = Lib_IntVector_Intrinsics_vec128_xor(st[12U], st[1U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std19, (uint32_t)16U);
+  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std19, 16U);
   st[11U] = Lib_IntVector_Intrinsics_vec128_add32(st[11U], st[12U]);
   Lib_IntVector_Intrinsics_vec128 std20 = Lib_IntVector_Intrinsics_vec128_xor(st[6U], st[11U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std20, (uint32_t)12U);
+  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std20, 12U);
   st[1U] = Lib_IntVector_Intrinsics_vec128_add32(st[1U], st[6U]);
   Lib_IntVector_Intrinsics_vec128 std21 = Lib_IntVector_Intrinsics_vec128_xor(st[12U], st[1U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std21, (uint32_t)8U);
+  st[12U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std21, 8U);
   st[11U] = Lib_IntVector_Intrinsics_vec128_add32(st[11U], st[12U]);
   Lib_IntVector_Intrinsics_vec128 std22 = Lib_IntVector_Intrinsics_vec128_xor(st[6U], st[11U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std22, (uint32_t)7U);
+  st[6U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std22, 7U);
   st[2U] = Lib_IntVector_Intrinsics_vec128_add32(st[2U], st[7U]);
   Lib_IntVector_Intrinsics_vec128 std23 = Lib_IntVector_Intrinsics_vec128_xor(st[13U], st[2U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std23, (uint32_t)16U);
+  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std23, 16U);
   st[8U] = Lib_IntVector_Intrinsics_vec128_add32(st[8U], st[13U]);
   Lib_IntVector_Intrinsics_vec128 std24 = Lib_IntVector_Intrinsics_vec128_xor(st[7U], st[8U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std24, (uint32_t)12U);
+  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std24, 12U);
   st[2U] = Lib_IntVector_Intrinsics_vec128_add32(st[2U], st[7U]);
   Lib_IntVector_Intrinsics_vec128 std25 = Lib_IntVector_Intrinsics_vec128_xor(st[13U], st[2U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std25, (uint32_t)8U);
+  st[13U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std25, 8U);
   st[8U] = Lib_IntVector_Intrinsics_vec128_add32(st[8U], st[13U]);
   Lib_IntVector_Intrinsics_vec128 std26 = Lib_IntVector_Intrinsics_vec128_xor(st[7U], st[8U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std26, (uint32_t)7U);
+  st[7U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std26, 7U);
   st[3U] = Lib_IntVector_Intrinsics_vec128_add32(st[3U], st[4U]);
   Lib_IntVector_Intrinsics_vec128 std27 = Lib_IntVector_Intrinsics_vec128_xor(st[14U], st[3U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std27, (uint32_t)16U);
+  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std27, 16U);
   st[9U] = Lib_IntVector_Intrinsics_vec128_add32(st[9U], st[14U]);
   Lib_IntVector_Intrinsics_vec128 std28 = Lib_IntVector_Intrinsics_vec128_xor(st[4U], st[9U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std28, (uint32_t)12U);
+  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std28, 12U);
   st[3U] = Lib_IntVector_Intrinsics_vec128_add32(st[3U], st[4U]);
   Lib_IntVector_Intrinsics_vec128 std29 = Lib_IntVector_Intrinsics_vec128_xor(st[14U], st[3U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std29, (uint32_t)8U);
+  st[14U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std29, 8U);
   st[9U] = Lib_IntVector_Intrinsics_vec128_add32(st[9U], st[14U]);
   Lib_IntVector_Intrinsics_vec128 std30 = Lib_IntVector_Intrinsics_vec128_xor(st[4U], st[9U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std30, (uint32_t)7U);
+  st[4U] = Lib_IntVector_Intrinsics_vec128_rotate_left32(std30, 7U);
 }
 
 static inline void
@@ -135,8 +135,8 @@ chacha20_core_128(
   uint32_t ctr
 )
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  uint32_t ctr_u32 = (uint32_t)4U * ctr;
+  memcpy(k, ctx, 16U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  uint32_t ctr_u32 = 4U * ctr;
   Lib_IntVector_Intrinsics_vec128 cv = Lib_IntVector_Intrinsics_vec128_load32(ctr_u32);
   k[12U] = Lib_IntVector_Intrinsics_vec128_add32(k[12U], cv);
   double_round_128(k);
@@ -150,9 +150,9 @@ chacha20_core_128(
   double_round_128(k);
   double_round_128(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = k;
     Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_add32(k[i], ctx[i]);
     os[i] = x;);
@@ -164,47 +164,42 @@ chacha20_init_128(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *k, uint8_t *n,
 {
   uint32_t ctx1[16U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = ctx1;
     uint32_t x = Hacl_Impl_Chacha20_Vec_chacha20_constants[i];
     os[i] = x;);
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)4U;
-    uint8_t *bj = k + i * (uint32_t)4U;
+    0U,
+    8U,
+    1U,
+    uint32_t *os = ctx1 + 4U;
+    uint8_t *bj = k + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   ctx1[12U] = ctr;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)13U;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    0U,
+    3U,
+    1U,
+    uint32_t *os = ctx1 + 13U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = ctx;
     uint32_t x = ctx1[i];
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_load32(x);
     os[i] = x0;);
-  Lib_IntVector_Intrinsics_vec128
-  ctr1 =
-    Lib_IntVector_Intrinsics_vec128_load32s((uint32_t)0U,
-      (uint32_t)1U,
-      (uint32_t)2U,
-      (uint32_t)3U);
+  Lib_IntVector_Intrinsics_vec128 ctr1 = Lib_IntVector_Intrinsics_vec128_load32s(0U, 1U, 2U, 3U);
   Lib_IntVector_Intrinsics_vec128 c12 = ctx[12U];
   ctx[12U] = Lib_IntVector_Intrinsics_vec128_add32(c12, ctr1);
 }
@@ -221,13 +216,13 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ctx[16U] KRML_POST_ALIGN(16) = { 0U };
   chacha20_init_128(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)256U;
-  uint32_t nb = len / (uint32_t)256U;
-  uint32_t rem1 = len % (uint32_t)256U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 256U;
+  uint32_t nb = len / 256U;
+  uint32_t rem1 = len % 256U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *uu____0 = out + i * (uint32_t)256U;
-    uint8_t *uu____1 = text + i * (uint32_t)256U;
+    uint8_t *uu____0 = out + i * 256U;
+    uint8_t *uu____1 = text + i * 256U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, i);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -359,19 +354,19 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
     k[14U] = v11;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i0,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec128
-      x = Lib_IntVector_Intrinsics_vec128_load32_le(uu____1 + i0 * (uint32_t)16U);
+      x = Lib_IntVector_Intrinsics_vec128_load32_le(uu____1 + i0 * 16U);
       Lib_IntVector_Intrinsics_vec128 y = Lib_IntVector_Intrinsics_vec128_xor(x, k[i0]);
-      Lib_IntVector_Intrinsics_vec128_store32_le(uu____0 + i0 * (uint32_t)16U, y););
+      Lib_IntVector_Intrinsics_vec128_store32_le(uu____0 + i0 * 16U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)256U;
+    uint8_t *uu____2 = out + nb * 256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, text + nb * (uint32_t)256U, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * 256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -503,13 +498,13 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
     k[14U] = v11;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec128
-      x = Lib_IntVector_Intrinsics_vec128_load32_le(plain + i * (uint32_t)16U);
+      x = Lib_IntVector_Intrinsics_vec128_load32_le(plain + i * 16U);
       Lib_IntVector_Intrinsics_vec128 y = Lib_IntVector_Intrinsics_vec128_xor(x, k[i]);
-      Lib_IntVector_Intrinsics_vec128_store32_le(plain + i * (uint32_t)16U, y););
+      Lib_IntVector_Intrinsics_vec128_store32_le(plain + i * 16U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -526,13 +521,13 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ctx[16U] KRML_POST_ALIGN(16) = { 0U };
   chacha20_init_128(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)256U;
-  uint32_t nb = len / (uint32_t)256U;
-  uint32_t rem1 = len % (uint32_t)256U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 256U;
+  uint32_t nb = len / 256U;
+  uint32_t rem1 = len % 256U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *uu____0 = out + i * (uint32_t)256U;
-    uint8_t *uu____1 = cipher + i * (uint32_t)256U;
+    uint8_t *uu____0 = out + i * 256U;
+    uint8_t *uu____1 = cipher + i * 256U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, i);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -664,19 +659,19 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
     k[14U] = v11;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i0,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec128
-      x = Lib_IntVector_Intrinsics_vec128_load32_le(uu____1 + i0 * (uint32_t)16U);
+      x = Lib_IntVector_Intrinsics_vec128_load32_le(uu____1 + i0 * 16U);
       Lib_IntVector_Intrinsics_vec128 y = Lib_IntVector_Intrinsics_vec128_xor(x, k[i0]);
-      Lib_IntVector_Intrinsics_vec128_store32_le(uu____0 + i0 * (uint32_t)16U, y););
+      Lib_IntVector_Intrinsics_vec128_store32_le(uu____0 + i0 * 16U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)256U;
+    uint8_t *uu____2 = out + nb * 256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, cipher + nb * (uint32_t)256U, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * 256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -808,13 +803,13 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
     k[14U] = v11;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec128
-      x = Lib_IntVector_Intrinsics_vec128_load32_le(plain + i * (uint32_t)16U);
+      x = Lib_IntVector_Intrinsics_vec128_load32_le(plain + i * 16U);
       Lib_IntVector_Intrinsics_vec128 y = Lib_IntVector_Intrinsics_vec128_xor(x, k[i]);
-      Lib_IntVector_Intrinsics_vec128_store32_le(plain + i * (uint32_t)16U, y););
+      Lib_IntVector_Intrinsics_vec128_store32_le(plain + i * 16U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
diff --git a/src/msvc/Hacl_Chacha20_Vec256.c b/src/msvc/Hacl_Chacha20_Vec256.c
index 620f5040..e61a7cfe 100644
--- a/src/msvc/Hacl_Chacha20_Vec256.c
+++ b/src/msvc/Hacl_Chacha20_Vec256.c
@@ -32,100 +32,100 @@ static inline void double_round_256(Lib_IntVector_Intrinsics_vec256 *st)
 {
   st[0U] = Lib_IntVector_Intrinsics_vec256_add32(st[0U], st[4U]);
   Lib_IntVector_Intrinsics_vec256 std = Lib_IntVector_Intrinsics_vec256_xor(st[12U], st[0U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std, (uint32_t)16U);
+  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std, 16U);
   st[8U] = Lib_IntVector_Intrinsics_vec256_add32(st[8U], st[12U]);
   Lib_IntVector_Intrinsics_vec256 std0 = Lib_IntVector_Intrinsics_vec256_xor(st[4U], st[8U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std0, (uint32_t)12U);
+  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std0, 12U);
   st[0U] = Lib_IntVector_Intrinsics_vec256_add32(st[0U], st[4U]);
   Lib_IntVector_Intrinsics_vec256 std1 = Lib_IntVector_Intrinsics_vec256_xor(st[12U], st[0U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std1, (uint32_t)8U);
+  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std1, 8U);
   st[8U] = Lib_IntVector_Intrinsics_vec256_add32(st[8U], st[12U]);
   Lib_IntVector_Intrinsics_vec256 std2 = Lib_IntVector_Intrinsics_vec256_xor(st[4U], st[8U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std2, (uint32_t)7U);
+  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std2, 7U);
   st[1U] = Lib_IntVector_Intrinsics_vec256_add32(st[1U], st[5U]);
   Lib_IntVector_Intrinsics_vec256 std3 = Lib_IntVector_Intrinsics_vec256_xor(st[13U], st[1U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std3, (uint32_t)16U);
+  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std3, 16U);
   st[9U] = Lib_IntVector_Intrinsics_vec256_add32(st[9U], st[13U]);
   Lib_IntVector_Intrinsics_vec256 std4 = Lib_IntVector_Intrinsics_vec256_xor(st[5U], st[9U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std4, (uint32_t)12U);
+  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std4, 12U);
   st[1U] = Lib_IntVector_Intrinsics_vec256_add32(st[1U], st[5U]);
   Lib_IntVector_Intrinsics_vec256 std5 = Lib_IntVector_Intrinsics_vec256_xor(st[13U], st[1U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std5, (uint32_t)8U);
+  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std5, 8U);
   st[9U] = Lib_IntVector_Intrinsics_vec256_add32(st[9U], st[13U]);
   Lib_IntVector_Intrinsics_vec256 std6 = Lib_IntVector_Intrinsics_vec256_xor(st[5U], st[9U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std6, (uint32_t)7U);
+  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std6, 7U);
   st[2U] = Lib_IntVector_Intrinsics_vec256_add32(st[2U], st[6U]);
   Lib_IntVector_Intrinsics_vec256 std7 = Lib_IntVector_Intrinsics_vec256_xor(st[14U], st[2U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std7, (uint32_t)16U);
+  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std7, 16U);
   st[10U] = Lib_IntVector_Intrinsics_vec256_add32(st[10U], st[14U]);
   Lib_IntVector_Intrinsics_vec256 std8 = Lib_IntVector_Intrinsics_vec256_xor(st[6U], st[10U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std8, (uint32_t)12U);
+  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std8, 12U);
   st[2U] = Lib_IntVector_Intrinsics_vec256_add32(st[2U], st[6U]);
   Lib_IntVector_Intrinsics_vec256 std9 = Lib_IntVector_Intrinsics_vec256_xor(st[14U], st[2U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std9, (uint32_t)8U);
+  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std9, 8U);
   st[10U] = Lib_IntVector_Intrinsics_vec256_add32(st[10U], st[14U]);
   Lib_IntVector_Intrinsics_vec256 std10 = Lib_IntVector_Intrinsics_vec256_xor(st[6U], st[10U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std10, (uint32_t)7U);
+  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std10, 7U);
   st[3U] = Lib_IntVector_Intrinsics_vec256_add32(st[3U], st[7U]);
   Lib_IntVector_Intrinsics_vec256 std11 = Lib_IntVector_Intrinsics_vec256_xor(st[15U], st[3U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std11, (uint32_t)16U);
+  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std11, 16U);
   st[11U] = Lib_IntVector_Intrinsics_vec256_add32(st[11U], st[15U]);
   Lib_IntVector_Intrinsics_vec256 std12 = Lib_IntVector_Intrinsics_vec256_xor(st[7U], st[11U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std12, (uint32_t)12U);
+  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std12, 12U);
   st[3U] = Lib_IntVector_Intrinsics_vec256_add32(st[3U], st[7U]);
   Lib_IntVector_Intrinsics_vec256 std13 = Lib_IntVector_Intrinsics_vec256_xor(st[15U], st[3U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std13, (uint32_t)8U);
+  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std13, 8U);
   st[11U] = Lib_IntVector_Intrinsics_vec256_add32(st[11U], st[15U]);
   Lib_IntVector_Intrinsics_vec256 std14 = Lib_IntVector_Intrinsics_vec256_xor(st[7U], st[11U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std14, (uint32_t)7U);
+  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std14, 7U);
   st[0U] = Lib_IntVector_Intrinsics_vec256_add32(st[0U], st[5U]);
   Lib_IntVector_Intrinsics_vec256 std15 = Lib_IntVector_Intrinsics_vec256_xor(st[15U], st[0U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std15, (uint32_t)16U);
+  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std15, 16U);
   st[10U] = Lib_IntVector_Intrinsics_vec256_add32(st[10U], st[15U]);
   Lib_IntVector_Intrinsics_vec256 std16 = Lib_IntVector_Intrinsics_vec256_xor(st[5U], st[10U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std16, (uint32_t)12U);
+  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std16, 12U);
   st[0U] = Lib_IntVector_Intrinsics_vec256_add32(st[0U], st[5U]);
   Lib_IntVector_Intrinsics_vec256 std17 = Lib_IntVector_Intrinsics_vec256_xor(st[15U], st[0U]);
-  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std17, (uint32_t)8U);
+  st[15U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std17, 8U);
   st[10U] = Lib_IntVector_Intrinsics_vec256_add32(st[10U], st[15U]);
   Lib_IntVector_Intrinsics_vec256 std18 = Lib_IntVector_Intrinsics_vec256_xor(st[5U], st[10U]);
-  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std18, (uint32_t)7U);
+  st[5U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std18, 7U);
   st[1U] = Lib_IntVector_Intrinsics_vec256_add32(st[1U], st[6U]);
   Lib_IntVector_Intrinsics_vec256 std19 = Lib_IntVector_Intrinsics_vec256_xor(st[12U], st[1U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std19, (uint32_t)16U);
+  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std19, 16U);
   st[11U] = Lib_IntVector_Intrinsics_vec256_add32(st[11U], st[12U]);
   Lib_IntVector_Intrinsics_vec256 std20 = Lib_IntVector_Intrinsics_vec256_xor(st[6U], st[11U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std20, (uint32_t)12U);
+  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std20, 12U);
   st[1U] = Lib_IntVector_Intrinsics_vec256_add32(st[1U], st[6U]);
   Lib_IntVector_Intrinsics_vec256 std21 = Lib_IntVector_Intrinsics_vec256_xor(st[12U], st[1U]);
-  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std21, (uint32_t)8U);
+  st[12U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std21, 8U);
   st[11U] = Lib_IntVector_Intrinsics_vec256_add32(st[11U], st[12U]);
   Lib_IntVector_Intrinsics_vec256 std22 = Lib_IntVector_Intrinsics_vec256_xor(st[6U], st[11U]);
-  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std22, (uint32_t)7U);
+  st[6U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std22, 7U);
   st[2U] = Lib_IntVector_Intrinsics_vec256_add32(st[2U], st[7U]);
   Lib_IntVector_Intrinsics_vec256 std23 = Lib_IntVector_Intrinsics_vec256_xor(st[13U], st[2U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std23, (uint32_t)16U);
+  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std23, 16U);
   st[8U] = Lib_IntVector_Intrinsics_vec256_add32(st[8U], st[13U]);
   Lib_IntVector_Intrinsics_vec256 std24 = Lib_IntVector_Intrinsics_vec256_xor(st[7U], st[8U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std24, (uint32_t)12U);
+  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std24, 12U);
   st[2U] = Lib_IntVector_Intrinsics_vec256_add32(st[2U], st[7U]);
   Lib_IntVector_Intrinsics_vec256 std25 = Lib_IntVector_Intrinsics_vec256_xor(st[13U], st[2U]);
-  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std25, (uint32_t)8U);
+  st[13U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std25, 8U);
   st[8U] = Lib_IntVector_Intrinsics_vec256_add32(st[8U], st[13U]);
   Lib_IntVector_Intrinsics_vec256 std26 = Lib_IntVector_Intrinsics_vec256_xor(st[7U], st[8U]);
-  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std26, (uint32_t)7U);
+  st[7U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std26, 7U);
   st[3U] = Lib_IntVector_Intrinsics_vec256_add32(st[3U], st[4U]);
   Lib_IntVector_Intrinsics_vec256 std27 = Lib_IntVector_Intrinsics_vec256_xor(st[14U], st[3U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std27, (uint32_t)16U);
+  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std27, 16U);
   st[9U] = Lib_IntVector_Intrinsics_vec256_add32(st[9U], st[14U]);
   Lib_IntVector_Intrinsics_vec256 std28 = Lib_IntVector_Intrinsics_vec256_xor(st[4U], st[9U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std28, (uint32_t)12U);
+  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std28, 12U);
   st[3U] = Lib_IntVector_Intrinsics_vec256_add32(st[3U], st[4U]);
   Lib_IntVector_Intrinsics_vec256 std29 = Lib_IntVector_Intrinsics_vec256_xor(st[14U], st[3U]);
-  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std29, (uint32_t)8U);
+  st[14U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std29, 8U);
   st[9U] = Lib_IntVector_Intrinsics_vec256_add32(st[9U], st[14U]);
   Lib_IntVector_Intrinsics_vec256 std30 = Lib_IntVector_Intrinsics_vec256_xor(st[4U], st[9U]);
-  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std30, (uint32_t)7U);
+  st[4U] = Lib_IntVector_Intrinsics_vec256_rotate_left32(std30, 7U);
 }
 
 static inline void
@@ -135,8 +135,8 @@ chacha20_core_256(
   uint32_t ctr
 )
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  uint32_t ctr_u32 = (uint32_t)8U * ctr;
+  memcpy(k, ctx, 16U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  uint32_t ctr_u32 = 8U * ctr;
   Lib_IntVector_Intrinsics_vec256 cv = Lib_IntVector_Intrinsics_vec256_load32(ctr_u32);
   k[12U] = Lib_IntVector_Intrinsics_vec256_add32(k[12U], cv);
   double_round_256(k);
@@ -150,9 +150,9 @@ chacha20_core_256(
   double_round_256(k);
   double_round_256(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = k;
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_add32(k[i], ctx[i]);
     os[i] = x;);
@@ -164,51 +164,43 @@ chacha20_init_256(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *k, uint8_t *n,
 {
   uint32_t ctx1[16U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = ctx1;
     uint32_t x = Hacl_Impl_Chacha20_Vec_chacha20_constants[i];
     os[i] = x;);
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)4U;
-    uint8_t *bj = k + i * (uint32_t)4U;
+    0U,
+    8U,
+    1U,
+    uint32_t *os = ctx1 + 4U;
+    uint8_t *bj = k + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   ctx1[12U] = ctr;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)13U;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    0U,
+    3U,
+    1U,
+    uint32_t *os = ctx1 + 13U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = ctx;
     uint32_t x = ctx1[i];
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_load32(x);
     os[i] = x0;);
   Lib_IntVector_Intrinsics_vec256
-  ctr1 =
-    Lib_IntVector_Intrinsics_vec256_load32s((uint32_t)0U,
-      (uint32_t)1U,
-      (uint32_t)2U,
-      (uint32_t)3U,
-      (uint32_t)4U,
-      (uint32_t)5U,
-      (uint32_t)6U,
-      (uint32_t)7U);
+  ctr1 = Lib_IntVector_Intrinsics_vec256_load32s(0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U);
   Lib_IntVector_Intrinsics_vec256 c12 = ctx[12U];
   ctx[12U] = Lib_IntVector_Intrinsics_vec256_add32(c12, ctr1);
 }
@@ -225,13 +217,13 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ctx[16U] KRML_POST_ALIGN(32) = { 0U };
   chacha20_init_256(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)512U;
-  uint32_t nb = len / (uint32_t)512U;
-  uint32_t rem1 = len % (uint32_t)512U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 512U;
+  uint32_t nb = len / 512U;
+  uint32_t rem1 = len % 512U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *uu____0 = out + i * (uint32_t)512U;
-    uint8_t *uu____1 = text + i * (uint32_t)512U;
+    uint8_t *uu____0 = out + i * 512U;
+    uint8_t *uu____1 = text + i * 512U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, i);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -459,19 +451,19 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
     k[14U] = v7;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i0,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec256
-      x = Lib_IntVector_Intrinsics_vec256_load32_le(uu____1 + i0 * (uint32_t)32U);
+      x = Lib_IntVector_Intrinsics_vec256_load32_le(uu____1 + i0 * 32U);
       Lib_IntVector_Intrinsics_vec256 y = Lib_IntVector_Intrinsics_vec256_xor(x, k[i0]);
-      Lib_IntVector_Intrinsics_vec256_store32_le(uu____0 + i0 * (uint32_t)32U, y););
+      Lib_IntVector_Intrinsics_vec256_store32_le(uu____0 + i0 * 32U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)512U;
+    uint8_t *uu____2 = out + nb * 512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, text + nb * (uint32_t)512U, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * 512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -699,13 +691,13 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
     k[14U] = v7;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec256
-      x = Lib_IntVector_Intrinsics_vec256_load32_le(plain + i * (uint32_t)32U);
+      x = Lib_IntVector_Intrinsics_vec256_load32_le(plain + i * 32U);
       Lib_IntVector_Intrinsics_vec256 y = Lib_IntVector_Intrinsics_vec256_xor(x, k[i]);
-      Lib_IntVector_Intrinsics_vec256_store32_le(plain + i * (uint32_t)32U, y););
+      Lib_IntVector_Intrinsics_vec256_store32_le(plain + i * 32U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -722,13 +714,13 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ctx[16U] KRML_POST_ALIGN(32) = { 0U };
   chacha20_init_256(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)512U;
-  uint32_t nb = len / (uint32_t)512U;
-  uint32_t rem1 = len % (uint32_t)512U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t rem = len % 512U;
+  uint32_t nb = len / 512U;
+  uint32_t rem1 = len % 512U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *uu____0 = out + i * (uint32_t)512U;
-    uint8_t *uu____1 = cipher + i * (uint32_t)512U;
+    uint8_t *uu____0 = out + i * 512U;
+    uint8_t *uu____1 = cipher + i * 512U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, i);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -956,19 +948,19 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
     k[14U] = v7;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i0,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec256
-      x = Lib_IntVector_Intrinsics_vec256_load32_le(uu____1 + i0 * (uint32_t)32U);
+      x = Lib_IntVector_Intrinsics_vec256_load32_le(uu____1 + i0 * 32U);
       Lib_IntVector_Intrinsics_vec256 y = Lib_IntVector_Intrinsics_vec256_xor(x, k[i0]);
-      Lib_IntVector_Intrinsics_vec256_store32_le(uu____0 + i0 * (uint32_t)32U, y););
+      Lib_IntVector_Intrinsics_vec256_store32_le(uu____0 + i0 * 32U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)512U;
+    uint8_t *uu____2 = out + nb * 512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, cipher + nb * (uint32_t)512U, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * 512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -1196,13 +1188,13 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
     k[14U] = v7;
     k[15U] = v15;
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       Lib_IntVector_Intrinsics_vec256
-      x = Lib_IntVector_Intrinsics_vec256_load32_le(plain + i * (uint32_t)32U);
+      x = Lib_IntVector_Intrinsics_vec256_load32_le(plain + i * 32U);
       Lib_IntVector_Intrinsics_vec256 y = Lib_IntVector_Intrinsics_vec256_xor(x, k[i]);
-      Lib_IntVector_Intrinsics_vec256_store32_le(plain + i * (uint32_t)32U, y););
+      Lib_IntVector_Intrinsics_vec256_store32_le(plain + i * 32U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
diff --git a/src/msvc/Hacl_Chacha20_Vec32.c b/src/msvc/Hacl_Chacha20_Vec32.c
index 2bf4764c..0dce915c 100644
--- a/src/msvc/Hacl_Chacha20_Vec32.c
+++ b/src/msvc/Hacl_Chacha20_Vec32.c
@@ -31,106 +31,106 @@ static inline void double_round_32(uint32_t *st)
 {
   st[0U] = st[0U] + st[4U];
   uint32_t std = st[12U] ^ st[0U];
-  st[12U] = std << (uint32_t)16U | std >> (uint32_t)16U;
+  st[12U] = std << 16U | std >> 16U;
   st[8U] = st[8U] + st[12U];
   uint32_t std0 = st[4U] ^ st[8U];
-  st[4U] = std0 << (uint32_t)12U | std0 >> (uint32_t)20U;
+  st[4U] = std0 << 12U | std0 >> 20U;
   st[0U] = st[0U] + st[4U];
   uint32_t std1 = st[12U] ^ st[0U];
-  st[12U] = std1 << (uint32_t)8U | std1 >> (uint32_t)24U;
+  st[12U] = std1 << 8U | std1 >> 24U;
   st[8U] = st[8U] + st[12U];
   uint32_t std2 = st[4U] ^ st[8U];
-  st[4U] = std2 << (uint32_t)7U | std2 >> (uint32_t)25U;
+  st[4U] = std2 << 7U | std2 >> 25U;
   st[1U] = st[1U] + st[5U];
   uint32_t std3 = st[13U] ^ st[1U];
-  st[13U] = std3 << (uint32_t)16U | std3 >> (uint32_t)16U;
+  st[13U] = std3 << 16U | std3 >> 16U;
   st[9U] = st[9U] + st[13U];
   uint32_t std4 = st[5U] ^ st[9U];
-  st[5U] = std4 << (uint32_t)12U | std4 >> (uint32_t)20U;
+  st[5U] = std4 << 12U | std4 >> 20U;
   st[1U] = st[1U] + st[5U];
   uint32_t std5 = st[13U] ^ st[1U];
-  st[13U] = std5 << (uint32_t)8U | std5 >> (uint32_t)24U;
+  st[13U] = std5 << 8U | std5 >> 24U;
   st[9U] = st[9U] + st[13U];
   uint32_t std6 = st[5U] ^ st[9U];
-  st[5U] = std6 << (uint32_t)7U | std6 >> (uint32_t)25U;
+  st[5U] = std6 << 7U | std6 >> 25U;
   st[2U] = st[2U] + st[6U];
   uint32_t std7 = st[14U] ^ st[2U];
-  st[14U] = std7 << (uint32_t)16U | std7 >> (uint32_t)16U;
+  st[14U] = std7 << 16U | std7 >> 16U;
   st[10U] = st[10U] + st[14U];
   uint32_t std8 = st[6U] ^ st[10U];
-  st[6U] = std8 << (uint32_t)12U | std8 >> (uint32_t)20U;
+  st[6U] = std8 << 12U | std8 >> 20U;
   st[2U] = st[2U] + st[6U];
   uint32_t std9 = st[14U] ^ st[2U];
-  st[14U] = std9 << (uint32_t)8U | std9 >> (uint32_t)24U;
+  st[14U] = std9 << 8U | std9 >> 24U;
   st[10U] = st[10U] + st[14U];
   uint32_t std10 = st[6U] ^ st[10U];
-  st[6U] = std10 << (uint32_t)7U | std10 >> (uint32_t)25U;
+  st[6U] = std10 << 7U | std10 >> 25U;
   st[3U] = st[3U] + st[7U];
   uint32_t std11 = st[15U] ^ st[3U];
-  st[15U] = std11 << (uint32_t)16U | std11 >> (uint32_t)16U;
+  st[15U] = std11 << 16U | std11 >> 16U;
   st[11U] = st[11U] + st[15U];
   uint32_t std12 = st[7U] ^ st[11U];
-  st[7U] = std12 << (uint32_t)12U | std12 >> (uint32_t)20U;
+  st[7U] = std12 << 12U | std12 >> 20U;
   st[3U] = st[3U] + st[7U];
   uint32_t std13 = st[15U] ^ st[3U];
-  st[15U] = std13 << (uint32_t)8U | std13 >> (uint32_t)24U;
+  st[15U] = std13 << 8U | std13 >> 24U;
   st[11U] = st[11U] + st[15U];
   uint32_t std14 = st[7U] ^ st[11U];
-  st[7U] = std14 << (uint32_t)7U | std14 >> (uint32_t)25U;
+  st[7U] = std14 << 7U | std14 >> 25U;
   st[0U] = st[0U] + st[5U];
   uint32_t std15 = st[15U] ^ st[0U];
-  st[15U] = std15 << (uint32_t)16U | std15 >> (uint32_t)16U;
+  st[15U] = std15 << 16U | std15 >> 16U;
   st[10U] = st[10U] + st[15U];
   uint32_t std16 = st[5U] ^ st[10U];
-  st[5U] = std16 << (uint32_t)12U | std16 >> (uint32_t)20U;
+  st[5U] = std16 << 12U | std16 >> 20U;
   st[0U] = st[0U] + st[5U];
   uint32_t std17 = st[15U] ^ st[0U];
-  st[15U] = std17 << (uint32_t)8U | std17 >> (uint32_t)24U;
+  st[15U] = std17 << 8U | std17 >> 24U;
   st[10U] = st[10U] + st[15U];
   uint32_t std18 = st[5U] ^ st[10U];
-  st[5U] = std18 << (uint32_t)7U | std18 >> (uint32_t)25U;
+  st[5U] = std18 << 7U | std18 >> 25U;
   st[1U] = st[1U] + st[6U];
   uint32_t std19 = st[12U] ^ st[1U];
-  st[12U] = std19 << (uint32_t)16U | std19 >> (uint32_t)16U;
+  st[12U] = std19 << 16U | std19 >> 16U;
   st[11U] = st[11U] + st[12U];
   uint32_t std20 = st[6U] ^ st[11U];
-  st[6U] = std20 << (uint32_t)12U | std20 >> (uint32_t)20U;
+  st[6U] = std20 << 12U | std20 >> 20U;
   st[1U] = st[1U] + st[6U];
   uint32_t std21 = st[12U] ^ st[1U];
-  st[12U] = std21 << (uint32_t)8U | std21 >> (uint32_t)24U;
+  st[12U] = std21 << 8U | std21 >> 24U;
   st[11U] = st[11U] + st[12U];
   uint32_t std22 = st[6U] ^ st[11U];
-  st[6U] = std22 << (uint32_t)7U | std22 >> (uint32_t)25U;
+  st[6U] = std22 << 7U | std22 >> 25U;
   st[2U] = st[2U] + st[7U];
   uint32_t std23 = st[13U] ^ st[2U];
-  st[13U] = std23 << (uint32_t)16U | std23 >> (uint32_t)16U;
+  st[13U] = std23 << 16U | std23 >> 16U;
   st[8U] = st[8U] + st[13U];
   uint32_t std24 = st[7U] ^ st[8U];
-  st[7U] = std24 << (uint32_t)12U | std24 >> (uint32_t)20U;
+  st[7U] = std24 << 12U | std24 >> 20U;
   st[2U] = st[2U] + st[7U];
   uint32_t std25 = st[13U] ^ st[2U];
-  st[13U] = std25 << (uint32_t)8U | std25 >> (uint32_t)24U;
+  st[13U] = std25 << 8U | std25 >> 24U;
   st[8U] = st[8U] + st[13U];
   uint32_t std26 = st[7U] ^ st[8U];
-  st[7U] = std26 << (uint32_t)7U | std26 >> (uint32_t)25U;
+  st[7U] = std26 << 7U | std26 >> 25U;
   st[3U] = st[3U] + st[4U];
   uint32_t std27 = st[14U] ^ st[3U];
-  st[14U] = std27 << (uint32_t)16U | std27 >> (uint32_t)16U;
+  st[14U] = std27 << 16U | std27 >> 16U;
   st[9U] = st[9U] + st[14U];
   uint32_t std28 = st[4U] ^ st[9U];
-  st[4U] = std28 << (uint32_t)12U | std28 >> (uint32_t)20U;
+  st[4U] = std28 << 12U | std28 >> 20U;
   st[3U] = st[3U] + st[4U];
   uint32_t std29 = st[14U] ^ st[3U];
-  st[14U] = std29 << (uint32_t)8U | std29 >> (uint32_t)24U;
+  st[14U] = std29 << 8U | std29 >> 24U;
   st[9U] = st[9U] + st[14U];
   uint32_t std30 = st[4U] ^ st[9U];
-  st[4U] = std30 << (uint32_t)7U | std30 >> (uint32_t)25U;
+  st[4U] = std30 << 7U | std30 >> 25U;
 }
 
 static inline void chacha20_core_32(uint32_t *k, uint32_t *ctx, uint32_t ctr)
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (uint32_t));
-  uint32_t ctr_u32 = (uint32_t)1U * ctr;
+  memcpy(k, ctx, 16U * sizeof (uint32_t));
+  uint32_t ctr_u32 = 1U * ctr;
   uint32_t cv = ctr_u32;
   k[12U] = k[12U] + cv;
   double_round_32(k);
@@ -144,9 +144,9 @@ static inline void chacha20_core_32(uint32_t *k, uint32_t *ctx, uint32_t ctr)
   double_round_32(k);
   double_round_32(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = k;
     uint32_t x = k[i] + ctx[i];
     os[i] = x;);
@@ -157,41 +157,41 @@ static inline void chacha20_init_32(uint32_t *ctx, uint8_t *k, uint8_t *n, uint3
 {
   uint32_t ctx1[16U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = ctx1;
     uint32_t x = Hacl_Impl_Chacha20_Vec_chacha20_constants[i];
     os[i] = x;);
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)4U;
-    uint8_t *bj = k + i * (uint32_t)4U;
+    0U,
+    8U,
+    1U,
+    uint32_t *os = ctx1 + 4U;
+    uint8_t *bj = k + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   ctx1[12U] = ctr;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
-    uint32_t *os = ctx1 + (uint32_t)13U;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    0U,
+    3U,
+    1U,
+    uint32_t *os = ctx1 + 13U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = ctx;
     uint32_t x = ctx1[i];
     os[i] = x;);
-  uint32_t ctr1 = (uint32_t)0U;
+  uint32_t ctr1 = 0U;
   uint32_t c12 = ctx[12U];
   ctx[12U] = c12 + ctr1;
 }
@@ -208,39 +208,39 @@ Hacl_Chacha20_Vec32_chacha20_encrypt_32(
 {
   uint32_t ctx[16U] = { 0U };
   chacha20_init_32(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < nb; i0++)
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i0 = 0U; i0 < nb; i0++)
   {
-    uint8_t *uu____0 = out + i0 * (uint32_t)64U;
-    uint8_t *uu____1 = text + i0 * (uint32_t)64U;
+    uint8_t *uu____0 = out + i0 * 64U;
+    uint8_t *uu____1 = text + i0 * 64U;
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, i0);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t u = load32_le(uu____1 + i * (uint32_t)4U);
+      0U,
+      16U,
+      1U,
+      uint32_t u = load32_le(uu____1 + i * 4U);
       uint32_t x = u;
       uint32_t y = x ^ k[i];
-      store32_le(uu____0 + i * (uint32_t)4U, y););
+      store32_le(uu____0 + i * 4U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)64U;
+    uint8_t *uu____2 = out + nb * 64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * 64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t u = load32_le(plain + i * (uint32_t)4U);
+      0U,
+      16U,
+      1U,
+      uint32_t u = load32_le(plain + i * 4U);
       uint32_t x = u;
       uint32_t y = x ^ k[i];
-      store32_le(plain + i * (uint32_t)4U, y););
+      store32_le(plain + i * 4U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -257,39 +257,39 @@ Hacl_Chacha20_Vec32_chacha20_decrypt_32(
 {
   uint32_t ctx[16U] = { 0U };
   chacha20_init_32(ctx, key, n, ctr);
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < nb; i0++)
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i0 = 0U; i0 < nb; i0++)
   {
-    uint8_t *uu____0 = out + i0 * (uint32_t)64U;
-    uint8_t *uu____1 = cipher + i0 * (uint32_t)64U;
+    uint8_t *uu____0 = out + i0 * 64U;
+    uint8_t *uu____1 = cipher + i0 * 64U;
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, i0);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t u = load32_le(uu____1 + i * (uint32_t)4U);
+      0U,
+      16U,
+      1U,
+      uint32_t u = load32_le(uu____1 + i * 4U);
       uint32_t x = u;
       uint32_t y = x ^ k[i];
-      store32_le(uu____0 + i * (uint32_t)4U, y););
+      store32_le(uu____0 + i * 4U, y););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)64U;
+    uint8_t *uu____2 = out + nb * 64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * 64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t u = load32_le(plain + i * (uint32_t)4U);
+      0U,
+      16U,
+      1U,
+      uint32_t u = load32_le(plain + i * 4U);
       uint32_t x = u;
       uint32_t y = x ^ k[i];
-      store32_le(plain + i * (uint32_t)4U, y););
+      store32_le(plain + i * 4U, y););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
diff --git a/src/msvc/Hacl_Curve25519_51.c b/src/msvc/Hacl_Curve25519_51.c
index 64c855cf..ca561e89 100644
--- a/src/msvc/Hacl_Curve25519_51.c
+++ b/src/msvc/Hacl_Curve25519_51.c
@@ -28,38 +28,38 @@
 #include "internal/Hacl_Krmllib.h"
 #include "internal/Hacl_Bignum25519_51.h"
 
-static const uint8_t g25519[32U] = { (uint8_t)9U };
+static const uint8_t g25519[32U] = { 9U };
 
 static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, FStar_UInt128_uint128 *tmp2)
 {
   uint64_t *nq = p01_tmp1;
-  uint64_t *nq_p1 = p01_tmp1 + (uint32_t)10U;
-  uint64_t *tmp1 = p01_tmp1 + (uint32_t)20U;
+  uint64_t *nq_p1 = p01_tmp1 + 10U;
+  uint64_t *tmp1 = p01_tmp1 + 20U;
   uint64_t *x1 = q;
   uint64_t *x2 = nq;
-  uint64_t *z2 = nq + (uint32_t)5U;
-  uint64_t *z3 = nq_p1 + (uint32_t)5U;
+  uint64_t *z2 = nq + 5U;
+  uint64_t *z3 = nq_p1 + 5U;
   uint64_t *a = tmp1;
-  uint64_t *b = tmp1 + (uint32_t)5U;
+  uint64_t *b = tmp1 + 5U;
   uint64_t *ab = tmp1;
-  uint64_t *dc = tmp1 + (uint32_t)10U;
+  uint64_t *dc = tmp1 + 10U;
   Hacl_Impl_Curve25519_Field51_fadd(a, x2, z2);
   Hacl_Impl_Curve25519_Field51_fsub(b, x2, z2);
   uint64_t *x3 = nq_p1;
-  uint64_t *z31 = nq_p1 + (uint32_t)5U;
+  uint64_t *z31 = nq_p1 + 5U;
   uint64_t *d0 = dc;
-  uint64_t *c0 = dc + (uint32_t)5U;
+  uint64_t *c0 = dc + 5U;
   Hacl_Impl_Curve25519_Field51_fadd(c0, x3, z31);
   Hacl_Impl_Curve25519_Field51_fsub(d0, x3, z31);
   Hacl_Impl_Curve25519_Field51_fmul2(dc, dc, ab, tmp2);
   Hacl_Impl_Curve25519_Field51_fadd(x3, d0, c0);
   Hacl_Impl_Curve25519_Field51_fsub(z31, d0, c0);
   uint64_t *a1 = tmp1;
-  uint64_t *b1 = tmp1 + (uint32_t)5U;
-  uint64_t *d = tmp1 + (uint32_t)10U;
-  uint64_t *c = tmp1 + (uint32_t)15U;
+  uint64_t *b1 = tmp1 + 5U;
+  uint64_t *d = tmp1 + 10U;
+  uint64_t *c = tmp1 + 15U;
   uint64_t *ab1 = tmp1;
-  uint64_t *dc1 = tmp1 + (uint32_t)10U;
+  uint64_t *dc1 = tmp1 + 10U;
   Hacl_Impl_Curve25519_Field51_fsqr2(dc1, ab1, tmp2);
   Hacl_Impl_Curve25519_Field51_fsqr2(nq_p1, nq_p1, tmp2);
   a1[0U] = c[0U];
@@ -68,7 +68,7 @@ static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, FStar_UInt128_
   a1[3U] = c[3U];
   a1[4U] = c[4U];
   Hacl_Impl_Curve25519_Field51_fsub(c, d, c);
-  Hacl_Impl_Curve25519_Field51_fmul1(b1, c, (uint64_t)121665U);
+  Hacl_Impl_Curve25519_Field51_fmul1(b1, c, 121665ULL);
   Hacl_Impl_Curve25519_Field51_fadd(b1, b1, d);
   Hacl_Impl_Curve25519_Field51_fmul2(nq, dc1, ab1, tmp2);
   Hacl_Impl_Curve25519_Field51_fmul(z3, z3, x1, tmp2);
@@ -77,13 +77,13 @@ static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, FStar_UInt128_
 static void point_double(uint64_t *nq, uint64_t *tmp1, FStar_UInt128_uint128 *tmp2)
 {
   uint64_t *x2 = nq;
-  uint64_t *z2 = nq + (uint32_t)5U;
+  uint64_t *z2 = nq + 5U;
   uint64_t *a = tmp1;
-  uint64_t *b = tmp1 + (uint32_t)5U;
-  uint64_t *d = tmp1 + (uint32_t)10U;
-  uint64_t *c = tmp1 + (uint32_t)15U;
+  uint64_t *b = tmp1 + 5U;
+  uint64_t *d = tmp1 + 10U;
+  uint64_t *c = tmp1 + 15U;
   uint64_t *ab = tmp1;
-  uint64_t *dc = tmp1 + (uint32_t)10U;
+  uint64_t *dc = tmp1 + 10U;
   Hacl_Impl_Curve25519_Field51_fadd(a, x2, z2);
   Hacl_Impl_Curve25519_Field51_fsub(b, x2, z2);
   Hacl_Impl_Curve25519_Field51_fsqr2(dc, ab, tmp2);
@@ -93,7 +93,7 @@ static void point_double(uint64_t *nq, uint64_t *tmp1, FStar_UInt128_uint128 *tm
   a[3U] = c[3U];
   a[4U] = c[4U];
   Hacl_Impl_Curve25519_Field51_fsub(c, d, c);
-  Hacl_Impl_Curve25519_Field51_fmul1(b, c, (uint64_t)121665U);
+  Hacl_Impl_Curve25519_Field51_fmul1(b, c, 121665ULL);
   Hacl_Impl_Curve25519_Field51_fadd(b, b, d);
   Hacl_Impl_Curve25519_Field51_fmul2(nq, dc, ab, tmp2);
 }
@@ -101,46 +101,41 @@ static void point_double(uint64_t *nq, uint64_t *tmp1, FStar_UInt128_uint128 *tm
 static void montgomery_ladder(uint64_t *out, uint8_t *key, uint64_t *init)
 {
   FStar_UInt128_uint128 tmp2[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp2[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp2[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   uint64_t p01_tmp1_swap[41U] = { 0U };
   uint64_t *p0 = p01_tmp1_swap;
   uint64_t *p01 = p01_tmp1_swap;
   uint64_t *p03 = p01;
-  uint64_t *p11 = p01 + (uint32_t)10U;
-  memcpy(p11, init, (uint32_t)10U * sizeof (uint64_t));
+  uint64_t *p11 = p01 + 10U;
+  memcpy(p11, init, 10U * sizeof (uint64_t));
   uint64_t *x0 = p03;
-  uint64_t *z0 = p03 + (uint32_t)5U;
-  x0[0U] = (uint64_t)1U;
-  x0[1U] = (uint64_t)0U;
-  x0[2U] = (uint64_t)0U;
-  x0[3U] = (uint64_t)0U;
-  x0[4U] = (uint64_t)0U;
-  z0[0U] = (uint64_t)0U;
-  z0[1U] = (uint64_t)0U;
-  z0[2U] = (uint64_t)0U;
-  z0[3U] = (uint64_t)0U;
-  z0[4U] = (uint64_t)0U;
+  uint64_t *z0 = p03 + 5U;
+  x0[0U] = 1ULL;
+  x0[1U] = 0ULL;
+  x0[2U] = 0ULL;
+  x0[3U] = 0ULL;
+  x0[4U] = 0ULL;
+  z0[0U] = 0ULL;
+  z0[1U] = 0ULL;
+  z0[2U] = 0ULL;
+  z0[3U] = 0ULL;
+  z0[4U] = 0ULL;
   uint64_t *p01_tmp1 = p01_tmp1_swap;
   uint64_t *p01_tmp11 = p01_tmp1_swap;
   uint64_t *nq1 = p01_tmp1_swap;
-  uint64_t *nq_p11 = p01_tmp1_swap + (uint32_t)10U;
-  uint64_t *swap = p01_tmp1_swap + (uint32_t)40U;
-  Hacl_Impl_Curve25519_Field51_cswap2((uint64_t)1U, nq1, nq_p11);
+  uint64_t *nq_p11 = p01_tmp1_swap + 10U;
+  uint64_t *swap = p01_tmp1_swap + 40U;
+  Hacl_Impl_Curve25519_Field51_cswap2(1ULL, nq1, nq_p11);
   point_add_and_double(init, p01_tmp11, tmp2);
-  swap[0U] = (uint64_t)1U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)251U; i++)
+  swap[0U] = 1ULL;
+  for (uint32_t i = 0U; i < 251U; i++)
   {
     uint64_t *p01_tmp12 = p01_tmp1_swap;
-    uint64_t *swap1 = p01_tmp1_swap + (uint32_t)40U;
+    uint64_t *swap1 = p01_tmp1_swap + 40U;
     uint64_t *nq2 = p01_tmp12;
-    uint64_t *nq_p12 = p01_tmp12 + (uint32_t)10U;
-    uint64_t
-    bit =
-      (uint64_t)(key[((uint32_t)253U - i)
-      / (uint32_t)8U]
-      >> ((uint32_t)253U - i) % (uint32_t)8U
-      & (uint8_t)1U);
+    uint64_t *nq_p12 = p01_tmp12 + 10U;
+    uint64_t bit = (uint64_t)((uint32_t)key[(253U - i) / 8U] >> (253U - i) % 8U & 1U);
     uint64_t sw = swap1[0U] ^ bit;
     Hacl_Impl_Curve25519_Field51_cswap2(sw, nq2, nq_p12);
     point_add_and_double(init, p01_tmp12, tmp2);
@@ -149,11 +144,11 @@ static void montgomery_ladder(uint64_t *out, uint8_t *key, uint64_t *init)
   uint64_t sw = swap[0U];
   Hacl_Impl_Curve25519_Field51_cswap2(sw, nq1, nq_p11);
   uint64_t *nq10 = p01_tmp1;
-  uint64_t *tmp1 = p01_tmp1 + (uint32_t)20U;
+  uint64_t *tmp1 = p01_tmp1 + 20U;
   point_double(nq10, tmp1, tmp2);
   point_double(nq10, tmp1, tmp2);
   point_double(nq10, tmp1, tmp2);
-  memcpy(out, p0, (uint32_t)10U * sizeof (uint64_t));
+  memcpy(out, p0, 10U * sizeof (uint64_t));
 }
 
 void
@@ -165,7 +160,7 @@ Hacl_Curve25519_51_fsquare_times(
 )
 {
   Hacl_Impl_Curve25519_Field51_fsqr(o, inp, tmp);
-  for (uint32_t i = (uint32_t)0U; i < n - (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < n - 1U; i++)
   {
     Hacl_Impl_Curve25519_Field51_fsqr(o, o, tmp);
   }
@@ -175,60 +170,56 @@ void Hacl_Curve25519_51_finv(uint64_t *o, uint64_t *i, FStar_UInt128_uint128 *tm
 {
   uint64_t t1[20U] = { 0U };
   uint64_t *a1 = t1;
-  uint64_t *b1 = t1 + (uint32_t)5U;
-  uint64_t *t010 = t1 + (uint32_t)15U;
+  uint64_t *b1 = t1 + 5U;
+  uint64_t *t010 = t1 + 15U;
   FStar_UInt128_uint128 *tmp10 = tmp;
-  Hacl_Curve25519_51_fsquare_times(a1, i, tmp10, (uint32_t)1U);
-  Hacl_Curve25519_51_fsquare_times(t010, a1, tmp10, (uint32_t)2U);
+  Hacl_Curve25519_51_fsquare_times(a1, i, tmp10, 1U);
+  Hacl_Curve25519_51_fsquare_times(t010, a1, tmp10, 2U);
   Hacl_Impl_Curve25519_Field51_fmul(b1, t010, i, tmp);
   Hacl_Impl_Curve25519_Field51_fmul(a1, b1, a1, tmp);
-  Hacl_Curve25519_51_fsquare_times(t010, a1, tmp10, (uint32_t)1U);
+  Hacl_Curve25519_51_fsquare_times(t010, a1, tmp10, 1U);
   Hacl_Impl_Curve25519_Field51_fmul(b1, t010, b1, tmp);
-  Hacl_Curve25519_51_fsquare_times(t010, b1, tmp10, (uint32_t)5U);
+  Hacl_Curve25519_51_fsquare_times(t010, b1, tmp10, 5U);
   Hacl_Impl_Curve25519_Field51_fmul(b1, t010, b1, tmp);
-  uint64_t *b10 = t1 + (uint32_t)5U;
-  uint64_t *c10 = t1 + (uint32_t)10U;
-  uint64_t *t011 = t1 + (uint32_t)15U;
+  uint64_t *b10 = t1 + 5U;
+  uint64_t *c10 = t1 + 10U;
+  uint64_t *t011 = t1 + 15U;
   FStar_UInt128_uint128 *tmp11 = tmp;
-  Hacl_Curve25519_51_fsquare_times(t011, b10, tmp11, (uint32_t)10U);
+  Hacl_Curve25519_51_fsquare_times(t011, b10, tmp11, 10U);
   Hacl_Impl_Curve25519_Field51_fmul(c10, t011, b10, tmp);
-  Hacl_Curve25519_51_fsquare_times(t011, c10, tmp11, (uint32_t)20U);
+  Hacl_Curve25519_51_fsquare_times(t011, c10, tmp11, 20U);
   Hacl_Impl_Curve25519_Field51_fmul(t011, t011, c10, tmp);
-  Hacl_Curve25519_51_fsquare_times(t011, t011, tmp11, (uint32_t)10U);
+  Hacl_Curve25519_51_fsquare_times(t011, t011, tmp11, 10U);
   Hacl_Impl_Curve25519_Field51_fmul(b10, t011, b10, tmp);
-  Hacl_Curve25519_51_fsquare_times(t011, b10, tmp11, (uint32_t)50U);
+  Hacl_Curve25519_51_fsquare_times(t011, b10, tmp11, 50U);
   Hacl_Impl_Curve25519_Field51_fmul(c10, t011, b10, tmp);
-  uint64_t *b11 = t1 + (uint32_t)5U;
-  uint64_t *c1 = t1 + (uint32_t)10U;
-  uint64_t *t01 = t1 + (uint32_t)15U;
+  uint64_t *b11 = t1 + 5U;
+  uint64_t *c1 = t1 + 10U;
+  uint64_t *t01 = t1 + 15U;
   FStar_UInt128_uint128 *tmp1 = tmp;
-  Hacl_Curve25519_51_fsquare_times(t01, c1, tmp1, (uint32_t)100U);
+  Hacl_Curve25519_51_fsquare_times(t01, c1, tmp1, 100U);
   Hacl_Impl_Curve25519_Field51_fmul(t01, t01, c1, tmp);
-  Hacl_Curve25519_51_fsquare_times(t01, t01, tmp1, (uint32_t)50U);
+  Hacl_Curve25519_51_fsquare_times(t01, t01, tmp1, 50U);
   Hacl_Impl_Curve25519_Field51_fmul(t01, t01, b11, tmp);
-  Hacl_Curve25519_51_fsquare_times(t01, t01, tmp1, (uint32_t)5U);
+  Hacl_Curve25519_51_fsquare_times(t01, t01, tmp1, 5U);
   uint64_t *a = t1;
-  uint64_t *t0 = t1 + (uint32_t)15U;
+  uint64_t *t0 = t1 + 15U;
   Hacl_Impl_Curve25519_Field51_fmul(o, t0, a, tmp);
 }
 
 static void encode_point(uint8_t *o, uint64_t *i)
 {
   uint64_t *x = i;
-  uint64_t *z = i + (uint32_t)5U;
+  uint64_t *z = i + 5U;
   uint64_t tmp[5U] = { 0U };
   uint64_t u64s[4U] = { 0U };
   FStar_UInt128_uint128 tmp_w[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp_w[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp_w[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Curve25519_51_finv(tmp, z, tmp_w);
   Hacl_Impl_Curve25519_Field51_fmul(tmp, tmp, x, tmp_w);
   Hacl_Impl_Curve25519_Field51_store_felem(u64s, tmp);
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(o + i0 * (uint32_t)8U, u64s[i0]););
+  KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, store64_le(o + i0 * 8U, u64s[i0]););
 }
 
 /**
@@ -243,32 +234,32 @@ void Hacl_Curve25519_51_scalarmult(uint8_t *out, uint8_t *priv, uint8_t *pub)
   uint64_t init[10U] = { 0U };
   uint64_t tmp[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = tmp;
-    uint8_t *bj = pub + i * (uint32_t)8U;
+    uint8_t *bj = pub + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   uint64_t tmp3 = tmp[3U];
-  tmp[3U] = tmp3 & (uint64_t)0x7fffffffffffffffU;
+  tmp[3U] = tmp3 & 0x7fffffffffffffffULL;
   uint64_t *x = init;
-  uint64_t *z = init + (uint32_t)5U;
-  z[0U] = (uint64_t)1U;
-  z[1U] = (uint64_t)0U;
-  z[2U] = (uint64_t)0U;
-  z[3U] = (uint64_t)0U;
-  z[4U] = (uint64_t)0U;
-  uint64_t f0l = tmp[0U] & (uint64_t)0x7ffffffffffffU;
-  uint64_t f0h = tmp[0U] >> (uint32_t)51U;
-  uint64_t f1l = (tmp[1U] & (uint64_t)0x3fffffffffU) << (uint32_t)13U;
-  uint64_t f1h = tmp[1U] >> (uint32_t)38U;
-  uint64_t f2l = (tmp[2U] & (uint64_t)0x1ffffffU) << (uint32_t)26U;
-  uint64_t f2h = tmp[2U] >> (uint32_t)25U;
-  uint64_t f3l = (tmp[3U] & (uint64_t)0xfffU) << (uint32_t)39U;
-  uint64_t f3h = tmp[3U] >> (uint32_t)12U;
+  uint64_t *z = init + 5U;
+  z[0U] = 1ULL;
+  z[1U] = 0ULL;
+  z[2U] = 0ULL;
+  z[3U] = 0ULL;
+  z[4U] = 0ULL;
+  uint64_t f0l = tmp[0U] & 0x7ffffffffffffULL;
+  uint64_t f0h = tmp[0U] >> 51U;
+  uint64_t f1l = (tmp[1U] & 0x3fffffffffULL) << 13U;
+  uint64_t f1h = tmp[1U] >> 38U;
+  uint64_t f2l = (tmp[2U] & 0x1ffffffULL) << 26U;
+  uint64_t f2h = tmp[2U] >> 25U;
+  uint64_t f3l = (tmp[3U] & 0xfffULL) << 39U;
+  uint64_t f3h = tmp[3U] >> 12U;
   x[0U] = f0l;
   x[1U] = f0h | f1l;
   x[2U] = f1h | f2l;
@@ -289,7 +280,7 @@ This computes a scalar multiplication of the secret/private key with the curve's
 void Hacl_Curve25519_51_secret_to_public(uint8_t *pub, uint8_t *priv)
 {
   uint8_t basepoint[32U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t *os = basepoint;
     uint8_t x = g25519[i];
@@ -309,14 +300,14 @@ bool Hacl_Curve25519_51_ecdh(uint8_t *out, uint8_t *priv, uint8_t *pub)
 {
   uint8_t zeros[32U] = { 0U };
   Hacl_Curve25519_51_scalarmult(out, priv, pub);
-  uint8_t res = (uint8_t)255U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint8_t res = 255U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t uu____0 = FStar_UInt8_eq_mask(out[i], zeros[i]);
-    res = uu____0 & res;
+    res = (uint32_t)uu____0 & (uint32_t)res;
   }
   uint8_t z = res;
-  bool r = z == (uint8_t)255U;
+  bool r = z == 255U;
   return !r;
 }
 
diff --git a/src/msvc/Hacl_Curve25519_64.c b/src/msvc/Hacl_Curve25519_64.c
index fb0974fe..edcab306 100644
--- a/src/msvc/Hacl_Curve25519_64.c
+++ b/src/msvc/Hacl_Curve25519_64.c
@@ -35,7 +35,7 @@ static inline void add_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   add_scalar(out, f1, f2);
   #else
-  KRML_HOST_IGNORE(add_scalar_e(out, f1, f2));
+  add_scalar_e(out, f1, f2);
   #endif
 }
 
@@ -44,7 +44,7 @@ static inline void fadd0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fadd(out, f1, f2);
   #else
-  KRML_HOST_IGNORE(fadd_e(out, f1, f2));
+  fadd_e(out, f1, f2);
   #endif
 }
 
@@ -53,7 +53,7 @@ static inline void fsub0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsub(out, f1, f2);
   #else
-  KRML_HOST_IGNORE(fsub_e(out, f1, f2));
+  fsub_e(out, f1, f2);
   #endif
 }
 
@@ -62,7 +62,7 @@ static inline void fmul0(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *tm
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul(out, f1, f2, tmp);
   #else
-  KRML_HOST_IGNORE(fmul_e(tmp, f1, out, f2));
+  fmul_e(tmp, f1, out, f2);
   #endif
 }
 
@@ -71,7 +71,7 @@ static inline void fmul20(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *t
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul2(out, f1, f2, tmp);
   #else
-  KRML_HOST_IGNORE(fmul2_e(tmp, f1, out, f2));
+  fmul2_e(tmp, f1, out, f2);
   #endif
 }
 
@@ -80,7 +80,7 @@ static inline void fmul_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul_scalar(out, f1, f2);
   #else
-  KRML_HOST_IGNORE(fmul_scalar_e(out, f1, f2));
+  fmul_scalar_e(out, f1, f2);
   #endif
 }
 
@@ -89,7 +89,7 @@ static inline void fsqr0(uint64_t *out, uint64_t *f1, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr(out, f1, tmp);
   #else
-  KRML_HOST_IGNORE(fsqr_e(tmp, f1, out));
+  fsqr_e(tmp, f1, out);
   #endif
 }
 
@@ -98,7 +98,7 @@ static inline void fsqr20(uint64_t *out, uint64_t *f, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr2(out, f, tmp);
   #else
-  KRML_HOST_IGNORE(fsqr2_e(tmp, f, out));
+  fsqr2_e(tmp, f, out);
   #endif
 }
 
@@ -107,42 +107,42 @@ static inline void cswap20(uint64_t bit, uint64_t *p1, uint64_t *p2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   cswap2(bit, p1, p2);
   #else
-  KRML_HOST_IGNORE(cswap2_e(bit, p1, p2));
+  cswap2_e(bit, p1, p2);
   #endif
 }
 
-static const uint8_t g25519[32U] = { (uint8_t)9U };
+static const uint8_t g25519[32U] = { 9U };
 
 static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, uint64_t *tmp2)
 {
   uint64_t *nq = p01_tmp1;
-  uint64_t *nq_p1 = p01_tmp1 + (uint32_t)8U;
-  uint64_t *tmp1 = p01_tmp1 + (uint32_t)16U;
+  uint64_t *nq_p1 = p01_tmp1 + 8U;
+  uint64_t *tmp1 = p01_tmp1 + 16U;
   uint64_t *x1 = q;
   uint64_t *x2 = nq;
-  uint64_t *z2 = nq + (uint32_t)4U;
-  uint64_t *z3 = nq_p1 + (uint32_t)4U;
+  uint64_t *z2 = nq + 4U;
+  uint64_t *z3 = nq_p1 + 4U;
   uint64_t *a = tmp1;
-  uint64_t *b = tmp1 + (uint32_t)4U;
+  uint64_t *b = tmp1 + 4U;
   uint64_t *ab = tmp1;
-  uint64_t *dc = tmp1 + (uint32_t)8U;
+  uint64_t *dc = tmp1 + 8U;
   fadd0(a, x2, z2);
   fsub0(b, x2, z2);
   uint64_t *x3 = nq_p1;
-  uint64_t *z31 = nq_p1 + (uint32_t)4U;
+  uint64_t *z31 = nq_p1 + 4U;
   uint64_t *d0 = dc;
-  uint64_t *c0 = dc + (uint32_t)4U;
+  uint64_t *c0 = dc + 4U;
   fadd0(c0, x3, z31);
   fsub0(d0, x3, z31);
   fmul20(dc, dc, ab, tmp2);
   fadd0(x3, d0, c0);
   fsub0(z31, d0, c0);
   uint64_t *a1 = tmp1;
-  uint64_t *b1 = tmp1 + (uint32_t)4U;
-  uint64_t *d = tmp1 + (uint32_t)8U;
-  uint64_t *c = tmp1 + (uint32_t)12U;
+  uint64_t *b1 = tmp1 + 4U;
+  uint64_t *d = tmp1 + 8U;
+  uint64_t *c = tmp1 + 12U;
   uint64_t *ab1 = tmp1;
-  uint64_t *dc1 = tmp1 + (uint32_t)8U;
+  uint64_t *dc1 = tmp1 + 8U;
   fsqr20(dc1, ab1, tmp2);
   fsqr20(nq_p1, nq_p1, tmp2);
   a1[0U] = c[0U];
@@ -150,7 +150,7 @@ static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, uint64_t *tmp2
   a1[2U] = c[2U];
   a1[3U] = c[3U];
   fsub0(c, d, c);
-  fmul_scalar0(b1, c, (uint64_t)121665U);
+  fmul_scalar0(b1, c, 121665ULL);
   fadd0(b1, b1, d);
   fmul20(nq, dc1, ab1, tmp2);
   fmul0(z3, z3, x1, tmp2);
@@ -159,13 +159,13 @@ static void point_add_and_double(uint64_t *q, uint64_t *p01_tmp1, uint64_t *tmp2
 static void point_double(uint64_t *nq, uint64_t *tmp1, uint64_t *tmp2)
 {
   uint64_t *x2 = nq;
-  uint64_t *z2 = nq + (uint32_t)4U;
+  uint64_t *z2 = nq + 4U;
   uint64_t *a = tmp1;
-  uint64_t *b = tmp1 + (uint32_t)4U;
-  uint64_t *d = tmp1 + (uint32_t)8U;
-  uint64_t *c = tmp1 + (uint32_t)12U;
+  uint64_t *b = tmp1 + 4U;
+  uint64_t *d = tmp1 + 8U;
+  uint64_t *c = tmp1 + 12U;
   uint64_t *ab = tmp1;
-  uint64_t *dc = tmp1 + (uint32_t)8U;
+  uint64_t *dc = tmp1 + 8U;
   fadd0(a, x2, z2);
   fsub0(b, x2, z2);
   fsqr20(dc, ab, tmp2);
@@ -174,7 +174,7 @@ static void point_double(uint64_t *nq, uint64_t *tmp1, uint64_t *tmp2)
   a[2U] = c[2U];
   a[3U] = c[3U];
   fsub0(c, d, c);
-  fmul_scalar0(b, c, (uint64_t)121665U);
+  fmul_scalar0(b, c, 121665ULL);
   fadd0(b, b, d);
   fmul20(nq, dc, ab, tmp2);
 }
@@ -186,38 +186,33 @@ static void montgomery_ladder(uint64_t *out, uint8_t *key, uint64_t *init)
   uint64_t *p0 = p01_tmp1_swap;
   uint64_t *p01 = p01_tmp1_swap;
   uint64_t *p03 = p01;
-  uint64_t *p11 = p01 + (uint32_t)8U;
-  memcpy(p11, init, (uint32_t)8U * sizeof (uint64_t));
+  uint64_t *p11 = p01 + 8U;
+  memcpy(p11, init, 8U * sizeof (uint64_t));
   uint64_t *x0 = p03;
-  uint64_t *z0 = p03 + (uint32_t)4U;
-  x0[0U] = (uint64_t)1U;
-  x0[1U] = (uint64_t)0U;
-  x0[2U] = (uint64_t)0U;
-  x0[3U] = (uint64_t)0U;
-  z0[0U] = (uint64_t)0U;
-  z0[1U] = (uint64_t)0U;
-  z0[2U] = (uint64_t)0U;
-  z0[3U] = (uint64_t)0U;
+  uint64_t *z0 = p03 + 4U;
+  x0[0U] = 1ULL;
+  x0[1U] = 0ULL;
+  x0[2U] = 0ULL;
+  x0[3U] = 0ULL;
+  z0[0U] = 0ULL;
+  z0[1U] = 0ULL;
+  z0[2U] = 0ULL;
+  z0[3U] = 0ULL;
   uint64_t *p01_tmp1 = p01_tmp1_swap;
   uint64_t *p01_tmp11 = p01_tmp1_swap;
   uint64_t *nq1 = p01_tmp1_swap;
-  uint64_t *nq_p11 = p01_tmp1_swap + (uint32_t)8U;
-  uint64_t *swap = p01_tmp1_swap + (uint32_t)32U;
-  cswap20((uint64_t)1U, nq1, nq_p11);
+  uint64_t *nq_p11 = p01_tmp1_swap + 8U;
+  uint64_t *swap = p01_tmp1_swap + 32U;
+  cswap20(1ULL, nq1, nq_p11);
   point_add_and_double(init, p01_tmp11, tmp2);
-  swap[0U] = (uint64_t)1U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)251U; i++)
+  swap[0U] = 1ULL;
+  for (uint32_t i = 0U; i < 251U; i++)
   {
     uint64_t *p01_tmp12 = p01_tmp1_swap;
-    uint64_t *swap1 = p01_tmp1_swap + (uint32_t)32U;
+    uint64_t *swap1 = p01_tmp1_swap + 32U;
     uint64_t *nq2 = p01_tmp12;
-    uint64_t *nq_p12 = p01_tmp12 + (uint32_t)8U;
-    uint64_t
-    bit =
-      (uint64_t)(key[((uint32_t)253U - i)
-      / (uint32_t)8U]
-      >> ((uint32_t)253U - i) % (uint32_t)8U
-      & (uint8_t)1U);
+    uint64_t *nq_p12 = p01_tmp12 + 8U;
+    uint64_t bit = (uint64_t)((uint32_t)key[(253U - i) / 8U] >> (253U - i) % 8U & 1U);
     uint64_t sw = swap1[0U] ^ bit;
     cswap20(sw, nq2, nq_p12);
     point_add_and_double(init, p01_tmp12, tmp2);
@@ -226,17 +221,17 @@ static void montgomery_ladder(uint64_t *out, uint8_t *key, uint64_t *init)
   uint64_t sw = swap[0U];
   cswap20(sw, nq1, nq_p11);
   uint64_t *nq10 = p01_tmp1;
-  uint64_t *tmp1 = p01_tmp1 + (uint32_t)16U;
+  uint64_t *tmp1 = p01_tmp1 + 16U;
   point_double(nq10, tmp1, tmp2);
   point_double(nq10, tmp1, tmp2);
   point_double(nq10, tmp1, tmp2);
-  memcpy(out, p0, (uint32_t)8U * sizeof (uint64_t));
+  memcpy(out, p0, 8U * sizeof (uint64_t));
 }
 
 static void fsquare_times(uint64_t *o, uint64_t *inp, uint64_t *tmp, uint32_t n)
 {
   fsqr0(o, inp, tmp);
-  for (uint32_t i = (uint32_t)0U; i < n - (uint32_t)1U; i++)
+  for (uint32_t i = 0U; i < n - 1U; i++)
   {
     fsqr0(o, o, tmp);
   }
@@ -246,66 +241,66 @@ static void finv(uint64_t *o, uint64_t *i, uint64_t *tmp)
 {
   uint64_t t1[16U] = { 0U };
   uint64_t *a1 = t1;
-  uint64_t *b1 = t1 + (uint32_t)4U;
-  uint64_t *t010 = t1 + (uint32_t)12U;
+  uint64_t *b1 = t1 + 4U;
+  uint64_t *t010 = t1 + 12U;
   uint64_t *tmp10 = tmp;
-  fsquare_times(a1, i, tmp10, (uint32_t)1U);
-  fsquare_times(t010, a1, tmp10, (uint32_t)2U);
+  fsquare_times(a1, i, tmp10, 1U);
+  fsquare_times(t010, a1, tmp10, 2U);
   fmul0(b1, t010, i, tmp);
   fmul0(a1, b1, a1, tmp);
-  fsquare_times(t010, a1, tmp10, (uint32_t)1U);
+  fsquare_times(t010, a1, tmp10, 1U);
   fmul0(b1, t010, b1, tmp);
-  fsquare_times(t010, b1, tmp10, (uint32_t)5U);
+  fsquare_times(t010, b1, tmp10, 5U);
   fmul0(b1, t010, b1, tmp);
-  uint64_t *b10 = t1 + (uint32_t)4U;
-  uint64_t *c10 = t1 + (uint32_t)8U;
-  uint64_t *t011 = t1 + (uint32_t)12U;
+  uint64_t *b10 = t1 + 4U;
+  uint64_t *c10 = t1 + 8U;
+  uint64_t *t011 = t1 + 12U;
   uint64_t *tmp11 = tmp;
-  fsquare_times(t011, b10, tmp11, (uint32_t)10U);
+  fsquare_times(t011, b10, tmp11, 10U);
   fmul0(c10, t011, b10, tmp);
-  fsquare_times(t011, c10, tmp11, (uint32_t)20U);
+  fsquare_times(t011, c10, tmp11, 20U);
   fmul0(t011, t011, c10, tmp);
-  fsquare_times(t011, t011, tmp11, (uint32_t)10U);
+  fsquare_times(t011, t011, tmp11, 10U);
   fmul0(b10, t011, b10, tmp);
-  fsquare_times(t011, b10, tmp11, (uint32_t)50U);
+  fsquare_times(t011, b10, tmp11, 50U);
   fmul0(c10, t011, b10, tmp);
-  uint64_t *b11 = t1 + (uint32_t)4U;
-  uint64_t *c1 = t1 + (uint32_t)8U;
-  uint64_t *t01 = t1 + (uint32_t)12U;
+  uint64_t *b11 = t1 + 4U;
+  uint64_t *c1 = t1 + 8U;
+  uint64_t *t01 = t1 + 12U;
   uint64_t *tmp1 = tmp;
-  fsquare_times(t01, c1, tmp1, (uint32_t)100U);
+  fsquare_times(t01, c1, tmp1, 100U);
   fmul0(t01, t01, c1, tmp);
-  fsquare_times(t01, t01, tmp1, (uint32_t)50U);
+  fsquare_times(t01, t01, tmp1, 50U);
   fmul0(t01, t01, b11, tmp);
-  fsquare_times(t01, t01, tmp1, (uint32_t)5U);
+  fsquare_times(t01, t01, tmp1, 5U);
   uint64_t *a = t1;
-  uint64_t *t0 = t1 + (uint32_t)12U;
+  uint64_t *t0 = t1 + 12U;
   fmul0(o, t0, a, tmp);
 }
 
 static void store_felem(uint64_t *b, uint64_t *f)
 {
   uint64_t f30 = f[3U];
-  uint64_t top_bit0 = f30 >> (uint32_t)63U;
-  f[3U] = f30 & (uint64_t)0x7fffffffffffffffU;
-  add_scalar0(f, f, (uint64_t)19U * top_bit0);
+  uint64_t top_bit0 = f30 >> 63U;
+  f[3U] = f30 & 0x7fffffffffffffffULL;
+  add_scalar0(f, f, 19ULL * top_bit0);
   uint64_t f31 = f[3U];
-  uint64_t top_bit = f31 >> (uint32_t)63U;
-  f[3U] = f31 & (uint64_t)0x7fffffffffffffffU;
-  add_scalar0(f, f, (uint64_t)19U * top_bit);
+  uint64_t top_bit = f31 >> 63U;
+  f[3U] = f31 & 0x7fffffffffffffffULL;
+  add_scalar0(f, f, 19ULL * top_bit);
   uint64_t f0 = f[0U];
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
-  uint64_t m0 = FStar_UInt64_gte_mask(f0, (uint64_t)0xffffffffffffffedU);
-  uint64_t m1 = FStar_UInt64_eq_mask(f1, (uint64_t)0xffffffffffffffffU);
-  uint64_t m2 = FStar_UInt64_eq_mask(f2, (uint64_t)0xffffffffffffffffU);
-  uint64_t m3 = FStar_UInt64_eq_mask(f3, (uint64_t)0x7fffffffffffffffU);
+  uint64_t m0 = FStar_UInt64_gte_mask(f0, 0xffffffffffffffedULL);
+  uint64_t m1 = FStar_UInt64_eq_mask(f1, 0xffffffffffffffffULL);
+  uint64_t m2 = FStar_UInt64_eq_mask(f2, 0xffffffffffffffffULL);
+  uint64_t m3 = FStar_UInt64_eq_mask(f3, 0x7fffffffffffffffULL);
   uint64_t mask = ((m0 & m1) & m2) & m3;
-  uint64_t f0_ = f0 - (mask & (uint64_t)0xffffffffffffffedU);
-  uint64_t f1_ = f1 - (mask & (uint64_t)0xffffffffffffffffU);
-  uint64_t f2_ = f2 - (mask & (uint64_t)0xffffffffffffffffU);
-  uint64_t f3_ = f3 - (mask & (uint64_t)0x7fffffffffffffffU);
+  uint64_t f0_ = f0 - (mask & 0xffffffffffffffedULL);
+  uint64_t f1_ = f1 - (mask & 0xffffffffffffffffULL);
+  uint64_t f2_ = f2 - (mask & 0xffffffffffffffffULL);
+  uint64_t f3_ = f3 - (mask & 0x7fffffffffffffffULL);
   uint64_t o0 = f0_;
   uint64_t o1 = f1_;
   uint64_t o2 = f2_;
@@ -319,18 +314,14 @@ static void store_felem(uint64_t *b, uint64_t *f)
 static void encode_point(uint8_t *o, uint64_t *i)
 {
   uint64_t *x = i;
-  uint64_t *z = i + (uint32_t)4U;
+  uint64_t *z = i + 4U;
   uint64_t tmp[4U] = { 0U };
   uint64_t u64s[4U] = { 0U };
   uint64_t tmp_w[16U] = { 0U };
   finv(tmp, z, tmp_w);
   fmul0(tmp, tmp, x, tmp_w);
   store_felem(u64s, tmp);
-  KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(o + i0 * (uint32_t)8U, u64s[i0]););
+  KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, store64_le(o + i0 * 8U, u64s[i0]););
 }
 
 /**
@@ -345,23 +336,23 @@ void Hacl_Curve25519_64_scalarmult(uint8_t *out, uint8_t *priv, uint8_t *pub)
   uint64_t init[8U] = { 0U };
   uint64_t tmp[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = tmp;
-    uint8_t *bj = pub + i * (uint32_t)8U;
+    uint8_t *bj = pub + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   uint64_t tmp3 = tmp[3U];
-  tmp[3U] = tmp3 & (uint64_t)0x7fffffffffffffffU;
+  tmp[3U] = tmp3 & 0x7fffffffffffffffULL;
   uint64_t *x = init;
-  uint64_t *z = init + (uint32_t)4U;
-  z[0U] = (uint64_t)1U;
-  z[1U] = (uint64_t)0U;
-  z[2U] = (uint64_t)0U;
-  z[3U] = (uint64_t)0U;
+  uint64_t *z = init + 4U;
+  z[0U] = 1ULL;
+  z[1U] = 0ULL;
+  z[2U] = 0ULL;
+  z[3U] = 0ULL;
   x[0U] = tmp[0U];
   x[1U] = tmp[1U];
   x[2U] = tmp[2U];
@@ -381,7 +372,7 @@ This computes a scalar multiplication of the secret/private key with the curve's
 void Hacl_Curve25519_64_secret_to_public(uint8_t *pub, uint8_t *priv)
 {
   uint8_t basepoint[32U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t *os = basepoint;
     uint8_t x = g25519[i];
@@ -401,14 +392,14 @@ bool Hacl_Curve25519_64_ecdh(uint8_t *out, uint8_t *priv, uint8_t *pub)
 {
   uint8_t zeros[32U] = { 0U };
   Hacl_Curve25519_64_scalarmult(out, priv, pub);
-  uint8_t res = (uint8_t)255U;
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  uint8_t res = 255U;
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t uu____0 = FStar_UInt8_eq_mask(out[i], zeros[i]);
-    res = uu____0 & res;
+    res = (uint32_t)uu____0 & (uint32_t)res;
   }
   uint8_t z = res;
-  bool r = z == (uint8_t)255U;
+  bool r = z == 255U;
   return !r;
 }
 
diff --git a/src/msvc/Hacl_EC_Ed25519.c b/src/msvc/Hacl_EC_Ed25519.c
index 46f2837b..6ab24a33 100644
--- a/src/msvc/Hacl_EC_Ed25519.c
+++ b/src/msvc/Hacl_EC_Ed25519.c
@@ -43,11 +43,11 @@ Write the additive identity in `f`.
 */
 void Hacl_EC_Ed25519_mk_felem_zero(uint64_t *b)
 {
-  b[0U] = (uint64_t)0U;
-  b[1U] = (uint64_t)0U;
-  b[2U] = (uint64_t)0U;
-  b[3U] = (uint64_t)0U;
-  b[4U] = (uint64_t)0U;
+  b[0U] = 0ULL;
+  b[1U] = 0ULL;
+  b[2U] = 0ULL;
+  b[3U] = 0ULL;
+  b[4U] = 0ULL;
 }
 
 /**
@@ -57,11 +57,11 @@ Write the multiplicative identity in `f`.
 */
 void Hacl_EC_Ed25519_mk_felem_one(uint64_t *b)
 {
-  b[0U] = (uint64_t)1U;
-  b[1U] = (uint64_t)0U;
-  b[2U] = (uint64_t)0U;
-  b[3U] = (uint64_t)0U;
-  b[4U] = (uint64_t)0U;
+  b[0U] = 1ULL;
+  b[1U] = 0ULL;
+  b[2U] = 0ULL;
+  b[3U] = 0ULL;
+  b[4U] = 0ULL;
 }
 
 /**
@@ -106,8 +106,8 @@ Write `a * b mod p` in `out`.
 void Hacl_EC_Ed25519_felem_mul(uint64_t *a, uint64_t *b, uint64_t *out)
 {
   FStar_UInt128_uint128 tmp[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Impl_Curve25519_Field51_fmul(out, a, b, tmp);
 }
 
@@ -123,8 +123,8 @@ Write `a * a mod p` in `out`.
 void Hacl_EC_Ed25519_felem_sqr(uint64_t *a, uint64_t *out)
 {
   FStar_UInt128_uint128 tmp[5U];
-  for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 5U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Impl_Curve25519_Field51_fsqr(out, a, tmp);
 }
 
@@ -205,29 +205,29 @@ Write the base point (generator) in `p`.
 void Hacl_EC_Ed25519_mk_base_point(uint64_t *p)
 {
   uint64_t *gx = p;
-  uint64_t *gy = p + (uint32_t)5U;
-  uint64_t *gz = p + (uint32_t)10U;
-  uint64_t *gt = p + (uint32_t)15U;
-  gx[0U] = (uint64_t)0x00062d608f25d51aU;
-  gx[1U] = (uint64_t)0x000412a4b4f6592aU;
-  gx[2U] = (uint64_t)0x00075b7171a4b31dU;
-  gx[3U] = (uint64_t)0x0001ff60527118feU;
-  gx[4U] = (uint64_t)0x000216936d3cd6e5U;
-  gy[0U] = (uint64_t)0x0006666666666658U;
-  gy[1U] = (uint64_t)0x0004ccccccccccccU;
-  gy[2U] = (uint64_t)0x0001999999999999U;
-  gy[3U] = (uint64_t)0x0003333333333333U;
-  gy[4U] = (uint64_t)0x0006666666666666U;
-  gz[0U] = (uint64_t)1U;
-  gz[1U] = (uint64_t)0U;
-  gz[2U] = (uint64_t)0U;
-  gz[3U] = (uint64_t)0U;
-  gz[4U] = (uint64_t)0U;
-  gt[0U] = (uint64_t)0x00068ab3a5b7dda3U;
-  gt[1U] = (uint64_t)0x00000eea2a5eadbbU;
-  gt[2U] = (uint64_t)0x0002af8df483c27eU;
-  gt[3U] = (uint64_t)0x000332b375274732U;
-  gt[4U] = (uint64_t)0x00067875f0fd78b7U;
+  uint64_t *gy = p + 5U;
+  uint64_t *gz = p + 10U;
+  uint64_t *gt = p + 15U;
+  gx[0U] = 0x00062d608f25d51aULL;
+  gx[1U] = 0x000412a4b4f6592aULL;
+  gx[2U] = 0x00075b7171a4b31dULL;
+  gx[3U] = 0x0001ff60527118feULL;
+  gx[4U] = 0x000216936d3cd6e5ULL;
+  gy[0U] = 0x0006666666666658ULL;
+  gy[1U] = 0x0004ccccccccccccULL;
+  gy[2U] = 0x0001999999999999ULL;
+  gy[3U] = 0x0003333333333333ULL;
+  gy[4U] = 0x0006666666666666ULL;
+  gz[0U] = 1ULL;
+  gz[1U] = 0ULL;
+  gz[2U] = 0ULL;
+  gz[3U] = 0ULL;
+  gz[4U] = 0ULL;
+  gt[0U] = 0x00068ab3a5b7dda3ULL;
+  gt[1U] = 0x00000eea2a5eadbbULL;
+  gt[2U] = 0x0002af8df483c27eULL;
+  gt[3U] = 0x000332b375274732ULL;
+  gt[4U] = 0x00067875f0fd78b7ULL;
 }
 
 /**
diff --git a/src/msvc/Hacl_EC_K256.c b/src/msvc/Hacl_EC_K256.c
index e48edb5b..581c223b 100644
--- a/src/msvc/Hacl_EC_K256.c
+++ b/src/msvc/Hacl_EC_K256.c
@@ -43,7 +43,7 @@ Write the additive identity in `f`.
 */
 void Hacl_EC_K256_mk_felem_zero(uint64_t *f)
 {
-  memset(f, 0U, (uint32_t)5U * sizeof (uint64_t));
+  memset(f, 0U, 5U * sizeof (uint64_t));
 }
 
 /**
@@ -53,8 +53,8 @@ Write the multiplicative identity in `f`.
 */
 void Hacl_EC_K256_mk_felem_one(uint64_t *f)
 {
-  memset(f, 0U, (uint32_t)5U * sizeof (uint64_t));
-  f[0U] = (uint64_t)1U;
+  memset(f, 0U, 5U * sizeof (uint64_t));
+  f[0U] = 1ULL;
 }
 
 /**
@@ -83,7 +83,7 @@ Write `a - b mod p` in `out`.
 */
 void Hacl_EC_K256_felem_sub(uint64_t *a, uint64_t *b, uint64_t *out)
 {
-  Hacl_K256_Field_fsub(out, a, b, (uint64_t)2U);
+  Hacl_K256_Field_fsub(out, a, b, 2ULL);
   Hacl_K256_Field_fnormalize_weak(out, out);
 }
 
@@ -189,20 +189,20 @@ Write the base point (generator) in `p`.
 void Hacl_EC_K256_mk_base_point(uint64_t *p)
 {
   uint64_t *gx = p;
-  uint64_t *gy = p + (uint32_t)5U;
-  uint64_t *gz = p + (uint32_t)10U;
-  gx[0U] = (uint64_t)0x2815b16f81798U;
-  gx[1U] = (uint64_t)0xdb2dce28d959fU;
-  gx[2U] = (uint64_t)0xe870b07029bfcU;
-  gx[3U] = (uint64_t)0xbbac55a06295cU;
-  gx[4U] = (uint64_t)0x79be667ef9dcU;
-  gy[0U] = (uint64_t)0x7d08ffb10d4b8U;
-  gy[1U] = (uint64_t)0x48a68554199c4U;
-  gy[2U] = (uint64_t)0xe1108a8fd17b4U;
-  gy[3U] = (uint64_t)0xc4655da4fbfc0U;
-  gy[4U] = (uint64_t)0x483ada7726a3U;
-  memset(gz, 0U, (uint32_t)5U * sizeof (uint64_t));
-  gz[0U] = (uint64_t)1U;
+  uint64_t *gy = p + 5U;
+  uint64_t *gz = p + 10U;
+  gx[0U] = 0x2815b16f81798ULL;
+  gx[1U] = 0xdb2dce28d959fULL;
+  gx[2U] = 0xe870b07029bfcULL;
+  gx[3U] = 0xbbac55a06295cULL;
+  gx[4U] = 0x79be667ef9dcULL;
+  gy[0U] = 0x7d08ffb10d4b8ULL;
+  gy[1U] = 0x48a68554199c4ULL;
+  gy[2U] = 0xe1108a8fd17b4ULL;
+  gy[3U] = 0xc4655da4fbfc0ULL;
+  gy[4U] = 0x483ada7726a3ULL;
+  memset(gz, 0U, 5U * sizeof (uint64_t));
+  gz[0U] = 1ULL;
 }
 
 /**
@@ -264,11 +264,11 @@ void Hacl_EC_K256_point_mul(uint8_t *scalar, uint64_t *p, uint64_t *out)
 {
   uint64_t scalar_q[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = scalar_q;
-    uint64_t u = load64_be(scalar + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(scalar + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
   Hacl_Impl_K256_PointMul_point_mul(out, scalar_q, p);
@@ -307,20 +307,20 @@ void Hacl_EC_K256_point_load(uint8_t *b, uint64_t *out)
 {
   uint64_t p_aff[10U] = { 0U };
   uint64_t *px = p_aff;
-  uint64_t *py = p_aff + (uint32_t)5U;
+  uint64_t *py = p_aff + 5U;
   uint8_t *pxb = b;
-  uint8_t *pyb = b + (uint32_t)32U;
+  uint8_t *pyb = b + 32U;
   Hacl_K256_Field_load_felem(px, pxb);
   Hacl_K256_Field_load_felem(py, pyb);
   uint64_t *x = p_aff;
-  uint64_t *y = p_aff + (uint32_t)5U;
+  uint64_t *y = p_aff + 5U;
   uint64_t *x1 = out;
-  uint64_t *y1 = out + (uint32_t)5U;
-  uint64_t *z1 = out + (uint32_t)10U;
-  memcpy(x1, x, (uint32_t)5U * sizeof (uint64_t));
-  memcpy(y1, y, (uint32_t)5U * sizeof (uint64_t));
-  memset(z1, 0U, (uint32_t)5U * sizeof (uint64_t));
-  z1[0U] = (uint64_t)1U;
+  uint64_t *y1 = out + 5U;
+  uint64_t *z1 = out + 10U;
+  memcpy(x1, x, 5U * sizeof (uint64_t));
+  memcpy(y1, y, 5U * sizeof (uint64_t));
+  memset(z1, 0U, 5U * sizeof (uint64_t));
+  z1[0U] = 1ULL;
 }
 
 /**
diff --git a/src/msvc/Hacl_Ed25519.c b/src/msvc/Hacl_Ed25519.c
index f9881e91..05d96cd0 100644
--- a/src/msvc/Hacl_Ed25519.c
+++ b/src/msvc/Hacl_Ed25519.c
@@ -49,24 +49,24 @@ void Hacl_Bignum25519_reduce_513(uint64_t *a)
   uint64_t f2 = a[2U];
   uint64_t f3 = a[3U];
   uint64_t f4 = a[4U];
-  uint64_t l_ = f0 + (uint64_t)0U;
-  uint64_t tmp0 = l_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = l_ >> (uint32_t)51U;
+  uint64_t l_ = f0 + 0ULL;
+  uint64_t tmp0 = l_ & 0x7ffffffffffffULL;
+  uint64_t c0 = l_ >> 51U;
   uint64_t l_0 = f1 + c0;
-  uint64_t tmp1 = l_0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = l_0 >> (uint32_t)51U;
+  uint64_t tmp1 = l_0 & 0x7ffffffffffffULL;
+  uint64_t c1 = l_0 >> 51U;
   uint64_t l_1 = f2 + c1;
-  uint64_t tmp2 = l_1 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = l_1 >> (uint32_t)51U;
+  uint64_t tmp2 = l_1 & 0x7ffffffffffffULL;
+  uint64_t c2 = l_1 >> 51U;
   uint64_t l_2 = f3 + c2;
-  uint64_t tmp3 = l_2 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = l_2 >> (uint32_t)51U;
+  uint64_t tmp3 = l_2 & 0x7ffffffffffffULL;
+  uint64_t c3 = l_2 >> 51U;
   uint64_t l_3 = f4 + c3;
-  uint64_t tmp4 = l_3 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = l_3 >> (uint32_t)51U;
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = l_3 & 0x7ffffffffffffULL;
+  uint64_t c4 = l_3 >> 51U;
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   a[0U] = tmp0_;
   a[1U] = tmp1 + c5;
   a[2U] = tmp2;
@@ -77,8 +77,8 @@ void Hacl_Bignum25519_reduce_513(uint64_t *a)
 static inline void fmul0(uint64_t *output, uint64_t *input, uint64_t *input2)
 {
   FStar_UInt128_uint128 tmp[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Impl_Curve25519_Field51_fmul(output, input, input2, tmp);
 }
 
@@ -89,11 +89,11 @@ static inline void times_2(uint64_t *out, uint64_t *a)
   uint64_t a2 = a[2U];
   uint64_t a3 = a[3U];
   uint64_t a4 = a[4U];
-  uint64_t o0 = (uint64_t)2U * a0;
-  uint64_t o1 = (uint64_t)2U * a1;
-  uint64_t o2 = (uint64_t)2U * a2;
-  uint64_t o3 = (uint64_t)2U * a3;
-  uint64_t o4 = (uint64_t)2U * a4;
+  uint64_t o0 = 2ULL * a0;
+  uint64_t o1 = 2ULL * a1;
+  uint64_t o2 = 2ULL * a2;
+  uint64_t o3 = 2ULL * a3;
+  uint64_t o4 = 2ULL * a4;
   out[0U] = o0;
   out[1U] = o1;
   out[2U] = o2;
@@ -104,54 +104,54 @@ static inline void times_2(uint64_t *out, uint64_t *a)
 static inline void times_d(uint64_t *out, uint64_t *a)
 {
   uint64_t d[5U] = { 0U };
-  d[0U] = (uint64_t)0x00034dca135978a3U;
-  d[1U] = (uint64_t)0x0001a8283b156ebdU;
-  d[2U] = (uint64_t)0x0005e7a26001c029U;
-  d[3U] = (uint64_t)0x000739c663a03cbbU;
-  d[4U] = (uint64_t)0x00052036cee2b6ffU;
+  d[0U] = 0x00034dca135978a3ULL;
+  d[1U] = 0x0001a8283b156ebdULL;
+  d[2U] = 0x0005e7a26001c029ULL;
+  d[3U] = 0x000739c663a03cbbULL;
+  d[4U] = 0x00052036cee2b6ffULL;
   fmul0(out, d, a);
 }
 
 static inline void times_2d(uint64_t *out, uint64_t *a)
 {
   uint64_t d2[5U] = { 0U };
-  d2[0U] = (uint64_t)0x00069b9426b2f159U;
-  d2[1U] = (uint64_t)0x00035050762add7aU;
-  d2[2U] = (uint64_t)0x0003cf44c0038052U;
-  d2[3U] = (uint64_t)0x0006738cc7407977U;
-  d2[4U] = (uint64_t)0x0002406d9dc56dffU;
+  d2[0U] = 0x00069b9426b2f159ULL;
+  d2[1U] = 0x00035050762add7aULL;
+  d2[2U] = 0x0003cf44c0038052ULL;
+  d2[3U] = 0x0006738cc7407977ULL;
+  d2[4U] = 0x0002406d9dc56dffULL;
   fmul0(out, d2, a);
 }
 
 static inline void fsquare(uint64_t *out, uint64_t *a)
 {
   FStar_UInt128_uint128 tmp[5U];
-  for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 5U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Impl_Curve25519_Field51_fsqr(out, a, tmp);
 }
 
 static inline void fsquare_times(uint64_t *output, uint64_t *input, uint32_t count)
 {
   FStar_UInt128_uint128 tmp[5U];
-  for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 5U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Curve25519_51_fsquare_times(output, input, tmp, count);
 }
 
 static inline void fsquare_times_inplace(uint64_t *output, uint32_t count)
 {
   FStar_UInt128_uint128 tmp[5U];
-  for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 5U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Curve25519_51_fsquare_times(output, output, tmp, count);
 }
 
 void Hacl_Bignum25519_inverse(uint64_t *out, uint64_t *a)
 {
   FStar_UInt128_uint128 tmp[10U];
-  for (uint32_t _i = 0U; _i < (uint32_t)10U; ++_i)
-    tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+  for (uint32_t _i = 0U; _i < 10U; ++_i)
+    tmp[_i] = FStar_UInt128_uint64_to_uint128(0ULL);
   Hacl_Curve25519_51_finv(out, a, tmp);
 }
 
@@ -162,40 +162,40 @@ static inline void reduce(uint64_t *out)
   uint64_t o2 = out[2U];
   uint64_t o3 = out[3U];
   uint64_t o4 = out[4U];
-  uint64_t l_ = o0 + (uint64_t)0U;
-  uint64_t tmp0 = l_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t c0 = l_ >> (uint32_t)51U;
+  uint64_t l_ = o0 + 0ULL;
+  uint64_t tmp0 = l_ & 0x7ffffffffffffULL;
+  uint64_t c0 = l_ >> 51U;
   uint64_t l_0 = o1 + c0;
-  uint64_t tmp1 = l_0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c1 = l_0 >> (uint32_t)51U;
+  uint64_t tmp1 = l_0 & 0x7ffffffffffffULL;
+  uint64_t c1 = l_0 >> 51U;
   uint64_t l_1 = o2 + c1;
-  uint64_t tmp2 = l_1 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c2 = l_1 >> (uint32_t)51U;
+  uint64_t tmp2 = l_1 & 0x7ffffffffffffULL;
+  uint64_t c2 = l_1 >> 51U;
   uint64_t l_2 = o3 + c2;
-  uint64_t tmp3 = l_2 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c3 = l_2 >> (uint32_t)51U;
+  uint64_t tmp3 = l_2 & 0x7ffffffffffffULL;
+  uint64_t c3 = l_2 >> 51U;
   uint64_t l_3 = o4 + c3;
-  uint64_t tmp4 = l_3 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c4 = l_3 >> (uint32_t)51U;
-  uint64_t l_4 = tmp0 + c4 * (uint64_t)19U;
-  uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t c5 = l_4 >> (uint32_t)51U;
+  uint64_t tmp4 = l_3 & 0x7ffffffffffffULL;
+  uint64_t c4 = l_3 >> 51U;
+  uint64_t l_4 = tmp0 + c4 * 19ULL;
+  uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL;
+  uint64_t c5 = l_4 >> 51U;
   uint64_t f0 = tmp0_;
   uint64_t f1 = tmp1 + c5;
   uint64_t f2 = tmp2;
   uint64_t f3 = tmp3;
   uint64_t f4 = tmp4;
-  uint64_t m0 = FStar_UInt64_gte_mask(f0, (uint64_t)0x7ffffffffffedU);
-  uint64_t m1 = FStar_UInt64_eq_mask(f1, (uint64_t)0x7ffffffffffffU);
-  uint64_t m2 = FStar_UInt64_eq_mask(f2, (uint64_t)0x7ffffffffffffU);
-  uint64_t m3 = FStar_UInt64_eq_mask(f3, (uint64_t)0x7ffffffffffffU);
-  uint64_t m4 = FStar_UInt64_eq_mask(f4, (uint64_t)0x7ffffffffffffU);
+  uint64_t m0 = FStar_UInt64_gte_mask(f0, 0x7ffffffffffedULL);
+  uint64_t m1 = FStar_UInt64_eq_mask(f1, 0x7ffffffffffffULL);
+  uint64_t m2 = FStar_UInt64_eq_mask(f2, 0x7ffffffffffffULL);
+  uint64_t m3 = FStar_UInt64_eq_mask(f3, 0x7ffffffffffffULL);
+  uint64_t m4 = FStar_UInt64_eq_mask(f4, 0x7ffffffffffffULL);
   uint64_t mask = (((m0 & m1) & m2) & m3) & m4;
-  uint64_t f0_ = f0 - (mask & (uint64_t)0x7ffffffffffedU);
-  uint64_t f1_ = f1 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f2_ = f2 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f3_ = f3 - (mask & (uint64_t)0x7ffffffffffffU);
-  uint64_t f4_ = f4 - (mask & (uint64_t)0x7ffffffffffffU);
+  uint64_t f0_ = f0 - (mask & 0x7ffffffffffedULL);
+  uint64_t f1_ = f1 - (mask & 0x7ffffffffffffULL);
+  uint64_t f2_ = f2 - (mask & 0x7ffffffffffffULL);
+  uint64_t f3_ = f3 - (mask & 0x7ffffffffffffULL);
+  uint64_t f4_ = f4 - (mask & 0x7ffffffffffffULL);
   uint64_t f01 = f0_;
   uint64_t f11 = f1_;
   uint64_t f21 = f2_;
@@ -212,45 +212,41 @@ void Hacl_Bignum25519_load_51(uint64_t *output, uint8_t *input)
 {
   uint64_t u64s[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = u64s;
-    uint8_t *bj = input + i * (uint32_t)8U;
+    uint8_t *bj = input + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   uint64_t u64s3 = u64s[3U];
-  u64s[3U] = u64s3 & (uint64_t)0x7fffffffffffffffU;
-  output[0U] = u64s[0U] & (uint64_t)0x7ffffffffffffU;
-  output[1U] = u64s[0U] >> (uint32_t)51U | (u64s[1U] & (uint64_t)0x3fffffffffU) << (uint32_t)13U;
-  output[2U] = u64s[1U] >> (uint32_t)38U | (u64s[2U] & (uint64_t)0x1ffffffU) << (uint32_t)26U;
-  output[3U] = u64s[2U] >> (uint32_t)25U | (u64s[3U] & (uint64_t)0xfffU) << (uint32_t)39U;
-  output[4U] = u64s[3U] >> (uint32_t)12U;
+  u64s[3U] = u64s3 & 0x7fffffffffffffffULL;
+  output[0U] = u64s[0U] & 0x7ffffffffffffULL;
+  output[1U] = u64s[0U] >> 51U | (u64s[1U] & 0x3fffffffffULL) << 13U;
+  output[2U] = u64s[1U] >> 38U | (u64s[2U] & 0x1ffffffULL) << 26U;
+  output[3U] = u64s[2U] >> 25U | (u64s[3U] & 0xfffULL) << 39U;
+  output[4U] = u64s[3U] >> 12U;
 }
 
 void Hacl_Bignum25519_store_51(uint8_t *output, uint64_t *input)
 {
   uint64_t u64s[4U] = { 0U };
   Hacl_Impl_Curve25519_Field51_store_felem(u64s, input);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(output + i * (uint32_t)8U, u64s[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_le(output + i * 8U, u64s[i]););
 }
 
 void Hacl_Impl_Ed25519_PointDouble_point_double(uint64_t *out, uint64_t *p)
 {
   uint64_t tmp[20U] = { 0U };
   uint64_t *tmp1 = tmp;
-  uint64_t *tmp20 = tmp + (uint32_t)5U;
-  uint64_t *tmp30 = tmp + (uint32_t)10U;
-  uint64_t *tmp40 = tmp + (uint32_t)15U;
+  uint64_t *tmp20 = tmp + 5U;
+  uint64_t *tmp30 = tmp + 10U;
+  uint64_t *tmp40 = tmp + 15U;
   uint64_t *x10 = p;
-  uint64_t *y10 = p + (uint32_t)5U;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *y10 = p + 5U;
+  uint64_t *z1 = p + 10U;
   fsquare(tmp1, x10);
   fsquare(tmp20, y10);
   fsum(tmp30, tmp1, tmp20);
@@ -258,11 +254,11 @@ void Hacl_Impl_Ed25519_PointDouble_point_double(uint64_t *out, uint64_t *p)
   fsquare(tmp1, z1);
   times_2(tmp1, tmp1);
   uint64_t *tmp10 = tmp;
-  uint64_t *tmp2 = tmp + (uint32_t)5U;
-  uint64_t *tmp3 = tmp + (uint32_t)10U;
-  uint64_t *tmp4 = tmp + (uint32_t)15U;
+  uint64_t *tmp2 = tmp + 5U;
+  uint64_t *tmp3 = tmp + 10U;
+  uint64_t *tmp4 = tmp + 15U;
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
+  uint64_t *y1 = p + 5U;
   fsum(tmp2, x1, y1);
   fsquare(tmp2, tmp2);
   Hacl_Bignum25519_reduce_513(tmp3);
@@ -271,13 +267,13 @@ void Hacl_Impl_Ed25519_PointDouble_point_double(uint64_t *out, uint64_t *p)
   Hacl_Bignum25519_reduce_513(tmp4);
   fsum(tmp10, tmp10, tmp4);
   uint64_t *tmp_f = tmp;
-  uint64_t *tmp_e = tmp + (uint32_t)5U;
-  uint64_t *tmp_h = tmp + (uint32_t)10U;
-  uint64_t *tmp_g = tmp + (uint32_t)15U;
+  uint64_t *tmp_e = tmp + 5U;
+  uint64_t *tmp_h = tmp + 10U;
+  uint64_t *tmp_g = tmp + 15U;
   uint64_t *x3 = out;
-  uint64_t *y3 = out + (uint32_t)5U;
-  uint64_t *z3 = out + (uint32_t)10U;
-  uint64_t *t3 = out + (uint32_t)15U;
+  uint64_t *y3 = out + 5U;
+  uint64_t *z3 = out + 10U;
+  uint64_t *t3 = out + 15U;
   fmul0(x3, tmp_e, tmp_f);
   fmul0(y3, tmp_g, tmp_h);
   fmul0(t3, tmp_e, tmp_h);
@@ -288,13 +284,13 @@ void Hacl_Impl_Ed25519_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *
 {
   uint64_t tmp[30U] = { 0U };
   uint64_t *tmp1 = tmp;
-  uint64_t *tmp20 = tmp + (uint32_t)5U;
-  uint64_t *tmp30 = tmp + (uint32_t)10U;
-  uint64_t *tmp40 = tmp + (uint32_t)15U;
+  uint64_t *tmp20 = tmp + 5U;
+  uint64_t *tmp30 = tmp + 10U;
+  uint64_t *tmp40 = tmp + 15U;
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
+  uint64_t *y1 = p + 5U;
   uint64_t *x2 = q;
-  uint64_t *y2 = q + (uint32_t)5U;
+  uint64_t *y2 = q + 5U;
   fdifference(tmp1, y1, x1);
   fdifference(tmp20, y2, x2);
   fmul0(tmp30, tmp1, tmp20);
@@ -302,15 +298,15 @@ void Hacl_Impl_Ed25519_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *
   fsum(tmp20, y2, x2);
   fmul0(tmp40, tmp1, tmp20);
   uint64_t *tmp10 = tmp;
-  uint64_t *tmp2 = tmp + (uint32_t)5U;
-  uint64_t *tmp3 = tmp + (uint32_t)10U;
-  uint64_t *tmp4 = tmp + (uint32_t)15U;
-  uint64_t *tmp5 = tmp + (uint32_t)20U;
-  uint64_t *tmp6 = tmp + (uint32_t)25U;
-  uint64_t *z1 = p + (uint32_t)10U;
-  uint64_t *t1 = p + (uint32_t)15U;
-  uint64_t *z2 = q + (uint32_t)10U;
-  uint64_t *t2 = q + (uint32_t)15U;
+  uint64_t *tmp2 = tmp + 5U;
+  uint64_t *tmp3 = tmp + 10U;
+  uint64_t *tmp4 = tmp + 15U;
+  uint64_t *tmp5 = tmp + 20U;
+  uint64_t *tmp6 = tmp + 25U;
+  uint64_t *z1 = p + 10U;
+  uint64_t *t1 = p + 15U;
+  uint64_t *z2 = q + 10U;
+  uint64_t *t2 = q + 15U;
   times_2d(tmp10, t1);
   fmul0(tmp10, tmp10, t2);
   times_2(tmp2, z1);
@@ -320,13 +316,13 @@ void Hacl_Impl_Ed25519_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *
   fsum(tmp10, tmp2, tmp10);
   fsum(tmp2, tmp4, tmp3);
   uint64_t *tmp_g = tmp;
-  uint64_t *tmp_h = tmp + (uint32_t)5U;
-  uint64_t *tmp_e = tmp + (uint32_t)20U;
-  uint64_t *tmp_f = tmp + (uint32_t)25U;
+  uint64_t *tmp_h = tmp + 5U;
+  uint64_t *tmp_e = tmp + 20U;
+  uint64_t *tmp_f = tmp + 25U;
   uint64_t *x3 = out;
-  uint64_t *y3 = out + (uint32_t)5U;
-  uint64_t *z3 = out + (uint32_t)10U;
-  uint64_t *t3 = out + (uint32_t)15U;
+  uint64_t *y3 = out + 5U;
+  uint64_t *z3 = out + 10U;
+  uint64_t *t3 = out + 15U;
   fmul0(x3, tmp_e, tmp_f);
   fmul0(y3, tmp_g, tmp_h);
   fmul0(t3, tmp_e, tmp_h);
@@ -336,64 +332,64 @@ void Hacl_Impl_Ed25519_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *
 void Hacl_Impl_Ed25519_PointConstants_make_point_inf(uint64_t *b)
 {
   uint64_t *x = b;
-  uint64_t *y = b + (uint32_t)5U;
-  uint64_t *z = b + (uint32_t)10U;
-  uint64_t *t = b + (uint32_t)15U;
-  x[0U] = (uint64_t)0U;
-  x[1U] = (uint64_t)0U;
-  x[2U] = (uint64_t)0U;
-  x[3U] = (uint64_t)0U;
-  x[4U] = (uint64_t)0U;
-  y[0U] = (uint64_t)1U;
-  y[1U] = (uint64_t)0U;
-  y[2U] = (uint64_t)0U;
-  y[3U] = (uint64_t)0U;
-  y[4U] = (uint64_t)0U;
-  z[0U] = (uint64_t)1U;
-  z[1U] = (uint64_t)0U;
-  z[2U] = (uint64_t)0U;
-  z[3U] = (uint64_t)0U;
-  z[4U] = (uint64_t)0U;
-  t[0U] = (uint64_t)0U;
-  t[1U] = (uint64_t)0U;
-  t[2U] = (uint64_t)0U;
-  t[3U] = (uint64_t)0U;
-  t[4U] = (uint64_t)0U;
+  uint64_t *y = b + 5U;
+  uint64_t *z = b + 10U;
+  uint64_t *t = b + 15U;
+  x[0U] = 0ULL;
+  x[1U] = 0ULL;
+  x[2U] = 0ULL;
+  x[3U] = 0ULL;
+  x[4U] = 0ULL;
+  y[0U] = 1ULL;
+  y[1U] = 0ULL;
+  y[2U] = 0ULL;
+  y[3U] = 0ULL;
+  y[4U] = 0ULL;
+  z[0U] = 1ULL;
+  z[1U] = 0ULL;
+  z[2U] = 0ULL;
+  z[3U] = 0ULL;
+  z[4U] = 0ULL;
+  t[0U] = 0ULL;
+  t[1U] = 0ULL;
+  t[2U] = 0ULL;
+  t[3U] = 0ULL;
+  t[4U] = 0ULL;
 }
 
 static inline void pow2_252m2(uint64_t *out, uint64_t *z)
 {
   uint64_t buf[20U] = { 0U };
   uint64_t *a = buf;
-  uint64_t *t00 = buf + (uint32_t)5U;
-  uint64_t *b0 = buf + (uint32_t)10U;
-  uint64_t *c0 = buf + (uint32_t)15U;
-  fsquare_times(a, z, (uint32_t)1U);
-  fsquare_times(t00, a, (uint32_t)2U);
+  uint64_t *t00 = buf + 5U;
+  uint64_t *b0 = buf + 10U;
+  uint64_t *c0 = buf + 15U;
+  fsquare_times(a, z, 1U);
+  fsquare_times(t00, a, 2U);
   fmul0(b0, t00, z);
   fmul0(a, b0, a);
-  fsquare_times(t00, a, (uint32_t)1U);
+  fsquare_times(t00, a, 1U);
   fmul0(b0, t00, b0);
-  fsquare_times(t00, b0, (uint32_t)5U);
+  fsquare_times(t00, b0, 5U);
   fmul0(b0, t00, b0);
-  fsquare_times(t00, b0, (uint32_t)10U);
+  fsquare_times(t00, b0, 10U);
   fmul0(c0, t00, b0);
-  fsquare_times(t00, c0, (uint32_t)20U);
+  fsquare_times(t00, c0, 20U);
   fmul0(t00, t00, c0);
-  fsquare_times_inplace(t00, (uint32_t)10U);
+  fsquare_times_inplace(t00, 10U);
   fmul0(b0, t00, b0);
-  fsquare_times(t00, b0, (uint32_t)50U);
+  fsquare_times(t00, b0, 50U);
   uint64_t *a0 = buf;
-  uint64_t *t0 = buf + (uint32_t)5U;
-  uint64_t *b = buf + (uint32_t)10U;
-  uint64_t *c = buf + (uint32_t)15U;
-  fsquare_times(a0, z, (uint32_t)1U);
+  uint64_t *t0 = buf + 5U;
+  uint64_t *b = buf + 10U;
+  uint64_t *c = buf + 15U;
+  fsquare_times(a0, z, 1U);
   fmul0(c, t0, b);
-  fsquare_times(t0, c, (uint32_t)100U);
+  fsquare_times(t0, c, 100U);
   fmul0(t0, t0, c);
-  fsquare_times_inplace(t0, (uint32_t)50U);
+  fsquare_times_inplace(t0, 50U);
   fmul0(t0, t0, b);
-  fsquare_times_inplace(t0, (uint32_t)2U);
+  fsquare_times_inplace(t0, 2U);
   fmul0(out, t0, a0);
 }
 
@@ -404,23 +400,17 @@ static inline bool is_0(uint64_t *x)
   uint64_t x2 = x[2U];
   uint64_t x3 = x[3U];
   uint64_t x4 = x[4U];
-  return
-    x0
-    == (uint64_t)0U
-    && x1 == (uint64_t)0U
-    && x2 == (uint64_t)0U
-    && x3 == (uint64_t)0U
-    && x4 == (uint64_t)0U;
+  return x0 == 0ULL && x1 == 0ULL && x2 == 0ULL && x3 == 0ULL && x4 == 0ULL;
 }
 
 static inline void mul_modp_sqrt_m1(uint64_t *x)
 {
   uint64_t sqrt_m1[5U] = { 0U };
-  sqrt_m1[0U] = (uint64_t)0x00061b274a0ea0b0U;
-  sqrt_m1[1U] = (uint64_t)0x0000d5a5fc8f189dU;
-  sqrt_m1[2U] = (uint64_t)0x0007ef5e9cbd0c60U;
-  sqrt_m1[3U] = (uint64_t)0x00078595a6804c9eU;
-  sqrt_m1[4U] = (uint64_t)0x0002b8324804fc1dU;
+  sqrt_m1[0U] = 0x00061b274a0ea0b0ULL;
+  sqrt_m1[1U] = 0x0000d5a5fc8f189dULL;
+  sqrt_m1[2U] = 0x0007ef5e9cbd0c60ULL;
+  sqrt_m1[3U] = 0x00078595a6804c9eULL;
+  sqrt_m1[4U] = 0x0002b8324804fc1dULL;
   fmul0(x, x, sqrt_m1);
 }
 
@@ -436,11 +426,11 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
   bool
   b =
     x00
-    >= (uint64_t)0x7ffffffffffedU
-    && x1 == (uint64_t)0x7ffffffffffffU
-    && x21 == (uint64_t)0x7ffffffffffffU
-    && x30 == (uint64_t)0x7ffffffffffffU
-    && x4 == (uint64_t)0x7ffffffffffffU;
+    >= 0x7ffffffffffedULL
+    && x1 == 0x7ffffffffffffULL
+    && x21 == 0x7ffffffffffffULL
+    && x30 == 0x7ffffffffffffULL
+    && x4 == 0x7ffffffffffffULL;
   bool res;
   if (b)
   {
@@ -450,14 +440,14 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
   {
     uint64_t tmp1[20U] = { 0U };
     uint64_t *one = tmp1;
-    uint64_t *y2 = tmp1 + (uint32_t)5U;
-    uint64_t *dyyi = tmp1 + (uint32_t)10U;
-    uint64_t *dyy = tmp1 + (uint32_t)15U;
-    one[0U] = (uint64_t)1U;
-    one[1U] = (uint64_t)0U;
-    one[2U] = (uint64_t)0U;
-    one[3U] = (uint64_t)0U;
-    one[4U] = (uint64_t)0U;
+    uint64_t *y2 = tmp1 + 5U;
+    uint64_t *dyyi = tmp1 + 10U;
+    uint64_t *dyy = tmp1 + 15U;
+    one[0U] = 1ULL;
+    one[1U] = 0ULL;
+    one[2U] = 0ULL;
+    one[3U] = 0ULL;
+    one[4U] = 0ULL;
     fsquare(y2, y);
     times_d(dyy, y2);
     fsum(dyy, dyy, one);
@@ -470,37 +460,37 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
     uint8_t z;
     if (x2_is_0)
     {
-      if (sign == (uint64_t)0U)
+      if (sign == 0ULL)
       {
-        x[0U] = (uint64_t)0U;
-        x[1U] = (uint64_t)0U;
-        x[2U] = (uint64_t)0U;
-        x[3U] = (uint64_t)0U;
-        x[4U] = (uint64_t)0U;
-        z = (uint8_t)1U;
+        x[0U] = 0ULL;
+        x[1U] = 0ULL;
+        x[2U] = 0ULL;
+        x[3U] = 0ULL;
+        x[4U] = 0ULL;
+        z = 1U;
       }
       else
       {
-        z = (uint8_t)0U;
+        z = 0U;
       }
     }
     else
     {
-      z = (uint8_t)2U;
+      z = 2U;
     }
-    if (z == (uint8_t)0U)
+    if (z == 0U)
     {
       res = false;
     }
-    else if (z == (uint8_t)1U)
+    else if (z == 1U)
     {
       res = true;
     }
     else
     {
       uint64_t *x210 = tmp;
-      uint64_t *x31 = tmp + (uint32_t)5U;
-      uint64_t *t00 = tmp + (uint32_t)10U;
+      uint64_t *x31 = tmp + 5U;
+      uint64_t *t00 = tmp + 10U;
       pow2_252m2(x31, x210);
       fsquare(t00, x31);
       fdifference(t00, t00, x210);
@@ -512,8 +502,8 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
         mul_modp_sqrt_m1(x31);
       }
       uint64_t *x211 = tmp;
-      uint64_t *x3 = tmp + (uint32_t)5U;
-      uint64_t *t01 = tmp + (uint32_t)10U;
+      uint64_t *x3 = tmp + 5U;
+      uint64_t *t01 = tmp + 10U;
       fsquare(t01, x3);
       fdifference(t01, t01, x211);
       Hacl_Bignum25519_reduce_513(t01);
@@ -525,23 +515,23 @@ static inline bool recover_x(uint64_t *x, uint64_t *y, uint64_t sign)
       }
       else
       {
-        uint64_t *x32 = tmp + (uint32_t)5U;
-        uint64_t *t0 = tmp + (uint32_t)10U;
+        uint64_t *x32 = tmp + 5U;
+        uint64_t *t0 = tmp + 10U;
         reduce(x32);
         uint64_t x0 = x32[0U];
-        uint64_t x01 = x0 & (uint64_t)1U;
+        uint64_t x01 = x0 & 1ULL;
         if (!(x01 == sign))
         {
-          t0[0U] = (uint64_t)0U;
-          t0[1U] = (uint64_t)0U;
-          t0[2U] = (uint64_t)0U;
-          t0[3U] = (uint64_t)0U;
-          t0[4U] = (uint64_t)0U;
+          t0[0U] = 0ULL;
+          t0[1U] = 0ULL;
+          t0[2U] = 0ULL;
+          t0[3U] = 0ULL;
+          t0[4U] = 0ULL;
           fdifference(x32, t0, x32);
           Hacl_Bignum25519_reduce_513(x32);
           reduce(x32);
         }
-        memcpy(x, x32, (uint32_t)5U * sizeof (uint64_t));
+        memcpy(x, x32, 5U * sizeof (uint64_t));
         res = true;
       }
     }
@@ -554,9 +544,9 @@ bool Hacl_Impl_Ed25519_PointDecompress_point_decompress(uint64_t *out, uint8_t *
 {
   uint64_t tmp[10U] = { 0U };
   uint64_t *y = tmp;
-  uint64_t *x = tmp + (uint32_t)5U;
+  uint64_t *x = tmp + 5U;
   uint8_t s31 = s[31U];
-  uint8_t z = s31 >> (uint32_t)7U;
+  uint8_t z = (uint32_t)s31 >> 7U;
   uint64_t sign = (uint64_t)z;
   Hacl_Bignum25519_load_51(y, s);
   bool z0 = recover_x(x, y, sign);
@@ -568,16 +558,16 @@ bool Hacl_Impl_Ed25519_PointDecompress_point_decompress(uint64_t *out, uint8_t *
   else
   {
     uint64_t *outx = out;
-    uint64_t *outy = out + (uint32_t)5U;
-    uint64_t *outz = out + (uint32_t)10U;
-    uint64_t *outt = out + (uint32_t)15U;
-    memcpy(outx, x, (uint32_t)5U * sizeof (uint64_t));
-    memcpy(outy, y, (uint32_t)5U * sizeof (uint64_t));
-    outz[0U] = (uint64_t)1U;
-    outz[1U] = (uint64_t)0U;
-    outz[2U] = (uint64_t)0U;
-    outz[3U] = (uint64_t)0U;
-    outz[4U] = (uint64_t)0U;
+    uint64_t *outy = out + 5U;
+    uint64_t *outz = out + 10U;
+    uint64_t *outt = out + 15U;
+    memcpy(outx, x, 5U * sizeof (uint64_t));
+    memcpy(outy, y, 5U * sizeof (uint64_t));
+    outz[0U] = 1ULL;
+    outz[1U] = 0ULL;
+    outz[2U] = 0ULL;
+    outz[3U] = 0ULL;
+    outz[4U] = 0ULL;
     fmul0(outt, x, y);
     res = true;
   }
@@ -588,25 +578,25 @@ bool Hacl_Impl_Ed25519_PointDecompress_point_decompress(uint64_t *out, uint8_t *
 void Hacl_Impl_Ed25519_PointCompress_point_compress(uint8_t *z, uint64_t *p)
 {
   uint64_t tmp[15U] = { 0U };
-  uint64_t *x = tmp + (uint32_t)5U;
-  uint64_t *out = tmp + (uint32_t)10U;
+  uint64_t *x = tmp + 5U;
+  uint64_t *out = tmp + 10U;
   uint64_t *zinv1 = tmp;
-  uint64_t *x1 = tmp + (uint32_t)5U;
-  uint64_t *out1 = tmp + (uint32_t)10U;
+  uint64_t *x1 = tmp + 5U;
+  uint64_t *out1 = tmp + 10U;
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
-  uint64_t *pz = p + (uint32_t)10U;
+  uint64_t *py = p + 5U;
+  uint64_t *pz = p + 10U;
   Hacl_Bignum25519_inverse(zinv1, pz);
   fmul0(x1, px, zinv1);
   reduce(x1);
   fmul0(out1, py, zinv1);
   Hacl_Bignum25519_reduce_513(out1);
   uint64_t x0 = x[0U];
-  uint64_t b = x0 & (uint64_t)1U;
+  uint64_t b = x0 & 1ULL;
   Hacl_Bignum25519_store_51(z, out);
   uint8_t xbyte = (uint8_t)b;
   uint8_t o31 = z[31U];
-  z[31U] = o31 + (xbyte << (uint32_t)7U);
+  z[31U] = (uint32_t)o31 + ((uint32_t)xbyte << 7U);
 }
 
 static inline void barrett_reduction(uint64_t *z, uint64_t *t)
@@ -621,40 +611,40 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t t7 = t[7U];
   uint64_t t8 = t[8U];
   uint64_t t9 = t[9U];
-  uint64_t m00 = (uint64_t)0x12631a5cf5d3edU;
-  uint64_t m10 = (uint64_t)0xf9dea2f79cd658U;
-  uint64_t m20 = (uint64_t)0x000000000014deU;
-  uint64_t m30 = (uint64_t)0x00000000000000U;
-  uint64_t m40 = (uint64_t)0x00000010000000U;
+  uint64_t m00 = 0x12631a5cf5d3edULL;
+  uint64_t m10 = 0xf9dea2f79cd658ULL;
+  uint64_t m20 = 0x000000000014deULL;
+  uint64_t m30 = 0x00000000000000ULL;
+  uint64_t m40 = 0x00000010000000ULL;
   uint64_t m0 = m00;
   uint64_t m1 = m10;
   uint64_t m2 = m20;
   uint64_t m3 = m30;
   uint64_t m4 = m40;
-  uint64_t m010 = (uint64_t)0x9ce5a30a2c131bU;
-  uint64_t m110 = (uint64_t)0x215d086329a7edU;
-  uint64_t m210 = (uint64_t)0xffffffffeb2106U;
-  uint64_t m310 = (uint64_t)0xffffffffffffffU;
-  uint64_t m410 = (uint64_t)0x00000fffffffffU;
+  uint64_t m010 = 0x9ce5a30a2c131bULL;
+  uint64_t m110 = 0x215d086329a7edULL;
+  uint64_t m210 = 0xffffffffeb2106ULL;
+  uint64_t m310 = 0xffffffffffffffULL;
+  uint64_t m410 = 0x00000fffffffffULL;
   uint64_t mu0 = m010;
   uint64_t mu1 = m110;
   uint64_t mu2 = m210;
   uint64_t mu3 = m310;
   uint64_t mu4 = m410;
-  uint64_t y_ = (t5 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_ = t4 >> (uint32_t)24U;
+  uint64_t y_ = (t5 & 0xffffffULL) << 32U;
+  uint64_t x_ = t4 >> 24U;
   uint64_t z00 = x_ | y_;
-  uint64_t y_0 = (t6 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_0 = t5 >> (uint32_t)24U;
+  uint64_t y_0 = (t6 & 0xffffffULL) << 32U;
+  uint64_t x_0 = t5 >> 24U;
   uint64_t z10 = x_0 | y_0;
-  uint64_t y_1 = (t7 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_1 = t6 >> (uint32_t)24U;
+  uint64_t y_1 = (t7 & 0xffffffULL) << 32U;
+  uint64_t x_1 = t6 >> 24U;
   uint64_t z20 = x_1 | y_1;
-  uint64_t y_2 = (t8 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_2 = t7 >> (uint32_t)24U;
+  uint64_t y_2 = (t8 & 0xffffffULL) << 32U;
+  uint64_t x_2 = t7 >> 24U;
   uint64_t z30 = x_2 | y_2;
-  uint64_t y_3 = (t9 & (uint64_t)0xffffffU) << (uint32_t)32U;
-  uint64_t x_3 = t8 >> (uint32_t)24U;
+  uint64_t y_3 = (t9 & 0xffffffULL) << 32U;
+  uint64_t x_3 = t8 >> 24U;
   uint64_t z40 = x_3 | y_3;
   uint64_t q0 = z00;
   uint64_t q1 = z10;
@@ -707,55 +697,37 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 z6 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy24, xy33), xy42);
   FStar_UInt128_uint128 z7 = FStar_UInt128_add_mod(xy34, xy43);
   FStar_UInt128_uint128 z8 = xy44;
-  FStar_UInt128_uint128 carry0 = FStar_UInt128_shift_right(z01, (uint32_t)56U);
+  FStar_UInt128_uint128 carry0 = FStar_UInt128_shift_right(z01, 56U);
   FStar_UInt128_uint128 c00 = carry0;
-  FStar_UInt128_uint128
-  carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U);
+  FStar_UInt128_uint128 carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), 56U);
   FStar_UInt128_uint128 c10 = carry1;
-  FStar_UInt128_uint128
-  carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U);
+  FStar_UInt128_uint128 carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), 56U);
   FStar_UInt128_uint128 c20 = carry2;
-  FStar_UInt128_uint128
-  carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U);
+  FStar_UInt128_uint128 carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), 56U);
   FStar_UInt128_uint128 c30 = carry3;
-  FStar_UInt128_uint128
-  carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U);
+  FStar_UInt128_uint128 carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), 56U);
   uint64_t
-  t100 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30))
-    & (uint64_t)0xffffffffffffffU;
+  t100 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c40 = carry4;
   uint64_t t410 = t100;
-  FStar_UInt128_uint128
-  carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), (uint32_t)56U);
+  FStar_UInt128_uint128 carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), 56U);
   uint64_t
-  t101 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40))
-    & (uint64_t)0xffffffffffffffU;
+  t101 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c5 = carry5;
   uint64_t t51 = t101;
-  FStar_UInt128_uint128
-  carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), (uint32_t)56U);
+  FStar_UInt128_uint128 carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), 56U);
   uint64_t
-  t102 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5))
-    & (uint64_t)0xffffffffffffffU;
+  t102 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c6 = carry6;
   uint64_t t61 = t102;
-  FStar_UInt128_uint128
-  carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), (uint32_t)56U);
+  FStar_UInt128_uint128 carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), 56U);
   uint64_t
-  t103 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6))
-    & (uint64_t)0xffffffffffffffU;
+  t103 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c7 = carry7;
   uint64_t t71 = t103;
-  FStar_UInt128_uint128
-  carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), (uint32_t)56U);
+  FStar_UInt128_uint128 carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), 56U);
   uint64_t
-  t104 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7))
-    & (uint64_t)0xffffffffffffffU;
+  t104 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c8 = carry8;
   uint64_t t81 = t104;
   uint64_t t91 = FStar_UInt128_uint128_to_uint64(c8);
@@ -765,20 +737,20 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t qmu7_ = t71;
   uint64_t qmu8_ = t81;
   uint64_t qmu9_ = t91;
-  uint64_t y_4 = (qmu5_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_4 = qmu4_ >> (uint32_t)40U;
+  uint64_t y_4 = (qmu5_ & 0xffffffffffULL) << 16U;
+  uint64_t x_4 = qmu4_ >> 40U;
   uint64_t z02 = x_4 | y_4;
-  uint64_t y_5 = (qmu6_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_5 = qmu5_ >> (uint32_t)40U;
+  uint64_t y_5 = (qmu6_ & 0xffffffffffULL) << 16U;
+  uint64_t x_5 = qmu5_ >> 40U;
   uint64_t z12 = x_5 | y_5;
-  uint64_t y_6 = (qmu7_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_6 = qmu6_ >> (uint32_t)40U;
+  uint64_t y_6 = (qmu7_ & 0xffffffffffULL) << 16U;
+  uint64_t x_6 = qmu6_ >> 40U;
   uint64_t z22 = x_6 | y_6;
-  uint64_t y_7 = (qmu8_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_7 = qmu7_ >> (uint32_t)40U;
+  uint64_t y_7 = (qmu8_ & 0xffffffffffULL) << 16U;
+  uint64_t x_7 = qmu7_ >> 40U;
   uint64_t z32 = x_7 | y_7;
-  uint64_t y_8 = (qmu9_ & (uint64_t)0xffffffffffU) << (uint32_t)16U;
-  uint64_t x_8 = qmu8_ >> (uint32_t)40U;
+  uint64_t y_8 = (qmu9_ & 0xffffffffffULL) << 16U;
+  uint64_t x_8 = qmu8_ >> 40U;
   uint64_t z42 = x_8 | y_8;
   uint64_t qdiv0 = z02;
   uint64_t qdiv1 = z12;
@@ -789,7 +761,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t r1 = t1;
   uint64_t r2 = t2;
   uint64_t r3 = t3;
-  uint64_t r4 = t4 & (uint64_t)0xffffffffffU;
+  uint64_t r4 = t4 & 0xffffffffffULL;
   FStar_UInt128_uint128 xy00 = FStar_UInt128_mul_wide(qdiv0, m0);
   FStar_UInt128_uint128 xy01 = FStar_UInt128_mul_wide(qdiv0, m1);
   FStar_UInt128_uint128 xy02 = FStar_UInt128_mul_wide(qdiv0, m2);
@@ -805,18 +777,18 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 xy30 = FStar_UInt128_mul_wide(qdiv3, m0);
   FStar_UInt128_uint128 xy31 = FStar_UInt128_mul_wide(qdiv3, m1);
   FStar_UInt128_uint128 xy40 = FStar_UInt128_mul_wide(qdiv4, m0);
-  FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, (uint32_t)56U);
-  uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
+  FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, 56U);
+  uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c0 = carry9;
   uint64_t t010 = t105;
   FStar_UInt128_uint128
   carry10 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0),
-      (uint32_t)56U);
+      56U);
   uint64_t
   t106 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0))
-    & (uint64_t)0xffffffffffffffU;
+    & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c11 = carry10;
   uint64_t t110 = t106;
   FStar_UInt128_uint128
@@ -825,14 +797,14 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
             xy11),
           xy20),
         c11),
-      (uint32_t)56U);
+      56U);
   uint64_t
   t107 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
             xy11),
           xy20),
         c11))
-    & (uint64_t)0xffffffffffffffU;
+    & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c21 = carry11;
   uint64_t t210 = t107;
   FStar_UInt128_uint128
@@ -842,7 +814,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
             xy21),
           xy30),
         c21),
-      (uint32_t)56U);
+      56U);
   uint64_t
   t108 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
@@ -850,7 +822,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
             xy21),
           xy30),
         c21))
-    & (uint64_t)0xffffffffffffffU;
+    & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c31 = carry;
   uint64_t t310 = t108;
   uint64_t
@@ -861,67 +833,67 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
             xy31),
           xy40),
         c31))
-    & (uint64_t)0xffffffffffU;
+    & 0xffffffffffULL;
   uint64_t qmul0 = t010;
   uint64_t qmul1 = t110;
   uint64_t qmul2 = t210;
   uint64_t qmul3 = t310;
   uint64_t qmul4 = t411;
-  uint64_t b5 = (r0 - qmul0) >> (uint32_t)63U;
-  uint64_t t109 = (b5 << (uint32_t)56U) + r0 - qmul0;
+  uint64_t b5 = (r0 - qmul0) >> 63U;
+  uint64_t t109 = (b5 << 56U) + r0 - qmul0;
   uint64_t c1 = b5;
   uint64_t t011 = t109;
-  uint64_t b6 = (r1 - (qmul1 + c1)) >> (uint32_t)63U;
-  uint64_t t1010 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
+  uint64_t b6 = (r1 - (qmul1 + c1)) >> 63U;
+  uint64_t t1010 = (b6 << 56U) + r1 - (qmul1 + c1);
   uint64_t c2 = b6;
   uint64_t t111 = t1010;
-  uint64_t b7 = (r2 - (qmul2 + c2)) >> (uint32_t)63U;
-  uint64_t t1011 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
+  uint64_t b7 = (r2 - (qmul2 + c2)) >> 63U;
+  uint64_t t1011 = (b7 << 56U) + r2 - (qmul2 + c2);
   uint64_t c3 = b7;
   uint64_t t211 = t1011;
-  uint64_t b8 = (r3 - (qmul3 + c3)) >> (uint32_t)63U;
-  uint64_t t1012 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
+  uint64_t b8 = (r3 - (qmul3 + c3)) >> 63U;
+  uint64_t t1012 = (b8 << 56U) + r3 - (qmul3 + c3);
   uint64_t c4 = b8;
   uint64_t t311 = t1012;
-  uint64_t b9 = (r4 - (qmul4 + c4)) >> (uint32_t)63U;
-  uint64_t t1013 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
+  uint64_t b9 = (r4 - (qmul4 + c4)) >> 63U;
+  uint64_t t1013 = (b9 << 40U) + r4 - (qmul4 + c4);
   uint64_t t412 = t1013;
   uint64_t s0 = t011;
   uint64_t s1 = t111;
   uint64_t s2 = t211;
   uint64_t s3 = t311;
   uint64_t s4 = t412;
-  uint64_t m01 = (uint64_t)0x12631a5cf5d3edU;
-  uint64_t m11 = (uint64_t)0xf9dea2f79cd658U;
-  uint64_t m21 = (uint64_t)0x000000000014deU;
-  uint64_t m31 = (uint64_t)0x00000000000000U;
-  uint64_t m41 = (uint64_t)0x00000010000000U;
+  uint64_t m01 = 0x12631a5cf5d3edULL;
+  uint64_t m11 = 0xf9dea2f79cd658ULL;
+  uint64_t m21 = 0x000000000014deULL;
+  uint64_t m31 = 0x00000000000000ULL;
+  uint64_t m41 = 0x00000010000000ULL;
   uint64_t y0 = m01;
   uint64_t y1 = m11;
   uint64_t y2 = m21;
   uint64_t y3 = m31;
   uint64_t y4 = m41;
-  uint64_t b10 = (s0 - y0) >> (uint32_t)63U;
-  uint64_t t1014 = (b10 << (uint32_t)56U) + s0 - y0;
+  uint64_t b10 = (s0 - y0) >> 63U;
+  uint64_t t1014 = (b10 << 56U) + s0 - y0;
   uint64_t b0 = b10;
   uint64_t t01 = t1014;
-  uint64_t b11 = (s1 - (y1 + b0)) >> (uint32_t)63U;
-  uint64_t t1015 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
+  uint64_t b11 = (s1 - (y1 + b0)) >> 63U;
+  uint64_t t1015 = (b11 << 56U) + s1 - (y1 + b0);
   uint64_t b1 = b11;
   uint64_t t11 = t1015;
-  uint64_t b12 = (s2 - (y2 + b1)) >> (uint32_t)63U;
-  uint64_t t1016 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
+  uint64_t b12 = (s2 - (y2 + b1)) >> 63U;
+  uint64_t t1016 = (b12 << 56U) + s2 - (y2 + b1);
   uint64_t b2 = b12;
   uint64_t t21 = t1016;
-  uint64_t b13 = (s3 - (y3 + b2)) >> (uint32_t)63U;
-  uint64_t t1017 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
+  uint64_t b13 = (s3 - (y3 + b2)) >> 63U;
+  uint64_t t1017 = (b13 << 56U) + s3 - (y3 + b2);
   uint64_t b3 = b13;
   uint64_t t31 = t1017;
-  uint64_t b = (s4 - (y4 + b3)) >> (uint32_t)63U;
-  uint64_t t10 = (b << (uint32_t)56U) + s4 - (y4 + b3);
+  uint64_t b = (s4 - (y4 + b3)) >> 63U;
+  uint64_t t10 = (b << 56U) + s4 - (y4 + b3);
   uint64_t b4 = b;
   uint64_t t41 = t10;
-  uint64_t mask = b4 - (uint64_t)1U;
+  uint64_t mask = b4 - 1ULL;
   uint64_t z03 = s0 ^ (mask & (s0 ^ t01));
   uint64_t z13 = s1 ^ (mask & (s1 ^ t11));
   uint64_t z23 = s2 ^ (mask & (s2 ^ t21));
@@ -1008,72 +980,48 @@ static inline void mul_modq(uint64_t *out, uint64_t *x, uint64_t *y)
   FStar_UInt128_uint128 z60 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy24, xy33), xy42);
   FStar_UInt128_uint128 z70 = FStar_UInt128_add_mod(xy34, xy43);
   FStar_UInt128_uint128 z80 = xy44;
-  FStar_UInt128_uint128 carry0 = FStar_UInt128_shift_right(z00, (uint32_t)56U);
-  uint64_t t10 = FStar_UInt128_uint128_to_uint64(z00) & (uint64_t)0xffffffffffffffU;
+  FStar_UInt128_uint128 carry0 = FStar_UInt128_shift_right(z00, 56U);
+  uint64_t t10 = FStar_UInt128_uint128_to_uint64(z00) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c0 = carry0;
   uint64_t t0 = t10;
-  FStar_UInt128_uint128
-  carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z10, c0), (uint32_t)56U);
+  FStar_UInt128_uint128 carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z10, c0), 56U);
   uint64_t
-  t11 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z10, c0))
-    & (uint64_t)0xffffffffffffffU;
+  t11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z10, c0)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c1 = carry1;
   uint64_t t1 = t11;
-  FStar_UInt128_uint128
-  carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z20, c1), (uint32_t)56U);
+  FStar_UInt128_uint128 carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z20, c1), 56U);
   uint64_t
-  t12 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z20, c1))
-    & (uint64_t)0xffffffffffffffU;
+  t12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z20, c1)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c2 = carry2;
   uint64_t t2 = t12;
-  FStar_UInt128_uint128
-  carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z30, c2), (uint32_t)56U);
+  FStar_UInt128_uint128 carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z30, c2), 56U);
   uint64_t
-  t13 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z30, c2))
-    & (uint64_t)0xffffffffffffffU;
+  t13 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z30, c2)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c3 = carry3;
   uint64_t t3 = t13;
-  FStar_UInt128_uint128
-  carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z40, c3), (uint32_t)56U);
+  FStar_UInt128_uint128 carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z40, c3), 56U);
   uint64_t
-  t14 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z40, c3))
-    & (uint64_t)0xffffffffffffffU;
+  t14 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z40, c3)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c4 = carry4;
   uint64_t t4 = t14;
-  FStar_UInt128_uint128
-  carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z50, c4), (uint32_t)56U);
+  FStar_UInt128_uint128 carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z50, c4), 56U);
   uint64_t
-  t15 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z50, c4))
-    & (uint64_t)0xffffffffffffffU;
+  t15 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z50, c4)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c5 = carry5;
   uint64_t t5 = t15;
-  FStar_UInt128_uint128
-  carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z60, c5), (uint32_t)56U);
+  FStar_UInt128_uint128 carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z60, c5), 56U);
   uint64_t
-  t16 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z60, c5))
-    & (uint64_t)0xffffffffffffffU;
+  t16 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z60, c5)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c6 = carry6;
   uint64_t t6 = t16;
-  FStar_UInt128_uint128
-  carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z70, c6), (uint32_t)56U);
+  FStar_UInt128_uint128 carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z70, c6), 56U);
   uint64_t
-  t17 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z70, c6))
-    & (uint64_t)0xffffffffffffffU;
+  t17 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z70, c6)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c7 = carry7;
   uint64_t t7 = t17;
-  FStar_UInt128_uint128
-  carry = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z80, c7), (uint32_t)56U);
+  FStar_UInt128_uint128 carry = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z80, c7), 56U);
   uint64_t
-  t =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z80, c7))
-    & (uint64_t)0xffffffffffffffU;
+  t = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z80, c7)) & 0xffffffffffffffULL;
   FStar_UInt128_uint128 c8 = carry;
   uint64_t t8 = t;
   uint64_t t9 = FStar_UInt128_uint128_to_uint64(c8);
@@ -1112,54 +1060,54 @@ static inline void add_modq(uint64_t *out, uint64_t *x, uint64_t *y)
   uint64_t y2 = y[2U];
   uint64_t y3 = y[3U];
   uint64_t y4 = y[4U];
-  uint64_t carry0 = (x0 + y0) >> (uint32_t)56U;
-  uint64_t t0 = (x0 + y0) & (uint64_t)0xffffffffffffffU;
+  uint64_t carry0 = (x0 + y0) >> 56U;
+  uint64_t t0 = (x0 + y0) & 0xffffffffffffffULL;
   uint64_t t00 = t0;
   uint64_t c0 = carry0;
-  uint64_t carry1 = (x1 + y1 + c0) >> (uint32_t)56U;
-  uint64_t t1 = (x1 + y1 + c0) & (uint64_t)0xffffffffffffffU;
+  uint64_t carry1 = (x1 + y1 + c0) >> 56U;
+  uint64_t t1 = (x1 + y1 + c0) & 0xffffffffffffffULL;
   uint64_t t10 = t1;
   uint64_t c1 = carry1;
-  uint64_t carry2 = (x2 + y2 + c1) >> (uint32_t)56U;
-  uint64_t t2 = (x2 + y2 + c1) & (uint64_t)0xffffffffffffffU;
+  uint64_t carry2 = (x2 + y2 + c1) >> 56U;
+  uint64_t t2 = (x2 + y2 + c1) & 0xffffffffffffffULL;
   uint64_t t20 = t2;
   uint64_t c2 = carry2;
-  uint64_t carry = (x3 + y3 + c2) >> (uint32_t)56U;
-  uint64_t t3 = (x3 + y3 + c2) & (uint64_t)0xffffffffffffffU;
+  uint64_t carry = (x3 + y3 + c2) >> 56U;
+  uint64_t t3 = (x3 + y3 + c2) & 0xffffffffffffffULL;
   uint64_t t30 = t3;
   uint64_t c3 = carry;
   uint64_t t4 = x4 + y4 + c3;
-  uint64_t m0 = (uint64_t)0x12631a5cf5d3edU;
-  uint64_t m1 = (uint64_t)0xf9dea2f79cd658U;
-  uint64_t m2 = (uint64_t)0x000000000014deU;
-  uint64_t m3 = (uint64_t)0x00000000000000U;
-  uint64_t m4 = (uint64_t)0x00000010000000U;
+  uint64_t m0 = 0x12631a5cf5d3edULL;
+  uint64_t m1 = 0xf9dea2f79cd658ULL;
+  uint64_t m2 = 0x000000000014deULL;
+  uint64_t m3 = 0x00000000000000ULL;
+  uint64_t m4 = 0x00000010000000ULL;
   uint64_t y01 = m0;
   uint64_t y11 = m1;
   uint64_t y21 = m2;
   uint64_t y31 = m3;
   uint64_t y41 = m4;
-  uint64_t b5 = (t00 - y01) >> (uint32_t)63U;
-  uint64_t t5 = (b5 << (uint32_t)56U) + t00 - y01;
+  uint64_t b5 = (t00 - y01) >> 63U;
+  uint64_t t5 = (b5 << 56U) + t00 - y01;
   uint64_t b0 = b5;
   uint64_t t01 = t5;
-  uint64_t b6 = (t10 - (y11 + b0)) >> (uint32_t)63U;
-  uint64_t t6 = (b6 << (uint32_t)56U) + t10 - (y11 + b0);
+  uint64_t b6 = (t10 - (y11 + b0)) >> 63U;
+  uint64_t t6 = (b6 << 56U) + t10 - (y11 + b0);
   uint64_t b1 = b6;
   uint64_t t11 = t6;
-  uint64_t b7 = (t20 - (y21 + b1)) >> (uint32_t)63U;
-  uint64_t t7 = (b7 << (uint32_t)56U) + t20 - (y21 + b1);
+  uint64_t b7 = (t20 - (y21 + b1)) >> 63U;
+  uint64_t t7 = (b7 << 56U) + t20 - (y21 + b1);
   uint64_t b2 = b7;
   uint64_t t21 = t7;
-  uint64_t b8 = (t30 - (y31 + b2)) >> (uint32_t)63U;
-  uint64_t t8 = (b8 << (uint32_t)56U) + t30 - (y31 + b2);
+  uint64_t b8 = (t30 - (y31 + b2)) >> 63U;
+  uint64_t t8 = (b8 << 56U) + t30 - (y31 + b2);
   uint64_t b3 = b8;
   uint64_t t31 = t8;
-  uint64_t b = (t4 - (y41 + b3)) >> (uint32_t)63U;
-  uint64_t t = (b << (uint32_t)56U) + t4 - (y41 + b3);
+  uint64_t b = (t4 - (y41 + b3)) >> 63U;
+  uint64_t t = (b << 56U) + t4 - (y41 + b3);
   uint64_t b4 = b;
   uint64_t t41 = t;
-  uint64_t mask = b4 - (uint64_t)1U;
+  uint64_t mask = b4 - 1ULL;
   uint64_t z00 = t00 ^ (mask & (t00 ^ t01));
   uint64_t z10 = t10 ^ (mask & (t10 ^ t11));
   uint64_t z20 = t20 ^ (mask & (t20 ^ t21));
@@ -1194,35 +1142,35 @@ static inline bool gte_q(uint64_t *s)
   uint64_t s2 = s[2U];
   uint64_t s3 = s[3U];
   uint64_t s4 = s[4U];
-  if (s4 > (uint64_t)0x00000010000000U)
+  if (s4 > 0x00000010000000ULL)
   {
     return true;
   }
-  if (s4 < (uint64_t)0x00000010000000U)
+  if (s4 < 0x00000010000000ULL)
   {
     return false;
   }
-  if (s3 > (uint64_t)0x00000000000000U)
+  if (s3 > 0x00000000000000ULL)
   {
     return true;
   }
-  if (s2 > (uint64_t)0x000000000014deU)
+  if (s2 > 0x000000000014deULL)
   {
     return true;
   }
-  if (s2 < (uint64_t)0x000000000014deU)
+  if (s2 < 0x000000000014deULL)
   {
     return false;
   }
-  if (s1 > (uint64_t)0xf9dea2f79cd658U)
+  if (s1 > 0xf9dea2f79cd658ULL)
   {
     return true;
   }
-  if (s1 < (uint64_t)0xf9dea2f79cd658U)
+  if (s1 < 0xf9dea2f79cd658ULL)
   {
     return false;
   }
-  if (s0 >= (uint64_t)0x12631a5cf5d3edU)
+  if (s0 >= 0x12631a5cf5d3edULL)
   {
     return true;
   }
@@ -1248,19 +1196,19 @@ bool Hacl_Impl_Ed25519_PointEqual_point_equal(uint64_t *p, uint64_t *q)
 {
   uint64_t tmp[20U] = { 0U };
   uint64_t *pxqz = tmp;
-  uint64_t *qxpz = tmp + (uint32_t)5U;
-  fmul0(pxqz, p, q + (uint32_t)10U);
+  uint64_t *qxpz = tmp + 5U;
+  fmul0(pxqz, p, q + 10U);
   reduce(pxqz);
-  fmul0(qxpz, q, p + (uint32_t)10U);
+  fmul0(qxpz, q, p + 10U);
   reduce(qxpz);
   bool b = eq(pxqz, qxpz);
   if (b)
   {
-    uint64_t *pyqz = tmp + (uint32_t)10U;
-    uint64_t *qypz = tmp + (uint32_t)15U;
-    fmul0(pyqz, p + (uint32_t)5U, q + (uint32_t)10U);
+    uint64_t *pyqz = tmp + 10U;
+    uint64_t *qypz = tmp + 15U;
+    fmul0(pyqz, p + 5U, q + 10U);
     reduce(pyqz);
-    fmul0(qypz, q + (uint32_t)5U, p + (uint32_t)10U);
+    fmul0(qypz, q + 5U, p + 10U);
     reduce(qypz);
     return eq(pyqz, qypz);
   }
@@ -1270,23 +1218,23 @@ bool Hacl_Impl_Ed25519_PointEqual_point_equal(uint64_t *p, uint64_t *q)
 void Hacl_Impl_Ed25519_PointNegate_point_negate(uint64_t *p, uint64_t *out)
 {
   uint64_t zero[5U] = { 0U };
-  zero[0U] = (uint64_t)0U;
-  zero[1U] = (uint64_t)0U;
-  zero[2U] = (uint64_t)0U;
-  zero[3U] = (uint64_t)0U;
-  zero[4U] = (uint64_t)0U;
+  zero[0U] = 0ULL;
+  zero[1U] = 0ULL;
+  zero[2U] = 0ULL;
+  zero[3U] = 0ULL;
+  zero[4U] = 0ULL;
   uint64_t *x = p;
-  uint64_t *y = p + (uint32_t)5U;
-  uint64_t *z = p + (uint32_t)10U;
-  uint64_t *t = p + (uint32_t)15U;
+  uint64_t *y = p + 5U;
+  uint64_t *z = p + 10U;
+  uint64_t *t = p + 15U;
   uint64_t *x1 = out;
-  uint64_t *y1 = out + (uint32_t)5U;
-  uint64_t *z1 = out + (uint32_t)10U;
-  uint64_t *t1 = out + (uint32_t)15U;
+  uint64_t *y1 = out + 5U;
+  uint64_t *z1 = out + 10U;
+  uint64_t *t1 = out + 15U;
   fdifference(x1, zero, x);
   Hacl_Bignum25519_reduce_513(x1);
-  memcpy(y1, y, (uint32_t)5U * sizeof (uint64_t));
-  memcpy(z1, z, (uint32_t)5U * sizeof (uint64_t));
+  memcpy(y1, y, 5U * sizeof (uint64_t));
+  memcpy(z1, z, 5U * sizeof (uint64_t));
   fdifference(t1, zero, t);
   Hacl_Bignum25519_reduce_513(t1);
 }
@@ -1295,11 +1243,11 @@ void Hacl_Impl_Ed25519_Ladder_point_mul(uint64_t *out, uint8_t *scalar, uint64_t
 {
   uint64_t bscalar[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = bscalar;
-    uint8_t *bj = scalar + i * (uint32_t)8U;
+    uint8_t *bj = scalar + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
@@ -1307,42 +1255,34 @@ void Hacl_Impl_Ed25519_Ladder_point_mul(uint64_t *out, uint8_t *scalar, uint64_t
   uint64_t table[320U] = { 0U };
   uint64_t tmp[20U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)20U;
+  uint64_t *t1 = table + 20U;
   Hacl_Impl_Ed25519_PointConstants_make_point_inf(t0);
-  memcpy(t1, q, (uint32_t)20U * sizeof (uint64_t));
+  memcpy(t1, q, 20U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)20U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 20U;
     Hacl_Impl_Ed25519_PointDouble_point_double(tmp, t11);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)20U,
-      tmp,
-      (uint32_t)20U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)20U;
+    memcpy(table + (2U * i + 2U) * 20U, tmp, 20U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 20U;
     Hacl_Impl_Ed25519_PointAdd_point_add(tmp, q, t2);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)20U,
-      tmp,
-      (uint32_t)20U * sizeof (uint64_t)););
+    memcpy(table + (2U * i + 3U) * 20U, tmp, 20U * sizeof (uint64_t)););
   Hacl_Impl_Ed25519_PointConstants_make_point_inf(out);
   uint64_t tmp0[20U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)256U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)20U * sizeof (uint64_t));
+    KRML_MAYBE_FOR4(i, 0U, 4U, 1U, Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
+    uint32_t k = 256U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 20U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)20U;
-      for (uint32_t i = (uint32_t)0U; i < (uint32_t)20U; i++)
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 20U;
+      for (uint32_t i = 0U; i < 20U; i++)
       {
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -1354,14 +1294,14 @@ void Hacl_Impl_Ed25519_Ladder_point_mul(uint64_t *out, uint8_t *scalar, uint64_t
 
 static inline void precomp_get_consttime(const uint64_t *table, uint64_t bits_l, uint64_t *tmp)
 {
-  memcpy(tmp, (uint64_t *)table, (uint32_t)20U * sizeof (uint64_t));
+  memcpy(tmp, (uint64_t *)table, 20U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i0,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + (uint32_t)1U));
-    const uint64_t *res_j = table + (i0 + (uint32_t)1U) * (uint32_t)20U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)20U; i++)
+    0U,
+    15U,
+    1U,
+    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + 1U));
+    const uint64_t *res_j = table + (i0 + 1U) * 20U;
+    for (uint32_t i = 0U; i < 20U; i++)
     {
       uint64_t *os = tmp;
       uint64_t x = (c & res_j[i]) | (~c & tmp[i]);
@@ -1373,107 +1313,97 @@ static inline void point_mul_g(uint64_t *out, uint8_t *scalar)
 {
   uint64_t bscalar[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = bscalar;
-    uint8_t *bj = scalar + i * (uint32_t)8U;
+    uint8_t *bj = scalar + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   uint64_t q1[20U] = { 0U };
   uint64_t *gx = q1;
-  uint64_t *gy = q1 + (uint32_t)5U;
-  uint64_t *gz = q1 + (uint32_t)10U;
-  uint64_t *gt = q1 + (uint32_t)15U;
-  gx[0U] = (uint64_t)0x00062d608f25d51aU;
-  gx[1U] = (uint64_t)0x000412a4b4f6592aU;
-  gx[2U] = (uint64_t)0x00075b7171a4b31dU;
-  gx[3U] = (uint64_t)0x0001ff60527118feU;
-  gx[4U] = (uint64_t)0x000216936d3cd6e5U;
-  gy[0U] = (uint64_t)0x0006666666666658U;
-  gy[1U] = (uint64_t)0x0004ccccccccccccU;
-  gy[2U] = (uint64_t)0x0001999999999999U;
-  gy[3U] = (uint64_t)0x0003333333333333U;
-  gy[4U] = (uint64_t)0x0006666666666666U;
-  gz[0U] = (uint64_t)1U;
-  gz[1U] = (uint64_t)0U;
-  gz[2U] = (uint64_t)0U;
-  gz[3U] = (uint64_t)0U;
-  gz[4U] = (uint64_t)0U;
-  gt[0U] = (uint64_t)0x00068ab3a5b7dda3U;
-  gt[1U] = (uint64_t)0x00000eea2a5eadbbU;
-  gt[2U] = (uint64_t)0x0002af8df483c27eU;
-  gt[3U] = (uint64_t)0x000332b375274732U;
-  gt[4U] = (uint64_t)0x00067875f0fd78b7U;
+  uint64_t *gy = q1 + 5U;
+  uint64_t *gz = q1 + 10U;
+  uint64_t *gt = q1 + 15U;
+  gx[0U] = 0x00062d608f25d51aULL;
+  gx[1U] = 0x000412a4b4f6592aULL;
+  gx[2U] = 0x00075b7171a4b31dULL;
+  gx[3U] = 0x0001ff60527118feULL;
+  gx[4U] = 0x000216936d3cd6e5ULL;
+  gy[0U] = 0x0006666666666658ULL;
+  gy[1U] = 0x0004ccccccccccccULL;
+  gy[2U] = 0x0001999999999999ULL;
+  gy[3U] = 0x0003333333333333ULL;
+  gy[4U] = 0x0006666666666666ULL;
+  gz[0U] = 1ULL;
+  gz[1U] = 0ULL;
+  gz[2U] = 0ULL;
+  gz[3U] = 0ULL;
+  gz[4U] = 0ULL;
+  gt[0U] = 0x00068ab3a5b7dda3ULL;
+  gt[1U] = 0x00000eea2a5eadbbULL;
+  gt[2U] = 0x0002af8df483c27eULL;
+  gt[3U] = 0x000332b375274732ULL;
+  gt[4U] = 0x00067875f0fd78b7ULL;
   uint64_t
   q2[20U] =
     {
-      (uint64_t)13559344787725U, (uint64_t)2051621493703448U, (uint64_t)1947659315640708U,
-      (uint64_t)626856790370168U, (uint64_t)1592804284034836U, (uint64_t)1781728767459187U,
-      (uint64_t)278818420518009U, (uint64_t)2038030359908351U, (uint64_t)910625973862690U,
-      (uint64_t)471887343142239U, (uint64_t)1298543306606048U, (uint64_t)794147365642417U,
-      (uint64_t)129968992326749U, (uint64_t)523140861678572U, (uint64_t)1166419653909231U,
-      (uint64_t)2009637196928390U, (uint64_t)1288020222395193U, (uint64_t)1007046974985829U,
-      (uint64_t)208981102651386U, (uint64_t)2074009315253380U
+      13559344787725ULL, 2051621493703448ULL, 1947659315640708ULL, 626856790370168ULL,
+      1592804284034836ULL, 1781728767459187ULL, 278818420518009ULL, 2038030359908351ULL,
+      910625973862690ULL, 471887343142239ULL, 1298543306606048ULL, 794147365642417ULL,
+      129968992326749ULL, 523140861678572ULL, 1166419653909231ULL, 2009637196928390ULL,
+      1288020222395193ULL, 1007046974985829ULL, 208981102651386ULL, 2074009315253380ULL
     };
   uint64_t
   q3[20U] =
     {
-      (uint64_t)557549315715710U, (uint64_t)196756086293855U, (uint64_t)846062225082495U,
-      (uint64_t)1865068224838092U, (uint64_t)991112090754908U, (uint64_t)522916421512828U,
-      (uint64_t)2098523346722375U, (uint64_t)1135633221747012U, (uint64_t)858420432114866U,
-      (uint64_t)186358544306082U, (uint64_t)1044420411868480U, (uint64_t)2080052304349321U,
-      (uint64_t)557301814716724U, (uint64_t)1305130257814057U, (uint64_t)2126012765451197U,
-      (uint64_t)1441004402875101U, (uint64_t)353948968859203U, (uint64_t)470765987164835U,
-      (uint64_t)1507675957683570U, (uint64_t)1086650358745097U
+      557549315715710ULL, 196756086293855ULL, 846062225082495ULL, 1865068224838092ULL,
+      991112090754908ULL, 522916421512828ULL, 2098523346722375ULL, 1135633221747012ULL,
+      858420432114866ULL, 186358544306082ULL, 1044420411868480ULL, 2080052304349321ULL,
+      557301814716724ULL, 1305130257814057ULL, 2126012765451197ULL, 1441004402875101ULL,
+      353948968859203ULL, 470765987164835ULL, 1507675957683570ULL, 1086650358745097ULL
     };
   uint64_t
   q4[20U] =
     {
-      (uint64_t)1129953239743101U, (uint64_t)1240339163956160U, (uint64_t)61002583352401U,
-      (uint64_t)2017604552196030U, (uint64_t)1576867829229863U, (uint64_t)1508654942849389U,
-      (uint64_t)270111619664077U, (uint64_t)1253097517254054U, (uint64_t)721798270973250U,
-      (uint64_t)161923365415298U, (uint64_t)828530877526011U, (uint64_t)1494851059386763U,
-      (uint64_t)662034171193976U, (uint64_t)1315349646974670U, (uint64_t)2199229517308806U,
-      (uint64_t)497078277852673U, (uint64_t)1310507715989956U, (uint64_t)1881315714002105U,
-      (uint64_t)2214039404983803U, (uint64_t)1331036420272667U
+      1129953239743101ULL, 1240339163956160ULL, 61002583352401ULL, 2017604552196030ULL,
+      1576867829229863ULL, 1508654942849389ULL, 270111619664077ULL, 1253097517254054ULL,
+      721798270973250ULL, 161923365415298ULL, 828530877526011ULL, 1494851059386763ULL,
+      662034171193976ULL, 1315349646974670ULL, 2199229517308806ULL, 497078277852673ULL,
+      1310507715989956ULL, 1881315714002105ULL, 2214039404983803ULL, 1331036420272667ULL
     };
   uint64_t *r1 = bscalar;
-  uint64_t *r2 = bscalar + (uint32_t)1U;
-  uint64_t *r3 = bscalar + (uint32_t)2U;
-  uint64_t *r4 = bscalar + (uint32_t)3U;
+  uint64_t *r2 = bscalar + 1U;
+  uint64_t *r3 = bscalar + 2U;
+  uint64_t *r4 = bscalar + 3U;
   Hacl_Impl_Ed25519_PointConstants_make_point_inf(out);
   uint64_t tmp[20U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r4, k, (uint32_t)4U);
+    0U,
+    16U,
+    1U,
+    KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
+    uint32_t k = 64U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r4, k, 4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_g_pow2_192_table_w4, bits_l, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp);
-    uint32_t k0 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r3, k0, (uint32_t)4U);
+    uint32_t k0 = 64U - 4U * i - 4U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r3, k0, 4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_g_pow2_128_table_w4, bits_l0, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp);
-    uint32_t k1 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r2, k1, (uint32_t)4U);
+    uint32_t k1 = 64U - 4U * i - 4U;
+    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r2, k1, 4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_g_pow2_64_table_w4, bits_l1, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp);
-    uint32_t k2 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
+    uint32_t k2 = 64U - 4U * i - 4U;
+    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r1, k2, 4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp););
-  KRML_HOST_IGNORE(q2);
-  KRML_HOST_IGNORE(q3);
-  KRML_HOST_IGNORE(q4);
+  KRML_MAYBE_UNUSED_VAR(q2);
+  KRML_MAYBE_UNUSED_VAR(q3);
+  KRML_MAYBE_UNUSED_VAR(q4);
 }
 
 static inline void
@@ -1481,48 +1411,48 @@ point_mul_g_double_vartime(uint64_t *out, uint8_t *scalar1, uint8_t *scalar2, ui
 {
   uint64_t tmp[28U] = { 0U };
   uint64_t *g = tmp;
-  uint64_t *bscalar1 = tmp + (uint32_t)20U;
-  uint64_t *bscalar2 = tmp + (uint32_t)24U;
+  uint64_t *bscalar1 = tmp + 20U;
+  uint64_t *bscalar2 = tmp + 24U;
   uint64_t *gx = g;
-  uint64_t *gy = g + (uint32_t)5U;
-  uint64_t *gz = g + (uint32_t)10U;
-  uint64_t *gt = g + (uint32_t)15U;
-  gx[0U] = (uint64_t)0x00062d608f25d51aU;
-  gx[1U] = (uint64_t)0x000412a4b4f6592aU;
-  gx[2U] = (uint64_t)0x00075b7171a4b31dU;
-  gx[3U] = (uint64_t)0x0001ff60527118feU;
-  gx[4U] = (uint64_t)0x000216936d3cd6e5U;
-  gy[0U] = (uint64_t)0x0006666666666658U;
-  gy[1U] = (uint64_t)0x0004ccccccccccccU;
-  gy[2U] = (uint64_t)0x0001999999999999U;
-  gy[3U] = (uint64_t)0x0003333333333333U;
-  gy[4U] = (uint64_t)0x0006666666666666U;
-  gz[0U] = (uint64_t)1U;
-  gz[1U] = (uint64_t)0U;
-  gz[2U] = (uint64_t)0U;
-  gz[3U] = (uint64_t)0U;
-  gz[4U] = (uint64_t)0U;
-  gt[0U] = (uint64_t)0x00068ab3a5b7dda3U;
-  gt[1U] = (uint64_t)0x00000eea2a5eadbbU;
-  gt[2U] = (uint64_t)0x0002af8df483c27eU;
-  gt[3U] = (uint64_t)0x000332b375274732U;
-  gt[4U] = (uint64_t)0x00067875f0fd78b7U;
+  uint64_t *gy = g + 5U;
+  uint64_t *gz = g + 10U;
+  uint64_t *gt = g + 15U;
+  gx[0U] = 0x00062d608f25d51aULL;
+  gx[1U] = 0x000412a4b4f6592aULL;
+  gx[2U] = 0x00075b7171a4b31dULL;
+  gx[3U] = 0x0001ff60527118feULL;
+  gx[4U] = 0x000216936d3cd6e5ULL;
+  gy[0U] = 0x0006666666666658ULL;
+  gy[1U] = 0x0004ccccccccccccULL;
+  gy[2U] = 0x0001999999999999ULL;
+  gy[3U] = 0x0003333333333333ULL;
+  gy[4U] = 0x0006666666666666ULL;
+  gz[0U] = 1ULL;
+  gz[1U] = 0ULL;
+  gz[2U] = 0ULL;
+  gz[3U] = 0ULL;
+  gz[4U] = 0ULL;
+  gt[0U] = 0x00068ab3a5b7dda3ULL;
+  gt[1U] = 0x00000eea2a5eadbbULL;
+  gt[2U] = 0x0002af8df483c27eULL;
+  gt[3U] = 0x000332b375274732ULL;
+  gt[4U] = 0x00067875f0fd78b7ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = bscalar1;
-    uint8_t *bj = scalar1 + i * (uint32_t)8U;
+    uint8_t *bj = scalar1 + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = bscalar2;
-    uint8_t *bj = scalar2 + i * (uint32_t)8U;
+    uint8_t *bj = scalar2 + i * 8U;
     uint64_t u = load64_le(bj);
     uint64_t r = u;
     uint64_t x = r;
@@ -1530,58 +1460,50 @@ point_mul_g_double_vartime(uint64_t *out, uint8_t *scalar1, uint8_t *scalar2, ui
   uint64_t table2[640U] = { 0U };
   uint64_t tmp1[20U] = { 0U };
   uint64_t *t0 = table2;
-  uint64_t *t1 = table2 + (uint32_t)20U;
+  uint64_t *t1 = table2 + 20U;
   Hacl_Impl_Ed25519_PointConstants_make_point_inf(t0);
-  memcpy(t1, q2, (uint32_t)20U * sizeof (uint64_t));
+  memcpy(t1, q2, 20U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t *t11 = table2 + (i + (uint32_t)1U) * (uint32_t)20U;
+    0U,
+    15U,
+    1U,
+    uint64_t *t11 = table2 + (i + 1U) * 20U;
     Hacl_Impl_Ed25519_PointDouble_point_double(tmp1, t11);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)20U,
-      tmp1,
-      (uint32_t)20U * sizeof (uint64_t));
-    uint64_t *t2 = table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)20U;
+    memcpy(table2 + (2U * i + 2U) * 20U, tmp1, 20U * sizeof (uint64_t));
+    uint64_t *t2 = table2 + (2U * i + 2U) * 20U;
     Hacl_Impl_Ed25519_PointAdd_point_add(tmp1, q2, t2);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)20U,
-      tmp1,
-      (uint32_t)20U * sizeof (uint64_t)););
+    memcpy(table2 + (2U * i + 3U) * 20U, tmp1, 20U * sizeof (uint64_t)););
   uint64_t tmp10[20U] = { 0U };
-  uint32_t i0 = (uint32_t)255U;
-  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar1, i0, (uint32_t)5U);
+  uint32_t i0 = 255U;
+  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar1, i0, 5U);
   uint32_t bits_l32 = (uint32_t)bits_c;
   const
   uint64_t
-  *a_bits_l = Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * (uint32_t)20U;
-  memcpy(out, (uint64_t *)a_bits_l, (uint32_t)20U * sizeof (uint64_t));
-  uint32_t i1 = (uint32_t)255U;
-  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar2, i1, (uint32_t)5U);
+  *a_bits_l = Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * 20U;
+  memcpy(out, (uint64_t *)a_bits_l, 20U * sizeof (uint64_t));
+  uint32_t i1 = 255U;
+  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar2, i1, 5U);
   uint32_t bits_l320 = (uint32_t)bits_c0;
-  const uint64_t *a_bits_l0 = table2 + bits_l320 * (uint32_t)20U;
-  memcpy(tmp10, (uint64_t *)a_bits_l0, (uint32_t)20U * sizeof (uint64_t));
+  const uint64_t *a_bits_l0 = table2 + bits_l320 * 20U;
+  memcpy(tmp10, (uint64_t *)a_bits_l0, 20U * sizeof (uint64_t));
   Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp10);
   uint64_t tmp11[20U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)51U; i++)
+  for (uint32_t i = 0U; i < 51U; i++)
   {
-    KRML_MAYBE_FOR5(i2,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar2, k, (uint32_t)5U);
+    KRML_MAYBE_FOR5(i2, 0U, 5U, 1U, Hacl_Impl_Ed25519_PointDouble_point_double(out, out););
+    uint32_t k = 255U - 5U * i - 5U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar2, k, 5U);
     uint32_t bits_l321 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l1 = table2 + bits_l321 * (uint32_t)20U;
-    memcpy(tmp11, (uint64_t *)a_bits_l1, (uint32_t)20U * sizeof (uint64_t));
+    const uint64_t *a_bits_l1 = table2 + bits_l321 * 20U;
+    memcpy(tmp11, (uint64_t *)a_bits_l1, 20U * sizeof (uint64_t));
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp11);
-    uint32_t k0 = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, bscalar1, k0, (uint32_t)5U);
+    uint32_t k0 = 255U - 5U * i - 5U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, bscalar1, k0, 5U);
     uint32_t bits_l322 = (uint32_t)bits_l0;
     const
     uint64_t
-    *a_bits_l2 = Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * (uint32_t)20U;
-    memcpy(tmp11, (uint64_t *)a_bits_l2, (uint32_t)20U * sizeof (uint64_t));
+    *a_bits_l2 = Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * 20U;
+    memcpy(tmp11, (uint64_t *)a_bits_l2, 20U * sizeof (uint64_t));
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp11);
   }
 }
@@ -1609,13 +1531,13 @@ static inline void store_56(uint8_t *out, uint64_t *b)
   uint32_t b4_ = (uint32_t)b4;
   uint8_t *b8 = out;
   store64_le(b8, b0);
-  uint8_t *b80 = out + (uint32_t)7U;
+  uint8_t *b80 = out + 7U;
   store64_le(b80, b1);
-  uint8_t *b81 = out + (uint32_t)14U;
+  uint8_t *b81 = out + 14U;
   store64_le(b81, b2);
-  uint8_t *b82 = out + (uint32_t)21U;
+  uint8_t *b82 = out + 21U;
   store64_le(b82, b3);
-  store32_le(out + (uint32_t)28U, b4_);
+  store32_le(out + 28U, b4_);
 }
 
 static inline void load_64_bytes(uint64_t *out, uint8_t *b)
@@ -1623,39 +1545,39 @@ static inline void load_64_bytes(uint64_t *out, uint8_t *b)
   uint8_t *b80 = b;
   uint64_t u = load64_le(b80);
   uint64_t z = u;
-  uint64_t b0 = z & (uint64_t)0xffffffffffffffU;
-  uint8_t *b81 = b + (uint32_t)7U;
+  uint64_t b0 = z & 0xffffffffffffffULL;
+  uint8_t *b81 = b + 7U;
   uint64_t u0 = load64_le(b81);
   uint64_t z0 = u0;
-  uint64_t b1 = z0 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b82 = b + (uint32_t)14U;
+  uint64_t b1 = z0 & 0xffffffffffffffULL;
+  uint8_t *b82 = b + 14U;
   uint64_t u1 = load64_le(b82);
   uint64_t z1 = u1;
-  uint64_t b2 = z1 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b83 = b + (uint32_t)21U;
+  uint64_t b2 = z1 & 0xffffffffffffffULL;
+  uint8_t *b83 = b + 21U;
   uint64_t u2 = load64_le(b83);
   uint64_t z2 = u2;
-  uint64_t b3 = z2 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b84 = b + (uint32_t)28U;
+  uint64_t b3 = z2 & 0xffffffffffffffULL;
+  uint8_t *b84 = b + 28U;
   uint64_t u3 = load64_le(b84);
   uint64_t z3 = u3;
-  uint64_t b4 = z3 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b85 = b + (uint32_t)35U;
+  uint64_t b4 = z3 & 0xffffffffffffffULL;
+  uint8_t *b85 = b + 35U;
   uint64_t u4 = load64_le(b85);
   uint64_t z4 = u4;
-  uint64_t b5 = z4 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b86 = b + (uint32_t)42U;
+  uint64_t b5 = z4 & 0xffffffffffffffULL;
+  uint8_t *b86 = b + 42U;
   uint64_t u5 = load64_le(b86);
   uint64_t z5 = u5;
-  uint64_t b6 = z5 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b87 = b + (uint32_t)49U;
+  uint64_t b6 = z5 & 0xffffffffffffffULL;
+  uint8_t *b87 = b + 49U;
   uint64_t u6 = load64_le(b87);
   uint64_t z6 = u6;
-  uint64_t b7 = z6 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b8 = b + (uint32_t)56U;
+  uint64_t b7 = z6 & 0xffffffffffffffULL;
+  uint8_t *b8 = b + 56U;
   uint64_t u7 = load64_le(b8);
   uint64_t z7 = u7;
-  uint64_t b88 = z7 & (uint64_t)0xffffffffffffffU;
+  uint64_t b88 = z7 & 0xffffffffffffffULL;
   uint8_t b63 = b[63U];
   uint64_t b9 = (uint64_t)b63;
   out[0U] = b0;
@@ -1675,20 +1597,20 @@ static inline void load_32_bytes(uint64_t *out, uint8_t *b)
   uint8_t *b80 = b;
   uint64_t u0 = load64_le(b80);
   uint64_t z = u0;
-  uint64_t b0 = z & (uint64_t)0xffffffffffffffU;
-  uint8_t *b81 = b + (uint32_t)7U;
+  uint64_t b0 = z & 0xffffffffffffffULL;
+  uint8_t *b81 = b + 7U;
   uint64_t u1 = load64_le(b81);
   uint64_t z0 = u1;
-  uint64_t b1 = z0 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b82 = b + (uint32_t)14U;
+  uint64_t b1 = z0 & 0xffffffffffffffULL;
+  uint8_t *b82 = b + 14U;
   uint64_t u2 = load64_le(b82);
   uint64_t z1 = u2;
-  uint64_t b2 = z1 & (uint64_t)0xffffffffffffffU;
-  uint8_t *b8 = b + (uint32_t)21U;
+  uint64_t b2 = z1 & 0xffffffffffffffULL;
+  uint8_t *b8 = b + 21U;
   uint64_t u3 = load64_le(b8);
   uint64_t z2 = u3;
-  uint64_t b3 = z2 & (uint64_t)0xffffffffffffffU;
-  uint32_t u = load32_le(b + (uint32_t)28U);
+  uint64_t b3 = z2 & 0xffffffffffffffULL;
+  uint32_t u = load32_le(b + 28U);
   uint32_t b4 = u;
   uint64_t b41 = (uint64_t)b4;
   out[0U] = b0;
@@ -1703,16 +1625,15 @@ static inline void sha512_pre_msg(uint8_t *hash, uint8_t *prefix, uint32_t len,
   uint8_t buf[128U] = { 0U };
   uint64_t block_state[8U] = { 0U };
   Hacl_Streaming_MD_state_64
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_64 p = s;
-  Hacl_SHA2_Scalar32_sha512_init(block_state);
+  Hacl_Hash_SHA2_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
-  Hacl_Streaming_Types_error_code
-  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code err1 = Hacl_Streaming_SHA2_update_512(st, input, len);
-  KRML_HOST_IGNORE(err0);
-  KRML_HOST_IGNORE(err1);
-  Hacl_Streaming_SHA2_finish_512(st, hash);
+  Hacl_Streaming_Types_error_code err0 = Hacl_Hash_SHA2_update_512(st, prefix, 32U);
+  Hacl_Streaming_Types_error_code err1 = Hacl_Hash_SHA2_update_512(st, input, len);
+  KRML_MAYBE_UNUSED_VAR(err0);
+  KRML_MAYBE_UNUSED_VAR(err1);
+  Hacl_Hash_SHA2_digest_512(st, hash);
 }
 
 static inline void
@@ -1727,19 +1648,17 @@ sha512_pre_pre2_msg(
   uint8_t buf[128U] = { 0U };
   uint64_t block_state[8U] = { 0U };
   Hacl_Streaming_MD_state_64
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_64 p = s;
-  Hacl_SHA2_Scalar32_sha512_init(block_state);
+  Hacl_Hash_SHA2_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
-  Hacl_Streaming_Types_error_code
-  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code
-  err1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code err2 = Hacl_Streaming_SHA2_update_512(st, input, len);
-  KRML_HOST_IGNORE(err0);
-  KRML_HOST_IGNORE(err1);
-  KRML_HOST_IGNORE(err2);
-  Hacl_Streaming_SHA2_finish_512(st, hash);
+  Hacl_Streaming_Types_error_code err0 = Hacl_Hash_SHA2_update_512(st, prefix, 32U);
+  Hacl_Streaming_Types_error_code err1 = Hacl_Hash_SHA2_update_512(st, prefix2, 32U);
+  Hacl_Streaming_Types_error_code err2 = Hacl_Hash_SHA2_update_512(st, input, len);
+  KRML_MAYBE_UNUSED_VAR(err0);
+  KRML_MAYBE_UNUSED_VAR(err1);
+  KRML_MAYBE_UNUSED_VAR(err2);
+  Hacl_Hash_SHA2_digest_512(st, hash);
 }
 
 static inline void
@@ -1777,12 +1696,12 @@ static inline void point_mul_g_compress(uint8_t *out, uint8_t *s)
 
 static inline void secret_expand(uint8_t *expanded, uint8_t *secret)
 {
-  Hacl_Streaming_SHA2_hash_512(secret, (uint32_t)32U, expanded);
+  Hacl_Hash_SHA2_hash_512(expanded, secret, 32U);
   uint8_t *h_low = expanded;
   uint8_t h_low0 = h_low[0U];
   uint8_t h_low31 = h_low[31U];
-  h_low[0U] = h_low0 & (uint8_t)0xf8U;
-  h_low[31U] = (h_low31 & (uint8_t)127U) | (uint8_t)64U;
+  h_low[0U] = (uint32_t)h_low0 & 0xf8U;
+  h_low[31U] = ((uint32_t)h_low31 & 127U) | 64U;
 }
 
 /********************************************************************************
@@ -1816,8 +1735,8 @@ Compute the expanded keys for an Ed25519 signature.
 void Hacl_Ed25519_expand_keys(uint8_t *expanded_keys, uint8_t *private_key)
 {
   uint8_t *public_key = expanded_keys;
-  uint8_t *s_prefix = expanded_keys + (uint32_t)32U;
-  uint8_t *s = expanded_keys + (uint32_t)32U;
+  uint8_t *s_prefix = expanded_keys + 32U;
+  uint8_t *s = expanded_keys + 32U;
   secret_expand(s_prefix, private_key);
   point_mul_g_compress(public_key, s);
 }
@@ -1843,13 +1762,13 @@ Hacl_Ed25519_sign_expanded(
 )
 {
   uint8_t *rs = signature;
-  uint8_t *ss = signature + (uint32_t)32U;
+  uint8_t *ss = signature + 32U;
   uint64_t rq[5U] = { 0U };
   uint64_t hq[5U] = { 0U };
   uint8_t rb[32U] = { 0U };
   uint8_t *public_key = expanded_keys;
-  uint8_t *s = expanded_keys + (uint32_t)32U;
-  uint8_t *prefix = expanded_keys + (uint32_t)64U;
+  uint8_t *s = expanded_keys + 32U;
+  uint8_t *prefix = expanded_keys + 64U;
   sha512_modq_pre(rq, prefix, msg_len, msg);
   store_56(rb, rq);
   point_mul_g_compress(rs, rb);
@@ -1904,7 +1823,7 @@ Hacl_Ed25519_verify(uint8_t *public_key, uint32_t msg_len, uint8_t *msg, uint8_t
     {
       uint8_t hb[32U] = { 0U };
       uint8_t *rs1 = signature;
-      uint8_t *sb = signature + (uint32_t)32U;
+      uint8_t *sb = signature + 32U;
       uint64_t tmp[5U] = { 0U };
       load_32_bytes(tmp, sb);
       bool b1 = gte_q(tmp);
diff --git a/src/msvc/Hacl_FFDHE.c b/src/msvc/Hacl_FFDHE.c
index bc77dbdc..a2cdfa52 100644
--- a/src/msvc/Hacl_FFDHE.c
+++ b/src/msvc/Hacl_FFDHE.c
@@ -35,23 +35,23 @@ static inline uint32_t ffdhe_len(Spec_FFDHE_ffdhe_alg a)
   {
     case Spec_FFDHE_FFDHE2048:
       {
-        return (uint32_t)256U;
+        return 256U;
       }
     case Spec_FFDHE_FFDHE3072:
       {
-        return (uint32_t)384U;
+        return 384U;
       }
     case Spec_FFDHE_FFDHE4096:
       {
-        return (uint32_t)512U;
+        return 512U;
       }
     case Spec_FFDHE_FFDHE6144:
       {
-        return (uint32_t)768U;
+        return 768U;
       }
     case Spec_FFDHE_FFDHE8192:
       {
-        return (uint32_t)1024U;
+        return 1024U;
       }
     default:
       {
@@ -63,12 +63,46 @@ static inline uint32_t ffdhe_len(Spec_FFDHE_ffdhe_alg a)
 
 static inline void ffdhe_precomp_p(Spec_FFDHE_ffdhe_alg a, uint64_t *p_r2_n)
 {
-  uint32_t nLen = (ffdhe_len(a) - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (ffdhe_len(a) - 1U) / 8U + 1U;
   uint64_t *p_n = p_r2_n;
   uint64_t *r2_n = p_r2_n + nLen;
-  KRML_CHECK_SIZE(sizeof (uint8_t), ffdhe_len(a));
-  uint8_t *p_s = (uint8_t *)alloca(ffdhe_len(a) * sizeof (uint8_t));
-  memset(p_s, 0U, ffdhe_len(a) * sizeof (uint8_t));
+  uint32_t sw;
+  switch (a)
+  {
+    case Spec_FFDHE_FFDHE2048:
+      {
+        sw = 256U;
+        break;
+      }
+    case Spec_FFDHE_FFDHE3072:
+      {
+        sw = 384U;
+        break;
+      }
+    case Spec_FFDHE_FFDHE4096:
+      {
+        sw = 512U;
+        break;
+      }
+    case Spec_FFDHE_FFDHE6144:
+      {
+        sw = 768U;
+        break;
+      }
+    case Spec_FFDHE_FFDHE8192:
+      {
+        sw = 1024U;
+        break;
+      }
+    default:
+      {
+        KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__);
+        KRML_HOST_EXIT(253U);
+      }
+  }
+  KRML_CHECK_SIZE(sizeof (uint8_t), sw);
+  uint8_t *p_s = (uint8_t *)alloca(sw * sizeof (uint8_t));
+  memset(p_s, 0U, sw * sizeof (uint8_t));
   const uint8_t *p;
   switch (a)
   {
@@ -104,88 +138,80 @@ static inline void ffdhe_precomp_p(Spec_FFDHE_ffdhe_alg a, uint64_t *p_r2_n)
       }
   }
   uint32_t len = ffdhe_len(a);
-  for (uint32_t i = (uint32_t)0U; i < len; i++)
+  for (uint32_t i = 0U; i < len; i++)
   {
     uint8_t *os = p_s;
     uint8_t x = p[i];
     os[i] = x;
   }
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ffdhe_len(a), p_s, p_n);
-  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((ffdhe_len(a) - (uint32_t)1U)
-    / (uint32_t)8U
-    + (uint32_t)1U,
-    (uint32_t)8U * ffdhe_len(a) - (uint32_t)1U,
+  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((ffdhe_len(a) - 1U) / 8U + 1U,
+    8U * ffdhe_len(a) - 1U,
     p_n,
     r2_n);
 }
 
 static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, uint64_t *p_n)
 {
-  uint32_t nLen = (ffdhe_len(a) - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (ffdhe_len(a) - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t *p_n1 = (uint64_t *)alloca(nLen * sizeof (uint64_t));
   memset(p_n1, 0U, nLen * sizeof (uint64_t));
-  uint64_t
-  c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, p_n[0U], (uint64_t)1U, p_n1);
-  if ((uint32_t)1U < nLen)
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, p_n[0U], 1ULL, p_n1);
+  if (1U < nLen)
   {
-    uint64_t *a1 = p_n + (uint32_t)1U;
-    uint64_t *res1 = p_n1 + (uint32_t)1U;
+    uint64_t *a1 = p_n + 1U;
+    uint64_t *res1 = p_n1 + 1U;
     uint64_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (nLen - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (nLen - 1U) / 4U; i++)
     {
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i);
     }
-    for
-    (uint32_t
-      i = (nLen - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < nLen - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (nLen - 1U) / 4U * 4U; i < nLen - 1U; i++)
     {
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c1 = c;
-    KRML_HOST_IGNORE(c1);
+    KRML_MAYBE_UNUSED_VAR(c1);
   }
   else
   {
-    KRML_HOST_IGNORE(c0);
+    KRML_MAYBE_UNUSED_VAR(c0);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t *b2 = (uint64_t *)alloca(nLen * sizeof (uint64_t));
   memset(b2, 0U, nLen * sizeof (uint64_t));
-  uint32_t i0 = (uint32_t)0U;
-  uint32_t j = (uint32_t)0U;
-  b2[i0] = b2[i0] | (uint64_t)1U << j;
-  uint64_t acc0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < nLen; i++)
+  uint32_t i0 = 0U;
+  uint32_t j = 0U;
+  b2[i0] = b2[i0] | 1ULL << j;
+  uint64_t acc0 = 0ULL;
+  for (uint32_t i = 0U; i < nLen; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(b2[i], pk_n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(b2[i], pk_n[i]);
-    acc0 = (beq & acc0) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t res = acc0;
   uint64_t m0 = res;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < nLen; i++)
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < nLen; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(pk_n[i], p_n1[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(pk_n[i], p_n1[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t m1 = acc;
   return m0 & m1;
@@ -200,21 +226,19 @@ ffdhe_compute_exp(
   uint8_t *res
 )
 {
-  uint32_t nLen = (ffdhe_len(a) - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (ffdhe_len(a) - 1U) / 8U + 1U;
   uint64_t *p_n = p_r2_n;
   uint64_t *r2_n = p_r2_n + nLen;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t *res_n = (uint64_t *)alloca(nLen * sizeof (uint64_t));
   memset(res_n, 0U, nLen * sizeof (uint64_t));
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(p_n[0U]);
-  Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((ffdhe_len(a) - (uint32_t)1U)
-    / (uint32_t)8U
-    + (uint32_t)1U,
+  Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((ffdhe_len(a) - 1U) / 8U + 1U,
     p_n,
     mu,
     r2_n,
     b_n,
-    (uint32_t)64U * nLen,
+    64U * nLen,
     sk_n,
     res_n);
   Hacl_Bignum_Convert_bn_to_bytes_be_uint64(ffdhe_len(a), res_n, res);
@@ -227,7 +251,7 @@ uint32_t Hacl_FFDHE_ffdhe_len(Spec_FFDHE_ffdhe_alg a)
 
 uint64_t *Hacl_FFDHE_new_ffdhe_precomp_p(Spec_FFDHE_ffdhe_alg a)
 {
-  uint32_t nLen = (ffdhe_len(a) - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (ffdhe_len(a) - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen + nLen);
   uint64_t *res = (uint64_t *)KRML_HOST_CALLOC(nLen + nLen, sizeof (uint64_t));
   if (res == NULL)
@@ -249,17 +273,17 @@ Hacl_FFDHE_ffdhe_secret_to_public_precomp(
 )
 {
   uint32_t len = ffdhe_len(a);
-  uint32_t nLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (len - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t *g_n = (uint64_t *)alloca(nLen * sizeof (uint64_t));
   memset(g_n, 0U, nLen * sizeof (uint64_t));
-  uint8_t g = (uint8_t)0U;
+  uint8_t g = 0U;
   {
     uint8_t *os = &g;
     uint8_t x = Hacl_Impl_FFDHE_Constants_ffdhe_g2[0U];
     os[0U] = x;
   }
-  Hacl_Bignum_Convert_bn_from_bytes_be_uint64((uint32_t)1U, &g, g_n);
+  Hacl_Bignum_Convert_bn_from_bytes_be_uint64(1U, &g, g_n);
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t *sk_n = (uint64_t *)alloca(nLen * sizeof (uint64_t));
   memset(sk_n, 0U, nLen * sizeof (uint64_t));
@@ -270,7 +294,7 @@ Hacl_FFDHE_ffdhe_secret_to_public_precomp(
 void Hacl_FFDHE_ffdhe_secret_to_public(Spec_FFDHE_ffdhe_alg a, uint8_t *sk, uint8_t *pk)
 {
   uint32_t len = ffdhe_len(a);
-  uint32_t nLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (len - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen + nLen);
   uint64_t *p_r2_n = (uint64_t *)alloca((nLen + nLen) * sizeof (uint64_t));
   memset(p_r2_n, 0U, (nLen + nLen) * sizeof (uint64_t));
@@ -288,7 +312,7 @@ Hacl_FFDHE_ffdhe_shared_secret_precomp(
 )
 {
   uint32_t len = ffdhe_len(a);
-  uint32_t nLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (len - 1U) / 8U + 1U;
   uint64_t *p_n = p_r2_n;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t *sk_n = (uint64_t *)alloca(nLen * sizeof (uint64_t));
@@ -299,7 +323,7 @@ Hacl_FFDHE_ffdhe_shared_secret_precomp(
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(len, sk, sk_n);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(len, pk, pk_n);
   uint64_t m = ffdhe_check_pk(a, pk_n, p_n);
-  if (m == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+  if (m == 0xFFFFFFFFFFFFFFFFULL)
   {
     ffdhe_compute_exp(a, p_r2_n, sk_n, pk_n, ss);
   }
@@ -310,7 +334,7 @@ uint64_t
 Hacl_FFDHE_ffdhe_shared_secret(Spec_FFDHE_ffdhe_alg a, uint8_t *sk, uint8_t *pk, uint8_t *ss)
 {
   uint32_t len = ffdhe_len(a);
-  uint32_t nLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t nLen = (len - 1U) / 8U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen + nLen);
   uint64_t *p_n = (uint64_t *)alloca((nLen + nLen) * sizeof (uint64_t));
   memset(p_n, 0U, (nLen + nLen) * sizeof (uint64_t));
diff --git a/src/msvc/Hacl_Frodo1344.c b/src/msvc/Hacl_Frodo1344.c
index 2951f848..61262a4c 100644
--- a/src/msvc/Hacl_Frodo1344.c
+++ b/src/msvc/Hacl_Frodo1344.c
@@ -29,151 +29,113 @@
 #include "internal/Hacl_Frodo_KEM.h"
 #include "lib_memzero0.h"
 
-uint32_t Hacl_Frodo1344_crypto_bytes = (uint32_t)32U;
+uint32_t Hacl_Frodo1344_crypto_bytes = 32U;
 
-uint32_t Hacl_Frodo1344_crypto_publickeybytes = (uint32_t)21520U;
+uint32_t Hacl_Frodo1344_crypto_publickeybytes = 21520U;
 
-uint32_t Hacl_Frodo1344_crypto_secretkeybytes = (uint32_t)43088U;
+uint32_t Hacl_Frodo1344_crypto_secretkeybytes = 43088U;
 
-uint32_t Hacl_Frodo1344_crypto_ciphertextbytes = (uint32_t)21632U;
+uint32_t Hacl_Frodo1344_crypto_ciphertextbytes = 21632U;
 
 uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
 {
   uint8_t coins[80U] = { 0U };
-  randombytes_((uint32_t)80U, coins);
+  randombytes_(80U, coins);
   uint8_t *s = coins;
-  uint8_t *seed_se = coins + (uint32_t)32U;
-  uint8_t *z = coins + (uint32_t)64U;
+  uint8_t *seed_se = coins + 32U;
+  uint8_t *z = coins + 64U;
   uint8_t *seed_a = pk;
-  Hacl_SHA3_shake256_hacl((uint32_t)16U, z, (uint32_t)16U, seed_a);
-  uint8_t *b_bytes = pk + (uint32_t)16U;
-  uint8_t *s_bytes = sk + (uint32_t)21552U;
+  Hacl_Hash_SHA3_shake256_hacl(16U, z, 16U, seed_a);
+  uint8_t *b_bytes = pk + 16U;
+  uint8_t *s_bytes = sk + 21552U;
   uint16_t s_matrix[10752U] = { 0U };
   uint16_t e_matrix[10752U] = { 0U };
   uint8_t r[43008U] = { 0U };
   uint8_t shake_input_seed_se[33U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x5fU;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43008U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U, (uint32_t)8U, r, s_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U,
-    (uint32_t)8U,
-    r + (uint32_t)21504U,
-    e_matrix);
+  shake_input_seed_se[0U] = 0x5fU;
+  memcpy(shake_input_seed_se + 1U, seed_se, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(33U, shake_input_seed_se, 43008U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 33U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(1344U, 8U, r, s_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(1344U, 8U, r + 21504U, e_matrix);
   uint16_t b_matrix[10752U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)1806336U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 1806336U);
   uint16_t a_matrix[1806336U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)1344U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)1344U,
-    (uint32_t)1344U,
-    (uint32_t)8U,
-    a_matrix,
-    s_matrix,
-    b_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)1344U, (uint32_t)8U, b_matrix, e_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)1344U,
-    (uint32_t)8U,
-    (uint32_t)16U,
-    b_matrix,
-    b_bytes);
-  Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)1344U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U, uint16_t);
-  uint32_t slen1 = (uint32_t)43056U;
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 1344U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(1344U, 1344U, 8U, a_matrix, s_matrix, b_matrix);
+  Hacl_Impl_Matrix_matrix_add(1344U, 8U, b_matrix, e_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(1344U, 8U, 16U, b_matrix, b_bytes);
+  Hacl_Impl_Matrix_matrix_to_lbytes(1344U, 8U, s_matrix, s_bytes);
+  Lib_Memzero0_memzero(s_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, 10752U, uint16_t);
+  uint32_t slen1 = 43056U;
   uint8_t *sk_p = sk;
-  memcpy(sk_p, s, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(sk_p + (uint32_t)32U, pk, (uint32_t)21520U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)21520U, pk, (uint32_t)32U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)80U, uint8_t);
-  return (uint32_t)0U;
+  memcpy(sk_p, s, 32U * sizeof (uint8_t));
+  memcpy(sk_p + 32U, pk, 21520U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(21520U, pk, 32U, sk + slen1);
+  Lib_Memzero0_memzero(coins, 80U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
 {
   uint8_t coins[32U] = { 0U };
-  randombytes_((uint32_t)32U, coins);
+  randombytes_(32U, coins);
   uint8_t seed_se_k[64U] = { 0U };
   uint8_t pkh_mu[64U] = { 0U };
-  Hacl_SHA3_shake256_hacl((uint32_t)21520U, pk, (uint32_t)32U, pkh_mu);
-  memcpy(pkh_mu + (uint32_t)32U, coins, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)64U, pkh_mu, (uint32_t)64U, seed_se_k);
+  Hacl_Hash_SHA3_shake256_hacl(21520U, pk, 32U, pkh_mu);
+  memcpy(pkh_mu + 32U, coins, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(64U, pkh_mu, 64U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *k = seed_se_k + (uint32_t)32U;
+  uint8_t *k = seed_se_k + 32U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t sp_matrix[10752U] = { 0U };
   uint16_t ep_matrix[10752U] = { 0U };
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[43136U] = { 0U };
   uint8_t shake_input_seed_se[33U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
-    (uint32_t)1344U,
-    r + (uint32_t)21504U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)43008U,
-    epp_matrix);
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(33U, shake_input_seed_se, 43136U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 33U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 1344U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 1344U, r + 21504U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 8U, r + 43008U, epp_matrix);
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)21504U;
+  uint8_t *c2 = ct + 21504U;
   uint16_t bp_matrix[10752U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)1806336U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 1806336U);
   uint16_t a_matrix[1806336U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)1344U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)1344U,
-    sp_matrix,
-    a_matrix,
-    bp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)1344U, bp_matrix, ep_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, bp_matrix, c1);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 1344U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 1344U, 1344U, sp_matrix, a_matrix, bp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 1344U, bp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 1344U, 16U, bp_matrix, c1);
   uint16_t v_matrix[64U] = { 0U };
   uint16_t b_matrix[10752U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)1344U, (uint32_t)8U, (uint32_t)16U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    v_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(1344U, 8U, 16U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 1344U, 8U, sp_matrix, b_matrix, v_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)16U,
-    (uint32_t)4U,
-    (uint32_t)8U,
-    coins,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint32_t ss_init_len = (uint32_t)21664U;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(16U, 4U, 8U, coins, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 8U, 16U, v_matrix, c2);
+  Lib_Memzero0_memzero(v_matrix, 64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint32_t ss_init_len = 21664U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
   memset(shake_input_ss, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(shake_input_ss, ct, (uint32_t)21632U * sizeof (uint8_t));
-  memcpy(shake_input_ss + (uint32_t)21632U, k, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)32U, ss);
+  memcpy(shake_input_ss, ct, 21632U * sizeof (uint8_t));
+  memcpy(shake_input_ss + 21632U, k, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(ss_init_len, shake_input_ss, 32U, ss);
   Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
-  Lib_Memzero0_memzero(coins, (uint32_t)32U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(seed_se_k, 64U, uint8_t);
+  Lib_Memzero0_memzero(coins, 32U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
@@ -181,39 +143,30 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t bp_matrix[10752U] = { 0U };
   uint16_t c_matrix[64U] = { 0U };
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)21504U;
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, c1, bp_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, c2, c_matrix);
+  uint8_t *c2 = ct + 21504U;
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 1344U, 16U, c1, bp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 8U, 16U, c2, c_matrix);
   uint8_t mu_decode[32U] = { 0U };
-  uint8_t *s_bytes = sk + (uint32_t)21552U;
+  uint8_t *s_bytes = sk + 21552U;
   uint16_t s_matrix[10752U] = { 0U };
   uint16_t m_matrix[64U] = { 0U };
-  Hacl_Impl_Matrix_matrix_from_lbytes((uint32_t)1344U, (uint32_t)8U, s_bytes, s_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)8U,
-    bp_matrix,
-    s_matrix,
-    m_matrix);
-  Hacl_Impl_Matrix_matrix_sub((uint32_t)8U, (uint32_t)8U, c_matrix, m_matrix);
-  Hacl_Impl_Frodo_Encode_frodo_key_decode((uint32_t)16U,
-    (uint32_t)4U,
-    (uint32_t)8U,
-    m_matrix,
-    mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
+  Hacl_Impl_Matrix_matrix_from_lbytes(1344U, 8U, s_bytes, s_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(8U, 1344U, 8U, bp_matrix, s_matrix, m_matrix);
+  Hacl_Impl_Matrix_matrix_sub(8U, 8U, c_matrix, m_matrix);
+  Hacl_Impl_Frodo_Encode_frodo_key_decode(16U, 4U, 8U, m_matrix, mu_decode);
+  Lib_Memzero0_memzero(s_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, 64U, uint16_t);
   uint8_t seed_se_k[64U] = { 0U };
-  uint32_t pkh_mu_decode_len = (uint32_t)64U;
+  uint32_t pkh_mu_decode_len = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
   uint8_t *pkh_mu_decode = (uint8_t *)alloca(pkh_mu_decode_len * sizeof (uint8_t));
   memset(pkh_mu_decode, 0U, pkh_mu_decode_len * sizeof (uint8_t));
-  uint8_t *pkh = sk + (uint32_t)43056U;
-  memcpy(pkh_mu_decode, pkh, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(pkh_mu_decode + (uint32_t)32U, mu_decode, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(pkh_mu_decode_len, pkh_mu_decode, (uint32_t)64U, seed_se_k);
+  uint8_t *pkh = sk + 43056U;
+  memcpy(pkh_mu_decode, pkh, 32U * sizeof (uint8_t));
+  memcpy(pkh_mu_decode + 32U, mu_decode, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(pkh_mu_decode_len, pkh_mu_decode, 64U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *kp = seed_se_k + (uint32_t)32U;
+  uint8_t *kp = seed_se_k + 32U;
   uint8_t *s = sk;
   uint16_t bpp_matrix[10752U] = { 0U };
   uint16_t cp_matrix[64U] = { 0U };
@@ -222,80 +175,58 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[43136U] = { 0U };
   uint8_t shake_input_seed_se[33U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
-    (uint32_t)1344U,
-    r + (uint32_t)21504U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)43008U,
-    epp_matrix);
-  uint8_t *pk = sk + (uint32_t)32U;
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(33U, shake_input_seed_se, 43136U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 33U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 1344U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 1344U, r + 21504U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344(8U, 8U, r + 43008U, epp_matrix);
+  uint8_t *pk = sk + 32U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)1806336U);
+  uint8_t *b = pk + 16U;
+  KRML_CHECK_SIZE(sizeof (uint16_t), 1806336U);
   uint16_t a_matrix[1806336U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)1344U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)1344U,
-    sp_matrix,
-    a_matrix,
-    bpp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)1344U, bpp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 1344U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 1344U, 1344U, sp_matrix, a_matrix, bpp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 1344U, bpp_matrix, ep_matrix);
   uint16_t b_matrix[10752U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)1344U, (uint32_t)8U, (uint32_t)16U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)1344U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    cp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(1344U, 8U, 16U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 1344U, 8U, sp_matrix, b_matrix, cp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)16U,
-    (uint32_t)4U,
-    (uint32_t)8U,
-    mu_decode,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, bpp_matrix);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)1344U, bp_matrix, bpp_matrix);
-  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
-  uint16_t mask = b1 & b2;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(16U, 4U, 8U, mu_decode, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Matrix_mod_pow2(8U, 1344U, 16U, bpp_matrix);
+  Hacl_Impl_Matrix_mod_pow2(8U, 8U, 16U, cp_matrix);
+  Lib_Memzero0_memzero(sp_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq(8U, 1344U, bp_matrix, bpp_matrix);
+  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq(8U, 8U, c_matrix, cp_matrix);
+  uint16_t mask = (uint32_t)b1 & (uint32_t)b2;
   uint16_t mask0 = mask;
   uint8_t kp_s[32U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t *os = kp_s;
     uint8_t uu____0 = s[i];
-    uint8_t x = uu____0 ^ ((uint8_t)mask0 & (kp[i] ^ uu____0));
+    uint8_t
+    x = (uint32_t)uu____0 ^ ((uint32_t)(uint8_t)mask0 & ((uint32_t)kp[i] ^ (uint32_t)uu____0));
     os[i] = x;
   }
-  uint32_t ss_init_len = (uint32_t)21664U;
+  uint32_t ss_init_len = 21664U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *ss_init = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
   memset(ss_init, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(ss_init, ct, (uint32_t)21632U * sizeof (uint8_t));
-  memcpy(ss_init + (uint32_t)21632U, kp_s, (uint32_t)32U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)32U, ss);
+  memcpy(ss_init, ct, 21632U * sizeof (uint8_t));
+  memcpy(ss_init + 21632U, kp_s, 32U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(ss_init_len, ss_init, 32U, ss);
   Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(kp_s, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(kp_s, 32U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, 64U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, 32U, uint8_t);
+  return 0U;
 }
 
diff --git a/src/msvc/Hacl_Frodo64.c b/src/msvc/Hacl_Frodo64.c
index 45ee9dd6..392d87f9 100644
--- a/src/msvc/Hacl_Frodo64.c
+++ b/src/msvc/Hacl_Frodo64.c
@@ -34,145 +34,111 @@
  */
 
 
-uint32_t Hacl_Frodo64_crypto_bytes = (uint32_t)16U;
+uint32_t Hacl_Frodo64_crypto_bytes = 16U;
 
-uint32_t Hacl_Frodo64_crypto_publickeybytes = (uint32_t)976U;
+uint32_t Hacl_Frodo64_crypto_publickeybytes = 976U;
 
-uint32_t Hacl_Frodo64_crypto_secretkeybytes = (uint32_t)2032U;
+uint32_t Hacl_Frodo64_crypto_secretkeybytes = 2032U;
 
-uint32_t Hacl_Frodo64_crypto_ciphertextbytes = (uint32_t)1080U;
+uint32_t Hacl_Frodo64_crypto_ciphertextbytes = 1080U;
 
 uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
 {
   uint8_t coins[48U] = { 0U };
-  randombytes_((uint32_t)48U, coins);
+  randombytes_(48U, coins);
   uint8_t *s = coins;
-  uint8_t *seed_se = coins + (uint32_t)16U;
-  uint8_t *z = coins + (uint32_t)32U;
+  uint8_t *seed_se = coins + 16U;
+  uint8_t *z = coins + 32U;
   uint8_t *seed_a = pk;
-  Hacl_SHA3_shake128_hacl((uint32_t)16U, z, (uint32_t)16U, seed_a);
-  uint8_t *b_bytes = pk + (uint32_t)16U;
-  uint8_t *s_bytes = sk + (uint32_t)992U;
+  Hacl_Hash_SHA3_shake128_hacl(16U, z, 16U, seed_a);
+  uint8_t *b_bytes = pk + 16U;
+  uint8_t *s_bytes = sk + 992U;
   uint16_t s_matrix[512U] = { 0U };
   uint16_t e_matrix[512U] = { 0U };
   uint8_t r[2048U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x5fU;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2048U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U, (uint32_t)8U, r, s_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U,
-    (uint32_t)8U,
-    r + (uint32_t)1024U,
-    e_matrix);
+  shake_input_seed_se[0U] = 0x5fU;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 2048U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(64U, 8U, r, s_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(64U, 8U, r + 1024U, e_matrix);
   uint16_t b_matrix[512U] = { 0U };
   uint16_t a_matrix[4096U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)64U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)64U,
-    (uint32_t)64U,
-    (uint32_t)8U,
-    a_matrix,
-    s_matrix,
-    b_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)64U, (uint32_t)8U, b_matrix, e_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b_matrix, b_bytes);
-  Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)64U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U, uint16_t);
-  uint32_t slen1 = (uint32_t)2016U;
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 64U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(64U, 64U, 8U, a_matrix, s_matrix, b_matrix);
+  Hacl_Impl_Matrix_matrix_add(64U, 8U, b_matrix, e_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(64U, 8U, 15U, b_matrix, b_bytes);
+  Hacl_Impl_Matrix_matrix_to_lbytes(64U, 8U, s_matrix, s_bytes);
+  Lib_Memzero0_memzero(s_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, 512U, uint16_t);
+  uint32_t slen1 = 2016U;
   uint8_t *sk_p = sk;
-  memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)976U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)976U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
-  return (uint32_t)0U;
+  memcpy(sk_p, s, 16U * sizeof (uint8_t));
+  memcpy(sk_p + 16U, pk, 976U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(976U, pk, 16U, sk + slen1);
+  Lib_Memzero0_memzero(coins, 48U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
 {
   uint8_t coins[16U] = { 0U };
-  randombytes_((uint32_t)16U, coins);
+  randombytes_(16U, coins);
   uint8_t seed_se_k[32U] = { 0U };
   uint8_t pkh_mu[32U] = { 0U };
-  Hacl_SHA3_shake128_hacl((uint32_t)976U, pk, (uint32_t)16U, pkh_mu);
-  memcpy(pkh_mu + (uint32_t)16U, coins, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)32U, pkh_mu, (uint32_t)32U, seed_se_k);
+  Hacl_Hash_SHA3_shake128_hacl(976U, pk, 16U, pkh_mu);
+  memcpy(pkh_mu + 16U, coins, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(32U, pkh_mu, 32U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *k = seed_se_k + (uint32_t)16U;
+  uint8_t *k = seed_se_k + 16U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t sp_matrix[512U] = { 0U };
   uint16_t ep_matrix[512U] = { 0U };
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[2176U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
-    (uint32_t)64U,
-    r + (uint32_t)1024U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)2048U,
-    epp_matrix);
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 2176U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 64U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 64U, r + 1024U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 8U, r + 2048U, epp_matrix);
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)960U;
+  uint8_t *c2 = ct + 960U;
   uint16_t bp_matrix[512U] = { 0U };
   uint16_t a_matrix[4096U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)64U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)64U,
-    sp_matrix,
-    a_matrix,
-    bp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)64U, bp_matrix, ep_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, bp_matrix, c1);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 64U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 64U, 64U, sp_matrix, a_matrix, bp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 64U, bp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 64U, 15U, bp_matrix, c1);
   uint16_t v_matrix[64U] = { 0U };
   uint16_t b_matrix[512U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    v_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(64U, 8U, 15U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 64U, 8U, sp_matrix, b_matrix, v_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    coins,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint32_t ss_init_len = (uint32_t)1096U;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(15U, 2U, 8U, coins, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 8U, 15U, v_matrix, c2);
+  Lib_Memzero0_memzero(v_matrix, 64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint32_t ss_init_len = 1096U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
   memset(shake_input_ss, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(shake_input_ss, ct, (uint32_t)1080U * sizeof (uint8_t));
-  memcpy(shake_input_ss + (uint32_t)1080U, k, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
+  memcpy(shake_input_ss, ct, 1080U * sizeof (uint8_t));
+  memcpy(shake_input_ss + 1080U, k, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(ss_init_len, shake_input_ss, 16U, ss);
   Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(seed_se_k, 32U, uint8_t);
+  Lib_Memzero0_memzero(coins, 16U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
@@ -180,39 +146,30 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t bp_matrix[512U] = { 0U };
   uint16_t c_matrix[64U] = { 0U };
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)960U;
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, c1, bp_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, c2, c_matrix);
+  uint8_t *c2 = ct + 960U;
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 64U, 15U, c1, bp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 8U, 15U, c2, c_matrix);
   uint8_t mu_decode[16U] = { 0U };
-  uint8_t *s_bytes = sk + (uint32_t)992U;
+  uint8_t *s_bytes = sk + 992U;
   uint16_t s_matrix[512U] = { 0U };
   uint16_t m_matrix[64U] = { 0U };
-  Hacl_Impl_Matrix_matrix_from_lbytes((uint32_t)64U, (uint32_t)8U, s_bytes, s_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)8U,
-    bp_matrix,
-    s_matrix,
-    m_matrix);
-  Hacl_Impl_Matrix_matrix_sub((uint32_t)8U, (uint32_t)8U, c_matrix, m_matrix);
-  Hacl_Impl_Frodo_Encode_frodo_key_decode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    m_matrix,
-    mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
+  Hacl_Impl_Matrix_matrix_from_lbytes(64U, 8U, s_bytes, s_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(8U, 64U, 8U, bp_matrix, s_matrix, m_matrix);
+  Hacl_Impl_Matrix_matrix_sub(8U, 8U, c_matrix, m_matrix);
+  Hacl_Impl_Frodo_Encode_frodo_key_decode(15U, 2U, 8U, m_matrix, mu_decode);
+  Lib_Memzero0_memzero(s_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, 64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
-  uint32_t pkh_mu_decode_len = (uint32_t)32U;
+  uint32_t pkh_mu_decode_len = 32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
   uint8_t *pkh_mu_decode = (uint8_t *)alloca(pkh_mu_decode_len * sizeof (uint8_t));
   memset(pkh_mu_decode, 0U, pkh_mu_decode_len * sizeof (uint8_t));
-  uint8_t *pkh = sk + (uint32_t)2016U;
-  memcpy(pkh_mu_decode, pkh, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(pkh_mu_decode + (uint32_t)16U, mu_decode, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(pkh_mu_decode_len, pkh_mu_decode, (uint32_t)32U, seed_se_k);
+  uint8_t *pkh = sk + 2016U;
+  memcpy(pkh_mu_decode, pkh, 16U * sizeof (uint8_t));
+  memcpy(pkh_mu_decode + 16U, mu_decode, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(pkh_mu_decode_len, pkh_mu_decode, 32U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *kp = seed_se_k + (uint32_t)16U;
+  uint8_t *kp = seed_se_k + 16U;
   uint8_t *s = sk;
   uint16_t bpp_matrix[512U] = { 0U };
   uint16_t cp_matrix[64U] = { 0U };
@@ -221,80 +178,58 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[2176U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
-    (uint32_t)64U,
-    r + (uint32_t)1024U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)2048U,
-    epp_matrix);
-  uint8_t *pk = sk + (uint32_t)16U;
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 2176U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 64U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 64U, r + 1024U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix64(8U, 8U, r + 2048U, epp_matrix);
+  uint8_t *pk = sk + 16U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t a_matrix[4096U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)64U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)64U,
-    sp_matrix,
-    a_matrix,
-    bpp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)64U, bpp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 64U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 64U, 64U, sp_matrix, a_matrix, bpp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 64U, bpp_matrix, ep_matrix);
   uint16_t b_matrix[512U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)64U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    cp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(64U, 8U, 15U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 64U, 8U, sp_matrix, b_matrix, cp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    mu_decode,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, bpp_matrix);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)64U, bp_matrix, bpp_matrix);
-  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
-  uint16_t mask = b1 & b2;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(15U, 2U, 8U, mu_decode, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Matrix_mod_pow2(8U, 64U, 15U, bpp_matrix);
+  Hacl_Impl_Matrix_mod_pow2(8U, 8U, 15U, cp_matrix);
+  Lib_Memzero0_memzero(sp_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq(8U, 64U, bp_matrix, bpp_matrix);
+  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq(8U, 8U, c_matrix, cp_matrix);
+  uint16_t mask = (uint32_t)b1 & (uint32_t)b2;
   uint16_t mask0 = mask;
   uint8_t kp_s[16U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint8_t *os = kp_s;
     uint8_t uu____0 = s[i];
-    uint8_t x = uu____0 ^ ((uint8_t)mask0 & (kp[i] ^ uu____0));
+    uint8_t
+    x = (uint32_t)uu____0 ^ ((uint32_t)(uint8_t)mask0 & ((uint32_t)kp[i] ^ (uint32_t)uu____0));
     os[i] = x;);
-  uint32_t ss_init_len = (uint32_t)1096U;
+  uint32_t ss_init_len = 1096U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *ss_init = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
   memset(ss_init, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(ss_init, ct, (uint32_t)1080U * sizeof (uint8_t));
-  memcpy(ss_init + (uint32_t)1080U, kp_s, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
+  memcpy(ss_init, ct, 1080U * sizeof (uint8_t));
+  memcpy(ss_init + 1080U, kp_s, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(ss_init_len, ss_init, 16U, ss);
   Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(kp_s, 16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, 32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, 16U, uint8_t);
+  return 0U;
 }
 
diff --git a/src/msvc/Hacl_Frodo640.c b/src/msvc/Hacl_Frodo640.c
index badd2bae..5de5871f 100644
--- a/src/msvc/Hacl_Frodo640.c
+++ b/src/msvc/Hacl_Frodo640.c
@@ -29,151 +29,113 @@
 #include "internal/Hacl_Frodo_KEM.h"
 #include "lib_memzero0.h"
 
-uint32_t Hacl_Frodo640_crypto_bytes = (uint32_t)16U;
+uint32_t Hacl_Frodo640_crypto_bytes = 16U;
 
-uint32_t Hacl_Frodo640_crypto_publickeybytes = (uint32_t)9616U;
+uint32_t Hacl_Frodo640_crypto_publickeybytes = 9616U;
 
-uint32_t Hacl_Frodo640_crypto_secretkeybytes = (uint32_t)19888U;
+uint32_t Hacl_Frodo640_crypto_secretkeybytes = 19888U;
 
-uint32_t Hacl_Frodo640_crypto_ciphertextbytes = (uint32_t)9720U;
+uint32_t Hacl_Frodo640_crypto_ciphertextbytes = 9720U;
 
 uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
 {
   uint8_t coins[48U] = { 0U };
-  randombytes_((uint32_t)48U, coins);
+  randombytes_(48U, coins);
   uint8_t *s = coins;
-  uint8_t *seed_se = coins + (uint32_t)16U;
-  uint8_t *z = coins + (uint32_t)32U;
+  uint8_t *seed_se = coins + 16U;
+  uint8_t *z = coins + 32U;
   uint8_t *seed_a = pk;
-  Hacl_SHA3_shake128_hacl((uint32_t)16U, z, (uint32_t)16U, seed_a);
-  uint8_t *b_bytes = pk + (uint32_t)16U;
-  uint8_t *s_bytes = sk + (uint32_t)9632U;
+  Hacl_Hash_SHA3_shake128_hacl(16U, z, 16U, seed_a);
+  uint8_t *b_bytes = pk + 16U;
+  uint8_t *s_bytes = sk + 9632U;
   uint16_t s_matrix[5120U] = { 0U };
   uint16_t e_matrix[5120U] = { 0U };
   uint8_t r[20480U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x5fU;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20480U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U, (uint32_t)8U, r, s_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U,
-    (uint32_t)8U,
-    r + (uint32_t)10240U,
-    e_matrix);
+  shake_input_seed_se[0U] = 0x5fU;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 20480U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(640U, 8U, r, s_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(640U, 8U, r + 10240U, e_matrix);
   uint16_t b_matrix[5120U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)409600U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 409600U);
   uint16_t a_matrix[409600U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)640U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)640U,
-    (uint32_t)640U,
-    (uint32_t)8U,
-    a_matrix,
-    s_matrix,
-    b_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)640U, (uint32_t)8U, b_matrix, e_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)640U,
-    (uint32_t)8U,
-    (uint32_t)15U,
-    b_matrix,
-    b_bytes);
-  Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)640U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U, uint16_t);
-  uint32_t slen1 = (uint32_t)19872U;
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 640U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(640U, 640U, 8U, a_matrix, s_matrix, b_matrix);
+  Hacl_Impl_Matrix_matrix_add(640U, 8U, b_matrix, e_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(640U, 8U, 15U, b_matrix, b_bytes);
+  Hacl_Impl_Matrix_matrix_to_lbytes(640U, 8U, s_matrix, s_bytes);
+  Lib_Memzero0_memzero(s_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, 5120U, uint16_t);
+  uint32_t slen1 = 19872U;
   uint8_t *sk_p = sk;
-  memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)9616U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)9616U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
-  return (uint32_t)0U;
+  memcpy(sk_p, s, 16U * sizeof (uint8_t));
+  memcpy(sk_p + 16U, pk, 9616U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(9616U, pk, 16U, sk + slen1);
+  Lib_Memzero0_memzero(coins, 48U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
 {
   uint8_t coins[16U] = { 0U };
-  randombytes_((uint32_t)16U, coins);
+  randombytes_(16U, coins);
   uint8_t seed_se_k[32U] = { 0U };
   uint8_t pkh_mu[32U] = { 0U };
-  Hacl_SHA3_shake128_hacl((uint32_t)9616U, pk, (uint32_t)16U, pkh_mu);
-  memcpy(pkh_mu + (uint32_t)16U, coins, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)32U, pkh_mu, (uint32_t)32U, seed_se_k);
+  Hacl_Hash_SHA3_shake128_hacl(9616U, pk, 16U, pkh_mu);
+  memcpy(pkh_mu + 16U, coins, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(32U, pkh_mu, 32U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *k = seed_se_k + (uint32_t)16U;
+  uint8_t *k = seed_se_k + 16U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t sp_matrix[5120U] = { 0U };
   uint16_t ep_matrix[5120U] = { 0U };
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[20608U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
-    (uint32_t)640U,
-    r + (uint32_t)10240U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)20480U,
-    epp_matrix);
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 20608U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 640U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 640U, r + 10240U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 8U, r + 20480U, epp_matrix);
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)9600U;
+  uint8_t *c2 = ct + 9600U;
   uint16_t bp_matrix[5120U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)409600U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 409600U);
   uint16_t a_matrix[409600U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)640U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)640U,
-    sp_matrix,
-    a_matrix,
-    bp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)640U, bp_matrix, ep_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, bp_matrix, c1);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 640U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 640U, 640U, sp_matrix, a_matrix, bp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 640U, bp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 640U, 15U, bp_matrix, c1);
   uint16_t v_matrix[64U] = { 0U };
   uint16_t b_matrix[5120U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)640U, (uint32_t)8U, (uint32_t)15U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    v_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(640U, 8U, 15U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 640U, 8U, sp_matrix, b_matrix, v_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    coins,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint32_t ss_init_len = (uint32_t)9736U;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(15U, 2U, 8U, coins, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 8U, 15U, v_matrix, c2);
+  Lib_Memzero0_memzero(v_matrix, 64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint32_t ss_init_len = 9736U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
   memset(shake_input_ss, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(shake_input_ss, ct, (uint32_t)9720U * sizeof (uint8_t));
-  memcpy(shake_input_ss + (uint32_t)9720U, k, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
+  memcpy(shake_input_ss, ct, 9720U * sizeof (uint8_t));
+  memcpy(shake_input_ss + 9720U, k, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(ss_init_len, shake_input_ss, 16U, ss);
   Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(seed_se_k, 32U, uint8_t);
+  Lib_Memzero0_memzero(coins, 16U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
@@ -181,39 +143,30 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t bp_matrix[5120U] = { 0U };
   uint16_t c_matrix[64U] = { 0U };
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)9600U;
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, c1, bp_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, c2, c_matrix);
+  uint8_t *c2 = ct + 9600U;
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 640U, 15U, c1, bp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 8U, 15U, c2, c_matrix);
   uint8_t mu_decode[16U] = { 0U };
-  uint8_t *s_bytes = sk + (uint32_t)9632U;
+  uint8_t *s_bytes = sk + 9632U;
   uint16_t s_matrix[5120U] = { 0U };
   uint16_t m_matrix[64U] = { 0U };
-  Hacl_Impl_Matrix_matrix_from_lbytes((uint32_t)640U, (uint32_t)8U, s_bytes, s_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)8U,
-    bp_matrix,
-    s_matrix,
-    m_matrix);
-  Hacl_Impl_Matrix_matrix_sub((uint32_t)8U, (uint32_t)8U, c_matrix, m_matrix);
-  Hacl_Impl_Frodo_Encode_frodo_key_decode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    m_matrix,
-    mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
+  Hacl_Impl_Matrix_matrix_from_lbytes(640U, 8U, s_bytes, s_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(8U, 640U, 8U, bp_matrix, s_matrix, m_matrix);
+  Hacl_Impl_Matrix_matrix_sub(8U, 8U, c_matrix, m_matrix);
+  Hacl_Impl_Frodo_Encode_frodo_key_decode(15U, 2U, 8U, m_matrix, mu_decode);
+  Lib_Memzero0_memzero(s_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, 64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
-  uint32_t pkh_mu_decode_len = (uint32_t)32U;
+  uint32_t pkh_mu_decode_len = 32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
   uint8_t *pkh_mu_decode = (uint8_t *)alloca(pkh_mu_decode_len * sizeof (uint8_t));
   memset(pkh_mu_decode, 0U, pkh_mu_decode_len * sizeof (uint8_t));
-  uint8_t *pkh = sk + (uint32_t)19872U;
-  memcpy(pkh_mu_decode, pkh, (uint32_t)16U * sizeof (uint8_t));
-  memcpy(pkh_mu_decode + (uint32_t)16U, mu_decode, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(pkh_mu_decode_len, pkh_mu_decode, (uint32_t)32U, seed_se_k);
+  uint8_t *pkh = sk + 19872U;
+  memcpy(pkh_mu_decode, pkh, 16U * sizeof (uint8_t));
+  memcpy(pkh_mu_decode + 16U, mu_decode, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(pkh_mu_decode_len, pkh_mu_decode, 32U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *kp = seed_se_k + (uint32_t)16U;
+  uint8_t *kp = seed_se_k + 16U;
   uint8_t *s = sk;
   uint16_t bpp_matrix[5120U] = { 0U };
   uint16_t cp_matrix[64U] = { 0U };
@@ -222,81 +175,59 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[20608U] = { 0U };
   uint8_t shake_input_seed_se[17U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
-    (uint32_t)640U,
-    r + (uint32_t)10240U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)20480U,
-    epp_matrix);
-  uint8_t *pk = sk + (uint32_t)16U;
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(17U, shake_input_seed_se, 20608U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 17U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 640U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 640U, r + 10240U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix640(8U, 8U, r + 20480U, epp_matrix);
+  uint8_t *pk = sk + 16U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)409600U);
+  uint8_t *b = pk + 16U;
+  KRML_CHECK_SIZE(sizeof (uint16_t), 409600U);
   uint16_t a_matrix[409600U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)640U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)640U,
-    sp_matrix,
-    a_matrix,
-    bpp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)640U, bpp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 640U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 640U, 640U, sp_matrix, a_matrix, bpp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 640U, bpp_matrix, ep_matrix);
   uint16_t b_matrix[5120U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)640U, (uint32_t)8U, (uint32_t)15U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)640U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    cp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(640U, 8U, 15U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 640U, 8U, sp_matrix, b_matrix, cp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)15U,
-    (uint32_t)2U,
-    (uint32_t)8U,
-    mu_decode,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, bpp_matrix);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)640U, bp_matrix, bpp_matrix);
-  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
-  uint16_t mask = b1 & b2;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(15U, 2U, 8U, mu_decode, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Matrix_mod_pow2(8U, 640U, 15U, bpp_matrix);
+  Hacl_Impl_Matrix_mod_pow2(8U, 8U, 15U, cp_matrix);
+  Lib_Memzero0_memzero(sp_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq(8U, 640U, bp_matrix, bpp_matrix);
+  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq(8U, 8U, c_matrix, cp_matrix);
+  uint16_t mask = (uint32_t)b1 & (uint32_t)b2;
   uint16_t mask0 = mask;
   uint8_t kp_s[16U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint8_t *os = kp_s;
     uint8_t uu____0 = s[i];
-    uint8_t x = uu____0 ^ ((uint8_t)mask0 & (kp[i] ^ uu____0));
+    uint8_t
+    x = (uint32_t)uu____0 ^ ((uint32_t)(uint8_t)mask0 & ((uint32_t)kp[i] ^ (uint32_t)uu____0));
     os[i] = x;);
-  uint32_t ss_init_len = (uint32_t)9736U;
+  uint32_t ss_init_len = 9736U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *ss_init = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
   memset(ss_init, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(ss_init, ct, (uint32_t)9720U * sizeof (uint8_t));
-  memcpy(ss_init + (uint32_t)9720U, kp_s, (uint32_t)16U * sizeof (uint8_t));
-  Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
+  memcpy(ss_init, ct, 9720U * sizeof (uint8_t));
+  memcpy(ss_init + 9720U, kp_s, 16U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake128_hacl(ss_init_len, ss_init, 16U, ss);
   Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(kp_s, 16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, 32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, 16U, uint8_t);
+  return 0U;
 }
 
diff --git a/src/msvc/Hacl_Frodo976.c b/src/msvc/Hacl_Frodo976.c
index dbd9bc32..61454ceb 100644
--- a/src/msvc/Hacl_Frodo976.c
+++ b/src/msvc/Hacl_Frodo976.c
@@ -29,151 +29,113 @@
 #include "internal/Hacl_Frodo_KEM.h"
 #include "lib_memzero0.h"
 
-uint32_t Hacl_Frodo976_crypto_bytes = (uint32_t)24U;
+uint32_t Hacl_Frodo976_crypto_bytes = 24U;
 
-uint32_t Hacl_Frodo976_crypto_publickeybytes = (uint32_t)15632U;
+uint32_t Hacl_Frodo976_crypto_publickeybytes = 15632U;
 
-uint32_t Hacl_Frodo976_crypto_secretkeybytes = (uint32_t)31296U;
+uint32_t Hacl_Frodo976_crypto_secretkeybytes = 31296U;
 
-uint32_t Hacl_Frodo976_crypto_ciphertextbytes = (uint32_t)15744U;
+uint32_t Hacl_Frodo976_crypto_ciphertextbytes = 15744U;
 
 uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
 {
   uint8_t coins[64U] = { 0U };
-  randombytes_((uint32_t)64U, coins);
+  randombytes_(64U, coins);
   uint8_t *s = coins;
-  uint8_t *seed_se = coins + (uint32_t)24U;
-  uint8_t *z = coins + (uint32_t)48U;
+  uint8_t *seed_se = coins + 24U;
+  uint8_t *z = coins + 48U;
   uint8_t *seed_a = pk;
-  Hacl_SHA3_shake256_hacl((uint32_t)16U, z, (uint32_t)16U, seed_a);
-  uint8_t *b_bytes = pk + (uint32_t)16U;
-  uint8_t *s_bytes = sk + (uint32_t)15656U;
+  Hacl_Hash_SHA3_shake256_hacl(16U, z, 16U, seed_a);
+  uint8_t *b_bytes = pk + 16U;
+  uint8_t *s_bytes = sk + 15656U;
   uint16_t s_matrix[7808U] = { 0U };
   uint16_t e_matrix[7808U] = { 0U };
   uint8_t r[31232U] = { 0U };
   uint8_t shake_input_seed_se[25U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x5fU;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31232U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U, (uint32_t)8U, r, s_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U,
-    (uint32_t)8U,
-    r + (uint32_t)15616U,
-    e_matrix);
+  shake_input_seed_se[0U] = 0x5fU;
+  memcpy(shake_input_seed_se + 1U, seed_se, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(25U, shake_input_seed_se, 31232U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 25U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(976U, 8U, r, s_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(976U, 8U, r + 15616U, e_matrix);
   uint16_t b_matrix[7808U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)952576U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 952576U);
   uint16_t a_matrix[952576U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)976U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)976U,
-    (uint32_t)976U,
-    (uint32_t)8U,
-    a_matrix,
-    s_matrix,
-    b_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)976U, (uint32_t)8U, b_matrix, e_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)976U,
-    (uint32_t)8U,
-    (uint32_t)16U,
-    b_matrix,
-    b_bytes);
-  Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)976U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U, uint16_t);
-  uint32_t slen1 = (uint32_t)31272U;
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 976U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(976U, 976U, 8U, a_matrix, s_matrix, b_matrix);
+  Hacl_Impl_Matrix_matrix_add(976U, 8U, b_matrix, e_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(976U, 8U, 16U, b_matrix, b_bytes);
+  Hacl_Impl_Matrix_matrix_to_lbytes(976U, 8U, s_matrix, s_bytes);
+  Lib_Memzero0_memzero(s_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, 7808U, uint16_t);
+  uint32_t slen1 = 31272U;
   uint8_t *sk_p = sk;
-  memcpy(sk_p, s, (uint32_t)24U * sizeof (uint8_t));
-  memcpy(sk_p + (uint32_t)24U, pk, (uint32_t)15632U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)15632U, pk, (uint32_t)24U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)64U, uint8_t);
-  return (uint32_t)0U;
+  memcpy(sk_p, s, 24U * sizeof (uint8_t));
+  memcpy(sk_p + 24U, pk, 15632U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(15632U, pk, 24U, sk + slen1);
+  Lib_Memzero0_memzero(coins, 64U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
 {
   uint8_t coins[24U] = { 0U };
-  randombytes_((uint32_t)24U, coins);
+  randombytes_(24U, coins);
   uint8_t seed_se_k[48U] = { 0U };
   uint8_t pkh_mu[48U] = { 0U };
-  Hacl_SHA3_shake256_hacl((uint32_t)15632U, pk, (uint32_t)24U, pkh_mu);
-  memcpy(pkh_mu + (uint32_t)24U, coins, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)48U, pkh_mu, (uint32_t)48U, seed_se_k);
+  Hacl_Hash_SHA3_shake256_hacl(15632U, pk, 24U, pkh_mu);
+  memcpy(pkh_mu + 24U, coins, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(48U, pkh_mu, 48U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *k = seed_se_k + (uint32_t)24U;
+  uint8_t *k = seed_se_k + 24U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
+  uint8_t *b = pk + 16U;
   uint16_t sp_matrix[7808U] = { 0U };
   uint16_t ep_matrix[7808U] = { 0U };
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[31360U] = { 0U };
   uint8_t shake_input_seed_se[25U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
-    (uint32_t)976U,
-    r + (uint32_t)15616U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)31232U,
-    epp_matrix);
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(25U, shake_input_seed_se, 31360U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 25U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 976U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 976U, r + 15616U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 8U, r + 31232U, epp_matrix);
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)15616U;
+  uint8_t *c2 = ct + 15616U;
   uint16_t bp_matrix[7808U] = { 0U };
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)952576U);
+  KRML_CHECK_SIZE(sizeof (uint16_t), 952576U);
   uint16_t a_matrix[952576U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)976U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)976U,
-    sp_matrix,
-    a_matrix,
-    bp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)976U, bp_matrix, ep_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, bp_matrix, c1);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 976U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 976U, 976U, sp_matrix, a_matrix, bp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 976U, bp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 976U, 16U, bp_matrix, c1);
   uint16_t v_matrix[64U] = { 0U };
   uint16_t b_matrix[7808U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)976U, (uint32_t)8U, (uint32_t)16U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    v_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(976U, 8U, 16U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 976U, 8U, sp_matrix, b_matrix, v_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)16U,
-    (uint32_t)3U,
-    (uint32_t)8U,
-    coins,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint32_t ss_init_len = (uint32_t)15768U;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(16U, 3U, 8U, coins, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, v_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Frodo_Pack_frodo_pack(8U, 8U, 16U, v_matrix, c2);
+  Lib_Memzero0_memzero(v_matrix, 64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint32_t ss_init_len = 15768U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
   memset(shake_input_ss, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(shake_input_ss, ct, (uint32_t)15744U * sizeof (uint8_t));
-  memcpy(shake_input_ss + (uint32_t)15744U, k, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)24U, ss);
+  memcpy(shake_input_ss, ct, 15744U * sizeof (uint8_t));
+  memcpy(shake_input_ss + 15744U, k, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(ss_init_len, shake_input_ss, 24U, ss);
   Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
-  Lib_Memzero0_memzero(coins, (uint32_t)24U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(seed_se_k, 48U, uint8_t);
+  Lib_Memzero0_memzero(coins, 24U, uint8_t);
+  return 0U;
 }
 
 uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
@@ -181,39 +143,30 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t bp_matrix[7808U] = { 0U };
   uint16_t c_matrix[64U] = { 0U };
   uint8_t *c1 = ct;
-  uint8_t *c2 = ct + (uint32_t)15616U;
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, c1, bp_matrix);
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, c2, c_matrix);
+  uint8_t *c2 = ct + 15616U;
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 976U, 16U, c1, bp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(8U, 8U, 16U, c2, c_matrix);
   uint8_t mu_decode[24U] = { 0U };
-  uint8_t *s_bytes = sk + (uint32_t)15656U;
+  uint8_t *s_bytes = sk + 15656U;
   uint16_t s_matrix[7808U] = { 0U };
   uint16_t m_matrix[64U] = { 0U };
-  Hacl_Impl_Matrix_matrix_from_lbytes((uint32_t)976U, (uint32_t)8U, s_bytes, s_matrix);
-  Hacl_Impl_Matrix_matrix_mul_s((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)8U,
-    bp_matrix,
-    s_matrix,
-    m_matrix);
-  Hacl_Impl_Matrix_matrix_sub((uint32_t)8U, (uint32_t)8U, c_matrix, m_matrix);
-  Hacl_Impl_Frodo_Encode_frodo_key_decode((uint32_t)16U,
-    (uint32_t)3U,
-    (uint32_t)8U,
-    m_matrix,
-    mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
+  Hacl_Impl_Matrix_matrix_from_lbytes(976U, 8U, s_bytes, s_matrix);
+  Hacl_Impl_Matrix_matrix_mul_s(8U, 976U, 8U, bp_matrix, s_matrix, m_matrix);
+  Hacl_Impl_Matrix_matrix_sub(8U, 8U, c_matrix, m_matrix);
+  Hacl_Impl_Frodo_Encode_frodo_key_decode(16U, 3U, 8U, m_matrix, mu_decode);
+  Lib_Memzero0_memzero(s_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, 64U, uint16_t);
   uint8_t seed_se_k[48U] = { 0U };
-  uint32_t pkh_mu_decode_len = (uint32_t)48U;
+  uint32_t pkh_mu_decode_len = 48U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
   uint8_t *pkh_mu_decode = (uint8_t *)alloca(pkh_mu_decode_len * sizeof (uint8_t));
   memset(pkh_mu_decode, 0U, pkh_mu_decode_len * sizeof (uint8_t));
-  uint8_t *pkh = sk + (uint32_t)31272U;
-  memcpy(pkh_mu_decode, pkh, (uint32_t)24U * sizeof (uint8_t));
-  memcpy(pkh_mu_decode + (uint32_t)24U, mu_decode, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(pkh_mu_decode_len, pkh_mu_decode, (uint32_t)48U, seed_se_k);
+  uint8_t *pkh = sk + 31272U;
+  memcpy(pkh_mu_decode, pkh, 24U * sizeof (uint8_t));
+  memcpy(pkh_mu_decode + 24U, mu_decode, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(pkh_mu_decode_len, pkh_mu_decode, 48U, seed_se_k);
   uint8_t *seed_se = seed_se_k;
-  uint8_t *kp = seed_se_k + (uint32_t)24U;
+  uint8_t *kp = seed_se_k + 24U;
   uint8_t *s = sk;
   uint16_t bpp_matrix[7808U] = { 0U };
   uint16_t cp_matrix[64U] = { 0U };
@@ -222,80 +175,58 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   uint16_t epp_matrix[64U] = { 0U };
   uint8_t r[31360U] = { 0U };
   uint8_t shake_input_seed_se[25U] = { 0U };
-  shake_input_seed_se[0U] = (uint8_t)0x96U;
-  memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
-    (uint32_t)976U,
-    r + (uint32_t)15616U,
-    ep_matrix);
-  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
-    (uint32_t)8U,
-    r + (uint32_t)31232U,
-    epp_matrix);
-  uint8_t *pk = sk + (uint32_t)24U;
+  shake_input_seed_se[0U] = 0x96U;
+  memcpy(shake_input_seed_se + 1U, seed_se, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(25U, shake_input_seed_se, 31360U, r);
+  Lib_Memzero0_memzero(shake_input_seed_se, 25U, uint8_t);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 976U, r, sp_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 976U, r + 15616U, ep_matrix);
+  Hacl_Impl_Frodo_Sample_frodo_sample_matrix976(8U, 8U, r + 31232U, epp_matrix);
+  uint8_t *pk = sk + 24U;
   uint8_t *seed_a = pk;
-  uint8_t *b = pk + (uint32_t)16U;
-  KRML_CHECK_SIZE(sizeof (uint16_t), (uint32_t)952576U);
+  uint8_t *b = pk + 16U;
+  KRML_CHECK_SIZE(sizeof (uint16_t), 952576U);
   uint16_t a_matrix[952576U] = { 0U };
-  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128,
-    (uint32_t)976U,
-    seed_a,
-    a_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)976U,
-    sp_matrix,
-    a_matrix,
-    bpp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)976U, bpp_matrix, ep_matrix);
+  Hacl_Impl_Frodo_Params_frodo_gen_matrix(Spec_Frodo_Params_SHAKE128, 976U, seed_a, a_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 976U, 976U, sp_matrix, a_matrix, bpp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 976U, bpp_matrix, ep_matrix);
   uint16_t b_matrix[7808U] = { 0U };
-  Hacl_Impl_Frodo_Pack_frodo_unpack((uint32_t)976U, (uint32_t)8U, (uint32_t)16U, b, b_matrix);
-  Hacl_Impl_Matrix_matrix_mul((uint32_t)8U,
-    (uint32_t)976U,
-    (uint32_t)8U,
-    sp_matrix,
-    b_matrix,
-    cp_matrix);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, epp_matrix);
+  Hacl_Impl_Frodo_Pack_frodo_unpack(976U, 8U, 16U, b, b_matrix);
+  Hacl_Impl_Matrix_matrix_mul(8U, 976U, 8U, sp_matrix, b_matrix, cp_matrix);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, epp_matrix);
   uint16_t mu_encode[64U] = { 0U };
-  Hacl_Impl_Frodo_Encode_frodo_key_encode((uint32_t)16U,
-    (uint32_t)3U,
-    (uint32_t)8U,
-    mu_decode,
-    mu_encode);
-  Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, bpp_matrix);
-  Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
-  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)976U, bp_matrix, bpp_matrix);
-  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
-  uint16_t mask = b1 & b2;
+  Hacl_Impl_Frodo_Encode_frodo_key_encode(16U, 3U, 8U, mu_decode, mu_encode);
+  Hacl_Impl_Matrix_matrix_add(8U, 8U, cp_matrix, mu_encode);
+  Lib_Memzero0_memzero(mu_encode, 64U, uint16_t);
+  Hacl_Impl_Matrix_mod_pow2(8U, 976U, 16U, bpp_matrix);
+  Hacl_Impl_Matrix_mod_pow2(8U, 8U, 16U, cp_matrix);
+  Lib_Memzero0_memzero(sp_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, 7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, 64U, uint16_t);
+  uint16_t b1 = Hacl_Impl_Matrix_matrix_eq(8U, 976U, bp_matrix, bpp_matrix);
+  uint16_t b2 = Hacl_Impl_Matrix_matrix_eq(8U, 8U, c_matrix, cp_matrix);
+  uint16_t mask = (uint32_t)b1 & (uint32_t)b2;
   uint16_t mask0 = mask;
   uint8_t kp_s[24U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)24U; i++)
+  for (uint32_t i = 0U; i < 24U; i++)
   {
     uint8_t *os = kp_s;
     uint8_t uu____0 = s[i];
-    uint8_t x = uu____0 ^ ((uint8_t)mask0 & (kp[i] ^ uu____0));
+    uint8_t
+    x = (uint32_t)uu____0 ^ ((uint32_t)(uint8_t)mask0 & ((uint32_t)kp[i] ^ (uint32_t)uu____0));
     os[i] = x;
   }
-  uint32_t ss_init_len = (uint32_t)15768U;
+  uint32_t ss_init_len = 15768U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *ss_init = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
   memset(ss_init, 0U, ss_init_len * sizeof (uint8_t));
-  memcpy(ss_init, ct, (uint32_t)15744U * sizeof (uint8_t));
-  memcpy(ss_init + (uint32_t)15744U, kp_s, (uint32_t)24U * sizeof (uint8_t));
-  Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)24U, ss);
+  memcpy(ss_init, ct, 15744U * sizeof (uint8_t));
+  memcpy(ss_init + 15744U, kp_s, 24U * sizeof (uint8_t));
+  Hacl_Hash_SHA3_shake256_hacl(ss_init_len, ss_init, 24U, ss);
   Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
-  Lib_Memzero0_memzero(kp_s, (uint32_t)24U, uint8_t);
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U, uint8_t);
-  return (uint32_t)0U;
+  Lib_Memzero0_memzero(kp_s, 24U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, 48U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, 24U, uint8_t);
+  return 0U;
 }
 
diff --git a/src/msvc/Hacl_Frodo_KEM.c b/src/msvc/Hacl_Frodo_KEM.c
index 4265ac0e..e0a65a47 100644
--- a/src/msvc/Hacl_Frodo_KEM.c
+++ b/src/msvc/Hacl_Frodo_KEM.c
@@ -30,6 +30,6 @@
 
 void randombytes_(uint32_t len, uint8_t *res)
 {
-  KRML_HOST_IGNORE(Lib_RandomBuffer_System_randombytes(res, len));
+  Lib_RandomBuffer_System_randombytes(res, len);
 }
 
diff --git a/src/msvc/Hacl_GenericField32.c b/src/msvc/Hacl_GenericField32.c
index 47ca15e8..750d56fc 100644
--- a/src/msvc/Hacl_GenericField32.c
+++ b/src/msvc/Hacl_GenericField32.c
@@ -56,7 +56,7 @@ Check whether this library will work for a modulus `n`.
 bool Hacl_GenericField32_field_modulus_check(uint32_t len, uint32_t *n)
 {
   uint32_t m = Hacl_Bignum_Montgomery_bn_check_modulus_u32(len, n);
-  return m == (uint32_t)0xFFFFFFFFU;
+  return m == 0xFFFFFFFFU;
 }
 
 /**
@@ -82,7 +82,7 @@ Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32
   uint32_t *r21 = r2;
   uint32_t *n11 = n1;
   memcpy(n11, n, len * sizeof (uint32_t));
-  uint32_t nBits = (uint32_t)32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
+  uint32_t nBits = 32U * Hacl_Bignum_Lib_bn_get_top_index_u32(len, n);
   Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(len, nBits, n, r21);
   uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32 res = { .len = len, .n = n11, .mu = mu, .r2 = r21 };
@@ -283,27 +283,27 @@ Hacl_GenericField32_exp_consttime(
   uint32_t *aMc = (uint32_t *)alloca(k1.len * sizeof (uint32_t));
   memset(aMc, 0U, k1.len * sizeof (uint32_t));
   memcpy(aMc, aM, k1.len * sizeof (uint32_t));
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len1 + len1);
     uint32_t *ctx = (uint32_t *)alloca((len1 + len1) * sizeof (uint32_t));
     memset(ctx, 0U, (len1 + len1) * sizeof (uint32_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint32_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint32_t));
-    uint32_t sw = (uint32_t)0U;
+    uint32_t sw = 0U;
     uint32_t *ctx_n = ctx;
     uint32_t *ctx_r2 = ctx + len1;
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len1, ctx_n, k1.mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)32U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)32U;
+      uint32_t i1 = (bBits - i0 - 1U) / 32U;
+      uint32_t j = (bBits - i0 - 1U) % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
+      uint32_t bit = tmp >> j & 1U;
       uint32_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < len1; i++)
+      for (uint32_t i = 0U; i < len1; i++)
       {
-        uint32_t dummy = ((uint32_t)0U - sw1) & (resM[i] ^ aMc[i]);
+        uint32_t dummy = (0U - sw1) & (resM[i] ^ aMc[i]);
         resM[i] = resM[i] ^ dummy;
         aMc[i] = aMc[i] ^ dummy;
       }
@@ -314,9 +314,9 @@ Hacl_GenericField32_exp_consttime(
       sw = bit;
     }
     uint32_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < len1; i++)
+    for (uint32_t i = 0U; i < len1; i++)
     {
-      uint32_t dummy = ((uint32_t)0U - sw0) & (resM[i] ^ aMc[i]);
+      uint32_t dummy = (0U - sw0) & (resM[i] ^ aMc[i]);
       resM[i] = resM[i] ^ dummy;
       aMc[i] = aMc[i] ^ dummy;
     }
@@ -324,22 +324,22 @@ Hacl_GenericField32_exp_consttime(
   else
   {
     uint32_t bLen;
-    if (bBits == (uint32_t)0U)
+    if (bBits == 0U)
     {
-      bLen = (uint32_t)1U;
+      bLen = 1U;
     }
     else
     {
-      bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+      bLen = (bBits - 1U) / 32U + 1U;
     }
     KRML_CHECK_SIZE(sizeof (uint32_t), len1 + len1);
     uint32_t *ctx = (uint32_t *)alloca((len1 + len1) * sizeof (uint32_t));
     memset(ctx, 0U, (len1 + len1) * sizeof (uint32_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint32_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)16U * len1);
-    uint32_t *table = (uint32_t *)alloca((uint32_t)16U * len1 * sizeof (uint32_t));
-    memset(table, 0U, (uint32_t)16U * len1 * sizeof (uint32_t));
+    KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len1);
+    uint32_t *table = (uint32_t *)alloca(16U * len1 * sizeof (uint32_t));
+    memset(table, 0U, 16U * len1 * sizeof (uint32_t));
     KRML_CHECK_SIZE(sizeof (uint32_t), len1);
     uint32_t *tmp = (uint32_t *)alloca(len1 * sizeof (uint32_t));
     memset(tmp, 0U, len1 * sizeof (uint32_t));
@@ -350,29 +350,29 @@ Hacl_GenericField32_exp_consttime(
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len1, ctx_n0, k1.mu, ctx_r20, t0);
     memcpy(t1, aMc, len1 * sizeof (uint32_t));
     KRML_MAYBE_FOR7(i,
-      (uint32_t)0U,
-      (uint32_t)7U,
-      (uint32_t)1U,
-      uint32_t *t11 = table + (i + (uint32_t)1U) * len1;
+      0U,
+      7U,
+      1U,
+      uint32_t *t11 = table + (i + 1U) * len1;
       uint32_t *ctx_n1 = ctx;
       Hacl_Bignum_Montgomery_bn_mont_sqr_u32(len1, ctx_n1, k1.mu, t11, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len1, tmp, len1 * sizeof (uint32_t));
-      uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len1;
+      memcpy(table + (2U * i + 2U) * len1, tmp, len1 * sizeof (uint32_t));
+      uint32_t *t2 = table + (2U * i + 2U) * len1;
       uint32_t *ctx_n = ctx;
       Hacl_Bignum_Montgomery_bn_mont_mul_u32(len1, ctx_n, k1.mu, aMc, t2, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len1, tmp, len1 * sizeof (uint32_t)););
-    if (bBits % (uint32_t)4U != (uint32_t)0U)
+      memcpy(table + (2U * i + 3U) * len1, tmp, len1 * sizeof (uint32_t)););
+    if (bBits % 4U != 0U)
     {
-      uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-      uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, (uint32_t)4U);
-      memcpy(resM, (uint32_t *)(table + (uint32_t)0U * len1), len1 * sizeof (uint32_t));
+      uint32_t i0 = bBits / 4U * 4U;
+      uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, 4U);
+      memcpy(resM, (uint32_t *)(table + 0U * len1), len1 * sizeof (uint32_t));
       KRML_MAYBE_FOR15(i1,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
-        uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + (uint32_t)1U);
-        const uint32_t *res_j = table + (i1 + (uint32_t)1U) * len1;
-        for (uint32_t i = (uint32_t)0U; i < len1; i++)
+        0U,
+        15U,
+        1U,
+        uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + 1U);
+        const uint32_t *res_j = table + (i1 + 1U) * len1;
+        for (uint32_t i = 0U; i < len1; i++)
         {
           uint32_t *os = resM;
           uint32_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -388,24 +388,24 @@ Hacl_GenericField32_exp_consttime(
     KRML_CHECK_SIZE(sizeof (uint32_t), len1);
     uint32_t *tmp0 = (uint32_t *)alloca(len1 * sizeof (uint32_t));
     memset(tmp0, 0U, len1 * sizeof (uint32_t));
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
     {
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint32_t *ctx_n = ctx;
         Hacl_Bignum_Montgomery_bn_mont_sqr_u32(len1, ctx_n, k1.mu, resM, resM););
-      uint32_t k2 = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-      uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k2, (uint32_t)4U);
-      memcpy(tmp0, (uint32_t *)(table + (uint32_t)0U * len1), len1 * sizeof (uint32_t));
+      uint32_t k2 = bBits - bBits % 4U - 4U * i0 - 4U;
+      uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k2, 4U);
+      memcpy(tmp0, (uint32_t *)(table + 0U * len1), len1 * sizeof (uint32_t));
       KRML_MAYBE_FOR15(i1,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
-        uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + (uint32_t)1U);
-        const uint32_t *res_j = table + (i1 + (uint32_t)1U) * len1;
-        for (uint32_t i = (uint32_t)0U; i < len1; i++)
+        0U,
+        15U,
+        1U,
+        uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + 1U);
+        const uint32_t *res_j = table + (i1 + 1U) * len1;
+        for (uint32_t i = 0U; i < len1; i++)
         {
           uint32_t *os = tmp0;
           uint32_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -450,7 +450,7 @@ Hacl_GenericField32_exp_vartime(
   uint32_t *aMc = (uint32_t *)alloca(k1.len * sizeof (uint32_t));
   memset(aMc, 0U, k1.len * sizeof (uint32_t));
   memcpy(aMc, aM, k1.len * sizeof (uint32_t));
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint32_t), len1 + len1);
     uint32_t *ctx = (uint32_t *)alloca((len1 + len1) * sizeof (uint32_t));
@@ -460,13 +460,13 @@ Hacl_GenericField32_exp_vartime(
     uint32_t *ctx_n = ctx;
     uint32_t *ctx_r2 = ctx + len1;
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len1, ctx_n, k1.mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)32U;
-      uint32_t j = i % (uint32_t)32U;
+      uint32_t i1 = i / 32U;
+      uint32_t j = i % 32U;
       uint32_t tmp = b[i1];
-      uint32_t bit = tmp >> j & (uint32_t)1U;
-      if (!(bit == (uint32_t)0U))
+      uint32_t bit = tmp >> j & 1U;
+      if (!(bit == 0U))
       {
         uint32_t *ctx_n0 = ctx;
         Hacl_Bignum_Montgomery_bn_mont_mul_u32(len1, ctx_n0, k1.mu, resM, aMc, resM);
@@ -478,22 +478,22 @@ Hacl_GenericField32_exp_vartime(
   else
   {
     uint32_t bLen;
-    if (bBits == (uint32_t)0U)
+    if (bBits == 0U)
     {
-      bLen = (uint32_t)1U;
+      bLen = 1U;
     }
     else
     {
-      bLen = (bBits - (uint32_t)1U) / (uint32_t)32U + (uint32_t)1U;
+      bLen = (bBits - 1U) / 32U + 1U;
     }
     KRML_CHECK_SIZE(sizeof (uint32_t), len1 + len1);
     uint32_t *ctx = (uint32_t *)alloca((len1 + len1) * sizeof (uint32_t));
     memset(ctx, 0U, (len1 + len1) * sizeof (uint32_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint32_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint32_t));
-    KRML_CHECK_SIZE(sizeof (uint32_t), (uint32_t)16U * len1);
-    uint32_t *table = (uint32_t *)alloca((uint32_t)16U * len1 * sizeof (uint32_t));
-    memset(table, 0U, (uint32_t)16U * len1 * sizeof (uint32_t));
+    KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len1);
+    uint32_t *table = (uint32_t *)alloca(16U * len1 * sizeof (uint32_t));
+    memset(table, 0U, 16U * len1 * sizeof (uint32_t));
     KRML_CHECK_SIZE(sizeof (uint32_t), len1);
     uint32_t *tmp = (uint32_t *)alloca(len1 * sizeof (uint32_t));
     memset(tmp, 0U, len1 * sizeof (uint32_t));
@@ -504,21 +504,21 @@ Hacl_GenericField32_exp_vartime(
     Hacl_Bignum_Montgomery_bn_from_mont_u32(len1, ctx_n0, k1.mu, ctx_r20, t0);
     memcpy(t1, aMc, len1 * sizeof (uint32_t));
     KRML_MAYBE_FOR7(i,
-      (uint32_t)0U,
-      (uint32_t)7U,
-      (uint32_t)1U,
-      uint32_t *t11 = table + (i + (uint32_t)1U) * len1;
+      0U,
+      7U,
+      1U,
+      uint32_t *t11 = table + (i + 1U) * len1;
       uint32_t *ctx_n1 = ctx;
       Hacl_Bignum_Montgomery_bn_mont_sqr_u32(len1, ctx_n1, k1.mu, t11, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len1, tmp, len1 * sizeof (uint32_t));
-      uint32_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len1;
+      memcpy(table + (2U * i + 2U) * len1, tmp, len1 * sizeof (uint32_t));
+      uint32_t *t2 = table + (2U * i + 2U) * len1;
       uint32_t *ctx_n = ctx;
       Hacl_Bignum_Montgomery_bn_mont_mul_u32(len1, ctx_n, k1.mu, aMc, t2, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len1, tmp, len1 * sizeof (uint32_t)););
-    if (bBits % (uint32_t)4U != (uint32_t)0U)
+      memcpy(table + (2U * i + 3U) * len1, tmp, len1 * sizeof (uint32_t)););
+    if (bBits % 4U != 0U)
     {
-      uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-      uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, (uint32_t)4U);
+      uint32_t i = bBits / 4U * 4U;
+      uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, 4U);
       uint32_t bits_l32 = bits_c;
       const uint32_t *a_bits_l = table + bits_l32 * len1;
       memcpy(resM, (uint32_t *)a_bits_l, len1 * sizeof (uint32_t));
@@ -532,16 +532,16 @@ Hacl_GenericField32_exp_vartime(
     KRML_CHECK_SIZE(sizeof (uint32_t), len1);
     uint32_t *tmp0 = (uint32_t *)alloca(len1 * sizeof (uint32_t));
     memset(tmp0, 0U, len1 * sizeof (uint32_t));
-    for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < bBits / 4U; i++)
     {
       KRML_MAYBE_FOR4(i0,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint32_t *ctx_n = ctx;
         Hacl_Bignum_Montgomery_bn_mont_sqr_u32(len1, ctx_n, k1.mu, resM, resM););
-      uint32_t k2 = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-      uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k2, (uint32_t)4U);
+      uint32_t k2 = bBits - bBits % 4U - 4U * i - 4U;
+      uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k2, 4U);
       uint32_t bits_l32 = bits_l;
       const uint32_t *a_bits_l = table + bits_l32 * len1;
       memcpy(tmp0, (uint32_t *)a_bits_l, len1 * sizeof (uint32_t));
@@ -574,38 +574,33 @@ Hacl_GenericField32_inverse(
   KRML_CHECK_SIZE(sizeof (uint32_t), len1);
   uint32_t *n2 = (uint32_t *)alloca(len1 * sizeof (uint32_t));
   memset(n2, 0U, len1 * sizeof (uint32_t));
-  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32((uint32_t)0U, k1.n[0U], (uint32_t)2U, n2);
+  uint32_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(0U, k1.n[0U], 2U, n2);
   uint32_t c1;
-  if ((uint32_t)1U < len1)
+  if (1U < len1)
   {
-    uint32_t *a1 = k1.n + (uint32_t)1U;
-    uint32_t *res1 = n2 + (uint32_t)1U;
+    uint32_t *a1 = k1.n + 1U;
+    uint32_t *res1 = n2 + 1U;
     uint32_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (len1 - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (len1 - 1U) / 4U; i++)
     {
-      uint32_t t1 = a1[(uint32_t)4U * i];
-      uint32_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i0);
-      uint32_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint32_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, (uint32_t)0U, res_i1);
-      uint32_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint32_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, (uint32_t)0U, res_i2);
-      uint32_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint32_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, (uint32_t)0U, res_i);
+      uint32_t t1 = a1[4U * i];
+      uint32_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i0);
+      uint32_t t10 = a1[4U * i + 1U];
+      uint32_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, 0U, res_i1);
+      uint32_t t11 = a1[4U * i + 2U];
+      uint32_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, 0U, res_i2);
+      uint32_t t12 = a1[4U * i + 3U];
+      uint32_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, 0U, res_i);
     }
-    for
-    (uint32_t
-      i = (len1 - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < len1 - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (len1 - 1U) / 4U * 4U; i < len1 - 1U; i++)
     {
       uint32_t t1 = a1[i];
       uint32_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, 0U, res_i);
     }
     uint32_t c10 = c;
     c1 = c10;
@@ -614,7 +609,7 @@ Hacl_GenericField32_inverse(
   {
     c1 = c0;
   }
-  KRML_HOST_IGNORE(c1);
-  Hacl_GenericField32_exp_vartime(k, aM, k1.len * (uint32_t)32U, n2, aInvM);
+  KRML_MAYBE_UNUSED_VAR(c1);
+  Hacl_GenericField32_exp_vartime(k, aM, k1.len * 32U, n2, aInvM);
 }
 
diff --git a/src/msvc/Hacl_GenericField64.c b/src/msvc/Hacl_GenericField64.c
index e8084285..04f54288 100644
--- a/src/msvc/Hacl_GenericField64.c
+++ b/src/msvc/Hacl_GenericField64.c
@@ -55,7 +55,7 @@ Check whether this library will work for a modulus `n`.
 bool Hacl_GenericField64_field_modulus_check(uint32_t len, uint64_t *n)
 {
   uint64_t m = Hacl_Bignum_Montgomery_bn_check_modulus_u64(len, n);
-  return m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -81,7 +81,7 @@ Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64
   uint64_t *r21 = r2;
   uint64_t *n11 = n1;
   memcpy(n11, n, len * sizeof (uint64_t));
-  uint32_t nBits = (uint32_t)64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
+  uint32_t nBits = 64U * (uint32_t)Hacl_Bignum_Lib_bn_get_top_index_u64(len, n);
   Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(len, nBits, n, r21);
   uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
   Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 res = { .len = len, .n = n11, .mu = mu, .r2 = r21 };
@@ -282,27 +282,27 @@ Hacl_GenericField64_exp_consttime(
   uint64_t *aMc = (uint64_t *)alloca(k1.len * sizeof (uint64_t));
   memset(aMc, 0U, k1.len * sizeof (uint64_t));
   memcpy(aMc, aM, k1.len * sizeof (uint64_t));
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len1 + len1);
     uint64_t *ctx = (uint64_t *)alloca((len1 + len1) * sizeof (uint64_t));
     memset(ctx, 0U, (len1 + len1) * sizeof (uint64_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint64_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint64_t));
-    uint64_t sw = (uint64_t)0U;
+    uint64_t sw = 0ULL;
     uint64_t *ctx_n = ctx;
     uint64_t *ctx_r2 = ctx + len1;
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len1, ctx_n, k1.mu, ctx_r2, resM);
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits; i0++)
     {
-      uint32_t i1 = (bBits - i0 - (uint32_t)1U) / (uint32_t)64U;
-      uint32_t j = (bBits - i0 - (uint32_t)1U) % (uint32_t)64U;
+      uint32_t i1 = (bBits - i0 - 1U) / 64U;
+      uint32_t j = (bBits - i0 - 1U) % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
+      uint64_t bit = tmp >> j & 1ULL;
       uint64_t sw1 = bit ^ sw;
-      for (uint32_t i = (uint32_t)0U; i < len1; i++)
+      for (uint32_t i = 0U; i < len1; i++)
       {
-        uint64_t dummy = ((uint64_t)0U - sw1) & (resM[i] ^ aMc[i]);
+        uint64_t dummy = (0ULL - sw1) & (resM[i] ^ aMc[i]);
         resM[i] = resM[i] ^ dummy;
         aMc[i] = aMc[i] ^ dummy;
       }
@@ -313,9 +313,9 @@ Hacl_GenericField64_exp_consttime(
       sw = bit;
     }
     uint64_t sw0 = sw;
-    for (uint32_t i = (uint32_t)0U; i < len1; i++)
+    for (uint32_t i = 0U; i < len1; i++)
     {
-      uint64_t dummy = ((uint64_t)0U - sw0) & (resM[i] ^ aMc[i]);
+      uint64_t dummy = (0ULL - sw0) & (resM[i] ^ aMc[i]);
       resM[i] = resM[i] ^ dummy;
       aMc[i] = aMc[i] ^ dummy;
     }
@@ -323,22 +323,22 @@ Hacl_GenericField64_exp_consttime(
   else
   {
     uint32_t bLen;
-    if (bBits == (uint32_t)0U)
+    if (bBits == 0U)
     {
-      bLen = (uint32_t)1U;
+      bLen = 1U;
     }
     else
     {
-      bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+      bLen = (bBits - 1U) / 64U + 1U;
     }
     KRML_CHECK_SIZE(sizeof (uint64_t), len1 + len1);
     uint64_t *ctx = (uint64_t *)alloca((len1 + len1) * sizeof (uint64_t));
     memset(ctx, 0U, (len1 + len1) * sizeof (uint64_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint64_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)16U * len1);
-    uint64_t *table = (uint64_t *)alloca((uint32_t)16U * len1 * sizeof (uint64_t));
-    memset(table, 0U, (uint32_t)16U * len1 * sizeof (uint64_t));
+    KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len1);
+    uint64_t *table = (uint64_t *)alloca(16U * len1 * sizeof (uint64_t));
+    memset(table, 0U, 16U * len1 * sizeof (uint64_t));
     KRML_CHECK_SIZE(sizeof (uint64_t), len1);
     uint64_t *tmp = (uint64_t *)alloca(len1 * sizeof (uint64_t));
     memset(tmp, 0U, len1 * sizeof (uint64_t));
@@ -349,29 +349,29 @@ Hacl_GenericField64_exp_consttime(
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len1, ctx_n0, k1.mu, ctx_r20, t0);
     memcpy(t1, aMc, len1 * sizeof (uint64_t));
     KRML_MAYBE_FOR7(i,
-      (uint32_t)0U,
-      (uint32_t)7U,
-      (uint32_t)1U,
-      uint64_t *t11 = table + (i + (uint32_t)1U) * len1;
+      0U,
+      7U,
+      1U,
+      uint64_t *t11 = table + (i + 1U) * len1;
       uint64_t *ctx_n1 = ctx;
       Hacl_Bignum_Montgomery_bn_mont_sqr_u64(len1, ctx_n1, k1.mu, t11, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len1, tmp, len1 * sizeof (uint64_t));
-      uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len1;
+      memcpy(table + (2U * i + 2U) * len1, tmp, len1 * sizeof (uint64_t));
+      uint64_t *t2 = table + (2U * i + 2U) * len1;
       uint64_t *ctx_n = ctx;
       Hacl_Bignum_Montgomery_bn_mont_mul_u64(len1, ctx_n, k1.mu, aMc, t2, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len1, tmp, len1 * sizeof (uint64_t)););
-    if (bBits % (uint32_t)4U != (uint32_t)0U)
+      memcpy(table + (2U * i + 3U) * len1, tmp, len1 * sizeof (uint64_t)););
+    if (bBits % 4U != 0U)
     {
-      uint32_t i0 = bBits / (uint32_t)4U * (uint32_t)4U;
-      uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, (uint32_t)4U);
-      memcpy(resM, (uint64_t *)(table + (uint32_t)0U * len1), len1 * sizeof (uint64_t));
+      uint32_t i0 = bBits / 4U * 4U;
+      uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, 4U);
+      memcpy(resM, (uint64_t *)(table + 0U * len1), len1 * sizeof (uint64_t));
       KRML_MAYBE_FOR15(i1,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
-        uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + (uint32_t)1U));
-        const uint64_t *res_j = table + (i1 + (uint32_t)1U) * len1;
-        for (uint32_t i = (uint32_t)0U; i < len1; i++)
+        0U,
+        15U,
+        1U,
+        uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + 1U));
+        const uint64_t *res_j = table + (i1 + 1U) * len1;
+        for (uint32_t i = 0U; i < len1; i++)
         {
           uint64_t *os = resM;
           uint64_t x = (c & res_j[i]) | (~c & resM[i]);
@@ -387,24 +387,24 @@ Hacl_GenericField64_exp_consttime(
     KRML_CHECK_SIZE(sizeof (uint64_t), len1);
     uint64_t *tmp0 = (uint64_t *)alloca(len1 * sizeof (uint64_t));
     memset(tmp0, 0U, len1 * sizeof (uint64_t));
-    for (uint32_t i0 = (uint32_t)0U; i0 < bBits / (uint32_t)4U; i0++)
+    for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++)
     {
       KRML_MAYBE_FOR4(i,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint64_t *ctx_n = ctx;
         Hacl_Bignum_Montgomery_bn_mont_sqr_u64(len1, ctx_n, k1.mu, resM, resM););
-      uint32_t k2 = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i0 - (uint32_t)4U;
-      uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k2, (uint32_t)4U);
-      memcpy(tmp0, (uint64_t *)(table + (uint32_t)0U * len1), len1 * sizeof (uint64_t));
+      uint32_t k2 = bBits - bBits % 4U - 4U * i0 - 4U;
+      uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k2, 4U);
+      memcpy(tmp0, (uint64_t *)(table + 0U * len1), len1 * sizeof (uint64_t));
       KRML_MAYBE_FOR15(i1,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
-        uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-        const uint64_t *res_j = table + (i1 + (uint32_t)1U) * len1;
-        for (uint32_t i = (uint32_t)0U; i < len1; i++)
+        0U,
+        15U,
+        1U,
+        uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+        const uint64_t *res_j = table + (i1 + 1U) * len1;
+        for (uint32_t i = 0U; i < len1; i++)
         {
           uint64_t *os = tmp0;
           uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
@@ -449,7 +449,7 @@ Hacl_GenericField64_exp_vartime(
   uint64_t *aMc = (uint64_t *)alloca(k1.len * sizeof (uint64_t));
   memset(aMc, 0U, k1.len * sizeof (uint64_t));
   memcpy(aMc, aM, k1.len * sizeof (uint64_t));
-  if (bBits < (uint32_t)200U)
+  if (bBits < 200U)
   {
     KRML_CHECK_SIZE(sizeof (uint64_t), len1 + len1);
     uint64_t *ctx = (uint64_t *)alloca((len1 + len1) * sizeof (uint64_t));
@@ -459,13 +459,13 @@ Hacl_GenericField64_exp_vartime(
     uint64_t *ctx_n = ctx;
     uint64_t *ctx_r2 = ctx + len1;
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len1, ctx_n, k1.mu, ctx_r2, resM);
-    for (uint32_t i = (uint32_t)0U; i < bBits; i++)
+    for (uint32_t i = 0U; i < bBits; i++)
     {
-      uint32_t i1 = i / (uint32_t)64U;
-      uint32_t j = i % (uint32_t)64U;
+      uint32_t i1 = i / 64U;
+      uint32_t j = i % 64U;
       uint64_t tmp = b[i1];
-      uint64_t bit = tmp >> j & (uint64_t)1U;
-      if (!(bit == (uint64_t)0U))
+      uint64_t bit = tmp >> j & 1ULL;
+      if (!(bit == 0ULL))
       {
         uint64_t *ctx_n0 = ctx;
         Hacl_Bignum_Montgomery_bn_mont_mul_u64(len1, ctx_n0, k1.mu, resM, aMc, resM);
@@ -477,22 +477,22 @@ Hacl_GenericField64_exp_vartime(
   else
   {
     uint32_t bLen;
-    if (bBits == (uint32_t)0U)
+    if (bBits == 0U)
     {
-      bLen = (uint32_t)1U;
+      bLen = 1U;
     }
     else
     {
-      bLen = (bBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+      bLen = (bBits - 1U) / 64U + 1U;
     }
     KRML_CHECK_SIZE(sizeof (uint64_t), len1 + len1);
     uint64_t *ctx = (uint64_t *)alloca((len1 + len1) * sizeof (uint64_t));
     memset(ctx, 0U, (len1 + len1) * sizeof (uint64_t));
     memcpy(ctx, k1.n, len1 * sizeof (uint64_t));
     memcpy(ctx + len1, k1.r2, len1 * sizeof (uint64_t));
-    KRML_CHECK_SIZE(sizeof (uint64_t), (uint32_t)16U * len1);
-    uint64_t *table = (uint64_t *)alloca((uint32_t)16U * len1 * sizeof (uint64_t));
-    memset(table, 0U, (uint32_t)16U * len1 * sizeof (uint64_t));
+    KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len1);
+    uint64_t *table = (uint64_t *)alloca(16U * len1 * sizeof (uint64_t));
+    memset(table, 0U, 16U * len1 * sizeof (uint64_t));
     KRML_CHECK_SIZE(sizeof (uint64_t), len1);
     uint64_t *tmp = (uint64_t *)alloca(len1 * sizeof (uint64_t));
     memset(tmp, 0U, len1 * sizeof (uint64_t));
@@ -503,21 +503,21 @@ Hacl_GenericField64_exp_vartime(
     Hacl_Bignum_Montgomery_bn_from_mont_u64(len1, ctx_n0, k1.mu, ctx_r20, t0);
     memcpy(t1, aMc, len1 * sizeof (uint64_t));
     KRML_MAYBE_FOR7(i,
-      (uint32_t)0U,
-      (uint32_t)7U,
-      (uint32_t)1U,
-      uint64_t *t11 = table + (i + (uint32_t)1U) * len1;
+      0U,
+      7U,
+      1U,
+      uint64_t *t11 = table + (i + 1U) * len1;
       uint64_t *ctx_n1 = ctx;
       Hacl_Bignum_Montgomery_bn_mont_sqr_u64(len1, ctx_n1, k1.mu, t11, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * len1, tmp, len1 * sizeof (uint64_t));
-      uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * len1;
+      memcpy(table + (2U * i + 2U) * len1, tmp, len1 * sizeof (uint64_t));
+      uint64_t *t2 = table + (2U * i + 2U) * len1;
       uint64_t *ctx_n = ctx;
       Hacl_Bignum_Montgomery_bn_mont_mul_u64(len1, ctx_n, k1.mu, aMc, t2, tmp);
-      memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * len1, tmp, len1 * sizeof (uint64_t)););
-    if (bBits % (uint32_t)4U != (uint32_t)0U)
+      memcpy(table + (2U * i + 3U) * len1, tmp, len1 * sizeof (uint64_t)););
+    if (bBits % 4U != 0U)
     {
-      uint32_t i = bBits / (uint32_t)4U * (uint32_t)4U;
-      uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, (uint32_t)4U);
+      uint32_t i = bBits / 4U * 4U;
+      uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, 4U);
       uint32_t bits_l32 = (uint32_t)bits_c;
       const uint64_t *a_bits_l = table + bits_l32 * len1;
       memcpy(resM, (uint64_t *)a_bits_l, len1 * sizeof (uint64_t));
@@ -531,16 +531,16 @@ Hacl_GenericField64_exp_vartime(
     KRML_CHECK_SIZE(sizeof (uint64_t), len1);
     uint64_t *tmp0 = (uint64_t *)alloca(len1 * sizeof (uint64_t));
     memset(tmp0, 0U, len1 * sizeof (uint64_t));
-    for (uint32_t i = (uint32_t)0U; i < bBits / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < bBits / 4U; i++)
     {
       KRML_MAYBE_FOR4(i0,
-        (uint32_t)0U,
-        (uint32_t)4U,
-        (uint32_t)1U,
+        0U,
+        4U,
+        1U,
         uint64_t *ctx_n = ctx;
         Hacl_Bignum_Montgomery_bn_mont_sqr_u64(len1, ctx_n, k1.mu, resM, resM););
-      uint32_t k2 = bBits - bBits % (uint32_t)4U - (uint32_t)4U * i - (uint32_t)4U;
-      uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k2, (uint32_t)4U);
+      uint32_t k2 = bBits - bBits % 4U - 4U * i - 4U;
+      uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k2, 4U);
       uint32_t bits_l32 = (uint32_t)bits_l;
       const uint64_t *a_bits_l = table + bits_l32 * len1;
       memcpy(tmp0, (uint64_t *)a_bits_l, len1 * sizeof (uint64_t));
@@ -573,38 +573,33 @@ Hacl_GenericField64_inverse(
   KRML_CHECK_SIZE(sizeof (uint64_t), len1);
   uint64_t *n2 = (uint64_t *)alloca(len1 * sizeof (uint64_t));
   memset(n2, 0U, len1 * sizeof (uint64_t));
-  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, k1.n[0U], (uint64_t)2U, n2);
+  uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(0ULL, k1.n[0U], 2ULL, n2);
   uint64_t c1;
-  if ((uint32_t)1U < len1)
+  if (1U < len1)
   {
-    uint64_t *a1 = k1.n + (uint32_t)1U;
-    uint64_t *res1 = n2 + (uint32_t)1U;
+    uint64_t *a1 = k1.n + 1U;
+    uint64_t *res1 = n2 + 1U;
     uint64_t c = c0;
-    for (uint32_t i = (uint32_t)0U; i < (len1 - (uint32_t)1U) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (len1 - 1U) / 4U; i++)
     {
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, 0ULL, res_i);
     }
-    for
-    (uint32_t
-      i = (len1 - (uint32_t)1U) / (uint32_t)4U * (uint32_t)4U;
-      i
-      < len1 - (uint32_t)1U;
-      i++)
+    for (uint32_t i = (len1 - 1U) / 4U * 4U; i < len1 - 1U; i++)
     {
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c10 = c;
     c1 = c10;
@@ -613,7 +608,7 @@ Hacl_GenericField64_inverse(
   {
     c1 = c0;
   }
-  KRML_HOST_IGNORE(c1);
-  Hacl_GenericField64_exp_vartime(k, aM, k1.len * (uint32_t)64U, n2, aInvM);
+  KRML_MAYBE_UNUSED_VAR(c1);
+  Hacl_GenericField64_exp_vartime(k, aM, k1.len * 64U, n2, aInvM);
 }
 
diff --git a/src/msvc/Hacl_HKDF.c b/src/msvc/Hacl_HKDF.c
index ce57b82c..f3b4d90f 100644
--- a/src/msvc/Hacl_HKDF.c
+++ b/src/msvc/Hacl_HKDF.c
@@ -45,39 +45,39 @@ Hacl_HKDF_expand_sha2_256(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -125,39 +125,39 @@ Hacl_HKDF_expand_sha2_384(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)48U;
+  uint32_t tlen = 48U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_384(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -205,39 +205,39 @@ Hacl_HKDF_expand_sha2_512(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_sha2_512(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -285,39 +285,39 @@ Hacl_HKDF_expand_blake2s_32(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2s_32(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
@@ -365,39 +365,39 @@ Hacl_HKDF_expand_blake2b_32(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text, tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_compute_blake2b_32(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
diff --git a/src/msvc/Hacl_HKDF_Blake2b_256.c b/src/msvc/Hacl_HKDF_Blake2b_256.c
index 22b5549b..3280cb8f 100644
--- a/src/msvc/Hacl_HKDF_Blake2b_256.c
+++ b/src/msvc/Hacl_HKDF_Blake2b_256.c
@@ -45,47 +45,39 @@ Hacl_HKDF_Blake2b_256_expand_blake2b_256(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)64U;
+  uint32_t tlen = 64U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag,
-        prk,
-        prklen,
-        text,
-        tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag,
-        prk,
-        prklen,
-        text,
-        tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2b_256_compute_blake2b_256(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
diff --git a/src/msvc/Hacl_HKDF_Blake2s_128.c b/src/msvc/Hacl_HKDF_Blake2s_128.c
index 24d6cb3d..7007a4eb 100644
--- a/src/msvc/Hacl_HKDF_Blake2s_128.c
+++ b/src/msvc/Hacl_HKDF_Blake2s_128.c
@@ -45,47 +45,39 @@ Hacl_HKDF_Blake2s_128_expand_blake2s_128(
   uint32_t len
 )
 {
-  uint32_t tlen = (uint32_t)32U;
+  uint32_t tlen = 32U;
   uint32_t n = len / tlen;
   uint8_t *output = okm;
-  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + (uint32_t)1U);
-  uint8_t *text = (uint8_t *)alloca((tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
-  memset(text, 0U, (tlen + infolen + (uint32_t)1U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), tlen + infolen + 1U);
+  uint8_t *text = (uint8_t *)alloca((tlen + infolen + 1U) * sizeof (uint8_t));
+  memset(text, 0U, (tlen + infolen + 1U) * sizeof (uint8_t));
   uint8_t *text0 = text + tlen;
   uint8_t *tag = text;
   uint8_t *ctr = text + tlen + infolen;
   memcpy(text + tlen, info, infolen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
-    ctr[0U] = (uint8_t)(i + (uint32_t)1U);
-    if (i == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(i + 1U);
+    if (i == 0U)
     {
-      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag,
-        prk,
-        prklen,
-        text,
-        tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     memcpy(output + i * tlen, tag, tlen * sizeof (uint8_t));
   }
   if (n * tlen < len)
   {
-    ctr[0U] = (uint8_t)(n + (uint32_t)1U);
-    if (n == (uint32_t)0U)
+    ctr[0U] = (uint8_t)(n + 1U);
+    if (n == 0U)
     {
-      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text0, infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text0, infolen + 1U);
     }
     else
     {
-      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag,
-        prk,
-        prklen,
-        text,
-        tlen + infolen + (uint32_t)1U);
+      Hacl_HMAC_Blake2s_128_compute_blake2s_128(tag, prk, prklen, text, tlen + infolen + 1U);
     }
     uint8_t *block = okm + n * tlen;
     memcpy(block, tag, (len - n * tlen) * sizeof (uint8_t));
diff --git a/src/msvc/Hacl_HMAC.c b/src/msvc/Hacl_HMAC.c
index d46c4812..63ab2032 100644
--- a/src/msvc/Hacl_HMAC.c
+++ b/src/msvc/Hacl_HMAC.c
@@ -23,12 +23,13 @@
  */
 
 
-#include "Hacl_HMAC.h"
+#include "internal/Hacl_HMAC.h"
 
 #include "internal/Hacl_Krmllib.h"
 #include "internal/Hacl_Hash_SHA2.h"
 #include "internal/Hacl_Hash_SHA1.h"
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2s.h"
+#include "internal/Hacl_Hash_Blake2b.h"
 
 /**
 Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.
@@ -37,7 +38,7 @@ The key can be any length and will be hashed if it is longer and padded if it is
 `dst` must point to 20 bytes of memory.
 */
 void
-Hacl_HMAC_legacy_compute_sha1(
+Hacl_HMAC_compute_sha1(
   uint8_t *dst,
   uint8_t *key,
   uint32_t key_len,
@@ -45,68 +46,63 @@ Hacl_HMAC_legacy_compute_sha1(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)20U;
+    ite = 20U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Hash_SHA1_legacy_hash(key, key_len, nkey);
+    Hacl_Hash_SHA1_hash_oneshot(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
-  uint32_t
-  s[5U] =
-    {
-      (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
-      (uint32_t)0xc3d2e1f0U
-    };
+  uint32_t s[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_Hash_SHA1_legacy_update_last(s, (uint64_t)0U, ipad, (uint32_t)64U);
+    Hacl_Hash_SHA1_update_last(s, 0ULL, ipad, 64U);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -118,25 +114,21 @@ Hacl_HMAC_legacy_compute_sha1(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_Hash_SHA1_legacy_update_multi(s, ipad, (uint32_t)1U);
-    Hacl_Hash_SHA1_legacy_update_multi(s, full_blocks, n_blocks);
-    Hacl_Hash_SHA1_legacy_update_last(s,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
-      rem,
-      rem_len);
+    Hacl_Hash_SHA1_update_multi(s, ipad, 1U);
+    Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks);
+    Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len);
   }
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst1);
+  Hacl_Hash_SHA1_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_Hash_Core_SHA1_legacy_init(s);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)20U / block_len;
-  uint32_t rem0 = (uint32_t)20U % block_len;
+  Hacl_Hash_SHA1_init(s);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 20U / block_len;
+  uint32_t rem0 = 20U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)20U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 20U - n_blocks_ * block_len });
   }
   else
   {
@@ -147,13 +139,10 @@ Hacl_HMAC_legacy_compute_sha1(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_Hash_SHA1_legacy_update_multi(s, opad, (uint32_t)1U);
-  Hacl_Hash_SHA1_legacy_update_multi(s, full_blocks, n_blocks);
-  Hacl_Hash_SHA1_legacy_update_last(s,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
-    rem,
-    rem_len);
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst);
+  Hacl_Hash_SHA1_update_multi(s, opad, 1U);
+  Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks);
+  Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len);
+  Hacl_Hash_SHA1_finish(s, dst);
 }
 
 /**
@@ -171,74 +160,71 @@ Hacl_HMAC_compute_sha2_256(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_256(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_256(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint32_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = st;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t x = Hacl_Hash_SHA2_h256[i];
     os[i] = x;);
   uint32_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)0U + (uint64_t)(uint32_t)64U,
-      (uint32_t)64U,
-      ipad,
-      s);
+    Hacl_Hash_SHA2_sha256_update_last(0ULL + (uint64_t)64U, 64U, ipad, s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -250,27 +236,24 @@ Hacl_HMAC_compute_sha2_256(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)64U, ipad, s);
-    Hacl_SHA2_Scalar32_sha256_update_nblocks(n_blocks * (uint32_t)64U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)(uint32_t)64U
-      + (uint64_t)full_blocks_len
-      + (uint64_t)rem_len,
+    Hacl_Hash_SHA2_sha256_update_nblocks(64U, ipad, s);
+    Hacl_Hash_SHA2_sha256_update_nblocks(n_blocks * 64U, full_blocks, s);
+    Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len,
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst1);
+  Hacl_Hash_SHA2_sha256_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha256_init(s);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_SHA2_sha256_init(s);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -281,15 +264,13 @@ Hacl_HMAC_compute_sha2_256(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)64U, opad, s);
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(n_blocks * (uint32_t)64U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha256_update_last((uint64_t)(uint32_t)64U
-    + (uint64_t)full_blocks_len
-    + (uint64_t)rem_len,
+  Hacl_Hash_SHA2_sha256_update_nblocks(64U, opad, s);
+  Hacl_Hash_SHA2_sha256_update_nblocks(n_blocks * 64U, full_blocks, s);
+  Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len,
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha256_finish(s, dst);
+  Hacl_Hash_SHA2_sha256_finish(s, dst);
 }
 
 /**
@@ -307,75 +288,75 @@ Hacl_HMAC_compute_sha2_384(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)48U;
+    ite = 48U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_384(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_384(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = st;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h384[i];
+    uint64_t x = Hacl_Hash_SHA2_h384[i];
     os[i] = x;);
   uint64_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-        FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U)),
-      (uint32_t)128U,
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL),
+        FStar_UInt128_uint64_to_uint128((uint64_t)128U)),
+      128U,
       ipad,
       s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -387,27 +368,26 @@ Hacl_HMAC_compute_sha2_384(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)128U, ipad, s);
-    Hacl_SHA2_Scalar32_sha384_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    Hacl_Hash_SHA2_sha384_update_nblocks(128U, ipad, s);
+    Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s);
+    Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
           FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
         FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha384_finish(s, dst1);
+  Hacl_Hash_SHA2_sha384_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha384_init(s);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)48U / block_len;
-  uint32_t rem0 = (uint32_t)48U % block_len;
+  Hacl_Hash_SHA2_sha384_init(s);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 48U / block_len;
+  uint32_t rem0 = 48U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)48U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 48U - n_blocks_ * block_len });
   }
   else
   {
@@ -418,15 +398,15 @@ Hacl_HMAC_compute_sha2_384(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)128U, opad, s);
-  Hacl_SHA2_Scalar32_sha384_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+  Hacl_Hash_SHA2_sha384_update_nblocks(128U, opad, s);
+  Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s);
+  Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha384_finish(s, dst);
+  Hacl_Hash_SHA2_sha384_finish(s, dst);
 }
 
 /**
@@ -444,75 +424,75 @@ Hacl_HMAC_compute_sha2_512(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Streaming_SHA2_hash_512(key, key_len, nkey);
+    Hacl_Hash_SHA2_hash_512(nkey, key, key_len);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t st[8U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = st;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h512[i];
+    uint64_t x = Hacl_Hash_SHA2_h512[i];
     os[i] = x;);
   uint64_t *s = st;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-        FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U)),
-      (uint32_t)128U,
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL),
+        FStar_UInt128_uint64_to_uint128((uint64_t)128U)),
+      128U,
       ipad,
       s);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -524,27 +504,26 @@ Hacl_HMAC_compute_sha2_512(
     uint32_t full_blocks_len = n_blocks * block_len;
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, ipad, s);
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-    Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    Hacl_Hash_SHA2_sha512_update_nblocks(128U, ipad, s);
+    Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s);
+    Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
           FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
         FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
       rem_len,
       rem,
       s);
   }
-  Hacl_SHA2_Scalar32_sha512_finish(s, dst1);
+  Hacl_Hash_SHA2_sha512_finish(s, dst1);
   uint8_t *hash1 = ipad;
-  Hacl_SHA2_Scalar32_sha512_init(s);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_SHA2_sha512_init(s);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -555,15 +534,15 @@ Hacl_HMAC_compute_sha2_512(
   uint32_t full_blocks_len = n_blocks * block_len;
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
-  Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, opad, s);
-  Hacl_SHA2_Scalar32_sha512_update_nblocks(n_blocks * (uint32_t)128U, full_blocks, s);
-  Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+  Hacl_Hash_SHA2_sha512_update_nblocks(128U, opad, s);
+  Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s);
+  Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)),
     rem_len,
     rem,
     s);
-  Hacl_SHA2_Scalar32_sha512_finish(s, dst);
+  Hacl_Hash_SHA2_sha512_finish(s, dst);
 }
 
 /**
@@ -581,66 +560,66 @@ Hacl_HMAC_compute_blake2s_32(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2s_32_blake2s((uint32_t)32U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2s_hash_with_key(nkey, 32U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint32_t s[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_init(s, (uint32_t)0U, (uint32_t)32U);
+  Hacl_Hash_Blake2s_init(s, 0U, 32U);
   uint32_t *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last((uint32_t)64U, wv, s0, (uint64_t)0U, (uint32_t)64U, ipad);
+    Hacl_Hash_Blake2s_update_last(64U, wv, s0, 0ULL, 64U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -653,34 +632,33 @@ Hacl_HMAC_compute_blake2s_32(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     uint32_t wv[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, ipad, (uint32_t)1U);
+    Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, ipad, 1U);
     uint32_t wv0[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_multi(n_blocks * (uint32_t)64U,
+    Hacl_Hash_Blake2s_update_multi(n_blocks * 64U,
       wv0,
       s0,
       (uint64_t)block_len,
       full_blocks,
       n_blocks);
     uint32_t wv1[16U] = { 0U };
-    Hacl_Blake2s_32_blake2s_update_last(rem_len,
+    Hacl_Hash_Blake2s_update_last(rem_len,
       wv1,
       s0,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+      (uint64_t)64U + (uint64_t)full_blocks_len,
       rem_len,
       rem);
   }
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst1, s0);
+  Hacl_Hash_Blake2s_finish(32U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2s_32_blake2s_init(s0, (uint32_t)0U, (uint32_t)32U);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_Blake2s_init(s0, 0U, 32U);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -692,22 +670,22 @@ Hacl_HMAC_compute_blake2s_32(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   uint32_t wv[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, opad, (uint32_t)1U);
+  Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, opad, 1U);
   uint32_t wv0[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_multi(n_blocks * (uint32_t)64U,
+  Hacl_Hash_Blake2s_update_multi(n_blocks * 64U,
     wv0,
     s0,
     (uint64_t)block_len,
     full_blocks,
     n_blocks);
   uint32_t wv1[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_update_last(rem_len,
+  Hacl_Hash_Blake2s_update_last(rem_len,
     wv1,
     s0,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+    (uint64_t)64U + (uint64_t)full_blocks_len,
     rem_len,
     rem);
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst, s0);
+  Hacl_Hash_Blake2s_finish(32U, dst, s0);
 }
 
 /**
@@ -725,71 +703,66 @@ Hacl_HMAC_compute_blake2b_32(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2b_32_blake2b((uint32_t)64U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2b_hash_with_key(nkey, 64U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   uint64_t s[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_init(s, (uint32_t)0U, (uint32_t)64U);
+  Hacl_Hash_Blake2b_init(s, 0U, 64U);
   uint64_t *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last((uint32_t)128U,
-      wv,
-      s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      (uint32_t)128U,
-      ipad);
+    Hacl_Hash_Blake2b_update_last(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), 128U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -802,40 +775,34 @@ Hacl_HMAC_compute_blake2b_32(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     uint64_t wv[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-      wv,
-      s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      ipad,
-      (uint32_t)1U);
+    Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), ipad, 1U);
     uint64_t wv0[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_multi(n_blocks * (uint32_t)128U,
+    Hacl_Hash_Blake2b_update_multi(n_blocks * 128U,
       wv0,
       s0,
       FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
       full_blocks,
       n_blocks);
     uint64_t wv1[16U] = { 0U };
-    Hacl_Blake2b_32_blake2b_update_last(rem_len,
+    Hacl_Hash_Blake2b_update_last(rem_len,
       wv1,
       s0,
-      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       rem_len,
       rem);
   }
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst1, s0);
+  Hacl_Hash_Blake2b_finish(64U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2b_32_blake2b_init(s0, (uint32_t)0U, (uint32_t)64U);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_Blake2b_init(s0, 0U, 64U);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -847,27 +814,22 @@ Hacl_HMAC_compute_blake2b_32(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   uint64_t wv[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-    wv,
-    s0,
-    FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-    opad,
-    (uint32_t)1U);
+  Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), opad, 1U);
   uint64_t wv0[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_multi(n_blocks * (uint32_t)128U,
+  Hacl_Hash_Blake2b_update_multi(n_blocks * 128U,
     wv0,
     s0,
     FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
     full_blocks,
     n_blocks);
   uint64_t wv1[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_update_last(rem_len,
+  Hacl_Hash_Blake2b_update_last(rem_len,
     wv1,
     s0,
-    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
       FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
     rem_len,
     rem);
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst, s0);
+  Hacl_Hash_Blake2b_finish(64U, dst, s0);
 }
 
diff --git a/src/msvc/Hacl_HMAC_Blake2b_256.c b/src/msvc/Hacl_HMAC_Blake2b_256.c
index 20b050de..cd16e65e 100644
--- a/src/msvc/Hacl_HMAC_Blake2b_256.c
+++ b/src/msvc/Hacl_HMAC_Blake2b_256.c
@@ -26,7 +26,8 @@
 #include "Hacl_HMAC_Blake2b_256.h"
 
 #include "internal/Hacl_Krmllib.h"
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2b_Simd256.h"
+#include "internal/Hacl_HMAC.h"
 
 /**
 Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.
@@ -43,71 +44,71 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)128U;
+  uint32_t l = 128U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)128U)
+  if (key_len <= 128U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)128U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2b_256_blake2b((uint32_t)64U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2b_Simd256_hash_with_key(nkey, 64U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_init(s, (uint32_t)0U, (uint32_t)64U);
+  Hacl_Hash_Blake2b_Simd256_init(s, 0U, 64U);
   Lib_IntVector_Intrinsics_vec256 *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_last((uint32_t)128U,
+    Hacl_Hash_Blake2b_Simd256_update_last(128U,
       wv,
       s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
-      (uint32_t)128U,
+      FStar_UInt128_uint64_to_uint128(0ULL),
+      128U,
       ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)128U;
+    uint32_t block_len = 128U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -120,40 +121,39 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_multi((uint32_t)128U,
+    Hacl_Hash_Blake2b_Simd256_update_multi(128U,
       wv,
       s0,
-      FStar_UInt128_uint64_to_uint128((uint64_t)0U),
+      FStar_UInt128_uint64_to_uint128(0ULL),
       ipad,
-      (uint32_t)1U);
+      1U);
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv0[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_multi(n_blocks * (uint32_t)128U,
+    Hacl_Hash_Blake2b_Simd256_update_multi(n_blocks * 128U,
       wv0,
       s0,
       FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
       full_blocks,
       n_blocks);
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv1[4U] KRML_POST_ALIGN(32) = { 0U };
-    Hacl_Blake2b_256_blake2b_update_last(rem_len,
+    Hacl_Hash_Blake2b_Simd256_update_last(rem_len,
       wv1,
       s0,
-      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+      FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
         FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
       rem_len,
       rem);
   }
-  Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst1, s0);
+  Hacl_Hash_Blake2b_Simd256_finish(64U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2b_256_blake2b_init(s0, (uint32_t)0U, (uint32_t)64U);
-  uint32_t block_len = (uint32_t)128U;
-  uint32_t n_blocks0 = (uint32_t)64U / block_len;
-  uint32_t rem0 = (uint32_t)64U % block_len;
+  Hacl_Hash_Blake2b_Simd256_init(s0, 0U, 64U);
+  uint32_t block_len = 128U;
+  uint32_t n_blocks0 = 64U / block_len;
+  uint32_t rem0 = 64U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)64U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len });
   }
   else
   {
@@ -165,27 +165,27 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_update_multi((uint32_t)128U,
+  Hacl_Hash_Blake2b_Simd256_update_multi(128U,
     wv,
     s0,
-    FStar_UInt128_uint64_to_uint128((uint64_t)0U),
+    FStar_UInt128_uint64_to_uint128(0ULL),
     opad,
-    (uint32_t)1U);
+    1U);
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv0[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_update_multi(n_blocks * (uint32_t)128U,
+  Hacl_Hash_Blake2b_Simd256_update_multi(n_blocks * 128U,
     wv0,
     s0,
     FStar_UInt128_uint64_to_uint128((uint64_t)block_len),
     full_blocks,
     n_blocks);
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv1[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_update_last(rem_len,
+  Hacl_Hash_Blake2b_Simd256_update_last(rem_len,
     wv1,
     s0,
-    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U),
+    FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U),
       FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)),
     rem_len,
     rem);
-  Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, s0);
+  Hacl_Hash_Blake2b_Simd256_finish(64U, dst, s0);
 }
 
diff --git a/src/msvc/Hacl_HMAC_Blake2s_128.c b/src/msvc/Hacl_HMAC_Blake2s_128.c
index 144722e4..bf2033a8 100644
--- a/src/msvc/Hacl_HMAC_Blake2s_128.c
+++ b/src/msvc/Hacl_HMAC_Blake2s_128.c
@@ -25,7 +25,8 @@
 
 #include "Hacl_HMAC_Blake2s_128.h"
 
-#include "internal/Hacl_Hash_Blake2.h"
+#include "internal/Hacl_Hash_Blake2s_Simd128.h"
+#include "internal/Hacl_HMAC.h"
 
 /**
 Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.
@@ -42,66 +43,66 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
   uint32_t data_len
 )
 {
-  uint32_t l = (uint32_t)64U;
+  uint32_t l = 64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
   uint8_t *nkey = key_block;
   uint32_t ite;
-  if (key_len <= (uint32_t)64U)
+  if (key_len <= 64U)
   {
     ite = key_len;
   }
   else
   {
-    ite = (uint32_t)32U;
+    ite = 32U;
   }
   uint8_t *zeroes = key_block + ite;
-  KRML_HOST_IGNORE(zeroes);
-  if (key_len <= (uint32_t)64U)
+  KRML_MAYBE_UNUSED_VAR(zeroes);
+  if (key_len <= 64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
   }
   else
   {
-    Hacl_Blake2s_128_blake2s((uint32_t)32U, nkey, key_len, key, (uint32_t)0U, NULL);
+    Hacl_Hash_Blake2s_Simd128_hash_with_key(nkey, 32U, key, key_len, NULL, 0U);
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *ipad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(ipad, (uint8_t)0x36U, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(ipad, 0x36U, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = ipad[i];
     uint8_t yi = key_block[i];
-    ipad[i] = xi ^ yi;
+    ipad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *opad = (uint8_t *)alloca(l * sizeof (uint8_t));
-  memset(opad, (uint8_t)0x5cU, l * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < l; i++)
+  memset(opad, 0x5cU, l * sizeof (uint8_t));
+  for (uint32_t i = 0U; i < l; i++)
   {
     uint8_t xi = opad[i];
     uint8_t yi = key_block[i];
-    opad[i] = xi ^ yi;
+    opad[i] = (uint32_t)xi ^ (uint32_t)yi;
   }
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 s[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_init(s, (uint32_t)0U, (uint32_t)32U);
+  Hacl_Hash_Blake2s_Simd128_init(s, 0U, 32U);
   Lib_IntVector_Intrinsics_vec128 *s0 = s;
   uint8_t *dst1 = ipad;
-  if (data_len == (uint32_t)0U)
+  if (data_len == 0U)
   {
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_last((uint32_t)64U, wv, s0, (uint64_t)0U, (uint32_t)64U, ipad);
+    Hacl_Hash_Blake2s_Simd128_update_last(64U, wv, s0, 0ULL, 64U, ipad);
   }
   else
   {
-    uint32_t block_len = (uint32_t)64U;
+    uint32_t block_len = 64U;
     uint32_t n_blocks0 = data_len / block_len;
     uint32_t rem0 = data_len % block_len;
     K___uint32_t_uint32_t scrut;
-    if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+    if (n_blocks0 > 0U && rem0 == 0U)
     {
-      uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
+      uint32_t n_blocks_ = n_blocks0 - 1U;
       scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len });
     }
     else
@@ -114,34 +115,33 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
     uint8_t *full_blocks = data;
     uint8_t *rem = data + full_blocks_len;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, ipad, (uint32_t)1U);
+    Hacl_Hash_Blake2s_Simd128_update_multi(64U, wv, s0, 0ULL, ipad, 1U);
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv0[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_multi(n_blocks * (uint32_t)64U,
+    Hacl_Hash_Blake2s_Simd128_update_multi(n_blocks * 64U,
       wv0,
       s0,
       (uint64_t)block_len,
       full_blocks,
       n_blocks);
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv1[4U] KRML_POST_ALIGN(16) = { 0U };
-    Hacl_Blake2s_128_blake2s_update_last(rem_len,
+    Hacl_Hash_Blake2s_Simd128_update_last(rem_len,
       wv1,
       s0,
-      (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+      (uint64_t)64U + (uint64_t)full_blocks_len,
       rem_len,
       rem);
   }
-  Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst1, s0);
+  Hacl_Hash_Blake2s_Simd128_finish(32U, dst1, s0);
   uint8_t *hash1 = ipad;
-  Hacl_Blake2s_128_blake2s_init(s0, (uint32_t)0U, (uint32_t)32U);
-  uint32_t block_len = (uint32_t)64U;
-  uint32_t n_blocks0 = (uint32_t)32U / block_len;
-  uint32_t rem0 = (uint32_t)32U % block_len;
+  Hacl_Hash_Blake2s_Simd128_init(s0, 0U, 32U);
+  uint32_t block_len = 64U;
+  uint32_t n_blocks0 = 32U / block_len;
+  uint32_t rem0 = 32U % block_len;
   K___uint32_t_uint32_t scrut;
-  if (n_blocks0 > (uint32_t)0U && rem0 == (uint32_t)0U)
+  if (n_blocks0 > 0U && rem0 == 0U)
   {
-    uint32_t n_blocks_ = n_blocks0 - (uint32_t)1U;
-    scrut =
-      ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = (uint32_t)32U - n_blocks_ * block_len });
+    uint32_t n_blocks_ = n_blocks0 - 1U;
+    scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len });
   }
   else
   {
@@ -153,21 +153,21 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
   uint8_t *full_blocks = hash1;
   uint8_t *rem = hash1 + full_blocks_len;
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_update_multi((uint32_t)64U, wv, s0, (uint64_t)0U, opad, (uint32_t)1U);
+  Hacl_Hash_Blake2s_Simd128_update_multi(64U, wv, s0, 0ULL, opad, 1U);
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv0[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_update_multi(n_blocks * (uint32_t)64U,
+  Hacl_Hash_Blake2s_Simd128_update_multi(n_blocks * 64U,
     wv0,
     s0,
     (uint64_t)block_len,
     full_blocks,
     n_blocks);
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv1[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_update_last(rem_len,
+  Hacl_Hash_Blake2s_Simd128_update_last(rem_len,
     wv1,
     s0,
-    (uint64_t)(uint32_t)64U + (uint64_t)full_blocks_len,
+    (uint64_t)64U + (uint64_t)full_blocks_len,
     rem_len,
     rem);
-  Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, s0);
+  Hacl_Hash_Blake2s_Simd128_finish(32U, dst, s0);
 }
 
diff --git a/src/msvc/Hacl_HMAC_DRBG.c b/src/msvc/Hacl_HMAC_DRBG.c
index b3acf354..8f754afb 100644
--- a/src/msvc/Hacl_HMAC_DRBG.c
+++ b/src/msvc/Hacl_HMAC_DRBG.c
@@ -25,15 +25,15 @@
 
 #include "Hacl_HMAC_DRBG.h"
 
-uint32_t Hacl_HMAC_DRBG_reseed_interval = (uint32_t)1024U;
+uint32_t Hacl_HMAC_DRBG_reseed_interval = 1024U;
 
-uint32_t Hacl_HMAC_DRBG_max_output_length = (uint32_t)65536U;
+uint32_t Hacl_HMAC_DRBG_max_output_length = 65536U;
 
-uint32_t Hacl_HMAC_DRBG_max_length = (uint32_t)65536U;
+uint32_t Hacl_HMAC_DRBG_max_length = 65536U;
 
-uint32_t Hacl_HMAC_DRBG_max_personalization_string_length = (uint32_t)65536U;
+uint32_t Hacl_HMAC_DRBG_max_personalization_string_length = 65536U;
 
-uint32_t Hacl_HMAC_DRBG_max_additional_input_length = (uint32_t)65536U;
+uint32_t Hacl_HMAC_DRBG_max_additional_input_length = 65536U;
 
 /**
 Return the minimal entropy input length of the desired hash function.
@@ -46,19 +46,19 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)16U;
+        return 16U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     default:
       {
@@ -71,8 +71,8 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
 bool
 Hacl_HMAC_DRBG_uu___is_State(Spec_Hash_Definitions_hash_alg a, Hacl_HMAC_DRBG_state projectee)
 {
-  KRML_HOST_IGNORE(a);
-  KRML_HOST_IGNORE(projectee);
+  KRML_MAYBE_UNUSED_VAR(a);
+  KRML_MAYBE_UNUSED_VAR(projectee);
   return true;
 }
 
@@ -92,25 +92,25 @@ Hacl_HMAC_DRBG_state Hacl_HMAC_DRBG_create_in(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)20U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(20U, sizeof (uint8_t));
         k = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
         k = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)48U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(48U, sizeof (uint8_t));
         k = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
         k = buf;
         break;
       }
@@ -125,25 +125,25 @@ Hacl_HMAC_DRBG_state Hacl_HMAC_DRBG_create_in(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA1:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)20U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(20U, sizeof (uint8_t));
         v = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
         v = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)48U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(48U, sizeof (uint8_t));
         v = buf;
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
+        uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
         v = buf;
         break;
       }
@@ -154,7 +154,7 @@ Hacl_HMAC_DRBG_state Hacl_HMAC_DRBG_create_in(Spec_Hash_Definitions_hash_alg a)
       }
   }
   uint32_t *ctr = (uint32_t *)KRML_HOST_MALLOC(sizeof (uint32_t));
-  ctr[0U] = (uint32_t)1U;
+  ctr[0U] = 1U;
   return ((Hacl_HMAC_DRBG_state){ .k = k, .v = v, .reseed_counter = ctr });
 }
 
@@ -203,45 +203,43 @@ Hacl_HMAC_DRBG_instantiate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        memset(k, 0U, (uint32_t)20U * sizeof (uint8_t));
-        memset(v, (uint8_t)1U, (uint32_t)20U * sizeof (uint8_t));
-        ctr[0U] = (uint32_t)1U;
-        uint32_t
-        input_len = (uint32_t)21U + entropy_input_len + nonce_len + personalization_string_len;
+        memset(k, 0U, 20U * sizeof (uint8_t));
+        memset(v, 1U, 20U * sizeof (uint8_t));
+        ctr[0U] = 1U;
+        uint32_t input_len = 21U + entropy_input_len + nonce_len + personalization_string_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        memcpy(k_, v, 20U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          memcpy(input0 + (uint32_t)21U,
+          memcpy(input0 + 21U,
             seed_material,
             (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
         }
-        input0[20U] = (uint8_t)0U;
-        Hacl_HMAC_legacy_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-        Hacl_HMAC_legacy_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        input0[20U] = 0U;
+        Hacl_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+        Hacl_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+        memcpy(k, k_, 20U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          uint32_t
-          input_len0 = (uint32_t)21U + entropy_input_len + nonce_len + personalization_string_len;
+          uint32_t input_len0 = 21U + entropy_input_len + nonce_len + personalization_string_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-          if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+          memcpy(k_0, v, 20U * sizeof (uint8_t));
+          if (entropy_input_len + nonce_len + personalization_string_len != 0U)
           {
-            memcpy(input + (uint32_t)21U,
+            memcpy(input + 21U,
               seed_material,
               (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
           }
-          input[20U] = (uint8_t)1U;
-          Hacl_HMAC_legacy_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-          Hacl_HMAC_legacy_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+          input[20U] = 1U;
+          Hacl_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+          Hacl_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+          memcpy(k, k_0, 20U * sizeof (uint8_t));
         }
         break;
       }
@@ -264,45 +262,43 @@ Hacl_HMAC_DRBG_instantiate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        memset(k, 0U, (uint32_t)32U * sizeof (uint8_t));
-        memset(v, (uint8_t)1U, (uint32_t)32U * sizeof (uint8_t));
-        ctr[0U] = (uint32_t)1U;
-        uint32_t
-        input_len = (uint32_t)33U + entropy_input_len + nonce_len + personalization_string_len;
+        memset(k, 0U, 32U * sizeof (uint8_t));
+        memset(v, 1U, 32U * sizeof (uint8_t));
+        ctr[0U] = 1U;
+        uint32_t input_len = 33U + entropy_input_len + nonce_len + personalization_string_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        memcpy(k_, v, 32U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          memcpy(input0 + (uint32_t)33U,
+          memcpy(input0 + 33U,
             seed_material,
             (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
         }
-        input0[32U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-        Hacl_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        input0[32U] = 0U;
+        Hacl_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+        Hacl_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+        memcpy(k, k_, 32U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          uint32_t
-          input_len0 = (uint32_t)33U + entropy_input_len + nonce_len + personalization_string_len;
+          uint32_t input_len0 = 33U + entropy_input_len + nonce_len + personalization_string_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-          if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+          memcpy(k_0, v, 32U * sizeof (uint8_t));
+          if (entropy_input_len + nonce_len + personalization_string_len != 0U)
           {
-            memcpy(input + (uint32_t)33U,
+            memcpy(input + 33U,
               seed_material,
               (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
           }
-          input[32U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-          Hacl_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+          input[32U] = 1U;
+          Hacl_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+          Hacl_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+          memcpy(k, k_0, 32U * sizeof (uint8_t));
         }
         break;
       }
@@ -325,45 +321,43 @@ Hacl_HMAC_DRBG_instantiate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        memset(k, 0U, (uint32_t)48U * sizeof (uint8_t));
-        memset(v, (uint8_t)1U, (uint32_t)48U * sizeof (uint8_t));
-        ctr[0U] = (uint32_t)1U;
-        uint32_t
-        input_len = (uint32_t)49U + entropy_input_len + nonce_len + personalization_string_len;
+        memset(k, 0U, 48U * sizeof (uint8_t));
+        memset(v, 1U, 48U * sizeof (uint8_t));
+        ctr[0U] = 1U;
+        uint32_t input_len = 49U + entropy_input_len + nonce_len + personalization_string_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        memcpy(k_, v, 48U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          memcpy(input0 + (uint32_t)49U,
+          memcpy(input0 + 49U,
             seed_material,
             (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
         }
-        input0[48U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-        Hacl_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        input0[48U] = 0U;
+        Hacl_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+        Hacl_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+        memcpy(k, k_, 48U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          uint32_t
-          input_len0 = (uint32_t)49U + entropy_input_len + nonce_len + personalization_string_len;
+          uint32_t input_len0 = 49U + entropy_input_len + nonce_len + personalization_string_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-          if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+          memcpy(k_0, v, 48U * sizeof (uint8_t));
+          if (entropy_input_len + nonce_len + personalization_string_len != 0U)
           {
-            memcpy(input + (uint32_t)49U,
+            memcpy(input + 49U,
               seed_material,
               (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
           }
-          input[48U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-          Hacl_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+          input[48U] = 1U;
+          Hacl_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+          Hacl_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+          memcpy(k, k_0, 48U * sizeof (uint8_t));
         }
         break;
       }
@@ -386,45 +380,43 @@ Hacl_HMAC_DRBG_instantiate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        memset(k, 0U, (uint32_t)64U * sizeof (uint8_t));
-        memset(v, (uint8_t)1U, (uint32_t)64U * sizeof (uint8_t));
-        ctr[0U] = (uint32_t)1U;
-        uint32_t
-        input_len = (uint32_t)65U + entropy_input_len + nonce_len + personalization_string_len;
+        memset(k, 0U, 64U * sizeof (uint8_t));
+        memset(v, 1U, 64U * sizeof (uint8_t));
+        ctr[0U] = 1U;
+        uint32_t input_len = 65U + entropy_input_len + nonce_len + personalization_string_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        memcpy(k_, v, 64U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          memcpy(input0 + (uint32_t)65U,
+          memcpy(input0 + 65U,
             seed_material,
             (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
         }
-        input0[64U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-        Hacl_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+        input0[64U] = 0U;
+        Hacl_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+        Hacl_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+        memcpy(k, k_, 64U * sizeof (uint8_t));
+        if (entropy_input_len + nonce_len + personalization_string_len != 0U)
         {
-          uint32_t
-          input_len0 = (uint32_t)65U + entropy_input_len + nonce_len + personalization_string_len;
+          uint32_t input_len0 = 65U + entropy_input_len + nonce_len + personalization_string_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-          if (entropy_input_len + nonce_len + personalization_string_len != (uint32_t)0U)
+          memcpy(k_0, v, 64U * sizeof (uint8_t));
+          if (entropy_input_len + nonce_len + personalization_string_len != 0U)
           {
-            memcpy(input + (uint32_t)65U,
+            memcpy(input + 65U,
               seed_material,
               (entropy_input_len + nonce_len + personalization_string_len) * sizeof (uint8_t));
           }
-          input[64U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-          Hacl_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+          input[64U] = 1U;
+          Hacl_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+          Hacl_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+          memcpy(k, k_0, 64U * sizeof (uint8_t));
         }
         break;
       }
@@ -474,42 +466,42 @@ Hacl_HMAC_DRBG_reseed(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_input_len;
+        uint32_t input_len = 21U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        memcpy(k_, v, 20U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)21U,
+          memcpy(input0 + 21U,
             seed_material,
             (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
         }
-        input0[20U] = (uint8_t)0U;
-        Hacl_HMAC_legacy_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-        Hacl_HMAC_legacy_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        input0[20U] = 0U;
+        Hacl_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+        Hacl_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+        memcpy(k, k_, 20U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_input_len;
+          uint32_t input_len0 = 21U + entropy_input_len + additional_input_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-          if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 20U * sizeof (uint8_t));
+          if (entropy_input_len + additional_input_input_len != 0U)
           {
-            memcpy(input + (uint32_t)21U,
+            memcpy(input + 21U,
               seed_material,
               (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
           }
-          input[20U] = (uint8_t)1U;
-          Hacl_HMAC_legacy_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-          Hacl_HMAC_legacy_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+          input[20U] = 1U;
+          Hacl_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+          Hacl_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+          memcpy(k, k_0, 20U * sizeof (uint8_t));
         }
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         break;
       }
     case Spec_Hash_Definitions_SHA2_256:
@@ -528,42 +520,42 @@ Hacl_HMAC_DRBG_reseed(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_input_len;
+        uint32_t input_len = 33U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        memcpy(k_, v, 32U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)33U,
+          memcpy(input0 + 33U,
             seed_material,
             (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
         }
-        input0[32U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-        Hacl_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        input0[32U] = 0U;
+        Hacl_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+        Hacl_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+        memcpy(k, k_, 32U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_input_len;
+          uint32_t input_len0 = 33U + entropy_input_len + additional_input_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-          if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 32U * sizeof (uint8_t));
+          if (entropy_input_len + additional_input_input_len != 0U)
           {
-            memcpy(input + (uint32_t)33U,
+            memcpy(input + 33U,
               seed_material,
               (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
           }
-          input[32U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-          Hacl_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+          input[32U] = 1U;
+          Hacl_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+          Hacl_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+          memcpy(k, k_0, 32U * sizeof (uint8_t));
         }
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
@@ -582,42 +574,42 @@ Hacl_HMAC_DRBG_reseed(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_input_len;
+        uint32_t input_len = 49U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        memcpy(k_, v, 48U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)49U,
+          memcpy(input0 + 49U,
             seed_material,
             (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
         }
-        input0[48U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-        Hacl_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        input0[48U] = 0U;
+        Hacl_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+        Hacl_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+        memcpy(k, k_, 48U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_input_len;
+          uint32_t input_len0 = 49U + entropy_input_len + additional_input_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-          if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 48U * sizeof (uint8_t));
+          if (entropy_input_len + additional_input_input_len != 0U)
           {
-            memcpy(input + (uint32_t)49U,
+            memcpy(input + 49U,
               seed_material,
               (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
           }
-          input[48U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-          Hacl_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+          input[48U] = 1U;
+          Hacl_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+          Hacl_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+          memcpy(k, k_0, 48U * sizeof (uint8_t));
         }
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
@@ -636,42 +628,42 @@ Hacl_HMAC_DRBG_reseed(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_input_len;
+        uint32_t input_len = 65U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        memcpy(k_, v, 64U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)65U,
+          memcpy(input0 + 65U,
             seed_material,
             (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
         }
-        input0[64U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-        Hacl_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+        input0[64U] = 0U;
+        Hacl_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+        Hacl_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+        memcpy(k, k_, 64U * sizeof (uint8_t));
+        if (entropy_input_len + additional_input_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_input_len;
+          uint32_t input_len0 = 65U + entropy_input_len + additional_input_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-          if (entropy_input_len + additional_input_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 64U * sizeof (uint8_t));
+          if (entropy_input_len + additional_input_input_len != 0U)
           {
-            memcpy(input + (uint32_t)65U,
+            memcpy(input + 65U,
               seed_material,
               (entropy_input_len + additional_input_input_len) * sizeof (uint8_t));
           }
-          input[64U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-          Hacl_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+          input[64U] = 1U;
+          Hacl_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+          Hacl_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+          memcpy(k, k_0, 64U * sizeof (uint8_t));
         }
-        ctr[0U] = (uint32_t)1U;
+        ctr[0U] = 1U;
         break;
       }
     default:
@@ -713,93 +705,87 @@ Hacl_HMAC_DRBG_generate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        if (additional_input_len > (uint32_t)0U)
+        if (additional_input_len > 0U)
         {
-          uint32_t input_len = (uint32_t)21U + additional_input_len;
+          uint32_t input_len = 21U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
           uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
           memset(input0, 0U, input_len * sizeof (uint8_t));
           uint8_t *k_ = input0;
-          memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_, v, 20U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input0 + (uint32_t)21U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input0 + 21U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input0[20U] = (uint8_t)0U;
-          Hacl_HMAC_legacy_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-          Hacl_HMAC_legacy_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          input0[20U] = 0U;
+          Hacl_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+          Hacl_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+          memcpy(k, k_, 20U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+            uint32_t input_len0 = 21U + additional_input_len;
             KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
             uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
             memset(input, 0U, input_len0 * sizeof (uint8_t));
             uint8_t *k_0 = input;
-            memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-            if (additional_input_len != (uint32_t)0U)
+            memcpy(k_0, v, 20U * sizeof (uint8_t));
+            if (additional_input_len != 0U)
             {
-              memcpy(input + (uint32_t)21U,
-                additional_input,
-                additional_input_len * sizeof (uint8_t));
+              memcpy(input + 21U, additional_input, additional_input_len * sizeof (uint8_t));
             }
-            input[20U] = (uint8_t)1U;
-            Hacl_HMAC_legacy_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-            Hacl_HMAC_legacy_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-            memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+            input[20U] = 1U;
+            Hacl_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+            Hacl_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+            memcpy(k, k_0, 20U * sizeof (uint8_t));
           }
         }
         uint8_t *output1 = output;
-        uint32_t max = n / (uint32_t)20U;
+        uint32_t max = n / 20U;
         uint8_t *out = output1;
-        for (uint32_t i = (uint32_t)0U; i < max; i++)
+        for (uint32_t i = 0U; i < max; i++)
         {
-          Hacl_HMAC_legacy_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
+          Hacl_HMAC_compute_sha1(v, k, 20U, v, 20U);
+          memcpy(out + i * 20U, v, 20U * sizeof (uint8_t));
         }
-        if (max * (uint32_t)20U < n)
+        if (max * 20U < n)
         {
-          uint8_t *block = output1 + max * (uint32_t)20U;
-          Hacl_HMAC_legacy_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
+          uint8_t *block = output1 + max * 20U;
+          Hacl_HMAC_compute_sha1(v, k, 20U, v, 20U);
+          memcpy(block, v, (n - max * 20U) * sizeof (uint8_t));
         }
-        uint32_t input_len = (uint32_t)21U + additional_input_len;
+        uint32_t input_len = 21U + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        memcpy(k_, v, 20U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+          memcpy(input0 + 21U, additional_input, additional_input_len * sizeof (uint8_t));
         }
-        input0[20U] = (uint8_t)0U;
-        Hacl_HMAC_legacy_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-        Hacl_HMAC_legacy_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        input0[20U] = 0U;
+        Hacl_HMAC_compute_sha1(k_, k, 20U, input0, input_len);
+        Hacl_HMAC_compute_sha1(v, k_, 20U, v, 20U);
+        memcpy(k, k_, 20U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+          uint32_t input_len0 = 21U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 20U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input + (uint32_t)21U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input + 21U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input[20U] = (uint8_t)1U;
-          Hacl_HMAC_legacy_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-          Hacl_HMAC_legacy_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-          memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+          input[20U] = 1U;
+          Hacl_HMAC_compute_sha1(k_0, k, 20U, input, input_len0);
+          Hacl_HMAC_compute_sha1(v, k_0, 20U, v, 20U);
+          memcpy(k, k_0, 20U * sizeof (uint8_t));
         }
         uint32_t old_ctr = ctr[0U];
-        ctr[0U] = old_ctr + (uint32_t)1U;
+        ctr[0U] = old_ctr + 1U;
         return true;
       }
     case Spec_Hash_Definitions_SHA2_256:
@@ -811,93 +797,87 @@ Hacl_HMAC_DRBG_generate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        if (additional_input_len > (uint32_t)0U)
+        if (additional_input_len > 0U)
         {
-          uint32_t input_len = (uint32_t)33U + additional_input_len;
+          uint32_t input_len = 33U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
           uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
           memset(input0, 0U, input_len * sizeof (uint8_t));
           uint8_t *k_ = input0;
-          memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_, v, 32U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input0 + (uint32_t)33U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input0 + 33U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input0[32U] = (uint8_t)0U;
-          Hacl_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-          Hacl_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          input0[32U] = 0U;
+          Hacl_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+          Hacl_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+          memcpy(k, k_, 32U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+            uint32_t input_len0 = 33U + additional_input_len;
             KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
             uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
             memset(input, 0U, input_len0 * sizeof (uint8_t));
             uint8_t *k_0 = input;
-            memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-            if (additional_input_len != (uint32_t)0U)
+            memcpy(k_0, v, 32U * sizeof (uint8_t));
+            if (additional_input_len != 0U)
             {
-              memcpy(input + (uint32_t)33U,
-                additional_input,
-                additional_input_len * sizeof (uint8_t));
+              memcpy(input + 33U, additional_input, additional_input_len * sizeof (uint8_t));
             }
-            input[32U] = (uint8_t)1U;
-            Hacl_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-            Hacl_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-            memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+            input[32U] = 1U;
+            Hacl_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+            Hacl_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+            memcpy(k, k_0, 32U * sizeof (uint8_t));
           }
         }
         uint8_t *output1 = output;
-        uint32_t max = n / (uint32_t)32U;
+        uint32_t max = n / 32U;
         uint8_t *out = output1;
-        for (uint32_t i = (uint32_t)0U; i < max; i++)
+        for (uint32_t i = 0U; i < max; i++)
         {
-          Hacl_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
+          Hacl_HMAC_compute_sha2_256(v, k, 32U, v, 32U);
+          memcpy(out + i * 32U, v, 32U * sizeof (uint8_t));
         }
-        if (max * (uint32_t)32U < n)
+        if (max * 32U < n)
         {
-          uint8_t *block = output1 + max * (uint32_t)32U;
-          Hacl_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
+          uint8_t *block = output1 + max * 32U;
+          Hacl_HMAC_compute_sha2_256(v, k, 32U, v, 32U);
+          memcpy(block, v, (n - max * 32U) * sizeof (uint8_t));
         }
-        uint32_t input_len = (uint32_t)33U + additional_input_len;
+        uint32_t input_len = 33U + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        memcpy(k_, v, 32U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+          memcpy(input0 + 33U, additional_input, additional_input_len * sizeof (uint8_t));
         }
-        input0[32U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-        Hacl_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        input0[32U] = 0U;
+        Hacl_HMAC_compute_sha2_256(k_, k, 32U, input0, input_len);
+        Hacl_HMAC_compute_sha2_256(v, k_, 32U, v, 32U);
+        memcpy(k, k_, 32U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+          uint32_t input_len0 = 33U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 32U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input + (uint32_t)33U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input + 33U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input[32U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-          Hacl_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-          memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+          input[32U] = 1U;
+          Hacl_HMAC_compute_sha2_256(k_0, k, 32U, input, input_len0);
+          Hacl_HMAC_compute_sha2_256(v, k_0, 32U, v, 32U);
+          memcpy(k, k_0, 32U * sizeof (uint8_t));
         }
         uint32_t old_ctr = ctr[0U];
-        ctr[0U] = old_ctr + (uint32_t)1U;
+        ctr[0U] = old_ctr + 1U;
         return true;
       }
     case Spec_Hash_Definitions_SHA2_384:
@@ -909,93 +889,87 @@ Hacl_HMAC_DRBG_generate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        if (additional_input_len > (uint32_t)0U)
+        if (additional_input_len > 0U)
         {
-          uint32_t input_len = (uint32_t)49U + additional_input_len;
+          uint32_t input_len = 49U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
           uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
           memset(input0, 0U, input_len * sizeof (uint8_t));
           uint8_t *k_ = input0;
-          memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_, v, 48U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input0 + (uint32_t)49U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input0 + 49U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input0[48U] = (uint8_t)0U;
-          Hacl_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-          Hacl_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          input0[48U] = 0U;
+          Hacl_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+          Hacl_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+          memcpy(k, k_, 48U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+            uint32_t input_len0 = 49U + additional_input_len;
             KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
             uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
             memset(input, 0U, input_len0 * sizeof (uint8_t));
             uint8_t *k_0 = input;
-            memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-            if (additional_input_len != (uint32_t)0U)
+            memcpy(k_0, v, 48U * sizeof (uint8_t));
+            if (additional_input_len != 0U)
             {
-              memcpy(input + (uint32_t)49U,
-                additional_input,
-                additional_input_len * sizeof (uint8_t));
+              memcpy(input + 49U, additional_input, additional_input_len * sizeof (uint8_t));
             }
-            input[48U] = (uint8_t)1U;
-            Hacl_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-            Hacl_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-            memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+            input[48U] = 1U;
+            Hacl_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+            Hacl_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+            memcpy(k, k_0, 48U * sizeof (uint8_t));
           }
         }
         uint8_t *output1 = output;
-        uint32_t max = n / (uint32_t)48U;
+        uint32_t max = n / 48U;
         uint8_t *out = output1;
-        for (uint32_t i = (uint32_t)0U; i < max; i++)
+        for (uint32_t i = 0U; i < max; i++)
         {
-          Hacl_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
+          Hacl_HMAC_compute_sha2_384(v, k, 48U, v, 48U);
+          memcpy(out + i * 48U, v, 48U * sizeof (uint8_t));
         }
-        if (max * (uint32_t)48U < n)
+        if (max * 48U < n)
         {
-          uint8_t *block = output1 + max * (uint32_t)48U;
-          Hacl_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
+          uint8_t *block = output1 + max * 48U;
+          Hacl_HMAC_compute_sha2_384(v, k, 48U, v, 48U);
+          memcpy(block, v, (n - max * 48U) * sizeof (uint8_t));
         }
-        uint32_t input_len = (uint32_t)49U + additional_input_len;
+        uint32_t input_len = 49U + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        memcpy(k_, v, 48U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+          memcpy(input0 + 49U, additional_input, additional_input_len * sizeof (uint8_t));
         }
-        input0[48U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-        Hacl_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        input0[48U] = 0U;
+        Hacl_HMAC_compute_sha2_384(k_, k, 48U, input0, input_len);
+        Hacl_HMAC_compute_sha2_384(v, k_, 48U, v, 48U);
+        memcpy(k, k_, 48U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+          uint32_t input_len0 = 49U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 48U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input + (uint32_t)49U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input + 49U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input[48U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-          Hacl_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-          memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+          input[48U] = 1U;
+          Hacl_HMAC_compute_sha2_384(k_0, k, 48U, input, input_len0);
+          Hacl_HMAC_compute_sha2_384(v, k_0, 48U, v, 48U);
+          memcpy(k, k_0, 48U * sizeof (uint8_t));
         }
         uint32_t old_ctr = ctr[0U];
-        ctr[0U] = old_ctr + (uint32_t)1U;
+        ctr[0U] = old_ctr + 1U;
         return true;
       }
     case Spec_Hash_Definitions_SHA2_512:
@@ -1007,93 +981,87 @@ Hacl_HMAC_DRBG_generate(
         uint8_t *k = st.k;
         uint8_t *v = st.v;
         uint32_t *ctr = st.reseed_counter;
-        if (additional_input_len > (uint32_t)0U)
+        if (additional_input_len > 0U)
         {
-          uint32_t input_len = (uint32_t)65U + additional_input_len;
+          uint32_t input_len = 65U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
           uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
           memset(input0, 0U, input_len * sizeof (uint8_t));
           uint8_t *k_ = input0;
-          memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_, v, 64U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input0 + (uint32_t)65U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input0 + 65U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input0[64U] = (uint8_t)0U;
-          Hacl_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-          Hacl_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          input0[64U] = 0U;
+          Hacl_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+          Hacl_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+          memcpy(k, k_, 64U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+            uint32_t input_len0 = 65U + additional_input_len;
             KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
             uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
             memset(input, 0U, input_len0 * sizeof (uint8_t));
             uint8_t *k_0 = input;
-            memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-            if (additional_input_len != (uint32_t)0U)
+            memcpy(k_0, v, 64U * sizeof (uint8_t));
+            if (additional_input_len != 0U)
             {
-              memcpy(input + (uint32_t)65U,
-                additional_input,
-                additional_input_len * sizeof (uint8_t));
+              memcpy(input + 65U, additional_input, additional_input_len * sizeof (uint8_t));
             }
-            input[64U] = (uint8_t)1U;
-            Hacl_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-            Hacl_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-            memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+            input[64U] = 1U;
+            Hacl_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+            Hacl_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+            memcpy(k, k_0, 64U * sizeof (uint8_t));
           }
         }
         uint8_t *output1 = output;
-        uint32_t max = n / (uint32_t)64U;
+        uint32_t max = n / 64U;
         uint8_t *out = output1;
-        for (uint32_t i = (uint32_t)0U; i < max; i++)
+        for (uint32_t i = 0U; i < max; i++)
         {
-          Hacl_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
+          Hacl_HMAC_compute_sha2_512(v, k, 64U, v, 64U);
+          memcpy(out + i * 64U, v, 64U * sizeof (uint8_t));
         }
-        if (max * (uint32_t)64U < n)
+        if (max * 64U < n)
         {
-          uint8_t *block = output1 + max * (uint32_t)64U;
-          Hacl_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
+          uint8_t *block = output1 + max * 64U;
+          Hacl_HMAC_compute_sha2_512(v, k, 64U, v, 64U);
+          memcpy(block, v, (n - max * 64U) * sizeof (uint8_t));
         }
-        uint32_t input_len = (uint32_t)65U + additional_input_len;
+        uint32_t input_len = 65U + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
         memset(input0, 0U, input_len * sizeof (uint8_t));
         uint8_t *k_ = input0;
-        memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        memcpy(k_, v, 64U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+          memcpy(input0 + 65U, additional_input, additional_input_len * sizeof (uint8_t));
         }
-        input0[64U] = (uint8_t)0U;
-        Hacl_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-        Hacl_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
+        input0[64U] = 0U;
+        Hacl_HMAC_compute_sha2_512(k_, k, 64U, input0, input_len);
+        Hacl_HMAC_compute_sha2_512(v, k_, 64U, v, 64U);
+        memcpy(k, k_, 64U * sizeof (uint8_t));
+        if (additional_input_len != 0U)
         {
-          uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+          uint32_t input_len0 = 65U + additional_input_len;
           KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
           uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
           memset(input, 0U, input_len0 * sizeof (uint8_t));
           uint8_t *k_0 = input;
-          memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-          if (additional_input_len != (uint32_t)0U)
+          memcpy(k_0, v, 64U * sizeof (uint8_t));
+          if (additional_input_len != 0U)
           {
-            memcpy(input + (uint32_t)65U,
-              additional_input,
-              additional_input_len * sizeof (uint8_t));
+            memcpy(input + 65U, additional_input, additional_input_len * sizeof (uint8_t));
           }
-          input[64U] = (uint8_t)1U;
-          Hacl_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-          Hacl_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-          memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+          input[64U] = 1U;
+          Hacl_HMAC_compute_sha2_512(k_0, k, 64U, input, input_len0);
+          Hacl_HMAC_compute_sha2_512(v, k_0, 64U, v, 64U);
+          memcpy(k, k_0, 64U * sizeof (uint8_t));
         }
         uint32_t old_ctr = ctr[0U];
-        ctr[0U] = old_ctr + (uint32_t)1U;
+        ctr[0U] = old_ctr + 1U;
         return true;
       }
     default:
@@ -1106,7 +1074,7 @@ Hacl_HMAC_DRBG_generate(
 
 void Hacl_HMAC_DRBG_free(Spec_Hash_Definitions_hash_alg uu___, Hacl_HMAC_DRBG_state s)
 {
-  KRML_HOST_IGNORE(uu___);
+  KRML_MAYBE_UNUSED_VAR(uu___);
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
diff --git a/src/msvc/Hacl_HPKE_Curve51_CP128_SHA256.c b/src/msvc/Hacl_HPKE_Curve51_CP128_SHA256.c
index f05fd2bd..ccb6c4f6 100644
--- a/src/msvc/Hacl_HPKE_Curve51_CP128_SHA256.c
+++ b/src/msvc/Hacl_HPKE_Curve51_CP128_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP128_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP128_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP128_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve51_CP128_SHA256_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve51_CP128_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve51_CP128_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve51_CP128_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP128_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve51_CP128_SHA512.c b/src/msvc/Hacl_HPKE_Curve51_CP128_SHA512.c
index 5e5c7788..3691181f 100644
--- a/src/msvc/Hacl_HPKE_Curve51_CP128_SHA512.c
+++ b/src/msvc/Hacl_HPKE_Curve51_CP128_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP128_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP128_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP128_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve51_CP128_SHA512_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve51_CP128_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve51_CP128_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve51_CP128_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP128_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve51_CP256_SHA256.c b/src/msvc/Hacl_HPKE_Curve51_CP256_SHA256.c
index 879d3a76..7c9cfcc6 100644
--- a/src/msvc/Hacl_HPKE_Curve51_CP256_SHA256.c
+++ b/src/msvc/Hacl_HPKE_Curve51_CP256_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP256_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP256_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP256_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve51_CP256_SHA256_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve51_CP256_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve51_CP256_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve51_CP256_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP256_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve51_CP256_SHA512.c b/src/msvc/Hacl_HPKE_Curve51_CP256_SHA512.c
index 0ecc22be..ff5bccc0 100644
--- a/src/msvc/Hacl_HPKE_Curve51_CP256_SHA512.c
+++ b/src/msvc/Hacl_HPKE_Curve51_CP256_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP256_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP256_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP256_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve51_CP256_SHA512_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve51_CP256_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve51_CP256_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve51_CP256_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP256_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve51_CP32_SHA256.c b/src/msvc/Hacl_HPKE_Curve51_CP32_SHA256.c
index ed3f7eed..c91ed755 100644
--- a/src/msvc/Hacl_HPKE_Curve51_CP32_SHA256.c
+++ b/src/msvc/Hacl_HPKE_Curve51_CP32_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP32_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP32_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP32_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -607,43 +552,45 @@ Hacl_HPKE_Curve51_CP32_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP32_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -661,7 +608,7 @@ Hacl_HPKE_Curve51_CP32_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -672,42 +619,44 @@ Hacl_HPKE_Curve51_CP32_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP32_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve51_CP32_SHA512.c b/src/msvc/Hacl_HPKE_Curve51_CP32_SHA512.c
index 1c4b30e4..e97ee4cd 100644
--- a/src/msvc/Hacl_HPKE_Curve51_CP32_SHA512.c
+++ b/src/msvc/Hacl_HPKE_Curve51_CP32_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve51_CP32_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_51_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve51_CP32_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_51_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_51_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_51_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve51_CP32_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -607,43 +552,45 @@ Hacl_HPKE_Curve51_CP32_SHA512_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP32_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -661,7 +608,7 @@ Hacl_HPKE_Curve51_CP32_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -672,42 +619,44 @@ Hacl_HPKE_Curve51_CP32_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve51_CP32_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve64_CP128_SHA256.c b/src/msvc/Hacl_HPKE_Curve64_CP128_SHA256.c
index 70b41c45..24414b4b 100644
--- a/src/msvc/Hacl_HPKE_Curve64_CP128_SHA256.c
+++ b/src/msvc/Hacl_HPKE_Curve64_CP128_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP128_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP128_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP128_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve64_CP128_SHA256_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve64_CP128_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve64_CP128_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve64_CP128_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP128_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve64_CP128_SHA512.c b/src/msvc/Hacl_HPKE_Curve64_CP128_SHA512.c
index 6a4f3d01..81131914 100644
--- a/src/msvc/Hacl_HPKE_Curve64_CP128_SHA512.c
+++ b/src/msvc/Hacl_HPKE_Curve64_CP128_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP128_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP128_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP128_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve64_CP128_SHA512_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve64_CP128_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve64_CP128_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve64_CP128_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP128_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve64_CP256_SHA256.c b/src/msvc/Hacl_HPKE_Curve64_CP256_SHA256.c
index 725bb6cd..df58f0e1 100644
--- a/src/msvc/Hacl_HPKE_Curve64_CP256_SHA256.c
+++ b/src/msvc/Hacl_HPKE_Curve64_CP256_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP256_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP256_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP256_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve64_CP256_SHA256_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve64_CP256_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve64_CP256_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve64_CP256_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP256_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve64_CP256_SHA512.c b/src/msvc/Hacl_HPKE_Curve64_CP256_SHA512.c
index e7be8835..8052db8f 100644
--- a/src/msvc/Hacl_HPKE_Curve64_CP256_SHA512.c
+++ b/src/msvc/Hacl_HPKE_Curve64_CP256_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP256_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP256_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP256_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -608,43 +553,45 @@ Hacl_HPKE_Curve64_CP256_SHA512_sealBase(
     };
   uint32_t
   res = Hacl_HPKE_Curve64_CP256_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -662,7 +609,7 @@ Hacl_HPKE_Curve64_CP256_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -673,42 +620,44 @@ Hacl_HPKE_Curve64_CP256_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP256_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve64_CP32_SHA256.c b/src/msvc/Hacl_HPKE_Curve64_CP32_SHA256.c
index 92672abe..5c6ef179 100644
--- a/src/msvc/Hacl_HPKE_Curve64_CP32_SHA256.c
+++ b/src/msvc/Hacl_HPKE_Curve64_CP32_SHA256.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP32_SHA256_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)1U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 1U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP32_SHA256_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)1U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 1U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp3,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp3, (uint16_t)32U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP32_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -607,43 +552,45 @@ Hacl_HPKE_Curve64_CP32_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP32_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -661,7 +608,7 @@ Hacl_HPKE_Curve64_CP32_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -672,42 +619,44 @@ Hacl_HPKE_Curve64_CP32_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP32_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_Curve64_CP32_SHA512.c b/src/msvc/Hacl_HPKE_Curve64_CP32_SHA512.c
index 5ad7e761..cb24c3ac 100644
--- a/src/msvc/Hacl_HPKE_Curve64_CP32_SHA512.c
+++ b/src/msvc/Hacl_HPKE_Curve64_CP32_SHA512.c
@@ -40,262 +40,234 @@ Hacl_HPKE_Curve64_CP32_SHA512_setupBaseS(
   uint8_t o_shared[32U] = { 0U };
   uint8_t *o_pkE1 = o_pkE;
   Hacl_Curve25519_64_secret_to_public(o_pkE1, skE);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint32_t res0;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t o_dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(o_dh, skE, pkR);
-    uint8_t res2 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res2 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(o_dh[i], zeros[i]);
-      res2 = uu____0 & res2;
+      res2 = (uint32_t)uu____0 & (uint32_t)res2;
     }
     uint8_t z = res2;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res20 = res;
     uint8_t o_kemcontext[64U] = { 0U };
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)32U;
+      memcpy(o_kemcontext, o_pkE, 32U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 32U;
       uint8_t *o_pkR = o_pkRm;
-      memcpy(o_pkR, pkR, (uint32_t)32U * sizeof (uint8_t));
+      memcpy(o_pkR, pkR, 32U * sizeof (uint8_t));
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____1 = suite_id_kem;
-      uu____1[0U] = (uint8_t)0x4bU;
-      uu____1[1U] = (uint8_t)0x45U;
-      uu____1[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-      uu____2[0U] = (uint8_t)0U;
-      uu____2[1U] = (uint8_t)32U;
+      uu____1[0U] = 0x4bU;
+      uu____1[1U] = 0x45U;
+      uu____1[2U] = 0x4dU;
+      uint8_t *uu____2 = suite_id_kem + 3U;
+      uu____2[0U] = 0U;
+      uu____2[1U] = 32U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____3 = tmp0;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp0 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)91U;
+      uint32_t len = 91U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____4 = tmp + (uint32_t)2U;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uu____4[4U] = (uint8_t)0x2dU;
-      uu____4[5U] = (uint8_t)0x76U;
-      uu____4[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)64U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res0 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____4 = tmp + 2U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uu____4[4U] = 0x2dU;
+      uu____4[5U] = 0x76U;
+      uu____4[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 64U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res0 = 0U;
     }
     else
     {
-      res0 = (uint32_t)1U;
+      res0 = 1U;
     }
   }
   else
   {
-    res0 = (uint32_t)1U;
+    res0 = 1U;
   }
-  if (res0 == (uint32_t)0U)
+  if (res0 == 0U)
   {
     uint8_t o_context[129U] = { 0U };
     uint8_t o_secret[64U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____5 = suite_id;
-    uu____5[0U] = (uint8_t)0x48U;
-    uu____5[1U] = (uint8_t)0x50U;
-    uu____5[2U] = (uint8_t)0x4bU;
-    uu____5[3U] = (uint8_t)0x45U;
-    uint8_t *uu____6 = suite_id + (uint32_t)4U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)32U;
-    uint8_t *uu____7 = suite_id + (uint32_t)6U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
-    uint8_t *uu____8 = suite_id + (uint32_t)8U;
-    uu____8[0U] = (uint8_t)0U;
-    uu____8[1U] = (uint8_t)3U;
+    uu____5[0U] = 0x48U;
+    uu____5[1U] = 0x50U;
+    uu____5[2U] = 0x4bU;
+    uu____5[3U] = 0x45U;
+    uint8_t *uu____6 = suite_id + 4U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 32U;
+    uint8_t *uu____7 = suite_id + 6U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
+    uint8_t *uu____8 = suite_id + 8U;
+    uu____8[0U] = 0U;
+    uu____8[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[64U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp0;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[64U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp1;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+    memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____11 = tmp2;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)151U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_512(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)64U);
-    uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)64U,
-      tmp3,
-      len3,
-      (uint32_t)64U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)151U;
+    store16_be(tmp3, (uint16_t)64U);
+    uint8_t *uu____12 = tmp3 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 151U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____13 = tmp4 + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)158U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 158U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____14 = tmp + (uint32_t)2U;
-    uu____14[0U] = (uint8_t)0x48U;
-    uu____14[1U] = (uint8_t)0x50U;
-    uu____14[2U] = (uint8_t)0x4bU;
-    uu____14[3U] = (uint8_t)0x45U;
-    uu____14[4U] = (uint8_t)0x2dU;
-    uu____14[5U] = (uint8_t)0x76U;
-    uu____14[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____14 = tmp + 2U;
+    uu____14[0U] = 0x48U;
+    uu____14[1U] = 0x50U;
+    uu____14[2U] = 0x4bU;
+    uu____14[3U] = 0x45U;
+    uu____14[4U] = 0x2dU;
+    uu____14[5U] = 0x76U;
+    uu____14[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res0;
   }
   return res0;
@@ -312,272 +284,245 @@ Hacl_HPKE_Curve64_CP32_SHA512_setupBaseR(
 {
   uint8_t pkR[32U] = { 0U };
   Hacl_Curve25519_64_secret_to_public(pkR, skR);
-  uint32_t res1 = (uint32_t)0U;
+  uint32_t res1 = 0U;
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
     uint8_t *pkE = enc;
     uint8_t dh[32U] = { 0U };
     uint8_t zeros[32U] = { 0U };
     Hacl_Curve25519_64_scalarmult(dh, skR, pkE);
-    uint8_t res0 = (uint8_t)255U;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    uint8_t res0 = 255U;
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t uu____0 = FStar_UInt8_eq_mask(dh[i], zeros[i]);
-      res0 = uu____0 & res0;
+      res0 = (uint32_t)uu____0 & (uint32_t)res0;
     }
     uint8_t z = res0;
     uint32_t res;
-    if (z == (uint8_t)255U)
+    if (z == 255U)
     {
-      res = (uint32_t)1U;
+      res = 1U;
     }
     else
     {
-      res = (uint32_t)0U;
+      res = 0U;
     }
     uint32_t res11 = res;
     uint32_t res2;
     uint8_t kemcontext[64U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)32U;
+      uint8_t *pkRm = kemcontext + 32U;
       uint8_t *pkR1 = pkRm;
       Hacl_Curve25519_64_secret_to_public(pkR1, skR);
-      uint32_t res20 = (uint32_t)0U;
-      if (res20 == (uint32_t)0U)
+      uint32_t res20 = 0U;
+      if (res20 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)32U * sizeof (uint8_t));
+        memcpy(kemcontext, enc, 32U * sizeof (uint8_t));
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____1 = suite_id_kem;
-        uu____1[0U] = (uint8_t)0x4bU;
-        uu____1[1U] = (uint8_t)0x45U;
-        uu____1[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____2 = suite_id_kem + (uint32_t)3U;
-        uu____2[0U] = (uint8_t)0U;
-        uu____2[1U] = (uint8_t)32U;
+        uu____1[0U] = 0x4bU;
+        uu____1[1U] = 0x45U;
+        uu____1[2U] = 0x4dU;
+        uint8_t *uu____2 = suite_id_kem + 3U;
+        uu____2[0U] = 0U;
+        uu____2[1U] = 32U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp0, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____3 = tmp0;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp0 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp0 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp0, len0);
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp0 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp0 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp0 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp0, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)91U;
+        uint32_t len = 91U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____4 = tmp + (uint32_t)2U;
-        uu____4[0U] = (uint8_t)0x48U;
-        uu____4[1U] = (uint8_t)0x50U;
-        uu____4[2U] = (uint8_t)0x4bU;
-        uu____4[3U] = (uint8_t)0x45U;
-        uu____4[4U] = (uint8_t)0x2dU;
-        uu____4[5U] = (uint8_t)0x76U;
-        uu____4[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)64U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res2 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____4 = tmp + 2U;
+        uu____4[0U] = 0x48U;
+        uu____4[1U] = 0x50U;
+        uu____4[2U] = 0x4bU;
+        uu____4[3U] = 0x45U;
+        uu____4[4U] = 0x2dU;
+        uu____4[5U] = 0x76U;
+        uu____4[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 64U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
       uint8_t o_context[129U] = { 0U };
       uint8_t o_secret[64U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____5 = suite_id;
-      uu____5[0U] = (uint8_t)0x48U;
-      uu____5[1U] = (uint8_t)0x50U;
-      uu____5[2U] = (uint8_t)0x4bU;
-      uu____5[3U] = (uint8_t)0x45U;
-      uint8_t *uu____6 = suite_id + (uint32_t)4U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)32U;
-      uint8_t *uu____7 = suite_id + (uint32_t)6U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
-      uint8_t *uu____8 = suite_id + (uint32_t)8U;
-      uu____8[0U] = (uint8_t)0U;
-      uu____8[1U] = (uint8_t)3U;
+      uu____5[0U] = 0x48U;
+      uu____5[1U] = 0x50U;
+      uu____5[2U] = 0x4bU;
+      uu____5[3U] = 0x45U;
+      uint8_t *uu____6 = suite_id + 4U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 32U;
+      uint8_t *uu____7 = suite_id + 6U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
+      uint8_t *uu____8 = suite_id + 8U;
+      uu____8[0U] = 0U;
+      uu____8[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[64U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp0, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp0;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_psk_id_hash, empty, 0U, tmp0, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[64U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp1, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp1;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)64U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)65U, o_info_hash, (uint32_t)64U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_info_hash, empty, 0U, tmp1, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 64U * sizeof (uint8_t));
+      memcpy(o_context + 65U, o_info_hash, 64U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp2, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____11 = tmp2;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_512(o_secret, shared, (uint32_t)32U, tmp2, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)151U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_512(o_secret, shared, 32U, tmp2, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp3, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp3, (uint16_t)(uint32_t)64U);
-      uint8_t *uu____12 = tmp3 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)64U,
-        tmp3,
-        len3,
-        (uint32_t)64U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)151U;
+      store16_be(tmp3, (uint16_t)64U);
+      uint8_t *uu____12 = tmp3 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp3 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_exporter, o_secret, 64U, tmp3, len3, 64U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 151U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp4, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____13 = tmp4 + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, (uint32_t)64U, tmp4, len4, (uint32_t)32U);
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____13 = tmp4 + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_key, o_secret, 64U, tmp4, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)158U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 158U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____14 = tmp + (uint32_t)2U;
-      uu____14[0U] = (uint8_t)0x48U;
-      uu____14[1U] = (uint8_t)0x50U;
-      uu____14[2U] = (uint8_t)0x4bU;
-      uu____14[3U] = (uint8_t)0x45U;
-      uu____14[4U] = (uint8_t)0x2dU;
-      uu____14[5U] = (uint8_t)0x76U;
-      uu____14[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)129U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, (uint32_t)64U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____14 = tmp + 2U;
+      uu____14[0U] = 0x48U;
+      uu____14[1U] = 0x50U;
+      uu____14[2U] = 0x4bU;
+      uu____14[3U] = 0x45U;
+      uu____14[4U] = 0x2dU;
+      uu____14[5U] = 0x76U;
+      uu____14[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 129U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_512(o_ctx.ctx_nonce, o_secret, 64U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -596,7 +541,7 @@ Hacl_HPKE_Curve64_CP32_SHA512_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -607,43 +552,45 @@ Hacl_HPKE_Curve64_CP32_SHA512_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP32_SHA512_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -661,7 +608,7 @@ Hacl_HPKE_Curve64_CP32_SHA512_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[64U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -672,42 +619,44 @@ Hacl_HPKE_Curve64_CP32_SHA512_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_Curve64_CP32_SHA512_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_P256_CP128_SHA256.c b/src/msvc/Hacl_HPKE_P256_CP128_SHA256.c
index 5dad7dcf..6672d593 100644
--- a/src/msvc/Hacl_HPKE_P256_CP128_SHA256.c
+++ b/src/msvc/Hacl_HPKE_P256_CP128_SHA256.c
@@ -38,267 +38,239 @@ Hacl_HPKE_P256_CP128_SHA256_setupBaseS(
 )
 {
   uint8_t o_shared[32U] = { 0U };
-  uint8_t *o_pkE1 = o_pkE + (uint32_t)1U;
+  uint8_t *o_pkE1 = o_pkE + 1U;
   bool res0 = Hacl_Impl_P256_DH_ecp256dh_i(o_pkE1, skE);
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint32_t res3;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    o_pkE[0U] = (uint8_t)4U;
+    o_pkE[0U] = 4U;
     uint8_t o_dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkR, skE);
-    memcpy(o_dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(o_dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res2;
     if (res)
     {
-      res2 = (uint32_t)0U;
+      res2 = 0U;
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
     uint8_t o_kemcontext[130U] = { 0U };
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)65U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)65U;
-      uint8_t *o_pkR = o_pkRm + (uint32_t)1U;
-      memcpy(o_pkR, pkR, (uint32_t)64U * sizeof (uint8_t));
-      o_pkRm[0U] = (uint8_t)4U;
+      memcpy(o_kemcontext, o_pkE, 65U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 65U;
+      uint8_t *o_pkR = o_pkRm + 1U;
+      memcpy(o_pkR, pkR, 64U * sizeof (uint8_t));
+      o_pkRm[0U] = 4U;
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____0 = suite_id_kem;
-      uu____0[0U] = (uint8_t)0x4bU;
-      uu____0[1U] = (uint8_t)0x45U;
-      uu____0[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-      uu____1[0U] = (uint8_t)0U;
-      uu____1[1U] = (uint8_t)16U;
+      uu____0[0U] = 0x4bU;
+      uu____0[1U] = 0x45U;
+      uu____0[2U] = 0x4dU;
+      uint8_t *uu____1 = suite_id_kem + 3U;
+      uu____1[0U] = 0U;
+      uu____1[1U] = 16U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp1 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____2 = tmp1;
-      uu____2[0U] = (uint8_t)0x48U;
-      uu____2[1U] = (uint8_t)0x50U;
-      uu____2[2U] = (uint8_t)0x4bU;
-      uu____2[3U] = (uint8_t)0x45U;
-      uu____2[4U] = (uint8_t)0x2dU;
-      uu____2[5U] = (uint8_t)0x76U;
-      uu____2[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+      uu____2[0U] = 0x48U;
+      uu____2[1U] = 0x50U;
+      uu____2[2U] = 0x4bU;
+      uu____2[3U] = 0x45U;
+      uu____2[4U] = 0x2dU;
+      uu____2[5U] = 0x76U;
+      uu____2[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp1 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)157U;
+      uint32_t len = 157U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____3 = tmp + (uint32_t)2U;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)130U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res3 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____3 = tmp + 2U;
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 130U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res3 = 0U;
     }
     else
     {
-      res3 = (uint32_t)1U;
+      res3 = 1U;
     }
   }
   else
   {
-    res3 = (uint32_t)1U;
+    res3 = 1U;
   }
-  if (res3 == (uint32_t)0U)
+  if (res3 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____4 = suite_id;
-    uu____4[0U] = (uint8_t)0x48U;
-    uu____4[1U] = (uint8_t)0x50U;
-    uu____4[2U] = (uint8_t)0x4bU;
-    uu____4[3U] = (uint8_t)0x45U;
-    uint8_t *uu____5 = suite_id + (uint32_t)4U;
-    uu____5[0U] = (uint8_t)0U;
-    uu____5[1U] = (uint8_t)16U;
-    uint8_t *uu____6 = suite_id + (uint32_t)6U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)1U;
-    uint8_t *uu____7 = suite_id + (uint32_t)8U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
+    uu____4[0U] = 0x48U;
+    uu____4[1U] = 0x50U;
+    uu____4[2U] = 0x4bU;
+    uu____4[3U] = 0x45U;
+    uint8_t *uu____5 = suite_id + 4U;
+    uu____5[0U] = 0U;
+    uu____5[1U] = 16U;
+    uint8_t *uu____6 = suite_id + 6U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 1U;
+    uint8_t *uu____7 = suite_id + 8U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____8 = tmp0;
-    uu____8[0U] = (uint8_t)0x48U;
-    uu____8[1U] = (uint8_t)0x50U;
-    uu____8[2U] = (uint8_t)0x4bU;
-    uu____8[3U] = (uint8_t)0x45U;
-    uu____8[4U] = (uint8_t)0x2dU;
-    uu____8[5U] = (uint8_t)0x76U;
-    uu____8[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____8[0U] = 0x48U;
+    uu____8[1U] = 0x50U;
+    uu____8[2U] = 0x4bU;
+    uu____8[3U] = 0x45U;
+    uu____8[4U] = 0x2dU;
+    uu____8[5U] = 0x76U;
+    uu____8[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp1;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp2;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____11 = tmp3 + (uint32_t)2U;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____11 = tmp3 + 2U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp4 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____12 = tmp4 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____13 = tmp + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____13 = tmp + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res3;
   }
   return res3;
@@ -318,279 +290,252 @@ Hacl_HPKE_P256_CP128_SHA256_setupBaseR(
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    uint8_t *pkE = enc + (uint32_t)1U;
+    uint8_t *pkE = enc + 1U;
     uint8_t dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkE, skR);
-    memcpy(dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res11;
     if (res)
     {
-      res11 = (uint32_t)0U;
+      res11 = 0U;
     }
     else
     {
-      res11 = (uint32_t)1U;
+      res11 = 1U;
     }
     uint32_t res20;
     uint8_t kemcontext[130U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)65U;
-      uint8_t *pkR1 = pkRm + (uint32_t)1U;
+      uint8_t *pkRm = kemcontext + 65U;
+      uint8_t *pkR1 = pkRm + 1U;
       bool res3 = Hacl_Impl_P256_DH_ecp256dh_i(pkR1, skR);
       uint32_t res2;
       if (res3)
       {
-        res2 = (uint32_t)0U;
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
-      if (res2 == (uint32_t)0U)
+      if (res2 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)65U * sizeof (uint8_t));
-        pkRm[0U] = (uint8_t)4U;
+        memcpy(kemcontext, enc, 65U * sizeof (uint8_t));
+        pkRm[0U] = 4U;
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____0 = suite_id_kem;
-        uu____0[0U] = (uint8_t)0x4bU;
-        uu____0[1U] = (uint8_t)0x45U;
-        uu____0[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-        uu____1[0U] = (uint8_t)0U;
-        uu____1[1U] = (uint8_t)16U;
+        uu____0[0U] = 0x4bU;
+        uu____0[1U] = 0x45U;
+        uu____0[2U] = 0x4dU;
+        uint8_t *uu____1 = suite_id_kem + 3U;
+        uu____1[0U] = 0U;
+        uu____1[1U] = 16U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp1 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp1, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____2 = tmp1;
-        uu____2[0U] = (uint8_t)0x48U;
-        uu____2[1U] = (uint8_t)0x50U;
-        uu____2[2U] = (uint8_t)0x4bU;
-        uu____2[3U] = (uint8_t)0x45U;
-        uu____2[4U] = (uint8_t)0x2dU;
-        uu____2[5U] = (uint8_t)0x76U;
-        uu____2[6U] = (uint8_t)0x31U;
-        memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+        uu____2[0U] = 0x48U;
+        uu____2[1U] = 0x50U;
+        uu____2[2U] = 0x4bU;
+        uu____2[3U] = 0x45U;
+        uu____2[4U] = 0x2dU;
+        uu____2[5U] = 0x76U;
+        uu____2[6U] = 0x31U;
+        memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp1 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)157U;
+        uint32_t len = 157U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____3 = tmp + (uint32_t)2U;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)130U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res20 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____3 = tmp + 2U;
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 130U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res20 = 0U;
       }
       else
       {
-        res20 = (uint32_t)1U;
+        res20 = 1U;
       }
     }
     else
     {
-      res20 = (uint32_t)1U;
+      res20 = 1U;
     }
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____4 = suite_id;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uint8_t *uu____5 = suite_id + (uint32_t)4U;
-      uu____5[0U] = (uint8_t)0U;
-      uu____5[1U] = (uint8_t)16U;
-      uint8_t *uu____6 = suite_id + (uint32_t)6U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)1U;
-      uint8_t *uu____7 = suite_id + (uint32_t)8U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uint8_t *uu____5 = suite_id + 4U;
+      uu____5[0U] = 0U;
+      uu____5[1U] = 16U;
+      uint8_t *uu____6 = suite_id + 6U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 1U;
+      uint8_t *uu____7 = suite_id + 8U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp1 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____8 = tmp1;
-      uu____8[0U] = (uint8_t)0x48U;
-      uu____8[1U] = (uint8_t)0x50U;
-      uu____8[2U] = (uint8_t)0x4bU;
-      uu____8[3U] = (uint8_t)0x45U;
-      uu____8[4U] = (uint8_t)0x2dU;
-      uu____8[5U] = (uint8_t)0x76U;
-      uu____8[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp1, len0);
+      uu____8[0U] = 0x48U;
+      uu____8[1U] = 0x50U;
+      uu____8[2U] = 0x4bU;
+      uu____8[3U] = 0x45U;
+      uu____8[4U] = 0x2dU;
+      uu____8[5U] = 0x76U;
+      uu____8[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp1 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp1, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp2 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp2, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp2;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp2, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp2 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp2, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp3 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp3, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp3;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp3, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp3 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp3 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp3, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp4 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp4, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____11 = tmp4 + (uint32_t)2U;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp4,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____11 = tmp4 + 2U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp4, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp5 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp5, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp5, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp5 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp5 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp5, len4, (uint32_t)32U);
+      store16_be(tmp5, (uint16_t)32U);
+      uint8_t *uu____12 = tmp5 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp5 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp5 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp5 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp5, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____13 = tmp + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____13 = tmp + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -609,7 +554,7 @@ Hacl_HPKE_P256_CP128_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -620,43 +565,45 @@ Hacl_HPKE_P256_CP128_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP128_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_128_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -674,7 +621,7 @@ Hacl_HPKE_P256_CP128_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -685,42 +632,44 @@ Hacl_HPKE_P256_CP128_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP128_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_128_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_P256_CP256_SHA256.c b/src/msvc/Hacl_HPKE_P256_CP256_SHA256.c
index 2e932f40..962abee4 100644
--- a/src/msvc/Hacl_HPKE_P256_CP256_SHA256.c
+++ b/src/msvc/Hacl_HPKE_P256_CP256_SHA256.c
@@ -38,267 +38,239 @@ Hacl_HPKE_P256_CP256_SHA256_setupBaseS(
 )
 {
   uint8_t o_shared[32U] = { 0U };
-  uint8_t *o_pkE1 = o_pkE + (uint32_t)1U;
+  uint8_t *o_pkE1 = o_pkE + 1U;
   bool res0 = Hacl_Impl_P256_DH_ecp256dh_i(o_pkE1, skE);
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint32_t res3;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    o_pkE[0U] = (uint8_t)4U;
+    o_pkE[0U] = 4U;
     uint8_t o_dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkR, skE);
-    memcpy(o_dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(o_dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res2;
     if (res)
     {
-      res2 = (uint32_t)0U;
+      res2 = 0U;
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
     uint8_t o_kemcontext[130U] = { 0U };
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)65U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)65U;
-      uint8_t *o_pkR = o_pkRm + (uint32_t)1U;
-      memcpy(o_pkR, pkR, (uint32_t)64U * sizeof (uint8_t));
-      o_pkRm[0U] = (uint8_t)4U;
+      memcpy(o_kemcontext, o_pkE, 65U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 65U;
+      uint8_t *o_pkR = o_pkRm + 1U;
+      memcpy(o_pkR, pkR, 64U * sizeof (uint8_t));
+      o_pkRm[0U] = 4U;
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____0 = suite_id_kem;
-      uu____0[0U] = (uint8_t)0x4bU;
-      uu____0[1U] = (uint8_t)0x45U;
-      uu____0[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-      uu____1[0U] = (uint8_t)0U;
-      uu____1[1U] = (uint8_t)16U;
+      uu____0[0U] = 0x4bU;
+      uu____0[1U] = 0x45U;
+      uu____0[2U] = 0x4dU;
+      uint8_t *uu____1 = suite_id_kem + 3U;
+      uu____1[0U] = 0U;
+      uu____1[1U] = 16U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp1 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____2 = tmp1;
-      uu____2[0U] = (uint8_t)0x48U;
-      uu____2[1U] = (uint8_t)0x50U;
-      uu____2[2U] = (uint8_t)0x4bU;
-      uu____2[3U] = (uint8_t)0x45U;
-      uu____2[4U] = (uint8_t)0x2dU;
-      uu____2[5U] = (uint8_t)0x76U;
-      uu____2[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+      uu____2[0U] = 0x48U;
+      uu____2[1U] = 0x50U;
+      uu____2[2U] = 0x4bU;
+      uu____2[3U] = 0x45U;
+      uu____2[4U] = 0x2dU;
+      uu____2[5U] = 0x76U;
+      uu____2[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp1 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)157U;
+      uint32_t len = 157U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____3 = tmp + (uint32_t)2U;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)130U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res3 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____3 = tmp + 2U;
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 130U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res3 = 0U;
     }
     else
     {
-      res3 = (uint32_t)1U;
+      res3 = 1U;
     }
   }
   else
   {
-    res3 = (uint32_t)1U;
+    res3 = 1U;
   }
-  if (res3 == (uint32_t)0U)
+  if (res3 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____4 = suite_id;
-    uu____4[0U] = (uint8_t)0x48U;
-    uu____4[1U] = (uint8_t)0x50U;
-    uu____4[2U] = (uint8_t)0x4bU;
-    uu____4[3U] = (uint8_t)0x45U;
-    uint8_t *uu____5 = suite_id + (uint32_t)4U;
-    uu____5[0U] = (uint8_t)0U;
-    uu____5[1U] = (uint8_t)16U;
-    uint8_t *uu____6 = suite_id + (uint32_t)6U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)1U;
-    uint8_t *uu____7 = suite_id + (uint32_t)8U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
+    uu____4[0U] = 0x48U;
+    uu____4[1U] = 0x50U;
+    uu____4[2U] = 0x4bU;
+    uu____4[3U] = 0x45U;
+    uint8_t *uu____5 = suite_id + 4U;
+    uu____5[0U] = 0U;
+    uu____5[1U] = 16U;
+    uint8_t *uu____6 = suite_id + 6U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 1U;
+    uint8_t *uu____7 = suite_id + 8U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____8 = tmp0;
-    uu____8[0U] = (uint8_t)0x48U;
-    uu____8[1U] = (uint8_t)0x50U;
-    uu____8[2U] = (uint8_t)0x4bU;
-    uu____8[3U] = (uint8_t)0x45U;
-    uu____8[4U] = (uint8_t)0x2dU;
-    uu____8[5U] = (uint8_t)0x76U;
-    uu____8[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____8[0U] = 0x48U;
+    uu____8[1U] = 0x50U;
+    uu____8[2U] = 0x4bU;
+    uu____8[3U] = 0x45U;
+    uu____8[4U] = 0x2dU;
+    uu____8[5U] = 0x76U;
+    uu____8[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp1;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp2;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____11 = tmp3 + (uint32_t)2U;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____11 = tmp3 + 2U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp4 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____12 = tmp4 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____13 = tmp + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____13 = tmp + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res3;
   }
   return res3;
@@ -318,279 +290,252 @@ Hacl_HPKE_P256_CP256_SHA256_setupBaseR(
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    uint8_t *pkE = enc + (uint32_t)1U;
+    uint8_t *pkE = enc + 1U;
     uint8_t dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkE, skR);
-    memcpy(dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res11;
     if (res)
     {
-      res11 = (uint32_t)0U;
+      res11 = 0U;
     }
     else
     {
-      res11 = (uint32_t)1U;
+      res11 = 1U;
     }
     uint32_t res20;
     uint8_t kemcontext[130U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)65U;
-      uint8_t *pkR1 = pkRm + (uint32_t)1U;
+      uint8_t *pkRm = kemcontext + 65U;
+      uint8_t *pkR1 = pkRm + 1U;
       bool res3 = Hacl_Impl_P256_DH_ecp256dh_i(pkR1, skR);
       uint32_t res2;
       if (res3)
       {
-        res2 = (uint32_t)0U;
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
-      if (res2 == (uint32_t)0U)
+      if (res2 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)65U * sizeof (uint8_t));
-        pkRm[0U] = (uint8_t)4U;
+        memcpy(kemcontext, enc, 65U * sizeof (uint8_t));
+        pkRm[0U] = 4U;
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____0 = suite_id_kem;
-        uu____0[0U] = (uint8_t)0x4bU;
-        uu____0[1U] = (uint8_t)0x45U;
-        uu____0[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-        uu____1[0U] = (uint8_t)0U;
-        uu____1[1U] = (uint8_t)16U;
+        uu____0[0U] = 0x4bU;
+        uu____0[1U] = 0x45U;
+        uu____0[2U] = 0x4dU;
+        uint8_t *uu____1 = suite_id_kem + 3U;
+        uu____1[0U] = 0U;
+        uu____1[1U] = 16U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp1 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp1, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____2 = tmp1;
-        uu____2[0U] = (uint8_t)0x48U;
-        uu____2[1U] = (uint8_t)0x50U;
-        uu____2[2U] = (uint8_t)0x4bU;
-        uu____2[3U] = (uint8_t)0x45U;
-        uu____2[4U] = (uint8_t)0x2dU;
-        uu____2[5U] = (uint8_t)0x76U;
-        uu____2[6U] = (uint8_t)0x31U;
-        memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+        uu____2[0U] = 0x48U;
+        uu____2[1U] = 0x50U;
+        uu____2[2U] = 0x4bU;
+        uu____2[3U] = 0x45U;
+        uu____2[4U] = 0x2dU;
+        uu____2[5U] = 0x76U;
+        uu____2[6U] = 0x31U;
+        memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp1 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)157U;
+        uint32_t len = 157U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____3 = tmp + (uint32_t)2U;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)130U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res20 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____3 = tmp + 2U;
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 130U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res20 = 0U;
       }
       else
       {
-        res20 = (uint32_t)1U;
+        res20 = 1U;
       }
     }
     else
     {
-      res20 = (uint32_t)1U;
+      res20 = 1U;
     }
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____4 = suite_id;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uint8_t *uu____5 = suite_id + (uint32_t)4U;
-      uu____5[0U] = (uint8_t)0U;
-      uu____5[1U] = (uint8_t)16U;
-      uint8_t *uu____6 = suite_id + (uint32_t)6U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)1U;
-      uint8_t *uu____7 = suite_id + (uint32_t)8U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uint8_t *uu____5 = suite_id + 4U;
+      uu____5[0U] = 0U;
+      uu____5[1U] = 16U;
+      uint8_t *uu____6 = suite_id + 6U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 1U;
+      uint8_t *uu____7 = suite_id + 8U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp1 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____8 = tmp1;
-      uu____8[0U] = (uint8_t)0x48U;
-      uu____8[1U] = (uint8_t)0x50U;
-      uu____8[2U] = (uint8_t)0x4bU;
-      uu____8[3U] = (uint8_t)0x45U;
-      uu____8[4U] = (uint8_t)0x2dU;
-      uu____8[5U] = (uint8_t)0x76U;
-      uu____8[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp1, len0);
+      uu____8[0U] = 0x48U;
+      uu____8[1U] = 0x50U;
+      uu____8[2U] = 0x4bU;
+      uu____8[3U] = 0x45U;
+      uu____8[4U] = 0x2dU;
+      uu____8[5U] = 0x76U;
+      uu____8[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp1 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp1, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp2 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp2, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp2;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp2, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp2 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp2, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp3 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp3, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp3;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp3, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp3 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp3 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp3, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp4 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp4, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____11 = tmp4 + (uint32_t)2U;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp4,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____11 = tmp4 + 2U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp4, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp5 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp5, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp5, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp5 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp5 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp5, len4, (uint32_t)32U);
+      store16_be(tmp5, (uint16_t)32U);
+      uint8_t *uu____12 = tmp5 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp5 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp5 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp5 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp5, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____13 = tmp + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____13 = tmp + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -609,7 +554,7 @@ Hacl_HPKE_P256_CP256_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -620,43 +565,45 @@ Hacl_HPKE_P256_CP256_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP256_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_256_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -674,7 +621,7 @@ Hacl_HPKE_P256_CP256_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -685,42 +632,44 @@ Hacl_HPKE_P256_CP256_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP256_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_256_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_HPKE_P256_CP32_SHA256.c b/src/msvc/Hacl_HPKE_P256_CP32_SHA256.c
index 34dc3403..0869fe45 100644
--- a/src/msvc/Hacl_HPKE_P256_CP32_SHA256.c
+++ b/src/msvc/Hacl_HPKE_P256_CP32_SHA256.c
@@ -38,267 +38,239 @@ Hacl_HPKE_P256_CP32_SHA256_setupBaseS(
 )
 {
   uint8_t o_shared[32U] = { 0U };
-  uint8_t *o_pkE1 = o_pkE + (uint32_t)1U;
+  uint8_t *o_pkE1 = o_pkE + 1U;
   bool res0 = Hacl_Impl_P256_DH_ecp256dh_i(o_pkE1, skE);
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint32_t res3;
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    o_pkE[0U] = (uint8_t)4U;
+    o_pkE[0U] = 4U;
     uint8_t o_dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkR, skE);
-    memcpy(o_dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(o_dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res2;
     if (res)
     {
-      res2 = (uint32_t)0U;
+      res2 = 0U;
     }
     else
     {
-      res2 = (uint32_t)1U;
+      res2 = 1U;
     }
     uint8_t o_kemcontext[130U] = { 0U };
-    if (res2 == (uint32_t)0U)
+    if (res2 == 0U)
     {
-      memcpy(o_kemcontext, o_pkE, (uint32_t)65U * sizeof (uint8_t));
-      uint8_t *o_pkRm = o_kemcontext + (uint32_t)65U;
-      uint8_t *o_pkR = o_pkRm + (uint32_t)1U;
-      memcpy(o_pkR, pkR, (uint32_t)64U * sizeof (uint8_t));
-      o_pkRm[0U] = (uint8_t)4U;
+      memcpy(o_kemcontext, o_pkE, 65U * sizeof (uint8_t));
+      uint8_t *o_pkRm = o_kemcontext + 65U;
+      uint8_t *o_pkR = o_pkRm + 1U;
+      memcpy(o_pkR, pkR, 64U * sizeof (uint8_t));
+      o_pkRm[0U] = 4U;
       uint8_t *o_dhm = o_dh;
       uint8_t o_eae_prk[32U] = { 0U };
       uint8_t suite_id_kem[5U] = { 0U };
       uint8_t *uu____0 = suite_id_kem;
-      uu____0[0U] = (uint8_t)0x4bU;
-      uu____0[1U] = (uint8_t)0x45U;
-      uu____0[2U] = (uint8_t)0x4dU;
-      uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-      uu____1[0U] = (uint8_t)0U;
-      uu____1[1U] = (uint8_t)16U;
+      uu____0[0U] = 0x4bU;
+      uu____0[1U] = 0x45U;
+      uu____0[2U] = 0x4dU;
+      uint8_t *uu____1 = suite_id_kem + 3U;
+      uu____1[0U] = 0U;
+      uu____1[1U] = 16U;
       uint8_t *empty = suite_id_kem;
-      uint8_t
-      label_eae_prk[7U] =
-        {
-          (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-          (uint8_t)0x72U, (uint8_t)0x6bU
-        };
-      uint32_t len0 = (uint32_t)51U;
+      uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+      uint32_t len0 = 51U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp1 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____2 = tmp1;
-      uu____2[0U] = (uint8_t)0x48U;
-      uu____2[1U] = (uint8_t)0x50U;
-      uu____2[2U] = (uint8_t)0x4bU;
-      uu____2[3U] = (uint8_t)0x45U;
-      uu____2[4U] = (uint8_t)0x2dU;
-      uu____2[5U] = (uint8_t)0x76U;
-      uu____2[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)19U, o_dhm, (uint32_t)32U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+      uu____2[0U] = 0x48U;
+      uu____2[1U] = 0x50U;
+      uu____2[2U] = 0x4bU;
+      uu____2[3U] = 0x45U;
+      uu____2[4U] = 0x2dU;
+      uu____2[5U] = 0x76U;
+      uu____2[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+      memcpy(tmp1 + 19U, o_dhm, 32U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
       uint8_t
       label_shared_secret[13U] =
         {
-          (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-          (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+          0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U
         };
-      uint32_t len = (uint32_t)157U;
+      uint32_t len = 157U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____3 = tmp + (uint32_t)2U;
-      uu____3[0U] = (uint8_t)0x48U;
-      uu____3[1U] = (uint8_t)0x50U;
-      uu____3[2U] = (uint8_t)0x4bU;
-      uu____3[3U] = (uint8_t)0x45U;
-      uu____3[4U] = (uint8_t)0x2dU;
-      uu____3[5U] = (uint8_t)0x76U;
-      uu____3[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)27U, o_kemcontext, (uint32_t)130U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-      res3 = (uint32_t)0U;
+      store16_be(tmp, (uint16_t)32U);
+      uint8_t *uu____3 = tmp + 2U;
+      uu____3[0U] = 0x48U;
+      uu____3[1U] = 0x50U;
+      uu____3[2U] = 0x4bU;
+      uu____3[3U] = 0x45U;
+      uu____3[4U] = 0x2dU;
+      uu____3[5U] = 0x76U;
+      uu____3[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+      memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+      memcpy(tmp + 27U, o_kemcontext, 130U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_shared, o_eae_prk, 32U, tmp, len, 32U);
+      res3 = 0U;
     }
     else
     {
-      res3 = (uint32_t)1U;
+      res3 = 1U;
     }
   }
   else
   {
-    res3 = (uint32_t)1U;
+    res3 = 1U;
   }
-  if (res3 == (uint32_t)0U)
+  if (res3 == 0U)
   {
     uint8_t o_context[65U] = { 0U };
     uint8_t o_secret[32U] = { 0U };
     uint8_t suite_id[10U] = { 0U };
     uint8_t *uu____4 = suite_id;
-    uu____4[0U] = (uint8_t)0x48U;
-    uu____4[1U] = (uint8_t)0x50U;
-    uu____4[2U] = (uint8_t)0x4bU;
-    uu____4[3U] = (uint8_t)0x45U;
-    uint8_t *uu____5 = suite_id + (uint32_t)4U;
-    uu____5[0U] = (uint8_t)0U;
-    uu____5[1U] = (uint8_t)16U;
-    uint8_t *uu____6 = suite_id + (uint32_t)6U;
-    uu____6[0U] = (uint8_t)0U;
-    uu____6[1U] = (uint8_t)1U;
-    uint8_t *uu____7 = suite_id + (uint32_t)8U;
-    uu____7[0U] = (uint8_t)0U;
-    uu____7[1U] = (uint8_t)3U;
+    uu____4[0U] = 0x48U;
+    uu____4[1U] = 0x50U;
+    uu____4[2U] = 0x4bU;
+    uu____4[3U] = 0x45U;
+    uint8_t *uu____5 = suite_id + 4U;
+    uu____5[0U] = 0U;
+    uu____5[1U] = 16U;
+    uint8_t *uu____6 = suite_id + 6U;
+    uu____6[0U] = 0U;
+    uu____6[1U] = 1U;
+    uint8_t *uu____7 = suite_id + 8U;
+    uu____7[0U] = 0U;
+    uu____7[1U] = 3U;
     uint8_t
     label_psk_id_hash[11U] =
-      {
-        (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-        (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-        (uint8_t)0x68U
-      };
+      { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_psk_id_hash[32U] = { 0U };
     uint8_t *empty = suite_id;
-    uint32_t len0 = (uint32_t)28U;
+    uint32_t len0 = 28U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len0);
     uint8_t *tmp0 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
     memset(tmp0, 0U, len0 * sizeof (uint8_t));
     uint8_t *uu____8 = tmp0;
-    uu____8[0U] = (uint8_t)0x48U;
-    uu____8[1U] = (uint8_t)0x50U;
-    uu____8[2U] = (uint8_t)0x4bU;
-    uu____8[3U] = (uint8_t)0x45U;
-    uu____8[4U] = (uint8_t)0x2dU;
-    uu____8[5U] = (uint8_t)0x76U;
-    uu____8[6U] = (uint8_t)0x31U;
-    memcpy(tmp0 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-    memcpy(tmp0 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp0, len0);
+    uu____8[0U] = 0x48U;
+    uu____8[1U] = 0x50U;
+    uu____8[2U] = 0x4bU;
+    uu____8[3U] = 0x45U;
+    uu____8[4U] = 0x2dU;
+    uu____8[5U] = 0x76U;
+    uu____8[6U] = 0x31U;
+    memcpy(tmp0 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp0 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+    memcpy(tmp0 + 28U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp0, len0);
     uint8_t
-    label_info_hash[9U] =
-      {
-        (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-        (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-      };
+    label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
     uint8_t o_info_hash[32U] = { 0U };
-    uint32_t len1 = (uint32_t)26U + infolen;
+    uint32_t len1 = 26U + infolen;
     KRML_CHECK_SIZE(sizeof (uint8_t), len1);
     uint8_t *tmp1 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
     memset(tmp1, 0U, len1 * sizeof (uint8_t));
     uint8_t *uu____9 = tmp1;
-    uu____9[0U] = (uint8_t)0x48U;
-    uu____9[1U] = (uint8_t)0x50U;
-    uu____9[2U] = (uint8_t)0x4bU;
-    uu____9[3U] = (uint8_t)0x45U;
-    uu____9[4U] = (uint8_t)0x2dU;
-    uu____9[5U] = (uint8_t)0x76U;
-    uu____9[6U] = (uint8_t)0x31U;
-    memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-    memcpy(tmp1 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp1, len1);
-    o_context[0U] = (uint8_t)0U;
-    memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-    memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-    uint8_t
-    label_secret[6U] =
-      {
-        (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-        (uint8_t)0x74U
-      };
-    uint32_t len2 = (uint32_t)23U;
+    uu____9[0U] = 0x48U;
+    uu____9[1U] = 0x50U;
+    uu____9[2U] = 0x4bU;
+    uu____9[3U] = 0x45U;
+    uu____9[4U] = 0x2dU;
+    uu____9[5U] = 0x76U;
+    uu____9[6U] = 0x31U;
+    memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp1 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+    memcpy(tmp1 + 26U, info, infolen * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp1, len1);
+    o_context[0U] = 0U;
+    memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+    memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+    uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+    uint32_t len2 = 23U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len2);
     uint8_t *tmp2 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
     memset(tmp2, 0U, len2 * sizeof (uint8_t));
     uint8_t *uu____10 = tmp2;
-    uu____10[0U] = (uint8_t)0x48U;
-    uu____10[1U] = (uint8_t)0x50U;
-    uu____10[2U] = (uint8_t)0x4bU;
-    uu____10[3U] = (uint8_t)0x45U;
-    uu____10[4U] = (uint8_t)0x2dU;
-    uu____10[5U] = (uint8_t)0x76U;
-    uu____10[6U] = (uint8_t)0x31U;
-    memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-    memcpy(tmp2 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, (uint32_t)32U, tmp2, len2);
-    uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-    uint32_t len3 = (uint32_t)87U;
+    uu____10[0U] = 0x48U;
+    uu____10[1U] = 0x50U;
+    uu____10[2U] = 0x4bU;
+    uu____10[3U] = 0x45U;
+    uu____10[4U] = 0x2dU;
+    uu____10[5U] = 0x76U;
+    uu____10[6U] = 0x31U;
+    memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp2 + 17U, label_secret, 6U * sizeof (uint8_t));
+    memcpy(tmp2 + 23U, empty, 0U * sizeof (uint8_t));
+    Hacl_HKDF_extract_sha2_256(o_secret, o_shared, 32U, tmp2, len2);
+    uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+    uint32_t len3 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len3);
     uint8_t *tmp3 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
     memset(tmp3, 0U, len3 * sizeof (uint8_t));
-    store16_be(tmp3, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____11 = tmp3 + (uint32_t)2U;
-    uu____11[0U] = (uint8_t)0x48U;
-    uu____11[1U] = (uint8_t)0x50U;
-    uu____11[2U] = (uint8_t)0x4bU;
-    uu____11[3U] = (uint8_t)0x45U;
-    uu____11[4U] = (uint8_t)0x2dU;
-    uu____11[5U] = (uint8_t)0x76U;
-    uu____11[6U] = (uint8_t)0x31U;
-    memcpy(tmp3 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp3 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-      o_secret,
-      (uint32_t)32U,
-      tmp3,
-      len3,
-      (uint32_t)32U);
-    uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-    uint32_t len4 = (uint32_t)87U;
+    store16_be(tmp3, (uint16_t)32U);
+    uint8_t *uu____11 = tmp3 + 2U;
+    uu____11[0U] = 0x48U;
+    uu____11[1U] = 0x50U;
+    uu____11[2U] = 0x4bU;
+    uu____11[3U] = 0x45U;
+    uu____11[4U] = 0x2dU;
+    uu____11[5U] = 0x76U;
+    uu____11[6U] = 0x31U;
+    memcpy(tmp3 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp3 + 19U, label_exp, 3U * sizeof (uint8_t));
+    memcpy(tmp3 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp3, len3, 32U);
+    uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+    uint32_t len4 = 87U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len4);
     uint8_t *tmp4 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
     memset(tmp4, 0U, len4 * sizeof (uint8_t));
-    store16_be(tmp4, (uint16_t)(uint32_t)32U);
-    uint8_t *uu____12 = tmp4 + (uint32_t)2U;
-    uu____12[0U] = (uint8_t)0x48U;
-    uu____12[1U] = (uint8_t)0x50U;
-    uu____12[2U] = (uint8_t)0x4bU;
-    uu____12[3U] = (uint8_t)0x45U;
-    uu____12[4U] = (uint8_t)0x2dU;
-    uu____12[5U] = (uint8_t)0x76U;
-    uu____12[6U] = (uint8_t)0x31U;
-    memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-    memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp4, len4, (uint32_t)32U);
+    store16_be(tmp4, (uint16_t)32U);
+    uint8_t *uu____12 = tmp4 + 2U;
+    uu____12[0U] = 0x48U;
+    uu____12[1U] = 0x50U;
+    uu____12[2U] = 0x4bU;
+    uu____12[3U] = 0x45U;
+    uu____12[4U] = 0x2dU;
+    uu____12[5U] = 0x76U;
+    uu____12[6U] = 0x31U;
+    memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp4 + 19U, label_key, 3U * sizeof (uint8_t));
+    memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp4, len4, 32U);
     uint8_t
     label_base_nonce[10U] =
-      {
-        (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-        (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-      };
-    uint32_t len = (uint32_t)94U;
+      { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+    uint32_t len = 94U;
     KRML_CHECK_SIZE(sizeof (uint8_t), len);
     uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
     memset(tmp, 0U, len * sizeof (uint8_t));
-    store16_be(tmp, (uint16_t)(uint32_t)12U);
-    uint8_t *uu____13 = tmp + (uint32_t)2U;
-    uu____13[0U] = (uint8_t)0x48U;
-    uu____13[1U] = (uint8_t)0x50U;
-    uu____13[2U] = (uint8_t)0x4bU;
-    uu____13[3U] = (uint8_t)0x45U;
-    uu____13[4U] = (uint8_t)0x2dU;
-    uu____13[5U] = (uint8_t)0x76U;
-    uu____13[6U] = (uint8_t)0x31U;
-    memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-    memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-    o_ctx.ctx_seq[0U] = (uint64_t)0U;
+    store16_be(tmp, (uint16_t)12U);
+    uint8_t *uu____13 = tmp + 2U;
+    uu____13[0U] = 0x48U;
+    uu____13[1U] = 0x50U;
+    uu____13[2U] = 0x4bU;
+    uu____13[3U] = 0x45U;
+    uu____13[4U] = 0x2dU;
+    uu____13[5U] = 0x76U;
+    uu____13[6U] = 0x31U;
+    memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+    memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+    memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+    Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+    o_ctx.ctx_seq[0U] = 0ULL;
     return res3;
   }
   return res3;
@@ -318,279 +290,252 @@ Hacl_HPKE_P256_CP32_SHA256_setupBaseR(
   uint32_t res1;
   if (res0)
   {
-    res1 = (uint32_t)0U;
+    res1 = 0U;
   }
   else
   {
-    res1 = (uint32_t)1U;
+    res1 = 1U;
   }
   uint8_t shared[32U] = { 0U };
-  if (res1 == (uint32_t)0U)
+  if (res1 == 0U)
   {
-    uint8_t *pkE = enc + (uint32_t)1U;
+    uint8_t *pkE = enc + 1U;
     uint8_t dh[64U] = { 0U };
     uint8_t tmp0[64U] = { 0U };
     bool res = Hacl_Impl_P256_DH_ecp256dh_r(tmp0, pkE, skR);
-    memcpy(dh, tmp0, (uint32_t)64U * sizeof (uint8_t));
+    memcpy(dh, tmp0, 64U * sizeof (uint8_t));
     uint32_t res11;
     if (res)
     {
-      res11 = (uint32_t)0U;
+      res11 = 0U;
     }
     else
     {
-      res11 = (uint32_t)1U;
+      res11 = 1U;
     }
     uint32_t res20;
     uint8_t kemcontext[130U] = { 0U };
-    if (res11 == (uint32_t)0U)
+    if (res11 == 0U)
     {
-      uint8_t *pkRm = kemcontext + (uint32_t)65U;
-      uint8_t *pkR1 = pkRm + (uint32_t)1U;
+      uint8_t *pkRm = kemcontext + 65U;
+      uint8_t *pkR1 = pkRm + 1U;
       bool res3 = Hacl_Impl_P256_DH_ecp256dh_i(pkR1, skR);
       uint32_t res2;
       if (res3)
       {
-        res2 = (uint32_t)0U;
+        res2 = 0U;
       }
       else
       {
-        res2 = (uint32_t)1U;
+        res2 = 1U;
       }
-      if (res2 == (uint32_t)0U)
+      if (res2 == 0U)
       {
-        memcpy(kemcontext, enc, (uint32_t)65U * sizeof (uint8_t));
-        pkRm[0U] = (uint8_t)4U;
+        memcpy(kemcontext, enc, 65U * sizeof (uint8_t));
+        pkRm[0U] = 4U;
         uint8_t *dhm = dh;
         uint8_t o_eae_prk[32U] = { 0U };
         uint8_t suite_id_kem[5U] = { 0U };
         uint8_t *uu____0 = suite_id_kem;
-        uu____0[0U] = (uint8_t)0x4bU;
-        uu____0[1U] = (uint8_t)0x45U;
-        uu____0[2U] = (uint8_t)0x4dU;
-        uint8_t *uu____1 = suite_id_kem + (uint32_t)3U;
-        uu____1[0U] = (uint8_t)0U;
-        uu____1[1U] = (uint8_t)16U;
+        uu____0[0U] = 0x4bU;
+        uu____0[1U] = 0x45U;
+        uu____0[2U] = 0x4dU;
+        uint8_t *uu____1 = suite_id_kem + 3U;
+        uu____1[0U] = 0U;
+        uu____1[1U] = 16U;
         uint8_t *empty = suite_id_kem;
-        uint8_t
-        label_eae_prk[7U] =
-          {
-            (uint8_t)0x65U, (uint8_t)0x61U, (uint8_t)0x65U, (uint8_t)0x5fU, (uint8_t)0x70U,
-            (uint8_t)0x72U, (uint8_t)0x6bU
-          };
-        uint32_t len0 = (uint32_t)51U;
+        uint8_t label_eae_prk[7U] = { 0x65U, 0x61U, 0x65U, 0x5fU, 0x70U, 0x72U, 0x6bU };
+        uint32_t len0 = 51U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len0);
         uint8_t *tmp1 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
         memset(tmp1, 0U, len0 * sizeof (uint8_t));
         uint8_t *uu____2 = tmp1;
-        uu____2[0U] = (uint8_t)0x48U;
-        uu____2[1U] = (uint8_t)0x50U;
-        uu____2[2U] = (uint8_t)0x4bU;
-        uu____2[3U] = (uint8_t)0x45U;
-        uu____2[4U] = (uint8_t)0x2dU;
-        uu____2[5U] = (uint8_t)0x76U;
-        uu____2[6U] = (uint8_t)0x31U;
-        memcpy(tmp1 + (uint32_t)7U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)12U, label_eae_prk, (uint32_t)7U * sizeof (uint8_t));
-        memcpy(tmp1 + (uint32_t)19U, dhm, (uint32_t)32U * sizeof (uint8_t));
-        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, (uint32_t)0U, tmp1, len0);
+        uu____2[0U] = 0x48U;
+        uu____2[1U] = 0x50U;
+        uu____2[2U] = 0x4bU;
+        uu____2[3U] = 0x45U;
+        uu____2[4U] = 0x2dU;
+        uu____2[5U] = 0x76U;
+        uu____2[6U] = 0x31U;
+        memcpy(tmp1 + 7U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp1 + 12U, label_eae_prk, 7U * sizeof (uint8_t));
+        memcpy(tmp1 + 19U, dhm, 32U * sizeof (uint8_t));
+        Hacl_HKDF_extract_sha2_256(o_eae_prk, empty, 0U, tmp1, len0);
         uint8_t
         label_shared_secret[13U] =
           {
-            (uint8_t)0x73U, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x72U, (uint8_t)0x65U,
-            (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U,
-            (uint8_t)0x72U, (uint8_t)0x65U, (uint8_t)0x74U
+            0x73U, 0x68U, 0x61U, 0x72U, 0x65U, 0x64U, 0x5fU, 0x73U, 0x65U, 0x63U, 0x72U, 0x65U,
+            0x74U
           };
-        uint32_t len = (uint32_t)157U;
+        uint32_t len = 157U;
         KRML_CHECK_SIZE(sizeof (uint8_t), len);
         uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
         memset(tmp, 0U, len * sizeof (uint8_t));
-        store16_be(tmp, (uint16_t)(uint32_t)32U);
-        uint8_t *uu____3 = tmp + (uint32_t)2U;
-        uu____3[0U] = (uint8_t)0x48U;
-        uu____3[1U] = (uint8_t)0x50U;
-        uu____3[2U] = (uint8_t)0x4bU;
-        uu____3[3U] = (uint8_t)0x45U;
-        uu____3[4U] = (uint8_t)0x2dU;
-        uu____3[5U] = (uint8_t)0x76U;
-        uu____3[6U] = (uint8_t)0x31U;
-        memcpy(tmp + (uint32_t)9U, suite_id_kem, (uint32_t)5U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)14U, label_shared_secret, (uint32_t)13U * sizeof (uint8_t));
-        memcpy(tmp + (uint32_t)27U, kemcontext, (uint32_t)130U * sizeof (uint8_t));
-        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, (uint32_t)32U, tmp, len, (uint32_t)32U);
-        res20 = (uint32_t)0U;
+        store16_be(tmp, (uint16_t)32U);
+        uint8_t *uu____3 = tmp + 2U;
+        uu____3[0U] = 0x48U;
+        uu____3[1U] = 0x50U;
+        uu____3[2U] = 0x4bU;
+        uu____3[3U] = 0x45U;
+        uu____3[4U] = 0x2dU;
+        uu____3[5U] = 0x76U;
+        uu____3[6U] = 0x31U;
+        memcpy(tmp + 9U, suite_id_kem, 5U * sizeof (uint8_t));
+        memcpy(tmp + 14U, label_shared_secret, 13U * sizeof (uint8_t));
+        memcpy(tmp + 27U, kemcontext, 130U * sizeof (uint8_t));
+        Hacl_HKDF_expand_sha2_256(shared, o_eae_prk, 32U, tmp, len, 32U);
+        res20 = 0U;
       }
       else
       {
-        res20 = (uint32_t)1U;
+        res20 = 1U;
       }
     }
     else
     {
-      res20 = (uint32_t)1U;
+      res20 = 1U;
     }
-    if (res20 == (uint32_t)0U)
+    if (res20 == 0U)
     {
       uint8_t o_context[65U] = { 0U };
       uint8_t o_secret[32U] = { 0U };
       uint8_t suite_id[10U] = { 0U };
       uint8_t *uu____4 = suite_id;
-      uu____4[0U] = (uint8_t)0x48U;
-      uu____4[1U] = (uint8_t)0x50U;
-      uu____4[2U] = (uint8_t)0x4bU;
-      uu____4[3U] = (uint8_t)0x45U;
-      uint8_t *uu____5 = suite_id + (uint32_t)4U;
-      uu____5[0U] = (uint8_t)0U;
-      uu____5[1U] = (uint8_t)16U;
-      uint8_t *uu____6 = suite_id + (uint32_t)6U;
-      uu____6[0U] = (uint8_t)0U;
-      uu____6[1U] = (uint8_t)1U;
-      uint8_t *uu____7 = suite_id + (uint32_t)8U;
-      uu____7[0U] = (uint8_t)0U;
-      uu____7[1U] = (uint8_t)3U;
+      uu____4[0U] = 0x48U;
+      uu____4[1U] = 0x50U;
+      uu____4[2U] = 0x4bU;
+      uu____4[3U] = 0x45U;
+      uint8_t *uu____5 = suite_id + 4U;
+      uu____5[0U] = 0U;
+      uu____5[1U] = 16U;
+      uint8_t *uu____6 = suite_id + 6U;
+      uu____6[0U] = 0U;
+      uu____6[1U] = 1U;
+      uint8_t *uu____7 = suite_id + 8U;
+      uu____7[0U] = 0U;
+      uu____7[1U] = 3U;
       uint8_t
       label_psk_id_hash[11U] =
-        {
-          (uint8_t)0x70U, (uint8_t)0x73U, (uint8_t)0x6bU, (uint8_t)0x5fU, (uint8_t)0x69U,
-          (uint8_t)0x64U, (uint8_t)0x5fU, (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U,
-          (uint8_t)0x68U
-        };
+        { 0x70U, 0x73U, 0x6bU, 0x5fU, 0x69U, 0x64U, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_psk_id_hash[32U] = { 0U };
       uint8_t *empty = suite_id;
-      uint32_t len0 = (uint32_t)28U;
+      uint32_t len0 = 28U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len0);
       uint8_t *tmp1 = (uint8_t *)alloca(len0 * sizeof (uint8_t));
       memset(tmp1, 0U, len0 * sizeof (uint8_t));
       uint8_t *uu____8 = tmp1;
-      uu____8[0U] = (uint8_t)0x48U;
-      uu____8[1U] = (uint8_t)0x50U;
-      uu____8[2U] = (uint8_t)0x4bU;
-      uu____8[3U] = (uint8_t)0x45U;
-      uu____8[4U] = (uint8_t)0x2dU;
-      uu____8[5U] = (uint8_t)0x76U;
-      uu____8[6U] = (uint8_t)0x31U;
-      memcpy(tmp1 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)17U, label_psk_id_hash, (uint32_t)11U * sizeof (uint8_t));
-      memcpy(tmp1 + (uint32_t)28U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, (uint32_t)0U, tmp1, len0);
+      uu____8[0U] = 0x48U;
+      uu____8[1U] = 0x50U;
+      uu____8[2U] = 0x4bU;
+      uu____8[3U] = 0x45U;
+      uu____8[4U] = 0x2dU;
+      uu____8[5U] = 0x76U;
+      uu____8[6U] = 0x31U;
+      memcpy(tmp1 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp1 + 17U, label_psk_id_hash, 11U * sizeof (uint8_t));
+      memcpy(tmp1 + 28U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_psk_id_hash, empty, 0U, tmp1, len0);
       uint8_t
-      label_info_hash[9U] =
-        {
-          (uint8_t)0x69U, (uint8_t)0x6eU, (uint8_t)0x66U, (uint8_t)0x6fU, (uint8_t)0x5fU,
-          (uint8_t)0x68U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x68U
-        };
+      label_info_hash[9U] = { 0x69U, 0x6eU, 0x66U, 0x6fU, 0x5fU, 0x68U, 0x61U, 0x73U, 0x68U };
       uint8_t o_info_hash[32U] = { 0U };
-      uint32_t len1 = (uint32_t)26U + infolen;
+      uint32_t len1 = 26U + infolen;
       KRML_CHECK_SIZE(sizeof (uint8_t), len1);
       uint8_t *tmp2 = (uint8_t *)alloca(len1 * sizeof (uint8_t));
       memset(tmp2, 0U, len1 * sizeof (uint8_t));
       uint8_t *uu____9 = tmp2;
-      uu____9[0U] = (uint8_t)0x48U;
-      uu____9[1U] = (uint8_t)0x50U;
-      uu____9[2U] = (uint8_t)0x4bU;
-      uu____9[3U] = (uint8_t)0x45U;
-      uu____9[4U] = (uint8_t)0x2dU;
-      uu____9[5U] = (uint8_t)0x76U;
-      uu____9[6U] = (uint8_t)0x31U;
-      memcpy(tmp2 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)17U, label_info_hash, (uint32_t)9U * sizeof (uint8_t));
-      memcpy(tmp2 + (uint32_t)26U, info, infolen * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, (uint32_t)0U, tmp2, len1);
-      o_context[0U] = (uint8_t)0U;
-      memcpy(o_context + (uint32_t)1U, o_psk_id_hash, (uint32_t)32U * sizeof (uint8_t));
-      memcpy(o_context + (uint32_t)33U, o_info_hash, (uint32_t)32U * sizeof (uint8_t));
-      uint8_t
-      label_secret[6U] =
-        {
-          (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0x65U,
-          (uint8_t)0x74U
-        };
-      uint32_t len2 = (uint32_t)23U;
+      uu____9[0U] = 0x48U;
+      uu____9[1U] = 0x50U;
+      uu____9[2U] = 0x4bU;
+      uu____9[3U] = 0x45U;
+      uu____9[4U] = 0x2dU;
+      uu____9[5U] = 0x76U;
+      uu____9[6U] = 0x31U;
+      memcpy(tmp2 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp2 + 17U, label_info_hash, 9U * sizeof (uint8_t));
+      memcpy(tmp2 + 26U, info, infolen * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_info_hash, empty, 0U, tmp2, len1);
+      o_context[0U] = 0U;
+      memcpy(o_context + 1U, o_psk_id_hash, 32U * sizeof (uint8_t));
+      memcpy(o_context + 33U, o_info_hash, 32U * sizeof (uint8_t));
+      uint8_t label_secret[6U] = { 0x73U, 0x65U, 0x63U, 0x72U, 0x65U, 0x74U };
+      uint32_t len2 = 23U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len2);
       uint8_t *tmp3 = (uint8_t *)alloca(len2 * sizeof (uint8_t));
       memset(tmp3, 0U, len2 * sizeof (uint8_t));
       uint8_t *uu____10 = tmp3;
-      uu____10[0U] = (uint8_t)0x48U;
-      uu____10[1U] = (uint8_t)0x50U;
-      uu____10[2U] = (uint8_t)0x4bU;
-      uu____10[3U] = (uint8_t)0x45U;
-      uu____10[4U] = (uint8_t)0x2dU;
-      uu____10[5U] = (uint8_t)0x76U;
-      uu____10[6U] = (uint8_t)0x31U;
-      memcpy(tmp3 + (uint32_t)7U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)17U, label_secret, (uint32_t)6U * sizeof (uint8_t));
-      memcpy(tmp3 + (uint32_t)23U, empty, (uint32_t)0U * sizeof (uint8_t));
-      Hacl_HKDF_extract_sha2_256(o_secret, shared, (uint32_t)32U, tmp3, len2);
-      uint8_t label_exp[3U] = { (uint8_t)0x65U, (uint8_t)0x78U, (uint8_t)0x70U };
-      uint32_t len3 = (uint32_t)87U;
+      uu____10[0U] = 0x48U;
+      uu____10[1U] = 0x50U;
+      uu____10[2U] = 0x4bU;
+      uu____10[3U] = 0x45U;
+      uu____10[4U] = 0x2dU;
+      uu____10[5U] = 0x76U;
+      uu____10[6U] = 0x31U;
+      memcpy(tmp3 + 7U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp3 + 17U, label_secret, 6U * sizeof (uint8_t));
+      memcpy(tmp3 + 23U, empty, 0U * sizeof (uint8_t));
+      Hacl_HKDF_extract_sha2_256(o_secret, shared, 32U, tmp3, len2);
+      uint8_t label_exp[3U] = { 0x65U, 0x78U, 0x70U };
+      uint32_t len3 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len3);
       uint8_t *tmp4 = (uint8_t *)alloca(len3 * sizeof (uint8_t));
       memset(tmp4, 0U, len3 * sizeof (uint8_t));
-      store16_be(tmp4, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____11 = tmp4 + (uint32_t)2U;
-      uu____11[0U] = (uint8_t)0x48U;
-      uu____11[1U] = (uint8_t)0x50U;
-      uu____11[2U] = (uint8_t)0x4bU;
-      uu____11[3U] = (uint8_t)0x45U;
-      uu____11[4U] = (uint8_t)0x2dU;
-      uu____11[5U] = (uint8_t)0x76U;
-      uu____11[6U] = (uint8_t)0x31U;
-      memcpy(tmp4 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)19U, label_exp, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp4 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter,
-        o_secret,
-        (uint32_t)32U,
-        tmp4,
-        len3,
-        (uint32_t)32U);
-      uint8_t label_key[3U] = { (uint8_t)0x6bU, (uint8_t)0x65U, (uint8_t)0x79U };
-      uint32_t len4 = (uint32_t)87U;
+      store16_be(tmp4, (uint16_t)32U);
+      uint8_t *uu____11 = tmp4 + 2U;
+      uu____11[0U] = 0x48U;
+      uu____11[1U] = 0x50U;
+      uu____11[2U] = 0x4bU;
+      uu____11[3U] = 0x45U;
+      uu____11[4U] = 0x2dU;
+      uu____11[5U] = 0x76U;
+      uu____11[6U] = 0x31U;
+      memcpy(tmp4 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp4 + 19U, label_exp, 3U * sizeof (uint8_t));
+      memcpy(tmp4 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_exporter, o_secret, 32U, tmp4, len3, 32U);
+      uint8_t label_key[3U] = { 0x6bU, 0x65U, 0x79U };
+      uint32_t len4 = 87U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len4);
       uint8_t *tmp5 = (uint8_t *)alloca(len4 * sizeof (uint8_t));
       memset(tmp5, 0U, len4 * sizeof (uint8_t));
-      store16_be(tmp5, (uint16_t)(uint32_t)32U);
-      uint8_t *uu____12 = tmp5 + (uint32_t)2U;
-      uu____12[0U] = (uint8_t)0x48U;
-      uu____12[1U] = (uint8_t)0x50U;
-      uu____12[2U] = (uint8_t)0x4bU;
-      uu____12[3U] = (uint8_t)0x45U;
-      uu____12[4U] = (uint8_t)0x2dU;
-      uu____12[5U] = (uint8_t)0x76U;
-      uu____12[6U] = (uint8_t)0x31U;
-      memcpy(tmp5 + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)19U, label_key, (uint32_t)3U * sizeof (uint8_t));
-      memcpy(tmp5 + (uint32_t)22U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, (uint32_t)32U, tmp5, len4, (uint32_t)32U);
+      store16_be(tmp5, (uint16_t)32U);
+      uint8_t *uu____12 = tmp5 + 2U;
+      uu____12[0U] = 0x48U;
+      uu____12[1U] = 0x50U;
+      uu____12[2U] = 0x4bU;
+      uu____12[3U] = 0x45U;
+      uu____12[4U] = 0x2dU;
+      uu____12[5U] = 0x76U;
+      uu____12[6U] = 0x31U;
+      memcpy(tmp5 + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp5 + 19U, label_key, 3U * sizeof (uint8_t));
+      memcpy(tmp5 + 22U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_key, o_secret, 32U, tmp5, len4, 32U);
       uint8_t
       label_base_nonce[10U] =
-        {
-          (uint8_t)0x62U, (uint8_t)0x61U, (uint8_t)0x73U, (uint8_t)0x65U, (uint8_t)0x5fU,
-          (uint8_t)0x6eU, (uint8_t)0x6fU, (uint8_t)0x6eU, (uint8_t)0x63U, (uint8_t)0x65U
-        };
-      uint32_t len = (uint32_t)94U;
+        { 0x62U, 0x61U, 0x73U, 0x65U, 0x5fU, 0x6eU, 0x6fU, 0x6eU, 0x63U, 0x65U };
+      uint32_t len = 94U;
       KRML_CHECK_SIZE(sizeof (uint8_t), len);
       uint8_t *tmp = (uint8_t *)alloca(len * sizeof (uint8_t));
       memset(tmp, 0U, len * sizeof (uint8_t));
-      store16_be(tmp, (uint16_t)(uint32_t)12U);
-      uint8_t *uu____13 = tmp + (uint32_t)2U;
-      uu____13[0U] = (uint8_t)0x48U;
-      uu____13[1U] = (uint8_t)0x50U;
-      uu____13[2U] = (uint8_t)0x4bU;
-      uu____13[3U] = (uint8_t)0x45U;
-      uu____13[4U] = (uint8_t)0x2dU;
-      uu____13[5U] = (uint8_t)0x76U;
-      uu____13[6U] = (uint8_t)0x31U;
-      memcpy(tmp + (uint32_t)9U, suite_id, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)19U, label_base_nonce, (uint32_t)10U * sizeof (uint8_t));
-      memcpy(tmp + (uint32_t)29U, o_context, (uint32_t)65U * sizeof (uint8_t));
-      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, (uint32_t)32U, tmp, len, (uint32_t)12U);
-      o_ctx.ctx_seq[0U] = (uint64_t)0U;
-      return (uint32_t)0U;
+      store16_be(tmp, (uint16_t)12U);
+      uint8_t *uu____13 = tmp + 2U;
+      uu____13[0U] = 0x48U;
+      uu____13[1U] = 0x50U;
+      uu____13[2U] = 0x4bU;
+      uu____13[3U] = 0x45U;
+      uu____13[4U] = 0x2dU;
+      uu____13[5U] = 0x76U;
+      uu____13[6U] = 0x31U;
+      memcpy(tmp + 9U, suite_id, 10U * sizeof (uint8_t));
+      memcpy(tmp + 19U, label_base_nonce, 10U * sizeof (uint8_t));
+      memcpy(tmp + 29U, o_context, 65U * sizeof (uint8_t));
+      Hacl_HKDF_expand_sha2_256(o_ctx.ctx_nonce, o_secret, 32U, tmp, len, 12U);
+      o_ctx.ctx_seq[0U] = 0ULL;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -609,7 +554,7 @@ Hacl_HPKE_P256_CP32_SHA256_sealBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -620,43 +565,45 @@ Hacl_HPKE_P256_CP32_SHA256_sealBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP32_SHA256_setupBaseS(o_enc, o_ctx, skE, pkR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
-    Hacl_Chacha20Poly1305_32_aead_encrypt(o_ctx.ctx_key,
-      nonce,
-      aadlen,
-      aad,
-      plainlen,
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = o_ct;
+    uint8_t *tag = o_ct + plainlen;
+    Hacl_AEAD_Chacha20Poly1305_encrypt(cipher,
+      tag,
       plain,
-      o_ct,
-      o_ct + plainlen);
+      plainlen,
+      aad,
+      aadlen,
+      o_ctx.ctx_key,
+      nonce);
     uint64_t s1 = o_ctx.ctx_seq[0U];
     uint32_t res1;
-    if (s1 == (uint64_t)18446744073709551615U)
+    if (s1 == 18446744073709551615ULL)
     {
-      res1 = (uint32_t)1U;
+      res1 = 1U;
     }
     else
     {
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      res1 = (uint32_t)0U;
+      res1 = 0U;
     }
     uint32_t res10 = res1;
     return res10;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
 uint32_t
@@ -674,7 +621,7 @@ Hacl_HPKE_P256_CP32_SHA256_openBase(
 {
   uint8_t ctx_key[32U] = { 0U };
   uint8_t ctx_nonce[12U] = { 0U };
-  uint64_t ctx_seq = (uint64_t)0U;
+  uint64_t ctx_seq = 0ULL;
   uint8_t ctx_exporter[32U] = { 0U };
   Hacl_Impl_HPKE_context_s
   o_ctx =
@@ -685,42 +632,44 @@ Hacl_HPKE_P256_CP32_SHA256_openBase(
       .ctx_exporter = ctx_exporter
     };
   uint32_t res = Hacl_HPKE_P256_CP32_SHA256_setupBaseR(o_ctx, pkE, skR, infolen, info);
-  if (res == (uint32_t)0U)
+  if (res == 0U)
   {
     uint8_t nonce[12U] = { 0U };
     uint64_t s = o_ctx.ctx_seq[0U];
     uint8_t enc[12U] = { 0U };
-    store64_be(enc + (uint32_t)4U, s);
+    store64_be(enc + 4U, s);
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint8_t xi = enc[i];
       uint8_t yi = o_ctx.ctx_nonce[i];
-      nonce[i] = xi ^ yi;);
+      nonce[i] = (uint32_t)xi ^ (uint32_t)yi;);
+    uint8_t *cipher = ct;
+    uint8_t *tag = ct + ctlen - 16U;
     uint32_t
     res1 =
-      Hacl_Chacha20Poly1305_32_aead_decrypt(o_ctx.ctx_key,
-        nonce,
-        aadlen,
+      Hacl_AEAD_Chacha20Poly1305_decrypt(o_pt,
+        cipher,
+        ctlen - 16U,
         aad,
-        ctlen - (uint32_t)16U,
-        o_pt,
-        ct,
-        ct + ctlen - (uint32_t)16U);
-    if (res1 == (uint32_t)0U)
+        aadlen,
+        o_ctx.ctx_key,
+        nonce,
+        tag);
+    if (res1 == 0U)
     {
       uint64_t s1 = o_ctx.ctx_seq[0U];
-      if (s1 == (uint64_t)18446744073709551615U)
+      if (s1 == 18446744073709551615ULL)
       {
-        return (uint32_t)1U;
+        return 1U;
       }
-      uint64_t s_ = s1 + (uint64_t)1U;
+      uint64_t s_ = s1 + 1ULL;
       o_ctx.ctx_seq[0U] = s_;
-      return (uint32_t)0U;
+      return 0U;
     }
-    return (uint32_t)1U;
+    return 1U;
   }
-  return (uint32_t)1U;
+  return 1U;
 }
 
diff --git a/src/msvc/Hacl_Hash_Base.c b/src/msvc/Hacl_Hash_Base.c
index 40796f14..02d893e3 100644
--- a/src/msvc/Hacl_Hash_Base.c
+++ b/src/msvc/Hacl_Hash_Base.c
@@ -31,27 +31,27 @@ uint32_t Hacl_Hash_Definitions_word_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)8U;
+        return 8U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)8U;
+        return 8U;
       }
     default:
       {
@@ -67,59 +67,59 @@ uint32_t Hacl_Hash_Definitions_block_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)144U;
+        return 144U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)104U;
+        return 104U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)72U;
+        return 72U;
       }
     case Spec_Hash_Definitions_Shake128:
       {
-        return (uint32_t)168U;
+        return 168U;
       }
     case Spec_Hash_Definitions_Shake256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        return (uint32_t)128U;
+        return 128U;
       }
     default:
       {
@@ -135,27 +135,27 @@ uint32_t Hacl_Hash_Definitions_hash_word_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)4U;
+        return 4U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)5U;
+        return 5U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)7U;
+        return 7U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)8U;
+        return 8U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)6U;
+        return 6U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)8U;
+        return 8U;
       }
     default:
       {
@@ -171,51 +171,51 @@ uint32_t Hacl_Hash_Definitions_hash_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)16U;
+        return 16U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)20U;
+        return 20U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     default:
       {
diff --git a/src/msvc/Hacl_Hash_Blake2.c b/src/msvc/Hacl_Hash_Blake2.c
deleted file mode 100644
index aecc6165..00000000
--- a/src/msvc/Hacl_Hash_Blake2.c
+++ /dev/null
@@ -1,1324 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "internal/Hacl_Hash_Blake2.h"
-
-#include "internal/Hacl_Impl_Blake2_Constants.h"
-#include "lib_memzero0.h"
-
-static void
-blake2b_update_block(
-  uint64_t *wv,
-  uint64_t *hash,
-  bool flag,
-  FStar_UInt128_uint128 totlen,
-  uint8_t *d
-)
-{
-  uint64_t m_w[16U] = { 0U };
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t *os = m_w;
-    uint8_t *bj = d + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  uint64_t mask[4U] = { 0U };
-  uint64_t wv_14;
-  if (flag)
-  {
-    wv_14 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  }
-  else
-  {
-    wv_14 = (uint64_t)0U;
-  }
-  uint64_t wv_15 = (uint64_t)0U;
-  mask[0U] = FStar_UInt128_uint128_to_uint64(totlen);
-  mask[1U] = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(totlen, (uint32_t)64U));
-  mask[2U] = wv_14;
-  mask[3U] = wv_15;
-  memcpy(wv, hash, (uint32_t)16U * sizeof (uint64_t));
-  uint64_t *wv3 = wv + (uint32_t)12U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = wv3;
-    uint64_t x = wv3[i] ^ mask[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR12(i0,
-    (uint32_t)0U,
-    (uint32_t)12U,
-    (uint32_t)1U,
-    uint32_t start_idx = i0 % (uint32_t)10U * (uint32_t)16U;
-    uint64_t m_st[16U] = { 0U };
-    uint64_t *r0 = m_st;
-    uint64_t *r1 = m_st + (uint32_t)4U;
-    uint64_t *r20 = m_st + (uint32_t)8U;
-    uint64_t *r30 = m_st + (uint32_t)12U;
-    uint32_t s0 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)0U];
-    uint32_t s1 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)1U];
-    uint32_t s2 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)2U];
-    uint32_t s3 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)3U];
-    uint32_t s4 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)4U];
-    uint32_t s5 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)5U];
-    uint32_t s6 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)6U];
-    uint32_t s7 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)7U];
-    uint32_t s8 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)8U];
-    uint32_t s9 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)9U];
-    uint32_t s10 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)10U];
-    uint32_t s11 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)11U];
-    uint32_t s12 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)12U];
-    uint32_t s13 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)13U];
-    uint32_t s14 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)14U];
-    uint32_t s15 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)15U];
-    uint64_t uu____0 = m_w[s2];
-    uint64_t uu____1 = m_w[s4];
-    uint64_t uu____2 = m_w[s6];
-    r0[0U] = m_w[s0];
-    r0[1U] = uu____0;
-    r0[2U] = uu____1;
-    r0[3U] = uu____2;
-    uint64_t uu____3 = m_w[s3];
-    uint64_t uu____4 = m_w[s5];
-    uint64_t uu____5 = m_w[s7];
-    r1[0U] = m_w[s1];
-    r1[1U] = uu____3;
-    r1[2U] = uu____4;
-    r1[3U] = uu____5;
-    uint64_t uu____6 = m_w[s10];
-    uint64_t uu____7 = m_w[s12];
-    uint64_t uu____8 = m_w[s14];
-    r20[0U] = m_w[s8];
-    r20[1U] = uu____6;
-    r20[2U] = uu____7;
-    r20[3U] = uu____8;
-    uint64_t uu____9 = m_w[s11];
-    uint64_t uu____10 = m_w[s13];
-    uint64_t uu____11 = m_w[s15];
-    r30[0U] = m_w[s9];
-    r30[1U] = uu____9;
-    r30[2U] = uu____10;
-    r30[3U] = uu____11;
-    uint64_t *x = m_st;
-    uint64_t *y = m_st + (uint32_t)4U;
-    uint64_t *z = m_st + (uint32_t)8U;
-    uint64_t *w = m_st + (uint32_t)12U;
-    uint32_t a = (uint32_t)0U;
-    uint32_t b0 = (uint32_t)1U;
-    uint32_t c0 = (uint32_t)2U;
-    uint32_t d10 = (uint32_t)3U;
-    uint64_t *wv_a0 = wv + a * (uint32_t)4U;
-    uint64_t *wv_b0 = wv + b0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a0;
-      uint64_t x1 = wv_a0[i] + wv_b0[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a0;
-      uint64_t x1 = wv_a0[i] + x[i];
-      os[i] = x1;);
-    uint64_t *wv_a1 = wv + d10 * (uint32_t)4U;
-    uint64_t *wv_b1 = wv + a * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a1;
-      uint64_t x1 = wv_a1[i] ^ wv_b1[i];
-      os[i] = x1;);
-    uint64_t *r10 = wv_a1;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r10;
-      uint64_t x1 = r10[i];
-      uint64_t x10 = x1 >> (uint32_t)32U | x1 << (uint32_t)32U;
-      os[i] = x10;);
-    uint64_t *wv_a2 = wv + c0 * (uint32_t)4U;
-    uint64_t *wv_b2 = wv + d10 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a2;
-      uint64_t x1 = wv_a2[i] + wv_b2[i];
-      os[i] = x1;);
-    uint64_t *wv_a3 = wv + b0 * (uint32_t)4U;
-    uint64_t *wv_b3 = wv + c0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a3;
-      uint64_t x1 = wv_a3[i] ^ wv_b3[i];
-      os[i] = x1;);
-    uint64_t *r12 = wv_a3;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r12;
-      uint64_t x1 = r12[i];
-      uint64_t x10 = x1 >> (uint32_t)24U | x1 << (uint32_t)40U;
-      os[i] = x10;);
-    uint64_t *wv_a4 = wv + a * (uint32_t)4U;
-    uint64_t *wv_b4 = wv + b0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a4;
-      uint64_t x1 = wv_a4[i] + wv_b4[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a4;
-      uint64_t x1 = wv_a4[i] + y[i];
-      os[i] = x1;);
-    uint64_t *wv_a5 = wv + d10 * (uint32_t)4U;
-    uint64_t *wv_b5 = wv + a * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a5;
-      uint64_t x1 = wv_a5[i] ^ wv_b5[i];
-      os[i] = x1;);
-    uint64_t *r13 = wv_a5;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r13;
-      uint64_t x1 = r13[i];
-      uint64_t x10 = x1 >> (uint32_t)16U | x1 << (uint32_t)48U;
-      os[i] = x10;);
-    uint64_t *wv_a6 = wv + c0 * (uint32_t)4U;
-    uint64_t *wv_b6 = wv + d10 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a6;
-      uint64_t x1 = wv_a6[i] + wv_b6[i];
-      os[i] = x1;);
-    uint64_t *wv_a7 = wv + b0 * (uint32_t)4U;
-    uint64_t *wv_b7 = wv + c0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a7;
-      uint64_t x1 = wv_a7[i] ^ wv_b7[i];
-      os[i] = x1;);
-    uint64_t *r14 = wv_a7;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r14;
-      uint64_t x1 = r14[i];
-      uint64_t x10 = x1 >> (uint32_t)63U | x1 << (uint32_t)1U;
-      os[i] = x10;);
-    uint64_t *r15 = wv + (uint32_t)4U;
-    uint64_t *r21 = wv + (uint32_t)8U;
-    uint64_t *r31 = wv + (uint32_t)12U;
-    uint64_t *r110 = r15;
-    uint64_t x00 = r110[1U];
-    uint64_t x10 = r110[2U];
-    uint64_t x20 = r110[3U];
-    uint64_t x30 = r110[0U];
-    r110[0U] = x00;
-    r110[1U] = x10;
-    r110[2U] = x20;
-    r110[3U] = x30;
-    uint64_t *r111 = r21;
-    uint64_t x01 = r111[2U];
-    uint64_t x11 = r111[3U];
-    uint64_t x21 = r111[0U];
-    uint64_t x31 = r111[1U];
-    r111[0U] = x01;
-    r111[1U] = x11;
-    r111[2U] = x21;
-    r111[3U] = x31;
-    uint64_t *r112 = r31;
-    uint64_t x02 = r112[3U];
-    uint64_t x12 = r112[0U];
-    uint64_t x22 = r112[1U];
-    uint64_t x32 = r112[2U];
-    r112[0U] = x02;
-    r112[1U] = x12;
-    r112[2U] = x22;
-    r112[3U] = x32;
-    uint32_t a0 = (uint32_t)0U;
-    uint32_t b = (uint32_t)1U;
-    uint32_t c = (uint32_t)2U;
-    uint32_t d1 = (uint32_t)3U;
-    uint64_t *wv_a = wv + a0 * (uint32_t)4U;
-    uint64_t *wv_b8 = wv + b * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a;
-      uint64_t x1 = wv_a[i] + wv_b8[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a;
-      uint64_t x1 = wv_a[i] + z[i];
-      os[i] = x1;);
-    uint64_t *wv_a8 = wv + d1 * (uint32_t)4U;
-    uint64_t *wv_b9 = wv + a0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a8;
-      uint64_t x1 = wv_a8[i] ^ wv_b9[i];
-      os[i] = x1;);
-    uint64_t *r16 = wv_a8;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r16;
-      uint64_t x1 = r16[i];
-      uint64_t x13 = x1 >> (uint32_t)32U | x1 << (uint32_t)32U;
-      os[i] = x13;);
-    uint64_t *wv_a9 = wv + c * (uint32_t)4U;
-    uint64_t *wv_b10 = wv + d1 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a9;
-      uint64_t x1 = wv_a9[i] + wv_b10[i];
-      os[i] = x1;);
-    uint64_t *wv_a10 = wv + b * (uint32_t)4U;
-    uint64_t *wv_b11 = wv + c * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a10;
-      uint64_t x1 = wv_a10[i] ^ wv_b11[i];
-      os[i] = x1;);
-    uint64_t *r17 = wv_a10;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r17;
-      uint64_t x1 = r17[i];
-      uint64_t x13 = x1 >> (uint32_t)24U | x1 << (uint32_t)40U;
-      os[i] = x13;);
-    uint64_t *wv_a11 = wv + a0 * (uint32_t)4U;
-    uint64_t *wv_b12 = wv + b * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a11;
-      uint64_t x1 = wv_a11[i] + wv_b12[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a11;
-      uint64_t x1 = wv_a11[i] + w[i];
-      os[i] = x1;);
-    uint64_t *wv_a12 = wv + d1 * (uint32_t)4U;
-    uint64_t *wv_b13 = wv + a0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a12;
-      uint64_t x1 = wv_a12[i] ^ wv_b13[i];
-      os[i] = x1;);
-    uint64_t *r18 = wv_a12;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r18;
-      uint64_t x1 = r18[i];
-      uint64_t x13 = x1 >> (uint32_t)16U | x1 << (uint32_t)48U;
-      os[i] = x13;);
-    uint64_t *wv_a13 = wv + c * (uint32_t)4U;
-    uint64_t *wv_b14 = wv + d1 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a13;
-      uint64_t x1 = wv_a13[i] + wv_b14[i];
-      os[i] = x1;);
-    uint64_t *wv_a14 = wv + b * (uint32_t)4U;
-    uint64_t *wv_b = wv + c * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = wv_a14;
-      uint64_t x1 = wv_a14[i] ^ wv_b[i];
-      os[i] = x1;);
-    uint64_t *r19 = wv_a14;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint64_t *os = r19;
-      uint64_t x1 = r19[i];
-      uint64_t x13 = x1 >> (uint32_t)63U | x1 << (uint32_t)1U;
-      os[i] = x13;);
-    uint64_t *r113 = wv + (uint32_t)4U;
-    uint64_t *r2 = wv + (uint32_t)8U;
-    uint64_t *r3 = wv + (uint32_t)12U;
-    uint64_t *r11 = r113;
-    uint64_t x03 = r11[3U];
-    uint64_t x13 = r11[0U];
-    uint64_t x23 = r11[1U];
-    uint64_t x33 = r11[2U];
-    r11[0U] = x03;
-    r11[1U] = x13;
-    r11[2U] = x23;
-    r11[3U] = x33;
-    uint64_t *r114 = r2;
-    uint64_t x04 = r114[2U];
-    uint64_t x14 = r114[3U];
-    uint64_t x24 = r114[0U];
-    uint64_t x34 = r114[1U];
-    r114[0U] = x04;
-    r114[1U] = x14;
-    r114[2U] = x24;
-    r114[3U] = x34;
-    uint64_t *r115 = r3;
-    uint64_t x0 = r115[1U];
-    uint64_t x1 = r115[2U];
-    uint64_t x2 = r115[3U];
-    uint64_t x3 = r115[0U];
-    r115[0U] = x0;
-    r115[1U] = x1;
-    r115[2U] = x2;
-    r115[3U] = x3;);
-  uint64_t *s0 = hash;
-  uint64_t *s1 = hash + (uint32_t)4U;
-  uint64_t *r0 = wv;
-  uint64_t *r1 = wv + (uint32_t)4U;
-  uint64_t *r2 = wv + (uint32_t)8U;
-  uint64_t *r3 = wv + (uint32_t)12U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = s0;
-    uint64_t x = s0[i] ^ r0[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = s0;
-    uint64_t x = s0[i] ^ r2[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = s1;
-    uint64_t x = s1[i] ^ r1[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = s1;
-    uint64_t x = s1[i] ^ r3[i];
-    os[i] = x;);
-}
-
-void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn)
-{
-  uint64_t *r0 = hash;
-  uint64_t *r1 = hash + (uint32_t)4U;
-  uint64_t *r2 = hash + (uint32_t)8U;
-  uint64_t *r3 = hash + (uint32_t)12U;
-  uint64_t iv0 = Hacl_Impl_Blake2_Constants_ivTable_B[0U];
-  uint64_t iv1 = Hacl_Impl_Blake2_Constants_ivTable_B[1U];
-  uint64_t iv2 = Hacl_Impl_Blake2_Constants_ivTable_B[2U];
-  uint64_t iv3 = Hacl_Impl_Blake2_Constants_ivTable_B[3U];
-  uint64_t iv4 = Hacl_Impl_Blake2_Constants_ivTable_B[4U];
-  uint64_t iv5 = Hacl_Impl_Blake2_Constants_ivTable_B[5U];
-  uint64_t iv6 = Hacl_Impl_Blake2_Constants_ivTable_B[6U];
-  uint64_t iv7 = Hacl_Impl_Blake2_Constants_ivTable_B[7U];
-  r2[0U] = iv0;
-  r2[1U] = iv1;
-  r2[2U] = iv2;
-  r2[3U] = iv3;
-  r3[0U] = iv4;
-  r3[1U] = iv5;
-  r3[2U] = iv6;
-  r3[3U] = iv7;
-  uint64_t kk_shift_8 = (uint64_t)kk << (uint32_t)8U;
-  uint64_t iv0_ = iv0 ^ ((uint64_t)0x01010000U ^ (kk_shift_8 ^ (uint64_t)nn));
-  r0[0U] = iv0_;
-  r0[1U] = iv1;
-  r0[2U] = iv2;
-  r0[3U] = iv3;
-  r1[0U] = iv4;
-  r1[1U] = iv5;
-  r1[2U] = iv6;
-  r1[3U] = iv7;
-}
-
-void
-Hacl_Blake2b_32_blake2b_update_key(
-  uint64_t *wv,
-  uint64_t *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-)
-{
-  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U);
-  uint8_t b[128U] = { 0U };
-  memcpy(b, k, kk * sizeof (uint8_t));
-  if (ll == (uint32_t)0U)
-  {
-    blake2b_update_block(wv, hash, true, lb, b);
-  }
-  else
-  {
-    blake2b_update_block(wv, hash, false, lb, b);
-  }
-  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
-}
-
-void
-Hacl_Blake2b_32_blake2b_update_multi(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks,
-  uint32_t nb
-)
-{
-  KRML_HOST_IGNORE(len);
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    FStar_UInt128_uint128
-    totlen =
-      FStar_UInt128_add_mod(prev,
-        FStar_UInt128_uint64_to_uint128((uint64_t)((i + (uint32_t)1U) * (uint32_t)128U)));
-    uint8_t *b = blocks + i * (uint32_t)128U;
-    blake2b_update_block(wv, hash, false, totlen, b);
-  }
-}
-
-void
-Hacl_Blake2b_32_blake2b_update_last(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint32_t rem,
-  uint8_t *d
-)
-{
-  uint8_t b[128U] = { 0U };
-  uint8_t *last = d + len - rem;
-  memcpy(b, last, rem * sizeof (uint8_t));
-  FStar_UInt128_uint128
-  totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
-  blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
-}
-
-static void
-blake2b_update_blocks(
-  uint32_t len,
-  uint64_t *wv,
-  uint64_t *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks
-)
-{
-  uint32_t nb0 = len / (uint32_t)128U;
-  uint32_t rem0 = len % (uint32_t)128U;
-  K___uint32_t_uint32_t scrut;
-  if (rem0 == (uint32_t)0U && nb0 > (uint32_t)0U)
-  {
-    uint32_t nb_ = nb0 - (uint32_t)1U;
-    uint32_t rem_ = (uint32_t)128U;
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb_, .snd = rem_ });
-  }
-  else
-  {
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb0, .snd = rem0 });
-  }
-  uint32_t nb = scrut.fst;
-  uint32_t rem = scrut.snd;
-  Hacl_Blake2b_32_blake2b_update_multi(len, wv, hash, prev, blocks, nb);
-  Hacl_Blake2b_32_blake2b_update_last(len, wv, hash, prev, rem, blocks);
-}
-
-static inline void
-blake2b_update(uint64_t *wv, uint64_t *hash, uint32_t kk, uint8_t *k, uint32_t ll, uint8_t *d)
-{
-  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U);
-  if (kk > (uint32_t)0U)
-  {
-    Hacl_Blake2b_32_blake2b_update_key(wv, hash, kk, k, ll);
-    if (!(ll == (uint32_t)0U))
-    {
-      blake2b_update_blocks(ll, wv, hash, lb, d);
-      return;
-    }
-    return;
-  }
-  blake2b_update_blocks(ll,
-    wv,
-    hash,
-    FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)0U),
-    d);
-}
-
-void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash)
-{
-  uint8_t b[64U] = { 0U };
-  uint8_t *first = b;
-  uint8_t *second = b + (uint32_t)32U;
-  uint64_t *row0 = hash;
-  uint64_t *row1 = hash + (uint32_t)4U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(first + i * (uint32_t)8U, row0[i]););
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_le(second + i * (uint32_t)8U, row1[i]););
-  uint8_t *final = b;
-  memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-/**
-Write the BLAKE2b digest of message `d` using key `k` into `output`.
-
-@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2b_32_blake2b(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-)
-{
-  uint64_t b[16U] = { 0U };
-  uint64_t b1[16U] = { 0U };
-  Hacl_Blake2b_32_blake2b_init(b, kk, nn);
-  blake2b_update(b1, b, kk, k, ll, d);
-  Hacl_Blake2b_32_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint64_t);
-  Lib_Memzero0_memzero(b, (uint32_t)16U, uint64_t);
-}
-
-uint64_t *Hacl_Blake2b_32_blake2b_malloc(void)
-{
-  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
-  return buf;
-}
-
-static inline void
-blake2s_update_block(uint32_t *wv, uint32_t *hash, bool flag, uint64_t totlen, uint8_t *d)
-{
-  uint32_t m_w[16U] = { 0U };
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint32_t *os = m_w;
-    uint8_t *bj = d + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  uint32_t mask[4U] = { 0U };
-  uint32_t wv_14;
-  if (flag)
-  {
-    wv_14 = (uint32_t)0xFFFFFFFFU;
-  }
-  else
-  {
-    wv_14 = (uint32_t)0U;
-  }
-  uint32_t wv_15 = (uint32_t)0U;
-  mask[0U] = (uint32_t)totlen;
-  mask[1U] = (uint32_t)(totlen >> (uint32_t)32U);
-  mask[2U] = wv_14;
-  mask[3U] = wv_15;
-  memcpy(wv, hash, (uint32_t)16U * sizeof (uint32_t));
-  uint32_t *wv3 = wv + (uint32_t)12U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = wv3;
-    uint32_t x = wv3[i] ^ mask[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR10(i0,
-    (uint32_t)0U,
-    (uint32_t)10U,
-    (uint32_t)1U,
-    uint32_t start_idx = i0 % (uint32_t)10U * (uint32_t)16U;
-    uint32_t m_st[16U] = { 0U };
-    uint32_t *r0 = m_st;
-    uint32_t *r1 = m_st + (uint32_t)4U;
-    uint32_t *r20 = m_st + (uint32_t)8U;
-    uint32_t *r30 = m_st + (uint32_t)12U;
-    uint32_t s0 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)0U];
-    uint32_t s1 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)1U];
-    uint32_t s2 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)2U];
-    uint32_t s3 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)3U];
-    uint32_t s4 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)4U];
-    uint32_t s5 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)5U];
-    uint32_t s6 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)6U];
-    uint32_t s7 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)7U];
-    uint32_t s8 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)8U];
-    uint32_t s9 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)9U];
-    uint32_t s10 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)10U];
-    uint32_t s11 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)11U];
-    uint32_t s12 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)12U];
-    uint32_t s13 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)13U];
-    uint32_t s14 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)14U];
-    uint32_t s15 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)15U];
-    uint32_t uu____0 = m_w[s2];
-    uint32_t uu____1 = m_w[s4];
-    uint32_t uu____2 = m_w[s6];
-    r0[0U] = m_w[s0];
-    r0[1U] = uu____0;
-    r0[2U] = uu____1;
-    r0[3U] = uu____2;
-    uint32_t uu____3 = m_w[s3];
-    uint32_t uu____4 = m_w[s5];
-    uint32_t uu____5 = m_w[s7];
-    r1[0U] = m_w[s1];
-    r1[1U] = uu____3;
-    r1[2U] = uu____4;
-    r1[3U] = uu____5;
-    uint32_t uu____6 = m_w[s10];
-    uint32_t uu____7 = m_w[s12];
-    uint32_t uu____8 = m_w[s14];
-    r20[0U] = m_w[s8];
-    r20[1U] = uu____6;
-    r20[2U] = uu____7;
-    r20[3U] = uu____8;
-    uint32_t uu____9 = m_w[s11];
-    uint32_t uu____10 = m_w[s13];
-    uint32_t uu____11 = m_w[s15];
-    r30[0U] = m_w[s9];
-    r30[1U] = uu____9;
-    r30[2U] = uu____10;
-    r30[3U] = uu____11;
-    uint32_t *x = m_st;
-    uint32_t *y = m_st + (uint32_t)4U;
-    uint32_t *z = m_st + (uint32_t)8U;
-    uint32_t *w = m_st + (uint32_t)12U;
-    uint32_t a = (uint32_t)0U;
-    uint32_t b0 = (uint32_t)1U;
-    uint32_t c0 = (uint32_t)2U;
-    uint32_t d10 = (uint32_t)3U;
-    uint32_t *wv_a0 = wv + a * (uint32_t)4U;
-    uint32_t *wv_b0 = wv + b0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a0;
-      uint32_t x1 = wv_a0[i] + wv_b0[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a0;
-      uint32_t x1 = wv_a0[i] + x[i];
-      os[i] = x1;);
-    uint32_t *wv_a1 = wv + d10 * (uint32_t)4U;
-    uint32_t *wv_b1 = wv + a * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a1;
-      uint32_t x1 = wv_a1[i] ^ wv_b1[i];
-      os[i] = x1;);
-    uint32_t *r10 = wv_a1;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r10;
-      uint32_t x1 = r10[i];
-      uint32_t x10 = x1 >> (uint32_t)16U | x1 << (uint32_t)16U;
-      os[i] = x10;);
-    uint32_t *wv_a2 = wv + c0 * (uint32_t)4U;
-    uint32_t *wv_b2 = wv + d10 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a2;
-      uint32_t x1 = wv_a2[i] + wv_b2[i];
-      os[i] = x1;);
-    uint32_t *wv_a3 = wv + b0 * (uint32_t)4U;
-    uint32_t *wv_b3 = wv + c0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a3;
-      uint32_t x1 = wv_a3[i] ^ wv_b3[i];
-      os[i] = x1;);
-    uint32_t *r12 = wv_a3;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r12;
-      uint32_t x1 = r12[i];
-      uint32_t x10 = x1 >> (uint32_t)12U | x1 << (uint32_t)20U;
-      os[i] = x10;);
-    uint32_t *wv_a4 = wv + a * (uint32_t)4U;
-    uint32_t *wv_b4 = wv + b0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a4;
-      uint32_t x1 = wv_a4[i] + wv_b4[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a4;
-      uint32_t x1 = wv_a4[i] + y[i];
-      os[i] = x1;);
-    uint32_t *wv_a5 = wv + d10 * (uint32_t)4U;
-    uint32_t *wv_b5 = wv + a * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a5;
-      uint32_t x1 = wv_a5[i] ^ wv_b5[i];
-      os[i] = x1;);
-    uint32_t *r13 = wv_a5;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r13;
-      uint32_t x1 = r13[i];
-      uint32_t x10 = x1 >> (uint32_t)8U | x1 << (uint32_t)24U;
-      os[i] = x10;);
-    uint32_t *wv_a6 = wv + c0 * (uint32_t)4U;
-    uint32_t *wv_b6 = wv + d10 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a6;
-      uint32_t x1 = wv_a6[i] + wv_b6[i];
-      os[i] = x1;);
-    uint32_t *wv_a7 = wv + b0 * (uint32_t)4U;
-    uint32_t *wv_b7 = wv + c0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a7;
-      uint32_t x1 = wv_a7[i] ^ wv_b7[i];
-      os[i] = x1;);
-    uint32_t *r14 = wv_a7;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r14;
-      uint32_t x1 = r14[i];
-      uint32_t x10 = x1 >> (uint32_t)7U | x1 << (uint32_t)25U;
-      os[i] = x10;);
-    uint32_t *r15 = wv + (uint32_t)4U;
-    uint32_t *r21 = wv + (uint32_t)8U;
-    uint32_t *r31 = wv + (uint32_t)12U;
-    uint32_t *r110 = r15;
-    uint32_t x00 = r110[1U];
-    uint32_t x10 = r110[2U];
-    uint32_t x20 = r110[3U];
-    uint32_t x30 = r110[0U];
-    r110[0U] = x00;
-    r110[1U] = x10;
-    r110[2U] = x20;
-    r110[3U] = x30;
-    uint32_t *r111 = r21;
-    uint32_t x01 = r111[2U];
-    uint32_t x11 = r111[3U];
-    uint32_t x21 = r111[0U];
-    uint32_t x31 = r111[1U];
-    r111[0U] = x01;
-    r111[1U] = x11;
-    r111[2U] = x21;
-    r111[3U] = x31;
-    uint32_t *r112 = r31;
-    uint32_t x02 = r112[3U];
-    uint32_t x12 = r112[0U];
-    uint32_t x22 = r112[1U];
-    uint32_t x32 = r112[2U];
-    r112[0U] = x02;
-    r112[1U] = x12;
-    r112[2U] = x22;
-    r112[3U] = x32;
-    uint32_t a0 = (uint32_t)0U;
-    uint32_t b = (uint32_t)1U;
-    uint32_t c = (uint32_t)2U;
-    uint32_t d1 = (uint32_t)3U;
-    uint32_t *wv_a = wv + a0 * (uint32_t)4U;
-    uint32_t *wv_b8 = wv + b * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a;
-      uint32_t x1 = wv_a[i] + wv_b8[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a;
-      uint32_t x1 = wv_a[i] + z[i];
-      os[i] = x1;);
-    uint32_t *wv_a8 = wv + d1 * (uint32_t)4U;
-    uint32_t *wv_b9 = wv + a0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a8;
-      uint32_t x1 = wv_a8[i] ^ wv_b9[i];
-      os[i] = x1;);
-    uint32_t *r16 = wv_a8;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r16;
-      uint32_t x1 = r16[i];
-      uint32_t x13 = x1 >> (uint32_t)16U | x1 << (uint32_t)16U;
-      os[i] = x13;);
-    uint32_t *wv_a9 = wv + c * (uint32_t)4U;
-    uint32_t *wv_b10 = wv + d1 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a9;
-      uint32_t x1 = wv_a9[i] + wv_b10[i];
-      os[i] = x1;);
-    uint32_t *wv_a10 = wv + b * (uint32_t)4U;
-    uint32_t *wv_b11 = wv + c * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a10;
-      uint32_t x1 = wv_a10[i] ^ wv_b11[i];
-      os[i] = x1;);
-    uint32_t *r17 = wv_a10;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r17;
-      uint32_t x1 = r17[i];
-      uint32_t x13 = x1 >> (uint32_t)12U | x1 << (uint32_t)20U;
-      os[i] = x13;);
-    uint32_t *wv_a11 = wv + a0 * (uint32_t)4U;
-    uint32_t *wv_b12 = wv + b * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a11;
-      uint32_t x1 = wv_a11[i] + wv_b12[i];
-      os[i] = x1;);
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a11;
-      uint32_t x1 = wv_a11[i] + w[i];
-      os[i] = x1;);
-    uint32_t *wv_a12 = wv + d1 * (uint32_t)4U;
-    uint32_t *wv_b13 = wv + a0 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a12;
-      uint32_t x1 = wv_a12[i] ^ wv_b13[i];
-      os[i] = x1;);
-    uint32_t *r18 = wv_a12;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r18;
-      uint32_t x1 = r18[i];
-      uint32_t x13 = x1 >> (uint32_t)8U | x1 << (uint32_t)24U;
-      os[i] = x13;);
-    uint32_t *wv_a13 = wv + c * (uint32_t)4U;
-    uint32_t *wv_b14 = wv + d1 * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a13;
-      uint32_t x1 = wv_a13[i] + wv_b14[i];
-      os[i] = x1;);
-    uint32_t *wv_a14 = wv + b * (uint32_t)4U;
-    uint32_t *wv_b = wv + c * (uint32_t)4U;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = wv_a14;
-      uint32_t x1 = wv_a14[i] ^ wv_b[i];
-      os[i] = x1;);
-    uint32_t *r19 = wv_a14;
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      uint32_t *os = r19;
-      uint32_t x1 = r19[i];
-      uint32_t x13 = x1 >> (uint32_t)7U | x1 << (uint32_t)25U;
-      os[i] = x13;);
-    uint32_t *r113 = wv + (uint32_t)4U;
-    uint32_t *r2 = wv + (uint32_t)8U;
-    uint32_t *r3 = wv + (uint32_t)12U;
-    uint32_t *r11 = r113;
-    uint32_t x03 = r11[3U];
-    uint32_t x13 = r11[0U];
-    uint32_t x23 = r11[1U];
-    uint32_t x33 = r11[2U];
-    r11[0U] = x03;
-    r11[1U] = x13;
-    r11[2U] = x23;
-    r11[3U] = x33;
-    uint32_t *r114 = r2;
-    uint32_t x04 = r114[2U];
-    uint32_t x14 = r114[3U];
-    uint32_t x24 = r114[0U];
-    uint32_t x34 = r114[1U];
-    r114[0U] = x04;
-    r114[1U] = x14;
-    r114[2U] = x24;
-    r114[3U] = x34;
-    uint32_t *r115 = r3;
-    uint32_t x0 = r115[1U];
-    uint32_t x1 = r115[2U];
-    uint32_t x2 = r115[3U];
-    uint32_t x3 = r115[0U];
-    r115[0U] = x0;
-    r115[1U] = x1;
-    r115[2U] = x2;
-    r115[3U] = x3;);
-  uint32_t *s0 = hash;
-  uint32_t *s1 = hash + (uint32_t)4U;
-  uint32_t *r0 = wv;
-  uint32_t *r1 = wv + (uint32_t)4U;
-  uint32_t *r2 = wv + (uint32_t)8U;
-  uint32_t *r3 = wv + (uint32_t)12U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = s0;
-    uint32_t x = s0[i] ^ r0[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = s0;
-    uint32_t x = s0[i] ^ r2[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = s1;
-    uint32_t x = s1[i] ^ r1[i];
-    os[i] = x;);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = s1;
-    uint32_t x = s1[i] ^ r3[i];
-    os[i] = x;);
-}
-
-void Hacl_Blake2s_32_blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn)
-{
-  uint32_t *r0 = hash;
-  uint32_t *r1 = hash + (uint32_t)4U;
-  uint32_t *r2 = hash + (uint32_t)8U;
-  uint32_t *r3 = hash + (uint32_t)12U;
-  uint32_t iv0 = Hacl_Impl_Blake2_Constants_ivTable_S[0U];
-  uint32_t iv1 = Hacl_Impl_Blake2_Constants_ivTable_S[1U];
-  uint32_t iv2 = Hacl_Impl_Blake2_Constants_ivTable_S[2U];
-  uint32_t iv3 = Hacl_Impl_Blake2_Constants_ivTable_S[3U];
-  uint32_t iv4 = Hacl_Impl_Blake2_Constants_ivTable_S[4U];
-  uint32_t iv5 = Hacl_Impl_Blake2_Constants_ivTable_S[5U];
-  uint32_t iv6 = Hacl_Impl_Blake2_Constants_ivTable_S[6U];
-  uint32_t iv7 = Hacl_Impl_Blake2_Constants_ivTable_S[7U];
-  r2[0U] = iv0;
-  r2[1U] = iv1;
-  r2[2U] = iv2;
-  r2[3U] = iv3;
-  r3[0U] = iv4;
-  r3[1U] = iv5;
-  r3[2U] = iv6;
-  r3[3U] = iv7;
-  uint32_t kk_shift_8 = kk << (uint32_t)8U;
-  uint32_t iv0_ = iv0 ^ ((uint32_t)0x01010000U ^ (kk_shift_8 ^ nn));
-  r0[0U] = iv0_;
-  r0[1U] = iv1;
-  r0[2U] = iv2;
-  r0[3U] = iv3;
-  r1[0U] = iv4;
-  r1[1U] = iv5;
-  r1[2U] = iv6;
-  r1[3U] = iv7;
-}
-
-void
-Hacl_Blake2s_32_blake2s_update_key(
-  uint32_t *wv,
-  uint32_t *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-)
-{
-  uint64_t lb = (uint64_t)(uint32_t)64U;
-  uint8_t b[64U] = { 0U };
-  memcpy(b, k, kk * sizeof (uint8_t));
-  if (ll == (uint32_t)0U)
-  {
-    blake2s_update_block(wv, hash, true, lb, b);
-  }
-  else
-  {
-    blake2s_update_block(wv, hash, false, lb, b);
-  }
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-void
-Hacl_Blake2s_32_blake2s_update_multi(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint8_t *blocks,
-  uint32_t nb
-)
-{
-  KRML_HOST_IGNORE(len);
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
-    uint8_t *b = blocks + i * (uint32_t)64U;
-    blake2s_update_block(wv, hash, false, totlen, b);
-  }
-}
-
-void
-Hacl_Blake2s_32_blake2s_update_last(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint32_t rem,
-  uint8_t *d
-)
-{
-  uint8_t b[64U] = { 0U };
-  uint8_t *last = d + len - rem;
-  memcpy(b, last, rem * sizeof (uint8_t));
-  uint64_t totlen = prev + (uint64_t)len;
-  blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-static void
-blake2s_update_blocks(
-  uint32_t len,
-  uint32_t *wv,
-  uint32_t *hash,
-  uint64_t prev,
-  uint8_t *blocks
-)
-{
-  uint32_t nb0 = len / (uint32_t)64U;
-  uint32_t rem0 = len % (uint32_t)64U;
-  K___uint32_t_uint32_t scrut;
-  if (rem0 == (uint32_t)0U && nb0 > (uint32_t)0U)
-  {
-    uint32_t nb_ = nb0 - (uint32_t)1U;
-    uint32_t rem_ = (uint32_t)64U;
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb_, .snd = rem_ });
-  }
-  else
-  {
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb0, .snd = rem0 });
-  }
-  uint32_t nb = scrut.fst;
-  uint32_t rem = scrut.snd;
-  Hacl_Blake2s_32_blake2s_update_multi(len, wv, hash, prev, blocks, nb);
-  Hacl_Blake2s_32_blake2s_update_last(len, wv, hash, prev, rem, blocks);
-}
-
-static inline void
-blake2s_update(uint32_t *wv, uint32_t *hash, uint32_t kk, uint8_t *k, uint32_t ll, uint8_t *d)
-{
-  uint64_t lb = (uint64_t)(uint32_t)64U;
-  if (kk > (uint32_t)0U)
-  {
-    Hacl_Blake2s_32_blake2s_update_key(wv, hash, kk, k, ll);
-    if (!(ll == (uint32_t)0U))
-    {
-      blake2s_update_blocks(ll, wv, hash, lb, d);
-      return;
-    }
-    return;
-  }
-  blake2s_update_blocks(ll, wv, hash, (uint64_t)(uint32_t)0U, d);
-}
-
-void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash)
-{
-  uint8_t b[32U] = { 0U };
-  uint8_t *first = b;
-  uint8_t *second = b + (uint32_t)16U;
-  uint32_t *row0 = hash;
-  uint32_t *row1 = hash + (uint32_t)4U;
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store32_le(first + i * (uint32_t)4U, row0[i]););
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store32_le(second + i * (uint32_t)4U, row1[i]););
-  uint8_t *final = b;
-  memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
-}
-
-/**
-Write the BLAKE2s digest of message `d` using key `k` into `output`.
-
-@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2s_32_blake2s(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-)
-{
-  uint32_t b[16U] = { 0U };
-  uint32_t b1[16U] = { 0U };
-  Hacl_Blake2s_32_blake2s_init(b, kk, nn);
-  blake2s_update(b1, b, kk, k, ll, d);
-  Hacl_Blake2s_32_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint32_t);
-  Lib_Memzero0_memzero(b, (uint32_t)16U, uint32_t);
-}
-
-uint32_t *Hacl_Blake2s_32_blake2s_malloc(void)
-{
-  uint32_t *buf = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
-  return buf;
-}
-
diff --git a/src/msvc/Hacl_Hash_Blake2b.c b/src/msvc/Hacl_Hash_Blake2b.c
new file mode 100644
index 00000000..2dceaf4b
--- /dev/null
+++ b/src/msvc/Hacl_Hash_Blake2b.c
@@ -0,0 +1,971 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_Hash_Blake2b.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
+
+static void
+update_block(uint64_t *wv, uint64_t *hash, bool flag, FStar_UInt128_uint128 totlen, uint8_t *d)
+{
+  uint64_t m_w[16U] = { 0U };
+  KRML_MAYBE_FOR16(i,
+    0U,
+    16U,
+    1U,
+    uint64_t *os = m_w;
+    uint8_t *bj = d + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  uint64_t mask[4U] = { 0U };
+  uint64_t wv_14;
+  if (flag)
+  {
+    wv_14 = 0xFFFFFFFFFFFFFFFFULL;
+  }
+  else
+  {
+    wv_14 = 0ULL;
+  }
+  uint64_t wv_15 = 0ULL;
+  mask[0U] = FStar_UInt128_uint128_to_uint64(totlen);
+  mask[1U] = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(totlen, 64U));
+  mask[2U] = wv_14;
+  mask[3U] = wv_15;
+  memcpy(wv, hash, 16U * sizeof (uint64_t));
+  uint64_t *wv3 = wv + 12U;
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = wv3;
+    uint64_t x = wv3[i] ^ mask[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR12(i0,
+    0U,
+    12U,
+    1U,
+    uint32_t start_idx = i0 % 10U * 16U;
+    uint64_t m_st[16U] = { 0U };
+    uint64_t *r0 = m_st;
+    uint64_t *r1 = m_st + 4U;
+    uint64_t *r20 = m_st + 8U;
+    uint64_t *r30 = m_st + 12U;
+    uint32_t s0 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 0U];
+    uint32_t s1 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 1U];
+    uint32_t s2 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 2U];
+    uint32_t s3 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 3U];
+    uint32_t s4 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 4U];
+    uint32_t s5 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 5U];
+    uint32_t s6 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 6U];
+    uint32_t s7 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 7U];
+    uint32_t s8 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 8U];
+    uint32_t s9 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 9U];
+    uint32_t s10 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 10U];
+    uint32_t s11 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 11U];
+    uint32_t s12 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 12U];
+    uint32_t s13 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 13U];
+    uint32_t s14 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 14U];
+    uint32_t s15 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 15U];
+    uint64_t uu____0 = m_w[s2];
+    uint64_t uu____1 = m_w[s4];
+    uint64_t uu____2 = m_w[s6];
+    r0[0U] = m_w[s0];
+    r0[1U] = uu____0;
+    r0[2U] = uu____1;
+    r0[3U] = uu____2;
+    uint64_t uu____3 = m_w[s3];
+    uint64_t uu____4 = m_w[s5];
+    uint64_t uu____5 = m_w[s7];
+    r1[0U] = m_w[s1];
+    r1[1U] = uu____3;
+    r1[2U] = uu____4;
+    r1[3U] = uu____5;
+    uint64_t uu____6 = m_w[s10];
+    uint64_t uu____7 = m_w[s12];
+    uint64_t uu____8 = m_w[s14];
+    r20[0U] = m_w[s8];
+    r20[1U] = uu____6;
+    r20[2U] = uu____7;
+    r20[3U] = uu____8;
+    uint64_t uu____9 = m_w[s11];
+    uint64_t uu____10 = m_w[s13];
+    uint64_t uu____11 = m_w[s15];
+    r30[0U] = m_w[s9];
+    r30[1U] = uu____9;
+    r30[2U] = uu____10;
+    r30[3U] = uu____11;
+    uint64_t *x = m_st;
+    uint64_t *y = m_st + 4U;
+    uint64_t *z = m_st + 8U;
+    uint64_t *w = m_st + 12U;
+    uint32_t a = 0U;
+    uint32_t b0 = 1U;
+    uint32_t c0 = 2U;
+    uint32_t d10 = 3U;
+    uint64_t *wv_a0 = wv + a * 4U;
+    uint64_t *wv_b0 = wv + b0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a0;
+      uint64_t x1 = wv_a0[i] + wv_b0[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a0;
+      uint64_t x1 = wv_a0[i] + x[i];
+      os[i] = x1;);
+    uint64_t *wv_a1 = wv + d10 * 4U;
+    uint64_t *wv_b1 = wv + a * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a1;
+      uint64_t x1 = wv_a1[i] ^ wv_b1[i];
+      os[i] = x1;);
+    uint64_t *r10 = wv_a1;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r10;
+      uint64_t x1 = r10[i];
+      uint64_t x10 = x1 >> 32U | x1 << 32U;
+      os[i] = x10;);
+    uint64_t *wv_a2 = wv + c0 * 4U;
+    uint64_t *wv_b2 = wv + d10 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a2;
+      uint64_t x1 = wv_a2[i] + wv_b2[i];
+      os[i] = x1;);
+    uint64_t *wv_a3 = wv + b0 * 4U;
+    uint64_t *wv_b3 = wv + c0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a3;
+      uint64_t x1 = wv_a3[i] ^ wv_b3[i];
+      os[i] = x1;);
+    uint64_t *r12 = wv_a3;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r12;
+      uint64_t x1 = r12[i];
+      uint64_t x10 = x1 >> 24U | x1 << 40U;
+      os[i] = x10;);
+    uint64_t *wv_a4 = wv + a * 4U;
+    uint64_t *wv_b4 = wv + b0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a4;
+      uint64_t x1 = wv_a4[i] + wv_b4[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a4;
+      uint64_t x1 = wv_a4[i] + y[i];
+      os[i] = x1;);
+    uint64_t *wv_a5 = wv + d10 * 4U;
+    uint64_t *wv_b5 = wv + a * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a5;
+      uint64_t x1 = wv_a5[i] ^ wv_b5[i];
+      os[i] = x1;);
+    uint64_t *r13 = wv_a5;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r13;
+      uint64_t x1 = r13[i];
+      uint64_t x10 = x1 >> 16U | x1 << 48U;
+      os[i] = x10;);
+    uint64_t *wv_a6 = wv + c0 * 4U;
+    uint64_t *wv_b6 = wv + d10 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a6;
+      uint64_t x1 = wv_a6[i] + wv_b6[i];
+      os[i] = x1;);
+    uint64_t *wv_a7 = wv + b0 * 4U;
+    uint64_t *wv_b7 = wv + c0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a7;
+      uint64_t x1 = wv_a7[i] ^ wv_b7[i];
+      os[i] = x1;);
+    uint64_t *r14 = wv_a7;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r14;
+      uint64_t x1 = r14[i];
+      uint64_t x10 = x1 >> 63U | x1 << 1U;
+      os[i] = x10;);
+    uint64_t *r15 = wv + 4U;
+    uint64_t *r21 = wv + 8U;
+    uint64_t *r31 = wv + 12U;
+    uint64_t *r110 = r15;
+    uint64_t x00 = r110[1U];
+    uint64_t x10 = r110[2U];
+    uint64_t x20 = r110[3U];
+    uint64_t x30 = r110[0U];
+    r110[0U] = x00;
+    r110[1U] = x10;
+    r110[2U] = x20;
+    r110[3U] = x30;
+    uint64_t *r111 = r21;
+    uint64_t x01 = r111[2U];
+    uint64_t x11 = r111[3U];
+    uint64_t x21 = r111[0U];
+    uint64_t x31 = r111[1U];
+    r111[0U] = x01;
+    r111[1U] = x11;
+    r111[2U] = x21;
+    r111[3U] = x31;
+    uint64_t *r112 = r31;
+    uint64_t x02 = r112[3U];
+    uint64_t x12 = r112[0U];
+    uint64_t x22 = r112[1U];
+    uint64_t x32 = r112[2U];
+    r112[0U] = x02;
+    r112[1U] = x12;
+    r112[2U] = x22;
+    r112[3U] = x32;
+    uint32_t a0 = 0U;
+    uint32_t b = 1U;
+    uint32_t c = 2U;
+    uint32_t d1 = 3U;
+    uint64_t *wv_a = wv + a0 * 4U;
+    uint64_t *wv_b8 = wv + b * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a;
+      uint64_t x1 = wv_a[i] + wv_b8[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a;
+      uint64_t x1 = wv_a[i] + z[i];
+      os[i] = x1;);
+    uint64_t *wv_a8 = wv + d1 * 4U;
+    uint64_t *wv_b9 = wv + a0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a8;
+      uint64_t x1 = wv_a8[i] ^ wv_b9[i];
+      os[i] = x1;);
+    uint64_t *r16 = wv_a8;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r16;
+      uint64_t x1 = r16[i];
+      uint64_t x13 = x1 >> 32U | x1 << 32U;
+      os[i] = x13;);
+    uint64_t *wv_a9 = wv + c * 4U;
+    uint64_t *wv_b10 = wv + d1 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a9;
+      uint64_t x1 = wv_a9[i] + wv_b10[i];
+      os[i] = x1;);
+    uint64_t *wv_a10 = wv + b * 4U;
+    uint64_t *wv_b11 = wv + c * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a10;
+      uint64_t x1 = wv_a10[i] ^ wv_b11[i];
+      os[i] = x1;);
+    uint64_t *r17 = wv_a10;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r17;
+      uint64_t x1 = r17[i];
+      uint64_t x13 = x1 >> 24U | x1 << 40U;
+      os[i] = x13;);
+    uint64_t *wv_a11 = wv + a0 * 4U;
+    uint64_t *wv_b12 = wv + b * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a11;
+      uint64_t x1 = wv_a11[i] + wv_b12[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a11;
+      uint64_t x1 = wv_a11[i] + w[i];
+      os[i] = x1;);
+    uint64_t *wv_a12 = wv + d1 * 4U;
+    uint64_t *wv_b13 = wv + a0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a12;
+      uint64_t x1 = wv_a12[i] ^ wv_b13[i];
+      os[i] = x1;);
+    uint64_t *r18 = wv_a12;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r18;
+      uint64_t x1 = r18[i];
+      uint64_t x13 = x1 >> 16U | x1 << 48U;
+      os[i] = x13;);
+    uint64_t *wv_a13 = wv + c * 4U;
+    uint64_t *wv_b14 = wv + d1 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a13;
+      uint64_t x1 = wv_a13[i] + wv_b14[i];
+      os[i] = x1;);
+    uint64_t *wv_a14 = wv + b * 4U;
+    uint64_t *wv_b = wv + c * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = wv_a14;
+      uint64_t x1 = wv_a14[i] ^ wv_b[i];
+      os[i] = x1;);
+    uint64_t *r19 = wv_a14;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint64_t *os = r19;
+      uint64_t x1 = r19[i];
+      uint64_t x13 = x1 >> 63U | x1 << 1U;
+      os[i] = x13;);
+    uint64_t *r113 = wv + 4U;
+    uint64_t *r2 = wv + 8U;
+    uint64_t *r3 = wv + 12U;
+    uint64_t *r11 = r113;
+    uint64_t x03 = r11[3U];
+    uint64_t x13 = r11[0U];
+    uint64_t x23 = r11[1U];
+    uint64_t x33 = r11[2U];
+    r11[0U] = x03;
+    r11[1U] = x13;
+    r11[2U] = x23;
+    r11[3U] = x33;
+    uint64_t *r114 = r2;
+    uint64_t x04 = r114[2U];
+    uint64_t x14 = r114[3U];
+    uint64_t x24 = r114[0U];
+    uint64_t x34 = r114[1U];
+    r114[0U] = x04;
+    r114[1U] = x14;
+    r114[2U] = x24;
+    r114[3U] = x34;
+    uint64_t *r115 = r3;
+    uint64_t x0 = r115[1U];
+    uint64_t x1 = r115[2U];
+    uint64_t x2 = r115[3U];
+    uint64_t x3 = r115[0U];
+    r115[0U] = x0;
+    r115[1U] = x1;
+    r115[2U] = x2;
+    r115[3U] = x3;);
+  uint64_t *s0 = hash;
+  uint64_t *s1 = hash + 4U;
+  uint64_t *r0 = wv;
+  uint64_t *r1 = wv + 4U;
+  uint64_t *r2 = wv + 8U;
+  uint64_t *r3 = wv + 12U;
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = s0;
+    uint64_t x = s0[i] ^ r0[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = s0;
+    uint64_t x = s0[i] ^ r2[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = s1;
+    uint64_t x = s1[i] ^ r1[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = s1;
+    uint64_t x = s1[i] ^ r3[i];
+    os[i] = x;);
+}
+
+void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn)
+{
+  uint64_t *r0 = hash;
+  uint64_t *r1 = hash + 4U;
+  uint64_t *r2 = hash + 8U;
+  uint64_t *r3 = hash + 12U;
+  uint64_t iv0 = Hacl_Hash_Blake2s_ivTable_B[0U];
+  uint64_t iv1 = Hacl_Hash_Blake2s_ivTable_B[1U];
+  uint64_t iv2 = Hacl_Hash_Blake2s_ivTable_B[2U];
+  uint64_t iv3 = Hacl_Hash_Blake2s_ivTable_B[3U];
+  uint64_t iv4 = Hacl_Hash_Blake2s_ivTable_B[4U];
+  uint64_t iv5 = Hacl_Hash_Blake2s_ivTable_B[5U];
+  uint64_t iv6 = Hacl_Hash_Blake2s_ivTable_B[6U];
+  uint64_t iv7 = Hacl_Hash_Blake2s_ivTable_B[7U];
+  r2[0U] = iv0;
+  r2[1U] = iv1;
+  r2[2U] = iv2;
+  r2[3U] = iv3;
+  r3[0U] = iv4;
+  r3[1U] = iv5;
+  r3[2U] = iv6;
+  r3[3U] = iv7;
+  uint64_t kk_shift_8 = (uint64_t)kk << 8U;
+  uint64_t iv0_ = iv0 ^ (0x01010000ULL ^ (kk_shift_8 ^ (uint64_t)nn));
+  r0[0U] = iv0_;
+  r0[1U] = iv1;
+  r0[2U] = iv2;
+  r0[3U] = iv3;
+  r1[0U] = iv4;
+  r1[1U] = iv5;
+  r1[2U] = iv6;
+  r1[3U] = iv7;
+}
+
+static void update_key(uint64_t *wv, uint64_t *hash, uint32_t kk, uint8_t *k, uint32_t ll)
+{
+  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)128U);
+  uint8_t b[128U] = { 0U };
+  memcpy(b, k, kk * sizeof (uint8_t));
+  if (ll == 0U)
+  {
+    update_block(wv, hash, true, lb, b);
+  }
+  else
+  {
+    update_block(wv, hash, false, lb, b);
+  }
+  Lib_Memzero0_memzero(b, 128U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2b_update_multi(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks,
+  uint32_t nb
+)
+{
+  KRML_MAYBE_UNUSED_VAR(len);
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    FStar_UInt128_uint128
+    totlen =
+      FStar_UInt128_add_mod(prev,
+        FStar_UInt128_uint64_to_uint128((uint64_t)((i + 1U) * 128U)));
+    uint8_t *b = blocks + i * 128U;
+    update_block(wv, hash, false, totlen, b);
+  }
+}
+
+void
+Hacl_Hash_Blake2b_update_last(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint32_t rem,
+  uint8_t *d
+)
+{
+  uint8_t b[128U] = { 0U };
+  uint8_t *last = d + len - rem;
+  memcpy(b, last, rem * sizeof (uint8_t));
+  FStar_UInt128_uint128
+  totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
+  update_block(wv, hash, true, totlen, b);
+  Lib_Memzero0_memzero(b, 128U, uint8_t);
+}
+
+static void
+update_blocks(
+  uint32_t len,
+  uint64_t *wv,
+  uint64_t *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks
+)
+{
+  uint32_t nb0 = len / 128U;
+  uint32_t rem0 = len % 128U;
+  uint32_t nb;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    nb = nb0 - 1U;
+  }
+  else
+  {
+    nb = nb0;
+  }
+  uint32_t rem;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    rem = 128U;
+  }
+  else
+  {
+    rem = rem0;
+  }
+  Hacl_Hash_Blake2b_update_multi(len, wv, hash, prev, blocks, nb);
+  Hacl_Hash_Blake2b_update_last(len, wv, hash, prev, rem, blocks);
+}
+
+static inline void
+update(uint64_t *wv, uint64_t *hash, uint32_t kk, uint8_t *k, uint32_t ll, uint8_t *d)
+{
+  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)128U);
+  if (kk > 0U)
+  {
+    update_key(wv, hash, kk, k, ll);
+    if (!(ll == 0U))
+    {
+      update_blocks(ll, wv, hash, lb, d);
+      return;
+    }
+    return;
+  }
+  update_blocks(ll, wv, hash, FStar_UInt128_uint64_to_uint128((uint64_t)0U), d);
+}
+
+void Hacl_Hash_Blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash)
+{
+  uint8_t b[64U] = { 0U };
+  uint8_t *first = b;
+  uint8_t *second = b + 32U;
+  uint64_t *row0 = hash;
+  uint64_t *row1 = hash + 4U;
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_le(first + i * 8U, row0[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_le(second + i * 8U, row1[i]););
+  uint8_t *final = b;
+  memcpy(output, final, nn * sizeof (uint8_t));
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2b_state_t *Hacl_Hash_Blake2b_malloc(void)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  uint64_t *wv = (uint64_t *)KRML_HOST_CALLOC(16U, sizeof (uint64_t));
+  uint64_t *b = (uint64_t *)KRML_HOST_CALLOC(16U, sizeof (uint64_t));
+  Hacl_Hash_Blake2b_block_state_t block_state = { .fst = wv, .snd = b };
+  Hacl_Hash_Blake2b_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  Hacl_Hash_Blake2b_state_t
+  *p = (Hacl_Hash_Blake2b_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_Blake2b_state_t));
+  p[0U] = s;
+  Hacl_Hash_Blake2b_init(block_state.snd, 0U, 64U);
+  return p;
+}
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2b_reset(Hacl_Hash_Blake2b_state_t *state)
+{
+  Hacl_Hash_Blake2b_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2b_block_state_t block_state = scrut.block_state;
+  Hacl_Hash_Blake2b_init(block_state.snd, 0U, 64U);
+  Hacl_Hash_Blake2b_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
+}
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint32_t chunk_len)
+{
+  Hacl_Hash_Blake2b_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
+  {
+    sz = 128U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)128U);
+  }
+  if (chunk_len <= 128U - sz)
+  {
+    Hacl_Hash_Blake2b_state_t s1 = *state;
+    Hacl_Hash_Blake2b_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_Hash_Blake2b_state_t s1 = *state;
+    Hacl_Hash_Blake2b_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      uint64_t *wv = block_state1.fst;
+      uint64_t *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2b_update_multi(128U,
+        wv,
+        hash,
+        FStar_UInt128_uint64_to_uint128(prevlen),
+        buf,
+        nb);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)128U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 128U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)128U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    uint64_t *wv = block_state1.fst;
+    uint64_t *hash = block_state1.snd;
+    uint32_t nb = data1_len / 128U;
+    Hacl_Hash_Blake2b_update_multi(data1_len,
+      wv,
+      hash,
+      FStar_UInt128_uint64_to_uint128(total_len1),
+      data1,
+      nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 128U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_Blake2b_state_t s1 = *state;
+    Hacl_Hash_Blake2b_block_state_t block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)128U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 128U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)128U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2
+        }
+      );
+    Hacl_Hash_Blake2b_state_t s10 = *state;
+    Hacl_Hash_Blake2b_block_state_t block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      uint64_t *wv = block_state1.fst;
+      uint64_t *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2b_update_multi(128U,
+        wv,
+        hash,
+        FStar_UInt128_uint64_to_uint128(prevlen),
+        buf,
+        nb);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)128U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 128U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)128U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    uint64_t *wv = block_state1.fst;
+    uint64_t *hash = block_state1.snd;
+    uint32_t nb = data1_len / 128U;
+    Hacl_Hash_Blake2b_update_multi(data1_len,
+      wv,
+      hash,
+      FStar_UInt128_uint64_to_uint128(total_len1),
+      data1,
+      nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+/**
+  Finish function when there is no key
+*/
+void Hacl_Hash_Blake2b_digest(Hacl_Hash_Blake2b_state_t *state, uint8_t *output)
+{
+  Hacl_Hash_Blake2b_state_t scrut = *state;
+  Hacl_Hash_Blake2b_block_state_t block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint32_t r;
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
+  {
+    r = 128U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)128U);
+  }
+  uint8_t *buf_1 = buf_;
+  uint64_t wv0[16U] = { 0U };
+  uint64_t b[16U] = { 0U };
+  Hacl_Hash_Blake2b_block_state_t tmp_block_state = { .fst = wv0, .snd = b };
+  uint64_t *src_b = block_state.snd;
+  uint64_t *dst_b = tmp_block_state.snd;
+  memcpy(dst_b, src_b, 16U * sizeof (uint64_t));
+  uint64_t prev_len = total_len - (uint64_t)r;
+  uint32_t ite;
+  if (r % 128U == 0U && r > 0U)
+  {
+    ite = 128U;
+  }
+  else
+  {
+    ite = r % 128U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  uint64_t *wv1 = tmp_block_state.fst;
+  uint64_t *hash0 = tmp_block_state.snd;
+  uint32_t nb = 0U;
+  Hacl_Hash_Blake2b_update_multi(0U,
+    wv1,
+    hash0,
+    FStar_UInt128_uint64_to_uint128(prev_len),
+    buf_multi,
+    nb);
+  uint64_t prev_len_last = total_len - (uint64_t)r;
+  uint64_t *wv = tmp_block_state.fst;
+  uint64_t *hash = tmp_block_state.snd;
+  Hacl_Hash_Blake2b_update_last(r,
+    wv,
+    hash,
+    FStar_UInt128_uint64_to_uint128(prev_len_last),
+    r,
+    buf_last);
+  Hacl_Hash_Blake2b_finish(64U, output, tmp_block_state.snd);
+}
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2b_free(Hacl_Hash_Blake2b_state_t *state)
+{
+  Hacl_Hash_Blake2b_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2b_block_state_t block_state = scrut.block_state;
+  uint64_t *wv = block_state.fst;
+  uint64_t *b = block_state.snd;
+  KRML_HOST_FREE(wv);
+  KRML_HOST_FREE(b);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+/**
+Write the BLAKE2b digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2b_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+)
+{
+  uint64_t b[16U] = { 0U };
+  uint64_t b1[16U] = { 0U };
+  Hacl_Hash_Blake2b_init(b, key_len, output_len);
+  update(b1, b, key_len, key, input_len, input);
+  Hacl_Hash_Blake2b_finish(output_len, output, b);
+  Lib_Memzero0_memzero(b1, 16U, uint64_t);
+  Lib_Memzero0_memzero(b, 16U, uint64_t);
+}
+
diff --git a/src/msvc/Hacl_Hash_Blake2b_256.c b/src/msvc/Hacl_Hash_Blake2b_256.c
deleted file mode 100644
index b37ffc5f..00000000
--- a/src/msvc/Hacl_Hash_Blake2b_256.c
+++ /dev/null
@@ -1,499 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Hash_Blake2b_256.h"
-
-#include "internal/Hacl_Impl_Blake2_Constants.h"
-#include "internal/Hacl_Hash_Blake2.h"
-#include "lib_memzero0.h"
-
-static inline void
-blake2b_update_block(
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  bool flag,
-  FStar_UInt128_uint128 totlen,
-  uint8_t *d
-)
-{
-  uint64_t m_w[16U] = { 0U };
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint64_t *os = m_w;
-    uint8_t *bj = d + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_zero;
-  uint64_t wv_14;
-  if (flag)
-  {
-    wv_14 = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  }
-  else
-  {
-    wv_14 = (uint64_t)0U;
-  }
-  uint64_t wv_15 = (uint64_t)0U;
-  mask =
-    Lib_IntVector_Intrinsics_vec256_load64s(FStar_UInt128_uint128_to_uint64(totlen),
-      FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(totlen, (uint32_t)64U)),
-      wv_14,
-      wv_15);
-  memcpy(wv, hash, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Lib_IntVector_Intrinsics_vec256 *wv3 = wv + (uint32_t)3U;
-  wv3[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv3[0U], mask);
-  KRML_MAYBE_FOR12(i,
-    (uint32_t)0U,
-    (uint32_t)12U,
-    (uint32_t)1U,
-    uint32_t start_idx = i % (uint32_t)10U * (uint32_t)16U;
-    KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 m_st[4U] KRML_POST_ALIGN(32) = { 0U };
-    Lib_IntVector_Intrinsics_vec256 *r0 = m_st;
-    Lib_IntVector_Intrinsics_vec256 *r1 = m_st + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *r20 = m_st + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec256 *r30 = m_st + (uint32_t)3U;
-    uint32_t s0 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)0U];
-    uint32_t s1 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)1U];
-    uint32_t s2 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)2U];
-    uint32_t s3 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)3U];
-    uint32_t s4 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)4U];
-    uint32_t s5 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)5U];
-    uint32_t s6 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)6U];
-    uint32_t s7 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)7U];
-    uint32_t s8 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)8U];
-    uint32_t s9 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)9U];
-    uint32_t s10 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)10U];
-    uint32_t s11 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)11U];
-    uint32_t s12 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)12U];
-    uint32_t s13 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)13U];
-    uint32_t s14 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)14U];
-    uint32_t s15 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)15U];
-    r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s0], m_w[s2], m_w[s4], m_w[s6]);
-    r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s1], m_w[s3], m_w[s5], m_w[s7]);
-    r20[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s8], m_w[s10], m_w[s12], m_w[s14]);
-    r30[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s9], m_w[s11], m_w[s13], m_w[s15]);
-    Lib_IntVector_Intrinsics_vec256 *x = m_st;
-    Lib_IntVector_Intrinsics_vec256 *y = m_st + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *z = m_st + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec256 *w = m_st + (uint32_t)3U;
-    uint32_t a = (uint32_t)0U;
-    uint32_t b0 = (uint32_t)1U;
-    uint32_t c0 = (uint32_t)2U;
-    uint32_t d10 = (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec256 *wv_a0 = wv + a * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b0 = wv + b0 * (uint32_t)1U;
-    wv_a0[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a0[0U], wv_b0[0U]);
-    wv_a0[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a0[0U], x[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a1 = wv + d10 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b1 = wv + a * (uint32_t)1U;
-    wv_a1[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a1[0U], wv_b1[0U]);
-    wv_a1[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a1[0U], (uint32_t)32U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a2 = wv + c0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b2 = wv + d10 * (uint32_t)1U;
-    wv_a2[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a2[0U], wv_b2[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a3 = wv + b0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b3 = wv + c0 * (uint32_t)1U;
-    wv_a3[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a3[0U], wv_b3[0U]);
-    wv_a3[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a3[0U], (uint32_t)24U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a4 = wv + a * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b4 = wv + b0 * (uint32_t)1U;
-    wv_a4[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a4[0U], wv_b4[0U]);
-    wv_a4[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a4[0U], y[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a5 = wv + d10 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b5 = wv + a * (uint32_t)1U;
-    wv_a5[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a5[0U], wv_b5[0U]);
-    wv_a5[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a5[0U], (uint32_t)16U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a6 = wv + c0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b6 = wv + d10 * (uint32_t)1U;
-    wv_a6[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a6[0U], wv_b6[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a7 = wv + b0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b7 = wv + c0 * (uint32_t)1U;
-    wv_a7[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a7[0U], wv_b7[0U]);
-    wv_a7[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a7[0U], (uint32_t)63U);
-    Lib_IntVector_Intrinsics_vec256 *r10 = wv + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *r21 = wv + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec256 *r31 = wv + (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec256 v00 = r10[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v1 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v00, (uint32_t)1U);
-    r10[0U] = v1;
-    Lib_IntVector_Intrinsics_vec256 v01 = r21[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v10 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v01, (uint32_t)2U);
-    r21[0U] = v10;
-    Lib_IntVector_Intrinsics_vec256 v02 = r31[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v11 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v02, (uint32_t)3U);
-    r31[0U] = v11;
-    uint32_t a0 = (uint32_t)0U;
-    uint32_t b = (uint32_t)1U;
-    uint32_t c = (uint32_t)2U;
-    uint32_t d1 = (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec256 *wv_a = wv + a0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b8 = wv + b * (uint32_t)1U;
-    wv_a[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a[0U], wv_b8[0U]);
-    wv_a[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a[0U], z[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a8 = wv + d1 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b9 = wv + a0 * (uint32_t)1U;
-    wv_a8[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a8[0U], wv_b9[0U]);
-    wv_a8[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a8[0U], (uint32_t)32U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a9 = wv + c * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b10 = wv + d1 * (uint32_t)1U;
-    wv_a9[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a9[0U], wv_b10[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a10 = wv + b * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b11 = wv + c * (uint32_t)1U;
-    wv_a10[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a10[0U], wv_b11[0U]);
-    wv_a10[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a10[0U], (uint32_t)24U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a11 = wv + a0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b12 = wv + b * (uint32_t)1U;
-    wv_a11[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a11[0U], wv_b12[0U]);
-    wv_a11[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a11[0U], w[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a12 = wv + d1 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b13 = wv + a0 * (uint32_t)1U;
-    wv_a12[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a12[0U], wv_b13[0U]);
-    wv_a12[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a12[0U], (uint32_t)16U);
-    Lib_IntVector_Intrinsics_vec256 *wv_a13 = wv + c * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b14 = wv + d1 * (uint32_t)1U;
-    wv_a13[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a13[0U], wv_b14[0U]);
-    Lib_IntVector_Intrinsics_vec256 *wv_a14 = wv + b * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *wv_b = wv + c * (uint32_t)1U;
-    wv_a14[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a14[0U], wv_b[0U]);
-    wv_a14[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a14[0U], (uint32_t)63U);
-    Lib_IntVector_Intrinsics_vec256 *r11 = wv + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec256 *r2 = wv + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec256 *r3 = wv + (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec256 v0 = r11[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v12 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v0, (uint32_t)3U);
-    r11[0U] = v12;
-    Lib_IntVector_Intrinsics_vec256 v03 = r2[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v13 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v03, (uint32_t)2U);
-    r2[0U] = v13;
-    Lib_IntVector_Intrinsics_vec256 v04 = r3[0U];
-    Lib_IntVector_Intrinsics_vec256
-    v14 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v04, (uint32_t)1U);
-    r3[0U] = v14;);
-  Lib_IntVector_Intrinsics_vec256 *s0 = hash;
-  Lib_IntVector_Intrinsics_vec256 *s1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r0 = wv;
-  Lib_IntVector_Intrinsics_vec256 *r1 = wv + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r2 = wv + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec256 *r3 = wv + (uint32_t)3U;
-  s0[0U] = Lib_IntVector_Intrinsics_vec256_xor(s0[0U], r0[0U]);
-  s0[0U] = Lib_IntVector_Intrinsics_vec256_xor(s0[0U], r2[0U]);
-  s1[0U] = Lib_IntVector_Intrinsics_vec256_xor(s1[0U], r1[0U]);
-  s1[0U] = Lib_IntVector_Intrinsics_vec256_xor(s1[0U], r3[0U]);
-}
-
-void
-Hacl_Blake2b_256_blake2b_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn)
-{
-  Lib_IntVector_Intrinsics_vec256 *r0 = hash;
-  Lib_IntVector_Intrinsics_vec256 *r1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r2 = hash + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec256 *r3 = hash + (uint32_t)3U;
-  uint64_t iv0 = Hacl_Impl_Blake2_Constants_ivTable_B[0U];
-  uint64_t iv1 = Hacl_Impl_Blake2_Constants_ivTable_B[1U];
-  uint64_t iv2 = Hacl_Impl_Blake2_Constants_ivTable_B[2U];
-  uint64_t iv3 = Hacl_Impl_Blake2_Constants_ivTable_B[3U];
-  uint64_t iv4 = Hacl_Impl_Blake2_Constants_ivTable_B[4U];
-  uint64_t iv5 = Hacl_Impl_Blake2_Constants_ivTable_B[5U];
-  uint64_t iv6 = Hacl_Impl_Blake2_Constants_ivTable_B[6U];
-  uint64_t iv7 = Hacl_Impl_Blake2_Constants_ivTable_B[7U];
-  r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0, iv1, iv2, iv3);
-  r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7);
-  uint64_t kk_shift_8 = (uint64_t)kk << (uint32_t)8U;
-  uint64_t iv0_ = iv0 ^ ((uint64_t)0x01010000U ^ (kk_shift_8 ^ (uint64_t)nn));
-  r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0_, iv1, iv2, iv3);
-  r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7);
-}
-
-void
-Hacl_Blake2b_256_blake2b_update_key(
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-)
-{
-  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U);
-  uint8_t b[128U] = { 0U };
-  memcpy(b, k, kk * sizeof (uint8_t));
-  if (ll == (uint32_t)0U)
-  {
-    blake2b_update_block(wv, hash, true, lb, b);
-  }
-  else
-  {
-    blake2b_update_block(wv, hash, false, lb, b);
-  }
-  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
-}
-
-void
-Hacl_Blake2b_256_blake2b_update_multi(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks,
-  uint32_t nb
-)
-{
-  KRML_HOST_IGNORE(len);
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    FStar_UInt128_uint128
-    totlen =
-      FStar_UInt128_add_mod(prev,
-        FStar_UInt128_uint64_to_uint128((uint64_t)((i + (uint32_t)1U) * (uint32_t)128U)));
-    uint8_t *b = blocks + i * (uint32_t)128U;
-    blake2b_update_block(wv, hash, false, totlen, b);
-  }
-}
-
-void
-Hacl_Blake2b_256_blake2b_update_last(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  FStar_UInt128_uint128 prev,
-  uint32_t rem,
-  uint8_t *d
-)
-{
-  uint8_t b[128U] = { 0U };
-  uint8_t *last = d + len - rem;
-  memcpy(b, last, rem * sizeof (uint8_t));
-  FStar_UInt128_uint128
-  totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
-  blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
-}
-
-static inline void
-blake2b_update_blocks(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  FStar_UInt128_uint128 prev,
-  uint8_t *blocks
-)
-{
-  uint32_t nb0 = len / (uint32_t)128U;
-  uint32_t rem0 = len % (uint32_t)128U;
-  K___uint32_t_uint32_t scrut;
-  if (rem0 == (uint32_t)0U && nb0 > (uint32_t)0U)
-  {
-    uint32_t nb_ = nb0 - (uint32_t)1U;
-    uint32_t rem_ = (uint32_t)128U;
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb_, .snd = rem_ });
-  }
-  else
-  {
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb0, .snd = rem0 });
-  }
-  uint32_t nb = scrut.fst;
-  uint32_t rem = scrut.snd;
-  Hacl_Blake2b_256_blake2b_update_multi(len, wv, hash, prev, blocks, nb);
-  Hacl_Blake2b_256_blake2b_update_last(len, wv, hash, prev, rem, blocks);
-}
-
-static inline void
-blake2b_update(
-  Lib_IntVector_Intrinsics_vec256 *wv,
-  Lib_IntVector_Intrinsics_vec256 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll,
-  uint8_t *d
-)
-{
-  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)128U);
-  if (kk > (uint32_t)0U)
-  {
-    Hacl_Blake2b_256_blake2b_update_key(wv, hash, kk, k, ll);
-    if (!(ll == (uint32_t)0U))
-    {
-      blake2b_update_blocks(ll, wv, hash, lb, d);
-      return;
-    }
-    return;
-  }
-  blake2b_update_blocks(ll,
-    wv,
-    hash,
-    FStar_UInt128_uint64_to_uint128((uint64_t)(uint32_t)0U),
-    d);
-}
-
-void
-Hacl_Blake2b_256_blake2b_finish(
-  uint32_t nn,
-  uint8_t *output,
-  Lib_IntVector_Intrinsics_vec256 *hash
-)
-{
-  uint8_t b[64U] = { 0U };
-  uint8_t *first = b;
-  uint8_t *second = b + (uint32_t)32U;
-  Lib_IntVector_Intrinsics_vec256 *row0 = hash;
-  Lib_IntVector_Intrinsics_vec256 *row1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256_store64_le(first, row0[0U]);
-  Lib_IntVector_Intrinsics_vec256_store64_le(second, row1[0U]);
-  uint8_t *final = b;
-  memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-/**
-Write the BLAKE2b digest of message `d` using key `k` into `output`.
-
-@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2b_256_blake2b(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-)
-{
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b[4U] KRML_POST_ALIGN(32) = { 0U };
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b1[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Blake2b_256_blake2b_init(b, kk, nn);
-  blake2b_update(b1, b, kk, k, ll, d);
-  Hacl_Blake2b_256_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
-  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
-}
-
-void
-Hacl_Blake2b_256_load_state256b_from_state32(
-  Lib_IntVector_Intrinsics_vec256 *st,
-  uint64_t *st32
-)
-{
-  Lib_IntVector_Intrinsics_vec256 *r0 = st;
-  Lib_IntVector_Intrinsics_vec256 *r1 = st + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r2 = st + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec256 *r3 = st + (uint32_t)3U;
-  uint64_t *b0 = st32;
-  uint64_t *b1 = st32 + (uint32_t)4U;
-  uint64_t *b2 = st32 + (uint32_t)8U;
-  uint64_t *b3 = st32 + (uint32_t)12U;
-  r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b0[0U], b0[1U], b0[2U], b0[3U]);
-  r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b1[0U], b1[1U], b1[2U], b1[3U]);
-  r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b2[0U], b2[1U], b2[2U], b2[3U]);
-  r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b3[0U], b3[1U], b3[2U], b3[3U]);
-}
-
-void
-Hacl_Blake2b_256_store_state256b_to_state32(
-  uint64_t *st32,
-  Lib_IntVector_Intrinsics_vec256 *st
-)
-{
-  Lib_IntVector_Intrinsics_vec256 *r0 = st;
-  Lib_IntVector_Intrinsics_vec256 *r1 = st + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec256 *r2 = st + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec256 *r3 = st + (uint32_t)3U;
-  uint64_t *b0 = st32;
-  uint64_t *b1 = st32 + (uint32_t)4U;
-  uint64_t *b2 = st32 + (uint32_t)8U;
-  uint64_t *b3 = st32 + (uint32_t)12U;
-  uint8_t b8[32U] = { 0U };
-  Lib_IntVector_Intrinsics_vec256_store64_le(b8, r0[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = b0;
-    uint8_t *bj = b8 + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  uint8_t b80[32U] = { 0U };
-  Lib_IntVector_Intrinsics_vec256_store64_le(b80, r1[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = b1;
-    uint8_t *bj = b80 + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  uint8_t b81[32U] = { 0U };
-  Lib_IntVector_Intrinsics_vec256_store64_le(b81, r2[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = b2;
-    uint8_t *bj = b81 + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-  uint8_t b82[32U] = { 0U };
-  Lib_IntVector_Intrinsics_vec256_store64_le(b82, r3[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t *os = b3;
-    uint8_t *bj = b82 + i * (uint32_t)8U;
-    uint64_t u = load64_le(bj);
-    uint64_t r = u;
-    uint64_t x = r;
-    os[i] = x;);
-}
-
-Lib_IntVector_Intrinsics_vec256 *Hacl_Blake2b_256_blake2b_malloc(void)
-{
-  Lib_IntVector_Intrinsics_vec256
-  *buf =
-    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
-      sizeof (Lib_IntVector_Intrinsics_vec256) * (uint32_t)4U);
-  memset(buf, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  return buf;
-}
-
diff --git a/src/msvc/Hacl_Hash_Blake2b_Simd256.c b/src/msvc/Hacl_Hash_Blake2b_Simd256.c
new file mode 100644
index 00000000..1a5e8cf2
--- /dev/null
+++ b/src/msvc/Hacl_Hash_Blake2b_Simd256.c
@@ -0,0 +1,828 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_Hash_Blake2b_Simd256.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
+
+static inline void
+update_block(
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  bool flag,
+  FStar_UInt128_uint128 totlen,
+  uint8_t *d
+)
+{
+  uint64_t m_w[16U] = { 0U };
+  KRML_MAYBE_FOR16(i,
+    0U,
+    16U,
+    1U,
+    uint64_t *os = m_w;
+    uint8_t *bj = d + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_zero;
+  uint64_t wv_14;
+  if (flag)
+  {
+    wv_14 = 0xFFFFFFFFFFFFFFFFULL;
+  }
+  else
+  {
+    wv_14 = 0ULL;
+  }
+  uint64_t wv_15 = 0ULL;
+  mask =
+    Lib_IntVector_Intrinsics_vec256_load64s(FStar_UInt128_uint128_to_uint64(totlen),
+      FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(totlen, 64U)),
+      wv_14,
+      wv_15);
+  memcpy(wv, hash, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Lib_IntVector_Intrinsics_vec256 *wv3 = wv + 3U;
+  wv3[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv3[0U], mask);
+  KRML_MAYBE_FOR12(i,
+    0U,
+    12U,
+    1U,
+    uint32_t start_idx = i % 10U * 16U;
+    KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 m_st[4U] KRML_POST_ALIGN(32) = { 0U };
+    Lib_IntVector_Intrinsics_vec256 *r0 = m_st;
+    Lib_IntVector_Intrinsics_vec256 *r1 = m_st + 1U;
+    Lib_IntVector_Intrinsics_vec256 *r20 = m_st + 2U;
+    Lib_IntVector_Intrinsics_vec256 *r30 = m_st + 3U;
+    uint32_t s0 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 0U];
+    uint32_t s1 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 1U];
+    uint32_t s2 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 2U];
+    uint32_t s3 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 3U];
+    uint32_t s4 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 4U];
+    uint32_t s5 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 5U];
+    uint32_t s6 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 6U];
+    uint32_t s7 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 7U];
+    uint32_t s8 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 8U];
+    uint32_t s9 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 9U];
+    uint32_t s10 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 10U];
+    uint32_t s11 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 11U];
+    uint32_t s12 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 12U];
+    uint32_t s13 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 13U];
+    uint32_t s14 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 14U];
+    uint32_t s15 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 15U];
+    r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s0], m_w[s2], m_w[s4], m_w[s6]);
+    r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s1], m_w[s3], m_w[s5], m_w[s7]);
+    r20[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s8], m_w[s10], m_w[s12], m_w[s14]);
+    r30[0U] = Lib_IntVector_Intrinsics_vec256_load64s(m_w[s9], m_w[s11], m_w[s13], m_w[s15]);
+    Lib_IntVector_Intrinsics_vec256 *x = m_st;
+    Lib_IntVector_Intrinsics_vec256 *y = m_st + 1U;
+    Lib_IntVector_Intrinsics_vec256 *z = m_st + 2U;
+    Lib_IntVector_Intrinsics_vec256 *w = m_st + 3U;
+    uint32_t a = 0U;
+    uint32_t b0 = 1U;
+    uint32_t c0 = 2U;
+    uint32_t d10 = 3U;
+    Lib_IntVector_Intrinsics_vec256 *wv_a0 = wv + a * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b0 = wv + b0 * 1U;
+    wv_a0[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a0[0U], wv_b0[0U]);
+    wv_a0[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a0[0U], x[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a1 = wv + d10 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b1 = wv + a * 1U;
+    wv_a1[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a1[0U], wv_b1[0U]);
+    wv_a1[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a1[0U], 32U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a2 = wv + c0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b2 = wv + d10 * 1U;
+    wv_a2[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a2[0U], wv_b2[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a3 = wv + b0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b3 = wv + c0 * 1U;
+    wv_a3[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a3[0U], wv_b3[0U]);
+    wv_a3[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a3[0U], 24U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a4 = wv + a * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b4 = wv + b0 * 1U;
+    wv_a4[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a4[0U], wv_b4[0U]);
+    wv_a4[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a4[0U], y[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a5 = wv + d10 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b5 = wv + a * 1U;
+    wv_a5[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a5[0U], wv_b5[0U]);
+    wv_a5[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a5[0U], 16U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a6 = wv + c0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b6 = wv + d10 * 1U;
+    wv_a6[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a6[0U], wv_b6[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a7 = wv + b0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b7 = wv + c0 * 1U;
+    wv_a7[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a7[0U], wv_b7[0U]);
+    wv_a7[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a7[0U], 63U);
+    Lib_IntVector_Intrinsics_vec256 *r10 = wv + 1U;
+    Lib_IntVector_Intrinsics_vec256 *r21 = wv + 2U;
+    Lib_IntVector_Intrinsics_vec256 *r31 = wv + 3U;
+    Lib_IntVector_Intrinsics_vec256 v00 = r10[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v1 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v00, 1U);
+    r10[0U] = v1;
+    Lib_IntVector_Intrinsics_vec256 v01 = r21[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v10 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v01, 2U);
+    r21[0U] = v10;
+    Lib_IntVector_Intrinsics_vec256 v02 = r31[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v11 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v02, 3U);
+    r31[0U] = v11;
+    uint32_t a0 = 0U;
+    uint32_t b = 1U;
+    uint32_t c = 2U;
+    uint32_t d1 = 3U;
+    Lib_IntVector_Intrinsics_vec256 *wv_a = wv + a0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b8 = wv + b * 1U;
+    wv_a[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a[0U], wv_b8[0U]);
+    wv_a[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a[0U], z[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a8 = wv + d1 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b9 = wv + a0 * 1U;
+    wv_a8[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a8[0U], wv_b9[0U]);
+    wv_a8[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a8[0U], 32U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a9 = wv + c * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b10 = wv + d1 * 1U;
+    wv_a9[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a9[0U], wv_b10[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a10 = wv + b * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b11 = wv + c * 1U;
+    wv_a10[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a10[0U], wv_b11[0U]);
+    wv_a10[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a10[0U], 24U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a11 = wv + a0 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b12 = wv + b * 1U;
+    wv_a11[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a11[0U], wv_b12[0U]);
+    wv_a11[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a11[0U], w[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a12 = wv + d1 * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b13 = wv + a0 * 1U;
+    wv_a12[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a12[0U], wv_b13[0U]);
+    wv_a12[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a12[0U], 16U);
+    Lib_IntVector_Intrinsics_vec256 *wv_a13 = wv + c * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b14 = wv + d1 * 1U;
+    wv_a13[0U] = Lib_IntVector_Intrinsics_vec256_add64(wv_a13[0U], wv_b14[0U]);
+    Lib_IntVector_Intrinsics_vec256 *wv_a14 = wv + b * 1U;
+    Lib_IntVector_Intrinsics_vec256 *wv_b = wv + c * 1U;
+    wv_a14[0U] = Lib_IntVector_Intrinsics_vec256_xor(wv_a14[0U], wv_b[0U]);
+    wv_a14[0U] = Lib_IntVector_Intrinsics_vec256_rotate_right64(wv_a14[0U], 63U);
+    Lib_IntVector_Intrinsics_vec256 *r11 = wv + 1U;
+    Lib_IntVector_Intrinsics_vec256 *r2 = wv + 2U;
+    Lib_IntVector_Intrinsics_vec256 *r3 = wv + 3U;
+    Lib_IntVector_Intrinsics_vec256 v0 = r11[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v12 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v0, 3U);
+    r11[0U] = v12;
+    Lib_IntVector_Intrinsics_vec256 v03 = r2[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v13 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v03, 2U);
+    r2[0U] = v13;
+    Lib_IntVector_Intrinsics_vec256 v04 = r3[0U];
+    Lib_IntVector_Intrinsics_vec256
+    v14 = Lib_IntVector_Intrinsics_vec256_rotate_right_lanes64(v04, 1U);
+    r3[0U] = v14;);
+  Lib_IntVector_Intrinsics_vec256 *s0 = hash;
+  Lib_IntVector_Intrinsics_vec256 *s1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r0 = wv;
+  Lib_IntVector_Intrinsics_vec256 *r1 = wv + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r2 = wv + 2U;
+  Lib_IntVector_Intrinsics_vec256 *r3 = wv + 3U;
+  s0[0U] = Lib_IntVector_Intrinsics_vec256_xor(s0[0U], r0[0U]);
+  s0[0U] = Lib_IntVector_Intrinsics_vec256_xor(s0[0U], r2[0U]);
+  s1[0U] = Lib_IntVector_Intrinsics_vec256_xor(s1[0U], r1[0U]);
+  s1[0U] = Lib_IntVector_Intrinsics_vec256_xor(s1[0U], r3[0U]);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn)
+{
+  Lib_IntVector_Intrinsics_vec256 *r0 = hash;
+  Lib_IntVector_Intrinsics_vec256 *r1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r2 = hash + 2U;
+  Lib_IntVector_Intrinsics_vec256 *r3 = hash + 3U;
+  uint64_t iv0 = Hacl_Hash_Blake2s_ivTable_B[0U];
+  uint64_t iv1 = Hacl_Hash_Blake2s_ivTable_B[1U];
+  uint64_t iv2 = Hacl_Hash_Blake2s_ivTable_B[2U];
+  uint64_t iv3 = Hacl_Hash_Blake2s_ivTable_B[3U];
+  uint64_t iv4 = Hacl_Hash_Blake2s_ivTable_B[4U];
+  uint64_t iv5 = Hacl_Hash_Blake2s_ivTable_B[5U];
+  uint64_t iv6 = Hacl_Hash_Blake2s_ivTable_B[6U];
+  uint64_t iv7 = Hacl_Hash_Blake2s_ivTable_B[7U];
+  r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0, iv1, iv2, iv3);
+  r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7);
+  uint64_t kk_shift_8 = (uint64_t)kk << 8U;
+  uint64_t iv0_ = iv0 ^ (0x01010000ULL ^ (kk_shift_8 ^ (uint64_t)nn));
+  r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0_, iv1, iv2, iv3);
+  r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7);
+}
+
+static void
+update_key(
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  uint32_t kk,
+  uint8_t *k,
+  uint32_t ll
+)
+{
+  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)128U);
+  uint8_t b[128U] = { 0U };
+  memcpy(b, k, kk * sizeof (uint8_t));
+  if (ll == 0U)
+  {
+    update_block(wv, hash, true, lb, b);
+  }
+  else
+  {
+    update_block(wv, hash, false, lb, b);
+  }
+  Lib_Memzero0_memzero(b, 128U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_update_multi(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks,
+  uint32_t nb
+)
+{
+  KRML_MAYBE_UNUSED_VAR(len);
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    FStar_UInt128_uint128
+    totlen =
+      FStar_UInt128_add_mod(prev,
+        FStar_UInt128_uint64_to_uint128((uint64_t)((i + 1U) * 128U)));
+    uint8_t *b = blocks + i * 128U;
+    update_block(wv, hash, false, totlen, b);
+  }
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_update_last(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  FStar_UInt128_uint128 prev,
+  uint32_t rem,
+  uint8_t *d
+)
+{
+  uint8_t b[128U] = { 0U };
+  uint8_t *last = d + len - rem;
+  memcpy(b, last, rem * sizeof (uint8_t));
+  FStar_UInt128_uint128
+  totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
+  update_block(wv, hash, true, totlen, b);
+  Lib_Memzero0_memzero(b, 128U, uint8_t);
+}
+
+static inline void
+update_blocks(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  FStar_UInt128_uint128 prev,
+  uint8_t *blocks
+)
+{
+  uint32_t nb0 = len / 128U;
+  uint32_t rem0 = len % 128U;
+  uint32_t nb;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    nb = nb0 - 1U;
+  }
+  else
+  {
+    nb = nb0;
+  }
+  uint32_t rem;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    rem = 128U;
+  }
+  else
+  {
+    rem = rem0;
+  }
+  Hacl_Hash_Blake2b_Simd256_update_multi(len, wv, hash, prev, blocks, nb);
+  Hacl_Hash_Blake2b_Simd256_update_last(len, wv, hash, prev, rem, blocks);
+}
+
+static inline void
+update(
+  Lib_IntVector_Intrinsics_vec256 *wv,
+  Lib_IntVector_Intrinsics_vec256 *hash,
+  uint32_t kk,
+  uint8_t *k,
+  uint32_t ll,
+  uint8_t *d
+)
+{
+  FStar_UInt128_uint128 lb = FStar_UInt128_uint64_to_uint128((uint64_t)128U);
+  if (kk > 0U)
+  {
+    update_key(wv, hash, kk, k, ll);
+    if (!(ll == 0U))
+    {
+      update_blocks(ll, wv, hash, lb, d);
+      return;
+    }
+    return;
+  }
+  update_blocks(ll, wv, hash, FStar_UInt128_uint64_to_uint128((uint64_t)0U), d);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_finish(
+  uint32_t nn,
+  uint8_t *output,
+  Lib_IntVector_Intrinsics_vec256 *hash
+)
+{
+  uint8_t b[64U] = { 0U };
+  uint8_t *first = b;
+  uint8_t *second = b + 32U;
+  Lib_IntVector_Intrinsics_vec256 *row0 = hash;
+  Lib_IntVector_Intrinsics_vec256 *row1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec256_store64_le(first, row0[0U]);
+  Lib_IntVector_Intrinsics_vec256_store64_le(second, row1[0U]);
+  uint8_t *final = b;
+  memcpy(output, final, nn * sizeof (uint8_t));
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_load_state256b_from_state32(
+  Lib_IntVector_Intrinsics_vec256 *st,
+  uint64_t *st32
+)
+{
+  Lib_IntVector_Intrinsics_vec256 *r0 = st;
+  Lib_IntVector_Intrinsics_vec256 *r1 = st + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r2 = st + 2U;
+  Lib_IntVector_Intrinsics_vec256 *r3 = st + 3U;
+  uint64_t *b0 = st32;
+  uint64_t *b1 = st32 + 4U;
+  uint64_t *b2 = st32 + 8U;
+  uint64_t *b3 = st32 + 12U;
+  r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b0[0U], b0[1U], b0[2U], b0[3U]);
+  r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b1[0U], b1[1U], b1[2U], b1[3U]);
+  r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b2[0U], b2[1U], b2[2U], b2[3U]);
+  r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(b3[0U], b3[1U], b3[2U], b3[3U]);
+}
+
+void
+Hacl_Hash_Blake2b_Simd256_store_state256b_to_state32(
+  uint64_t *st32,
+  Lib_IntVector_Intrinsics_vec256 *st
+)
+{
+  Lib_IntVector_Intrinsics_vec256 *r0 = st;
+  Lib_IntVector_Intrinsics_vec256 *r1 = st + 1U;
+  Lib_IntVector_Intrinsics_vec256 *r2 = st + 2U;
+  Lib_IntVector_Intrinsics_vec256 *r3 = st + 3U;
+  uint64_t *b0 = st32;
+  uint64_t *b1 = st32 + 4U;
+  uint64_t *b2 = st32 + 8U;
+  uint64_t *b3 = st32 + 12U;
+  uint8_t b8[32U] = { 0U };
+  Lib_IntVector_Intrinsics_vec256_store64_le(b8, r0[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = b0;
+    uint8_t *bj = b8 + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  uint8_t b80[32U] = { 0U };
+  Lib_IntVector_Intrinsics_vec256_store64_le(b80, r1[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = b1;
+    uint8_t *bj = b80 + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  uint8_t b81[32U] = { 0U };
+  Lib_IntVector_Intrinsics_vec256_store64_le(b81, r2[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = b2;
+    uint8_t *bj = b81 + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+  uint8_t b82[32U] = { 0U };
+  Lib_IntVector_Intrinsics_vec256_store64_le(b82, r3[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint64_t *os = b3;
+    uint8_t *bj = b82 + i * 8U;
+    uint64_t u = load64_le(bj);
+    uint64_t r = u;
+    uint64_t x = r;
+    os[i] = x;);
+}
+
+Lib_IntVector_Intrinsics_vec256 *Hacl_Hash_Blake2b_Simd256_malloc_with_key(void)
+{
+  Lib_IntVector_Intrinsics_vec256
+  *buf =
+    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
+      sizeof (Lib_IntVector_Intrinsics_vec256) * 4U);
+  memset(buf, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  return buf;
+}
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2b_Simd256_state_t *Hacl_Hash_Blake2b_Simd256_malloc(void)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  Lib_IntVector_Intrinsics_vec256
+  *wv =
+    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
+      sizeof (Lib_IntVector_Intrinsics_vec256) * 4U);
+  memset(wv, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Lib_IntVector_Intrinsics_vec256
+  *b =
+    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
+      sizeof (Lib_IntVector_Intrinsics_vec256) * 4U);
+  memset(b, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state = { .fst = wv, .snd = b };
+  Hacl_Hash_Blake2b_Simd256_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  Hacl_Hash_Blake2b_Simd256_state_t
+  *p =
+    (Hacl_Hash_Blake2b_Simd256_state_t *)KRML_HOST_MALLOC(sizeof (
+        Hacl_Hash_Blake2b_Simd256_state_t
+      ));
+  p[0U] = s;
+  Hacl_Hash_Blake2b_Simd256_init(block_state.snd, 0U, 64U);
+  return p;
+}
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2b_Simd256_reset(Hacl_Hash_Blake2b_Simd256_state_t *state)
+{
+  Hacl_Hash_Blake2b_Simd256_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state = scrut.block_state;
+  Hacl_Hash_Blake2b_Simd256_init(block_state.snd, 0U, 64U);
+  Hacl_Hash_Blake2b_Simd256_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
+}
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2b_Simd256_update(
+  Hacl_Hash_Blake2b_Simd256_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+)
+{
+  Hacl_Hash_Blake2b_Simd256_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
+  {
+    sz = 128U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)128U);
+  }
+  if (chunk_len <= 128U - sz)
+  {
+    Hacl_Hash_Blake2b_Simd256_state_t s1 = *state;
+    Hacl_Hash_Blake2b_Simd256_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_Hash_Blake2b_Simd256_state_t s1 = *state;
+    Hacl_Hash_Blake2b_Simd256_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
+      Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2b_Simd256_update_multi(128U,
+        wv,
+        hash,
+        FStar_UInt128_uint64_to_uint128(prevlen),
+        buf,
+        nb);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)128U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 128U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)128U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
+    Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
+    uint32_t nb = data1_len / 128U;
+    Hacl_Hash_Blake2b_Simd256_update_multi(data1_len,
+      wv,
+      hash,
+      FStar_UInt128_uint64_to_uint128(total_len1),
+      data1,
+      nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 128U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_Blake2b_Simd256_state_t s1 = *state;
+    Hacl_Hash_Blake2b_Simd256_block_state_t block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)128U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 128U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)128U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_Simd256_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2
+        }
+      );
+    Hacl_Hash_Blake2b_Simd256_state_t s10 = *state;
+    Hacl_Hash_Blake2b_Simd256_block_state_t block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 128U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
+      Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2b_Simd256_update_multi(128U,
+        wv,
+        hash,
+        FStar_UInt128_uint64_to_uint128(prevlen),
+        buf,
+        nb);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)128U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 128U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)128U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
+    Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
+    uint32_t nb = data1_len / 128U;
+    Hacl_Hash_Blake2b_Simd256_update_multi(data1_len,
+      wv,
+      hash,
+      FStar_UInt128_uint64_to_uint128(total_len1),
+      data1,
+      nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2b_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+/**
+  Finish function when there is no key
+*/
+void
+Hacl_Hash_Blake2b_Simd256_digest(Hacl_Hash_Blake2b_Simd256_state_t *state, uint8_t *output)
+{
+  Hacl_Hash_Blake2b_Simd256_state_t scrut = *state;
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint32_t r;
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
+  {
+    r = 128U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)128U);
+  }
+  uint8_t *buf_1 = buf_;
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv0[4U] KRML_POST_ALIGN(32) = { 0U };
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b[4U] KRML_POST_ALIGN(32) = { 0U };
+  Hacl_Hash_Blake2b_Simd256_block_state_t tmp_block_state = { .fst = wv0, .snd = b };
+  Lib_IntVector_Intrinsics_vec256 *src_b = block_state.snd;
+  Lib_IntVector_Intrinsics_vec256 *dst_b = tmp_block_state.snd;
+  memcpy(dst_b, src_b, 4U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  uint64_t prev_len = total_len - (uint64_t)r;
+  uint32_t ite;
+  if (r % 128U == 0U && r > 0U)
+  {
+    ite = 128U;
+  }
+  else
+  {
+    ite = r % 128U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  Lib_IntVector_Intrinsics_vec256 *wv1 = tmp_block_state.fst;
+  Lib_IntVector_Intrinsics_vec256 *hash0 = tmp_block_state.snd;
+  uint32_t nb = 0U;
+  Hacl_Hash_Blake2b_Simd256_update_multi(0U,
+    wv1,
+    hash0,
+    FStar_UInt128_uint64_to_uint128(prev_len),
+    buf_multi,
+    nb);
+  uint64_t prev_len_last = total_len - (uint64_t)r;
+  Lib_IntVector_Intrinsics_vec256 *wv = tmp_block_state.fst;
+  Lib_IntVector_Intrinsics_vec256 *hash = tmp_block_state.snd;
+  Hacl_Hash_Blake2b_Simd256_update_last(r,
+    wv,
+    hash,
+    FStar_UInt128_uint64_to_uint128(prev_len_last),
+    r,
+    buf_last);
+  Hacl_Hash_Blake2b_Simd256_finish(64U, output, tmp_block_state.snd);
+}
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2b_Simd256_free(Hacl_Hash_Blake2b_Simd256_state_t *state)
+{
+  Hacl_Hash_Blake2b_Simd256_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2b_Simd256_block_state_t block_state = scrut.block_state;
+  Lib_IntVector_Intrinsics_vec256 *wv = block_state.fst;
+  Lib_IntVector_Intrinsics_vec256 *b = block_state.snd;
+  KRML_ALIGNED_FREE(wv);
+  KRML_ALIGNED_FREE(b);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+/**
+Write the BLAKE2b digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2b_Simd256_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+)
+{
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b[4U] KRML_POST_ALIGN(32) = { 0U };
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b1[4U] KRML_POST_ALIGN(32) = { 0U };
+  Hacl_Hash_Blake2b_Simd256_init(b, key_len, output_len);
+  update(b1, b, key_len, key, input_len, input);
+  Hacl_Hash_Blake2b_Simd256_finish(output_len, output, b);
+  Lib_Memzero0_memzero(b1, 4U, Lib_IntVector_Intrinsics_vec256);
+  Lib_Memzero0_memzero(b, 4U, Lib_IntVector_Intrinsics_vec256);
+}
+
diff --git a/src/msvc/Hacl_Hash_Blake2s.c b/src/msvc/Hacl_Hash_Blake2s.c
new file mode 100644
index 00000000..652c3f33
--- /dev/null
+++ b/src/msvc/Hacl_Hash_Blake2s.c
@@ -0,0 +1,931 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_Hash_Blake2s.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
+
+static inline void
+update_block(uint32_t *wv, uint32_t *hash, bool flag, uint64_t totlen, uint8_t *d)
+{
+  uint32_t m_w[16U] = { 0U };
+  KRML_MAYBE_FOR16(i,
+    0U,
+    16U,
+    1U,
+    uint32_t *os = m_w;
+    uint8_t *bj = d + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  uint32_t mask[4U] = { 0U };
+  uint32_t wv_14;
+  if (flag)
+  {
+    wv_14 = 0xFFFFFFFFU;
+  }
+  else
+  {
+    wv_14 = 0U;
+  }
+  uint32_t wv_15 = 0U;
+  mask[0U] = (uint32_t)totlen;
+  mask[1U] = (uint32_t)(totlen >> 32U);
+  mask[2U] = wv_14;
+  mask[3U] = wv_15;
+  memcpy(wv, hash, 16U * sizeof (uint32_t));
+  uint32_t *wv3 = wv + 12U;
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = wv3;
+    uint32_t x = wv3[i] ^ mask[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR10(i0,
+    0U,
+    10U,
+    1U,
+    uint32_t start_idx = i0 % 10U * 16U;
+    uint32_t m_st[16U] = { 0U };
+    uint32_t *r0 = m_st;
+    uint32_t *r1 = m_st + 4U;
+    uint32_t *r20 = m_st + 8U;
+    uint32_t *r30 = m_st + 12U;
+    uint32_t s0 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 0U];
+    uint32_t s1 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 1U];
+    uint32_t s2 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 2U];
+    uint32_t s3 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 3U];
+    uint32_t s4 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 4U];
+    uint32_t s5 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 5U];
+    uint32_t s6 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 6U];
+    uint32_t s7 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 7U];
+    uint32_t s8 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 8U];
+    uint32_t s9 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 9U];
+    uint32_t s10 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 10U];
+    uint32_t s11 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 11U];
+    uint32_t s12 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 12U];
+    uint32_t s13 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 13U];
+    uint32_t s14 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 14U];
+    uint32_t s15 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 15U];
+    uint32_t uu____0 = m_w[s2];
+    uint32_t uu____1 = m_w[s4];
+    uint32_t uu____2 = m_w[s6];
+    r0[0U] = m_w[s0];
+    r0[1U] = uu____0;
+    r0[2U] = uu____1;
+    r0[3U] = uu____2;
+    uint32_t uu____3 = m_w[s3];
+    uint32_t uu____4 = m_w[s5];
+    uint32_t uu____5 = m_w[s7];
+    r1[0U] = m_w[s1];
+    r1[1U] = uu____3;
+    r1[2U] = uu____4;
+    r1[3U] = uu____5;
+    uint32_t uu____6 = m_w[s10];
+    uint32_t uu____7 = m_w[s12];
+    uint32_t uu____8 = m_w[s14];
+    r20[0U] = m_w[s8];
+    r20[1U] = uu____6;
+    r20[2U] = uu____7;
+    r20[3U] = uu____8;
+    uint32_t uu____9 = m_w[s11];
+    uint32_t uu____10 = m_w[s13];
+    uint32_t uu____11 = m_w[s15];
+    r30[0U] = m_w[s9];
+    r30[1U] = uu____9;
+    r30[2U] = uu____10;
+    r30[3U] = uu____11;
+    uint32_t *x = m_st;
+    uint32_t *y = m_st + 4U;
+    uint32_t *z = m_st + 8U;
+    uint32_t *w = m_st + 12U;
+    uint32_t a = 0U;
+    uint32_t b0 = 1U;
+    uint32_t c0 = 2U;
+    uint32_t d10 = 3U;
+    uint32_t *wv_a0 = wv + a * 4U;
+    uint32_t *wv_b0 = wv + b0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a0;
+      uint32_t x1 = wv_a0[i] + wv_b0[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a0;
+      uint32_t x1 = wv_a0[i] + x[i];
+      os[i] = x1;);
+    uint32_t *wv_a1 = wv + d10 * 4U;
+    uint32_t *wv_b1 = wv + a * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a1;
+      uint32_t x1 = wv_a1[i] ^ wv_b1[i];
+      os[i] = x1;);
+    uint32_t *r10 = wv_a1;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r10;
+      uint32_t x1 = r10[i];
+      uint32_t x10 = x1 >> 16U | x1 << 16U;
+      os[i] = x10;);
+    uint32_t *wv_a2 = wv + c0 * 4U;
+    uint32_t *wv_b2 = wv + d10 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a2;
+      uint32_t x1 = wv_a2[i] + wv_b2[i];
+      os[i] = x1;);
+    uint32_t *wv_a3 = wv + b0 * 4U;
+    uint32_t *wv_b3 = wv + c0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a3;
+      uint32_t x1 = wv_a3[i] ^ wv_b3[i];
+      os[i] = x1;);
+    uint32_t *r12 = wv_a3;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r12;
+      uint32_t x1 = r12[i];
+      uint32_t x10 = x1 >> 12U | x1 << 20U;
+      os[i] = x10;);
+    uint32_t *wv_a4 = wv + a * 4U;
+    uint32_t *wv_b4 = wv + b0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a4;
+      uint32_t x1 = wv_a4[i] + wv_b4[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a4;
+      uint32_t x1 = wv_a4[i] + y[i];
+      os[i] = x1;);
+    uint32_t *wv_a5 = wv + d10 * 4U;
+    uint32_t *wv_b5 = wv + a * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a5;
+      uint32_t x1 = wv_a5[i] ^ wv_b5[i];
+      os[i] = x1;);
+    uint32_t *r13 = wv_a5;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r13;
+      uint32_t x1 = r13[i];
+      uint32_t x10 = x1 >> 8U | x1 << 24U;
+      os[i] = x10;);
+    uint32_t *wv_a6 = wv + c0 * 4U;
+    uint32_t *wv_b6 = wv + d10 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a6;
+      uint32_t x1 = wv_a6[i] + wv_b6[i];
+      os[i] = x1;);
+    uint32_t *wv_a7 = wv + b0 * 4U;
+    uint32_t *wv_b7 = wv + c0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a7;
+      uint32_t x1 = wv_a7[i] ^ wv_b7[i];
+      os[i] = x1;);
+    uint32_t *r14 = wv_a7;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r14;
+      uint32_t x1 = r14[i];
+      uint32_t x10 = x1 >> 7U | x1 << 25U;
+      os[i] = x10;);
+    uint32_t *r15 = wv + 4U;
+    uint32_t *r21 = wv + 8U;
+    uint32_t *r31 = wv + 12U;
+    uint32_t *r110 = r15;
+    uint32_t x00 = r110[1U];
+    uint32_t x10 = r110[2U];
+    uint32_t x20 = r110[3U];
+    uint32_t x30 = r110[0U];
+    r110[0U] = x00;
+    r110[1U] = x10;
+    r110[2U] = x20;
+    r110[3U] = x30;
+    uint32_t *r111 = r21;
+    uint32_t x01 = r111[2U];
+    uint32_t x11 = r111[3U];
+    uint32_t x21 = r111[0U];
+    uint32_t x31 = r111[1U];
+    r111[0U] = x01;
+    r111[1U] = x11;
+    r111[2U] = x21;
+    r111[3U] = x31;
+    uint32_t *r112 = r31;
+    uint32_t x02 = r112[3U];
+    uint32_t x12 = r112[0U];
+    uint32_t x22 = r112[1U];
+    uint32_t x32 = r112[2U];
+    r112[0U] = x02;
+    r112[1U] = x12;
+    r112[2U] = x22;
+    r112[3U] = x32;
+    uint32_t a0 = 0U;
+    uint32_t b = 1U;
+    uint32_t c = 2U;
+    uint32_t d1 = 3U;
+    uint32_t *wv_a = wv + a0 * 4U;
+    uint32_t *wv_b8 = wv + b * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a;
+      uint32_t x1 = wv_a[i] + wv_b8[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a;
+      uint32_t x1 = wv_a[i] + z[i];
+      os[i] = x1;);
+    uint32_t *wv_a8 = wv + d1 * 4U;
+    uint32_t *wv_b9 = wv + a0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a8;
+      uint32_t x1 = wv_a8[i] ^ wv_b9[i];
+      os[i] = x1;);
+    uint32_t *r16 = wv_a8;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r16;
+      uint32_t x1 = r16[i];
+      uint32_t x13 = x1 >> 16U | x1 << 16U;
+      os[i] = x13;);
+    uint32_t *wv_a9 = wv + c * 4U;
+    uint32_t *wv_b10 = wv + d1 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a9;
+      uint32_t x1 = wv_a9[i] + wv_b10[i];
+      os[i] = x1;);
+    uint32_t *wv_a10 = wv + b * 4U;
+    uint32_t *wv_b11 = wv + c * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a10;
+      uint32_t x1 = wv_a10[i] ^ wv_b11[i];
+      os[i] = x1;);
+    uint32_t *r17 = wv_a10;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r17;
+      uint32_t x1 = r17[i];
+      uint32_t x13 = x1 >> 12U | x1 << 20U;
+      os[i] = x13;);
+    uint32_t *wv_a11 = wv + a0 * 4U;
+    uint32_t *wv_b12 = wv + b * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a11;
+      uint32_t x1 = wv_a11[i] + wv_b12[i];
+      os[i] = x1;);
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a11;
+      uint32_t x1 = wv_a11[i] + w[i];
+      os[i] = x1;);
+    uint32_t *wv_a12 = wv + d1 * 4U;
+    uint32_t *wv_b13 = wv + a0 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a12;
+      uint32_t x1 = wv_a12[i] ^ wv_b13[i];
+      os[i] = x1;);
+    uint32_t *r18 = wv_a12;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r18;
+      uint32_t x1 = r18[i];
+      uint32_t x13 = x1 >> 8U | x1 << 24U;
+      os[i] = x13;);
+    uint32_t *wv_a13 = wv + c * 4U;
+    uint32_t *wv_b14 = wv + d1 * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a13;
+      uint32_t x1 = wv_a13[i] + wv_b14[i];
+      os[i] = x1;);
+    uint32_t *wv_a14 = wv + b * 4U;
+    uint32_t *wv_b = wv + c * 4U;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = wv_a14;
+      uint32_t x1 = wv_a14[i] ^ wv_b[i];
+      os[i] = x1;);
+    uint32_t *r19 = wv_a14;
+    KRML_MAYBE_FOR4(i,
+      0U,
+      4U,
+      1U,
+      uint32_t *os = r19;
+      uint32_t x1 = r19[i];
+      uint32_t x13 = x1 >> 7U | x1 << 25U;
+      os[i] = x13;);
+    uint32_t *r113 = wv + 4U;
+    uint32_t *r2 = wv + 8U;
+    uint32_t *r3 = wv + 12U;
+    uint32_t *r11 = r113;
+    uint32_t x03 = r11[3U];
+    uint32_t x13 = r11[0U];
+    uint32_t x23 = r11[1U];
+    uint32_t x33 = r11[2U];
+    r11[0U] = x03;
+    r11[1U] = x13;
+    r11[2U] = x23;
+    r11[3U] = x33;
+    uint32_t *r114 = r2;
+    uint32_t x04 = r114[2U];
+    uint32_t x14 = r114[3U];
+    uint32_t x24 = r114[0U];
+    uint32_t x34 = r114[1U];
+    r114[0U] = x04;
+    r114[1U] = x14;
+    r114[2U] = x24;
+    r114[3U] = x34;
+    uint32_t *r115 = r3;
+    uint32_t x0 = r115[1U];
+    uint32_t x1 = r115[2U];
+    uint32_t x2 = r115[3U];
+    uint32_t x3 = r115[0U];
+    r115[0U] = x0;
+    r115[1U] = x1;
+    r115[2U] = x2;
+    r115[3U] = x3;);
+  uint32_t *s0 = hash;
+  uint32_t *s1 = hash + 4U;
+  uint32_t *r0 = wv;
+  uint32_t *r1 = wv + 4U;
+  uint32_t *r2 = wv + 8U;
+  uint32_t *r3 = wv + 12U;
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = s0;
+    uint32_t x = s0[i] ^ r0[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = s0;
+    uint32_t x = s0[i] ^ r2[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = s1;
+    uint32_t x = s1[i] ^ r1[i];
+    os[i] = x;);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = s1;
+    uint32_t x = s1[i] ^ r3[i];
+    os[i] = x;);
+}
+
+void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn)
+{
+  uint32_t *r0 = hash;
+  uint32_t *r1 = hash + 4U;
+  uint32_t *r2 = hash + 8U;
+  uint32_t *r3 = hash + 12U;
+  uint32_t iv0 = Hacl_Hash_Blake2s_ivTable_S[0U];
+  uint32_t iv1 = Hacl_Hash_Blake2s_ivTable_S[1U];
+  uint32_t iv2 = Hacl_Hash_Blake2s_ivTable_S[2U];
+  uint32_t iv3 = Hacl_Hash_Blake2s_ivTable_S[3U];
+  uint32_t iv4 = Hacl_Hash_Blake2s_ivTable_S[4U];
+  uint32_t iv5 = Hacl_Hash_Blake2s_ivTable_S[5U];
+  uint32_t iv6 = Hacl_Hash_Blake2s_ivTable_S[6U];
+  uint32_t iv7 = Hacl_Hash_Blake2s_ivTable_S[7U];
+  r2[0U] = iv0;
+  r2[1U] = iv1;
+  r2[2U] = iv2;
+  r2[3U] = iv3;
+  r3[0U] = iv4;
+  r3[1U] = iv5;
+  r3[2U] = iv6;
+  r3[3U] = iv7;
+  uint32_t kk_shift_8 = kk << 8U;
+  uint32_t iv0_ = iv0 ^ (0x01010000U ^ (kk_shift_8 ^ nn));
+  r0[0U] = iv0_;
+  r0[1U] = iv1;
+  r0[2U] = iv2;
+  r0[3U] = iv3;
+  r1[0U] = iv4;
+  r1[1U] = iv5;
+  r1[2U] = iv6;
+  r1[3U] = iv7;
+}
+
+static void update_key(uint32_t *wv, uint32_t *hash, uint32_t kk, uint8_t *k, uint32_t ll)
+{
+  uint64_t lb = (uint64_t)64U;
+  uint8_t b[64U] = { 0U };
+  memcpy(b, k, kk * sizeof (uint8_t));
+  if (ll == 0U)
+  {
+    update_block(wv, hash, true, lb, b);
+  }
+  else
+  {
+    update_block(wv, hash, false, lb, b);
+  }
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2s_update_multi(
+  uint32_t len,
+  uint32_t *wv,
+  uint32_t *hash,
+  uint64_t prev,
+  uint8_t *blocks,
+  uint32_t nb
+)
+{
+  KRML_MAYBE_UNUSED_VAR(len);
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    uint64_t totlen = prev + (uint64_t)((i + 1U) * 64U);
+    uint8_t *b = blocks + i * 64U;
+    update_block(wv, hash, false, totlen, b);
+  }
+}
+
+void
+Hacl_Hash_Blake2s_update_last(
+  uint32_t len,
+  uint32_t *wv,
+  uint32_t *hash,
+  uint64_t prev,
+  uint32_t rem,
+  uint8_t *d
+)
+{
+  uint8_t b[64U] = { 0U };
+  uint8_t *last = d + len - rem;
+  memcpy(b, last, rem * sizeof (uint8_t));
+  uint64_t totlen = prev + (uint64_t)len;
+  update_block(wv, hash, true, totlen, b);
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+static void
+update_blocks(uint32_t len, uint32_t *wv, uint32_t *hash, uint64_t prev, uint8_t *blocks)
+{
+  uint32_t nb0 = len / 64U;
+  uint32_t rem0 = len % 64U;
+  uint32_t nb;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    nb = nb0 - 1U;
+  }
+  else
+  {
+    nb = nb0;
+  }
+  uint32_t rem;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    rem = 64U;
+  }
+  else
+  {
+    rem = rem0;
+  }
+  Hacl_Hash_Blake2s_update_multi(len, wv, hash, prev, blocks, nb);
+  Hacl_Hash_Blake2s_update_last(len, wv, hash, prev, rem, blocks);
+}
+
+static inline void
+update(uint32_t *wv, uint32_t *hash, uint32_t kk, uint8_t *k, uint32_t ll, uint8_t *d)
+{
+  uint64_t lb = (uint64_t)64U;
+  if (kk > 0U)
+  {
+    update_key(wv, hash, kk, k, ll);
+    if (!(ll == 0U))
+    {
+      update_blocks(ll, wv, hash, lb, d);
+      return;
+    }
+    return;
+  }
+  update_blocks(ll, wv, hash, (uint64_t)0U, d);
+}
+
+void Hacl_Hash_Blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash)
+{
+  uint8_t b[32U] = { 0U };
+  uint8_t *first = b;
+  uint8_t *second = b + 16U;
+  uint32_t *row0 = hash;
+  uint32_t *row1 = hash + 4U;
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store32_le(first + i * 4U, row0[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store32_le(second + i * 4U, row1[i]););
+  uint8_t *final = b;
+  memcpy(output, final, nn * sizeof (uint8_t));
+  Lib_Memzero0_memzero(b, 32U, uint8_t);
+}
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2s_state_t *Hacl_Hash_Blake2s_malloc(void)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *wv = (uint32_t *)KRML_HOST_CALLOC(16U, sizeof (uint32_t));
+  uint32_t *b = (uint32_t *)KRML_HOST_CALLOC(16U, sizeof (uint32_t));
+  Hacl_Hash_Blake2s_block_state_t block_state = { .fst = wv, .snd = b };
+  Hacl_Hash_Blake2s_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  Hacl_Hash_Blake2s_state_t
+  *p = (Hacl_Hash_Blake2s_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_Blake2s_state_t));
+  p[0U] = s;
+  Hacl_Hash_Blake2s_init(block_state.snd, 0U, 32U);
+  return p;
+}
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2s_reset(Hacl_Hash_Blake2s_state_t *state)
+{
+  Hacl_Hash_Blake2s_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2s_block_state_t block_state = scrut.block_state;
+  Hacl_Hash_Blake2s_init(block_state.snd, 0U, 32U);
+  Hacl_Hash_Blake2s_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
+}
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint32_t chunk_len)
+{
+  Hacl_Hash_Blake2s_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    sz = 64U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  if (chunk_len <= 64U - sz)
+  {
+    Hacl_Hash_Blake2s_state_t s1 = *state;
+    Hacl_Hash_Blake2s_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_Hash_Blake2s_state_t s1 = *state;
+    Hacl_Hash_Blake2s_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      uint32_t *wv = block_state1.fst;
+      uint32_t *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2s_update_multi(64U, wv, hash, prevlen, buf, nb);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    uint32_t *wv = block_state1.fst;
+    uint32_t *hash = block_state1.snd;
+    uint32_t nb = data1_len / 64U;
+    Hacl_Hash_Blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_Blake2s_state_t s1 = *state;
+    Hacl_Hash_Blake2s_block_state_t block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 64U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2
+        }
+      );
+    Hacl_Hash_Blake2s_state_t s10 = *state;
+    Hacl_Hash_Blake2s_block_state_t block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      uint32_t *wv = block_state1.fst;
+      uint32_t *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2s_update_multi(64U, wv, hash, prevlen, buf, nb);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    uint32_t *wv = block_state1.fst;
+    uint32_t *hash = block_state1.snd;
+    uint32_t nb = data1_len / 64U;
+    Hacl_Hash_Blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+/**
+  Finish function when there is no key
+*/
+void Hacl_Hash_Blake2s_digest(Hacl_Hash_Blake2s_state_t *state, uint8_t *output)
+{
+  Hacl_Hash_Blake2s_state_t scrut = *state;
+  Hacl_Hash_Blake2s_block_state_t block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint32_t r;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    r = 64U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  uint8_t *buf_1 = buf_;
+  uint32_t wv0[16U] = { 0U };
+  uint32_t b[16U] = { 0U };
+  Hacl_Hash_Blake2s_block_state_t tmp_block_state = { .fst = wv0, .snd = b };
+  uint32_t *src_b = block_state.snd;
+  uint32_t *dst_b = tmp_block_state.snd;
+  memcpy(dst_b, src_b, 16U * sizeof (uint32_t));
+  uint64_t prev_len = total_len - (uint64_t)r;
+  uint32_t ite;
+  if (r % 64U == 0U && r > 0U)
+  {
+    ite = 64U;
+  }
+  else
+  {
+    ite = r % 64U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  uint32_t *wv1 = tmp_block_state.fst;
+  uint32_t *hash0 = tmp_block_state.snd;
+  uint32_t nb = 0U;
+  Hacl_Hash_Blake2s_update_multi(0U, wv1, hash0, prev_len, buf_multi, nb);
+  uint64_t prev_len_last = total_len - (uint64_t)r;
+  uint32_t *wv = tmp_block_state.fst;
+  uint32_t *hash = tmp_block_state.snd;
+  Hacl_Hash_Blake2s_update_last(r, wv, hash, prev_len_last, r, buf_last);
+  Hacl_Hash_Blake2s_finish(32U, output, tmp_block_state.snd);
+}
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2s_free(Hacl_Hash_Blake2s_state_t *state)
+{
+  Hacl_Hash_Blake2s_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2s_block_state_t block_state = scrut.block_state;
+  uint32_t *wv = block_state.fst;
+  uint32_t *b = block_state.snd;
+  KRML_HOST_FREE(wv);
+  KRML_HOST_FREE(b);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+/**
+Write the BLAKE2s digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2s_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+)
+{
+  uint32_t b[16U] = { 0U };
+  uint32_t b1[16U] = { 0U };
+  Hacl_Hash_Blake2s_init(b, key_len, output_len);
+  update(b1, b, key_len, key, input_len, input);
+  Hacl_Hash_Blake2s_finish(output_len, output, b);
+  Lib_Memzero0_memzero(b1, 16U, uint32_t);
+  Lib_Memzero0_memzero(b, 16U, uint32_t);
+}
+
diff --git a/src/msvc/Hacl_Hash_Blake2s_128.c b/src/msvc/Hacl_Hash_Blake2s_128.c
deleted file mode 100644
index 86c4f030..00000000
--- a/src/msvc/Hacl_Hash_Blake2s_128.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Hash_Blake2s_128.h"
-
-#include "internal/Hacl_Impl_Blake2_Constants.h"
-#include "internal/Hacl_Hash_Blake2.h"
-#include "lib_memzero0.h"
-
-static inline void
-blake2s_update_block(
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  bool flag,
-  uint64_t totlen,
-  uint8_t *d
-)
-{
-  uint32_t m_w[16U] = { 0U };
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    uint32_t *os = m_w;
-    uint8_t *bj = d + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_zero;
-  uint32_t wv_14;
-  if (flag)
-  {
-    wv_14 = (uint32_t)0xFFFFFFFFU;
-  }
-  else
-  {
-    wv_14 = (uint32_t)0U;
-  }
-  uint32_t wv_15 = (uint32_t)0U;
-  mask =
-    Lib_IntVector_Intrinsics_vec128_load32s((uint32_t)totlen,
-      (uint32_t)(totlen >> (uint32_t)32U),
-      wv_14,
-      wv_15);
-  memcpy(wv, hash, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Lib_IntVector_Intrinsics_vec128 *wv3 = wv + (uint32_t)3U;
-  wv3[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv3[0U], mask);
-  KRML_MAYBE_FOR10(i,
-    (uint32_t)0U,
-    (uint32_t)10U,
-    (uint32_t)1U,
-    uint32_t start_idx = i % (uint32_t)10U * (uint32_t)16U;
-    KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 m_st[4U] KRML_POST_ALIGN(16) = { 0U };
-    Lib_IntVector_Intrinsics_vec128 *r0 = m_st;
-    Lib_IntVector_Intrinsics_vec128 *r1 = m_st + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *r20 = m_st + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec128 *r30 = m_st + (uint32_t)3U;
-    uint32_t s0 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)0U];
-    uint32_t s1 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)1U];
-    uint32_t s2 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)2U];
-    uint32_t s3 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)3U];
-    uint32_t s4 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)4U];
-    uint32_t s5 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)5U];
-    uint32_t s6 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)6U];
-    uint32_t s7 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)7U];
-    uint32_t s8 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)8U];
-    uint32_t s9 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)9U];
-    uint32_t s10 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)10U];
-    uint32_t s11 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)11U];
-    uint32_t s12 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)12U];
-    uint32_t s13 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)13U];
-    uint32_t s14 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)14U];
-    uint32_t s15 = Hacl_Impl_Blake2_Constants_sigmaTable[start_idx + (uint32_t)15U];
-    r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s0], m_w[s2], m_w[s4], m_w[s6]);
-    r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s1], m_w[s3], m_w[s5], m_w[s7]);
-    r20[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s8], m_w[s10], m_w[s12], m_w[s14]);
-    r30[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s9], m_w[s11], m_w[s13], m_w[s15]);
-    Lib_IntVector_Intrinsics_vec128 *x = m_st;
-    Lib_IntVector_Intrinsics_vec128 *y = m_st + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *z = m_st + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec128 *w = m_st + (uint32_t)3U;
-    uint32_t a = (uint32_t)0U;
-    uint32_t b0 = (uint32_t)1U;
-    uint32_t c0 = (uint32_t)2U;
-    uint32_t d10 = (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec128 *wv_a0 = wv + a * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b0 = wv + b0 * (uint32_t)1U;
-    wv_a0[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a0[0U], wv_b0[0U]);
-    wv_a0[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a0[0U], x[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a1 = wv + d10 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b1 = wv + a * (uint32_t)1U;
-    wv_a1[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a1[0U], wv_b1[0U]);
-    wv_a1[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a1[0U], (uint32_t)16U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a2 = wv + c0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b2 = wv + d10 * (uint32_t)1U;
-    wv_a2[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a2[0U], wv_b2[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a3 = wv + b0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b3 = wv + c0 * (uint32_t)1U;
-    wv_a3[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a3[0U], wv_b3[0U]);
-    wv_a3[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a3[0U], (uint32_t)12U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a4 = wv + a * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b4 = wv + b0 * (uint32_t)1U;
-    wv_a4[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a4[0U], wv_b4[0U]);
-    wv_a4[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a4[0U], y[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a5 = wv + d10 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b5 = wv + a * (uint32_t)1U;
-    wv_a5[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a5[0U], wv_b5[0U]);
-    wv_a5[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a5[0U], (uint32_t)8U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a6 = wv + c0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b6 = wv + d10 * (uint32_t)1U;
-    wv_a6[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a6[0U], wv_b6[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a7 = wv + b0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b7 = wv + c0 * (uint32_t)1U;
-    wv_a7[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a7[0U], wv_b7[0U]);
-    wv_a7[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a7[0U], (uint32_t)7U);
-    Lib_IntVector_Intrinsics_vec128 *r10 = wv + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *r21 = wv + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec128 *r31 = wv + (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec128 v00 = r10[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v1 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v00, (uint32_t)1U);
-    r10[0U] = v1;
-    Lib_IntVector_Intrinsics_vec128 v01 = r21[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v10 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v01, (uint32_t)2U);
-    r21[0U] = v10;
-    Lib_IntVector_Intrinsics_vec128 v02 = r31[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v11 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v02, (uint32_t)3U);
-    r31[0U] = v11;
-    uint32_t a0 = (uint32_t)0U;
-    uint32_t b = (uint32_t)1U;
-    uint32_t c = (uint32_t)2U;
-    uint32_t d1 = (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec128 *wv_a = wv + a0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b8 = wv + b * (uint32_t)1U;
-    wv_a[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a[0U], wv_b8[0U]);
-    wv_a[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a[0U], z[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a8 = wv + d1 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b9 = wv + a0 * (uint32_t)1U;
-    wv_a8[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a8[0U], wv_b9[0U]);
-    wv_a8[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a8[0U], (uint32_t)16U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a9 = wv + c * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b10 = wv + d1 * (uint32_t)1U;
-    wv_a9[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a9[0U], wv_b10[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a10 = wv + b * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b11 = wv + c * (uint32_t)1U;
-    wv_a10[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a10[0U], wv_b11[0U]);
-    wv_a10[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a10[0U], (uint32_t)12U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a11 = wv + a0 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b12 = wv + b * (uint32_t)1U;
-    wv_a11[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a11[0U], wv_b12[0U]);
-    wv_a11[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a11[0U], w[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a12 = wv + d1 * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b13 = wv + a0 * (uint32_t)1U;
-    wv_a12[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a12[0U], wv_b13[0U]);
-    wv_a12[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a12[0U], (uint32_t)8U);
-    Lib_IntVector_Intrinsics_vec128 *wv_a13 = wv + c * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b14 = wv + d1 * (uint32_t)1U;
-    wv_a13[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a13[0U], wv_b14[0U]);
-    Lib_IntVector_Intrinsics_vec128 *wv_a14 = wv + b * (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *wv_b = wv + c * (uint32_t)1U;
-    wv_a14[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a14[0U], wv_b[0U]);
-    wv_a14[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a14[0U], (uint32_t)7U);
-    Lib_IntVector_Intrinsics_vec128 *r11 = wv + (uint32_t)1U;
-    Lib_IntVector_Intrinsics_vec128 *r2 = wv + (uint32_t)2U;
-    Lib_IntVector_Intrinsics_vec128 *r3 = wv + (uint32_t)3U;
-    Lib_IntVector_Intrinsics_vec128 v0 = r11[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v12 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v0, (uint32_t)3U);
-    r11[0U] = v12;
-    Lib_IntVector_Intrinsics_vec128 v03 = r2[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v13 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v03, (uint32_t)2U);
-    r2[0U] = v13;
-    Lib_IntVector_Intrinsics_vec128 v04 = r3[0U];
-    Lib_IntVector_Intrinsics_vec128
-    v14 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v04, (uint32_t)1U);
-    r3[0U] = v14;);
-  Lib_IntVector_Intrinsics_vec128 *s0 = hash;
-  Lib_IntVector_Intrinsics_vec128 *s1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r0 = wv;
-  Lib_IntVector_Intrinsics_vec128 *r1 = wv + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r2 = wv + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec128 *r3 = wv + (uint32_t)3U;
-  s0[0U] = Lib_IntVector_Intrinsics_vec128_xor(s0[0U], r0[0U]);
-  s0[0U] = Lib_IntVector_Intrinsics_vec128_xor(s0[0U], r2[0U]);
-  s1[0U] = Lib_IntVector_Intrinsics_vec128_xor(s1[0U], r1[0U]);
-  s1[0U] = Lib_IntVector_Intrinsics_vec128_xor(s1[0U], r3[0U]);
-}
-
-void
-Hacl_Blake2s_128_blake2s_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn)
-{
-  Lib_IntVector_Intrinsics_vec128 *r0 = hash;
-  Lib_IntVector_Intrinsics_vec128 *r1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r2 = hash + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec128 *r3 = hash + (uint32_t)3U;
-  uint32_t iv0 = Hacl_Impl_Blake2_Constants_ivTable_S[0U];
-  uint32_t iv1 = Hacl_Impl_Blake2_Constants_ivTable_S[1U];
-  uint32_t iv2 = Hacl_Impl_Blake2_Constants_ivTable_S[2U];
-  uint32_t iv3 = Hacl_Impl_Blake2_Constants_ivTable_S[3U];
-  uint32_t iv4 = Hacl_Impl_Blake2_Constants_ivTable_S[4U];
-  uint32_t iv5 = Hacl_Impl_Blake2_Constants_ivTable_S[5U];
-  uint32_t iv6 = Hacl_Impl_Blake2_Constants_ivTable_S[6U];
-  uint32_t iv7 = Hacl_Impl_Blake2_Constants_ivTable_S[7U];
-  r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0, iv1, iv2, iv3);
-  r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7);
-  uint32_t kk_shift_8 = kk << (uint32_t)8U;
-  uint32_t iv0_ = iv0 ^ ((uint32_t)0x01010000U ^ (kk_shift_8 ^ nn));
-  r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0_, iv1, iv2, iv3);
-  r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7);
-}
-
-void
-Hacl_Blake2s_128_blake2s_update_key(
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll
-)
-{
-  uint64_t lb = (uint64_t)(uint32_t)64U;
-  uint8_t b[64U] = { 0U };
-  memcpy(b, k, kk * sizeof (uint8_t));
-  if (ll == (uint32_t)0U)
-  {
-    blake2s_update_block(wv, hash, true, lb, b);
-  }
-  else
-  {
-    blake2s_update_block(wv, hash, false, lb, b);
-  }
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-void
-Hacl_Blake2s_128_blake2s_update_multi(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint64_t prev,
-  uint8_t *blocks,
-  uint32_t nb
-)
-{
-  KRML_HOST_IGNORE(len);
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
-    uint8_t *b = blocks + i * (uint32_t)64U;
-    blake2s_update_block(wv, hash, false, totlen, b);
-  }
-}
-
-void
-Hacl_Blake2s_128_blake2s_update_last(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint64_t prev,
-  uint32_t rem,
-  uint8_t *d
-)
-{
-  uint8_t b[64U] = { 0U };
-  uint8_t *last = d + len - rem;
-  memcpy(b, last, rem * sizeof (uint8_t));
-  uint64_t totlen = prev + (uint64_t)len;
-  blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
-}
-
-static inline void
-blake2s_update_blocks(
-  uint32_t len,
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint64_t prev,
-  uint8_t *blocks
-)
-{
-  uint32_t nb0 = len / (uint32_t)64U;
-  uint32_t rem0 = len % (uint32_t)64U;
-  K___uint32_t_uint32_t scrut;
-  if (rem0 == (uint32_t)0U && nb0 > (uint32_t)0U)
-  {
-    uint32_t nb_ = nb0 - (uint32_t)1U;
-    uint32_t rem_ = (uint32_t)64U;
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb_, .snd = rem_ });
-  }
-  else
-  {
-    scrut = ((K___uint32_t_uint32_t){ .fst = nb0, .snd = rem0 });
-  }
-  uint32_t nb = scrut.fst;
-  uint32_t rem = scrut.snd;
-  Hacl_Blake2s_128_blake2s_update_multi(len, wv, hash, prev, blocks, nb);
-  Hacl_Blake2s_128_blake2s_update_last(len, wv, hash, prev, rem, blocks);
-}
-
-static inline void
-blake2s_update(
-  Lib_IntVector_Intrinsics_vec128 *wv,
-  Lib_IntVector_Intrinsics_vec128 *hash,
-  uint32_t kk,
-  uint8_t *k,
-  uint32_t ll,
-  uint8_t *d
-)
-{
-  uint64_t lb = (uint64_t)(uint32_t)64U;
-  if (kk > (uint32_t)0U)
-  {
-    Hacl_Blake2s_128_blake2s_update_key(wv, hash, kk, k, ll);
-    if (!(ll == (uint32_t)0U))
-    {
-      blake2s_update_blocks(ll, wv, hash, lb, d);
-      return;
-    }
-    return;
-  }
-  blake2s_update_blocks(ll, wv, hash, (uint64_t)(uint32_t)0U, d);
-}
-
-void
-Hacl_Blake2s_128_blake2s_finish(
-  uint32_t nn,
-  uint8_t *output,
-  Lib_IntVector_Intrinsics_vec128 *hash
-)
-{
-  uint8_t b[32U] = { 0U };
-  uint8_t *first = b;
-  uint8_t *second = b + (uint32_t)16U;
-  Lib_IntVector_Intrinsics_vec128 *row0 = hash;
-  Lib_IntVector_Intrinsics_vec128 *row1 = hash + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128_store32_le(first, row0[0U]);
-  Lib_IntVector_Intrinsics_vec128_store32_le(second, row1[0U]);
-  uint8_t *final = b;
-  memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
-}
-
-/**
-Write the BLAKE2s digest of message `d` using key `k` into `output`.
-
-@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.
-@param output Pointer to `nn` bytes of memory where the digest is written to.
-@param ll Length of the input message.
-@param d Pointer to `ll` bytes of memory where the input message is read from.
-@param kk Length of the key. Can be 0.
-@param k Pointer to `kk` bytes of memory where the key is read from.
-*/
-void
-Hacl_Blake2s_128_blake2s(
-  uint32_t nn,
-  uint8_t *output,
-  uint32_t ll,
-  uint8_t *d,
-  uint32_t kk,
-  uint8_t *k
-)
-{
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b[4U] KRML_POST_ALIGN(16) = { 0U };
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b1[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Blake2s_128_blake2s_init(b, kk, nn);
-  blake2s_update(b1, b, kk, k, ll, d);
-  Hacl_Blake2s_128_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
-  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
-}
-
-void
-Hacl_Blake2s_128_store_state128s_to_state32(
-  uint32_t *st32,
-  Lib_IntVector_Intrinsics_vec128 *st
-)
-{
-  Lib_IntVector_Intrinsics_vec128 *r0 = st;
-  Lib_IntVector_Intrinsics_vec128 *r1 = st + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r2 = st + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec128 *r3 = st + (uint32_t)3U;
-  uint32_t *b0 = st32;
-  uint32_t *b1 = st32 + (uint32_t)4U;
-  uint32_t *b2 = st32 + (uint32_t)8U;
-  uint32_t *b3 = st32 + (uint32_t)12U;
-  uint8_t b8[16U] = { 0U };
-  Lib_IntVector_Intrinsics_vec128_store32_le(b8, r0[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = b0;
-    uint8_t *bj = b8 + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  uint8_t b80[16U] = { 0U };
-  Lib_IntVector_Intrinsics_vec128_store32_le(b80, r1[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = b1;
-    uint8_t *bj = b80 + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  uint8_t b81[16U] = { 0U };
-  Lib_IntVector_Intrinsics_vec128_store32_le(b81, r2[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = b2;
-    uint8_t *bj = b81 + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-  uint8_t b82[16U] = { 0U };
-  Lib_IntVector_Intrinsics_vec128_store32_le(b82, r3[0U]);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint32_t *os = b3;
-    uint8_t *bj = b82 + i * (uint32_t)4U;
-    uint32_t u = load32_le(bj);
-    uint32_t r = u;
-    uint32_t x = r;
-    os[i] = x;);
-}
-
-void
-Hacl_Blake2s_128_load_state128s_from_state32(
-  Lib_IntVector_Intrinsics_vec128 *st,
-  uint32_t *st32
-)
-{
-  Lib_IntVector_Intrinsics_vec128 *r0 = st;
-  Lib_IntVector_Intrinsics_vec128 *r1 = st + (uint32_t)1U;
-  Lib_IntVector_Intrinsics_vec128 *r2 = st + (uint32_t)2U;
-  Lib_IntVector_Intrinsics_vec128 *r3 = st + (uint32_t)3U;
-  uint32_t *b0 = st32;
-  uint32_t *b1 = st32 + (uint32_t)4U;
-  uint32_t *b2 = st32 + (uint32_t)8U;
-  uint32_t *b3 = st32 + (uint32_t)12U;
-  r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b0[0U], b0[1U], b0[2U], b0[3U]);
-  r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b1[0U], b1[1U], b1[2U], b1[3U]);
-  r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b2[0U], b2[1U], b2[2U], b2[3U]);
-  r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b3[0U], b3[1U], b3[2U], b3[3U]);
-}
-
-Lib_IntVector_Intrinsics_vec128 *Hacl_Blake2s_128_blake2s_malloc(void)
-{
-  Lib_IntVector_Intrinsics_vec128
-  *buf =
-    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
-      sizeof (Lib_IntVector_Intrinsics_vec128) * (uint32_t)4U);
-  memset(buf, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  return buf;
-}
-
diff --git a/src/msvc/Hacl_Hash_Blake2s_Simd128.c b/src/msvc/Hacl_Hash_Blake2s_Simd128.c
new file mode 100644
index 00000000..73f0cccb
--- /dev/null
+++ b/src/msvc/Hacl_Hash_Blake2s_Simd128.c
@@ -0,0 +1,794 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_Hash_Blake2s_Simd128.h"
+
+#include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
+
+static inline void
+update_block(
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  bool flag,
+  uint64_t totlen,
+  uint8_t *d
+)
+{
+  uint32_t m_w[16U] = { 0U };
+  KRML_MAYBE_FOR16(i,
+    0U,
+    16U,
+    1U,
+    uint32_t *os = m_w;
+    uint8_t *bj = d + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_zero;
+  uint32_t wv_14;
+  if (flag)
+  {
+    wv_14 = 0xFFFFFFFFU;
+  }
+  else
+  {
+    wv_14 = 0U;
+  }
+  uint32_t wv_15 = 0U;
+  mask =
+    Lib_IntVector_Intrinsics_vec128_load32s((uint32_t)totlen,
+      (uint32_t)(totlen >> 32U),
+      wv_14,
+      wv_15);
+  memcpy(wv, hash, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Lib_IntVector_Intrinsics_vec128 *wv3 = wv + 3U;
+  wv3[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv3[0U], mask);
+  KRML_MAYBE_FOR10(i,
+    0U,
+    10U,
+    1U,
+    uint32_t start_idx = i % 10U * 16U;
+    KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 m_st[4U] KRML_POST_ALIGN(16) = { 0U };
+    Lib_IntVector_Intrinsics_vec128 *r0 = m_st;
+    Lib_IntVector_Intrinsics_vec128 *r1 = m_st + 1U;
+    Lib_IntVector_Intrinsics_vec128 *r20 = m_st + 2U;
+    Lib_IntVector_Intrinsics_vec128 *r30 = m_st + 3U;
+    uint32_t s0 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 0U];
+    uint32_t s1 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 1U];
+    uint32_t s2 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 2U];
+    uint32_t s3 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 3U];
+    uint32_t s4 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 4U];
+    uint32_t s5 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 5U];
+    uint32_t s6 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 6U];
+    uint32_t s7 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 7U];
+    uint32_t s8 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 8U];
+    uint32_t s9 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 9U];
+    uint32_t s10 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 10U];
+    uint32_t s11 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 11U];
+    uint32_t s12 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 12U];
+    uint32_t s13 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 13U];
+    uint32_t s14 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 14U];
+    uint32_t s15 = Hacl_Hash_Blake2s_sigmaTable[start_idx + 15U];
+    r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s0], m_w[s2], m_w[s4], m_w[s6]);
+    r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s1], m_w[s3], m_w[s5], m_w[s7]);
+    r20[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s8], m_w[s10], m_w[s12], m_w[s14]);
+    r30[0U] = Lib_IntVector_Intrinsics_vec128_load32s(m_w[s9], m_w[s11], m_w[s13], m_w[s15]);
+    Lib_IntVector_Intrinsics_vec128 *x = m_st;
+    Lib_IntVector_Intrinsics_vec128 *y = m_st + 1U;
+    Lib_IntVector_Intrinsics_vec128 *z = m_st + 2U;
+    Lib_IntVector_Intrinsics_vec128 *w = m_st + 3U;
+    uint32_t a = 0U;
+    uint32_t b0 = 1U;
+    uint32_t c0 = 2U;
+    uint32_t d10 = 3U;
+    Lib_IntVector_Intrinsics_vec128 *wv_a0 = wv + a * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b0 = wv + b0 * 1U;
+    wv_a0[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a0[0U], wv_b0[0U]);
+    wv_a0[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a0[0U], x[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a1 = wv + d10 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b1 = wv + a * 1U;
+    wv_a1[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a1[0U], wv_b1[0U]);
+    wv_a1[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a1[0U], 16U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a2 = wv + c0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b2 = wv + d10 * 1U;
+    wv_a2[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a2[0U], wv_b2[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a3 = wv + b0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b3 = wv + c0 * 1U;
+    wv_a3[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a3[0U], wv_b3[0U]);
+    wv_a3[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a3[0U], 12U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a4 = wv + a * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b4 = wv + b0 * 1U;
+    wv_a4[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a4[0U], wv_b4[0U]);
+    wv_a4[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a4[0U], y[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a5 = wv + d10 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b5 = wv + a * 1U;
+    wv_a5[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a5[0U], wv_b5[0U]);
+    wv_a5[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a5[0U], 8U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a6 = wv + c0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b6 = wv + d10 * 1U;
+    wv_a6[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a6[0U], wv_b6[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a7 = wv + b0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b7 = wv + c0 * 1U;
+    wv_a7[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a7[0U], wv_b7[0U]);
+    wv_a7[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a7[0U], 7U);
+    Lib_IntVector_Intrinsics_vec128 *r10 = wv + 1U;
+    Lib_IntVector_Intrinsics_vec128 *r21 = wv + 2U;
+    Lib_IntVector_Intrinsics_vec128 *r31 = wv + 3U;
+    Lib_IntVector_Intrinsics_vec128 v00 = r10[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v1 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v00, 1U);
+    r10[0U] = v1;
+    Lib_IntVector_Intrinsics_vec128 v01 = r21[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v10 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v01, 2U);
+    r21[0U] = v10;
+    Lib_IntVector_Intrinsics_vec128 v02 = r31[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v11 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v02, 3U);
+    r31[0U] = v11;
+    uint32_t a0 = 0U;
+    uint32_t b = 1U;
+    uint32_t c = 2U;
+    uint32_t d1 = 3U;
+    Lib_IntVector_Intrinsics_vec128 *wv_a = wv + a0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b8 = wv + b * 1U;
+    wv_a[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a[0U], wv_b8[0U]);
+    wv_a[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a[0U], z[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a8 = wv + d1 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b9 = wv + a0 * 1U;
+    wv_a8[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a8[0U], wv_b9[0U]);
+    wv_a8[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a8[0U], 16U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a9 = wv + c * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b10 = wv + d1 * 1U;
+    wv_a9[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a9[0U], wv_b10[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a10 = wv + b * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b11 = wv + c * 1U;
+    wv_a10[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a10[0U], wv_b11[0U]);
+    wv_a10[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a10[0U], 12U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a11 = wv + a0 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b12 = wv + b * 1U;
+    wv_a11[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a11[0U], wv_b12[0U]);
+    wv_a11[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a11[0U], w[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a12 = wv + d1 * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b13 = wv + a0 * 1U;
+    wv_a12[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a12[0U], wv_b13[0U]);
+    wv_a12[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a12[0U], 8U);
+    Lib_IntVector_Intrinsics_vec128 *wv_a13 = wv + c * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b14 = wv + d1 * 1U;
+    wv_a13[0U] = Lib_IntVector_Intrinsics_vec128_add32(wv_a13[0U], wv_b14[0U]);
+    Lib_IntVector_Intrinsics_vec128 *wv_a14 = wv + b * 1U;
+    Lib_IntVector_Intrinsics_vec128 *wv_b = wv + c * 1U;
+    wv_a14[0U] = Lib_IntVector_Intrinsics_vec128_xor(wv_a14[0U], wv_b[0U]);
+    wv_a14[0U] = Lib_IntVector_Intrinsics_vec128_rotate_right32(wv_a14[0U], 7U);
+    Lib_IntVector_Intrinsics_vec128 *r11 = wv + 1U;
+    Lib_IntVector_Intrinsics_vec128 *r2 = wv + 2U;
+    Lib_IntVector_Intrinsics_vec128 *r3 = wv + 3U;
+    Lib_IntVector_Intrinsics_vec128 v0 = r11[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v12 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v0, 3U);
+    r11[0U] = v12;
+    Lib_IntVector_Intrinsics_vec128 v03 = r2[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v13 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v03, 2U);
+    r2[0U] = v13;
+    Lib_IntVector_Intrinsics_vec128 v04 = r3[0U];
+    Lib_IntVector_Intrinsics_vec128
+    v14 = Lib_IntVector_Intrinsics_vec128_rotate_right_lanes32(v04, 1U);
+    r3[0U] = v14;);
+  Lib_IntVector_Intrinsics_vec128 *s0 = hash;
+  Lib_IntVector_Intrinsics_vec128 *s1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r0 = wv;
+  Lib_IntVector_Intrinsics_vec128 *r1 = wv + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = wv + 2U;
+  Lib_IntVector_Intrinsics_vec128 *r3 = wv + 3U;
+  s0[0U] = Lib_IntVector_Intrinsics_vec128_xor(s0[0U], r0[0U]);
+  s0[0U] = Lib_IntVector_Intrinsics_vec128_xor(s0[0U], r2[0U]);
+  s1[0U] = Lib_IntVector_Intrinsics_vec128_xor(s1[0U], r1[0U]);
+  s1[0U] = Lib_IntVector_Intrinsics_vec128_xor(s1[0U], r3[0U]);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn)
+{
+  Lib_IntVector_Intrinsics_vec128 *r0 = hash;
+  Lib_IntVector_Intrinsics_vec128 *r1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = hash + 2U;
+  Lib_IntVector_Intrinsics_vec128 *r3 = hash + 3U;
+  uint32_t iv0 = Hacl_Hash_Blake2s_ivTable_S[0U];
+  uint32_t iv1 = Hacl_Hash_Blake2s_ivTable_S[1U];
+  uint32_t iv2 = Hacl_Hash_Blake2s_ivTable_S[2U];
+  uint32_t iv3 = Hacl_Hash_Blake2s_ivTable_S[3U];
+  uint32_t iv4 = Hacl_Hash_Blake2s_ivTable_S[4U];
+  uint32_t iv5 = Hacl_Hash_Blake2s_ivTable_S[5U];
+  uint32_t iv6 = Hacl_Hash_Blake2s_ivTable_S[6U];
+  uint32_t iv7 = Hacl_Hash_Blake2s_ivTable_S[7U];
+  r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0, iv1, iv2, iv3);
+  r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7);
+  uint32_t kk_shift_8 = kk << 8U;
+  uint32_t iv0_ = iv0 ^ (0x01010000U ^ (kk_shift_8 ^ nn));
+  r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0_, iv1, iv2, iv3);
+  r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7);
+}
+
+static void
+update_key(
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint32_t kk,
+  uint8_t *k,
+  uint32_t ll
+)
+{
+  uint64_t lb = (uint64_t)64U;
+  uint8_t b[64U] = { 0U };
+  memcpy(b, k, kk * sizeof (uint8_t));
+  if (ll == 0U)
+  {
+    update_block(wv, hash, true, lb, b);
+  }
+  else
+  {
+    update_block(wv, hash, false, lb, b);
+  }
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_update_multi(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint64_t prev,
+  uint8_t *blocks,
+  uint32_t nb
+)
+{
+  KRML_MAYBE_UNUSED_VAR(len);
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    uint64_t totlen = prev + (uint64_t)((i + 1U) * 64U);
+    uint8_t *b = blocks + i * 64U;
+    update_block(wv, hash, false, totlen, b);
+  }
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_update_last(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint64_t prev,
+  uint32_t rem,
+  uint8_t *d
+)
+{
+  uint8_t b[64U] = { 0U };
+  uint8_t *last = d + len - rem;
+  memcpy(b, last, rem * sizeof (uint8_t));
+  uint64_t totlen = prev + (uint64_t)len;
+  update_block(wv, hash, true, totlen, b);
+  Lib_Memzero0_memzero(b, 64U, uint8_t);
+}
+
+static inline void
+update_blocks(
+  uint32_t len,
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint64_t prev,
+  uint8_t *blocks
+)
+{
+  uint32_t nb0 = len / 64U;
+  uint32_t rem0 = len % 64U;
+  uint32_t nb;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    nb = nb0 - 1U;
+  }
+  else
+  {
+    nb = nb0;
+  }
+  uint32_t rem;
+  if (rem0 == 0U && nb0 > 0U)
+  {
+    rem = 64U;
+  }
+  else
+  {
+    rem = rem0;
+  }
+  Hacl_Hash_Blake2s_Simd128_update_multi(len, wv, hash, prev, blocks, nb);
+  Hacl_Hash_Blake2s_Simd128_update_last(len, wv, hash, prev, rem, blocks);
+}
+
+static inline void
+update(
+  Lib_IntVector_Intrinsics_vec128 *wv,
+  Lib_IntVector_Intrinsics_vec128 *hash,
+  uint32_t kk,
+  uint8_t *k,
+  uint32_t ll,
+  uint8_t *d
+)
+{
+  uint64_t lb = (uint64_t)64U;
+  if (kk > 0U)
+  {
+    update_key(wv, hash, kk, k, ll);
+    if (!(ll == 0U))
+    {
+      update_blocks(ll, wv, hash, lb, d);
+      return;
+    }
+    return;
+  }
+  update_blocks(ll, wv, hash, (uint64_t)0U, d);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_finish(
+  uint32_t nn,
+  uint8_t *output,
+  Lib_IntVector_Intrinsics_vec128 *hash
+)
+{
+  uint8_t b[32U] = { 0U };
+  uint8_t *first = b;
+  uint8_t *second = b + 16U;
+  Lib_IntVector_Intrinsics_vec128 *row0 = hash;
+  Lib_IntVector_Intrinsics_vec128 *row1 = hash + 1U;
+  Lib_IntVector_Intrinsics_vec128_store32_le(first, row0[0U]);
+  Lib_IntVector_Intrinsics_vec128_store32_le(second, row1[0U]);
+  uint8_t *final = b;
+  memcpy(output, final, nn * sizeof (uint8_t));
+  Lib_Memzero0_memzero(b, 32U, uint8_t);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_store_state128s_to_state32(
+  uint32_t *st32,
+  Lib_IntVector_Intrinsics_vec128 *st
+)
+{
+  Lib_IntVector_Intrinsics_vec128 *r0 = st;
+  Lib_IntVector_Intrinsics_vec128 *r1 = st + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = st + 2U;
+  Lib_IntVector_Intrinsics_vec128 *r3 = st + 3U;
+  uint32_t *b0 = st32;
+  uint32_t *b1 = st32 + 4U;
+  uint32_t *b2 = st32 + 8U;
+  uint32_t *b3 = st32 + 12U;
+  uint8_t b8[16U] = { 0U };
+  Lib_IntVector_Intrinsics_vec128_store32_le(b8, r0[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = b0;
+    uint8_t *bj = b8 + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  uint8_t b80[16U] = { 0U };
+  Lib_IntVector_Intrinsics_vec128_store32_le(b80, r1[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = b1;
+    uint8_t *bj = b80 + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  uint8_t b81[16U] = { 0U };
+  Lib_IntVector_Intrinsics_vec128_store32_le(b81, r2[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = b2;
+    uint8_t *bj = b81 + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+  uint8_t b82[16U] = { 0U };
+  Lib_IntVector_Intrinsics_vec128_store32_le(b82, r3[0U]);
+  KRML_MAYBE_FOR4(i,
+    0U,
+    4U,
+    1U,
+    uint32_t *os = b3;
+    uint8_t *bj = b82 + i * 4U;
+    uint32_t u = load32_le(bj);
+    uint32_t r = u;
+    uint32_t x = r;
+    os[i] = x;);
+}
+
+void
+Hacl_Hash_Blake2s_Simd128_load_state128s_from_state32(
+  Lib_IntVector_Intrinsics_vec128 *st,
+  uint32_t *st32
+)
+{
+  Lib_IntVector_Intrinsics_vec128 *r0 = st;
+  Lib_IntVector_Intrinsics_vec128 *r1 = st + 1U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = st + 2U;
+  Lib_IntVector_Intrinsics_vec128 *r3 = st + 3U;
+  uint32_t *b0 = st32;
+  uint32_t *b1 = st32 + 4U;
+  uint32_t *b2 = st32 + 8U;
+  uint32_t *b3 = st32 + 12U;
+  r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b0[0U], b0[1U], b0[2U], b0[3U]);
+  r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b1[0U], b1[1U], b1[2U], b1[3U]);
+  r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b2[0U], b2[1U], b2[2U], b2[3U]);
+  r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(b3[0U], b3[1U], b3[2U], b3[3U]);
+}
+
+Lib_IntVector_Intrinsics_vec128 *Hacl_Hash_Blake2s_Simd128_malloc_with_key(void)
+{
+  Lib_IntVector_Intrinsics_vec128
+  *buf =
+    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
+      sizeof (Lib_IntVector_Intrinsics_vec128) * 4U);
+  memset(buf, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  return buf;
+}
+
+/**
+  State allocation function when there is no key
+*/
+Hacl_Hash_Blake2s_Simd128_state_t *Hacl_Hash_Blake2s_Simd128_malloc(void)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  Lib_IntVector_Intrinsics_vec128
+  *wv =
+    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
+      sizeof (Lib_IntVector_Intrinsics_vec128) * 4U);
+  memset(wv, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Lib_IntVector_Intrinsics_vec128
+  *b =
+    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
+      sizeof (Lib_IntVector_Intrinsics_vec128) * 4U);
+  memset(b, 0U, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state = { .fst = wv, .snd = b };
+  Hacl_Hash_Blake2s_Simd128_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  Hacl_Hash_Blake2s_Simd128_state_t
+  *p =
+    (Hacl_Hash_Blake2s_Simd128_state_t *)KRML_HOST_MALLOC(sizeof (
+        Hacl_Hash_Blake2s_Simd128_state_t
+      ));
+  p[0U] = s;
+  Hacl_Hash_Blake2s_Simd128_init(block_state.snd, 0U, 32U);
+  return p;
+}
+
+/**
+  Re-initialization function when there is no key
+*/
+void Hacl_Hash_Blake2s_Simd128_reset(Hacl_Hash_Blake2s_Simd128_state_t *state)
+{
+  Hacl_Hash_Blake2s_Simd128_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state = scrut.block_state;
+  Hacl_Hash_Blake2s_Simd128_init(block_state.snd, 0U, 32U);
+  Hacl_Hash_Blake2s_Simd128_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
+}
+
+/**
+  Update function when there is no key; 0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_Hash_Blake2s_Simd128_update(
+  Hacl_Hash_Blake2s_Simd128_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+)
+{
+  Hacl_Hash_Blake2s_Simd128_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    sz = 64U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  if (chunk_len <= 64U - sz)
+  {
+    Hacl_Hash_Blake2s_Simd128_state_t s1 = *state;
+    Hacl_Hash_Blake2s_Simd128_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_Hash_Blake2s_Simd128_state_t s1 = *state;
+    Hacl_Hash_Blake2s_Simd128_block_state_t block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
+      Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2s_Simd128_update_multi(64U, wv, hash, prevlen, buf, nb);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
+    Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
+    uint32_t nb = data1_len / 64U;
+    Hacl_Hash_Blake2s_Simd128_update_multi(data1_len, wv, hash, total_len1, data1, nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_Blake2s_Simd128_state_t s1 = *state;
+    Hacl_Hash_Blake2s_Simd128_block_state_t block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 64U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_Simd128_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2
+        }
+      );
+    Hacl_Hash_Blake2s_Simd128_state_t s10 = *state;
+    Hacl_Hash_Blake2s_Simd128_block_state_t block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      uint64_t prevlen = total_len1 - (uint64_t)sz1;
+      Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
+      Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
+      uint32_t nb = 1U;
+      Hacl_Hash_Blake2s_Simd128_update_multi(64U, wv, hash, prevlen, buf, nb);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
+    Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
+    uint32_t nb = data1_len / 64U;
+    Hacl_Hash_Blake2s_Simd128_update_multi(data1_len, wv, hash, total_len1, data1, nb);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_Hash_Blake2s_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+/**
+  Finish function when there is no key
+*/
+void
+Hacl_Hash_Blake2s_Simd128_digest(Hacl_Hash_Blake2s_Simd128_state_t *state, uint8_t *output)
+{
+  Hacl_Hash_Blake2s_Simd128_state_t scrut = *state;
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint32_t r;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    r = 64U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  uint8_t *buf_1 = buf_;
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv0[4U] KRML_POST_ALIGN(16) = { 0U };
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b[4U] KRML_POST_ALIGN(16) = { 0U };
+  Hacl_Hash_Blake2s_Simd128_block_state_t tmp_block_state = { .fst = wv0, .snd = b };
+  Lib_IntVector_Intrinsics_vec128 *src_b = block_state.snd;
+  Lib_IntVector_Intrinsics_vec128 *dst_b = tmp_block_state.snd;
+  memcpy(dst_b, src_b, 4U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  uint64_t prev_len = total_len - (uint64_t)r;
+  uint32_t ite;
+  if (r % 64U == 0U && r > 0U)
+  {
+    ite = 64U;
+  }
+  else
+  {
+    ite = r % 64U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  Lib_IntVector_Intrinsics_vec128 *wv1 = tmp_block_state.fst;
+  Lib_IntVector_Intrinsics_vec128 *hash0 = tmp_block_state.snd;
+  uint32_t nb = 0U;
+  Hacl_Hash_Blake2s_Simd128_update_multi(0U, wv1, hash0, prev_len, buf_multi, nb);
+  uint64_t prev_len_last = total_len - (uint64_t)r;
+  Lib_IntVector_Intrinsics_vec128 *wv = tmp_block_state.fst;
+  Lib_IntVector_Intrinsics_vec128 *hash = tmp_block_state.snd;
+  Hacl_Hash_Blake2s_Simd128_update_last(r, wv, hash, prev_len_last, r, buf_last);
+  Hacl_Hash_Blake2s_Simd128_finish(32U, output, tmp_block_state.snd);
+}
+
+/**
+  Free state function when there is no key
+*/
+void Hacl_Hash_Blake2s_Simd128_free(Hacl_Hash_Blake2s_Simd128_state_t *state)
+{
+  Hacl_Hash_Blake2s_Simd128_state_t scrut = *state;
+  uint8_t *buf = scrut.buf;
+  Hacl_Hash_Blake2s_Simd128_block_state_t block_state = scrut.block_state;
+  Lib_IntVector_Intrinsics_vec128 *wv = block_state.fst;
+  Lib_IntVector_Intrinsics_vec128 *b = block_state.snd;
+  KRML_ALIGNED_FREE(wv);
+  KRML_ALIGNED_FREE(b);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+/**
+Write the BLAKE2s digest of message `input` using key `key` into `output`.
+
+@param output Pointer to `output_len` bytes of memory where the digest is written to.
+@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32.
+@param input Pointer to `input_len` bytes of memory where the input message is read from.
+@param input_len Length of the input message.
+@param key Pointer to `key_len` bytes of memory where the key is read from.
+@param key_len Length of the key. Can be 0.
+*/
+void
+Hacl_Hash_Blake2s_Simd128_hash_with_key(
+  uint8_t *output,
+  uint32_t output_len,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key,
+  uint32_t key_len
+)
+{
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b[4U] KRML_POST_ALIGN(16) = { 0U };
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b1[4U] KRML_POST_ALIGN(16) = { 0U };
+  Hacl_Hash_Blake2s_Simd128_init(b, key_len, output_len);
+  update(b1, b, key_len, key, input_len, input);
+  Hacl_Hash_Blake2s_Simd128_finish(output_len, output, b);
+  Lib_Memzero0_memzero(b1, 4U, Lib_IntVector_Intrinsics_vec128);
+  Lib_Memzero0_memzero(b, 4U, Lib_IntVector_Intrinsics_vec128);
+}
+
diff --git a/src/msvc/Hacl_Hash_MD5.c b/src/msvc/Hacl_Hash_MD5.c
index 222ac824..ed294839 100644
--- a/src/msvc/Hacl_Hash_MD5.c
+++ b/src/msvc/Hacl_Hash_MD5.c
@@ -25,37 +25,29 @@
 
 #include "internal/Hacl_Hash_MD5.h"
 
-static uint32_t
-_h0[4U] =
-  { (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U };
+static uint32_t _h0[4U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U };
 
 static uint32_t
 _t[64U] =
   {
-    (uint32_t)0xd76aa478U, (uint32_t)0xe8c7b756U, (uint32_t)0x242070dbU, (uint32_t)0xc1bdceeeU,
-    (uint32_t)0xf57c0fafU, (uint32_t)0x4787c62aU, (uint32_t)0xa8304613U, (uint32_t)0xfd469501U,
-    (uint32_t)0x698098d8U, (uint32_t)0x8b44f7afU, (uint32_t)0xffff5bb1U, (uint32_t)0x895cd7beU,
-    (uint32_t)0x6b901122U, (uint32_t)0xfd987193U, (uint32_t)0xa679438eU, (uint32_t)0x49b40821U,
-    (uint32_t)0xf61e2562U, (uint32_t)0xc040b340U, (uint32_t)0x265e5a51U, (uint32_t)0xe9b6c7aaU,
-    (uint32_t)0xd62f105dU, (uint32_t)0x02441453U, (uint32_t)0xd8a1e681U, (uint32_t)0xe7d3fbc8U,
-    (uint32_t)0x21e1cde6U, (uint32_t)0xc33707d6U, (uint32_t)0xf4d50d87U, (uint32_t)0x455a14edU,
-    (uint32_t)0xa9e3e905U, (uint32_t)0xfcefa3f8U, (uint32_t)0x676f02d9U, (uint32_t)0x8d2a4c8aU,
-    (uint32_t)0xfffa3942U, (uint32_t)0x8771f681U, (uint32_t)0x6d9d6122U, (uint32_t)0xfde5380cU,
-    (uint32_t)0xa4beea44U, (uint32_t)0x4bdecfa9U, (uint32_t)0xf6bb4b60U, (uint32_t)0xbebfbc70U,
-    (uint32_t)0x289b7ec6U, (uint32_t)0xeaa127faU, (uint32_t)0xd4ef3085U, (uint32_t)0x4881d05U,
-    (uint32_t)0xd9d4d039U, (uint32_t)0xe6db99e5U, (uint32_t)0x1fa27cf8U, (uint32_t)0xc4ac5665U,
-    (uint32_t)0xf4292244U, (uint32_t)0x432aff97U, (uint32_t)0xab9423a7U, (uint32_t)0xfc93a039U,
-    (uint32_t)0x655b59c3U, (uint32_t)0x8f0ccc92U, (uint32_t)0xffeff47dU, (uint32_t)0x85845dd1U,
-    (uint32_t)0x6fa87e4fU, (uint32_t)0xfe2ce6e0U, (uint32_t)0xa3014314U, (uint32_t)0x4e0811a1U,
-    (uint32_t)0xf7537e82U, (uint32_t)0xbd3af235U, (uint32_t)0x2ad7d2bbU, (uint32_t)0xeb86d391U
+    0xd76aa478U, 0xe8c7b756U, 0x242070dbU, 0xc1bdceeeU, 0xf57c0fafU, 0x4787c62aU, 0xa8304613U,
+    0xfd469501U, 0x698098d8U, 0x8b44f7afU, 0xffff5bb1U, 0x895cd7beU, 0x6b901122U, 0xfd987193U,
+    0xa679438eU, 0x49b40821U, 0xf61e2562U, 0xc040b340U, 0x265e5a51U, 0xe9b6c7aaU, 0xd62f105dU,
+    0x02441453U, 0xd8a1e681U, 0xe7d3fbc8U, 0x21e1cde6U, 0xc33707d6U, 0xf4d50d87U, 0x455a14edU,
+    0xa9e3e905U, 0xfcefa3f8U, 0x676f02d9U, 0x8d2a4c8aU, 0xfffa3942U, 0x8771f681U, 0x6d9d6122U,
+    0xfde5380cU, 0xa4beea44U, 0x4bdecfa9U, 0xf6bb4b60U, 0xbebfbc70U, 0x289b7ec6U, 0xeaa127faU,
+    0xd4ef3085U, 0x4881d05U, 0xd9d4d039U, 0xe6db99e5U, 0x1fa27cf8U, 0xc4ac5665U, 0xf4292244U,
+    0x432aff97U, 0xab9423a7U, 0xfc93a039U, 0x655b59c3U, 0x8f0ccc92U, 0xffeff47dU, 0x85845dd1U,
+    0x6fa87e4fU, 0xfe2ce6e0U, 0xa3014314U, 0x4e0811a1U, 0xf7537e82U, 0xbd3af235U, 0x2ad7d2bbU,
+    0xeb86d391U
   };
 
-void Hacl_Hash_Core_MD5_legacy_init(uint32_t *s)
+void Hacl_Hash_MD5_init(uint32_t *s)
 {
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, s[i] = _h0[i];);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, s[i] = _h0[i];);
 }
 
-static void legacy_update(uint32_t *abcd, uint8_t *x)
+static void update(uint32_t *abcd, uint8_t *x)
 {
   uint32_t aa = abcd[0U];
   uint32_t bb = abcd[1U];
@@ -74,14 +66,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb0
     +
       ((va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0)
-      << (uint32_t)7U
-      | (va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0) >> (uint32_t)25U);
+      << 7U
+      | (va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0) >> 25U);
   abcd[0U] = v;
   uint32_t va0 = abcd[3U];
   uint32_t vb1 = abcd[0U];
   uint32_t vc1 = abcd[1U];
   uint32_t vd1 = abcd[2U];
-  uint8_t *b1 = x + (uint32_t)4U;
+  uint8_t *b1 = x + 4U;
   uint32_t u0 = load32_le(b1);
   uint32_t xk0 = u0;
   uint32_t ti1 = _t[1U];
@@ -90,14 +82,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb1
     +
       ((va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1)
-      << (uint32_t)12U
-      | (va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1) >> (uint32_t)20U);
+      << 12U
+      | (va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1) >> 20U);
   abcd[3U] = v0;
   uint32_t va1 = abcd[2U];
   uint32_t vb2 = abcd[3U];
   uint32_t vc2 = abcd[0U];
   uint32_t vd2 = abcd[1U];
-  uint8_t *b2 = x + (uint32_t)8U;
+  uint8_t *b2 = x + 8U;
   uint32_t u1 = load32_le(b2);
   uint32_t xk1 = u1;
   uint32_t ti2 = _t[2U];
@@ -106,14 +98,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb2
     +
       ((va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2)
-      << (uint32_t)17U
-      | (va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2) >> (uint32_t)15U);
+      << 17U
+      | (va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2) >> 15U);
   abcd[2U] = v1;
   uint32_t va2 = abcd[1U];
   uint32_t vb3 = abcd[2U];
   uint32_t vc3 = abcd[3U];
   uint32_t vd3 = abcd[0U];
-  uint8_t *b3 = x + (uint32_t)12U;
+  uint8_t *b3 = x + 12U;
   uint32_t u2 = load32_le(b3);
   uint32_t xk2 = u2;
   uint32_t ti3 = _t[3U];
@@ -122,14 +114,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb3
     +
       ((va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3)
-      << (uint32_t)22U
-      | (va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3) >> (uint32_t)10U);
+      << 22U
+      | (va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3) >> 10U);
   abcd[1U] = v2;
   uint32_t va3 = abcd[0U];
   uint32_t vb4 = abcd[1U];
   uint32_t vc4 = abcd[2U];
   uint32_t vd4 = abcd[3U];
-  uint8_t *b4 = x + (uint32_t)16U;
+  uint8_t *b4 = x + 16U;
   uint32_t u3 = load32_le(b4);
   uint32_t xk3 = u3;
   uint32_t ti4 = _t[4U];
@@ -138,14 +130,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb4
     +
       ((va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4)
-      << (uint32_t)7U
-      | (va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4) >> (uint32_t)25U);
+      << 7U
+      | (va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4) >> 25U);
   abcd[0U] = v3;
   uint32_t va4 = abcd[3U];
   uint32_t vb5 = abcd[0U];
   uint32_t vc5 = abcd[1U];
   uint32_t vd5 = abcd[2U];
-  uint8_t *b5 = x + (uint32_t)20U;
+  uint8_t *b5 = x + 20U;
   uint32_t u4 = load32_le(b5);
   uint32_t xk4 = u4;
   uint32_t ti5 = _t[5U];
@@ -154,14 +146,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb5
     +
       ((va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5)
-      << (uint32_t)12U
-      | (va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5) >> (uint32_t)20U);
+      << 12U
+      | (va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5) >> 20U);
   abcd[3U] = v4;
   uint32_t va5 = abcd[2U];
   uint32_t vb6 = abcd[3U];
   uint32_t vc6 = abcd[0U];
   uint32_t vd6 = abcd[1U];
-  uint8_t *b6 = x + (uint32_t)24U;
+  uint8_t *b6 = x + 24U;
   uint32_t u5 = load32_le(b6);
   uint32_t xk5 = u5;
   uint32_t ti6 = _t[6U];
@@ -170,14 +162,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb6
     +
       ((va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6)
-      << (uint32_t)17U
-      | (va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6) >> (uint32_t)15U);
+      << 17U
+      | (va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6) >> 15U);
   abcd[2U] = v5;
   uint32_t va6 = abcd[1U];
   uint32_t vb7 = abcd[2U];
   uint32_t vc7 = abcd[3U];
   uint32_t vd7 = abcd[0U];
-  uint8_t *b7 = x + (uint32_t)28U;
+  uint8_t *b7 = x + 28U;
   uint32_t u6 = load32_le(b7);
   uint32_t xk6 = u6;
   uint32_t ti7 = _t[7U];
@@ -186,14 +178,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb7
     +
       ((va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7)
-      << (uint32_t)22U
-      | (va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7) >> (uint32_t)10U);
+      << 22U
+      | (va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7) >> 10U);
   abcd[1U] = v6;
   uint32_t va7 = abcd[0U];
   uint32_t vb8 = abcd[1U];
   uint32_t vc8 = abcd[2U];
   uint32_t vd8 = abcd[3U];
-  uint8_t *b8 = x + (uint32_t)32U;
+  uint8_t *b8 = x + 32U;
   uint32_t u7 = load32_le(b8);
   uint32_t xk7 = u7;
   uint32_t ti8 = _t[8U];
@@ -202,14 +194,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb8
     +
       ((va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8)
-      << (uint32_t)7U
-      | (va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8) >> (uint32_t)25U);
+      << 7U
+      | (va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8) >> 25U);
   abcd[0U] = v7;
   uint32_t va8 = abcd[3U];
   uint32_t vb9 = abcd[0U];
   uint32_t vc9 = abcd[1U];
   uint32_t vd9 = abcd[2U];
-  uint8_t *b9 = x + (uint32_t)36U;
+  uint8_t *b9 = x + 36U;
   uint32_t u8 = load32_le(b9);
   uint32_t xk8 = u8;
   uint32_t ti9 = _t[9U];
@@ -218,14 +210,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb9
     +
       ((va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9)
-      << (uint32_t)12U
-      | (va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9) >> (uint32_t)20U);
+      << 12U
+      | (va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9) >> 20U);
   abcd[3U] = v8;
   uint32_t va9 = abcd[2U];
   uint32_t vb10 = abcd[3U];
   uint32_t vc10 = abcd[0U];
   uint32_t vd10 = abcd[1U];
-  uint8_t *b10 = x + (uint32_t)40U;
+  uint8_t *b10 = x + 40U;
   uint32_t u9 = load32_le(b10);
   uint32_t xk9 = u9;
   uint32_t ti10 = _t[10U];
@@ -234,14 +226,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb10
     +
       ((va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10)
-      << (uint32_t)17U
-      | (va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10) >> (uint32_t)15U);
+      << 17U
+      | (va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10) >> 15U);
   abcd[2U] = v9;
   uint32_t va10 = abcd[1U];
   uint32_t vb11 = abcd[2U];
   uint32_t vc11 = abcd[3U];
   uint32_t vd11 = abcd[0U];
-  uint8_t *b11 = x + (uint32_t)44U;
+  uint8_t *b11 = x + 44U;
   uint32_t u10 = load32_le(b11);
   uint32_t xk10 = u10;
   uint32_t ti11 = _t[11U];
@@ -250,14 +242,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb11
     +
       ((va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11)
-      << (uint32_t)22U
-      | (va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11) >> (uint32_t)10U);
+      << 22U
+      | (va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11) >> 10U);
   abcd[1U] = v10;
   uint32_t va11 = abcd[0U];
   uint32_t vb12 = abcd[1U];
   uint32_t vc12 = abcd[2U];
   uint32_t vd12 = abcd[3U];
-  uint8_t *b12 = x + (uint32_t)48U;
+  uint8_t *b12 = x + 48U;
   uint32_t u11 = load32_le(b12);
   uint32_t xk11 = u11;
   uint32_t ti12 = _t[12U];
@@ -266,14 +258,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb12
     +
       ((va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12)
-      << (uint32_t)7U
-      | (va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12) >> (uint32_t)25U);
+      << 7U
+      | (va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12) >> 25U);
   abcd[0U] = v11;
   uint32_t va12 = abcd[3U];
   uint32_t vb13 = abcd[0U];
   uint32_t vc13 = abcd[1U];
   uint32_t vd13 = abcd[2U];
-  uint8_t *b13 = x + (uint32_t)52U;
+  uint8_t *b13 = x + 52U;
   uint32_t u12 = load32_le(b13);
   uint32_t xk12 = u12;
   uint32_t ti13 = _t[13U];
@@ -282,14 +274,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb13
     +
       ((va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13)
-      << (uint32_t)12U
-      | (va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13) >> (uint32_t)20U);
+      << 12U
+      | (va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13) >> 20U);
   abcd[3U] = v12;
   uint32_t va13 = abcd[2U];
   uint32_t vb14 = abcd[3U];
   uint32_t vc14 = abcd[0U];
   uint32_t vd14 = abcd[1U];
-  uint8_t *b14 = x + (uint32_t)56U;
+  uint8_t *b14 = x + 56U;
   uint32_t u13 = load32_le(b14);
   uint32_t xk13 = u13;
   uint32_t ti14 = _t[14U];
@@ -298,14 +290,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb14
     +
       ((va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14)
-      << (uint32_t)17U
-      | (va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14) >> (uint32_t)15U);
+      << 17U
+      | (va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14) >> 15U);
   abcd[2U] = v13;
   uint32_t va14 = abcd[1U];
   uint32_t vb15 = abcd[2U];
   uint32_t vc15 = abcd[3U];
   uint32_t vd15 = abcd[0U];
-  uint8_t *b15 = x + (uint32_t)60U;
+  uint8_t *b15 = x + 60U;
   uint32_t u14 = load32_le(b15);
   uint32_t xk14 = u14;
   uint32_t ti15 = _t[15U];
@@ -314,14 +306,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb15
     +
       ((va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15)
-      << (uint32_t)22U
-      | (va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15) >> (uint32_t)10U);
+      << 22U
+      | (va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15) >> 10U);
   abcd[1U] = v14;
   uint32_t va15 = abcd[0U];
   uint32_t vb16 = abcd[1U];
   uint32_t vc16 = abcd[2U];
   uint32_t vd16 = abcd[3U];
-  uint8_t *b16 = x + (uint32_t)4U;
+  uint8_t *b16 = x + 4U;
   uint32_t u15 = load32_le(b16);
   uint32_t xk15 = u15;
   uint32_t ti16 = _t[16U];
@@ -330,14 +322,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb16
     +
       ((va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16)
-      << (uint32_t)5U
-      | (va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16) >> (uint32_t)27U);
+      << 5U
+      | (va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16) >> 27U);
   abcd[0U] = v15;
   uint32_t va16 = abcd[3U];
   uint32_t vb17 = abcd[0U];
   uint32_t vc17 = abcd[1U];
   uint32_t vd17 = abcd[2U];
-  uint8_t *b17 = x + (uint32_t)24U;
+  uint8_t *b17 = x + 24U;
   uint32_t u16 = load32_le(b17);
   uint32_t xk16 = u16;
   uint32_t ti17 = _t[17U];
@@ -346,14 +338,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb17
     +
       ((va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17)
-      << (uint32_t)9U
-      | (va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17) >> (uint32_t)23U);
+      << 9U
+      | (va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17) >> 23U);
   abcd[3U] = v16;
   uint32_t va17 = abcd[2U];
   uint32_t vb18 = abcd[3U];
   uint32_t vc18 = abcd[0U];
   uint32_t vd18 = abcd[1U];
-  uint8_t *b18 = x + (uint32_t)44U;
+  uint8_t *b18 = x + 44U;
   uint32_t u17 = load32_le(b18);
   uint32_t xk17 = u17;
   uint32_t ti18 = _t[18U];
@@ -362,8 +354,8 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb18
     +
       ((va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18)
-      << (uint32_t)14U
-      | (va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18) >> (uint32_t)18U);
+      << 14U
+      | (va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18) >> 18U);
   abcd[2U] = v17;
   uint32_t va18 = abcd[1U];
   uint32_t vb19 = abcd[2U];
@@ -378,14 +370,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb19
     +
       ((va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19)
-      << (uint32_t)20U
-      | (va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19) >> (uint32_t)12U);
+      << 20U
+      | (va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19) >> 12U);
   abcd[1U] = v18;
   uint32_t va19 = abcd[0U];
   uint32_t vb20 = abcd[1U];
   uint32_t vc20 = abcd[2U];
   uint32_t vd20 = abcd[3U];
-  uint8_t *b20 = x + (uint32_t)20U;
+  uint8_t *b20 = x + 20U;
   uint32_t u19 = load32_le(b20);
   uint32_t xk19 = u19;
   uint32_t ti20 = _t[20U];
@@ -394,14 +386,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb20
     +
       ((va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20)
-      << (uint32_t)5U
-      | (va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20) >> (uint32_t)27U);
+      << 5U
+      | (va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20) >> 27U);
   abcd[0U] = v19;
   uint32_t va20 = abcd[3U];
   uint32_t vb21 = abcd[0U];
   uint32_t vc21 = abcd[1U];
   uint32_t vd21 = abcd[2U];
-  uint8_t *b21 = x + (uint32_t)40U;
+  uint8_t *b21 = x + 40U;
   uint32_t u20 = load32_le(b21);
   uint32_t xk20 = u20;
   uint32_t ti21 = _t[21U];
@@ -410,14 +402,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb21
     +
       ((va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21)
-      << (uint32_t)9U
-      | (va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21) >> (uint32_t)23U);
+      << 9U
+      | (va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21) >> 23U);
   abcd[3U] = v20;
   uint32_t va21 = abcd[2U];
   uint32_t vb22 = abcd[3U];
   uint32_t vc22 = abcd[0U];
   uint32_t vd22 = abcd[1U];
-  uint8_t *b22 = x + (uint32_t)60U;
+  uint8_t *b22 = x + 60U;
   uint32_t u21 = load32_le(b22);
   uint32_t xk21 = u21;
   uint32_t ti22 = _t[22U];
@@ -426,14 +418,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb22
     +
       ((va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22)
-      << (uint32_t)14U
-      | (va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22) >> (uint32_t)18U);
+      << 14U
+      | (va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22) >> 18U);
   abcd[2U] = v21;
   uint32_t va22 = abcd[1U];
   uint32_t vb23 = abcd[2U];
   uint32_t vc23 = abcd[3U];
   uint32_t vd23 = abcd[0U];
-  uint8_t *b23 = x + (uint32_t)16U;
+  uint8_t *b23 = x + 16U;
   uint32_t u22 = load32_le(b23);
   uint32_t xk22 = u22;
   uint32_t ti23 = _t[23U];
@@ -442,14 +434,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb23
     +
       ((va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23)
-      << (uint32_t)20U
-      | (va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23) >> (uint32_t)12U);
+      << 20U
+      | (va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23) >> 12U);
   abcd[1U] = v22;
   uint32_t va23 = abcd[0U];
   uint32_t vb24 = abcd[1U];
   uint32_t vc24 = abcd[2U];
   uint32_t vd24 = abcd[3U];
-  uint8_t *b24 = x + (uint32_t)36U;
+  uint8_t *b24 = x + 36U;
   uint32_t u23 = load32_le(b24);
   uint32_t xk23 = u23;
   uint32_t ti24 = _t[24U];
@@ -458,14 +450,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb24
     +
       ((va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24)
-      << (uint32_t)5U
-      | (va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24) >> (uint32_t)27U);
+      << 5U
+      | (va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24) >> 27U);
   abcd[0U] = v23;
   uint32_t va24 = abcd[3U];
   uint32_t vb25 = abcd[0U];
   uint32_t vc25 = abcd[1U];
   uint32_t vd25 = abcd[2U];
-  uint8_t *b25 = x + (uint32_t)56U;
+  uint8_t *b25 = x + 56U;
   uint32_t u24 = load32_le(b25);
   uint32_t xk24 = u24;
   uint32_t ti25 = _t[25U];
@@ -474,14 +466,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb25
     +
       ((va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25)
-      << (uint32_t)9U
-      | (va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25) >> (uint32_t)23U);
+      << 9U
+      | (va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25) >> 23U);
   abcd[3U] = v24;
   uint32_t va25 = abcd[2U];
   uint32_t vb26 = abcd[3U];
   uint32_t vc26 = abcd[0U];
   uint32_t vd26 = abcd[1U];
-  uint8_t *b26 = x + (uint32_t)12U;
+  uint8_t *b26 = x + 12U;
   uint32_t u25 = load32_le(b26);
   uint32_t xk25 = u25;
   uint32_t ti26 = _t[26U];
@@ -490,14 +482,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb26
     +
       ((va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26)
-      << (uint32_t)14U
-      | (va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26) >> (uint32_t)18U);
+      << 14U
+      | (va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26) >> 18U);
   abcd[2U] = v25;
   uint32_t va26 = abcd[1U];
   uint32_t vb27 = abcd[2U];
   uint32_t vc27 = abcd[3U];
   uint32_t vd27 = abcd[0U];
-  uint8_t *b27 = x + (uint32_t)32U;
+  uint8_t *b27 = x + 32U;
   uint32_t u26 = load32_le(b27);
   uint32_t xk26 = u26;
   uint32_t ti27 = _t[27U];
@@ -506,14 +498,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb27
     +
       ((va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27)
-      << (uint32_t)20U
-      | (va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27) >> (uint32_t)12U);
+      << 20U
+      | (va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27) >> 12U);
   abcd[1U] = v26;
   uint32_t va27 = abcd[0U];
   uint32_t vb28 = abcd[1U];
   uint32_t vc28 = abcd[2U];
   uint32_t vd28 = abcd[3U];
-  uint8_t *b28 = x + (uint32_t)52U;
+  uint8_t *b28 = x + 52U;
   uint32_t u27 = load32_le(b28);
   uint32_t xk27 = u27;
   uint32_t ti28 = _t[28U];
@@ -522,14 +514,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb28
     +
       ((va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28)
-      << (uint32_t)5U
-      | (va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28) >> (uint32_t)27U);
+      << 5U
+      | (va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28) >> 27U);
   abcd[0U] = v27;
   uint32_t va28 = abcd[3U];
   uint32_t vb29 = abcd[0U];
   uint32_t vc29 = abcd[1U];
   uint32_t vd29 = abcd[2U];
-  uint8_t *b29 = x + (uint32_t)8U;
+  uint8_t *b29 = x + 8U;
   uint32_t u28 = load32_le(b29);
   uint32_t xk28 = u28;
   uint32_t ti29 = _t[29U];
@@ -538,14 +530,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb29
     +
       ((va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29)
-      << (uint32_t)9U
-      | (va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29) >> (uint32_t)23U);
+      << 9U
+      | (va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29) >> 23U);
   abcd[3U] = v28;
   uint32_t va29 = abcd[2U];
   uint32_t vb30 = abcd[3U];
   uint32_t vc30 = abcd[0U];
   uint32_t vd30 = abcd[1U];
-  uint8_t *b30 = x + (uint32_t)28U;
+  uint8_t *b30 = x + 28U;
   uint32_t u29 = load32_le(b30);
   uint32_t xk29 = u29;
   uint32_t ti30 = _t[30U];
@@ -554,14 +546,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb30
     +
       ((va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30)
-      << (uint32_t)14U
-      | (va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30) >> (uint32_t)18U);
+      << 14U
+      | (va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30) >> 18U);
   abcd[2U] = v29;
   uint32_t va30 = abcd[1U];
   uint32_t vb31 = abcd[2U];
   uint32_t vc31 = abcd[3U];
   uint32_t vd31 = abcd[0U];
-  uint8_t *b31 = x + (uint32_t)48U;
+  uint8_t *b31 = x + 48U;
   uint32_t u30 = load32_le(b31);
   uint32_t xk30 = u30;
   uint32_t ti31 = _t[31U];
@@ -570,14 +562,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb31
     +
       ((va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31)
-      << (uint32_t)20U
-      | (va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31) >> (uint32_t)12U);
+      << 20U
+      | (va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31) >> 12U);
   abcd[1U] = v30;
   uint32_t va31 = abcd[0U];
   uint32_t vb32 = abcd[1U];
   uint32_t vc32 = abcd[2U];
   uint32_t vd32 = abcd[3U];
-  uint8_t *b32 = x + (uint32_t)20U;
+  uint8_t *b32 = x + 20U;
   uint32_t u31 = load32_le(b32);
   uint32_t xk31 = u31;
   uint32_t ti32 = _t[32U];
@@ -586,14 +578,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb32
     +
       ((va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32)
-      << (uint32_t)4U
-      | (va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32) >> (uint32_t)28U);
+      << 4U
+      | (va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32) >> 28U);
   abcd[0U] = v31;
   uint32_t va32 = abcd[3U];
   uint32_t vb33 = abcd[0U];
   uint32_t vc33 = abcd[1U];
   uint32_t vd33 = abcd[2U];
-  uint8_t *b33 = x + (uint32_t)32U;
+  uint8_t *b33 = x + 32U;
   uint32_t u32 = load32_le(b33);
   uint32_t xk32 = u32;
   uint32_t ti33 = _t[33U];
@@ -602,14 +594,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb33
     +
       ((va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33)
-      << (uint32_t)11U
-      | (va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33) >> (uint32_t)21U);
+      << 11U
+      | (va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33) >> 21U);
   abcd[3U] = v32;
   uint32_t va33 = abcd[2U];
   uint32_t vb34 = abcd[3U];
   uint32_t vc34 = abcd[0U];
   uint32_t vd34 = abcd[1U];
-  uint8_t *b34 = x + (uint32_t)44U;
+  uint8_t *b34 = x + 44U;
   uint32_t u33 = load32_le(b34);
   uint32_t xk33 = u33;
   uint32_t ti34 = _t[34U];
@@ -618,14 +610,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb34
     +
       ((va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34)
-      << (uint32_t)16U
-      | (va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34) >> (uint32_t)16U);
+      << 16U
+      | (va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34) >> 16U);
   abcd[2U] = v33;
   uint32_t va34 = abcd[1U];
   uint32_t vb35 = abcd[2U];
   uint32_t vc35 = abcd[3U];
   uint32_t vd35 = abcd[0U];
-  uint8_t *b35 = x + (uint32_t)56U;
+  uint8_t *b35 = x + 56U;
   uint32_t u34 = load32_le(b35);
   uint32_t xk34 = u34;
   uint32_t ti35 = _t[35U];
@@ -634,14 +626,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb35
     +
       ((va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35)
-      << (uint32_t)23U
-      | (va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35) >> (uint32_t)9U);
+      << 23U
+      | (va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35) >> 9U);
   abcd[1U] = v34;
   uint32_t va35 = abcd[0U];
   uint32_t vb36 = abcd[1U];
   uint32_t vc36 = abcd[2U];
   uint32_t vd36 = abcd[3U];
-  uint8_t *b36 = x + (uint32_t)4U;
+  uint8_t *b36 = x + 4U;
   uint32_t u35 = load32_le(b36);
   uint32_t xk35 = u35;
   uint32_t ti36 = _t[36U];
@@ -650,14 +642,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb36
     +
       ((va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36)
-      << (uint32_t)4U
-      | (va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36) >> (uint32_t)28U);
+      << 4U
+      | (va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36) >> 28U);
   abcd[0U] = v35;
   uint32_t va36 = abcd[3U];
   uint32_t vb37 = abcd[0U];
   uint32_t vc37 = abcd[1U];
   uint32_t vd37 = abcd[2U];
-  uint8_t *b37 = x + (uint32_t)16U;
+  uint8_t *b37 = x + 16U;
   uint32_t u36 = load32_le(b37);
   uint32_t xk36 = u36;
   uint32_t ti37 = _t[37U];
@@ -666,14 +658,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb37
     +
       ((va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37)
-      << (uint32_t)11U
-      | (va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37) >> (uint32_t)21U);
+      << 11U
+      | (va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37) >> 21U);
   abcd[3U] = v36;
   uint32_t va37 = abcd[2U];
   uint32_t vb38 = abcd[3U];
   uint32_t vc38 = abcd[0U];
   uint32_t vd38 = abcd[1U];
-  uint8_t *b38 = x + (uint32_t)28U;
+  uint8_t *b38 = x + 28U;
   uint32_t u37 = load32_le(b38);
   uint32_t xk37 = u37;
   uint32_t ti38 = _t[38U];
@@ -682,14 +674,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb38
     +
       ((va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38)
-      << (uint32_t)16U
-      | (va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38) >> (uint32_t)16U);
+      << 16U
+      | (va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38) >> 16U);
   abcd[2U] = v37;
   uint32_t va38 = abcd[1U];
   uint32_t vb39 = abcd[2U];
   uint32_t vc39 = abcd[3U];
   uint32_t vd39 = abcd[0U];
-  uint8_t *b39 = x + (uint32_t)40U;
+  uint8_t *b39 = x + 40U;
   uint32_t u38 = load32_le(b39);
   uint32_t xk38 = u38;
   uint32_t ti39 = _t[39U];
@@ -698,14 +690,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb39
     +
       ((va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39)
-      << (uint32_t)23U
-      | (va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39) >> (uint32_t)9U);
+      << 23U
+      | (va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39) >> 9U);
   abcd[1U] = v38;
   uint32_t va39 = abcd[0U];
   uint32_t vb40 = abcd[1U];
   uint32_t vc40 = abcd[2U];
   uint32_t vd40 = abcd[3U];
-  uint8_t *b40 = x + (uint32_t)52U;
+  uint8_t *b40 = x + 52U;
   uint32_t u39 = load32_le(b40);
   uint32_t xk39 = u39;
   uint32_t ti40 = _t[40U];
@@ -714,8 +706,8 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb40
     +
       ((va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40)
-      << (uint32_t)4U
-      | (va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40) >> (uint32_t)28U);
+      << 4U
+      | (va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40) >> 28U);
   abcd[0U] = v39;
   uint32_t va40 = abcd[3U];
   uint32_t vb41 = abcd[0U];
@@ -730,14 +722,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb41
     +
       ((va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41)
-      << (uint32_t)11U
-      | (va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41) >> (uint32_t)21U);
+      << 11U
+      | (va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41) >> 21U);
   abcd[3U] = v40;
   uint32_t va41 = abcd[2U];
   uint32_t vb42 = abcd[3U];
   uint32_t vc42 = abcd[0U];
   uint32_t vd42 = abcd[1U];
-  uint8_t *b42 = x + (uint32_t)12U;
+  uint8_t *b42 = x + 12U;
   uint32_t u41 = load32_le(b42);
   uint32_t xk41 = u41;
   uint32_t ti42 = _t[42U];
@@ -746,14 +738,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb42
     +
       ((va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42)
-      << (uint32_t)16U
-      | (va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42) >> (uint32_t)16U);
+      << 16U
+      | (va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42) >> 16U);
   abcd[2U] = v41;
   uint32_t va42 = abcd[1U];
   uint32_t vb43 = abcd[2U];
   uint32_t vc43 = abcd[3U];
   uint32_t vd43 = abcd[0U];
-  uint8_t *b43 = x + (uint32_t)24U;
+  uint8_t *b43 = x + 24U;
   uint32_t u42 = load32_le(b43);
   uint32_t xk42 = u42;
   uint32_t ti43 = _t[43U];
@@ -762,14 +754,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb43
     +
       ((va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43)
-      << (uint32_t)23U
-      | (va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43) >> (uint32_t)9U);
+      << 23U
+      | (va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43) >> 9U);
   abcd[1U] = v42;
   uint32_t va43 = abcd[0U];
   uint32_t vb44 = abcd[1U];
   uint32_t vc44 = abcd[2U];
   uint32_t vd44 = abcd[3U];
-  uint8_t *b44 = x + (uint32_t)36U;
+  uint8_t *b44 = x + 36U;
   uint32_t u43 = load32_le(b44);
   uint32_t xk43 = u43;
   uint32_t ti44 = _t[44U];
@@ -778,14 +770,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb44
     +
       ((va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44)
-      << (uint32_t)4U
-      | (va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44) >> (uint32_t)28U);
+      << 4U
+      | (va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44) >> 28U);
   abcd[0U] = v43;
   uint32_t va44 = abcd[3U];
   uint32_t vb45 = abcd[0U];
   uint32_t vc45 = abcd[1U];
   uint32_t vd45 = abcd[2U];
-  uint8_t *b45 = x + (uint32_t)48U;
+  uint8_t *b45 = x + 48U;
   uint32_t u44 = load32_le(b45);
   uint32_t xk44 = u44;
   uint32_t ti45 = _t[45U];
@@ -794,14 +786,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb45
     +
       ((va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45)
-      << (uint32_t)11U
-      | (va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45) >> (uint32_t)21U);
+      << 11U
+      | (va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45) >> 21U);
   abcd[3U] = v44;
   uint32_t va45 = abcd[2U];
   uint32_t vb46 = abcd[3U];
   uint32_t vc46 = abcd[0U];
   uint32_t vd46 = abcd[1U];
-  uint8_t *b46 = x + (uint32_t)60U;
+  uint8_t *b46 = x + 60U;
   uint32_t u45 = load32_le(b46);
   uint32_t xk45 = u45;
   uint32_t ti46 = _t[46U];
@@ -810,14 +802,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb46
     +
       ((va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46)
-      << (uint32_t)16U
-      | (va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46) >> (uint32_t)16U);
+      << 16U
+      | (va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46) >> 16U);
   abcd[2U] = v45;
   uint32_t va46 = abcd[1U];
   uint32_t vb47 = abcd[2U];
   uint32_t vc47 = abcd[3U];
   uint32_t vd47 = abcd[0U];
-  uint8_t *b47 = x + (uint32_t)8U;
+  uint8_t *b47 = x + 8U;
   uint32_t u46 = load32_le(b47);
   uint32_t xk46 = u46;
   uint32_t ti47 = _t[47U];
@@ -826,8 +818,8 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb47
     +
       ((va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47)
-      << (uint32_t)23U
-      | (va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47) >> (uint32_t)9U);
+      << 23U
+      | (va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47) >> 9U);
   abcd[1U] = v46;
   uint32_t va47 = abcd[0U];
   uint32_t vb48 = abcd[1U];
@@ -842,14 +834,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb48
     +
       ((va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48)
-      << (uint32_t)6U
-      | (va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48) >> (uint32_t)26U);
+      << 6U
+      | (va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48) >> 26U);
   abcd[0U] = v47;
   uint32_t va48 = abcd[3U];
   uint32_t vb49 = abcd[0U];
   uint32_t vc49 = abcd[1U];
   uint32_t vd49 = abcd[2U];
-  uint8_t *b49 = x + (uint32_t)28U;
+  uint8_t *b49 = x + 28U;
   uint32_t u48 = load32_le(b49);
   uint32_t xk48 = u48;
   uint32_t ti49 = _t[49U];
@@ -858,14 +850,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb49
     +
       ((va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49)
-      << (uint32_t)10U
-      | (va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49) >> (uint32_t)22U);
+      << 10U
+      | (va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49) >> 22U);
   abcd[3U] = v48;
   uint32_t va49 = abcd[2U];
   uint32_t vb50 = abcd[3U];
   uint32_t vc50 = abcd[0U];
   uint32_t vd50 = abcd[1U];
-  uint8_t *b50 = x + (uint32_t)56U;
+  uint8_t *b50 = x + 56U;
   uint32_t u49 = load32_le(b50);
   uint32_t xk49 = u49;
   uint32_t ti50 = _t[50U];
@@ -874,14 +866,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb50
     +
       ((va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50)
-      << (uint32_t)15U
-      | (va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50) >> (uint32_t)17U);
+      << 15U
+      | (va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50) >> 17U);
   abcd[2U] = v49;
   uint32_t va50 = abcd[1U];
   uint32_t vb51 = abcd[2U];
   uint32_t vc51 = abcd[3U];
   uint32_t vd51 = abcd[0U];
-  uint8_t *b51 = x + (uint32_t)20U;
+  uint8_t *b51 = x + 20U;
   uint32_t u50 = load32_le(b51);
   uint32_t xk50 = u50;
   uint32_t ti51 = _t[51U];
@@ -890,14 +882,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb51
     +
       ((va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51)
-      << (uint32_t)21U
-      | (va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51) >> (uint32_t)11U);
+      << 21U
+      | (va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51) >> 11U);
   abcd[1U] = v50;
   uint32_t va51 = abcd[0U];
   uint32_t vb52 = abcd[1U];
   uint32_t vc52 = abcd[2U];
   uint32_t vd52 = abcd[3U];
-  uint8_t *b52 = x + (uint32_t)48U;
+  uint8_t *b52 = x + 48U;
   uint32_t u51 = load32_le(b52);
   uint32_t xk51 = u51;
   uint32_t ti52 = _t[52U];
@@ -906,14 +898,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb52
     +
       ((va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52)
-      << (uint32_t)6U
-      | (va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52) >> (uint32_t)26U);
+      << 6U
+      | (va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52) >> 26U);
   abcd[0U] = v51;
   uint32_t va52 = abcd[3U];
   uint32_t vb53 = abcd[0U];
   uint32_t vc53 = abcd[1U];
   uint32_t vd53 = abcd[2U];
-  uint8_t *b53 = x + (uint32_t)12U;
+  uint8_t *b53 = x + 12U;
   uint32_t u52 = load32_le(b53);
   uint32_t xk52 = u52;
   uint32_t ti53 = _t[53U];
@@ -922,14 +914,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb53
     +
       ((va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53)
-      << (uint32_t)10U
-      | (va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53) >> (uint32_t)22U);
+      << 10U
+      | (va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53) >> 22U);
   abcd[3U] = v52;
   uint32_t va53 = abcd[2U];
   uint32_t vb54 = abcd[3U];
   uint32_t vc54 = abcd[0U];
   uint32_t vd54 = abcd[1U];
-  uint8_t *b54 = x + (uint32_t)40U;
+  uint8_t *b54 = x + 40U;
   uint32_t u53 = load32_le(b54);
   uint32_t xk53 = u53;
   uint32_t ti54 = _t[54U];
@@ -938,14 +930,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb54
     +
       ((va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54)
-      << (uint32_t)15U
-      | (va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54) >> (uint32_t)17U);
+      << 15U
+      | (va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54) >> 17U);
   abcd[2U] = v53;
   uint32_t va54 = abcd[1U];
   uint32_t vb55 = abcd[2U];
   uint32_t vc55 = abcd[3U];
   uint32_t vd55 = abcd[0U];
-  uint8_t *b55 = x + (uint32_t)4U;
+  uint8_t *b55 = x + 4U;
   uint32_t u54 = load32_le(b55);
   uint32_t xk54 = u54;
   uint32_t ti55 = _t[55U];
@@ -954,14 +946,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb55
     +
       ((va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55)
-      << (uint32_t)21U
-      | (va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55) >> (uint32_t)11U);
+      << 21U
+      | (va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55) >> 11U);
   abcd[1U] = v54;
   uint32_t va55 = abcd[0U];
   uint32_t vb56 = abcd[1U];
   uint32_t vc56 = abcd[2U];
   uint32_t vd56 = abcd[3U];
-  uint8_t *b56 = x + (uint32_t)32U;
+  uint8_t *b56 = x + 32U;
   uint32_t u55 = load32_le(b56);
   uint32_t xk55 = u55;
   uint32_t ti56 = _t[56U];
@@ -970,14 +962,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb56
     +
       ((va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56)
-      << (uint32_t)6U
-      | (va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56) >> (uint32_t)26U);
+      << 6U
+      | (va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56) >> 26U);
   abcd[0U] = v55;
   uint32_t va56 = abcd[3U];
   uint32_t vb57 = abcd[0U];
   uint32_t vc57 = abcd[1U];
   uint32_t vd57 = abcd[2U];
-  uint8_t *b57 = x + (uint32_t)60U;
+  uint8_t *b57 = x + 60U;
   uint32_t u56 = load32_le(b57);
   uint32_t xk56 = u56;
   uint32_t ti57 = _t[57U];
@@ -986,14 +978,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb57
     +
       ((va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57)
-      << (uint32_t)10U
-      | (va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57) >> (uint32_t)22U);
+      << 10U
+      | (va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57) >> 22U);
   abcd[3U] = v56;
   uint32_t va57 = abcd[2U];
   uint32_t vb58 = abcd[3U];
   uint32_t vc58 = abcd[0U];
   uint32_t vd58 = abcd[1U];
-  uint8_t *b58 = x + (uint32_t)24U;
+  uint8_t *b58 = x + 24U;
   uint32_t u57 = load32_le(b58);
   uint32_t xk57 = u57;
   uint32_t ti58 = _t[58U];
@@ -1002,14 +994,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb58
     +
       ((va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58)
-      << (uint32_t)15U
-      | (va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58) >> (uint32_t)17U);
+      << 15U
+      | (va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58) >> 17U);
   abcd[2U] = v57;
   uint32_t va58 = abcd[1U];
   uint32_t vb59 = abcd[2U];
   uint32_t vc59 = abcd[3U];
   uint32_t vd59 = abcd[0U];
-  uint8_t *b59 = x + (uint32_t)52U;
+  uint8_t *b59 = x + 52U;
   uint32_t u58 = load32_le(b59);
   uint32_t xk58 = u58;
   uint32_t ti59 = _t[59U];
@@ -1018,14 +1010,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb59
     +
       ((va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59)
-      << (uint32_t)21U
-      | (va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59) >> (uint32_t)11U);
+      << 21U
+      | (va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59) >> 11U);
   abcd[1U] = v58;
   uint32_t va59 = abcd[0U];
   uint32_t vb60 = abcd[1U];
   uint32_t vc60 = abcd[2U];
   uint32_t vd60 = abcd[3U];
-  uint8_t *b60 = x + (uint32_t)16U;
+  uint8_t *b60 = x + 16U;
   uint32_t u59 = load32_le(b60);
   uint32_t xk59 = u59;
   uint32_t ti60 = _t[60U];
@@ -1034,14 +1026,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb60
     +
       ((va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60)
-      << (uint32_t)6U
-      | (va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60) >> (uint32_t)26U);
+      << 6U
+      | (va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60) >> 26U);
   abcd[0U] = v59;
   uint32_t va60 = abcd[3U];
   uint32_t vb61 = abcd[0U];
   uint32_t vc61 = abcd[1U];
   uint32_t vd61 = abcd[2U];
-  uint8_t *b61 = x + (uint32_t)44U;
+  uint8_t *b61 = x + 44U;
   uint32_t u60 = load32_le(b61);
   uint32_t xk60 = u60;
   uint32_t ti61 = _t[61U];
@@ -1050,14 +1042,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb61
     +
       ((va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61)
-      << (uint32_t)10U
-      | (va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61) >> (uint32_t)22U);
+      << 10U
+      | (va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61) >> 22U);
   abcd[3U] = v60;
   uint32_t va61 = abcd[2U];
   uint32_t vb62 = abcd[3U];
   uint32_t vc62 = abcd[0U];
   uint32_t vd62 = abcd[1U];
-  uint8_t *b62 = x + (uint32_t)8U;
+  uint8_t *b62 = x + 8U;
   uint32_t u61 = load32_le(b62);
   uint32_t xk61 = u61;
   uint32_t ti62 = _t[62U];
@@ -1066,14 +1058,14 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb62
     +
       ((va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62)
-      << (uint32_t)15U
-      | (va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62) >> (uint32_t)17U);
+      << 15U
+      | (va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62) >> 17U);
   abcd[2U] = v61;
   uint32_t va62 = abcd[1U];
   uint32_t vb = abcd[2U];
   uint32_t vc = abcd[3U];
   uint32_t vd = abcd[0U];
-  uint8_t *b63 = x + (uint32_t)36U;
+  uint8_t *b63 = x + 36U;
   uint32_t u62 = load32_le(b63);
   uint32_t xk62 = u62;
   uint32_t ti = _t[63U];
@@ -1082,8 +1074,8 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
     vb
     +
       ((va62 + (vc ^ (vb | ~vd)) + xk62 + ti)
-      << (uint32_t)21U
-      | (va62 + (vc ^ (vb | ~vd)) + xk62 + ti) >> (uint32_t)11U);
+      << 21U
+      | (va62 + (vc ^ (vb | ~vd)) + xk62 + ti) >> 11U);
   abcd[1U] = v62;
   uint32_t a = abcd[0U];
   uint32_t b = abcd[1U];
@@ -1095,98 +1087,69 @@ static void legacy_update(uint32_t *abcd, uint8_t *x)
   abcd[3U] = d + dd;
 }
 
-static void legacy_pad(uint64_t len, uint8_t *dst)
+static void pad(uint64_t len, uint8_t *dst)
 {
   uint8_t *dst1 = dst;
-  dst1[0U] = (uint8_t)0x80U;
-  uint8_t *dst2 = dst + (uint32_t)1U;
-  for
-  (uint32_t
-    i = (uint32_t)0U;
-    i
-    < ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U))) % (uint32_t)64U;
-    i++)
+  dst1[0U] = 0x80U;
+  uint8_t *dst2 = dst + 1U;
+  for (uint32_t i = 0U; i < (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U; i++)
   {
-    dst2[i] = (uint8_t)0U;
+    dst2[i] = 0U;
   }
-  uint8_t
-  *dst3 =
-    dst
-    +
-      (uint32_t)1U
-      +
-        ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U)))
-        % (uint32_t)64U;
-  store64_le(dst3, len << (uint32_t)3U);
+  uint8_t *dst3 = dst + 1U + (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U;
+  store64_le(dst3, len << 3U);
 }
 
-void Hacl_Hash_Core_MD5_legacy_finish(uint32_t *s, uint8_t *dst)
+void Hacl_Hash_MD5_finish(uint32_t *s, uint8_t *dst)
 {
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store32_le(dst + i * (uint32_t)4U, s[i]););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store32_le(dst + i * 4U, s[i]););
 }
 
-void Hacl_Hash_MD5_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
+void Hacl_Hash_MD5_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
 {
-  for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
+  for (uint32_t i = 0U; i < n_blocks; i++)
   {
-    uint32_t sz = (uint32_t)64U;
+    uint32_t sz = 64U;
     uint8_t *block = blocks + sz * i;
-    legacy_update(s, block);
+    update(s, block);
   }
 }
 
 void
-Hacl_Hash_MD5_legacy_update_last(
-  uint32_t *s,
-  uint64_t prev_len,
-  uint8_t *input,
-  uint32_t input_len
-)
+Hacl_Hash_MD5_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len)
 {
-  uint32_t blocks_n = input_len / (uint32_t)64U;
-  uint32_t blocks_len = blocks_n * (uint32_t)64U;
+  uint32_t blocks_n = input_len / 64U;
+  uint32_t blocks_len = blocks_n * 64U;
   uint8_t *blocks = input;
   uint32_t rest_len = input_len - blocks_len;
   uint8_t *rest = input + blocks_len;
-  Hacl_Hash_MD5_legacy_update_multi(s, blocks, blocks_n);
+  Hacl_Hash_MD5_update_multi(s, blocks, blocks_n);
   uint64_t total_input_len = prev_len + (uint64_t)input_len;
-  uint32_t
-  pad_len =
-    (uint32_t)1U
-    +
-      ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(total_input_len % (uint64_t)(uint32_t)64U)))
-      % (uint32_t)64U
-    + (uint32_t)8U;
+  uint32_t pad_len = 1U + (128U - (9U + (uint32_t)(total_input_len % (uint64_t)64U))) % 64U + 8U;
   uint32_t tmp_len = rest_len + pad_len;
   uint8_t tmp_twoblocks[128U] = { 0U };
   uint8_t *tmp = tmp_twoblocks;
   uint8_t *tmp_rest = tmp;
   uint8_t *tmp_pad = tmp + rest_len;
   memcpy(tmp_rest, rest, rest_len * sizeof (uint8_t));
-  legacy_pad(total_input_len, tmp_pad);
-  Hacl_Hash_MD5_legacy_update_multi(s, tmp, tmp_len / (uint32_t)64U);
+  pad(total_input_len, tmp_pad);
+  Hacl_Hash_MD5_update_multi(s, tmp, tmp_len / 64U);
 }
 
-void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_MD5_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  uint32_t
-  s[4U] =
-    { (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U };
-  uint32_t blocks_n0 = input_len / (uint32_t)64U;
+  uint32_t s[4U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U };
+  uint32_t blocks_n0 = input_len / 64U;
   uint32_t blocks_n1;
-  if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
+  if (input_len % 64U == 0U && blocks_n0 > 0U)
   {
-    blocks_n1 = blocks_n0 - (uint32_t)1U;
+    blocks_n1 = blocks_n0 - 1U;
   }
   else
   {
     blocks_n1 = blocks_n0;
   }
-  uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
+  uint32_t blocks_len0 = blocks_n1 * 64U;
   uint8_t *blocks0 = input;
   uint32_t rest_len0 = input_len - blocks_len0;
   uint8_t *rest0 = input + blocks_len0;
@@ -1195,75 +1158,75 @@ void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
   uint8_t *blocks = blocks0;
   uint32_t rest_len = rest_len0;
   uint8_t *rest = rest0;
-  Hacl_Hash_MD5_legacy_update_multi(s, blocks, blocks_n);
-  Hacl_Hash_MD5_legacy_update_last(s, (uint64_t)blocks_len, rest, rest_len);
-  Hacl_Hash_Core_MD5_legacy_finish(s, dst);
+  Hacl_Hash_MD5_update_multi(s, blocks, blocks_n);
+  Hacl_Hash_MD5_update_last(s, (uint64_t)blocks_len, rest, rest_len);
+  Hacl_Hash_MD5_finish(s, output);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_create_in(void)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_malloc(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(4U, sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_32
   *p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
   p[0U] = s;
-  Hacl_Hash_Core_MD5_legacy_init(block_state);
+  Hacl_Hash_MD5_init(block_state);
   return p;
 }
 
-void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_MD5_reset(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  Hacl_Hash_Core_MD5_legacy_init(block_state);
+  Hacl_Hash_MD5_init(block_state);
   Hacl_Streaming_MD_state_32
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
+Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_MD_state_32 s = *p;
+  Hacl_Streaming_MD_state_32 s = *state;
   uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
+  if ((uint64_t)chunk_len > 2305843009213693951ULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    sz = (uint32_t)64U;
+    sz = 64U;
   }
   else
   {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    sz = (uint32_t)(total_len % (uint64_t)64U);
   }
-  if (len <= (uint32_t)64U - sz)
+  if (chunk_len <= 64U - sz)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -1273,74 +1236,74 @@ Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, u
         }
       );
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_Hash_MD5_legacy_update_multi(block_state1, buf, (uint32_t)1U);
+      Hacl_Hash_MD5_update_multi(block_state1, buf, 1U);
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Hash_MD5_legacy_update_multi(block_state1, data1, data1_len / (uint32_t)64U);
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Hacl_Hash_MD5_update_multi(block_state1, data1, data1_len / 64U);
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
     {
-      sz10 = (uint32_t)64U;
+      sz10 = 64U;
     }
     else
     {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -1349,114 +1312,109 @@ Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, u
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_MD_state_32 s10 = *p;
+    Hacl_Streaming_MD_state_32 s10 = *state;
     uint32_t *block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_Hash_MD5_legacy_update_multi(block_state1, buf, (uint32_t)1U);
+      Hacl_Hash_MD5_update_multi(block_state1, buf, 1U);
     }
     uint32_t ite;
     if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Hash_MD5_legacy_update_multi(block_state1, data11, data1_len / (uint32_t)64U);
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Hacl_Hash_MD5_update_multi(block_state1, data1, data1_len / 64U);
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
   return Hacl_Streaming_Types_Success;
 }
 
-void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
+void Hacl_Hash_MD5_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_32 scrut = *p;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)64U;
+    r = 64U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    r = (uint32_t)(total_len % (uint64_t)64U);
   }
   uint8_t *buf_1 = buf_;
   uint32_t tmp_block_state[4U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)4U * sizeof (uint32_t));
+  memcpy(tmp_block_state, block_state, 4U * sizeof (uint32_t));
   uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 64U == 0U && r > 0U)
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   else
   {
-    ite = r % (uint32_t)64U;
+    ite = r % 64U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_Hash_MD5_legacy_update_multi(tmp_block_state, buf_multi, (uint32_t)0U);
+  Hacl_Hash_MD5_update_multi(tmp_block_state, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_Hash_MD5_legacy_update_last(tmp_block_state, prev_len_last, buf_last, r);
-  Hacl_Hash_Core_MD5_legacy_finish(tmp_block_state, dst);
+  Hacl_Hash_MD5_update_last(tmp_block_state, prev_len_last, buf_last, r);
+  Hacl_Hash_MD5_finish(tmp_block_state, output);
 }
 
-void Hacl_Streaming_MD5_legacy_free(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_MD5_free(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
   KRML_HOST_FREE(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_state_32 *s0)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_copy(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s0;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state0 = scrut.block_state;
   uint8_t *buf0 = scrut.buf;
   uint64_t total_len0 = scrut.total_len;
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  memcpy(buf, buf0, (uint32_t)64U * sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)4U, sizeof (uint32_t));
-  memcpy(block_state, block_state0, (uint32_t)4U * sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  memcpy(buf, buf0, 64U * sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(4U, sizeof (uint32_t));
+  memcpy(block_state, block_state0, 4U * sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
   s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
   Hacl_Streaming_MD_state_32
@@ -1465,8 +1423,8 @@ Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_sta
   return p;
 }
 
-void Hacl_Streaming_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_MD5_hash(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Hash_MD5_legacy_hash(input, input_len, dst);
+  Hacl_Hash_MD5_hash_oneshot(output, input, input_len);
 }
 
diff --git a/src/msvc/Hacl_Hash_SHA1.c b/src/msvc/Hacl_Hash_SHA1.c
index 5ecb3c0b..1a8b09b1 100644
--- a/src/msvc/Hacl_Hash_SHA1.c
+++ b/src/msvc/Hacl_Hash_SHA1.c
@@ -25,19 +25,14 @@
 
 #include "internal/Hacl_Hash_SHA1.h"
 
-static uint32_t
-_h0[5U] =
-  {
-    (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
-    (uint32_t)0xc3d2e1f0U
-  };
+static uint32_t _h0[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
 
-void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s)
+void Hacl_Hash_SHA1_init(uint32_t *s)
 {
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, s[i] = _h0[i];);
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i] = _h0[i];);
 }
 
-static void legacy_update(uint32_t *h, uint8_t *l)
+static void update(uint32_t *h, uint8_t *l)
 {
   uint32_t ha = h[0U];
   uint32_t hb = h[1U];
@@ -45,29 +40,26 @@ static void legacy_update(uint32_t *h, uint8_t *l)
   uint32_t hd = h[3U];
   uint32_t he = h[4U];
   uint32_t _w[80U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
+  for (uint32_t i = 0U; i < 80U; i++)
   {
     uint32_t v;
-    if (i < (uint32_t)16U)
+    if (i < 16U)
     {
-      uint8_t *b = l + i * (uint32_t)4U;
+      uint8_t *b = l + i * 4U;
       uint32_t u = load32_be(b);
       v = u;
     }
     else
     {
-      uint32_t wmit3 = _w[i - (uint32_t)3U];
-      uint32_t wmit8 = _w[i - (uint32_t)8U];
-      uint32_t wmit14 = _w[i - (uint32_t)14U];
-      uint32_t wmit16 = _w[i - (uint32_t)16U];
-      v =
-        (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16)))
-        << (uint32_t)1U
-        | (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) >> (uint32_t)31U;
+      uint32_t wmit3 = _w[i - 3U];
+      uint32_t wmit8 = _w[i - 8U];
+      uint32_t wmit14 = _w[i - 14U];
+      uint32_t wmit16 = _w[i - 16U];
+      v = (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) << 1U | (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) >> 31U;
     }
     _w[i] = v;
   }
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
+  for (uint32_t i = 0U; i < 80U; i++)
   {
     uint32_t _a = h[0U];
     uint32_t _b = h[1U];
@@ -76,11 +68,11 @@ static void legacy_update(uint32_t *h, uint8_t *l)
     uint32_t _e = h[4U];
     uint32_t wmit = _w[i];
     uint32_t ite0;
-    if (i < (uint32_t)20U)
+    if (i < 20U)
     {
       ite0 = (_b & _c) ^ (~_b & _d);
     }
-    else if ((uint32_t)39U < i && i < (uint32_t)60U)
+    else if (39U < i && i < 60U)
     {
       ite0 = (_b & _c) ^ ((_b & _d) ^ (_c & _d));
     }
@@ -89,32 +81,32 @@ static void legacy_update(uint32_t *h, uint8_t *l)
       ite0 = _b ^ (_c ^ _d);
     }
     uint32_t ite;
-    if (i < (uint32_t)20U)
+    if (i < 20U)
     {
-      ite = (uint32_t)0x5a827999U;
+      ite = 0x5a827999U;
     }
-    else if (i < (uint32_t)40U)
+    else if (i < 40U)
     {
-      ite = (uint32_t)0x6ed9eba1U;
+      ite = 0x6ed9eba1U;
     }
-    else if (i < (uint32_t)60U)
+    else if (i < 60U)
     {
-      ite = (uint32_t)0x8f1bbcdcU;
+      ite = 0x8f1bbcdcU;
     }
     else
     {
-      ite = (uint32_t)0xca62c1d6U;
+      ite = 0xca62c1d6U;
     }
-    uint32_t _T = (_a << (uint32_t)5U | _a >> (uint32_t)27U) + ite0 + _e + ite + wmit;
+    uint32_t _T = (_a << 5U | _a >> 27U) + ite0 + _e + ite + wmit;
     h[0U] = _T;
     h[1U] = _a;
-    h[2U] = _b << (uint32_t)30U | _b >> (uint32_t)2U;
+    h[2U] = _b << 30U | _b >> 2U;
     h[3U] = _c;
     h[4U] = _d;
   }
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
+  for (uint32_t i = 0U; i < 80U; i++)
   {
-    _w[i] = (uint32_t)0U;
+    _w[i] = 0U;
   }
   uint32_t sta = h[0U];
   uint32_t stb = h[1U];
@@ -128,101 +120,69 @@ static void legacy_update(uint32_t *h, uint8_t *l)
   h[4U] = ste + he;
 }
 
-static void legacy_pad(uint64_t len, uint8_t *dst)
+static void pad(uint64_t len, uint8_t *dst)
 {
   uint8_t *dst1 = dst;
-  dst1[0U] = (uint8_t)0x80U;
-  uint8_t *dst2 = dst + (uint32_t)1U;
-  for
-  (uint32_t
-    i = (uint32_t)0U;
-    i
-    < ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U))) % (uint32_t)64U;
-    i++)
+  dst1[0U] = 0x80U;
+  uint8_t *dst2 = dst + 1U;
+  for (uint32_t i = 0U; i < (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U; i++)
   {
-    dst2[i] = (uint8_t)0U;
+    dst2[i] = 0U;
   }
-  uint8_t
-  *dst3 =
-    dst
-    +
-      (uint32_t)1U
-      +
-        ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U)))
-        % (uint32_t)64U;
-  store64_be(dst3, len << (uint32_t)3U);
+  uint8_t *dst3 = dst + 1U + (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U;
+  store64_be(dst3, len << 3U);
 }
 
-void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst)
+void Hacl_Hash_SHA1_finish(uint32_t *s, uint8_t *dst)
 {
-  KRML_MAYBE_FOR5(i,
-    (uint32_t)0U,
-    (uint32_t)5U,
-    (uint32_t)1U,
-    store32_be(dst + i * (uint32_t)4U, s[i]););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, store32_be(dst + i * 4U, s[i]););
 }
 
-void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
+void Hacl_Hash_SHA1_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
 {
-  for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
+  for (uint32_t i = 0U; i < n_blocks; i++)
   {
-    uint32_t sz = (uint32_t)64U;
+    uint32_t sz = 64U;
     uint8_t *block = blocks + sz * i;
-    legacy_update(s, block);
+    update(s, block);
   }
 }
 
 void
-Hacl_Hash_SHA1_legacy_update_last(
-  uint32_t *s,
-  uint64_t prev_len,
-  uint8_t *input,
-  uint32_t input_len
-)
+Hacl_Hash_SHA1_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len)
 {
-  uint32_t blocks_n = input_len / (uint32_t)64U;
-  uint32_t blocks_len = blocks_n * (uint32_t)64U;
+  uint32_t blocks_n = input_len / 64U;
+  uint32_t blocks_len = blocks_n * 64U;
   uint8_t *blocks = input;
   uint32_t rest_len = input_len - blocks_len;
   uint8_t *rest = input + blocks_len;
-  Hacl_Hash_SHA1_legacy_update_multi(s, blocks, blocks_n);
+  Hacl_Hash_SHA1_update_multi(s, blocks, blocks_n);
   uint64_t total_input_len = prev_len + (uint64_t)input_len;
-  uint32_t
-  pad_len =
-    (uint32_t)1U
-    +
-      ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(total_input_len % (uint64_t)(uint32_t)64U)))
-      % (uint32_t)64U
-    + (uint32_t)8U;
+  uint32_t pad_len = 1U + (128U - (9U + (uint32_t)(total_input_len % (uint64_t)64U))) % 64U + 8U;
   uint32_t tmp_len = rest_len + pad_len;
   uint8_t tmp_twoblocks[128U] = { 0U };
   uint8_t *tmp = tmp_twoblocks;
   uint8_t *tmp_rest = tmp;
   uint8_t *tmp_pad = tmp + rest_len;
   memcpy(tmp_rest, rest, rest_len * sizeof (uint8_t));
-  legacy_pad(total_input_len, tmp_pad);
-  Hacl_Hash_SHA1_legacy_update_multi(s, tmp, tmp_len / (uint32_t)64U);
+  pad(total_input_len, tmp_pad);
+  Hacl_Hash_SHA1_update_multi(s, tmp, tmp_len / 64U);
 }
 
-void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA1_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  uint32_t
-  s[5U] =
-    {
-      (uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
-      (uint32_t)0xc3d2e1f0U
-    };
-  uint32_t blocks_n0 = input_len / (uint32_t)64U;
+  uint32_t s[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
+  uint32_t blocks_n0 = input_len / 64U;
   uint32_t blocks_n1;
-  if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
+  if (input_len % 64U == 0U && blocks_n0 > 0U)
   {
-    blocks_n1 = blocks_n0 - (uint32_t)1U;
+    blocks_n1 = blocks_n0 - 1U;
   }
   else
   {
     blocks_n1 = blocks_n0;
   }
-  uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
+  uint32_t blocks_len0 = blocks_n1 * 64U;
   uint8_t *blocks0 = input;
   uint32_t rest_len0 = input_len - blocks_len0;
   uint8_t *rest0 = input + blocks_len0;
@@ -231,75 +191,75 @@ void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst
   uint8_t *blocks = blocks0;
   uint32_t rest_len = rest_len0;
   uint8_t *rest = rest0;
-  Hacl_Hash_SHA1_legacy_update_multi(s, blocks, blocks_n);
-  Hacl_Hash_SHA1_legacy_update_last(s, (uint64_t)blocks_len, rest, rest_len);
-  Hacl_Hash_Core_SHA1_legacy_finish(s, dst);
+  Hacl_Hash_SHA1_update_multi(s, blocks, blocks_n);
+  Hacl_Hash_SHA1_update_last(s, (uint64_t)blocks_len, rest, rest_len);
+  Hacl_Hash_SHA1_finish(s, output);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_malloc(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(5U, sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_32
   *p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
   p[0U] = s;
-  Hacl_Hash_Core_SHA1_legacy_init(block_state);
+  Hacl_Hash_SHA1_init(block_state);
   return p;
 }
 
-void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA1_reset(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  Hacl_Hash_Core_SHA1_legacy_init(block_state);
+  Hacl_Hash_SHA1_init(block_state);
   Hacl_Streaming_MD_state_32
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 /**
 0 = success, 1 = max length exceeded
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
+Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_MD_state_32 s = *p;
+  Hacl_Streaming_MD_state_32 s = *state;
   uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
+  if ((uint64_t)chunk_len > 2305843009213693951ULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    sz = (uint32_t)64U;
+    sz = 64U;
   }
   else
   {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    sz = (uint32_t)(total_len % (uint64_t)64U);
   }
-  if (len <= (uint32_t)64U - sz)
+  if (chunk_len <= 64U - sz)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -309,74 +269,74 @@ Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data,
         }
       );
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_Hash_SHA1_legacy_update_multi(block_state1, buf, (uint32_t)1U);
+      Hacl_Hash_SHA1_update_multi(block_state1, buf, 1U);
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Hash_SHA1_legacy_update_multi(block_state1, data1, data1_len / (uint32_t)64U);
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U);
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
     {
-      sz10 = (uint32_t)64U;
+      sz10 = 64U;
     }
     else
     {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -385,114 +345,109 @@ Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data,
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_MD_state_32 s10 = *p;
+    Hacl_Streaming_MD_state_32 s10 = *state;
     uint32_t *block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_Hash_SHA1_legacy_update_multi(block_state1, buf, (uint32_t)1U);
+      Hacl_Hash_SHA1_update_multi(block_state1, buf, 1U);
     }
     uint32_t ite;
     if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Hash_SHA1_legacy_update_multi(block_state1, data11, data1_len / (uint32_t)64U);
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U);
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
   return Hacl_Streaming_Types_Success;
 }
 
-void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
+void Hacl_Hash_SHA1_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_32 scrut = *p;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)64U;
+    r = 64U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    r = (uint32_t)(total_len % (uint64_t)64U);
   }
   uint8_t *buf_1 = buf_;
   uint32_t tmp_block_state[5U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)5U * sizeof (uint32_t));
+  memcpy(tmp_block_state, block_state, 5U * sizeof (uint32_t));
   uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 64U == 0U && r > 0U)
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   else
   {
-    ite = r % (uint32_t)64U;
+    ite = r % 64U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_Hash_SHA1_legacy_update_multi(tmp_block_state, buf_multi, (uint32_t)0U);
+  Hacl_Hash_SHA1_update_multi(tmp_block_state, buf_multi, 0U);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_Hash_SHA1_legacy_update_last(tmp_block_state, prev_len_last, buf_last, r);
-  Hacl_Hash_Core_SHA1_legacy_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA1_update_last(tmp_block_state, prev_len_last, buf_last, r);
+  Hacl_Hash_SHA1_finish(tmp_block_state, output);
 }
 
-void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA1_free(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
   KRML_HOST_FREE(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_copy(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s0;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state0 = scrut.block_state;
   uint8_t *buf0 = scrut.buf;
   uint64_t total_len0 = scrut.total_len;
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  memcpy(buf, buf0, (uint32_t)64U * sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
-  memcpy(block_state, block_state0, (uint32_t)5U * sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  memcpy(buf, buf0, 64U * sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(5U, sizeof (uint32_t));
+  memcpy(block_state, block_state0, 5U * sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
   s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
   Hacl_Streaming_MD_state_32
@@ -501,8 +456,8 @@ Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_st
   return p;
 }
 
-void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA1_hash(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Hash_SHA1_legacy_hash(input, input_len, dst);
+  Hacl_Hash_SHA1_hash_oneshot(output, input, input_len);
 }
 
diff --git a/src/msvc/Hacl_Hash_SHA2.c b/src/msvc/Hacl_Hash_SHA2.c
index c93c3616..995fe707 100644
--- a/src/msvc/Hacl_Hash_SHA2.c
+++ b/src/msvc/Hacl_Hash_SHA2.c
@@ -27,14 +27,14 @@
 
 #include "internal/Hacl_Krmllib.h"
 
-void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash)
+void Hacl_Hash_SHA2_sha256_init(uint32_t *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = hash;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t x = Hacl_Hash_SHA2_h256[i];
     os[i] = x;);
 }
 
@@ -42,49 +42,49 @@ static inline void sha256_update(uint8_t *b, uint32_t *hash)
 {
   uint32_t hash_old[8U] = { 0U };
   uint32_t ws[16U] = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(hash_old, hash, 8U * sizeof (uint32_t));
   uint8_t *b10 = b;
   uint32_t u = load32_be(b10);
   ws[0U] = u;
-  uint32_t u0 = load32_be(b10 + (uint32_t)4U);
+  uint32_t u0 = load32_be(b10 + 4U);
   ws[1U] = u0;
-  uint32_t u1 = load32_be(b10 + (uint32_t)8U);
+  uint32_t u1 = load32_be(b10 + 8U);
   ws[2U] = u1;
-  uint32_t u2 = load32_be(b10 + (uint32_t)12U);
+  uint32_t u2 = load32_be(b10 + 12U);
   ws[3U] = u2;
-  uint32_t u3 = load32_be(b10 + (uint32_t)16U);
+  uint32_t u3 = load32_be(b10 + 16U);
   ws[4U] = u3;
-  uint32_t u4 = load32_be(b10 + (uint32_t)20U);
+  uint32_t u4 = load32_be(b10 + 20U);
   ws[5U] = u4;
-  uint32_t u5 = load32_be(b10 + (uint32_t)24U);
+  uint32_t u5 = load32_be(b10 + 24U);
   ws[6U] = u5;
-  uint32_t u6 = load32_be(b10 + (uint32_t)28U);
+  uint32_t u6 = load32_be(b10 + 28U);
   ws[7U] = u6;
-  uint32_t u7 = load32_be(b10 + (uint32_t)32U);
+  uint32_t u7 = load32_be(b10 + 32U);
   ws[8U] = u7;
-  uint32_t u8 = load32_be(b10 + (uint32_t)36U);
+  uint32_t u8 = load32_be(b10 + 36U);
   ws[9U] = u8;
-  uint32_t u9 = load32_be(b10 + (uint32_t)40U);
+  uint32_t u9 = load32_be(b10 + 40U);
   ws[10U] = u9;
-  uint32_t u10 = load32_be(b10 + (uint32_t)44U);
+  uint32_t u10 = load32_be(b10 + 44U);
   ws[11U] = u10;
-  uint32_t u11 = load32_be(b10 + (uint32_t)48U);
+  uint32_t u11 = load32_be(b10 + 48U);
   ws[12U] = u11;
-  uint32_t u12 = load32_be(b10 + (uint32_t)52U);
+  uint32_t u12 = load32_be(b10 + 52U);
   ws[13U] = u12;
-  uint32_t u13 = load32_be(b10 + (uint32_t)56U);
+  uint32_t u13 = load32_be(b10 + 56U);
   ws[14U] = u13;
-  uint32_t u14 = load32_be(b10 + (uint32_t)60U);
+  uint32_t u14 = load32_be(b10 + 60U);
   ws[15U] = u14;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       uint32_t ws_t = ws[i];
       uint32_t a0 = hash[0U];
       uint32_t b0 = hash[1U];
@@ -98,20 +98,13 @@ static inline void sha256_update(uint8_t *b, uint32_t *hash)
       uint32_t
       t1 =
         h02
-        +
-          ((e0 << (uint32_t)26U | e0 >> (uint32_t)6U)
-          ^
-            ((e0 << (uint32_t)21U | e0 >> (uint32_t)11U)
-            ^ (e0 << (uint32_t)7U | e0 >> (uint32_t)25U)))
+        + ((e0 << 26U | e0 >> 6U) ^ ((e0 << 21U | e0 >> 11U) ^ (e0 << 7U | e0 >> 25U)))
         + ((e0 & f0) ^ (~e0 & g0))
         + k_e_t
         + ws_t;
       uint32_t
       t2 =
-        ((a0 << (uint32_t)30U | a0 >> (uint32_t)2U)
-        ^
-          ((a0 << (uint32_t)19U | a0 >> (uint32_t)13U)
-          ^ (a0 << (uint32_t)10U | a0 >> (uint32_t)22U)))
+        ((a0 << 30U | a0 >> 2U) ^ ((a0 << 19U | a0 >> 13U) ^ (a0 << 10U | a0 >> 22U)))
         + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0)));
       uint32_t a1 = t1 + t2;
       uint32_t b1 = a0;
@@ -129,74 +122,63 @@ static inline void sha256_update(uint8_t *b, uint32_t *hash)
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         uint32_t t16 = ws[i];
-        uint32_t t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        uint32_t t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        uint32_t t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
-        uint32_t
-        s1 =
-          (t2 << (uint32_t)15U | t2 >> (uint32_t)17U)
-          ^ ((t2 << (uint32_t)13U | t2 >> (uint32_t)19U) ^ t2 >> (uint32_t)10U);
-        uint32_t
-        s0 =
-          (t15 << (uint32_t)25U | t15 >> (uint32_t)7U)
-          ^ ((t15 << (uint32_t)14U | t15 >> (uint32_t)18U) ^ t15 >> (uint32_t)3U);
+        uint32_t t15 = ws[(i + 1U) % 16U];
+        uint32_t t7 = ws[(i + 9U) % 16U];
+        uint32_t t2 = ws[(i + 14U) % 16U];
+        uint32_t s1 = (t2 << 15U | t2 >> 17U) ^ ((t2 << 13U | t2 >> 19U) ^ t2 >> 10U);
+        uint32_t s0 = (t15 << 25U | t15 >> 7U) ^ ((t15 << 14U | t15 >> 18U) ^ t15 >> 3U);
         ws[i] = s1 + t7 + s0 + t16;);
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = hash;
     uint32_t x = hash[i] + hash_old[i];
     os[i] = x;);
 }
 
-void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st)
+void Hacl_Hash_SHA2_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st)
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b0 = b;
-    uint8_t *mb = b0 + i * (uint32_t)64U;
+    uint8_t *mb = b0 + i * 64U;
     sha256_update(mb, st);
   }
 }
 
 void
-Hacl_SHA2_Scalar32_sha256_update_last(
-  uint64_t totlen,
-  uint32_t len,
-  uint8_t *b,
-  uint32_t *hash
-)
+Hacl_Hash_SHA2_sha256_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *hash)
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[128U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b0 = b;
   memcpy(last, b0, len * sizeof (uint8_t));
-  last[len] = (uint8_t)0x80U;
-  memcpy(last + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last[len] = 0x80U;
+  memcpy(last + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)64U;
+  uint8_t *last10 = last + 64U;
   uint8_t *l0 = last00;
   uint8_t *l1 = last10;
   uint8_t *lb0 = l0;
@@ -204,65 +186,56 @@ Hacl_SHA2_Scalar32_sha256_update_last(
   uint8_t *last0 = lb0;
   uint8_t *last1 = lb1;
   sha256_update(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha256_update(last1, hash);
     return;
   }
 }
 
-void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h)
+void Hacl_Hash_SHA2_sha256_finish(uint32_t *st, uint8_t *h)
 {
   uint8_t hbuf[32U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_be(hbuf + i * (uint32_t)4U, st[i]););
-  memcpy(h, hbuf, (uint32_t)32U * sizeof (uint8_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_be(hbuf + i * 4U, st[i]););
+  memcpy(h, hbuf, 32U * sizeof (uint8_t));
 }
 
-void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash)
+void Hacl_Hash_SHA2_sha224_init(uint32_t *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = hash;
-    uint32_t x = Hacl_Impl_SHA2_Generic_h224[i];
+    uint32_t x = Hacl_Hash_SHA2_h224[i];
     os[i] = x;);
 }
 
 static inline void sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st)
 {
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(len, b, st);
+  Hacl_Hash_SHA2_sha256_update_nblocks(len, b, st);
 }
 
-void
-Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st)
+void Hacl_Hash_SHA2_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st)
 {
-  Hacl_SHA2_Scalar32_sha256_update_last(totlen, len, b, st);
+  Hacl_Hash_SHA2_sha256_update_last(totlen, len, b, st);
 }
 
-void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h)
+void Hacl_Hash_SHA2_sha224_finish(uint32_t *st, uint8_t *h)
 {
   uint8_t hbuf[32U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_be(hbuf + i * (uint32_t)4U, st[i]););
-  memcpy(h, hbuf, (uint32_t)28U * sizeof (uint8_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_be(hbuf + i * 4U, st[i]););
+  memcpy(h, hbuf, 28U * sizeof (uint8_t));
 }
 
-void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash)
+void Hacl_Hash_SHA2_sha512_init(uint64_t *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = hash;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h512[i];
+    uint64_t x = Hacl_Hash_SHA2_h512[i];
     os[i] = x;);
 }
 
@@ -270,49 +243,49 @@ static inline void sha512_update(uint8_t *b, uint64_t *hash)
 {
   uint64_t hash_old[8U] = { 0U };
   uint64_t ws[16U] = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (uint64_t));
+  memcpy(hash_old, hash, 8U * sizeof (uint64_t));
   uint8_t *b10 = b;
   uint64_t u = load64_be(b10);
   ws[0U] = u;
-  uint64_t u0 = load64_be(b10 + (uint32_t)8U);
+  uint64_t u0 = load64_be(b10 + 8U);
   ws[1U] = u0;
-  uint64_t u1 = load64_be(b10 + (uint32_t)16U);
+  uint64_t u1 = load64_be(b10 + 16U);
   ws[2U] = u1;
-  uint64_t u2 = load64_be(b10 + (uint32_t)24U);
+  uint64_t u2 = load64_be(b10 + 24U);
   ws[3U] = u2;
-  uint64_t u3 = load64_be(b10 + (uint32_t)32U);
+  uint64_t u3 = load64_be(b10 + 32U);
   ws[4U] = u3;
-  uint64_t u4 = load64_be(b10 + (uint32_t)40U);
+  uint64_t u4 = load64_be(b10 + 40U);
   ws[5U] = u4;
-  uint64_t u5 = load64_be(b10 + (uint32_t)48U);
+  uint64_t u5 = load64_be(b10 + 48U);
   ws[6U] = u5;
-  uint64_t u6 = load64_be(b10 + (uint32_t)56U);
+  uint64_t u6 = load64_be(b10 + 56U);
   ws[7U] = u6;
-  uint64_t u7 = load64_be(b10 + (uint32_t)64U);
+  uint64_t u7 = load64_be(b10 + 64U);
   ws[8U] = u7;
-  uint64_t u8 = load64_be(b10 + (uint32_t)72U);
+  uint64_t u8 = load64_be(b10 + 72U);
   ws[9U] = u8;
-  uint64_t u9 = load64_be(b10 + (uint32_t)80U);
+  uint64_t u9 = load64_be(b10 + 80U);
   ws[10U] = u9;
-  uint64_t u10 = load64_be(b10 + (uint32_t)88U);
+  uint64_t u10 = load64_be(b10 + 88U);
   ws[11U] = u10;
-  uint64_t u11 = load64_be(b10 + (uint32_t)96U);
+  uint64_t u11 = load64_be(b10 + 96U);
   ws[12U] = u11;
-  uint64_t u12 = load64_be(b10 + (uint32_t)104U);
+  uint64_t u12 = load64_be(b10 + 104U);
   ws[13U] = u12;
-  uint64_t u13 = load64_be(b10 + (uint32_t)112U);
+  uint64_t u13 = load64_be(b10 + 112U);
   ws[14U] = u13;
-  uint64_t u14 = load64_be(b10 + (uint32_t)120U);
+  uint64_t u14 = load64_be(b10 + 120U);
   ws[15U] = u14;
   KRML_MAYBE_FOR5(i0,
-    (uint32_t)0U,
-    (uint32_t)5U,
-    (uint32_t)1U,
+    0U,
+    5U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t k_t = Hacl_Impl_SHA2_Generic_k384_512[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint64_t k_t = Hacl_Hash_SHA2_k384_512[16U * i0 + i];
       uint64_t ws_t = ws[i];
       uint64_t a0 = hash[0U];
       uint64_t b0 = hash[1U];
@@ -326,20 +299,13 @@ static inline void sha512_update(uint8_t *b, uint64_t *hash)
       uint64_t
       t1 =
         h02
-        +
-          ((e0 << (uint32_t)50U | e0 >> (uint32_t)14U)
-          ^
-            ((e0 << (uint32_t)46U | e0 >> (uint32_t)18U)
-            ^ (e0 << (uint32_t)23U | e0 >> (uint32_t)41U)))
+        + ((e0 << 50U | e0 >> 14U) ^ ((e0 << 46U | e0 >> 18U) ^ (e0 << 23U | e0 >> 41U)))
         + ((e0 & f0) ^ (~e0 & g0))
         + k_e_t
         + ws_t;
       uint64_t
       t2 =
-        ((a0 << (uint32_t)36U | a0 >> (uint32_t)28U)
-        ^
-          ((a0 << (uint32_t)30U | a0 >> (uint32_t)34U)
-          ^ (a0 << (uint32_t)25U | a0 >> (uint32_t)39U)))
+        ((a0 << 36U | a0 >> 28U) ^ ((a0 << 30U | a0 >> 34U) ^ (a0 << 25U | a0 >> 39U)))
         + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0)));
       uint64_t a1 = t1 + t2;
       uint64_t b1 = a0;
@@ -357,48 +323,42 @@ static inline void sha512_update(uint8_t *b, uint64_t *hash)
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)4U)
+    if (i0 < 4U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         uint64_t t16 = ws[i];
-        uint64_t t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        uint64_t t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        uint64_t t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
-        uint64_t
-        s1 =
-          (t2 << (uint32_t)45U | t2 >> (uint32_t)19U)
-          ^ ((t2 << (uint32_t)3U | t2 >> (uint32_t)61U) ^ t2 >> (uint32_t)6U);
-        uint64_t
-        s0 =
-          (t15 << (uint32_t)63U | t15 >> (uint32_t)1U)
-          ^ ((t15 << (uint32_t)56U | t15 >> (uint32_t)8U) ^ t15 >> (uint32_t)7U);
+        uint64_t t15 = ws[(i + 1U) % 16U];
+        uint64_t t7 = ws[(i + 9U) % 16U];
+        uint64_t t2 = ws[(i + 14U) % 16U];
+        uint64_t s1 = (t2 << 45U | t2 >> 19U) ^ ((t2 << 3U | t2 >> 61U) ^ t2 >> 6U);
+        uint64_t s0 = (t15 << 63U | t15 >> 1U) ^ ((t15 << 56U | t15 >> 8U) ^ t15 >> 7U);
         ws[i] = s1 + t7 + s0 + t16;);
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = hash;
     uint64_t x = hash[i] + hash_old[i];
     os[i] = x;);
 }
 
-void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st)
+void Hacl_Hash_SHA2_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st)
 {
-  uint32_t blocks = len / (uint32_t)128U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 128U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b0 = b;
-    uint8_t *mb = b0 + i * (uint32_t)128U;
+    uint8_t *mb = b0 + i * 128U;
     sha512_update(mb, st);
   }
 }
 
 void
-Hacl_SHA2_Scalar32_sha512_update_last(
+Hacl_Hash_SHA2_sha512_update_last(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
   uint8_t *b,
@@ -406,25 +366,25 @@ Hacl_SHA2_Scalar32_sha512_update_last(
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U)
+  if (len + 16U + 1U <= 128U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)128U;
+  uint32_t fin = blocks * 128U;
   uint8_t last[256U] = { 0U };
   uint8_t totlen_buf[16U] = { 0U };
-  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U);
+  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, 3U);
   store128_be(totlen_buf, total_len_bits);
   uint8_t *b0 = b;
   memcpy(last, b0, len * sizeof (uint8_t));
-  last[len] = (uint8_t)0x80U;
-  memcpy(last + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last[len] = 0x80U;
+  memcpy(last + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
+  uint8_t *last10 = last + 128U;
   uint8_t *l0 = last00;
   uint8_t *l1 = last10;
   uint8_t *lb0 = l0;
@@ -432,76 +392,68 @@ Hacl_SHA2_Scalar32_sha512_update_last(
   uint8_t *last0 = lb0;
   uint8_t *last1 = lb1;
   sha512_update(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha512_update(last1, hash);
     return;
   }
 }
 
-void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h)
+void Hacl_Hash_SHA2_sha512_finish(uint64_t *st, uint8_t *h)
 {
   uint8_t hbuf[64U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store64_be(hbuf + i * (uint32_t)8U, st[i]););
-  memcpy(h, hbuf, (uint32_t)64U * sizeof (uint8_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store64_be(hbuf + i * 8U, st[i]););
+  memcpy(h, hbuf, 64U * sizeof (uint8_t));
 }
 
-void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash)
+void Hacl_Hash_SHA2_sha384_init(uint64_t *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint64_t *os = hash;
-    uint64_t x = Hacl_Impl_SHA2_Generic_h384[i];
+    uint64_t x = Hacl_Hash_SHA2_h384[i];
     os[i] = x;);
 }
 
-void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st)
+void Hacl_Hash_SHA2_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st)
 {
-  Hacl_SHA2_Scalar32_sha512_update_nblocks(len, b, st);
+  Hacl_Hash_SHA2_sha512_update_nblocks(len, b, st);
 }
 
 void
-Hacl_SHA2_Scalar32_sha384_update_last(
+Hacl_Hash_SHA2_sha384_update_last(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
   uint8_t *b,
   uint64_t *st
 )
 {
-  Hacl_SHA2_Scalar32_sha512_update_last(totlen, len, b, st);
+  Hacl_Hash_SHA2_sha512_update_last(totlen, len, b, st);
 }
 
-void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h)
+void Hacl_Hash_SHA2_sha384_finish(uint64_t *st, uint8_t *h)
 {
   uint8_t hbuf[64U] = { 0U };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store64_be(hbuf + i * (uint32_t)8U, st[i]););
-  memcpy(h, hbuf, (uint32_t)48U * sizeof (uint8_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store64_be(hbuf + i * 8U, st[i]););
+  memcpy(h, hbuf, 48U * sizeof (uint8_t));
 }
 
 /**
 Allocate initial state for the SHA2_256 hash. The state is to be freed by
 calling `free_256`.
 */
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_256(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_32
   *p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
   p[0U] = s;
-  Hacl_SHA2_Scalar32_sha256_init(block_state);
+  Hacl_Hash_SHA2_sha256_init(block_state);
   return p;
 }
 
@@ -511,16 +463,16 @@ The state is to be freed by calling `free_256`. Cloning the state this way is
 useful, for instance, if your control-flow diverges and you need to feed
 more (different) data into the hash in each branch.
 */
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_copy_256(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s0;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state0 = scrut.block_state;
   uint8_t *buf0 = scrut.buf;
   uint64_t total_len0 = scrut.total_len;
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  memcpy(buf, buf0, (uint32_t)64U * sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
-  memcpy(block_state, block_state0, (uint32_t)8U * sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  memcpy(buf, buf0, 64U * sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
+  memcpy(block_state, block_state0, 8U * sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
   s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
   Hacl_Streaming_MD_state_32
@@ -532,54 +484,54 @@ Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state
 /**
 Reset an existing state to the initial hash state with empty data.
 */
-void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA2_reset_256(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  Hacl_SHA2_Scalar32_sha256_init(block_state);
+  Hacl_Hash_SHA2_sha256_init(block_state);
   Hacl_Streaming_MD_state_32
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 static inline Hacl_Streaming_Types_error_code
-update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
+update_224_256(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_MD_state_32 s = *p;
+  Hacl_Streaming_MD_state_32 s = *state;
   uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
+  if ((uint64_t)chunk_len > 2305843009213693951ULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    sz = (uint32_t)64U;
+    sz = 64U;
   }
   else
   {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    sz = (uint32_t)(total_len % (uint64_t)64U);
   }
-  if (len <= (uint32_t)64U - sz)
+  if (chunk_len <= 64U - sz)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -589,76 +541,74 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
         }
       );
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)64U, buf, block_state1);
+      Hacl_Hash_SHA2_sha256_update_nblocks(64U, buf, block_state1);
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_SHA2_Scalar32_sha256_update_nblocks(data1_len / (uint32_t)64U * (uint32_t)64U,
-      data1,
-      block_state1);
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Hacl_Hash_SHA2_sha256_update_nblocks(data1_len / 64U * 64U, data1, block_state1);
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_MD_state_32 s1 = *p;
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Streaming_MD_state_32 s1 = *state;
     uint32_t *block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
     {
-      sz10 = (uint32_t)64U;
+      sz10 = 64U;
     }
     else
     {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
@@ -667,55 +617,48 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_MD_state_32 s10 = *p;
+    Hacl_Streaming_MD_state_32 s10 = *state;
     uint32_t *block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)64U;
+      sz1 = 64U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)64U, buf, block_state1);
+      Hacl_Hash_SHA2_sha256_update_nblocks(64U, buf, block_state1);
     }
     uint32_t ite;
     if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
     {
-      ite = (uint32_t)64U;
+      ite = 64U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
     }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_SHA2_Scalar32_sha256_update_nblocks(data1_len / (uint32_t)64U * (uint32_t)64U,
-      data11,
-      block_state1);
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Hacl_Hash_SHA2_sha256_update_nblocks(data1_len / 64U * 64U, data1, block_state1);
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
         (Hacl_Streaming_MD_state_32){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
@@ -725,209 +668,203 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
 /**
 Feed an arbitrary amount of data into the hash. This function returns 0 for
 success, or 1 if the combined length of all of the data passed to `update_256`
-(since the last call to `init_256`) exceeds 2^61-1 bytes.
+(since the last call to `reset_256`) exceeds 2^61-1 bytes.
 
 This function is identical to the update function for SHA2_224.
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_256(
-  Hacl_Streaming_MD_state_32 *p,
+Hacl_Hash_SHA2_update_256(
+  Hacl_Streaming_MD_state_32 *state,
   uint8_t *input,
   uint32_t input_len
 )
 {
-  return update_224_256(p, input, input_len);
+  return update_224_256(state, input, input_len);
 }
 
 /**
-Write the resulting hash into `dst`, an array of 32 bytes. The state remains
-valid after a call to `finish_256`, meaning the user may feed more data into
-the hash via `update_256`. (The finish_256 function operates on an internal copy of
+Write the resulting hash into `output`, an array of 32 bytes. The state remains
+valid after a call to `digest_256`, meaning the user may feed more data into
+the hash via `update_256`. (The digest_256 function operates on an internal copy of
 the state and therefore does not invalidate the client-held state `p`.)
 */
-void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
+void Hacl_Hash_SHA2_digest_256(Hacl_Streaming_MD_state_32 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_32 scrut = *p;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)64U;
+    r = 64U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    r = (uint32_t)(total_len % (uint64_t)64U);
   }
   uint8_t *buf_1 = buf_;
   uint32_t tmp_block_state[8U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(tmp_block_state, block_state, 8U * sizeof (uint32_t));
   uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 64U == 0U && r > 0U)
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   else
   {
-    ite = r % (uint32_t)64U;
+    ite = r % 64U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state);
+  Hacl_Hash_SHA2_sha256_update_nblocks(0U, buf_multi, tmp_block_state);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_SHA2_Scalar32_sha256_update_last(prev_len_last + (uint64_t)r,
-    r,
-    buf_last,
-    tmp_block_state);
-  Hacl_SHA2_Scalar32_sha256_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA2_sha256_update_last(prev_len_last + (uint64_t)r, r, buf_last, tmp_block_state);
+  Hacl_Hash_SHA2_sha256_finish(tmp_block_state, output);
 }
 
 /**
-Free a state allocated with `create_in_256`.
+Free a state allocated with `malloc_256`.
 
 This function is identical to the free function for SHA2_224.
 */
-void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA2_free_256(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
   KRML_HOST_FREE(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 32 bytes.
 */
-void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA2_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint8_t *ib = input;
-  uint8_t *rb = dst;
+  uint8_t *rb = output;
   uint32_t st[8U] = { 0U };
-  Hacl_SHA2_Scalar32_sha256_init(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  Hacl_Hash_SHA2_sha256_init(st);
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
-  Hacl_SHA2_Scalar32_sha256_update_nblocks(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  Hacl_Hash_SHA2_sha256_update_nblocks(input_len, ib, st);
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b0 = ib;
   uint8_t *lb = b0 + input_len - rem1;
-  Hacl_SHA2_Scalar32_sha256_update_last(len_, rem, lb, st);
-  Hacl_SHA2_Scalar32_sha256_finish(st, rb);
+  Hacl_Hash_SHA2_sha256_update_last(len_, rem, lb, st);
+  Hacl_Hash_SHA2_sha256_finish(st, rb);
 }
 
-Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void)
+Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_224(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(8U, sizeof (uint32_t));
   Hacl_Streaming_MD_state_32
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_32
   *p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
   p[0U] = s;
-  Hacl_SHA2_Scalar32_sha224_init(block_state);
+  Hacl_Hash_SHA2_sha224_init(block_state);
   return p;
 }
 
-void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s)
+void Hacl_Hash_SHA2_reset_224(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_MD_state_32 scrut = *s;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint32_t *block_state = scrut.block_state;
-  Hacl_SHA2_Scalar32_sha224_init(block_state);
+  Hacl_Hash_SHA2_sha224_init(block_state);
   Hacl_Streaming_MD_state_32
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_224(
-  Hacl_Streaming_MD_state_32 *p,
+Hacl_Hash_SHA2_update_224(
+  Hacl_Streaming_MD_state_32 *state,
   uint8_t *input,
   uint32_t input_len
 )
 {
-  return update_224_256(p, input, input_len);
+  return update_224_256(state, input, input_len);
 }
 
 /**
-Write the resulting hash into `dst`, an array of 28 bytes. The state remains
-valid after a call to `finish_224`, meaning the user may feed more data into
+Write the resulting hash into `output`, an array of 28 bytes. The state remains
+valid after a call to `digest_224`, meaning the user may feed more data into
 the hash via `update_224`.
 */
-void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
+void Hacl_Hash_SHA2_digest_224(Hacl_Streaming_MD_state_32 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_32 scrut = *p;
+  Hacl_Streaming_MD_state_32 scrut = *state;
   uint32_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)64U;
+    r = 64U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
+    r = (uint32_t)(total_len % (uint64_t)64U);
   }
   uint8_t *buf_1 = buf_;
   uint32_t tmp_block_state[8U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof (uint32_t));
+  memcpy(tmp_block_state, block_state, 8U * sizeof (uint32_t));
   uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 64U == 0U && r > 0U)
   {
-    ite = (uint32_t)64U;
+    ite = 64U;
   }
   else
   {
-    ite = r % (uint32_t)64U;
+    ite = r % 64U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  sha224_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state);
+  sha224_update_nblocks(0U, buf_multi, tmp_block_state);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_SHA2_Scalar32_sha224_update_last(prev_len_last + (uint64_t)r,
-    r,
-    buf_last,
-    tmp_block_state);
-  Hacl_SHA2_Scalar32_sha224_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA2_sha224_update_last(prev_len_last + (uint64_t)r, r, buf_last, tmp_block_state);
+  Hacl_Hash_SHA2_sha224_finish(tmp_block_state, output);
 }
 
-void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p)
+void Hacl_Hash_SHA2_free_224(Hacl_Streaming_MD_state_32 *state)
 {
-  Hacl_Streaming_SHA2_free_256(p);
+  Hacl_Hash_SHA2_free_256(state);
 }
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 28 bytes.
 */
-void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA2_hash_224(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint8_t *ib = input;
-  uint8_t *rb = dst;
+  uint8_t *rb = output;
   uint32_t st[8U] = { 0U };
-  Hacl_SHA2_Scalar32_sha224_init(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  Hacl_Hash_SHA2_sha224_init(st);
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha224_update_nblocks(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b0 = ib;
   uint8_t *lb = b0 + input_len - rem1;
-  Hacl_SHA2_Scalar32_sha224_update_last(len_, rem, lb, st);
-  Hacl_SHA2_Scalar32_sha224_finish(st, rb);
+  Hacl_Hash_SHA2_sha224_update_last(len_, rem, lb, st);
+  Hacl_Hash_SHA2_sha224_finish(st, rb);
 }
 
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void)
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_512(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
   Hacl_Streaming_MD_state_64
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_64
   *p = (Hacl_Streaming_MD_state_64 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_64));
   p[0U] = s;
-  Hacl_SHA2_Scalar32_sha512_init(block_state);
+  Hacl_Hash_SHA2_sha512_init(block_state);
   return p;
 }
 
@@ -937,16 +874,16 @@ The state is to be freed by calling `free_512`. Cloning the state this way is
 useful, for instance, if your control-flow diverges and you need to feed
 more (different) data into the hash in each branch.
 */
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0)
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_copy_512(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_MD_state_64 scrut = *s0;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint64_t *block_state0 = scrut.block_state;
   uint8_t *buf0 = scrut.buf;
   uint64_t total_len0 = scrut.total_len;
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  memcpy(buf, buf0, (uint32_t)128U * sizeof (uint8_t));
-  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
-  memcpy(block_state, block_state0, (uint32_t)8U * sizeof (uint64_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  memcpy(buf, buf0, 128U * sizeof (uint8_t));
+  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
+  memcpy(block_state, block_state0, 8U * sizeof (uint64_t));
   Hacl_Streaming_MD_state_64
   s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
   Hacl_Streaming_MD_state_64
@@ -955,54 +892,54 @@ Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state
   return p;
 }
 
-void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s)
+void Hacl_Hash_SHA2_reset_512(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_MD_state_64 scrut = *s;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  Hacl_SHA2_Scalar32_sha512_init(block_state);
+  Hacl_Hash_SHA2_sha512_init(block_state);
   Hacl_Streaming_MD_state_64
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 static inline Hacl_Streaming_Types_error_code
-update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len)
+update_384_512(Hacl_Streaming_MD_state_64 *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_MD_state_64 s = *p;
+  Hacl_Streaming_MD_state_64 s = *state;
   uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)18446744073709551615U - total_len)
+  if ((uint64_t)chunk_len > 18446744073709551615ULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
   {
-    sz = (uint32_t)128U;
+    sz = 128U;
   }
   else
   {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
+    sz = (uint32_t)(total_len % (uint64_t)128U);
   }
-  if (len <= (uint32_t)128U - sz)
+  if (chunk_len <= 128U - sz)
   {
-    Hacl_Streaming_MD_state_64 s1 = *p;
+    Hacl_Streaming_MD_state_64 s1 = *state;
     uint64_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)128U;
+      sz1 = 128U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
       (
         (Hacl_Streaming_MD_state_64){
@@ -1012,76 +949,74 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len)
         }
       );
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_MD_state_64 s1 = *p;
+    Hacl_Streaming_MD_state_64 s1 = *state;
     uint64_t *block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)128U;
+      sz1 = 128U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, buf, block_state1);
+      Hacl_Hash_SHA2_sha512_update_nblocks(128U, buf, block_state1);
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)128U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)128U == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
-      ite = (uint32_t)128U;
+      ite = 128U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)128U);
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)128U);
     }
-    uint32_t n_blocks = (len - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(data1_len / (uint32_t)128U * (uint32_t)128U,
-      data1,
-      block_state1);
+    uint32_t n_blocks = (chunk_len - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    Hacl_Hash_SHA2_sha512_update_nblocks(data1_len / 128U * 128U, data1, block_state1);
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_64){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
-    uint32_t diff = (uint32_t)128U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_MD_state_64 s1 = *p;
+    uint32_t diff = 128U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Streaming_MD_state_64 s1 = *state;
     uint64_t *block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)128U == 0ULL && total_len10 > 0ULL)
     {
-      sz10 = (uint32_t)128U;
+      sz10 = 128U;
     }
     else
     {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)128U);
+      sz10 = (uint32_t)(total_len10 % (uint64_t)128U);
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
         (Hacl_Streaming_MD_state_64){
@@ -1090,55 +1025,48 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len)
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_MD_state_64 s10 = *p;
+    Hacl_Streaming_MD_state_64 s10 = *state;
     uint64_t *block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)128U == 0ULL && total_len1 > 0ULL)
     {
-      sz1 = (uint32_t)128U;
+      sz1 = 128U;
     }
     else
     {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
+      sz1 = (uint32_t)(total_len1 % (uint64_t)128U);
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
-      Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)128U, buf, block_state1);
+      Hacl_Hash_SHA2_sha512_update_nblocks(128U, buf, block_state1);
     }
     uint32_t ite;
     if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)128U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
+    ((uint64_t)(chunk_len - diff) % (uint64_t)128U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
     {
-      ite = (uint32_t)128U;
+      ite = 128U;
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)128U);
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)128U);
     }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_SHA2_Scalar32_sha512_update_nblocks(data1_len / (uint32_t)128U * (uint32_t)128U,
-      data11,
-      block_state1);
+    uint32_t n_blocks = (chunk_len - diff - ite) / 128U;
+    uint32_t data1_len = n_blocks * 128U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    Hacl_Hash_SHA2_sha512_update_nblocks(data1_len / 128U * 128U, data1, block_state1);
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
         (Hacl_Streaming_MD_state_64){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
@@ -1148,198 +1076,198 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len)
 /**
 Feed an arbitrary amount of data into the hash. This function returns 0 for
 success, or 1 if the combined length of all of the data passed to `update_512`
-(since the last call to `init_512`) exceeds 2^125-1 bytes.
+(since the last call to `reset_512`) exceeds 2^125-1 bytes.
 
 This function is identical to the update function for SHA2_384.
 */
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_512(
-  Hacl_Streaming_MD_state_64 *p,
+Hacl_Hash_SHA2_update_512(
+  Hacl_Streaming_MD_state_64 *state,
   uint8_t *input,
   uint32_t input_len
 )
 {
-  return update_384_512(p, input, input_len);
+  return update_384_512(state, input, input_len);
 }
 
 /**
-Write the resulting hash into `dst`, an array of 64 bytes. The state remains
-valid after a call to `finish_512`, meaning the user may feed more data into
-the hash via `update_512`. (The finish_512 function operates on an internal copy of
+Write the resulting hash into `output`, an array of 64 bytes. The state remains
+valid after a call to `digest_512`, meaning the user may feed more data into
+the hash via `update_512`. (The digest_512 function operates on an internal copy of
 the state and therefore does not invalidate the client-held state `p`.)
 */
-void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst)
+void Hacl_Hash_SHA2_digest_512(Hacl_Streaming_MD_state_64 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_64 scrut = *p;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint64_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)128U;
+    r = 128U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
+    r = (uint32_t)(total_len % (uint64_t)128U);
   }
   uint8_t *buf_1 = buf_;
   uint64_t tmp_block_state[8U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof (uint64_t));
+  memcpy(tmp_block_state, block_state, 8U * sizeof (uint64_t));
   uint32_t ite;
-  if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 128U == 0U && r > 0U)
   {
-    ite = (uint32_t)128U;
+    ite = 128U;
   }
   else
   {
-    ite = r % (uint32_t)128U;
+    ite = r % 128U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state);
+  Hacl_Hash_SHA2_sha512_update_nblocks(0U, buf_multi, tmp_block_state);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last),
+  Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last),
       FStar_UInt128_uint64_to_uint128((uint64_t)r)),
     r,
     buf_last,
     tmp_block_state);
-  Hacl_SHA2_Scalar32_sha512_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA2_sha512_finish(tmp_block_state, output);
 }
 
 /**
-Free a state allocated with `create_in_512`.
+Free a state allocated with `malloc_512`.
 
 This function is identical to the free function for SHA2_384.
 */
-void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s)
+void Hacl_Hash_SHA2_free_512(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_MD_state_64 scrut = *s;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
   KRML_HOST_FREE(block_state);
   KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
+  KRML_HOST_FREE(state);
 }
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 64 bytes.
 */
-void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA2_hash_512(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint8_t *ib = input;
-  uint8_t *rb = dst;
+  uint8_t *rb = output;
   uint64_t st[8U] = { 0U };
-  Hacl_SHA2_Scalar32_sha512_init(st);
-  uint32_t rem = input_len % (uint32_t)128U;
+  Hacl_Hash_SHA2_sha512_init(st);
+  uint32_t rem = input_len % 128U;
   FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len);
-  Hacl_SHA2_Scalar32_sha512_update_nblocks(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)128U;
+  Hacl_Hash_SHA2_sha512_update_nblocks(input_len, ib, st);
+  uint32_t rem1 = input_len % 128U;
   uint8_t *b0 = ib;
   uint8_t *lb = b0 + input_len - rem1;
-  Hacl_SHA2_Scalar32_sha512_update_last(len_, rem, lb, st);
-  Hacl_SHA2_Scalar32_sha512_finish(st, rb);
+  Hacl_Hash_SHA2_sha512_update_last(len_, rem, lb, st);
+  Hacl_Hash_SHA2_sha512_finish(st, rb);
 }
 
-Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void)
+Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_384(void)
 {
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(128U, sizeof (uint8_t));
+  uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC(8U, sizeof (uint64_t));
   Hacl_Streaming_MD_state_64
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
   Hacl_Streaming_MD_state_64
   *p = (Hacl_Streaming_MD_state_64 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_64));
   p[0U] = s;
-  Hacl_SHA2_Scalar32_sha384_init(block_state);
+  Hacl_Hash_SHA2_sha384_init(block_state);
   return p;
 }
 
-void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s)
+void Hacl_Hash_SHA2_reset_384(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_MD_state_64 scrut = *s;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint8_t *buf = scrut.buf;
   uint64_t *block_state = scrut.block_state;
-  Hacl_SHA2_Scalar32_sha384_init(block_state);
+  Hacl_Hash_SHA2_sha384_init(block_state);
   Hacl_Streaming_MD_state_64
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_SHA2_update_384(
-  Hacl_Streaming_MD_state_64 *p,
+Hacl_Hash_SHA2_update_384(
+  Hacl_Streaming_MD_state_64 *state,
   uint8_t *input,
   uint32_t input_len
 )
 {
-  return update_384_512(p, input, input_len);
+  return update_384_512(state, input, input_len);
 }
 
 /**
-Write the resulting hash into `dst`, an array of 48 bytes. The state remains
-valid after a call to `finish_384`, meaning the user may feed more data into
+Write the resulting hash into `output`, an array of 48 bytes. The state remains
+valid after a call to `digest_384`, meaning the user may feed more data into
 the hash via `update_384`.
 */
-void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst)
+void Hacl_Hash_SHA2_digest_384(Hacl_Streaming_MD_state_64 *state, uint8_t *output)
 {
-  Hacl_Streaming_MD_state_64 scrut = *p;
+  Hacl_Streaming_MD_state_64 scrut = *state;
   uint64_t *block_state = scrut.block_state;
   uint8_t *buf_ = scrut.buf;
   uint64_t total_len = scrut.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)128U == 0ULL && total_len > 0ULL)
   {
-    r = (uint32_t)128U;
+    r = 128U;
   }
   else
   {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
+    r = (uint32_t)(total_len % (uint64_t)128U);
   }
   uint8_t *buf_1 = buf_;
   uint64_t tmp_block_state[8U] = { 0U };
-  memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof (uint64_t));
+  memcpy(tmp_block_state, block_state, 8U * sizeof (uint64_t));
   uint32_t ite;
-  if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % 128U == 0U && r > 0U)
   {
-    ite = (uint32_t)128U;
+    ite = 128U;
   }
   else
   {
-    ite = r % (uint32_t)128U;
+    ite = r % 128U;
   }
   uint8_t *buf_last = buf_1 + r - ite;
   uint8_t *buf_multi = buf_1;
-  Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state);
+  Hacl_Hash_SHA2_sha384_update_nblocks(0U, buf_multi, tmp_block_state);
   uint64_t prev_len_last = total_len - (uint64_t)r;
-  Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last),
+  Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last),
       FStar_UInt128_uint64_to_uint128((uint64_t)r)),
     r,
     buf_last,
     tmp_block_state);
-  Hacl_SHA2_Scalar32_sha384_finish(tmp_block_state, dst);
+  Hacl_Hash_SHA2_sha384_finish(tmp_block_state, output);
 }
 
-void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p)
+void Hacl_Hash_SHA2_free_384(Hacl_Streaming_MD_state_64 *state)
 {
-  Hacl_Streaming_SHA2_free_512(p);
+  Hacl_Hash_SHA2_free_512(state);
 }
 
 /**
-Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes.
+Hash `input`, of len `input_len`, into `output`, an array of 48 bytes.
 */
-void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst)
+void Hacl_Hash_SHA2_hash_384(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
   uint8_t *ib = input;
-  uint8_t *rb = dst;
+  uint8_t *rb = output;
   uint64_t st[8U] = { 0U };
-  Hacl_SHA2_Scalar32_sha384_init(st);
-  uint32_t rem = input_len % (uint32_t)128U;
+  Hacl_Hash_SHA2_sha384_init(st);
+  uint32_t rem = input_len % 128U;
   FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len);
-  Hacl_SHA2_Scalar32_sha384_update_nblocks(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)128U;
+  Hacl_Hash_SHA2_sha384_update_nblocks(input_len, ib, st);
+  uint32_t rem1 = input_len % 128U;
   uint8_t *b0 = ib;
   uint8_t *lb = b0 + input_len - rem1;
-  Hacl_SHA2_Scalar32_sha384_update_last(len_, rem, lb, st);
-  Hacl_SHA2_Scalar32_sha384_finish(st, rb);
+  Hacl_Hash_SHA2_sha384_update_last(len_, rem, lb, st);
+  Hacl_Hash_SHA2_sha384_finish(st, rb);
 }
 
diff --git a/src/msvc/Hacl_Hash_SHA3.c b/src/msvc/Hacl_Hash_SHA3.c
index 19d13b1b..4f502866 100644
--- a/src/msvc/Hacl_Hash_SHA3.c
+++ b/src/msvc/Hacl_Hash_SHA3.c
@@ -31,27 +31,27 @@ static uint32_t block_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)144U;
+        return 144U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)104U;
+        return 104U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)72U;
+        return 72U;
       }
     case Spec_Hash_Definitions_Shake128:
       {
-        return (uint32_t)168U;
+        return 168U;
       }
     case Spec_Hash_Definitions_Shake256:
       {
-        return (uint32_t)136U;
+        return 136U;
       }
     default:
       {
@@ -67,19 +67,19 @@ static uint32_t hash_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     default:
       {
@@ -97,10 +97,10 @@ Hacl_Hash_SHA3_update_multi_sha3(
   uint32_t n_blocks
 )
 {
-  for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
+  for (uint32_t i = 0U; i < n_blocks; i++)
   {
     uint8_t *block = blocks + i * block_len(a);
-    Hacl_Impl_SHA3_absorb_inner(block_len(a), block, s);
+    Hacl_Hash_SHA3_absorb_inner(block_len(a), block, s);
   }
 }
 
@@ -115,139 +115,139 @@ Hacl_Hash_SHA3_update_last_sha3(
   uint8_t suffix;
   if (a == Spec_Hash_Definitions_Shake128 || a == Spec_Hash_Definitions_Shake256)
   {
-    suffix = (uint8_t)0x1fU;
+    suffix = 0x1fU;
   }
   else
   {
-    suffix = (uint8_t)0x06U;
+    suffix = 0x06U;
   }
   uint32_t len = block_len(a);
   if (input_len == len)
   {
-    Hacl_Impl_SHA3_absorb_inner(len, input, s);
+    Hacl_Hash_SHA3_absorb_inner(len, input, s);
     uint8_t lastBlock_[200U] = { 0U };
     uint8_t *lastBlock = lastBlock_;
-    memcpy(lastBlock, input + input_len, (uint32_t)0U * sizeof (uint8_t));
+    memcpy(lastBlock, input + input_len, 0U * sizeof (uint8_t));
     lastBlock[0U] = suffix;
-    Hacl_Impl_SHA3_loadState(len, lastBlock, s);
-    if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && (uint32_t)0U == len - (uint32_t)1U)
+    Hacl_Hash_SHA3_loadState(len, lastBlock, s);
+    if (!(((uint32_t)suffix & 0x80U) == 0U) && 0U == len - 1U)
     {
-      Hacl_Impl_SHA3_state_permute(s);
+      Hacl_Hash_SHA3_state_permute(s);
     }
     uint8_t nextBlock_[200U] = { 0U };
     uint8_t *nextBlock = nextBlock_;
-    nextBlock[len - (uint32_t)1U] = (uint8_t)0x80U;
-    Hacl_Impl_SHA3_loadState(len, nextBlock, s);
-    Hacl_Impl_SHA3_state_permute(s);
+    nextBlock[len - 1U] = 0x80U;
+    Hacl_Hash_SHA3_loadState(len, nextBlock, s);
+    Hacl_Hash_SHA3_state_permute(s);
     return;
   }
   uint8_t lastBlock_[200U] = { 0U };
   uint8_t *lastBlock = lastBlock_;
   memcpy(lastBlock, input, input_len * sizeof (uint8_t));
   lastBlock[input_len] = suffix;
-  Hacl_Impl_SHA3_loadState(len, lastBlock, s);
-  if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && input_len == len - (uint32_t)1U)
+  Hacl_Hash_SHA3_loadState(len, lastBlock, s);
+  if (!(((uint32_t)suffix & 0x80U) == 0U) && input_len == len - 1U)
   {
-    Hacl_Impl_SHA3_state_permute(s);
+    Hacl_Hash_SHA3_state_permute(s);
   }
   uint8_t nextBlock_[200U] = { 0U };
   uint8_t *nextBlock = nextBlock_;
-  nextBlock[len - (uint32_t)1U] = (uint8_t)0x80U;
-  Hacl_Impl_SHA3_loadState(len, nextBlock, s);
-  Hacl_Impl_SHA3_state_permute(s);
+  nextBlock[len - 1U] = 0x80U;
+  Hacl_Hash_SHA3_loadState(len, nextBlock, s);
+  Hacl_Hash_SHA3_state_permute(s);
 }
 
 typedef struct hash_buf2_s
 {
-  Hacl_Streaming_Keccak_hash_buf fst;
-  Hacl_Streaming_Keccak_hash_buf snd;
+  Hacl_Hash_SHA3_hash_buf fst;
+  Hacl_Hash_SHA3_hash_buf snd;
 }
 hash_buf2;
 
-Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s)
+Spec_Hash_Definitions_hash_alg Hacl_Hash_SHA3_get_alg(Hacl_Hash_SHA3_state_t *s)
 {
-  Hacl_Streaming_Keccak_hash_buf block_state = (*s).block_state;
+  Hacl_Hash_SHA3_hash_buf block_state = (*s).block_state;
   return block_state.fst;
 }
 
-Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_hash_alg a)
+Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_hash_alg a)
 {
   KRML_CHECK_SIZE(sizeof (uint8_t), block_len(a));
   uint8_t *buf0 = (uint8_t *)KRML_HOST_CALLOC(block_len(a), sizeof (uint8_t));
-  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
-  Hacl_Streaming_Keccak_hash_buf block_state = { .fst = a, .snd = buf };
-  Hacl_Streaming_Keccak_state
-  s = { .block_state = block_state, .buf = buf0, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Keccak_state
-  *p = (Hacl_Streaming_Keccak_state *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_Keccak_state));
+  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
+  Hacl_Hash_SHA3_hash_buf block_state = { .fst = a, .snd = buf };
+  Hacl_Hash_SHA3_state_t
+  s = { .block_state = block_state, .buf = buf0, .total_len = (uint64_t)0U };
+  Hacl_Hash_SHA3_state_t
+  *p = (Hacl_Hash_SHA3_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_SHA3_state_t));
   p[0U] = s;
   uint64_t *s1 = block_state.snd;
-  memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
+  memset(s1, 0U, 25U * sizeof (uint64_t));
   return p;
 }
 
-void Hacl_Streaming_Keccak_free(Hacl_Streaming_Keccak_state *s)
+void Hacl_Hash_SHA3_free(Hacl_Hash_SHA3_state_t *state)
 {
-  Hacl_Streaming_Keccak_state scrut = *s;
+  Hacl_Hash_SHA3_state_t scrut = *state;
   uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
-  uint64_t *s1 = block_state.snd;
-  KRML_HOST_FREE(s1);
-  KRML_HOST_FREE(buf);
+  Hacl_Hash_SHA3_hash_buf block_state = scrut.block_state;
+  uint64_t *s = block_state.snd;
   KRML_HOST_FREE(s);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
 }
 
-Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_copy(Hacl_Streaming_Keccak_state *s0)
+Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_copy(Hacl_Hash_SHA3_state_t *state)
 {
-  Hacl_Streaming_Keccak_state scrut0 = *s0;
-  Hacl_Streaming_Keccak_hash_buf block_state0 = scrut0.block_state;
+  Hacl_Hash_SHA3_state_t scrut0 = *state;
+  Hacl_Hash_SHA3_hash_buf block_state0 = scrut0.block_state;
   uint8_t *buf0 = scrut0.buf;
   uint64_t total_len0 = scrut0.total_len;
   Spec_Hash_Definitions_hash_alg i = block_state0.fst;
   KRML_CHECK_SIZE(sizeof (uint8_t), block_len(i));
   uint8_t *buf1 = (uint8_t *)KRML_HOST_CALLOC(block_len(i), sizeof (uint8_t));
   memcpy(buf1, buf0, block_len(i) * sizeof (uint8_t));
-  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
-  Hacl_Streaming_Keccak_hash_buf block_state = { .fst = i, .snd = buf };
+  uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
+  Hacl_Hash_SHA3_hash_buf block_state = { .fst = i, .snd = buf };
   hash_buf2 scrut = { .fst = block_state0, .snd = block_state };
   uint64_t *s_dst = scrut.snd.snd;
   uint64_t *s_src = scrut.fst.snd;
-  memcpy(s_dst, s_src, (uint32_t)25U * sizeof (uint64_t));
-  Hacl_Streaming_Keccak_state
+  memcpy(s_dst, s_src, 25U * sizeof (uint64_t));
+  Hacl_Hash_SHA3_state_t
   s = { .block_state = block_state, .buf = buf1, .total_len = total_len0 };
-  Hacl_Streaming_Keccak_state
-  *p = (Hacl_Streaming_Keccak_state *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_Keccak_state));
+  Hacl_Hash_SHA3_state_t
+  *p = (Hacl_Hash_SHA3_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_SHA3_state_t));
   p[0U] = s;
   return p;
 }
 
-void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s)
+void Hacl_Hash_SHA3_reset(Hacl_Hash_SHA3_state_t *state)
 {
-  Hacl_Streaming_Keccak_state scrut = *s;
+  Hacl_Hash_SHA3_state_t scrut = *state;
   uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Hacl_Hash_SHA3_hash_buf block_state = scrut.block_state;
   Spec_Hash_Definitions_hash_alg i = block_state.fst;
-  KRML_HOST_IGNORE(i);
-  uint64_t *s1 = block_state.snd;
-  memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
-  Hacl_Streaming_Keccak_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
+  KRML_MAYBE_UNUSED_VAR(i);
+  uint64_t *s = block_state.snd;
+  memset(s, 0U, 25U * sizeof (uint64_t));
+  Hacl_Hash_SHA3_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
+  state[0U] = tmp;
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint32_t len)
+Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t chunk_len)
 {
-  Hacl_Streaming_Keccak_state s = *p;
-  Hacl_Streaming_Keccak_hash_buf block_state = s.block_state;
+  Hacl_Hash_SHA3_state_t s = *state;
+  Hacl_Hash_SHA3_hash_buf block_state = s.block_state;
   uint64_t total_len = s.total_len;
   Spec_Hash_Definitions_hash_alg i = block_state.fst;
-  if ((uint64_t)len > (uint64_t)0xFFFFFFFFFFFFFFFFU - total_len)
+  if ((uint64_t)chunk_len > 0xFFFFFFFFFFFFFFFFULL - total_len)
   {
     return Hacl_Streaming_Types_MaximumLengthExceeded;
   }
   uint32_t sz;
-  if (total_len % (uint64_t)block_len(i) == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)block_len(i) == 0ULL && total_len > 0ULL)
   {
     sz = block_len(i);
   }
@@ -255,14 +255,14 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
   {
     sz = (uint32_t)(total_len % (uint64_t)block_len(i));
   }
-  if (len <= block_len(i) - sz)
+  if (chunk_len <= block_len(i) - sz)
   {
-    Hacl_Streaming_Keccak_state s1 = *p;
-    Hacl_Streaming_Keccak_hash_buf block_state1 = s1.block_state;
+    Hacl_Hash_SHA3_state_t s1 = *state;
+    Hacl_Hash_SHA3_hash_buf block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)block_len(i) == 0ULL && total_len1 > 0ULL)
     {
       sz1 = block_len(i);
     }
@@ -271,26 +271,20 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
       sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i));
     }
     uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
     =
-      (
-        (Hacl_Streaming_Keccak_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
+      ((Hacl_Hash_SHA3_state_t){ .block_state = block_state1, .buf = buf, .total_len = total_len2 });
   }
-  else if (sz == (uint32_t)0U)
+  else if (sz == 0U)
   {
-    Hacl_Streaming_Keccak_state s1 = *p;
-    Hacl_Streaming_Keccak_hash_buf block_state1 = s1.block_state;
+    Hacl_Hash_SHA3_state_t s1 = *state;
+    Hacl_Hash_SHA3_hash_buf block_state1 = s1.block_state;
     uint8_t *buf = s1.buf;
     uint64_t total_len1 = s1.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)block_len(i) == 0ULL && total_len1 > 0ULL)
     {
       sz1 = block_len(i);
     }
@@ -298,52 +292,52 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
     {
       sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i));
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
       Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
       uint64_t *s2 = block_state1.snd;
       Hacl_Hash_SHA3_update_multi_sha3(a1, s2, buf, block_len(i) / block_len(a1));
     }
     uint32_t ite;
-    if ((uint64_t)len % (uint64_t)block_len(i) == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
+    if ((uint64_t)chunk_len % (uint64_t)block_len(i) == 0ULL && (uint64_t)chunk_len > 0ULL)
     {
       ite = block_len(i);
     }
     else
     {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)block_len(i));
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)block_len(i));
     }
-    uint32_t n_blocks = (len - ite) / block_len(i);
+    uint32_t n_blocks = (chunk_len - ite) / block_len(i);
     uint32_t data1_len = n_blocks * block_len(i);
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
     Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
     uint64_t *s2 = block_state1.snd;
     Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1));
     uint8_t *dst = buf;
     memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
+    *state
     =
       (
-        (Hacl_Streaming_Keccak_state){
+        (Hacl_Hash_SHA3_state_t){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
+          .total_len = total_len1 + (uint64_t)chunk_len
         }
       );
   }
   else
   {
     uint32_t diff = block_len(i) - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Keccak_state s1 = *p;
-    Hacl_Streaming_Keccak_hash_buf block_state10 = s1.block_state;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_Hash_SHA3_state_t s1 = *state;
+    Hacl_Hash_SHA3_hash_buf block_state10 = s1.block_state;
     uint8_t *buf0 = s1.buf;
     uint64_t total_len10 = s1.total_len;
     uint32_t sz10;
-    if (total_len10 % (uint64_t)block_len(i) == (uint64_t)0U && total_len10 > (uint64_t)0U)
+    if (total_len10 % (uint64_t)block_len(i) == 0ULL && total_len10 > 0ULL)
     {
       sz10 = block_len(i);
     }
@@ -352,23 +346,23 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
       sz10 = (uint32_t)(total_len10 % (uint64_t)block_len(i));
     }
     uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
     uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
+    *state
     =
       (
-        (Hacl_Streaming_Keccak_state){
+        (Hacl_Hash_SHA3_state_t){
           .block_state = block_state10,
           .buf = buf0,
           .total_len = total_len2
         }
       );
-    Hacl_Streaming_Keccak_state s10 = *p;
-    Hacl_Streaming_Keccak_hash_buf block_state1 = s10.block_state;
+    Hacl_Hash_SHA3_state_t s10 = *state;
+    Hacl_Hash_SHA3_hash_buf block_state1 = s10.block_state;
     uint8_t *buf = s10.buf;
     uint64_t total_len1 = s10.total_len;
     uint32_t sz1;
-    if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && total_len1 > (uint64_t)0U)
+    if (total_len1 % (uint64_t)block_len(i) == 0ULL && total_len1 > 0ULL)
     {
       sz1 = block_len(i);
     }
@@ -376,7 +370,7 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
     {
       sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i));
     }
-    if (!(sz1 == (uint32_t)0U))
+    if (!(sz1 == 0U))
     {
       Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
       uint64_t *s2 = block_state1.snd;
@@ -385,35 +379,35 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
     uint32_t ite;
     if
     (
-      (uint64_t)(len - diff)
+      (uint64_t)(chunk_len - diff)
       % (uint64_t)block_len(i)
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
+      == 0ULL
+      && (uint64_t)(chunk_len - diff) > 0ULL
     )
     {
       ite = block_len(i);
     }
     else
     {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)block_len(i));
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)block_len(i));
     }
-    uint32_t n_blocks = (len - diff - ite) / block_len(i);
+    uint32_t n_blocks = (chunk_len - diff - ite) / block_len(i);
     uint32_t data1_len = n_blocks * block_len(i);
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
     Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
     uint64_t *s2 = block_state1.snd;
-    Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data11, data1_len / block_len(a1));
+    Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1));
     uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
     =
       (
-        (Hacl_Streaming_Keccak_state){
+        (Hacl_Hash_SHA3_state_t){
           .block_state = block_state1,
           .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff)
         }
       );
   }
@@ -421,19 +415,19 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
 }
 
 static void
-finish_(
+digest_(
   Spec_Hash_Definitions_hash_alg a,
-  Hacl_Streaming_Keccak_state *p,
-  uint8_t *dst,
+  Hacl_Hash_SHA3_state_t *state,
+  uint8_t *output,
   uint32_t l
 )
 {
-  Hacl_Streaming_Keccak_state scrut0 = *p;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut0.block_state;
+  Hacl_Hash_SHA3_state_t scrut0 = *state;
+  Hacl_Hash_SHA3_hash_buf block_state = scrut0.block_state;
   uint8_t *buf_ = scrut0.buf;
   uint64_t total_len = scrut0.total_len;
   uint32_t r;
-  if (total_len % (uint64_t)block_len(a) == (uint64_t)0U && total_len > (uint64_t)0U)
+  if (total_len % (uint64_t)block_len(a) == 0ULL && total_len > 0ULL)
   {
     r = block_len(a);
   }
@@ -443,13 +437,13 @@ finish_(
   }
   uint8_t *buf_1 = buf_;
   uint64_t buf[25U] = { 0U };
-  Hacl_Streaming_Keccak_hash_buf tmp_block_state = { .fst = a, .snd = buf };
+  Hacl_Hash_SHA3_hash_buf tmp_block_state = { .fst = a, .snd = buf };
   hash_buf2 scrut = { .fst = block_state, .snd = tmp_block_state };
   uint64_t *s_dst = scrut.snd.snd;
   uint64_t *s_src = scrut.fst.snd;
-  memcpy(s_dst, s_src, (uint32_t)25U * sizeof (uint64_t));
+  memcpy(s_dst, s_src, 25U * sizeof (uint64_t));
   uint32_t ite;
-  if (r % block_len(a) == (uint32_t)0U && r > (uint32_t)0U)
+  if (r % block_len(a) == 0U && r > 0U)
   {
     ite = block_len(a);
   }
@@ -461,7 +455,7 @@ finish_(
   uint8_t *buf_multi = buf_1;
   Spec_Hash_Definitions_hash_alg a1 = tmp_block_state.fst;
   uint64_t *s0 = tmp_block_state.snd;
-  Hacl_Hash_SHA3_update_multi_sha3(a1, s0, buf_multi, (uint32_t)0U / block_len(a1));
+  Hacl_Hash_SHA3_update_multi_sha3(a1, s0, buf_multi, 0U / block_len(a1));
   Spec_Hash_Definitions_hash_alg a10 = tmp_block_state.fst;
   uint64_t *s1 = tmp_block_state.snd;
   Hacl_Hash_SHA3_update_last_sha3(a10, s1, buf_last, r);
@@ -469,258 +463,182 @@ finish_(
   uint64_t *s = tmp_block_state.snd;
   if (a11 == Spec_Hash_Definitions_Shake128 || a11 == Spec_Hash_Definitions_Shake256)
   {
-    Hacl_Impl_SHA3_squeeze(s, block_len(a11), l, dst);
+    Hacl_Hash_SHA3_squeeze0(s, block_len(a11), l, output);
     return;
   }
-  Hacl_Impl_SHA3_squeeze(s, block_len(a11), hash_len(a11), dst);
+  Hacl_Hash_SHA3_squeeze0(s, block_len(a11), hash_len(a11), output);
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_finish(Hacl_Streaming_Keccak_state *s, uint8_t *dst)
+Hacl_Hash_SHA3_digest(Hacl_Hash_SHA3_state_t *state, uint8_t *output)
 {
-  Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(state);
   if (a1 == Spec_Hash_Definitions_Shake128 || a1 == Spec_Hash_Definitions_Shake256)
   {
     return Hacl_Streaming_Types_InvalidAlgorithm;
   }
-  finish_(a1, s, dst, hash_len(a1));
+  digest_(a1, state, output, hash_len(a1));
   return Hacl_Streaming_Types_Success;
 }
 
 Hacl_Streaming_Types_error_code
-Hacl_Streaming_Keccak_squeeze(Hacl_Streaming_Keccak_state *s, uint8_t *dst, uint32_t l)
+Hacl_Hash_SHA3_squeeze(Hacl_Hash_SHA3_state_t *s, uint8_t *dst, uint32_t l)
 {
-  Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(s);
   if (!(a1 == Spec_Hash_Definitions_Shake128 || a1 == Spec_Hash_Definitions_Shake256))
   {
     return Hacl_Streaming_Types_InvalidAlgorithm;
   }
-  if (l == (uint32_t)0U)
+  if (l == 0U)
   {
     return Hacl_Streaming_Types_InvalidLength;
   }
-  finish_(a1, s, dst, l);
+  digest_(a1, s, dst, l);
   return Hacl_Streaming_Types_Success;
 }
 
-uint32_t Hacl_Streaming_Keccak_block_len(Hacl_Streaming_Keccak_state *s)
+uint32_t Hacl_Hash_SHA3_block_len(Hacl_Hash_SHA3_state_t *s)
 {
-  Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(s);
   return block_len(a1);
 }
 
-uint32_t Hacl_Streaming_Keccak_hash_len(Hacl_Streaming_Keccak_state *s)
+uint32_t Hacl_Hash_SHA3_hash_len(Hacl_Hash_SHA3_state_t *s)
 {
-  Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(s);
   return hash_len(a1);
 }
 
-bool Hacl_Streaming_Keccak_is_shake(Hacl_Streaming_Keccak_state *s)
+bool Hacl_Hash_SHA3_is_shake(Hacl_Hash_SHA3_state_t *s)
 {
-  Spec_Hash_Definitions_hash_alg uu____0 = Hacl_Streaming_Keccak_get_alg(s);
+  Spec_Hash_Definitions_hash_alg uu____0 = Hacl_Hash_SHA3_get_alg(s);
   return uu____0 == Spec_Hash_Definitions_Shake128 || uu____0 == Spec_Hash_Definitions_Shake256;
 }
 
 void
-Hacl_SHA3_shake128_hacl(
+Hacl_Hash_SHA3_shake128_hacl(
   uint32_t inputByteLen,
   uint8_t *input,
   uint32_t outputByteLen,
   uint8_t *output
 )
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)1344U,
-    (uint32_t)256U,
-    inputByteLen,
-    input,
-    (uint8_t)0x1FU,
-    outputByteLen,
-    output);
+  Hacl_Hash_SHA3_keccak(1344U, 256U, inputByteLen, input, 0x1FU, outputByteLen, output);
 }
 
 void
-Hacl_SHA3_shake256_hacl(
+Hacl_Hash_SHA3_shake256_hacl(
   uint32_t inputByteLen,
   uint8_t *input,
   uint32_t outputByteLen,
   uint8_t *output
 )
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)1088U,
-    (uint32_t)512U,
-    inputByteLen,
-    input,
-    (uint8_t)0x1FU,
-    outputByteLen,
-    output);
+  Hacl_Hash_SHA3_keccak(1088U, 512U, inputByteLen, input, 0x1FU, outputByteLen, output);
 }
 
-void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
+void Hacl_Hash_SHA3_sha3_224(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)1152U,
-    (uint32_t)448U,
-    inputByteLen,
-    input,
-    (uint8_t)0x06U,
-    (uint32_t)28U,
-    output);
+  Hacl_Hash_SHA3_keccak(1152U, 448U, input_len, input, 0x06U, 28U, output);
 }
 
-void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
+void Hacl_Hash_SHA3_sha3_256(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)1088U,
-    (uint32_t)512U,
-    inputByteLen,
-    input,
-    (uint8_t)0x06U,
-    (uint32_t)32U,
-    output);
+  Hacl_Hash_SHA3_keccak(1088U, 512U, input_len, input, 0x06U, 32U, output);
 }
 
-void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
+void Hacl_Hash_SHA3_sha3_384(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)832U,
-    (uint32_t)768U,
-    inputByteLen,
-    input,
-    (uint8_t)0x06U,
-    (uint32_t)48U,
-    output);
+  Hacl_Hash_SHA3_keccak(832U, 768U, input_len, input, 0x06U, 48U, output);
 }
 
-void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
+void Hacl_Hash_SHA3_sha3_512(uint8_t *output, uint8_t *input, uint32_t input_len)
 {
-  Hacl_Impl_SHA3_keccak((uint32_t)576U,
-    (uint32_t)1024U,
-    inputByteLen,
-    input,
-    (uint8_t)0x06U,
-    (uint32_t)64U,
-    output);
+  Hacl_Hash_SHA3_keccak(576U, 1024U, input_len, input, 0x06U, 64U, output);
 }
 
 static const
 uint32_t
 keccak_rotc[24U] =
   {
-    (uint32_t)1U, (uint32_t)3U, (uint32_t)6U, (uint32_t)10U, (uint32_t)15U, (uint32_t)21U,
-    (uint32_t)28U, (uint32_t)36U, (uint32_t)45U, (uint32_t)55U, (uint32_t)2U, (uint32_t)14U,
-    (uint32_t)27U, (uint32_t)41U, (uint32_t)56U, (uint32_t)8U, (uint32_t)25U, (uint32_t)43U,
-    (uint32_t)62U, (uint32_t)18U, (uint32_t)39U, (uint32_t)61U, (uint32_t)20U, (uint32_t)44U
+    1U, 3U, 6U, 10U, 15U, 21U, 28U, 36U, 45U, 55U, 2U, 14U, 27U, 41U, 56U, 8U, 25U, 43U, 62U, 18U,
+    39U, 61U, 20U, 44U
   };
 
 static const
 uint32_t
 keccak_piln[24U] =
   {
-    (uint32_t)10U, (uint32_t)7U, (uint32_t)11U, (uint32_t)17U, (uint32_t)18U, (uint32_t)3U,
-    (uint32_t)5U, (uint32_t)16U, (uint32_t)8U, (uint32_t)21U, (uint32_t)24U, (uint32_t)4U,
-    (uint32_t)15U, (uint32_t)23U, (uint32_t)19U, (uint32_t)13U, (uint32_t)12U, (uint32_t)2U,
-    (uint32_t)20U, (uint32_t)14U, (uint32_t)22U, (uint32_t)9U, (uint32_t)6U, (uint32_t)1U
+    10U, 7U, 11U, 17U, 18U, 3U, 5U, 16U, 8U, 21U, 24U, 4U, 15U, 23U, 19U, 13U, 12U, 2U, 20U, 14U,
+    22U, 9U, 6U, 1U
   };
 
 static const
 uint64_t
 keccak_rndc[24U] =
   {
-    (uint64_t)0x0000000000000001U, (uint64_t)0x0000000000008082U, (uint64_t)0x800000000000808aU,
-    (uint64_t)0x8000000080008000U, (uint64_t)0x000000000000808bU, (uint64_t)0x0000000080000001U,
-    (uint64_t)0x8000000080008081U, (uint64_t)0x8000000000008009U, (uint64_t)0x000000000000008aU,
-    (uint64_t)0x0000000000000088U, (uint64_t)0x0000000080008009U, (uint64_t)0x000000008000000aU,
-    (uint64_t)0x000000008000808bU, (uint64_t)0x800000000000008bU, (uint64_t)0x8000000000008089U,
-    (uint64_t)0x8000000000008003U, (uint64_t)0x8000000000008002U, (uint64_t)0x8000000000000080U,
-    (uint64_t)0x000000000000800aU, (uint64_t)0x800000008000000aU, (uint64_t)0x8000000080008081U,
-    (uint64_t)0x8000000000008080U, (uint64_t)0x0000000080000001U, (uint64_t)0x8000000080008008U
+    0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL, 0x8000000080008000ULL,
+    0x000000000000808bULL, 0x0000000080000001ULL, 0x8000000080008081ULL, 0x8000000000008009ULL,
+    0x000000000000008aULL, 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL,
+    0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL,
+    0x8000000000008002ULL, 0x8000000000000080ULL, 0x000000000000800aULL, 0x800000008000000aULL,
+    0x8000000080008081ULL, 0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL
   };
 
-void Hacl_Impl_SHA3_state_permute(uint64_t *s)
+void Hacl_Hash_SHA3_state_permute(uint64_t *s)
 {
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)24U; i0++)
+  for (uint32_t i0 = 0U; i0 < 24U; i0++)
   {
     uint64_t _C[5U] = { 0U };
     KRML_MAYBE_FOR5(i,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      _C[i] =
-        s[i
-        + (uint32_t)0U]
-        ^
-          (s[i
-          + (uint32_t)5U]
-          ^ (s[i + (uint32_t)10U] ^ (s[i + (uint32_t)15U] ^ s[i + (uint32_t)20U]))););
+      0U,
+      5U,
+      1U,
+      _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U]))););
     KRML_MAYBE_FOR5(i1,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      uint64_t uu____0 = _C[(i1 + (uint32_t)1U) % (uint32_t)5U];
-      uint64_t
-      _D =
-        _C[(i1 + (uint32_t)4U)
-        % (uint32_t)5U]
-        ^ (uu____0 << (uint32_t)1U | uu____0 >> (uint32_t)63U);
-      KRML_MAYBE_FOR5(i,
-        (uint32_t)0U,
-        (uint32_t)5U,
-        (uint32_t)1U,
-        s[i1 + (uint32_t)5U * i] = s[i1 + (uint32_t)5U * i] ^ _D;););
+      0U,
+      5U,
+      1U,
+      uint64_t uu____0 = _C[(i1 + 1U) % 5U];
+      uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U);
+      KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;););
     uint64_t x = s[1U];
     uint64_t current = x;
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)24U; i++)
+    for (uint32_t i = 0U; i < 24U; i++)
     {
       uint32_t _Y = keccak_piln[i];
       uint32_t r = keccak_rotc[i];
       uint64_t temp = s[_Y];
       uint64_t uu____1 = current;
-      s[_Y] = uu____1 << r | uu____1 >> ((uint32_t)64U - r);
+      s[_Y] = uu____1 << r | uu____1 >> (64U - r);
       current = temp;
     }
     KRML_MAYBE_FOR5(i,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      uint64_t
-      v0 =
-        s[(uint32_t)0U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)1U + (uint32_t)5U * i] & s[(uint32_t)2U + (uint32_t)5U * i]);
-      uint64_t
-      v1 =
-        s[(uint32_t)1U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)2U + (uint32_t)5U * i] & s[(uint32_t)3U + (uint32_t)5U * i]);
-      uint64_t
-      v2 =
-        s[(uint32_t)2U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)3U + (uint32_t)5U * i] & s[(uint32_t)4U + (uint32_t)5U * i]);
-      uint64_t
-      v3 =
-        s[(uint32_t)3U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)4U + (uint32_t)5U * i] & s[(uint32_t)0U + (uint32_t)5U * i]);
-      uint64_t
-      v4 =
-        s[(uint32_t)4U
-        + (uint32_t)5U * i]
-        ^ (~s[(uint32_t)0U + (uint32_t)5U * i] & s[(uint32_t)1U + (uint32_t)5U * i]);
-      s[(uint32_t)0U + (uint32_t)5U * i] = v0;
-      s[(uint32_t)1U + (uint32_t)5U * i] = v1;
-      s[(uint32_t)2U + (uint32_t)5U * i] = v2;
-      s[(uint32_t)3U + (uint32_t)5U * i] = v3;
-      s[(uint32_t)4U + (uint32_t)5U * i] = v4;);
+      0U,
+      5U,
+      1U,
+      uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]);
+      uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]);
+      uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]);
+      uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]);
+      uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]);
+      s[0U + 5U * i] = v0;
+      s[1U + 5U * i] = v1;
+      s[2U + 5U * i] = v2;
+      s[3U + 5U * i] = v3;
+      s[4U + 5U * i] = v4;);
     uint64_t c = keccak_rndc[i0];
     s[0U] = s[0U] ^ c;
   }
 }
 
-void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s)
+void Hacl_Hash_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s)
 {
   uint8_t block[200U] = { 0U };
   memcpy(block, input, rateInBytes * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++)
+  for (uint32_t i = 0U; i < 25U; i++)
   {
-    uint64_t u = load64_le(block + i * (uint32_t)8U);
+    uint64_t u = load64_le(block + i * 8U);
     uint64_t x = u;
     s[i] = s[i] ^ x;
   }
@@ -729,18 +647,18 @@ void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s)
 static void storeState(uint32_t rateInBytes, uint64_t *s, uint8_t *res)
 {
   uint8_t block[200U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++)
+  for (uint32_t i = 0U; i < 25U; i++)
   {
     uint64_t sj = s[i];
-    store64_le(block + i * (uint32_t)8U, sj);
+    store64_le(block + i * 8U, sj);
   }
   memcpy(res, block, rateInBytes * sizeof (uint8_t));
 }
 
-void Hacl_Impl_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s)
+void Hacl_Hash_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s)
 {
-  Hacl_Impl_SHA3_loadState(rateInBytes, block, s);
-  Hacl_Impl_SHA3_state_permute(s);
+  Hacl_Hash_SHA3_loadState(rateInBytes, block, s);
+  Hacl_Hash_SHA3_state_permute(s);
 }
 
 static void
@@ -754,30 +672,30 @@ absorb(
 {
   uint32_t n_blocks = inputByteLen / rateInBytes;
   uint32_t rem = inputByteLen % rateInBytes;
-  for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
+  for (uint32_t i = 0U; i < n_blocks; i++)
   {
     uint8_t *block = input + i * rateInBytes;
-    Hacl_Impl_SHA3_absorb_inner(rateInBytes, block, s);
+    Hacl_Hash_SHA3_absorb_inner(rateInBytes, block, s);
   }
   uint8_t *last = input + n_blocks * rateInBytes;
   uint8_t lastBlock_[200U] = { 0U };
   uint8_t *lastBlock = lastBlock_;
   memcpy(lastBlock, last, rem * sizeof (uint8_t));
   lastBlock[rem] = delimitedSuffix;
-  Hacl_Impl_SHA3_loadState(rateInBytes, lastBlock, s);
-  if (!((delimitedSuffix & (uint8_t)0x80U) == (uint8_t)0U) && rem == rateInBytes - (uint32_t)1U)
+  Hacl_Hash_SHA3_loadState(rateInBytes, lastBlock, s);
+  if (!(((uint32_t)delimitedSuffix & 0x80U) == 0U) && rem == rateInBytes - 1U)
   {
-    Hacl_Impl_SHA3_state_permute(s);
+    Hacl_Hash_SHA3_state_permute(s);
   }
   uint8_t nextBlock_[200U] = { 0U };
   uint8_t *nextBlock = nextBlock_;
-  nextBlock[rateInBytes - (uint32_t)1U] = (uint8_t)0x80U;
-  Hacl_Impl_SHA3_loadState(rateInBytes, nextBlock, s);
-  Hacl_Impl_SHA3_state_permute(s);
+  nextBlock[rateInBytes - 1U] = 0x80U;
+  Hacl_Hash_SHA3_loadState(rateInBytes, nextBlock, s);
+  Hacl_Hash_SHA3_state_permute(s);
 }
 
 void
-Hacl_Impl_SHA3_squeeze(
+Hacl_Hash_SHA3_squeeze0(
   uint64_t *s,
   uint32_t rateInBytes,
   uint32_t outputByteLen,
@@ -788,16 +706,16 @@ Hacl_Impl_SHA3_squeeze(
   uint32_t remOut = outputByteLen % rateInBytes;
   uint8_t *last = output + outputByteLen - remOut;
   uint8_t *blocks = output;
-  for (uint32_t i = (uint32_t)0U; i < outBlocks; i++)
+  for (uint32_t i = 0U; i < outBlocks; i++)
   {
     storeState(rateInBytes, s, blocks + i * rateInBytes);
-    Hacl_Impl_SHA3_state_permute(s);
+    Hacl_Hash_SHA3_state_permute(s);
   }
   storeState(remOut, s, last);
 }
 
 void
-Hacl_Impl_SHA3_keccak(
+Hacl_Hash_SHA3_keccak(
   uint32_t rate,
   uint32_t capacity,
   uint32_t inputByteLen,
@@ -807,10 +725,10 @@ Hacl_Impl_SHA3_keccak(
   uint8_t *output
 )
 {
-  KRML_HOST_IGNORE(capacity);
-  uint32_t rateInBytes = rate / (uint32_t)8U;
+  KRML_MAYBE_UNUSED_VAR(capacity);
+  uint32_t rateInBytes = rate / 8U;
   uint64_t s[25U] = { 0U };
   absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix);
-  Hacl_Impl_SHA3_squeeze(s, rateInBytes, outputByteLen, output);
+  Hacl_Hash_SHA3_squeeze0(s, rateInBytes, outputByteLen, output);
 }
 
diff --git a/src/msvc/Hacl_K256_ECDSA.c b/src/msvc/Hacl_K256_ECDSA.c
index c5dda43f..f9bf31ed 100644
--- a/src/msvc/Hacl_K256_ECDSA.c
+++ b/src/msvc/Hacl_K256_ECDSA.c
@@ -35,27 +35,27 @@ bn_add(uint32_t aLen, uint64_t *a, uint32_t bLen, uint64_t *b, uint64_t *res)
 {
   uint64_t *a0 = a;
   uint64_t *res0 = res;
-  uint64_t c0 = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < bLen / (uint32_t)4U; i++)
+  uint64_t c0 = 0ULL;
+  for (uint32_t i = 0U; i < bLen / 4U; i++)
   {
-    uint64_t t1 = a0[(uint32_t)4U * i];
-    uint64_t t20 = b[(uint32_t)4U * i];
-    uint64_t *res_i0 = res0 + (uint32_t)4U * i;
+    uint64_t t1 = a0[4U * i];
+    uint64_t t20 = b[4U * i];
+    uint64_t *res_i0 = res0 + 4U * i;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a0[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
-    uint64_t *res_i1 = res0 + (uint32_t)4U * i + (uint32_t)1U;
+    uint64_t t10 = a0[4U * i + 1U];
+    uint64_t t21 = b[4U * i + 1U];
+    uint64_t *res_i1 = res0 + 4U * i + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a0[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
-    uint64_t *res_i2 = res0 + (uint32_t)4U * i + (uint32_t)2U;
+    uint64_t t11 = a0[4U * i + 2U];
+    uint64_t t22 = b[4U * i + 2U];
+    uint64_t *res_i2 = res0 + 4U * i + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a0[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
-    uint64_t *res_i = res0 + (uint32_t)4U * i + (uint32_t)3U;
+    uint64_t t12 = a0[4U * i + 3U];
+    uint64_t t2 = b[4U * i + 3U];
+    uint64_t *res_i = res0 + 4U * i + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
-  for (uint32_t i = bLen / (uint32_t)4U * (uint32_t)4U; i < bLen; i++)
+  for (uint32_t i = bLen / 4U * 4U; i < bLen; i++)
   {
     uint64_t t1 = a0[i];
     uint64_t t2 = b[i];
@@ -68,26 +68,26 @@ bn_add(uint32_t aLen, uint64_t *a, uint32_t bLen, uint64_t *b, uint64_t *res)
     uint64_t *a1 = a + bLen;
     uint64_t *res1 = res + bLen;
     uint64_t c = c00;
-    for (uint32_t i = (uint32_t)0U; i < (aLen - bLen) / (uint32_t)4U; i++)
+    for (uint32_t i = 0U; i < (aLen - bLen) / 4U; i++)
     {
-      uint64_t t1 = a1[(uint32_t)4U * i];
-      uint64_t *res_i0 = res1 + (uint32_t)4U * i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i0);
-      uint64_t t10 = a1[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res1 + (uint32_t)4U * i + (uint32_t)1U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, (uint64_t)0U, res_i1);
-      uint64_t t11 = a1[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res1 + (uint32_t)4U * i + (uint32_t)2U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, (uint64_t)0U, res_i2);
-      uint64_t t12 = a1[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res1 + (uint32_t)4U * i + (uint32_t)3U;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, (uint64_t)0U, res_i);
+      uint64_t t1 = a1[4U * i];
+      uint64_t *res_i0 = res1 + 4U * i;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i0);
+      uint64_t t10 = a1[4U * i + 1U];
+      uint64_t *res_i1 = res1 + 4U * i + 1U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, 0ULL, res_i1);
+      uint64_t t11 = a1[4U * i + 2U];
+      uint64_t *res_i2 = res1 + 4U * i + 2U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i2);
+      uint64_t t12 = a1[4U * i + 3U];
+      uint64_t *res_i = res1 + 4U * i + 3U;
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, 0ULL, res_i);
     }
-    for (uint32_t i = (aLen - bLen) / (uint32_t)4U * (uint32_t)4U; i < aLen - bLen; i++)
+    for (uint32_t i = (aLen - bLen) / 4U * 4U; i < aLen - bLen; i++)
     {
       uint64_t t1 = a1[i];
       uint64_t *res_i = res1 + i;
-      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i);
+      c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i);
     }
     uint64_t c1 = c;
     return c1;
@@ -97,23 +97,23 @@ bn_add(uint32_t aLen, uint64_t *a, uint32_t bLen, uint64_t *b, uint64_t *res)
 
 static uint64_t add4(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   return c;
@@ -121,52 +121,52 @@ static uint64_t add4(uint64_t *a, uint64_t *b, uint64_t *res)
 
 static void add_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x;);
@@ -174,53 +174,53 @@ static void add_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 
 static void sub_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = a[4U * 0U];
+    uint64_t t20 = b[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = a[4U * 0U + 1U];
+    uint64_t t21 = b[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = a[4U * 0U + 2U];
+    uint64_t t22 = b[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = a[4U * 0U + 3U];
+    uint64_t t2 = b[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (c2 & tmp[i]) | (~c2 & res[i]);
     os[i] = x;);
@@ -228,59 +228,59 @@ static void sub_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
 
 static void mul4(uint64_t *a, uint64_t *b, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t bj = b[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = a[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = a[4U * 0U];
+      uint64_t *res_i0 = res_j + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = a[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = a[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = a[4U * 0U + 3U];
+      uint64_t *res_i = res_j + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
     uint64_t r = c;
-    res[(uint32_t)4U + i0] = r;);
+    res[4U + i0] = r;);
 }
 
 static void sqr4(uint64_t *a, uint64_t *res)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *ab = a;
     uint64_t a_j = a[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = ab[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = ab[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = ab[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = ab[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint64_t a_i = ab[i];
       uint64_t *res_i = res_j + i;
@@ -288,30 +288,30 @@ static void sqr4(uint64_t *a, uint64_t *res)
     }
     uint64_t r = c;
     res[i0 + i0] = r;);
-  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, res, res);
+  KRML_MAYBE_UNUSED_VAR(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U));
+    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U));
     uint64_t lo = FStar_UInt128_uint128_to_uint64(res1);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;);
+  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, tmp, res);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline uint64_t is_qelem_zero(uint64_t *f)
 {
   uint64_t bn_zero[4U] = { 0U };
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(f[i], bn_zero[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
@@ -325,33 +325,33 @@ static inline bool is_qelem_zero_vartime(uint64_t *f)
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
   uint64_t f3 = f[3U];
-  return f0 == (uint64_t)0U && f1 == (uint64_t)0U && f2 == (uint64_t)0U && f3 == (uint64_t)0U;
+  return f0 == 0ULL && f1 == 0ULL && f2 == 0ULL && f3 == 0ULL;
 }
 
 static inline uint64_t load_qelem_check(uint64_t *f, uint8_t *b)
 {
   uint64_t n[4U] = { 0U };
-  n[0U] = (uint64_t)0xbfd25e8cd0364141U;
-  n[1U] = (uint64_t)0xbaaedce6af48a03bU;
-  n[2U] = (uint64_t)0xfffffffffffffffeU;
-  n[3U] = (uint64_t)0xffffffffffffffffU;
+  n[0U] = 0xbfd25e8cd0364141ULL;
+  n[1U] = 0xbaaedce6af48a03bULL;
+  n[2U] = 0xfffffffffffffffeULL;
+  n[3U] = 0xffffffffffffffffULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = f;
-    uint64_t u = load64_be(b + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(b + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
   uint64_t is_zero = is_qelem_zero(f);
-  uint64_t acc = (uint64_t)0U;
+  uint64_t acc = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t beq = FStar_UInt64_eq_mask(f[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(f[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U))););
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))););
   uint64_t is_lt_q = acc;
   return ~is_zero & is_lt_q;
 }
@@ -359,11 +359,11 @@ static inline uint64_t load_qelem_check(uint64_t *f, uint8_t *b)
 static inline bool load_qelem_vartime(uint64_t *f, uint8_t *b)
 {
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = f;
-    uint64_t u = load64_be(b + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(b + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
   bool is_zero = is_qelem_zero_vartime(f);
@@ -372,29 +372,29 @@ static inline bool load_qelem_vartime(uint64_t *f, uint8_t *b)
   uint64_t a2 = f[2U];
   uint64_t a3 = f[3U];
   bool is_lt_q_b;
-  if (a3 < (uint64_t)0xffffffffffffffffU)
+  if (a3 < 0xffffffffffffffffULL)
   {
     is_lt_q_b = true;
   }
-  else if (a2 < (uint64_t)0xfffffffffffffffeU)
+  else if (a2 < 0xfffffffffffffffeULL)
   {
     is_lt_q_b = true;
   }
-  else if (a2 > (uint64_t)0xfffffffffffffffeU)
+  else if (a2 > 0xfffffffffffffffeULL)
   {
     is_lt_q_b = false;
   }
-  else if (a1 < (uint64_t)0xbaaedce6af48a03bU)
+  else if (a1 < 0xbaaedce6af48a03bULL)
   {
     is_lt_q_b = true;
   }
-  else if (a1 > (uint64_t)0xbaaedce6af48a03bU)
+  else if (a1 > 0xbaaedce6af48a03bULL)
   {
     is_lt_q_b = false;
   }
   else
   {
-    is_lt_q_b = a0 < (uint64_t)0xbfd25e8cd0364141U;
+    is_lt_q_b = a0 < 0xbfd25e8cd0364141ULL;
   }
   return !is_zero && is_lt_q_b;
 }
@@ -402,16 +402,16 @@ static inline bool load_qelem_vartime(uint64_t *f, uint8_t *b)
 static inline void modq_short(uint64_t *out, uint64_t *a)
 {
   uint64_t tmp[4U] = { 0U };
-  tmp[0U] = (uint64_t)0x402da1732fc9bebfU;
-  tmp[1U] = (uint64_t)0x4551231950b75fc4U;
-  tmp[2U] = (uint64_t)0x1U;
-  tmp[3U] = (uint64_t)0x0U;
+  tmp[0U] = 0x402da1732fc9bebfULL;
+  tmp[1U] = 0x4551231950b75fc4ULL;
+  tmp[2U] = 0x1ULL;
+  tmp[3U] = 0x0ULL;
   uint64_t c = add4(a, tmp, out);
-  uint64_t mask = (uint64_t)0U - c;
+  uint64_t mask = 0ULL - c;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = out;
     uint64_t x = (mask & out[i]) | (~mask & a[i]);
     os[i] = x;);
@@ -421,35 +421,31 @@ static inline void load_qelem_modq(uint64_t *f, uint8_t *b)
 {
   uint64_t tmp[4U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = f;
-    uint64_t u = load64_be(b + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(b + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
-  memcpy(tmp, f, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(tmp, f, 4U * sizeof (uint64_t));
   modq_short(f, tmp);
 }
 
 static inline void store_qelem(uint8_t *b, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_be(b + i * (uint32_t)8U, f[(uint32_t)4U - i - (uint32_t)1U]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(b + i * 8U, f[4U - i - 1U]););
 }
 
 static inline void qadd(uint64_t *out, uint64_t *f1, uint64_t *f2)
 {
   uint64_t n[4U] = { 0U };
-  n[0U] = (uint64_t)0xbfd25e8cd0364141U;
-  n[1U] = (uint64_t)0xbaaedce6af48a03bU;
-  n[2U] = (uint64_t)0xfffffffffffffffeU;
-  n[3U] = (uint64_t)0xffffffffffffffffU;
+  n[0U] = 0xbfd25e8cd0364141ULL;
+  n[1U] = 0xbaaedce6af48a03bULL;
+  n[2U] = 0xfffffffffffffffeULL;
+  n[3U] = 0xffffffffffffffffULL;
   add_mod4(n, f1, f2, out);
 }
 
@@ -463,33 +459,33 @@ mul_pow2_256_minus_q_add(
   uint64_t *res
 )
 {
-  KRML_CHECK_SIZE(sizeof (uint64_t), len + (uint32_t)2U);
-  uint64_t *tmp = (uint64_t *)alloca((len + (uint32_t)2U) * sizeof (uint64_t));
-  memset(tmp, 0U, (len + (uint32_t)2U) * sizeof (uint64_t));
-  memset(tmp, 0U, (len + (uint32_t)2U) * sizeof (uint64_t));
+  KRML_CHECK_SIZE(sizeof (uint64_t), len + 2U);
+  uint64_t *tmp = (uint64_t *)alloca((len + 2U) * sizeof (uint64_t));
+  memset(tmp, 0U, (len + 2U) * sizeof (uint64_t));
+  memset(tmp, 0U, (len + 2U) * sizeof (uint64_t));
   KRML_MAYBE_FOR2(i0,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
+    0U,
+    2U,
+    1U,
     uint64_t bj = t01[i0];
     uint64_t *res_j = tmp + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < len / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < len / 4U; i++)
     {
-      uint64_t a_i = a[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = a[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = a[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = a[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = a[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
-    for (uint32_t i = len / (uint32_t)4U * (uint32_t)4U; i < len; i++)
+    for (uint32_t i = len / 4U * 4U; i < len; i++)
     {
       uint64_t a_i = a[i];
       uint64_t *res_i = res_j + i;
@@ -497,9 +493,9 @@ mul_pow2_256_minus_q_add(
     }
     uint64_t r = c;
     tmp[len + i0] = r;);
-  memcpy(res + (uint32_t)2U, a, len * sizeof (uint64_t));
-  KRML_HOST_IGNORE(bn_add(resLen, res, len + (uint32_t)2U, tmp, res));
-  uint64_t c = bn_add(resLen, res, (uint32_t)4U, e, res);
+  memcpy(res + 2U, a, len * sizeof (uint64_t));
+  bn_add(resLen, res, len + 2U, tmp, res);
+  uint64_t c = bn_add(resLen, res, 4U, e, res);
   return c;
 }
 
@@ -507,34 +503,23 @@ static inline void modq(uint64_t *out, uint64_t *a)
 {
   uint64_t r[4U] = { 0U };
   uint64_t tmp[4U] = { 0U };
-  tmp[0U] = (uint64_t)0x402da1732fc9bebfU;
-  tmp[1U] = (uint64_t)0x4551231950b75fc4U;
-  tmp[2U] = (uint64_t)0x1U;
-  tmp[3U] = (uint64_t)0x0U;
+  tmp[0U] = 0x402da1732fc9bebfULL;
+  tmp[1U] = 0x4551231950b75fc4ULL;
+  tmp[2U] = 0x1ULL;
+  tmp[3U] = 0x0ULL;
   uint64_t *t01 = tmp;
   uint64_t m[7U] = { 0U };
   uint64_t p[5U] = { 0U };
-  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)4U,
-      (uint32_t)7U,
-      t01,
-      a + (uint32_t)4U,
-      a,
-      m));
-  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)3U,
-      (uint32_t)5U,
-      t01,
-      m + (uint32_t)4U,
-      m,
-      p));
-  uint64_t
-  c2 = mul_pow2_256_minus_q_add((uint32_t)1U, (uint32_t)4U, t01, p + (uint32_t)4U, p, r);
+  mul_pow2_256_minus_q_add(4U, 7U, t01, a + 4U, a, m);
+  mul_pow2_256_minus_q_add(3U, 5U, t01, m + 4U, m, p);
+  uint64_t c2 = mul_pow2_256_minus_q_add(1U, 4U, t01, p + 4U, p, r);
   uint64_t c0 = c2;
   uint64_t c1 = add4(r, tmp, out);
-  uint64_t mask = (uint64_t)0U - (c0 + c1);
+  uint64_t mask = 0ULL - (c0 + c1);
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = out;
     uint64_t x = (mask & out[i]) | (~mask & r[i]);
     os[i] = x;);
@@ -557,10 +542,10 @@ static inline void qsqr(uint64_t *out, uint64_t *f)
 static inline void qnegate_conditional_vartime(uint64_t *f, bool is_negate)
 {
   uint64_t n[4U] = { 0U };
-  n[0U] = (uint64_t)0xbfd25e8cd0364141U;
-  n[1U] = (uint64_t)0xbaaedce6af48a03bU;
-  n[2U] = (uint64_t)0xfffffffffffffffeU;
-  n[3U] = (uint64_t)0xffffffffffffffffU;
+  n[0U] = 0xbfd25e8cd0364141ULL;
+  n[1U] = 0xbaaedce6af48a03bULL;
+  n[2U] = 0xfffffffffffffffeULL;
+  n[3U] = 0xffffffffffffffffULL;
   uint64_t zero[4U] = { 0U };
   if (is_negate)
   {
@@ -574,31 +559,31 @@ static inline bool is_qelem_le_q_halved_vartime(uint64_t *f)
   uint64_t a1 = f[1U];
   uint64_t a2 = f[2U];
   uint64_t a3 = f[3U];
-  if (a3 < (uint64_t)0x7fffffffffffffffU)
+  if (a3 < 0x7fffffffffffffffULL)
   {
     return true;
   }
-  if (a3 > (uint64_t)0x7fffffffffffffffU)
+  if (a3 > 0x7fffffffffffffffULL)
   {
     return false;
   }
-  if (a2 < (uint64_t)0xffffffffffffffffU)
+  if (a2 < 0xffffffffffffffffULL)
   {
     return true;
   }
-  if (a2 > (uint64_t)0xffffffffffffffffU)
+  if (a2 > 0xffffffffffffffffULL)
   {
     return false;
   }
-  if (a1 < (uint64_t)0x5d576e7357a4501dU)
+  if (a1 < 0x5d576e7357a4501dULL)
   {
     return true;
   }
-  if (a1 > (uint64_t)0x5d576e7357a4501dU)
+  if (a1 > 0x5d576e7357a4501dULL)
   {
     return false;
   }
-  return a0 <= (uint64_t)0xdfe92f46681b20a0U;
+  return a0 <= 0xdfe92f46681b20a0ULL;
 }
 
 static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
@@ -606,27 +591,26 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
   uint64_t l[8U] = { 0U };
   mul4(a, b, l);
   uint64_t res_b_padded[4U] = { 0U };
-  memcpy(res_b_padded, l + (uint32_t)6U, (uint32_t)2U * sizeof (uint64_t));
-  uint64_t
-  c0 = Lib_IntTypes_Intrinsics_add_carry_u64((uint64_t)0U, res_b_padded[0U], (uint64_t)1U, res);
-  uint64_t *a1 = res_b_padded + (uint32_t)1U;
-  uint64_t *res1 = res + (uint32_t)1U;
+  memcpy(res_b_padded, l + 6U, 2U * sizeof (uint64_t));
+  uint64_t c0 = Lib_IntTypes_Intrinsics_add_carry_u64(0ULL, res_b_padded[0U], 1ULL, res);
+  uint64_t *a1 = res_b_padded + 1U;
+  uint64_t *res1 = res + 1U;
   uint64_t c = c0;
   KRML_MAYBE_FOR3(i,
-    (uint32_t)0U,
-    (uint32_t)3U,
-    (uint32_t)1U,
+    0U,
+    3U,
+    1U,
     uint64_t t1 = a1[i];
     uint64_t *res_i = res1 + i;
-    c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i););
+    c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i););
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t flag = l[5U] >> (uint32_t)63U;
-  uint64_t mask = (uint64_t)0U - flag;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t flag = l[5U] >> 63U;
+  uint64_t mask = 0ULL - flag;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x = (mask & res[i]) | (~mask & res_b_padded[i]);
     os[i] = x;);
@@ -634,7 +618,7 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
 
 static inline void qsquare_times_in_place(uint64_t *out, uint32_t b)
 {
-  for (uint32_t i = (uint32_t)0U; i < b; i++)
+  for (uint32_t i = 0U; i < b; i++)
   {
     qsqr(out, out);
   }
@@ -642,8 +626,8 @@ static inline void qsquare_times_in_place(uint64_t *out, uint32_t b)
 
 static inline void qsquare_times(uint64_t *out, uint64_t *a, uint32_t b)
 {
-  memcpy(out, a, (uint32_t)4U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < b; i++)
+  memcpy(out, a, 4U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < b; i++)
   {
     qsqr(out, out);
   }
@@ -658,7 +642,7 @@ static inline void qinv(uint64_t *out, uint64_t *f)
   uint64_t x_1001[4U] = { 0U };
   uint64_t x_1011[4U] = { 0U };
   uint64_t x_1101[4U] = { 0U };
-  qsquare_times(x_10, f, (uint32_t)1U);
+  qsquare_times(x_10, f, 1U);
   qmul(x_11, x_10, f);
   qmul(x_101, x_10, x_11);
   qmul(x_111, x_10, x_101);
@@ -668,89 +652,89 @@ static inline void qinv(uint64_t *out, uint64_t *f)
   uint64_t x6[4U] = { 0U };
   uint64_t x8[4U] = { 0U };
   uint64_t x14[4U] = { 0U };
-  qsquare_times(x6, x_1101, (uint32_t)2U);
+  qsquare_times(x6, x_1101, 2U);
   qmul(x6, x6, x_1011);
-  qsquare_times(x8, x6, (uint32_t)2U);
+  qsquare_times(x8, x6, 2U);
   qmul(x8, x8, x_11);
-  qsquare_times(x14, x8, (uint32_t)6U);
+  qsquare_times(x14, x8, 6U);
   qmul(x14, x14, x6);
   uint64_t x56[4U] = { 0U };
-  qsquare_times(out, x14, (uint32_t)14U);
+  qsquare_times(out, x14, 14U);
   qmul(out, out, x14);
-  qsquare_times(x56, out, (uint32_t)28U);
+  qsquare_times(x56, out, 28U);
   qmul(x56, x56, out);
-  qsquare_times(out, x56, (uint32_t)56U);
+  qsquare_times(out, x56, 56U);
   qmul(out, out, x56);
-  qsquare_times_in_place(out, (uint32_t)14U);
+  qsquare_times_in_place(out, 14U);
   qmul(out, out, x14);
-  qsquare_times_in_place(out, (uint32_t)3U);
+  qsquare_times_in_place(out, 3U);
   qmul(out, out, x_101);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_101);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_1011);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_1011);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, x_1101);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_101);
-  qsquare_times_in_place(out, (uint32_t)3U);
+  qsquare_times_in_place(out, 3U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_1001);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, x_101);
-  qsquare_times_in_place(out, (uint32_t)10U);
+  qsquare_times_in_place(out, 10U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_111);
-  qsquare_times_in_place(out, (uint32_t)9U);
+  qsquare_times_in_place(out, 9U);
   qmul(out, out, x8);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_1001);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, x_1011);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_1101);
-  qsquare_times_in_place(out, (uint32_t)5U);
+  qsquare_times_in_place(out, 5U);
   qmul(out, out, x_11);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, x_1101);
-  qsquare_times_in_place(out, (uint32_t)10U);
+  qsquare_times_in_place(out, 10U);
   qmul(out, out, x_1101);
-  qsquare_times_in_place(out, (uint32_t)4U);
+  qsquare_times_in_place(out, 4U);
   qmul(out, out, x_1001);
-  qsquare_times_in_place(out, (uint32_t)6U);
+  qsquare_times_in_place(out, 6U);
   qmul(out, out, f);
-  qsquare_times_in_place(out, (uint32_t)8U);
+  qsquare_times_in_place(out, 8U);
   qmul(out, out, x6);
 }
 
 void Hacl_Impl_K256_Point_make_point_at_inf(uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
-  uint64_t *pz = p + (uint32_t)10U;
-  memset(px, 0U, (uint32_t)5U * sizeof (uint64_t));
-  memset(py, 0U, (uint32_t)5U * sizeof (uint64_t));
-  py[0U] = (uint64_t)1U;
-  memset(pz, 0U, (uint32_t)5U * sizeof (uint64_t));
+  uint64_t *py = p + 5U;
+  uint64_t *pz = p + 10U;
+  memset(px, 0U, 5U * sizeof (uint64_t));
+  memset(py, 0U, 5U * sizeof (uint64_t));
+  py[0U] = 1ULL;
+  memset(pz, 0U, 5U * sizeof (uint64_t));
 }
 
 static inline void to_aff_point(uint64_t *p_aff, uint64_t *p)
 {
   uint64_t *x = p_aff;
-  uint64_t *y = p_aff + (uint32_t)5U;
+  uint64_t *y = p_aff + 5U;
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *y1 = p + 5U;
+  uint64_t *z1 = p + 10U;
   uint64_t zinv[5U] = { 0U };
   Hacl_Impl_K256_Finv_finv(zinv, z1);
   Hacl_K256_Field_fmul(x, x1, zinv);
@@ -762,7 +746,7 @@ static inline void to_aff_point(uint64_t *p_aff, uint64_t *p)
 static inline void to_aff_point_x(uint64_t *x, uint64_t *p)
 {
   uint64_t *x1 = p;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *z1 = p + 10U;
   uint64_t zinv[5U] = { 0U };
   Hacl_Impl_K256_Finv_finv(zinv, z1);
   Hacl_K256_Field_fmul(x, x1, zinv);
@@ -773,13 +757,13 @@ static inline bool is_on_curve_vartime(uint64_t *p)
 {
   uint64_t y2_exp[5U] = { 0U };
   uint64_t *x = p;
-  uint64_t *y = p + (uint32_t)5U;
+  uint64_t *y = p + 5U;
   uint64_t b[5U] = { 0U };
-  b[0U] = (uint64_t)0x7U;
-  b[1U] = (uint64_t)0U;
-  b[2U] = (uint64_t)0U;
-  b[3U] = (uint64_t)0U;
-  b[4U] = (uint64_t)0U;
+  b[0U] = 0x7ULL;
+  b[1U] = 0ULL;
+  b[2U] = 0ULL;
+  b[3U] = 0ULL;
+  b[4U] = 0ULL;
   Hacl_K256_Field_fsqr(y2_exp, x);
   Hacl_K256_Field_fmul(y2_exp, y2_exp, x);
   Hacl_K256_Field_fadd(y2_exp, y2_exp, b);
@@ -795,11 +779,11 @@ static inline bool is_on_curve_vartime(uint64_t *p)
 void Hacl_Impl_K256_Point_point_negate(uint64_t *out, uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
-  uint64_t *pz = p + (uint32_t)10U;
+  uint64_t *py = p + 5U;
+  uint64_t *pz = p + 10U;
   uint64_t *ox = out;
-  uint64_t *oy = out + (uint32_t)5U;
-  uint64_t *oz = out + (uint32_t)10U;
+  uint64_t *oy = out + 5U;
+  uint64_t *oz = out + 10U;
   ox[0U] = px[0U];
   ox[1U] = px[1U];
   ox[2U] = px[2U];
@@ -815,11 +799,11 @@ void Hacl_Impl_K256_Point_point_negate(uint64_t *out, uint64_t *p)
   uint64_t a2 = py[2U];
   uint64_t a3 = py[3U];
   uint64_t a4 = py[4U];
-  uint64_t r0 = (uint64_t)18014381329608892U - a0;
-  uint64_t r1 = (uint64_t)18014398509481980U - a1;
-  uint64_t r2 = (uint64_t)18014398509481980U - a2;
-  uint64_t r3 = (uint64_t)18014398509481980U - a3;
-  uint64_t r4 = (uint64_t)1125899906842620U - a4;
+  uint64_t r0 = 18014381329608892ULL - a0;
+  uint64_t r1 = 18014398509481980ULL - a1;
+  uint64_t r2 = 18014398509481980ULL - a2;
+  uint64_t r3 = 18014398509481980ULL - a3;
+  uint64_t r4 = 1125899906842620ULL - a4;
   uint64_t f0 = r0;
   uint64_t f1 = r1;
   uint64_t f2 = r2;
@@ -845,9 +829,9 @@ static inline void point_negate_conditional_vartime(uint64_t *p, bool is_negate)
 static inline void aff_point_store(uint8_t *out, uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
+  uint64_t *py = p + 5U;
   Hacl_K256_Field_store_felem(out, px);
-  Hacl_K256_Field_store_felem(out + (uint32_t)32U, py);
+  Hacl_K256_Field_store_felem(out + 32U, py);
 }
 
 void Hacl_Impl_K256_Point_point_store(uint8_t *out, uint64_t *p)
@@ -860,9 +844,9 @@ void Hacl_Impl_K256_Point_point_store(uint8_t *out, uint64_t *p)
 bool Hacl_Impl_K256_Point_aff_point_load_vartime(uint64_t *p, uint8_t *b)
 {
   uint8_t *px = b;
-  uint8_t *py = b + (uint32_t)32U;
+  uint8_t *py = b + 32U;
   uint64_t *bn_px = p;
-  uint64_t *bn_py = p + (uint32_t)5U;
+  uint64_t *bn_py = p + 5U;
   bool is_x_valid = Hacl_K256_Field_load_felem_lt_prime_vartime(bn_px, px);
   bool is_y_valid = Hacl_K256_Field_load_felem_lt_prime_vartime(bn_py, py);
   if (is_x_valid && is_y_valid)
@@ -879,14 +863,14 @@ static inline bool load_point_vartime(uint64_t *p, uint8_t *b)
   if (res)
   {
     uint64_t *x = p_aff;
-    uint64_t *y = p_aff + (uint32_t)5U;
+    uint64_t *y = p_aff + 5U;
     uint64_t *x1 = p;
-    uint64_t *y1 = p + (uint32_t)5U;
-    uint64_t *z1 = p + (uint32_t)10U;
-    memcpy(x1, x, (uint32_t)5U * sizeof (uint64_t));
-    memcpy(y1, y, (uint32_t)5U * sizeof (uint64_t));
-    memset(z1, 0U, (uint32_t)5U * sizeof (uint64_t));
-    z1[0U] = (uint64_t)1U;
+    uint64_t *y1 = p + 5U;
+    uint64_t *z1 = p + 10U;
+    memcpy(x1, x, 5U * sizeof (uint64_t));
+    memcpy(y1, y, 5U * sizeof (uint64_t));
+    memset(z1, 0U, 5U * sizeof (uint64_t));
+    z1[0U] = 1ULL;
   }
   return res;
 }
@@ -895,24 +879,24 @@ static inline bool aff_point_decompress_vartime(uint64_t *x, uint64_t *y, uint8_
 {
   uint8_t s0 = s[0U];
   uint8_t s01 = s0;
-  if (!(s01 == (uint8_t)0x02U || s01 == (uint8_t)0x03U))
+  if (!(s01 == 0x02U || s01 == 0x03U))
   {
     return false;
   }
-  uint8_t *xb = s + (uint32_t)1U;
+  uint8_t *xb = s + 1U;
   bool is_x_valid = Hacl_K256_Field_load_felem_lt_prime_vartime(x, xb);
-  bool is_y_odd = s01 == (uint8_t)0x03U;
+  bool is_y_odd = s01 == 0x03U;
   if (!is_x_valid)
   {
     return false;
   }
   uint64_t y2[5U] = { 0U };
   uint64_t b[5U] = { 0U };
-  b[0U] = (uint64_t)0x7U;
-  b[1U] = (uint64_t)0U;
-  b[2U] = (uint64_t)0U;
-  b[3U] = (uint64_t)0U;
-  b[4U] = (uint64_t)0U;
+  b[0U] = 0x7ULL;
+  b[1U] = 0ULL;
+  b[2U] = 0ULL;
+  b[3U] = 0ULL;
+  b[4U] = 0ULL;
   Hacl_K256_Field_fsqr(y2, x);
   Hacl_K256_Field_fmul(y2, y2, x);
   Hacl_K256_Field_fadd(y2, y2, b);
@@ -930,7 +914,7 @@ static inline bool aff_point_decompress_vartime(uint64_t *x, uint64_t *y, uint8_
     return false;
   }
   uint64_t x0 = y[0U];
-  bool is_y_odd1 = (x0 & (uint64_t)1U) == (uint64_t)1U;
+  bool is_y_odd1 = (x0 & 1ULL) == 1ULL;
   Hacl_K256_Field_fnegate_conditional_vartime(y, is_y_odd1 != is_y_odd);
   return true;
 }
@@ -939,33 +923,33 @@ void Hacl_Impl_K256_PointDouble_point_double(uint64_t *out, uint64_t *p)
 {
   uint64_t tmp[25U] = { 0U };
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *y1 = p + 5U;
+  uint64_t *z1 = p + 10U;
   uint64_t *x3 = out;
-  uint64_t *y3 = out + (uint32_t)5U;
-  uint64_t *z3 = out + (uint32_t)10U;
+  uint64_t *y3 = out + 5U;
+  uint64_t *z3 = out + 10U;
   uint64_t *yy = tmp;
-  uint64_t *zz = tmp + (uint32_t)5U;
-  uint64_t *bzz3 = tmp + (uint32_t)10U;
-  uint64_t *bzz9 = tmp + (uint32_t)15U;
-  uint64_t *tmp1 = tmp + (uint32_t)20U;
+  uint64_t *zz = tmp + 5U;
+  uint64_t *bzz3 = tmp + 10U;
+  uint64_t *bzz9 = tmp + 15U;
+  uint64_t *tmp1 = tmp + 20U;
   Hacl_K256_Field_fsqr(yy, y1);
   Hacl_K256_Field_fsqr(zz, z1);
-  Hacl_K256_Field_fmul_small_num(x3, x1, (uint64_t)2U);
+  Hacl_K256_Field_fmul_small_num(x3, x1, 2ULL);
   Hacl_K256_Field_fmul(x3, x3, y1);
   Hacl_K256_Field_fmul(tmp1, yy, y1);
   Hacl_K256_Field_fmul(z3, tmp1, z1);
-  Hacl_K256_Field_fmul_small_num(z3, z3, (uint64_t)8U);
+  Hacl_K256_Field_fmul_small_num(z3, z3, 8ULL);
   Hacl_K256_Field_fnormalize_weak(z3, z3);
-  Hacl_K256_Field_fmul_small_num(bzz3, zz, (uint64_t)21U);
+  Hacl_K256_Field_fmul_small_num(bzz3, zz, 21ULL);
   Hacl_K256_Field_fnormalize_weak(bzz3, bzz3);
-  Hacl_K256_Field_fmul_small_num(bzz9, bzz3, (uint64_t)3U);
-  Hacl_K256_Field_fsub(bzz9, yy, bzz9, (uint64_t)6U);
+  Hacl_K256_Field_fmul_small_num(bzz9, bzz3, 3ULL);
+  Hacl_K256_Field_fsub(bzz9, yy, bzz9, 6ULL);
   Hacl_K256_Field_fadd(tmp1, yy, bzz3);
   Hacl_K256_Field_fmul(tmp1, bzz9, tmp1);
   Hacl_K256_Field_fmul(y3, yy, zz);
   Hacl_K256_Field_fmul(x3, x3, bzz9);
-  Hacl_K256_Field_fmul_small_num(y3, y3, (uint64_t)168U);
+  Hacl_K256_Field_fmul_small_num(y3, y3, 168ULL);
   Hacl_K256_Field_fadd(y3, tmp1, y3);
   Hacl_K256_Field_fnormalize_weak(y3, y3);
 }
@@ -974,23 +958,23 @@ void Hacl_Impl_K256_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *q)
 {
   uint64_t tmp[45U] = { 0U };
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)5U;
-  uint64_t *z1 = p + (uint32_t)10U;
+  uint64_t *y1 = p + 5U;
+  uint64_t *z1 = p + 10U;
   uint64_t *x2 = q;
-  uint64_t *y2 = q + (uint32_t)5U;
-  uint64_t *z2 = q + (uint32_t)10U;
+  uint64_t *y2 = q + 5U;
+  uint64_t *z2 = q + 10U;
   uint64_t *x3 = out;
-  uint64_t *y3 = out + (uint32_t)5U;
-  uint64_t *z3 = out + (uint32_t)10U;
+  uint64_t *y3 = out + 5U;
+  uint64_t *z3 = out + 10U;
   uint64_t *xx = tmp;
-  uint64_t *yy = tmp + (uint32_t)5U;
-  uint64_t *zz = tmp + (uint32_t)10U;
-  uint64_t *xy_pairs = tmp + (uint32_t)15U;
-  uint64_t *yz_pairs = tmp + (uint32_t)20U;
-  uint64_t *xz_pairs = tmp + (uint32_t)25U;
-  uint64_t *yy_m_bzz3 = tmp + (uint32_t)30U;
-  uint64_t *yy_p_bzz3 = tmp + (uint32_t)35U;
-  uint64_t *tmp1 = tmp + (uint32_t)40U;
+  uint64_t *yy = tmp + 5U;
+  uint64_t *zz = tmp + 10U;
+  uint64_t *xy_pairs = tmp + 15U;
+  uint64_t *yz_pairs = tmp + 20U;
+  uint64_t *xz_pairs = tmp + 25U;
+  uint64_t *yy_m_bzz3 = tmp + 30U;
+  uint64_t *yy_p_bzz3 = tmp + 35U;
+  uint64_t *tmp1 = tmp + 40U;
   Hacl_K256_Field_fmul(xx, x1, x2);
   Hacl_K256_Field_fmul(yy, y1, y2);
   Hacl_K256_Field_fmul(zz, z1, z2);
@@ -998,29 +982,29 @@ void Hacl_Impl_K256_PointAdd_point_add(uint64_t *out, uint64_t *p, uint64_t *q)
   Hacl_K256_Field_fadd(tmp1, x2, y2);
   Hacl_K256_Field_fmul(xy_pairs, xy_pairs, tmp1);
   Hacl_K256_Field_fadd(tmp1, xx, yy);
-  Hacl_K256_Field_fsub(xy_pairs, xy_pairs, tmp1, (uint64_t)4U);
+  Hacl_K256_Field_fsub(xy_pairs, xy_pairs, tmp1, 4ULL);
   Hacl_K256_Field_fadd(yz_pairs, y1, z1);
   Hacl_K256_Field_fadd(tmp1, y2, z2);
   Hacl_K256_Field_fmul(yz_pairs, yz_pairs, tmp1);
   Hacl_K256_Field_fadd(tmp1, yy, zz);
-  Hacl_K256_Field_fsub(yz_pairs, yz_pairs, tmp1, (uint64_t)4U);
+  Hacl_K256_Field_fsub(yz_pairs, yz_pairs, tmp1, 4ULL);
   Hacl_K256_Field_fadd(xz_pairs, x1, z1);
   Hacl_K256_Field_fadd(tmp1, x2, z2);
   Hacl_K256_Field_fmul(xz_pairs, xz_pairs, tmp1);
   Hacl_K256_Field_fadd(tmp1, xx, zz);
-  Hacl_K256_Field_fsub(xz_pairs, xz_pairs, tmp1, (uint64_t)4U);
-  Hacl_K256_Field_fmul_small_num(tmp1, zz, (uint64_t)21U);
+  Hacl_K256_Field_fsub(xz_pairs, xz_pairs, tmp1, 4ULL);
+  Hacl_K256_Field_fmul_small_num(tmp1, zz, 21ULL);
   Hacl_K256_Field_fnormalize_weak(tmp1, tmp1);
-  Hacl_K256_Field_fsub(yy_m_bzz3, yy, tmp1, (uint64_t)2U);
+  Hacl_K256_Field_fsub(yy_m_bzz3, yy, tmp1, 2ULL);
   Hacl_K256_Field_fadd(yy_p_bzz3, yy, tmp1);
-  Hacl_K256_Field_fmul_small_num(x3, yz_pairs, (uint64_t)21U);
+  Hacl_K256_Field_fmul_small_num(x3, yz_pairs, 21ULL);
   Hacl_K256_Field_fnormalize_weak(x3, x3);
-  Hacl_K256_Field_fmul_small_num(z3, xx, (uint64_t)3U);
-  Hacl_K256_Field_fmul_small_num(y3, z3, (uint64_t)21U);
+  Hacl_K256_Field_fmul_small_num(z3, xx, 3ULL);
+  Hacl_K256_Field_fmul_small_num(y3, z3, 21ULL);
   Hacl_K256_Field_fnormalize_weak(y3, y3);
   Hacl_K256_Field_fmul(tmp1, xy_pairs, yy_m_bzz3);
   Hacl_K256_Field_fmul(x3, x3, xz_pairs);
-  Hacl_K256_Field_fsub(x3, tmp1, x3, (uint64_t)2U);
+  Hacl_K256_Field_fsub(x3, tmp1, x3, 2ULL);
   Hacl_K256_Field_fnormalize_weak(x3, x3);
   Hacl_K256_Field_fmul(tmp1, yy_p_bzz3, yy_m_bzz3);
   Hacl_K256_Field_fmul(y3, y3, xz_pairs);
@@ -1036,30 +1020,30 @@ static inline void scalar_split_lambda(uint64_t *r1, uint64_t *r2, uint64_t *k)
 {
   uint64_t tmp1[4U] = { 0U };
   uint64_t tmp2[4U] = { 0U };
-  tmp1[0U] = (uint64_t)0xe893209a45dbb031U;
-  tmp1[1U] = (uint64_t)0x3daa8a1471e8ca7fU;
-  tmp1[2U] = (uint64_t)0xe86c90e49284eb15U;
-  tmp1[3U] = (uint64_t)0x3086d221a7d46bcdU;
-  tmp2[0U] = (uint64_t)0x1571b4ae8ac47f71U;
-  tmp2[1U] = (uint64_t)0x221208ac9df506c6U;
-  tmp2[2U] = (uint64_t)0x6f547fa90abfe4c4U;
-  tmp2[3U] = (uint64_t)0xe4437ed6010e8828U;
+  tmp1[0U] = 0xe893209a45dbb031ULL;
+  tmp1[1U] = 0x3daa8a1471e8ca7fULL;
+  tmp1[2U] = 0xe86c90e49284eb15ULL;
+  tmp1[3U] = 0x3086d221a7d46bcdULL;
+  tmp2[0U] = 0x1571b4ae8ac47f71ULL;
+  tmp2[1U] = 0x221208ac9df506c6ULL;
+  tmp2[2U] = 0x6f547fa90abfe4c4ULL;
+  tmp2[3U] = 0xe4437ed6010e8828ULL;
   qmul_shift_384(r1, k, tmp1);
   qmul_shift_384(r2, k, tmp2);
-  tmp1[0U] = (uint64_t)0x6f547fa90abfe4c3U;
-  tmp1[1U] = (uint64_t)0xe4437ed6010e8828U;
-  tmp1[2U] = (uint64_t)0x0U;
-  tmp1[3U] = (uint64_t)0x0U;
-  tmp2[0U] = (uint64_t)0xd765cda83db1562cU;
-  tmp2[1U] = (uint64_t)0x8a280ac50774346dU;
-  tmp2[2U] = (uint64_t)0xfffffffffffffffeU;
-  tmp2[3U] = (uint64_t)0xffffffffffffffffU;
+  tmp1[0U] = 0x6f547fa90abfe4c3ULL;
+  tmp1[1U] = 0xe4437ed6010e8828ULL;
+  tmp1[2U] = 0x0ULL;
+  tmp1[3U] = 0x0ULL;
+  tmp2[0U] = 0xd765cda83db1562cULL;
+  tmp2[1U] = 0x8a280ac50774346dULL;
+  tmp2[2U] = 0xfffffffffffffffeULL;
+  tmp2[3U] = 0xffffffffffffffffULL;
   qmul(r1, r1, tmp1);
   qmul(r2, r2, tmp2);
-  tmp1[0U] = (uint64_t)0xe0cfc810b51283cfU;
-  tmp1[1U] = (uint64_t)0xa880b9fc8ec739c2U;
-  tmp1[2U] = (uint64_t)0x5ad9e3fd77ed9ba4U;
-  tmp1[3U] = (uint64_t)0xac9c52b33fa3cf1fU;
+  tmp1[0U] = 0xe0cfc810b51283cfULL;
+  tmp1[1U] = 0xa880b9fc8ec739c2ULL;
+  tmp1[2U] = 0x5ad9e3fd77ed9ba4ULL;
+  tmp1[3U] = 0xac9c52b33fa3cf1fULL;
   qadd(r2, r1, r2);
   qmul(tmp2, r2, tmp1);
   qadd(r1, k, tmp2);
@@ -1068,17 +1052,17 @@ static inline void scalar_split_lambda(uint64_t *r1, uint64_t *r2, uint64_t *k)
 static inline void point_mul_lambda(uint64_t *res, uint64_t *p)
 {
   uint64_t *rx = res;
-  uint64_t *ry = res + (uint32_t)5U;
-  uint64_t *rz = res + (uint32_t)10U;
+  uint64_t *ry = res + 5U;
+  uint64_t *rz = res + 10U;
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)5U;
-  uint64_t *pz = p + (uint32_t)10U;
+  uint64_t *py = p + 5U;
+  uint64_t *pz = p + 10U;
   uint64_t beta[5U] = { 0U };
-  beta[0U] = (uint64_t)0x96c28719501eeU;
-  beta[1U] = (uint64_t)0x7512f58995c13U;
-  beta[2U] = (uint64_t)0xc3434e99cf049U;
-  beta[3U] = (uint64_t)0x7106e64479eaU;
-  beta[4U] = (uint64_t)0x7ae96a2b657cU;
+  beta[0U] = 0x96c28719501eeULL;
+  beta[1U] = 0x7512f58995c13ULL;
+  beta[2U] = 0xc3434e99cf049ULL;
+  beta[3U] = 0x7106e64479eaULL;
+  beta[4U] = 0x7ae96a2b657cULL;
   Hacl_K256_Field_fmul(rx, beta, px);
   ry[0U] = py[0U];
   ry[1U] = py[1U];
@@ -1096,11 +1080,11 @@ static inline void point_mul_lambda_inplace(uint64_t *res)
 {
   uint64_t *rx = res;
   uint64_t beta[5U] = { 0U };
-  beta[0U] = (uint64_t)0x96c28719501eeU;
-  beta[1U] = (uint64_t)0x7512f58995c13U;
-  beta[2U] = (uint64_t)0xc3434e99cf049U;
-  beta[3U] = (uint64_t)0x7106e64479eaU;
-  beta[4U] = (uint64_t)0x7ae96a2b657cU;
+  beta[0U] = 0x96c28719501eeULL;
+  beta[1U] = 0x7512f58995c13ULL;
+  beta[2U] = 0xc3434e99cf049ULL;
+  beta[3U] = 0x7106e64479eaULL;
+  beta[4U] = 0x7ae96a2b657cULL;
   Hacl_K256_Field_fmul(rx, beta, rx);
 }
 
@@ -1123,7 +1107,7 @@ ecmult_endo_split(
 {
   scalar_split_lambda(r1, r2, scalar);
   point_mul_lambda(q2, q);
-  memcpy(q1, q, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(q1, q, 15U * sizeof (uint64_t));
   bool b0 = is_qelem_le_q_halved_vartime(r1);
   qnegate_conditional_vartime(r1, !b0);
   point_negate_conditional_vartime(q1, !b0);
@@ -1140,45 +1124,37 @@ void Hacl_Impl_K256_PointMul_point_mul(uint64_t *out, uint64_t *scalar, uint64_t
   uint64_t table[240U] = { 0U };
   uint64_t tmp[15U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)15U;
+  uint64_t *t1 = table + 15U;
   Hacl_Impl_K256_Point_make_point_at_inf(t0);
-  memcpy(t1, q, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(t1, q, 15U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)15U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 15U;
     Hacl_Impl_K256_PointDouble_point_double(tmp, t11);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U;
+    memcpy(table + (2U * i + 2U) * 15U, tmp, 15U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 15U;
     Hacl_Impl_K256_PointAdd_point_add(tmp, q, t2);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t)););
+    memcpy(table + (2U * i + 3U) * 15U, tmp, 15U * sizeof (uint64_t)););
   Hacl_Impl_K256_Point_make_point_at_inf(out);
   uint64_t tmp0[15U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
-    KRML_MAYBE_FOR4(i,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      Hacl_Impl_K256_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)256U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)15U * sizeof (uint64_t));
+    KRML_MAYBE_FOR4(i, 0U, 4U, 1U, Hacl_Impl_K256_PointDouble_point_double(out, out););
+    uint32_t k = 256U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 15U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)15U;
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 15U;
       KRML_MAYBE_FOR15(i,
-        (uint32_t)0U,
-        (uint32_t)15U,
-        (uint32_t)1U,
+        0U,
+        15U,
+        1U,
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;););
@@ -1188,17 +1164,17 @@ void Hacl_Impl_K256_PointMul_point_mul(uint64_t *out, uint64_t *scalar, uint64_t
 
 static inline void precomp_get_consttime(const uint64_t *table, uint64_t bits_l, uint64_t *tmp)
 {
-  memcpy(tmp, (uint64_t *)table, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(tmp, (uint64_t *)table, 15U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i0,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + (uint32_t)1U));
-    const uint64_t *res_j = table + (i0 + (uint32_t)1U) * (uint32_t)15U;
+    0U,
+    15U,
+    1U,
+    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + 1U));
+    const uint64_t *res_j = table + (i0 + 1U) * 15U;
     KRML_MAYBE_FOR15(i,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
+      0U,
+      15U,
+      1U,
       uint64_t *os = tmp;
       uint64_t x = (c & res_j[i]) | (~c & tmp[i]);
       os[i] = x;););
@@ -1208,79 +1184,72 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
 {
   uint64_t q1[15U] = { 0U };
   uint64_t *gx = q1;
-  uint64_t *gy = q1 + (uint32_t)5U;
-  uint64_t *gz = q1 + (uint32_t)10U;
-  gx[0U] = (uint64_t)0x2815b16f81798U;
-  gx[1U] = (uint64_t)0xdb2dce28d959fU;
-  gx[2U] = (uint64_t)0xe870b07029bfcU;
-  gx[3U] = (uint64_t)0xbbac55a06295cU;
-  gx[4U] = (uint64_t)0x79be667ef9dcU;
-  gy[0U] = (uint64_t)0x7d08ffb10d4b8U;
-  gy[1U] = (uint64_t)0x48a68554199c4U;
-  gy[2U] = (uint64_t)0xe1108a8fd17b4U;
-  gy[3U] = (uint64_t)0xc4655da4fbfc0U;
-  gy[4U] = (uint64_t)0x483ada7726a3U;
-  memset(gz, 0U, (uint32_t)5U * sizeof (uint64_t));
-  gz[0U] = (uint64_t)1U;
+  uint64_t *gy = q1 + 5U;
+  uint64_t *gz = q1 + 10U;
+  gx[0U] = 0x2815b16f81798ULL;
+  gx[1U] = 0xdb2dce28d959fULL;
+  gx[2U] = 0xe870b07029bfcULL;
+  gx[3U] = 0xbbac55a06295cULL;
+  gx[4U] = 0x79be667ef9dcULL;
+  gy[0U] = 0x7d08ffb10d4b8ULL;
+  gy[1U] = 0x48a68554199c4ULL;
+  gy[2U] = 0xe1108a8fd17b4ULL;
+  gy[3U] = 0xc4655da4fbfc0ULL;
+  gy[4U] = 0x483ada7726a3ULL;
+  memset(gz, 0U, 5U * sizeof (uint64_t));
+  gz[0U] = 1ULL;
   uint64_t
   q2[15U] =
     {
-      (uint64_t)4496295042185355U, (uint64_t)3125448202219451U, (uint64_t)1239608518490046U,
-      (uint64_t)2687445637493112U, (uint64_t)77979604880139U, (uint64_t)3360310474215011U,
-      (uint64_t)1216410458165163U, (uint64_t)177901593587973U, (uint64_t)3209978938104985U,
-      (uint64_t)118285133003718U, (uint64_t)434519962075150U, (uint64_t)1114612377498854U,
-      (uint64_t)3488596944003813U, (uint64_t)450716531072892U, (uint64_t)66044973203836U
+      4496295042185355ULL, 3125448202219451ULL, 1239608518490046ULL, 2687445637493112ULL,
+      77979604880139ULL, 3360310474215011ULL, 1216410458165163ULL, 177901593587973ULL,
+      3209978938104985ULL, 118285133003718ULL, 434519962075150ULL, 1114612377498854ULL,
+      3488596944003813ULL, 450716531072892ULL, 66044973203836ULL
     };
-  KRML_HOST_IGNORE(q2);
+  KRML_MAYBE_UNUSED_VAR(q2);
   uint64_t
   q3[15U] =
     {
-      (uint64_t)1277614565900951U, (uint64_t)378671684419493U, (uint64_t)3176260448102880U,
-      (uint64_t)1575691435565077U, (uint64_t)167304528382180U, (uint64_t)2600787765776588U,
-      (uint64_t)7497946149293U, (uint64_t)2184272641272202U, (uint64_t)2200235265236628U,
-      (uint64_t)265969268774814U, (uint64_t)1913228635640715U, (uint64_t)2831959046949342U,
-      (uint64_t)888030405442963U, (uint64_t)1817092932985033U, (uint64_t)101515844997121U
+      1277614565900951ULL, 378671684419493ULL, 3176260448102880ULL, 1575691435565077ULL,
+      167304528382180ULL, 2600787765776588ULL, 7497946149293ULL, 2184272641272202ULL,
+      2200235265236628ULL, 265969268774814ULL, 1913228635640715ULL, 2831959046949342ULL,
+      888030405442963ULL, 1817092932985033ULL, 101515844997121ULL
     };
-  KRML_HOST_IGNORE(q3);
+  KRML_MAYBE_UNUSED_VAR(q3);
   uint64_t
   q4[15U] =
     {
-      (uint64_t)34056422761564U, (uint64_t)3315864838337811U, (uint64_t)3797032336888745U,
-      (uint64_t)2580641850480806U, (uint64_t)208048944042500U, (uint64_t)1233795288689421U,
-      (uint64_t)1048795233382631U, (uint64_t)646545158071530U, (uint64_t)1816025742137285U,
-      (uint64_t)12245672982162U, (uint64_t)2119364213800870U, (uint64_t)2034960311715107U,
-      (uint64_t)3172697815804487U, (uint64_t)4185144850224160U, (uint64_t)2792055915674U
+      34056422761564ULL, 3315864838337811ULL, 3797032336888745ULL, 2580641850480806ULL,
+      208048944042500ULL, 1233795288689421ULL, 1048795233382631ULL, 646545158071530ULL,
+      1816025742137285ULL, 12245672982162ULL, 2119364213800870ULL, 2034960311715107ULL,
+      3172697815804487ULL, 4185144850224160ULL, 2792055915674ULL
     };
-  KRML_HOST_IGNORE(q4);
+  KRML_MAYBE_UNUSED_VAR(q4);
   uint64_t *r1 = scalar;
-  uint64_t *r2 = scalar + (uint32_t)1U;
-  uint64_t *r3 = scalar + (uint32_t)2U;
-  uint64_t *r4 = scalar + (uint32_t)3U;
+  uint64_t *r2 = scalar + 1U;
+  uint64_t *r3 = scalar + 2U;
+  uint64_t *r4 = scalar + 3U;
   Hacl_Impl_K256_Point_make_point_at_inf(out);
   uint64_t tmp[15U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    KRML_MAYBE_FOR4(i0,
-      (uint32_t)0U,
-      (uint32_t)4U,
-      (uint32_t)1U,
-      Hacl_Impl_K256_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r4, k, (uint32_t)4U);
+    0U,
+    16U,
+    1U,
+    KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, Hacl_Impl_K256_PointDouble_point_double(out, out););
+    uint32_t k = 64U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r4, k, 4U);
     precomp_get_consttime(Hacl_K256_PrecompTable_precomp_g_pow2_192_table_w4, bits_l, tmp);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp);
-    uint32_t k0 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r3, k0, (uint32_t)4U);
+    uint32_t k0 = 64U - 4U * i - 4U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r3, k0, 4U);
     precomp_get_consttime(Hacl_K256_PrecompTable_precomp_g_pow2_128_table_w4, bits_l0, tmp);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp);
-    uint32_t k1 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r2, k1, (uint32_t)4U);
+    uint32_t k1 = 64U - 4U * i - 4U;
+    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r2, k1, 4U);
     precomp_get_consttime(Hacl_K256_PrecompTable_precomp_g_pow2_64_table_w4, bits_l1, tmp);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp);
-    uint32_t k2 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
+    uint32_t k2 = 64U - 4U * i - 4U;
+    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r1, k2, 4U);
     precomp_get_consttime(Hacl_K256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp););
 }
@@ -1290,75 +1259,65 @@ point_mul_g_double_vartime(uint64_t *out, uint64_t *scalar1, uint64_t *scalar2,
 {
   uint64_t q1[15U] = { 0U };
   uint64_t *gx = q1;
-  uint64_t *gy = q1 + (uint32_t)5U;
-  uint64_t *gz = q1 + (uint32_t)10U;
-  gx[0U] = (uint64_t)0x2815b16f81798U;
-  gx[1U] = (uint64_t)0xdb2dce28d959fU;
-  gx[2U] = (uint64_t)0xe870b07029bfcU;
-  gx[3U] = (uint64_t)0xbbac55a06295cU;
-  gx[4U] = (uint64_t)0x79be667ef9dcU;
-  gy[0U] = (uint64_t)0x7d08ffb10d4b8U;
-  gy[1U] = (uint64_t)0x48a68554199c4U;
-  gy[2U] = (uint64_t)0xe1108a8fd17b4U;
-  gy[3U] = (uint64_t)0xc4655da4fbfc0U;
-  gy[4U] = (uint64_t)0x483ada7726a3U;
-  memset(gz, 0U, (uint32_t)5U * sizeof (uint64_t));
-  gz[0U] = (uint64_t)1U;
+  uint64_t *gy = q1 + 5U;
+  uint64_t *gz = q1 + 10U;
+  gx[0U] = 0x2815b16f81798ULL;
+  gx[1U] = 0xdb2dce28d959fULL;
+  gx[2U] = 0xe870b07029bfcULL;
+  gx[3U] = 0xbbac55a06295cULL;
+  gx[4U] = 0x79be667ef9dcULL;
+  gy[0U] = 0x7d08ffb10d4b8ULL;
+  gy[1U] = 0x48a68554199c4ULL;
+  gy[2U] = 0xe1108a8fd17b4ULL;
+  gy[3U] = 0xc4655da4fbfc0ULL;
+  gy[4U] = 0x483ada7726a3ULL;
+  memset(gz, 0U, 5U * sizeof (uint64_t));
+  gz[0U] = 1ULL;
   uint64_t table2[480U] = { 0U };
   uint64_t tmp[15U] = { 0U };
   uint64_t *t0 = table2;
-  uint64_t *t1 = table2 + (uint32_t)15U;
+  uint64_t *t1 = table2 + 15U;
   Hacl_Impl_K256_Point_make_point_at_inf(t0);
-  memcpy(t1, q2, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(t1, q2, 15U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t *t11 = table2 + (i + (uint32_t)1U) * (uint32_t)15U;
+    0U,
+    15U,
+    1U,
+    uint64_t *t11 = table2 + (i + 1U) * 15U;
     Hacl_Impl_K256_PointDouble_point_double(tmp, t11);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t));
-    uint64_t *t2 = table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U;
+    memcpy(table2 + (2U * i + 2U) * 15U, tmp, 15U * sizeof (uint64_t));
+    uint64_t *t2 = table2 + (2U * i + 2U) * 15U;
     Hacl_Impl_K256_PointAdd_point_add(tmp, q2, t2);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t)););
+    memcpy(table2 + (2U * i + 3U) * 15U, tmp, 15U * sizeof (uint64_t)););
   uint64_t tmp0[15U] = { 0U };
-  uint32_t i0 = (uint32_t)255U;
-  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, i0, (uint32_t)5U);
+  uint32_t i0 = 255U;
+  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar1, i0, 5U);
   uint32_t bits_l32 = (uint32_t)bits_c;
-  const
-  uint64_t
-  *a_bits_l = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * (uint32_t)15U;
-  memcpy(out, (uint64_t *)a_bits_l, (uint32_t)15U * sizeof (uint64_t));
-  uint32_t i1 = (uint32_t)255U;
-  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, i1, (uint32_t)5U);
+  const uint64_t *a_bits_l = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * 15U;
+  memcpy(out, (uint64_t *)a_bits_l, 15U * sizeof (uint64_t));
+  uint32_t i1 = 255U;
+  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar2, i1, 5U);
   uint32_t bits_l320 = (uint32_t)bits_c0;
-  const uint64_t *a_bits_l0 = table2 + bits_l320 * (uint32_t)15U;
-  memcpy(tmp0, (uint64_t *)a_bits_l0, (uint32_t)15U * sizeof (uint64_t));
+  const uint64_t *a_bits_l0 = table2 + bits_l320 * 15U;
+  memcpy(tmp0, (uint64_t *)a_bits_l0, 15U * sizeof (uint64_t));
   Hacl_Impl_K256_PointAdd_point_add(out, out, tmp0);
   uint64_t tmp1[15U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)51U; i++)
+  for (uint32_t i = 0U; i < 51U; i++)
   {
-    KRML_MAYBE_FOR5(i2,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      Hacl_Impl_K256_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, k, (uint32_t)5U);
+    KRML_MAYBE_FOR5(i2, 0U, 5U, 1U, Hacl_Impl_K256_PointDouble_point_double(out, out););
+    uint32_t k = 255U - 5U * i - 5U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar2, k, 5U);
     uint32_t bits_l321 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l1 = table2 + bits_l321 * (uint32_t)15U;
-    memcpy(tmp1, (uint64_t *)a_bits_l1, (uint32_t)15U * sizeof (uint64_t));
+    const uint64_t *a_bits_l1 = table2 + bits_l321 * 15U;
+    memcpy(tmp1, (uint64_t *)a_bits_l1, 15U * sizeof (uint64_t));
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp1);
-    uint32_t k0 = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, k0, (uint32_t)5U);
+    uint32_t k0 = 255U - 5U * i - 5U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar1, k0, 5U);
     uint32_t bits_l322 = (uint32_t)bits_l0;
     const
     uint64_t
-    *a_bits_l2 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * (uint32_t)15U;
-    memcpy(tmp1, (uint64_t *)a_bits_l2, (uint32_t)15U * sizeof (uint64_t));
+    *a_bits_l2 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * 15U;
+    memcpy(tmp1, (uint64_t *)a_bits_l2, 15U * sizeof (uint64_t));
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp1);
   }
 }
@@ -1380,99 +1339,89 @@ point_mul_g_double_split_lambda_table(
   uint64_t table2[480U] = { 0U };
   uint64_t tmp[15U] = { 0U };
   uint64_t *t0 = table2;
-  uint64_t *t1 = table2 + (uint32_t)15U;
+  uint64_t *t1 = table2 + 15U;
   Hacl_Impl_K256_Point_make_point_at_inf(t0);
-  memcpy(t1, p2, (uint32_t)15U * sizeof (uint64_t));
+  memcpy(t1, p2, 15U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t *t11 = table2 + (i + (uint32_t)1U) * (uint32_t)15U;
+    0U,
+    15U,
+    1U,
+    uint64_t *t11 = table2 + (i + 1U) * 15U;
     Hacl_Impl_K256_PointDouble_point_double(tmp, t11);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t));
-    uint64_t *t2 = table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)15U;
+    memcpy(table2 + (2U * i + 2U) * 15U, tmp, 15U * sizeof (uint64_t));
+    uint64_t *t2 = table2 + (2U * i + 2U) * 15U;
     Hacl_Impl_K256_PointAdd_point_add(tmp, p2, t2);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)15U,
-      tmp,
-      (uint32_t)15U * sizeof (uint64_t)););
+    memcpy(table2 + (2U * i + 3U) * 15U, tmp, 15U * sizeof (uint64_t)););
   uint64_t tmp0[15U] = { 0U };
   uint64_t tmp1[15U] = { 0U };
-  uint32_t i0 = (uint32_t)125U;
-  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r1, i0, (uint32_t)5U);
+  uint32_t i0 = 125U;
+  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r1, i0, 5U);
   uint32_t bits_l32 = (uint32_t)bits_c;
-  const
-  uint64_t
-  *a_bits_l = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * (uint32_t)15U;
-  memcpy(out, (uint64_t *)a_bits_l, (uint32_t)15U * sizeof (uint64_t));
+  const uint64_t *a_bits_l = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * 15U;
+  memcpy(out, (uint64_t *)a_bits_l, 15U * sizeof (uint64_t));
   point_negate_conditional_vartime(out, is_negate1);
-  uint32_t i1 = (uint32_t)125U;
-  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r2, i1, (uint32_t)5U);
+  uint32_t i1 = 125U;
+  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r2, i1, 5U);
   uint32_t bits_l320 = (uint32_t)bits_c0;
   const
   uint64_t
-  *a_bits_l0 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l320 * (uint32_t)15U;
-  memcpy(tmp1, (uint64_t *)a_bits_l0, (uint32_t)15U * sizeof (uint64_t));
+  *a_bits_l0 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l320 * 15U;
+  memcpy(tmp1, (uint64_t *)a_bits_l0, 15U * sizeof (uint64_t));
   point_negate_conditional_vartime(tmp1, is_negate2);
   point_mul_lambda_inplace(tmp1);
   Hacl_Impl_K256_PointAdd_point_add(out, out, tmp1);
   uint64_t tmp10[15U] = { 0U };
-  uint32_t i2 = (uint32_t)125U;
-  uint64_t bits_c1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r3, i2, (uint32_t)5U);
+  uint32_t i2 = 125U;
+  uint64_t bits_c1 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r3, i2, 5U);
   uint32_t bits_l321 = (uint32_t)bits_c1;
-  const uint64_t *a_bits_l1 = table2 + bits_l321 * (uint32_t)15U;
-  memcpy(tmp0, (uint64_t *)a_bits_l1, (uint32_t)15U * sizeof (uint64_t));
+  const uint64_t *a_bits_l1 = table2 + bits_l321 * 15U;
+  memcpy(tmp0, (uint64_t *)a_bits_l1, 15U * sizeof (uint64_t));
   point_negate_conditional_vartime(tmp0, is_negate3);
-  uint32_t i3 = (uint32_t)125U;
-  uint64_t bits_c2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r4, i3, (uint32_t)5U);
+  uint32_t i3 = 125U;
+  uint64_t bits_c2 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r4, i3, 5U);
   uint32_t bits_l322 = (uint32_t)bits_c2;
-  const uint64_t *a_bits_l2 = table2 + bits_l322 * (uint32_t)15U;
-  memcpy(tmp10, (uint64_t *)a_bits_l2, (uint32_t)15U * sizeof (uint64_t));
+  const uint64_t *a_bits_l2 = table2 + bits_l322 * 15U;
+  memcpy(tmp10, (uint64_t *)a_bits_l2, 15U * sizeof (uint64_t));
   point_negate_conditional_vartime(tmp10, is_negate4);
   point_mul_lambda_inplace(tmp10);
   Hacl_Impl_K256_PointAdd_point_add(tmp0, tmp0, tmp10);
   Hacl_Impl_K256_PointAdd_point_add(out, out, tmp0);
   uint64_t tmp2[15U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++)
+  for (uint32_t i = 0U; i < 25U; i++)
   {
-    KRML_MAYBE_FOR5(i4,
-      (uint32_t)0U,
-      (uint32_t)5U,
-      (uint32_t)1U,
-      Hacl_Impl_K256_PointDouble_point_double(out, out););
-    uint32_t k = (uint32_t)125U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r4, k, (uint32_t)5U);
+    KRML_MAYBE_FOR5(i4, 0U, 5U, 1U, Hacl_Impl_K256_PointDouble_point_double(out, out););
+    uint32_t k = 125U - 5U * i - 5U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r4, k, 5U);
     uint32_t bits_l323 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l3 = table2 + bits_l323 * (uint32_t)15U;
-    memcpy(tmp2, (uint64_t *)a_bits_l3, (uint32_t)15U * sizeof (uint64_t));
+    const uint64_t *a_bits_l3 = table2 + bits_l323 * 15U;
+    memcpy(tmp2, (uint64_t *)a_bits_l3, 15U * sizeof (uint64_t));
     point_negate_conditional_vartime(tmp2, is_negate4);
     point_mul_lambda_inplace(tmp2);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp2);
-    uint32_t k0 = (uint32_t)125U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r3, k0, (uint32_t)5U);
+    uint32_t k0 = 125U - 5U * i - 5U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r3, k0, 5U);
     uint32_t bits_l324 = (uint32_t)bits_l0;
-    const uint64_t *a_bits_l4 = table2 + bits_l324 * (uint32_t)15U;
-    memcpy(tmp2, (uint64_t *)a_bits_l4, (uint32_t)15U * sizeof (uint64_t));
+    const uint64_t *a_bits_l4 = table2 + bits_l324 * 15U;
+    memcpy(tmp2, (uint64_t *)a_bits_l4, 15U * sizeof (uint64_t));
     point_negate_conditional_vartime(tmp2, is_negate3);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp2);
-    uint32_t k1 = (uint32_t)125U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r2, k1, (uint32_t)5U);
+    uint32_t k1 = 125U - 5U * i - 5U;
+    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r2, k1, 5U);
     uint32_t bits_l325 = (uint32_t)bits_l1;
     const
     uint64_t
-    *a_bits_l5 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l325 * (uint32_t)15U;
-    memcpy(tmp2, (uint64_t *)a_bits_l5, (uint32_t)15U * sizeof (uint64_t));
+    *a_bits_l5 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l325 * 15U;
+    memcpy(tmp2, (uint64_t *)a_bits_l5, 15U * sizeof (uint64_t));
     point_negate_conditional_vartime(tmp2, is_negate2);
     point_mul_lambda_inplace(tmp2);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp2);
-    uint32_t k2 = (uint32_t)125U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, r1, k2, (uint32_t)5U);
+    uint32_t k2 = 125U - 5U * i - 5U;
+    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, r1, k2, 5U);
     uint32_t bits_l326 = (uint32_t)bits_l2;
     const
     uint64_t
-    *a_bits_l6 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l326 * (uint32_t)15U;
-    memcpy(tmp2, (uint64_t *)a_bits_l6, (uint32_t)15U * sizeof (uint64_t));
+    *a_bits_l6 = Hacl_K256_PrecompTable_precomp_basepoint_table_w5 + bits_l326 * 15U;
+    memcpy(tmp2, (uint64_t *)a_bits_l6, 15U * sizeof (uint64_t));
     point_negate_conditional_vartime(tmp2, is_negate1);
     Hacl_Impl_K256_PointAdd_point_add(out, out, tmp2);
   }
@@ -1483,16 +1432,16 @@ check_ecmult_endo_split(uint64_t *r1, uint64_t *r2, uint64_t *r3, uint64_t *r4)
 {
   uint64_t f20 = r1[2U];
   uint64_t f30 = r1[3U];
-  bool b1 = f20 == (uint64_t)0U && f30 == (uint64_t)0U;
+  bool b1 = f20 == 0ULL && f30 == 0ULL;
   uint64_t f21 = r2[2U];
   uint64_t f31 = r2[3U];
-  bool b2 = f21 == (uint64_t)0U && f31 == (uint64_t)0U;
+  bool b2 = f21 == 0ULL && f31 == 0ULL;
   uint64_t f22 = r3[2U];
   uint64_t f32 = r3[3U];
-  bool b3 = f22 == (uint64_t)0U && f32 == (uint64_t)0U;
+  bool b3 = f22 == 0ULL && f32 == 0ULL;
   uint64_t f2 = r4[2U];
   uint64_t f3 = r4[3U];
-  bool b4 = f2 == (uint64_t)0U && f3 == (uint64_t)0U;
+  bool b4 = f2 == 0ULL && f3 == 0ULL;
   return b1 && b2 && b3 && b4;
 }
 
@@ -1515,30 +1464,30 @@ point_mul_g_double_split_lambda_vartime(
 {
   uint64_t g[15U] = { 0U };
   uint64_t *gx = g;
-  uint64_t *gy = g + (uint32_t)5U;
-  uint64_t *gz = g + (uint32_t)10U;
-  gx[0U] = (uint64_t)0x2815b16f81798U;
-  gx[1U] = (uint64_t)0xdb2dce28d959fU;
-  gx[2U] = (uint64_t)0xe870b07029bfcU;
-  gx[3U] = (uint64_t)0xbbac55a06295cU;
-  gx[4U] = (uint64_t)0x79be667ef9dcU;
-  gy[0U] = (uint64_t)0x7d08ffb10d4b8U;
-  gy[1U] = (uint64_t)0x48a68554199c4U;
-  gy[2U] = (uint64_t)0xe1108a8fd17b4U;
-  gy[3U] = (uint64_t)0xc4655da4fbfc0U;
-  gy[4U] = (uint64_t)0x483ada7726a3U;
-  memset(gz, 0U, (uint32_t)5U * sizeof (uint64_t));
-  gz[0U] = (uint64_t)1U;
+  uint64_t *gy = g + 5U;
+  uint64_t *gz = g + 10U;
+  gx[0U] = 0x2815b16f81798ULL;
+  gx[1U] = 0xdb2dce28d959fULL;
+  gx[2U] = 0xe870b07029bfcULL;
+  gx[3U] = 0xbbac55a06295cULL;
+  gx[4U] = 0x79be667ef9dcULL;
+  gy[0U] = 0x7d08ffb10d4b8ULL;
+  gy[1U] = 0x48a68554199c4ULL;
+  gy[2U] = 0xe1108a8fd17b4ULL;
+  gy[3U] = 0xc4655da4fbfc0ULL;
+  gy[4U] = 0x483ada7726a3ULL;
+  memset(gz, 0U, 5U * sizeof (uint64_t));
+  gz[0U] = 1ULL;
   uint64_t r1234[16U] = { 0U };
   uint64_t q1234[60U] = { 0U };
   uint64_t *r1 = r1234;
-  uint64_t *r2 = r1234 + (uint32_t)4U;
-  uint64_t *r3 = r1234 + (uint32_t)8U;
-  uint64_t *r4 = r1234 + (uint32_t)12U;
+  uint64_t *r2 = r1234 + 4U;
+  uint64_t *r3 = r1234 + 8U;
+  uint64_t *r4 = r1234 + 12U;
   uint64_t *q1 = q1234;
-  uint64_t *q2 = q1234 + (uint32_t)15U;
-  uint64_t *q3 = q1234 + (uint32_t)30U;
-  uint64_t *q4 = q1234 + (uint32_t)45U;
+  uint64_t *q2 = q1234 + 15U;
+  uint64_t *q3 = q1234 + 30U;
+  uint64_t *q4 = q1234 + 45U;
   __bool_bool scrut0 = ecmult_endo_split(r1, r2, q1, q2, scalar1, g);
   bool is_high10 = scrut0.fst;
   bool is_high20 = scrut0.snd;
@@ -1615,30 +1564,30 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(
   uint8_t *nonce
 )
 {
-  uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
-  KRML_HOST_IGNORE(oneq);
+  uint64_t oneq[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
+  KRML_MAYBE_UNUSED_VAR(oneq);
   uint64_t rsdk_q[16U] = { 0U };
   uint64_t *r_q = rsdk_q;
-  uint64_t *s_q = rsdk_q + (uint32_t)4U;
-  uint64_t *d_a = rsdk_q + (uint32_t)8U;
-  uint64_t *k_q = rsdk_q + (uint32_t)12U;
+  uint64_t *s_q = rsdk_q + 4U;
+  uint64_t *d_a = rsdk_q + 8U;
+  uint64_t *k_q = rsdk_q + 12U;
   uint64_t is_b_valid0 = load_qelem_check(d_a, private_key);
-  uint64_t oneq10[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  uint64_t oneq10[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = d_a;
     uint64_t uu____0 = oneq10[i];
     uint64_t x = uu____0 ^ (is_b_valid0 & (d_a[i] ^ uu____0));
     os[i] = x;);
   uint64_t is_sk_valid = is_b_valid0;
   uint64_t is_b_valid = load_qelem_check(k_q, nonce);
-  uint64_t oneq1[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  uint64_t oneq1[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = k_q;
     uint64_t uu____1 = oneq1[i];
     uint64_t x = uu____1 ^ (is_b_valid & (k_q[i] ^ uu____1));
@@ -1660,11 +1609,11 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(
   qadd(s_q, z, s_q);
   qmul(s_q, kinv, s_q);
   store_qelem(signature, r_q);
-  store_qelem(signature + (uint32_t)32U, s_q);
+  store_qelem(signature + 32U, s_q);
   uint64_t is_r_zero = is_qelem_zero(r_q);
   uint64_t is_s_zero = is_qelem_zero(s_q);
   uint64_t m = are_sk_nonce_valid & (~is_r_zero & ~is_s_zero);
-  bool res = m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool res = m == 0xFFFFFFFFFFFFFFFFULL;
   return res;
 }
 
@@ -1691,7 +1640,7 @@ Hacl_K256_ECDSA_ecdsa_sign_sha256(
 )
 {
   uint8_t msgHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, msgHash);
+  Hacl_Hash_SHA2_hash_256(msgHash, msg, msg_len);
   bool b = Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(signature, msgHash, private_key, nonce);
   return b;
 }
@@ -1713,14 +1662,14 @@ Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(uint8_t *m, uint8_t *public_key, uint8_t
 {
   uint64_t tmp[35U] = { 0U };
   uint64_t *pk = tmp;
-  uint64_t *r_q = tmp + (uint32_t)15U;
-  uint64_t *s_q = tmp + (uint32_t)19U;
-  uint64_t *u1 = tmp + (uint32_t)23U;
-  uint64_t *u2 = tmp + (uint32_t)27U;
-  uint64_t *m_q = tmp + (uint32_t)31U;
+  uint64_t *r_q = tmp + 15U;
+  uint64_t *s_q = tmp + 19U;
+  uint64_t *u1 = tmp + 23U;
+  uint64_t *u2 = tmp + 27U;
+  uint64_t *m_q = tmp + 31U;
   bool is_pk_valid = load_point_vartime(pk, public_key);
   bool is_r_valid = load_qelem_vartime(r_q, signature);
-  bool is_s_valid = load_qelem_vartime(s_q, signature + (uint32_t)32U);
+  bool is_s_valid = load_qelem_vartime(s_q, signature + 32U);
   bool is_rs_valid = is_r_valid && is_s_valid;
   load_qelem_modq(m_q, m);
   if (!(is_pk_valid && is_rs_valid))
@@ -1734,7 +1683,7 @@ Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(uint8_t *m, uint8_t *public_key, uint8_t
   uint64_t res[15U] = { 0U };
   point_mul_g_double_split_lambda_vartime(res, u1, u2, pk);
   uint64_t tmp1[5U] = { 0U };
-  uint64_t *pz = res + (uint32_t)10U;
+  uint64_t *pz = res + 10U;
   Hacl_K256_Field_fnormalize(tmp1, pz);
   bool b = Hacl_K256_Field_is_felem_zero_vartime(tmp1);
   if (b)
@@ -1742,7 +1691,7 @@ Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(uint8_t *m, uint8_t *public_key, uint8_t
     return false;
   }
   uint64_t *x = res;
-  uint64_t *z = res + (uint32_t)10U;
+  uint64_t *z = res + 10U;
   uint8_t r_bytes[32U] = { 0U };
   uint64_t r_fe[5U] = { 0U };
   uint64_t tmp_q[5U] = { 0U };
@@ -1756,11 +1705,11 @@ Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(uint8_t *m, uint8_t *public_key, uint8_t
     bool is_r_lt_p_m_q = Hacl_K256_Field_is_felem_lt_prime_minus_order_vartime(r_fe);
     if (is_r_lt_p_m_q)
     {
-      tmp_q[0U] = (uint64_t)0x25e8cd0364141U;
-      tmp_q[1U] = (uint64_t)0xe6af48a03bbfdU;
-      tmp_q[2U] = (uint64_t)0xffffffebaaedcU;
-      tmp_q[3U] = (uint64_t)0xfffffffffffffU;
-      tmp_q[4U] = (uint64_t)0xffffffffffffU;
+      tmp_q[0U] = 0x25e8cd0364141ULL;
+      tmp_q[1U] = 0xe6af48a03bbfdULL;
+      tmp_q[2U] = 0xffffffebaaedcULL;
+      tmp_q[3U] = 0xfffffffffffffULL;
+      tmp_q[4U] = 0xffffffffffffULL;
       Hacl_K256_Field_fadd(tmp_q, r_fe, tmp_q);
       return fmul_eq_vartime(tmp_q, z, tmp_x);
     }
@@ -1790,7 +1739,7 @@ Hacl_K256_ECDSA_ecdsa_verify_sha256(
 )
 {
   uint8_t mHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  Hacl_Hash_SHA2_hash_256(mHash, msg, msg_len);
   bool b = Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(mHash, public_key, signature);
   return b;
 }
@@ -1805,7 +1754,7 @@ Compute canonical lowest S value for `signature` (R || S).
 bool Hacl_K256_ECDSA_secp256k1_ecdsa_signature_normalize(uint8_t *signature)
 {
   uint64_t s_q[4U] = { 0U };
-  uint8_t *s = signature + (uint32_t)32U;
+  uint8_t *s = signature + 32U;
   bool is_sk_valid = load_qelem_vartime(s_q, s);
   if (!is_sk_valid)
   {
@@ -1813,7 +1762,7 @@ bool Hacl_K256_ECDSA_secp256k1_ecdsa_signature_normalize(uint8_t *signature)
   }
   bool is_sk_lt_q_halved = is_qelem_le_q_halved_vartime(s_q);
   qnegate_conditional_vartime(s_q, !is_sk_lt_q_halved);
-  store_qelem(signature + (uint32_t)32U, s_q);
+  store_qelem(signature + 32U, s_q);
   return true;
 }
 
@@ -1827,7 +1776,7 @@ Check whether `signature` (R || S) is in canonical form.
 bool Hacl_K256_ECDSA_secp256k1_ecdsa_is_signature_normalized(uint8_t *signature)
 {
   uint64_t s_q[4U] = { 0U };
-  uint8_t *s = signature + (uint32_t)32U;
+  uint8_t *s = signature + 32U;
   bool is_s_valid = load_qelem_vartime(s_q, s);
   bool is_s_lt_q_halved = is_qelem_le_q_halved_vartime(s_q);
   return is_s_valid && is_s_lt_q_halved;
@@ -1886,7 +1835,7 @@ Hacl_K256_ECDSA_secp256k1_ecdsa_sign_sha256(
 )
 {
   uint8_t msgHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, msgHash);
+  Hacl_Hash_SHA2_hash_256(msgHash, msg, msg_len);
   bool
   b = Hacl_K256_ECDSA_secp256k1_ecdsa_sign_hashed_msg(signature, msgHash, private_key, nonce);
   return b;
@@ -1940,7 +1889,7 @@ Hacl_K256_ECDSA_secp256k1_ecdsa_verify_sha256(
 )
 {
   uint8_t mHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  Hacl_Hash_SHA2_hash_256(mHash, msg, msg_len);
   bool b = Hacl_K256_ECDSA_secp256k1_ecdsa_verify_hashed_msg(mHash, public_key, signature);
   return b;
 }
@@ -1971,11 +1920,11 @@ Convert a public key from uncompressed to its raw form.
 bool Hacl_K256_ECDSA_public_key_uncompressed_to_raw(uint8_t *pk_raw, uint8_t *pk)
 {
   uint8_t pk0 = pk[0U];
-  if (pk0 != (uint8_t)0x04U)
+  if (pk0 != 0x04U)
   {
     return false;
   }
-  memcpy(pk_raw, pk + (uint32_t)1U, (uint32_t)64U * sizeof (uint8_t));
+  memcpy(pk_raw, pk + 1U, 64U * sizeof (uint8_t));
   return true;
 }
 
@@ -1989,8 +1938,8 @@ Convert a public key from raw to its uncompressed form.
 */
 void Hacl_K256_ECDSA_public_key_uncompressed_from_raw(uint8_t *pk, uint8_t *pk_raw)
 {
-  pk[0U] = (uint8_t)0x04U;
-  memcpy(pk + (uint32_t)1U, pk_raw, (uint32_t)64U * sizeof (uint8_t));
+  pk[0U] = 0x04U;
+  memcpy(pk + 1U, pk_raw, 64U * sizeof (uint8_t));
 }
 
 /**
@@ -2007,12 +1956,12 @@ bool Hacl_K256_ECDSA_public_key_compressed_to_raw(uint8_t *pk_raw, uint8_t *pk)
 {
   uint64_t xa[5U] = { 0U };
   uint64_t ya[5U] = { 0U };
-  uint8_t *pk_xb = pk + (uint32_t)1U;
+  uint8_t *pk_xb = pk + 1U;
   bool b = aff_point_decompress_vartime(xa, ya, pk);
   if (b)
   {
-    memcpy(pk_raw, pk_xb, (uint32_t)32U * sizeof (uint8_t));
-    Hacl_K256_Field_store_felem(pk_raw + (uint32_t)32U, ya);
+    memcpy(pk_raw, pk_xb, 32U * sizeof (uint8_t));
+    Hacl_K256_Field_store_felem(pk_raw + 32U, ya);
   }
   return b;
 }
@@ -2028,20 +1977,20 @@ Convert a public key from raw to its compressed form.
 void Hacl_K256_ECDSA_public_key_compressed_from_raw(uint8_t *pk, uint8_t *pk_raw)
 {
   uint8_t *pk_x = pk_raw;
-  uint8_t *pk_y = pk_raw + (uint32_t)32U;
+  uint8_t *pk_y = pk_raw + 32U;
   uint8_t x0 = pk_y[31U];
-  bool is_pk_y_odd = (x0 & (uint8_t)1U) == (uint8_t)1U;
+  bool is_pk_y_odd = ((uint32_t)x0 & 1U) == 1U;
   uint8_t ite;
   if (is_pk_y_odd)
   {
-    ite = (uint8_t)0x03U;
+    ite = 0x03U;
   }
   else
   {
-    ite = (uint8_t)0x02U;
+    ite = 0x02U;
   }
   pk[0U] = ite;
-  memcpy(pk + (uint32_t)1U, pk_x, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(pk + 1U, pk_x, 32U * sizeof (uint8_t));
 }
 
 
@@ -2084,7 +2033,7 @@ bool Hacl_K256_ECDSA_is_private_key_valid(uint8_t *private_key)
 {
   uint64_t s_q[4U] = { 0U };
   uint64_t res = load_qelem_check(s_q, private_key);
-  return res == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return res == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 
@@ -2107,13 +2056,13 @@ bool Hacl_K256_ECDSA_secret_to_public(uint8_t *public_key, uint8_t *private_key)
 {
   uint64_t tmp[19U] = { 0U };
   uint64_t *pk = tmp;
-  uint64_t *sk = tmp + (uint32_t)15U;
+  uint64_t *sk = tmp + 15U;
   uint64_t is_b_valid = load_qelem_check(sk, private_key);
-  uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  uint64_t oneq[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = sk;
     uint64_t uu____0 = oneq[i];
     uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0));
@@ -2121,7 +2070,7 @@ bool Hacl_K256_ECDSA_secret_to_public(uint8_t *public_key, uint8_t *private_key)
   uint64_t is_sk_valid = is_b_valid;
   point_mul_g(pk, sk);
   Hacl_Impl_K256_Point_point_store(public_key, pk);
-  return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_sk_valid == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -2140,15 +2089,15 @@ bool Hacl_K256_ECDSA_ecdh(uint8_t *shared_secret, uint8_t *their_pubkey, uint8_t
 {
   uint64_t tmp[34U] = { 0U };
   uint64_t *pk = tmp;
-  uint64_t *ss = tmp + (uint32_t)15U;
-  uint64_t *sk = tmp + (uint32_t)30U;
+  uint64_t *ss = tmp + 15U;
+  uint64_t *sk = tmp + 30U;
   bool is_pk_valid = load_point_vartime(pk, their_pubkey);
   uint64_t is_b_valid = load_qelem_check(sk, private_key);
-  uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  uint64_t oneq[4U] = { 0x1ULL, 0x0ULL, 0x0ULL, 0x0ULL };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = sk;
     uint64_t uu____0 = oneq[i];
     uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0));
@@ -2159,6 +2108,6 @@ bool Hacl_K256_ECDSA_ecdh(uint8_t *shared_secret, uint8_t *their_pubkey, uint8_t
     Hacl_Impl_K256_PointMul_point_mul(ss, sk, pk);
     Hacl_Impl_K256_Point_point_store(shared_secret, ss);
   }
-  return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU && is_pk_valid;
+  return is_sk_valid == 0xFFFFFFFFFFFFFFFFULL && is_pk_valid;
 }
 
diff --git a/src/msvc/Hacl_MAC_Poly1305.c b/src/msvc/Hacl_MAC_Poly1305.c
new file mode 100644
index 00000000..28cbca5a
--- /dev/null
+++ b/src/msvc/Hacl_MAC_Poly1305.c
@@ -0,0 +1,712 @@
+/* MIT License
+ *
+ * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
+ * Copyright (c) 2022-2023 HACL* Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+#include "internal/Hacl_MAC_Poly1305.h"
+
+void Hacl_MAC_Poly1305_poly1305_init(uint64_t *ctx, uint8_t *key)
+{
+  uint64_t *acc = ctx;
+  uint64_t *pre = ctx + 5U;
+  uint8_t *kr = key;
+  acc[0U] = 0ULL;
+  acc[1U] = 0ULL;
+  acc[2U] = 0ULL;
+  acc[3U] = 0ULL;
+  acc[4U] = 0ULL;
+  uint64_t u0 = load64_le(kr);
+  uint64_t lo = u0;
+  uint64_t u = load64_le(kr + 8U);
+  uint64_t hi = u;
+  uint64_t mask0 = 0x0ffffffc0fffffffULL;
+  uint64_t mask1 = 0x0ffffffc0ffffffcULL;
+  uint64_t lo1 = lo & mask0;
+  uint64_t hi1 = hi & mask1;
+  uint64_t *r = pre;
+  uint64_t *r5 = pre + 5U;
+  uint64_t *rn = pre + 10U;
+  uint64_t *rn_5 = pre + 15U;
+  uint64_t r_vec0 = lo1;
+  uint64_t r_vec1 = hi1;
+  uint64_t f00 = r_vec0 & 0x3ffffffULL;
+  uint64_t f10 = r_vec0 >> 26U & 0x3ffffffULL;
+  uint64_t f20 = r_vec0 >> 52U | (r_vec1 & 0x3fffULL) << 12U;
+  uint64_t f30 = r_vec1 >> 14U & 0x3ffffffULL;
+  uint64_t f40 = r_vec1 >> 40U;
+  uint64_t f0 = f00;
+  uint64_t f1 = f10;
+  uint64_t f2 = f20;
+  uint64_t f3 = f30;
+  uint64_t f4 = f40;
+  r[0U] = f0;
+  r[1U] = f1;
+  r[2U] = f2;
+  r[3U] = f3;
+  r[4U] = f4;
+  uint64_t f200 = r[0U];
+  uint64_t f21 = r[1U];
+  uint64_t f22 = r[2U];
+  uint64_t f23 = r[3U];
+  uint64_t f24 = r[4U];
+  r5[0U] = f200 * 5ULL;
+  r5[1U] = f21 * 5ULL;
+  r5[2U] = f22 * 5ULL;
+  r5[3U] = f23 * 5ULL;
+  r5[4U] = f24 * 5ULL;
+  rn[0U] = r[0U];
+  rn[1U] = r[1U];
+  rn[2U] = r[2U];
+  rn[3U] = r[3U];
+  rn[4U] = r[4U];
+  rn_5[0U] = r5[0U];
+  rn_5[1U] = r5[1U];
+  rn_5[2U] = r5[2U];
+  rn_5[3U] = r5[3U];
+  rn_5[4U] = r5[4U];
+}
+
+static void poly1305_update(uint64_t *ctx, uint32_t len, uint8_t *text)
+{
+  uint64_t *pre = ctx + 5U;
+  uint64_t *acc = ctx;
+  uint32_t nb = len / 16U;
+  uint32_t rem = len % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
+  {
+    uint8_t *block = text + i * 16U;
+    uint64_t e[5U] = { 0U };
+    uint64_t u0 = load64_le(block);
+    uint64_t lo = u0;
+    uint64_t u = load64_le(block + 8U);
+    uint64_t hi = u;
+    uint64_t f0 = lo;
+    uint64_t f1 = hi;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
+    uint64_t f01 = f010;
+    uint64_t f111 = f110;
+    uint64_t f2 = f20;
+    uint64_t f3 = f30;
+    uint64_t f41 = f40;
+    e[0U] = f01;
+    e[1U] = f111;
+    e[2U] = f2;
+    e[3U] = f3;
+    e[4U] = f41;
+    uint64_t b = 0x1000000ULL;
+    uint64_t mask = b;
+    uint64_t f4 = e[4U];
+    e[4U] = f4 | mask;
+    uint64_t *r = pre;
+    uint64_t *r5 = pre + 5U;
+    uint64_t r0 = r[0U];
+    uint64_t r1 = r[1U];
+    uint64_t r2 = r[2U];
+    uint64_t r3 = r[3U];
+    uint64_t r4 = r[4U];
+    uint64_t r51 = r5[1U];
+    uint64_t r52 = r5[2U];
+    uint64_t r53 = r5[3U];
+    uint64_t r54 = r5[4U];
+    uint64_t f10 = e[0U];
+    uint64_t f11 = e[1U];
+    uint64_t f12 = e[2U];
+    uint64_t f13 = e[3U];
+    uint64_t f14 = e[4U];
+    uint64_t a0 = acc[0U];
+    uint64_t a1 = acc[1U];
+    uint64_t a2 = acc[2U];
+    uint64_t a3 = acc[3U];
+    uint64_t a4 = acc[4U];
+    uint64_t a01 = a0 + f10;
+    uint64_t a11 = a1 + f11;
+    uint64_t a21 = a2 + f12;
+    uint64_t a31 = a3 + f13;
+    uint64_t a41 = a4 + f14;
+    uint64_t a02 = r0 * a01;
+    uint64_t a12 = r1 * a01;
+    uint64_t a22 = r2 * a01;
+    uint64_t a32 = r3 * a01;
+    uint64_t a42 = r4 * a01;
+    uint64_t a03 = a02 + r54 * a11;
+    uint64_t a13 = a12 + r0 * a11;
+    uint64_t a23 = a22 + r1 * a11;
+    uint64_t a33 = a32 + r2 * a11;
+    uint64_t a43 = a42 + r3 * a11;
+    uint64_t a04 = a03 + r53 * a21;
+    uint64_t a14 = a13 + r54 * a21;
+    uint64_t a24 = a23 + r0 * a21;
+    uint64_t a34 = a33 + r1 * a21;
+    uint64_t a44 = a43 + r2 * a21;
+    uint64_t a05 = a04 + r52 * a31;
+    uint64_t a15 = a14 + r53 * a31;
+    uint64_t a25 = a24 + r54 * a31;
+    uint64_t a35 = a34 + r0 * a31;
+    uint64_t a45 = a44 + r1 * a31;
+    uint64_t a06 = a05 + r51 * a41;
+    uint64_t a16 = a15 + r52 * a41;
+    uint64_t a26 = a25 + r53 * a41;
+    uint64_t a36 = a35 + r54 * a41;
+    uint64_t a46 = a45 + r0 * a41;
+    uint64_t t0 = a06;
+    uint64_t t1 = a16;
+    uint64_t t2 = a26;
+    uint64_t t3 = a36;
+    uint64_t t4 = a46;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
+    uint64_t x0 = t0 & mask26;
+    uint64_t x3 = t3 & mask26;
+    uint64_t x1 = t1 + z0;
+    uint64_t x4 = t4 + z1;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
+    uint64_t z12 = z11 + t;
+    uint64_t x11 = x1 & mask26;
+    uint64_t x41 = x4 & mask26;
+    uint64_t x2 = t2 + z01;
+    uint64_t x01 = x0 + z12;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
+    uint64_t x21 = x2 & mask26;
+    uint64_t x02 = x01 & mask26;
+    uint64_t x31 = x3 + z02;
+    uint64_t x12 = x11 + z13;
+    uint64_t z03 = x31 >> 26U;
+    uint64_t x32 = x31 & mask26;
+    uint64_t x42 = x41 + z03;
+    uint64_t o0 = x02;
+    uint64_t o1 = x12;
+    uint64_t o2 = x21;
+    uint64_t o3 = x32;
+    uint64_t o4 = x42;
+    acc[0U] = o0;
+    acc[1U] = o1;
+    acc[2U] = o2;
+    acc[3U] = o3;
+    acc[4U] = o4;
+  }
+  if (rem > 0U)
+  {
+    uint8_t *last = text + nb * 16U;
+    uint64_t e[5U] = { 0U };
+    uint8_t tmp[16U] = { 0U };
+    memcpy(tmp, last, rem * sizeof (uint8_t));
+    uint64_t u0 = load64_le(tmp);
+    uint64_t lo = u0;
+    uint64_t u = load64_le(tmp + 8U);
+    uint64_t hi = u;
+    uint64_t f0 = lo;
+    uint64_t f1 = hi;
+    uint64_t f010 = f0 & 0x3ffffffULL;
+    uint64_t f110 = f0 >> 26U & 0x3ffffffULL;
+    uint64_t f20 = f0 >> 52U | (f1 & 0x3fffULL) << 12U;
+    uint64_t f30 = f1 >> 14U & 0x3ffffffULL;
+    uint64_t f40 = f1 >> 40U;
+    uint64_t f01 = f010;
+    uint64_t f111 = f110;
+    uint64_t f2 = f20;
+    uint64_t f3 = f30;
+    uint64_t f4 = f40;
+    e[0U] = f01;
+    e[1U] = f111;
+    e[2U] = f2;
+    e[3U] = f3;
+    e[4U] = f4;
+    uint64_t b = 1ULL << rem * 8U % 26U;
+    uint64_t mask = b;
+    uint64_t fi = e[rem * 8U / 26U];
+    e[rem * 8U / 26U] = fi | mask;
+    uint64_t *r = pre;
+    uint64_t *r5 = pre + 5U;
+    uint64_t r0 = r[0U];
+    uint64_t r1 = r[1U];
+    uint64_t r2 = r[2U];
+    uint64_t r3 = r[3U];
+    uint64_t r4 = r[4U];
+    uint64_t r51 = r5[1U];
+    uint64_t r52 = r5[2U];
+    uint64_t r53 = r5[3U];
+    uint64_t r54 = r5[4U];
+    uint64_t f10 = e[0U];
+    uint64_t f11 = e[1U];
+    uint64_t f12 = e[2U];
+    uint64_t f13 = e[3U];
+    uint64_t f14 = e[4U];
+    uint64_t a0 = acc[0U];
+    uint64_t a1 = acc[1U];
+    uint64_t a2 = acc[2U];
+    uint64_t a3 = acc[3U];
+    uint64_t a4 = acc[4U];
+    uint64_t a01 = a0 + f10;
+    uint64_t a11 = a1 + f11;
+    uint64_t a21 = a2 + f12;
+    uint64_t a31 = a3 + f13;
+    uint64_t a41 = a4 + f14;
+    uint64_t a02 = r0 * a01;
+    uint64_t a12 = r1 * a01;
+    uint64_t a22 = r2 * a01;
+    uint64_t a32 = r3 * a01;
+    uint64_t a42 = r4 * a01;
+    uint64_t a03 = a02 + r54 * a11;
+    uint64_t a13 = a12 + r0 * a11;
+    uint64_t a23 = a22 + r1 * a11;
+    uint64_t a33 = a32 + r2 * a11;
+    uint64_t a43 = a42 + r3 * a11;
+    uint64_t a04 = a03 + r53 * a21;
+    uint64_t a14 = a13 + r54 * a21;
+    uint64_t a24 = a23 + r0 * a21;
+    uint64_t a34 = a33 + r1 * a21;
+    uint64_t a44 = a43 + r2 * a21;
+    uint64_t a05 = a04 + r52 * a31;
+    uint64_t a15 = a14 + r53 * a31;
+    uint64_t a25 = a24 + r54 * a31;
+    uint64_t a35 = a34 + r0 * a31;
+    uint64_t a45 = a44 + r1 * a31;
+    uint64_t a06 = a05 + r51 * a41;
+    uint64_t a16 = a15 + r52 * a41;
+    uint64_t a26 = a25 + r53 * a41;
+    uint64_t a36 = a35 + r54 * a41;
+    uint64_t a46 = a45 + r0 * a41;
+    uint64_t t0 = a06;
+    uint64_t t1 = a16;
+    uint64_t t2 = a26;
+    uint64_t t3 = a36;
+    uint64_t t4 = a46;
+    uint64_t mask26 = 0x3ffffffULL;
+    uint64_t z0 = t0 >> 26U;
+    uint64_t z1 = t3 >> 26U;
+    uint64_t x0 = t0 & mask26;
+    uint64_t x3 = t3 & mask26;
+    uint64_t x1 = t1 + z0;
+    uint64_t x4 = t4 + z1;
+    uint64_t z01 = x1 >> 26U;
+    uint64_t z11 = x4 >> 26U;
+    uint64_t t = z11 << 2U;
+    uint64_t z12 = z11 + t;
+    uint64_t x11 = x1 & mask26;
+    uint64_t x41 = x4 & mask26;
+    uint64_t x2 = t2 + z01;
+    uint64_t x01 = x0 + z12;
+    uint64_t z02 = x2 >> 26U;
+    uint64_t z13 = x01 >> 26U;
+    uint64_t x21 = x2 & mask26;
+    uint64_t x02 = x01 & mask26;
+    uint64_t x31 = x3 + z02;
+    uint64_t x12 = x11 + z13;
+    uint64_t z03 = x31 >> 26U;
+    uint64_t x32 = x31 & mask26;
+    uint64_t x42 = x41 + z03;
+    uint64_t o0 = x02;
+    uint64_t o1 = x12;
+    uint64_t o2 = x21;
+    uint64_t o3 = x32;
+    uint64_t o4 = x42;
+    acc[0U] = o0;
+    acc[1U] = o1;
+    acc[2U] = o2;
+    acc[3U] = o3;
+    acc[4U] = o4;
+    return;
+  }
+}
+
+void Hacl_MAC_Poly1305_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx)
+{
+  uint64_t *acc = ctx;
+  uint8_t *ks = key + 16U;
+  uint64_t f0 = acc[0U];
+  uint64_t f13 = acc[1U];
+  uint64_t f23 = acc[2U];
+  uint64_t f33 = acc[3U];
+  uint64_t f40 = acc[4U];
+  uint64_t l0 = f0 + 0ULL;
+  uint64_t tmp00 = l0 & 0x3ffffffULL;
+  uint64_t c00 = l0 >> 26U;
+  uint64_t l1 = f13 + c00;
+  uint64_t tmp10 = l1 & 0x3ffffffULL;
+  uint64_t c10 = l1 >> 26U;
+  uint64_t l2 = f23 + c10;
+  uint64_t tmp20 = l2 & 0x3ffffffULL;
+  uint64_t c20 = l2 >> 26U;
+  uint64_t l3 = f33 + c20;
+  uint64_t tmp30 = l3 & 0x3ffffffULL;
+  uint64_t c30 = l3 >> 26U;
+  uint64_t l4 = f40 + c30;
+  uint64_t tmp40 = l4 & 0x3ffffffULL;
+  uint64_t c40 = l4 >> 26U;
+  uint64_t f010 = tmp00 + c40 * 5ULL;
+  uint64_t f110 = tmp10;
+  uint64_t f210 = tmp20;
+  uint64_t f310 = tmp30;
+  uint64_t f410 = tmp40;
+  uint64_t l = f010 + 0ULL;
+  uint64_t tmp0 = l & 0x3ffffffULL;
+  uint64_t c0 = l >> 26U;
+  uint64_t l5 = f110 + c0;
+  uint64_t tmp1 = l5 & 0x3ffffffULL;
+  uint64_t c1 = l5 >> 26U;
+  uint64_t l6 = f210 + c1;
+  uint64_t tmp2 = l6 & 0x3ffffffULL;
+  uint64_t c2 = l6 >> 26U;
+  uint64_t l7 = f310 + c2;
+  uint64_t tmp3 = l7 & 0x3ffffffULL;
+  uint64_t c3 = l7 >> 26U;
+  uint64_t l8 = f410 + c3;
+  uint64_t tmp4 = l8 & 0x3ffffffULL;
+  uint64_t c4 = l8 >> 26U;
+  uint64_t f02 = tmp0 + c4 * 5ULL;
+  uint64_t f12 = tmp1;
+  uint64_t f22 = tmp2;
+  uint64_t f32 = tmp3;
+  uint64_t f42 = tmp4;
+  uint64_t mh = 0x3ffffffULL;
+  uint64_t ml = 0x3fffffbULL;
+  uint64_t mask = FStar_UInt64_eq_mask(f42, mh);
+  uint64_t mask1 = mask & FStar_UInt64_eq_mask(f32, mh);
+  uint64_t mask2 = mask1 & FStar_UInt64_eq_mask(f22, mh);
+  uint64_t mask3 = mask2 & FStar_UInt64_eq_mask(f12, mh);
+  uint64_t mask4 = mask3 & ~~FStar_UInt64_gte_mask(f02, ml);
+  uint64_t ph = mask4 & mh;
+  uint64_t pl = mask4 & ml;
+  uint64_t o0 = f02 - pl;
+  uint64_t o1 = f12 - ph;
+  uint64_t o2 = f22 - ph;
+  uint64_t o3 = f32 - ph;
+  uint64_t o4 = f42 - ph;
+  uint64_t f011 = o0;
+  uint64_t f111 = o1;
+  uint64_t f211 = o2;
+  uint64_t f311 = o3;
+  uint64_t f411 = o4;
+  acc[0U] = f011;
+  acc[1U] = f111;
+  acc[2U] = f211;
+  acc[3U] = f311;
+  acc[4U] = f411;
+  uint64_t f00 = acc[0U];
+  uint64_t f1 = acc[1U];
+  uint64_t f2 = acc[2U];
+  uint64_t f3 = acc[3U];
+  uint64_t f4 = acc[4U];
+  uint64_t f01 = f00;
+  uint64_t f112 = f1;
+  uint64_t f212 = f2;
+  uint64_t f312 = f3;
+  uint64_t f41 = f4;
+  uint64_t lo = (f01 | f112 << 26U) | f212 << 52U;
+  uint64_t hi = (f212 >> 12U | f312 << 14U) | f41 << 40U;
+  uint64_t f10 = lo;
+  uint64_t f11 = hi;
+  uint64_t u0 = load64_le(ks);
+  uint64_t lo0 = u0;
+  uint64_t u = load64_le(ks + 8U);
+  uint64_t hi0 = u;
+  uint64_t f20 = lo0;
+  uint64_t f21 = hi0;
+  uint64_t r0 = f10 + f20;
+  uint64_t r1 = f11 + f21;
+  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> 63U;
+  uint64_t r11 = r1 + c;
+  uint64_t f30 = r0;
+  uint64_t f31 = r11;
+  store64_le(tag, f30);
+  store64_le(tag + 8U, f31);
+}
+
+Hacl_MAC_Poly1305_state_t *Hacl_MAC_Poly1305_malloc(uint8_t *key)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(16U, sizeof (uint8_t));
+  uint64_t *r1 = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
+  uint64_t *block_state = r1;
+  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_0 = k_;
+  Hacl_MAC_Poly1305_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_0 };
+  Hacl_MAC_Poly1305_state_t
+  *p = (Hacl_MAC_Poly1305_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_MAC_Poly1305_state_t));
+  p[0U] = s;
+  Hacl_MAC_Poly1305_poly1305_init(block_state, key);
+  return p;
+}
+
+void Hacl_MAC_Poly1305_reset(Hacl_MAC_Poly1305_state_t *state, uint8_t *key)
+{
+  Hacl_MAC_Poly1305_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  uint64_t *block_state = scrut.block_state;
+  Hacl_MAC_Poly1305_poly1305_init(block_state, key);
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_1 = k_;
+  Hacl_MAC_Poly1305_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_1 };
+  state[0U] = tmp;
+}
+
+/**
+0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_MAC_Poly1305_update(Hacl_MAC_Poly1305_state_t *state, uint8_t *chunk, uint32_t chunk_len)
+{
+  Hacl_MAC_Poly1305_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)16U == 0ULL && total_len > 0ULL)
+  {
+    sz = 16U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)16U);
+  }
+  if (chunk_len <= 16U - sz)
+  {
+    Hacl_MAC_Poly1305_state_t s1 = *state;
+    uint64_t *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)16U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 16U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)16U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_MAC_Poly1305_state_t s1 = *state;
+    uint64_t *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)16U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 16U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)16U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 16U, buf);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)16U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 16U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)16U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 16U;
+    uint32_t data1_len = n_blocks * 16U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len,
+          .p_key = k_1
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 16U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_MAC_Poly1305_state_t s1 = *state;
+    uint64_t *block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)16U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 16U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)16U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+    Hacl_MAC_Poly1305_state_t s10 = *state;
+    uint64_t *block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint8_t *k_10 = s10.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)16U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 16U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)16U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 16U, buf);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)16U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 16U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)16U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 16U;
+    uint32_t data1_len = n_blocks * 16U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff),
+          .p_key = k_10
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+void Hacl_MAC_Poly1305_digest(Hacl_MAC_Poly1305_state_t *state, uint8_t *output)
+{
+  Hacl_MAC_Poly1305_state_t scrut = *state;
+  uint64_t *block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint8_t *k_ = scrut.p_key;
+  uint32_t r;
+  if (total_len % (uint64_t)16U == 0ULL && total_len > 0ULL)
+  {
+    r = 16U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)16U);
+  }
+  uint8_t *buf_1 = buf_;
+  uint64_t r1[25U] = { 0U };
+  uint64_t *tmp_block_state = r1;
+  memcpy(tmp_block_state, block_state, 25U * sizeof (uint64_t));
+  uint32_t ite;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite = 16U;
+  }
+  else
+  {
+    ite = r % 16U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite;
+  uint8_t *buf_multi = buf_1;
+  poly1305_update(tmp_block_state, 0U, buf_multi);
+  poly1305_update(tmp_block_state, r, buf_last);
+  uint64_t tmp[25U] = { 0U };
+  memcpy(tmp, tmp_block_state, 25U * sizeof (uint64_t));
+  Hacl_MAC_Poly1305_poly1305_finish(output, k_, tmp);
+}
+
+void Hacl_MAC_Poly1305_free(Hacl_MAC_Poly1305_state_t *state)
+{
+  Hacl_MAC_Poly1305_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  uint64_t *block_state = scrut.block_state;
+  KRML_HOST_FREE(k_);
+  KRML_HOST_FREE(block_state);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+void Hacl_MAC_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key)
+{
+  uint64_t ctx[25U] = { 0U };
+  Hacl_MAC_Poly1305_poly1305_init(ctx, key);
+  poly1305_update(ctx, input_len, input);
+  Hacl_MAC_Poly1305_poly1305_finish(output, key, ctx);
+}
+
diff --git a/src/Hacl_Poly1305_128.c b/src/msvc/Hacl_MAC_Poly1305_Simd128.c
similarity index 66%
rename from src/Hacl_Poly1305_128.c
rename to src/msvc/Hacl_MAC_Poly1305_Simd128.c
index f400fe82..17e26978 100644
--- a/src/Hacl_Poly1305_128.c
+++ b/src/msvc/Hacl_MAC_Poly1305_Simd128.c
@@ -23,40 +23,34 @@
  */
 
 
-#include "internal/Hacl_Poly1305_128.h"
+#include "internal/Hacl_MAC_Poly1305_Simd128.h"
 
-void
-Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b)
+void Hacl_MAC_Poly1305_Simd128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b)
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
   Lib_IntVector_Intrinsics_vec128 b1 = Lib_IntVector_Intrinsics_vec128_load64_le(b);
-  Lib_IntVector_Intrinsics_vec128
-  b2 = Lib_IntVector_Intrinsics_vec128_load64_le(b + (uint32_t)16U);
+  Lib_IntVector_Intrinsics_vec128 b2 = Lib_IntVector_Intrinsics_vec128_load64_le(b + 16U);
   Lib_IntVector_Intrinsics_vec128 lo = Lib_IntVector_Intrinsics_vec128_interleave_low64(b1, b2);
   Lib_IntVector_Intrinsics_vec128 hi = Lib_IntVector_Intrinsics_vec128_interleave_high64(b1, b2);
   Lib_IntVector_Intrinsics_vec128
   f00 =
     Lib_IntVector_Intrinsics_vec128_and(lo,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f10 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 26U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f20 =
-    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 52U),
       Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(hi,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec128
   f30 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, (uint32_t)40U);
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 14U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 40U);
   Lib_IntVector_Intrinsics_vec128 f02 = f00;
   Lib_IntVector_Intrinsics_vec128 f12 = f10;
   Lib_IntVector_Intrinsics_vec128 f22 = f20;
@@ -67,7 +61,7 @@ Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc,
   e[2U] = f22;
   e[3U] = f32;
   e[4U] = f42;
-  uint64_t b10 = (uint64_t)0x1000000U;
+  uint64_t b10 = 0x1000000ULL;
   Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b10);
   Lib_IntVector_Intrinsics_vec128 f43 = e[4U];
   e[4U] = Lib_IntVector_Intrinsics_vec128_or(f43, mask);
@@ -81,16 +75,11 @@ Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc,
   Lib_IntVector_Intrinsics_vec128 e2 = e[2U];
   Lib_IntVector_Intrinsics_vec128 e3 = e[3U];
   Lib_IntVector_Intrinsics_vec128 e4 = e[4U];
-  Lib_IntVector_Intrinsics_vec128
-  f0 = Lib_IntVector_Intrinsics_vec128_insert64(acc0, (uint64_t)0U, (uint32_t)1U);
-  Lib_IntVector_Intrinsics_vec128
-  f1 = Lib_IntVector_Intrinsics_vec128_insert64(acc1, (uint64_t)0U, (uint32_t)1U);
-  Lib_IntVector_Intrinsics_vec128
-  f2 = Lib_IntVector_Intrinsics_vec128_insert64(acc2, (uint64_t)0U, (uint32_t)1U);
-  Lib_IntVector_Intrinsics_vec128
-  f3 = Lib_IntVector_Intrinsics_vec128_insert64(acc3, (uint64_t)0U, (uint32_t)1U);
-  Lib_IntVector_Intrinsics_vec128
-  f4 = Lib_IntVector_Intrinsics_vec128_insert64(acc4, (uint64_t)0U, (uint32_t)1U);
+  Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_insert64(acc0, 0ULL, 1U);
+  Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_insert64(acc1, 0ULL, 1U);
+  Lib_IntVector_Intrinsics_vec128 f2 = Lib_IntVector_Intrinsics_vec128_insert64(acc2, 0ULL, 1U);
+  Lib_IntVector_Intrinsics_vec128 f3 = Lib_IntVector_Intrinsics_vec128_insert64(acc3, 0ULL, 1U);
+  Lib_IntVector_Intrinsics_vec128 f4 = Lib_IntVector_Intrinsics_vec128_insert64(acc4, 0ULL, 1U);
   Lib_IntVector_Intrinsics_vec128 f01 = Lib_IntVector_Intrinsics_vec128_add64(f0, e0);
   Lib_IntVector_Intrinsics_vec128 f11 = Lib_IntVector_Intrinsics_vec128_add64(f1, e1);
   Lib_IntVector_Intrinsics_vec128 f21 = Lib_IntVector_Intrinsics_vec128_add64(f2, e2);
@@ -109,13 +98,13 @@ Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc,
 }
 
 void
-Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
+Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize(
   Lib_IntVector_Intrinsics_vec128 *out,
   Lib_IntVector_Intrinsics_vec128 *p
 )
 {
   Lib_IntVector_Intrinsics_vec128 *r = p;
-  Lib_IntVector_Intrinsics_vec128 *r2 = p + (uint32_t)10U;
+  Lib_IntVector_Intrinsics_vec128 *r2 = p + 10U;
   Lib_IntVector_Intrinsics_vec128 a0 = out[0U];
   Lib_IntVector_Intrinsics_vec128 a1 = out[1U];
   Lib_IntVector_Intrinsics_vec128 a2 = out[2U];
@@ -141,14 +130,10 @@ Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
   r231 = Lib_IntVector_Intrinsics_vec128_interleave_low64(r23, r13);
   Lib_IntVector_Intrinsics_vec128
   r241 = Lib_IntVector_Intrinsics_vec128_interleave_low64(r24, r14);
-  Lib_IntVector_Intrinsics_vec128
-  r251 = Lib_IntVector_Intrinsics_vec128_smul64(r211, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec128
-  r252 = Lib_IntVector_Intrinsics_vec128_smul64(r221, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec128
-  r253 = Lib_IntVector_Intrinsics_vec128_smul64(r231, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec128
-  r254 = Lib_IntVector_Intrinsics_vec128_smul64(r241, (uint64_t)5U);
+  Lib_IntVector_Intrinsics_vec128 r251 = Lib_IntVector_Intrinsics_vec128_smul64(r211, 5ULL);
+  Lib_IntVector_Intrinsics_vec128 r252 = Lib_IntVector_Intrinsics_vec128_smul64(r221, 5ULL);
+  Lib_IntVector_Intrinsics_vec128 r253 = Lib_IntVector_Intrinsics_vec128_smul64(r231, 5ULL);
+  Lib_IntVector_Intrinsics_vec128 r254 = Lib_IntVector_Intrinsics_vec128_smul64(r241, 5ULL);
   Lib_IntVector_Intrinsics_vec128 a01 = Lib_IntVector_Intrinsics_vec128_mul64(r201, a0);
   Lib_IntVector_Intrinsics_vec128 a11 = Lib_IntVector_Intrinsics_vec128_mul64(r211, a0);
   Lib_IntVector_Intrinsics_vec128 a21 = Lib_IntVector_Intrinsics_vec128_mul64(r221, a0);
@@ -239,37 +224,28 @@ Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
   Lib_IntVector_Intrinsics_vec128 t2 = a25;
   Lib_IntVector_Intrinsics_vec128 t3 = a35;
   Lib_IntVector_Intrinsics_vec128 t4 = a45;
-  Lib_IntVector_Intrinsics_vec128
-  mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec128
-  z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
   Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec128
-  z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec128
-  z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -302,41 +278,36 @@ Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
   Lib_IntVector_Intrinsics_vec128
   tmp0 =
     Lib_IntVector_Intrinsics_vec128_and(l,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c0 = Lib_IntVector_Intrinsics_vec128_shift_right64(l, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c0 = Lib_IntVector_Intrinsics_vec128_shift_right64(l, 26U);
   Lib_IntVector_Intrinsics_vec128 l0 = Lib_IntVector_Intrinsics_vec128_add64(o11, c0);
   Lib_IntVector_Intrinsics_vec128
   tmp1 =
     Lib_IntVector_Intrinsics_vec128_and(l0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c1 = Lib_IntVector_Intrinsics_vec128_shift_right64(l0, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c1 = Lib_IntVector_Intrinsics_vec128_shift_right64(l0, 26U);
   Lib_IntVector_Intrinsics_vec128 l1 = Lib_IntVector_Intrinsics_vec128_add64(o21, c1);
   Lib_IntVector_Intrinsics_vec128
   tmp2 =
     Lib_IntVector_Intrinsics_vec128_and(l1,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c2 = Lib_IntVector_Intrinsics_vec128_shift_right64(l1, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c2 = Lib_IntVector_Intrinsics_vec128_shift_right64(l1, 26U);
   Lib_IntVector_Intrinsics_vec128 l2 = Lib_IntVector_Intrinsics_vec128_add64(o31, c2);
   Lib_IntVector_Intrinsics_vec128
   tmp3 =
     Lib_IntVector_Intrinsics_vec128_and(l2,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c3 = Lib_IntVector_Intrinsics_vec128_shift_right64(l2, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c3 = Lib_IntVector_Intrinsics_vec128_shift_right64(l2, 26U);
   Lib_IntVector_Intrinsics_vec128 l3 = Lib_IntVector_Intrinsics_vec128_add64(o41, c3);
   Lib_IntVector_Intrinsics_vec128
   tmp4 =
     Lib_IntVector_Intrinsics_vec128_and(l3,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c4 = Lib_IntVector_Intrinsics_vec128_shift_right64(l3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c4 = Lib_IntVector_Intrinsics_vec128_shift_right64(l3, 26U);
   Lib_IntVector_Intrinsics_vec128
   o00 =
     Lib_IntVector_Intrinsics_vec128_add64(tmp0,
-      Lib_IntVector_Intrinsics_vec128_smul64(c4, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec128_smul64(c4, 5ULL));
   Lib_IntVector_Intrinsics_vec128 o1 = tmp1;
   Lib_IntVector_Intrinsics_vec128 o2 = tmp2;
   Lib_IntVector_Intrinsics_vec128 o3 = tmp3;
@@ -348,10 +319,11 @@ Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(
   out[4U] = o4;
 }
 
-void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key)
+void
+Hacl_MAC_Poly1305_Simd128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key)
 {
   Lib_IntVector_Intrinsics_vec128 *acc = ctx;
-  Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec128 *pre = ctx + 5U;
   uint8_t *kr = key;
   acc[0U] = Lib_IntVector_Intrinsics_vec128_zero;
   acc[1U] = Lib_IntVector_Intrinsics_vec128_zero;
@@ -360,41 +332,38 @@ void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8
   acc[4U] = Lib_IntVector_Intrinsics_vec128_zero;
   uint64_t u0 = load64_le(kr);
   uint64_t lo = u0;
-  uint64_t u = load64_le(kr + (uint32_t)8U);
+  uint64_t u = load64_le(kr + 8U);
   uint64_t hi = u;
-  uint64_t mask0 = (uint64_t)0x0ffffffc0fffffffU;
-  uint64_t mask1 = (uint64_t)0x0ffffffc0ffffffcU;
+  uint64_t mask0 = 0x0ffffffc0fffffffULL;
+  uint64_t mask1 = 0x0ffffffc0ffffffcULL;
   uint64_t lo1 = lo & mask0;
   uint64_t hi1 = hi & mask1;
   Lib_IntVector_Intrinsics_vec128 *r = pre;
-  Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec128 *rn = pre + (uint32_t)10U;
-  Lib_IntVector_Intrinsics_vec128 *rn_5 = pre + (uint32_t)15U;
+  Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
+  Lib_IntVector_Intrinsics_vec128 *rn = pre + 10U;
+  Lib_IntVector_Intrinsics_vec128 *rn_5 = pre + 15U;
   Lib_IntVector_Intrinsics_vec128 r_vec0 = Lib_IntVector_Intrinsics_vec128_load64(lo1);
   Lib_IntVector_Intrinsics_vec128 r_vec1 = Lib_IntVector_Intrinsics_vec128_load64(hi1);
   Lib_IntVector_Intrinsics_vec128
   f00 =
     Lib_IntVector_Intrinsics_vec128_and(r_vec0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f15 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec0, 26U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
   f20 =
-    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec0,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec0, 52U),
       Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(r_vec1,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec128
   f30 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec1, 14U),
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec128
-  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec1, (uint32_t)40U);
+  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(r_vec1, 40U);
   Lib_IntVector_Intrinsics_vec128 f0 = f00;
   Lib_IntVector_Intrinsics_vec128 f1 = f15;
   Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -410,11 +379,11 @@ void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8
   Lib_IntVector_Intrinsics_vec128 f220 = r[2U];
   Lib_IntVector_Intrinsics_vec128 f230 = r[3U];
   Lib_IntVector_Intrinsics_vec128 f240 = r[4U];
-  r5[0U] = Lib_IntVector_Intrinsics_vec128_smul64(f200, (uint64_t)5U);
-  r5[1U] = Lib_IntVector_Intrinsics_vec128_smul64(f210, (uint64_t)5U);
-  r5[2U] = Lib_IntVector_Intrinsics_vec128_smul64(f220, (uint64_t)5U);
-  r5[3U] = Lib_IntVector_Intrinsics_vec128_smul64(f230, (uint64_t)5U);
-  r5[4U] = Lib_IntVector_Intrinsics_vec128_smul64(f240, (uint64_t)5U);
+  r5[0U] = Lib_IntVector_Intrinsics_vec128_smul64(f200, 5ULL);
+  r5[1U] = Lib_IntVector_Intrinsics_vec128_smul64(f210, 5ULL);
+  r5[2U] = Lib_IntVector_Intrinsics_vec128_smul64(f220, 5ULL);
+  r5[3U] = Lib_IntVector_Intrinsics_vec128_smul64(f230, 5ULL);
+  r5[4U] = Lib_IntVector_Intrinsics_vec128_smul64(f240, 5ULL);
   Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
   Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
   Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
@@ -511,37 +480,28 @@ void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8
   Lib_IntVector_Intrinsics_vec128 t2 = a24;
   Lib_IntVector_Intrinsics_vec128 t3 = a34;
   Lib_IntVector_Intrinsics_vec128 t4 = a44;
-  Lib_IntVector_Intrinsics_vec128
-  mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec128
-  z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
   Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec128
-  z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec128
-  z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -559,275 +519,56 @@ void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8
   Lib_IntVector_Intrinsics_vec128 f22 = rn[2U];
   Lib_IntVector_Intrinsics_vec128 f23 = rn[3U];
   Lib_IntVector_Intrinsics_vec128 f24 = rn[4U];
-  rn_5[0U] = Lib_IntVector_Intrinsics_vec128_smul64(f201, (uint64_t)5U);
-  rn_5[1U] = Lib_IntVector_Intrinsics_vec128_smul64(f21, (uint64_t)5U);
-  rn_5[2U] = Lib_IntVector_Intrinsics_vec128_smul64(f22, (uint64_t)5U);
-  rn_5[3U] = Lib_IntVector_Intrinsics_vec128_smul64(f23, (uint64_t)5U);
-  rn_5[4U] = Lib_IntVector_Intrinsics_vec128_smul64(f24, (uint64_t)5U);
-}
-
-void Hacl_Poly1305_128_poly1305_update1(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *text)
-{
-  Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec128 *acc = ctx;
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
-  uint64_t u0 = load64_le(text);
-  uint64_t lo = u0;
-  uint64_t u = load64_le(text + (uint32_t)8U);
-  uint64_t hi = u;
-  Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
-  Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
-  Lib_IntVector_Intrinsics_vec128
-  f010 =
-    Lib_IntVector_Intrinsics_vec128_and(f0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f110 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f20 =
-    Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-        (uint32_t)52U),
-      Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
-  Lib_IntVector_Intrinsics_vec128
-  f30 =
-    Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
-  Lib_IntVector_Intrinsics_vec128 f01 = f010;
-  Lib_IntVector_Intrinsics_vec128 f111 = f110;
-  Lib_IntVector_Intrinsics_vec128 f2 = f20;
-  Lib_IntVector_Intrinsics_vec128 f3 = f30;
-  Lib_IntVector_Intrinsics_vec128 f41 = f40;
-  e[0U] = f01;
-  e[1U] = f111;
-  e[2U] = f2;
-  e[3U] = f3;
-  e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
-  Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
-  Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
-  e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
-  Lib_IntVector_Intrinsics_vec128 *r = pre;
-  Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
-  Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
-  Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
-  Lib_IntVector_Intrinsics_vec128 r3 = r[3U];
-  Lib_IntVector_Intrinsics_vec128 r4 = r[4U];
-  Lib_IntVector_Intrinsics_vec128 r51 = r5[1U];
-  Lib_IntVector_Intrinsics_vec128 r52 = r5[2U];
-  Lib_IntVector_Intrinsics_vec128 r53 = r5[3U];
-  Lib_IntVector_Intrinsics_vec128 r54 = r5[4U];
-  Lib_IntVector_Intrinsics_vec128 f10 = e[0U];
-  Lib_IntVector_Intrinsics_vec128 f11 = e[1U];
-  Lib_IntVector_Intrinsics_vec128 f12 = e[2U];
-  Lib_IntVector_Intrinsics_vec128 f13 = e[3U];
-  Lib_IntVector_Intrinsics_vec128 f14 = e[4U];
-  Lib_IntVector_Intrinsics_vec128 a0 = acc[0U];
-  Lib_IntVector_Intrinsics_vec128 a1 = acc[1U];
-  Lib_IntVector_Intrinsics_vec128 a2 = acc[2U];
-  Lib_IntVector_Intrinsics_vec128 a3 = acc[3U];
-  Lib_IntVector_Intrinsics_vec128 a4 = acc[4U];
-  Lib_IntVector_Intrinsics_vec128 a01 = Lib_IntVector_Intrinsics_vec128_add64(a0, f10);
-  Lib_IntVector_Intrinsics_vec128 a11 = Lib_IntVector_Intrinsics_vec128_add64(a1, f11);
-  Lib_IntVector_Intrinsics_vec128 a21 = Lib_IntVector_Intrinsics_vec128_add64(a2, f12);
-  Lib_IntVector_Intrinsics_vec128 a31 = Lib_IntVector_Intrinsics_vec128_add64(a3, f13);
-  Lib_IntVector_Intrinsics_vec128 a41 = Lib_IntVector_Intrinsics_vec128_add64(a4, f14);
-  Lib_IntVector_Intrinsics_vec128 a02 = Lib_IntVector_Intrinsics_vec128_mul64(r0, a01);
-  Lib_IntVector_Intrinsics_vec128 a12 = Lib_IntVector_Intrinsics_vec128_mul64(r1, a01);
-  Lib_IntVector_Intrinsics_vec128 a22 = Lib_IntVector_Intrinsics_vec128_mul64(r2, a01);
-  Lib_IntVector_Intrinsics_vec128 a32 = Lib_IntVector_Intrinsics_vec128_mul64(r3, a01);
-  Lib_IntVector_Intrinsics_vec128 a42 = Lib_IntVector_Intrinsics_vec128_mul64(r4, a01);
-  Lib_IntVector_Intrinsics_vec128
-  a03 =
-    Lib_IntVector_Intrinsics_vec128_add64(a02,
-      Lib_IntVector_Intrinsics_vec128_mul64(r54, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a13 =
-    Lib_IntVector_Intrinsics_vec128_add64(a12,
-      Lib_IntVector_Intrinsics_vec128_mul64(r0, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a23 =
-    Lib_IntVector_Intrinsics_vec128_add64(a22,
-      Lib_IntVector_Intrinsics_vec128_mul64(r1, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a33 =
-    Lib_IntVector_Intrinsics_vec128_add64(a32,
-      Lib_IntVector_Intrinsics_vec128_mul64(r2, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a43 =
-    Lib_IntVector_Intrinsics_vec128_add64(a42,
-      Lib_IntVector_Intrinsics_vec128_mul64(r3, a11));
-  Lib_IntVector_Intrinsics_vec128
-  a04 =
-    Lib_IntVector_Intrinsics_vec128_add64(a03,
-      Lib_IntVector_Intrinsics_vec128_mul64(r53, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a14 =
-    Lib_IntVector_Intrinsics_vec128_add64(a13,
-      Lib_IntVector_Intrinsics_vec128_mul64(r54, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a24 =
-    Lib_IntVector_Intrinsics_vec128_add64(a23,
-      Lib_IntVector_Intrinsics_vec128_mul64(r0, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a34 =
-    Lib_IntVector_Intrinsics_vec128_add64(a33,
-      Lib_IntVector_Intrinsics_vec128_mul64(r1, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a44 =
-    Lib_IntVector_Intrinsics_vec128_add64(a43,
-      Lib_IntVector_Intrinsics_vec128_mul64(r2, a21));
-  Lib_IntVector_Intrinsics_vec128
-  a05 =
-    Lib_IntVector_Intrinsics_vec128_add64(a04,
-      Lib_IntVector_Intrinsics_vec128_mul64(r52, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a15 =
-    Lib_IntVector_Intrinsics_vec128_add64(a14,
-      Lib_IntVector_Intrinsics_vec128_mul64(r53, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a25 =
-    Lib_IntVector_Intrinsics_vec128_add64(a24,
-      Lib_IntVector_Intrinsics_vec128_mul64(r54, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a35 =
-    Lib_IntVector_Intrinsics_vec128_add64(a34,
-      Lib_IntVector_Intrinsics_vec128_mul64(r0, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a45 =
-    Lib_IntVector_Intrinsics_vec128_add64(a44,
-      Lib_IntVector_Intrinsics_vec128_mul64(r1, a31));
-  Lib_IntVector_Intrinsics_vec128
-  a06 =
-    Lib_IntVector_Intrinsics_vec128_add64(a05,
-      Lib_IntVector_Intrinsics_vec128_mul64(r51, a41));
-  Lib_IntVector_Intrinsics_vec128
-  a16 =
-    Lib_IntVector_Intrinsics_vec128_add64(a15,
-      Lib_IntVector_Intrinsics_vec128_mul64(r52, a41));
-  Lib_IntVector_Intrinsics_vec128
-  a26 =
-    Lib_IntVector_Intrinsics_vec128_add64(a25,
-      Lib_IntVector_Intrinsics_vec128_mul64(r53, a41));
-  Lib_IntVector_Intrinsics_vec128
-  a36 =
-    Lib_IntVector_Intrinsics_vec128_add64(a35,
-      Lib_IntVector_Intrinsics_vec128_mul64(r54, a41));
-  Lib_IntVector_Intrinsics_vec128
-  a46 =
-    Lib_IntVector_Intrinsics_vec128_add64(a45,
-      Lib_IntVector_Intrinsics_vec128_mul64(r0, a41));
-  Lib_IntVector_Intrinsics_vec128 t0 = a06;
-  Lib_IntVector_Intrinsics_vec128 t1 = a16;
-  Lib_IntVector_Intrinsics_vec128 t2 = a26;
-  Lib_IntVector_Intrinsics_vec128 t3 = a36;
-  Lib_IntVector_Intrinsics_vec128 t4 = a46;
-  Lib_IntVector_Intrinsics_vec128
-  mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t0, mask26);
-  Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
-  Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
-  Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec128
-  z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
-  Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
-  Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
-  Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
-  Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
-  Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec128
-  z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128
-  z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
-  Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
-  Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
-  Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec128
-  z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
-  Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
-  Lib_IntVector_Intrinsics_vec128 o0 = x02;
-  Lib_IntVector_Intrinsics_vec128 o1 = x12;
-  Lib_IntVector_Intrinsics_vec128 o2 = x21;
-  Lib_IntVector_Intrinsics_vec128 o3 = x32;
-  Lib_IntVector_Intrinsics_vec128 o4 = x42;
-  acc[0U] = o0;
-  acc[1U] = o1;
-  acc[2U] = o2;
-  acc[3U] = o3;
-  acc[4U] = o4;
+  rn_5[0U] = Lib_IntVector_Intrinsics_vec128_smul64(f201, 5ULL);
+  rn_5[1U] = Lib_IntVector_Intrinsics_vec128_smul64(f21, 5ULL);
+  rn_5[2U] = Lib_IntVector_Intrinsics_vec128_smul64(f22, 5ULL);
+  rn_5[3U] = Lib_IntVector_Intrinsics_vec128_smul64(f23, 5ULL);
+  rn_5[4U] = Lib_IntVector_Intrinsics_vec128_smul64(f24, 5ULL);
 }
 
-void
-Hacl_Poly1305_128_poly1305_update(
-  Lib_IntVector_Intrinsics_vec128 *ctx,
-  uint32_t len,
-  uint8_t *text
-)
+static void poly1305_update(Lib_IntVector_Intrinsics_vec128 *ctx, uint32_t len, uint8_t *text)
 {
-  Lib_IntVector_Intrinsics_vec128 *pre = ctx + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec128 *pre = ctx + 5U;
   Lib_IntVector_Intrinsics_vec128 *acc = ctx;
-  uint32_t sz_block = (uint32_t)32U;
+  uint32_t sz_block = 32U;
   uint32_t len0 = len / sz_block * sz_block;
   uint8_t *t0 = text;
-  if (len0 > (uint32_t)0U)
+  if (len0 > 0U)
   {
-    uint32_t bs = (uint32_t)32U;
+    uint32_t bs = 32U;
     uint8_t *text0 = t0;
-    Hacl_Impl_Poly1305_Field32xN_128_load_acc2(acc, text0);
+    Hacl_MAC_Poly1305_Simd128_load_acc2(acc, text0);
     uint32_t len1 = len0 - bs;
     uint8_t *text1 = t0 + bs;
     uint32_t nb = len1 / bs;
-    for (uint32_t i = (uint32_t)0U; i < nb; i++)
+    for (uint32_t i = 0U; i < nb; i++)
     {
       uint8_t *block = text1 + i * bs;
       KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
       Lib_IntVector_Intrinsics_vec128 b1 = Lib_IntVector_Intrinsics_vec128_load64_le(block);
-      Lib_IntVector_Intrinsics_vec128
-      b2 = Lib_IntVector_Intrinsics_vec128_load64_le(block + (uint32_t)16U);
+      Lib_IntVector_Intrinsics_vec128 b2 = Lib_IntVector_Intrinsics_vec128_load64_le(block + 16U);
       Lib_IntVector_Intrinsics_vec128 lo = Lib_IntVector_Intrinsics_vec128_interleave_low64(b1, b2);
       Lib_IntVector_Intrinsics_vec128
       hi = Lib_IntVector_Intrinsics_vec128_interleave_high64(b1, b2);
       Lib_IntVector_Intrinsics_vec128
       f00 =
         Lib_IntVector_Intrinsics_vec128_and(lo,
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
       Lib_IntVector_Intrinsics_vec128
       f15 =
-        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-            (uint32_t)26U),
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 26U),
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
       Lib_IntVector_Intrinsics_vec128
       f25 =
-        Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo,
-            (uint32_t)52U),
+        Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(lo, 52U),
           Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(hi,
-              Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-            (uint32_t)12U));
+              Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+            12U));
       Lib_IntVector_Intrinsics_vec128
       f30 =
-        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi,
-            (uint32_t)14U),
-          Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-      Lib_IntVector_Intrinsics_vec128
-      f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, (uint32_t)40U);
+        Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 14U),
+          Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+      Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(hi, 40U);
       Lib_IntVector_Intrinsics_vec128 f0 = f00;
       Lib_IntVector_Intrinsics_vec128 f1 = f15;
       Lib_IntVector_Intrinsics_vec128 f2 = f25;
@@ -838,12 +579,12 @@ Hacl_Poly1305_128_poly1305_update(
       e[2U] = f2;
       e[3U] = f3;
       e[4U] = f41;
-      uint64_t b = (uint64_t)0x1000000U;
+      uint64_t b = 0x1000000ULL;
       Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
       Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
       e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
-      Lib_IntVector_Intrinsics_vec128 *rn = pre + (uint32_t)10U;
-      Lib_IntVector_Intrinsics_vec128 *rn5 = pre + (uint32_t)15U;
+      Lib_IntVector_Intrinsics_vec128 *rn = pre + 10U;
+      Lib_IntVector_Intrinsics_vec128 *rn5 = pre + 15U;
       Lib_IntVector_Intrinsics_vec128 r0 = rn[0U];
       Lib_IntVector_Intrinsics_vec128 r1 = rn[1U];
       Lib_IntVector_Intrinsics_vec128 r2 = rn[2U];
@@ -948,37 +689,28 @@ Hacl_Poly1305_128_poly1305_update(
       Lib_IntVector_Intrinsics_vec128 t2 = a24;
       Lib_IntVector_Intrinsics_vec128 t3 = a34;
       Lib_IntVector_Intrinsics_vec128 t4 = a44;
-      Lib_IntVector_Intrinsics_vec128
-      mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-      Lib_IntVector_Intrinsics_vec128
-      z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+      Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+      Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
       Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
       Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
       Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t1, z0);
       Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-      Lib_IntVector_Intrinsics_vec128
-      z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+      Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+      Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+      Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
       Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
       Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
       Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
       Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
       Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-      Lib_IntVector_Intrinsics_vec128
-      z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec128
-      z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+      Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
       Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
       Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
       Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
       Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-      Lib_IntVector_Intrinsics_vec128
-      z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
       Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
       Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
       Lib_IntVector_Intrinsics_vec128 o00 = x02;
@@ -1012,45 +744,41 @@ Hacl_Poly1305_128_poly1305_update(
       acc[3U] = o3;
       acc[4U] = o4;
     }
-    Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize(acc, pre);
+    Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize(acc, pre);
   }
   uint32_t len1 = len - len0;
   uint8_t *t1 = text + len0;
-  uint32_t nb = len1 / (uint32_t)16U;
-  uint32_t rem = len1 % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = len1 / 16U;
+  uint32_t rem = len1 % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = t1 + i * (uint32_t)16U;
+    uint8_t *block = t1 + i * 16U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -1061,12 +789,12 @@ Hacl_Poly1305_128_poly1305_update(
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
     Lib_IntVector_Intrinsics_vec128 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec128_or(f4, mask);
     Lib_IntVector_Intrinsics_vec128 *r = pre;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
     Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
@@ -1181,37 +909,28 @@ Hacl_Poly1305_128_poly1305_update(
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -1225,41 +944,37 @@ Hacl_Poly1305_128_poly1305_update(
     acc[3U] = o3;
     acc[4U] = o4;
   }
-  if (rem > (uint32_t)0U)
+  if (rem > 0U)
   {
-    uint8_t *last = t1 + nb * (uint32_t)16U;
+    uint8_t *last = t1 + nb * 16U;
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 e[5U] KRML_POST_ALIGN(16) = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec128 f0 = Lib_IntVector_Intrinsics_vec128_load64(lo);
     Lib_IntVector_Intrinsics_vec128 f1 = Lib_IntVector_Intrinsics_vec128_load64(hi);
     Lib_IntVector_Intrinsics_vec128
     f010 =
       Lib_IntVector_Intrinsics_vec128_and(f0,
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f110 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec128
     f20 =
-      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec128_or(Lib_IntVector_Intrinsics_vec128_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec128_shift_left64(Lib_IntVector_Intrinsics_vec128_and(f1,
-            Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec128_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec128
     f30 =
-      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec128
-    f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec128 f40 = Lib_IntVector_Intrinsics_vec128_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec128 f01 = f010;
     Lib_IntVector_Intrinsics_vec128 f111 = f110;
     Lib_IntVector_Intrinsics_vec128 f2 = f20;
@@ -1270,12 +985,12 @@ Hacl_Poly1305_128_poly1305_update(
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem * 8U % 26U;
     Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_load64(b);
-    Lib_IntVector_Intrinsics_vec128 fi = e[rem * (uint32_t)8U / (uint32_t)26U];
-    e[rem * (uint32_t)8U / (uint32_t)26U] = Lib_IntVector_Intrinsics_vec128_or(fi, mask);
+    Lib_IntVector_Intrinsics_vec128 fi = e[rem * 8U / 26U];
+    e[rem * 8U / 26U] = Lib_IntVector_Intrinsics_vec128_or(fi, mask);
     Lib_IntVector_Intrinsics_vec128 *r = pre;
-    Lib_IntVector_Intrinsics_vec128 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec128 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec128 r0 = r[0U];
     Lib_IntVector_Intrinsics_vec128 r1 = r[1U];
     Lib_IntVector_Intrinsics_vec128 r2 = r[2U];
@@ -1390,37 +1105,28 @@ Hacl_Poly1305_128_poly1305_update(
     Lib_IntVector_Intrinsics_vec128 t2 = a26;
     Lib_IntVector_Intrinsics_vec128 t3 = a36;
     Lib_IntVector_Intrinsics_vec128 t4 = a46;
-    Lib_IntVector_Intrinsics_vec128
-    mask26 = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec128
-    z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 mask26 = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec128 z0 = Lib_IntVector_Intrinsics_vec128_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec128 z1 = Lib_IntVector_Intrinsics_vec128_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec128 x0 = Lib_IntVector_Intrinsics_vec128_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec128 x3 = Lib_IntVector_Intrinsics_vec128_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec128 x1 = Lib_IntVector_Intrinsics_vec128_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec128 x4 = Lib_IntVector_Intrinsics_vec128_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec128
-    z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec128 z01 = Lib_IntVector_Intrinsics_vec128_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec128 z11 = Lib_IntVector_Intrinsics_vec128_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec128 t = Lib_IntVector_Intrinsics_vec128_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec128 z12 = Lib_IntVector_Intrinsics_vec128_add64(z11, t);
     Lib_IntVector_Intrinsics_vec128 x11 = Lib_IntVector_Intrinsics_vec128_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec128 x41 = Lib_IntVector_Intrinsics_vec128_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec128 x2 = Lib_IntVector_Intrinsics_vec128_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec128 x01 = Lib_IntVector_Intrinsics_vec128_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec128
-    z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec128
-    z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z02 = Lib_IntVector_Intrinsics_vec128_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec128 z13 = Lib_IntVector_Intrinsics_vec128_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec128 x21 = Lib_IntVector_Intrinsics_vec128_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec128 x02 = Lib_IntVector_Intrinsics_vec128_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec128 x31 = Lib_IntVector_Intrinsics_vec128_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec128 x12 = Lib_IntVector_Intrinsics_vec128_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec128
-    z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec128 z03 = Lib_IntVector_Intrinsics_vec128_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec128 x32 = Lib_IntVector_Intrinsics_vec128_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec128 x42 = Lib_IntVector_Intrinsics_vec128_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec128 o0 = x02;
@@ -1438,14 +1144,14 @@ Hacl_Poly1305_128_poly1305_update(
 }
 
 void
-Hacl_Poly1305_128_poly1305_finish(
+Hacl_MAC_Poly1305_Simd128_poly1305_finish(
   uint8_t *tag,
   uint8_t *key,
   Lib_IntVector_Intrinsics_vec128 *ctx
 )
 {
   Lib_IntVector_Intrinsics_vec128 *acc = ctx;
-  uint8_t *ks = key + (uint32_t)16U;
+  uint8_t *ks = key + 16U;
   Lib_IntVector_Intrinsics_vec128 f0 = acc[0U];
   Lib_IntVector_Intrinsics_vec128 f13 = acc[1U];
   Lib_IntVector_Intrinsics_vec128 f23 = acc[2U];
@@ -1456,41 +1162,36 @@ Hacl_Poly1305_128_poly1305_finish(
   Lib_IntVector_Intrinsics_vec128
   tmp00 =
     Lib_IntVector_Intrinsics_vec128_and(l0,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c00 = Lib_IntVector_Intrinsics_vec128_shift_right64(l0, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c00 = Lib_IntVector_Intrinsics_vec128_shift_right64(l0, 26U);
   Lib_IntVector_Intrinsics_vec128 l1 = Lib_IntVector_Intrinsics_vec128_add64(f13, c00);
   Lib_IntVector_Intrinsics_vec128
   tmp10 =
     Lib_IntVector_Intrinsics_vec128_and(l1,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c10 = Lib_IntVector_Intrinsics_vec128_shift_right64(l1, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c10 = Lib_IntVector_Intrinsics_vec128_shift_right64(l1, 26U);
   Lib_IntVector_Intrinsics_vec128 l2 = Lib_IntVector_Intrinsics_vec128_add64(f23, c10);
   Lib_IntVector_Intrinsics_vec128
   tmp20 =
     Lib_IntVector_Intrinsics_vec128_and(l2,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c20 = Lib_IntVector_Intrinsics_vec128_shift_right64(l2, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c20 = Lib_IntVector_Intrinsics_vec128_shift_right64(l2, 26U);
   Lib_IntVector_Intrinsics_vec128 l3 = Lib_IntVector_Intrinsics_vec128_add64(f33, c20);
   Lib_IntVector_Intrinsics_vec128
   tmp30 =
     Lib_IntVector_Intrinsics_vec128_and(l3,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c30 = Lib_IntVector_Intrinsics_vec128_shift_right64(l3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c30 = Lib_IntVector_Intrinsics_vec128_shift_right64(l3, 26U);
   Lib_IntVector_Intrinsics_vec128 l4 = Lib_IntVector_Intrinsics_vec128_add64(f40, c30);
   Lib_IntVector_Intrinsics_vec128
   tmp40 =
     Lib_IntVector_Intrinsics_vec128_and(l4,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c40 = Lib_IntVector_Intrinsics_vec128_shift_right64(l4, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c40 = Lib_IntVector_Intrinsics_vec128_shift_right64(l4, 26U);
   Lib_IntVector_Intrinsics_vec128
   f010 =
     Lib_IntVector_Intrinsics_vec128_add64(tmp00,
-      Lib_IntVector_Intrinsics_vec128_smul64(c40, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec128_smul64(c40, 5ULL));
   Lib_IntVector_Intrinsics_vec128 f110 = tmp10;
   Lib_IntVector_Intrinsics_vec128 f210 = tmp20;
   Lib_IntVector_Intrinsics_vec128 f310 = tmp30;
@@ -1500,49 +1201,42 @@ Hacl_Poly1305_128_poly1305_finish(
   Lib_IntVector_Intrinsics_vec128
   tmp0 =
     Lib_IntVector_Intrinsics_vec128_and(l,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c0 = Lib_IntVector_Intrinsics_vec128_shift_right64(l, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c0 = Lib_IntVector_Intrinsics_vec128_shift_right64(l, 26U);
   Lib_IntVector_Intrinsics_vec128 l5 = Lib_IntVector_Intrinsics_vec128_add64(f110, c0);
   Lib_IntVector_Intrinsics_vec128
   tmp1 =
     Lib_IntVector_Intrinsics_vec128_and(l5,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c1 = Lib_IntVector_Intrinsics_vec128_shift_right64(l5, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c1 = Lib_IntVector_Intrinsics_vec128_shift_right64(l5, 26U);
   Lib_IntVector_Intrinsics_vec128 l6 = Lib_IntVector_Intrinsics_vec128_add64(f210, c1);
   Lib_IntVector_Intrinsics_vec128
   tmp2 =
     Lib_IntVector_Intrinsics_vec128_and(l6,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c2 = Lib_IntVector_Intrinsics_vec128_shift_right64(l6, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c2 = Lib_IntVector_Intrinsics_vec128_shift_right64(l6, 26U);
   Lib_IntVector_Intrinsics_vec128 l7 = Lib_IntVector_Intrinsics_vec128_add64(f310, c2);
   Lib_IntVector_Intrinsics_vec128
   tmp3 =
     Lib_IntVector_Intrinsics_vec128_and(l7,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c3 = Lib_IntVector_Intrinsics_vec128_shift_right64(l7, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c3 = Lib_IntVector_Intrinsics_vec128_shift_right64(l7, 26U);
   Lib_IntVector_Intrinsics_vec128 l8 = Lib_IntVector_Intrinsics_vec128_add64(f410, c3);
   Lib_IntVector_Intrinsics_vec128
   tmp4 =
     Lib_IntVector_Intrinsics_vec128_and(l8,
-      Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec128
-  c4 = Lib_IntVector_Intrinsics_vec128_shift_right64(l8, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec128 c4 = Lib_IntVector_Intrinsics_vec128_shift_right64(l8, 26U);
   Lib_IntVector_Intrinsics_vec128
   f02 =
     Lib_IntVector_Intrinsics_vec128_add64(tmp0,
-      Lib_IntVector_Intrinsics_vec128_smul64(c4, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec128_smul64(c4, 5ULL));
   Lib_IntVector_Intrinsics_vec128 f12 = tmp1;
   Lib_IntVector_Intrinsics_vec128 f22 = tmp2;
   Lib_IntVector_Intrinsics_vec128 f32 = tmp3;
   Lib_IntVector_Intrinsics_vec128 f42 = tmp4;
-  Lib_IntVector_Intrinsics_vec128
-  mh = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec128
-  ml = Lib_IntVector_Intrinsics_vec128_load64((uint64_t)0x3fffffbU);
+  Lib_IntVector_Intrinsics_vec128 mh = Lib_IntVector_Intrinsics_vec128_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec128 ml = Lib_IntVector_Intrinsics_vec128_load64(0x3fffffbULL);
   Lib_IntVector_Intrinsics_vec128 mask = Lib_IntVector_Intrinsics_vec128_eq64(f42, mh);
   Lib_IntVector_Intrinsics_vec128
   mask1 =
@@ -1582,36 +1276,334 @@ Hacl_Poly1305_128_poly1305_finish(
   Lib_IntVector_Intrinsics_vec128 f2 = acc[2U];
   Lib_IntVector_Intrinsics_vec128 f3 = acc[3U];
   Lib_IntVector_Intrinsics_vec128 f4 = acc[4U];
-  uint64_t f01 = Lib_IntVector_Intrinsics_vec128_extract64(f00, (uint32_t)0U);
-  uint64_t f112 = Lib_IntVector_Intrinsics_vec128_extract64(f1, (uint32_t)0U);
-  uint64_t f212 = Lib_IntVector_Intrinsics_vec128_extract64(f2, (uint32_t)0U);
-  uint64_t f312 = Lib_IntVector_Intrinsics_vec128_extract64(f3, (uint32_t)0U);
-  uint64_t f41 = Lib_IntVector_Intrinsics_vec128_extract64(f4, (uint32_t)0U);
-  uint64_t lo = (f01 | f112 << (uint32_t)26U) | f212 << (uint32_t)52U;
-  uint64_t hi = (f212 >> (uint32_t)12U | f312 << (uint32_t)14U) | f41 << (uint32_t)40U;
+  uint64_t f01 = Lib_IntVector_Intrinsics_vec128_extract64(f00, 0U);
+  uint64_t f112 = Lib_IntVector_Intrinsics_vec128_extract64(f1, 0U);
+  uint64_t f212 = Lib_IntVector_Intrinsics_vec128_extract64(f2, 0U);
+  uint64_t f312 = Lib_IntVector_Intrinsics_vec128_extract64(f3, 0U);
+  uint64_t f41 = Lib_IntVector_Intrinsics_vec128_extract64(f4, 0U);
+  uint64_t lo = (f01 | f112 << 26U) | f212 << 52U;
+  uint64_t hi = (f212 >> 12U | f312 << 14U) | f41 << 40U;
   uint64_t f10 = lo;
   uint64_t f11 = hi;
   uint64_t u0 = load64_le(ks);
   uint64_t lo0 = u0;
-  uint64_t u = load64_le(ks + (uint32_t)8U);
+  uint64_t u = load64_le(ks + 8U);
   uint64_t hi0 = u;
   uint64_t f20 = lo0;
   uint64_t f21 = hi0;
   uint64_t r0 = f10 + f20;
   uint64_t r1 = f11 + f21;
-  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> (uint32_t)63U;
+  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> 63U;
   uint64_t r11 = r1 + c;
   uint64_t f30 = r0;
   uint64_t f31 = r11;
   store64_le(tag, f30);
-  store64_le(tag + (uint32_t)8U, f31);
+  store64_le(tag + 8U, f31);
+}
+
+Hacl_MAC_Poly1305_Simd128_state_t *Hacl_MAC_Poly1305_Simd128_malloc(uint8_t *key)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+  Lib_IntVector_Intrinsics_vec128
+  *r1 =
+    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
+      sizeof (Lib_IntVector_Intrinsics_vec128) * 25U);
+  memset(r1, 0U, 25U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Lib_IntVector_Intrinsics_vec128 *block_state = r1;
+  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_0 = k_;
+  Hacl_MAC_Poly1305_Simd128_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_0 };
+  Hacl_MAC_Poly1305_Simd128_state_t
+  *p =
+    (Hacl_MAC_Poly1305_Simd128_state_t *)KRML_HOST_MALLOC(sizeof (
+        Hacl_MAC_Poly1305_Simd128_state_t
+      ));
+  p[0U] = s;
+  Hacl_MAC_Poly1305_Simd128_poly1305_init(block_state, key);
+  return p;
+}
+
+void Hacl_MAC_Poly1305_Simd128_reset(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *key)
+{
+  Hacl_MAC_Poly1305_Simd128_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
+  Hacl_MAC_Poly1305_Simd128_poly1305_init(block_state, key);
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_1 = k_;
+  Hacl_MAC_Poly1305_Simd128_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_1 };
+  state[0U] = tmp;
 }
 
-void Hacl_Poly1305_128_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key)
+/**
+0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_MAC_Poly1305_Simd128_update(
+  Hacl_MAC_Poly1305_Simd128_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+)
+{
+  Hacl_MAC_Poly1305_Simd128_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)32U == 0ULL && total_len > 0ULL)
+  {
+    sz = 32U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)32U);
+  }
+  if (chunk_len <= 32U - sz)
+  {
+    Hacl_MAC_Poly1305_Simd128_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec128 *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)32U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 32U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)32U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_MAC_Poly1305_Simd128_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec128 *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)32U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 32U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)32U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 32U, buf);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)32U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 32U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)32U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 32U;
+    uint32_t data1_len = n_blocks * 32U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len,
+          .p_key = k_1
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 32U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_MAC_Poly1305_Simd128_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec128 *block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)32U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 32U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)32U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd128_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+    Hacl_MAC_Poly1305_Simd128_state_t s10 = *state;
+    Lib_IntVector_Intrinsics_vec128 *block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint8_t *k_10 = s10.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)32U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 32U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)32U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 32U, buf);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)32U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 32U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)32U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 32U;
+    uint32_t data1_len = n_blocks * 32U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd128_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff),
+          .p_key = k_10
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+void
+Hacl_MAC_Poly1305_Simd128_digest(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *output)
+{
+  Hacl_MAC_Poly1305_Simd128_state_t scrut = *state;
+  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint8_t *k_ = scrut.p_key;
+  uint32_t r;
+  if (total_len % (uint64_t)32U == 0ULL && total_len > 0ULL)
+  {
+    r = 32U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)32U);
+  }
+  uint8_t *buf_1 = buf_;
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 r1[25U] KRML_POST_ALIGN(16) = { 0U };
+  Lib_IntVector_Intrinsics_vec128 *tmp_block_state = r1;
+  memcpy(tmp_block_state, block_state, 25U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  uint32_t ite0;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite0 = 16U;
+  }
+  else
+  {
+    ite0 = r % 16U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite0;
+  uint8_t *buf_multi = buf_1;
+  uint32_t ite;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite = 16U;
+  }
+  else
+  {
+    ite = r % 16U;
+  }
+  poly1305_update(tmp_block_state, r - ite, buf_multi);
+  uint32_t ite1;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite1 = 16U;
+  }
+  else
+  {
+    ite1 = r % 16U;
+  }
+  poly1305_update(tmp_block_state, ite1, buf_last);
+  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 tmp[25U] KRML_POST_ALIGN(16) = { 0U };
+  memcpy(tmp, tmp_block_state, 25U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  Hacl_MAC_Poly1305_Simd128_poly1305_finish(output, k_, tmp);
+}
+
+void Hacl_MAC_Poly1305_Simd128_free(Hacl_MAC_Poly1305_Simd128_state_t *state)
+{
+  Hacl_MAC_Poly1305_Simd128_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
+  KRML_HOST_FREE(k_);
+  KRML_ALIGNED_FREE(block_state);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+void
+Hacl_MAC_Poly1305_Simd128_mac(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key
+)
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ctx[25U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Poly1305_128_poly1305_init(ctx, key);
-  Hacl_Poly1305_128_poly1305_update(ctx, len, text);
-  Hacl_Poly1305_128_poly1305_finish(tag, key, ctx);
+  Hacl_MAC_Poly1305_Simd128_poly1305_init(ctx, key);
+  poly1305_update(ctx, input_len, input);
+  Hacl_MAC_Poly1305_Simd128_poly1305_finish(output, key, ctx);
 }
 
diff --git a/src/Hacl_Poly1305_256.c b/src/msvc/Hacl_MAC_Poly1305_Simd256.c
similarity index 71%
rename from src/Hacl_Poly1305_256.c
rename to src/msvc/Hacl_MAC_Poly1305_Simd256.c
index db28cdc7..f25e8fff 100644
--- a/src/Hacl_Poly1305_256.c
+++ b/src/msvc/Hacl_MAC_Poly1305_Simd256.c
@@ -23,39 +23,30 @@
  */
 
 
-#include "internal/Hacl_Poly1305_256.h"
+#include "internal/Hacl_MAC_Poly1305_Simd256.h"
 
-void
-Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b)
+void Hacl_MAC_Poly1305_Simd256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
   Lib_IntVector_Intrinsics_vec256 lo = Lib_IntVector_Intrinsics_vec256_load64_le(b);
-  Lib_IntVector_Intrinsics_vec256
-  hi = Lib_IntVector_Intrinsics_vec256_load64_le(b + (uint32_t)32U);
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
+  Lib_IntVector_Intrinsics_vec256 hi = Lib_IntVector_Intrinsics_vec256_load64_le(b + 32U);
+  Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
   Lib_IntVector_Intrinsics_vec256 m0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(lo, hi);
   Lib_IntVector_Intrinsics_vec256
   m1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(lo, hi);
-  Lib_IntVector_Intrinsics_vec256
-  m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, (uint32_t)48U);
-  Lib_IntVector_Intrinsics_vec256
-  m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, (uint32_t)48U);
+  Lib_IntVector_Intrinsics_vec256 m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, 48U);
+  Lib_IntVector_Intrinsics_vec256 m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, 48U);
   Lib_IntVector_Intrinsics_vec256 m4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(m0, m1);
   Lib_IntVector_Intrinsics_vec256 t0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m0, m1);
   Lib_IntVector_Intrinsics_vec256 t3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m2, m3);
-  Lib_IntVector_Intrinsics_vec256
-  t2 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)4U);
+  Lib_IntVector_Intrinsics_vec256 t2 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 4U);
   Lib_IntVector_Intrinsics_vec256 o20 = Lib_IntVector_Intrinsics_vec256_and(t2, mask26);
-  Lib_IntVector_Intrinsics_vec256
-  t1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 t1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
   Lib_IntVector_Intrinsics_vec256 o10 = Lib_IntVector_Intrinsics_vec256_and(t1, mask26);
   Lib_IntVector_Intrinsics_vec256 o5 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
-  Lib_IntVector_Intrinsics_vec256
-  t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)30U);
+  Lib_IntVector_Intrinsics_vec256 t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 30U);
   Lib_IntVector_Intrinsics_vec256 o30 = Lib_IntVector_Intrinsics_vec256_and(t31, mask26);
-  Lib_IntVector_Intrinsics_vec256
-  o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, (uint32_t)40U);
+  Lib_IntVector_Intrinsics_vec256 o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, 40U);
   Lib_IntVector_Intrinsics_vec256 o0 = o5;
   Lib_IntVector_Intrinsics_vec256 o1 = o10;
   Lib_IntVector_Intrinsics_vec256 o2 = o20;
@@ -66,7 +57,7 @@ Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc,
   e[2U] = o2;
   e[3U] = o3;
   e[4U] = o4;
-  uint64_t b1 = (uint64_t)0x1000000U;
+  uint64_t b1 = 0x1000000ULL;
   Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b1);
   Lib_IntVector_Intrinsics_vec256 f40 = e[4U];
   e[4U] = Lib_IntVector_Intrinsics_vec256_or(f40, mask);
@@ -88,28 +79,28 @@ Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc,
   Lib_IntVector_Intrinsics_vec256
   r01 =
     Lib_IntVector_Intrinsics_vec256_insert64(r0,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc0, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc0, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256
   r11 =
     Lib_IntVector_Intrinsics_vec256_insert64(r1,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc1, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc1, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256
   r21 =
     Lib_IntVector_Intrinsics_vec256_insert64(r2,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc2, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc2, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256
   r31 =
     Lib_IntVector_Intrinsics_vec256_insert64(r3,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc3, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc3, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256
   r41 =
     Lib_IntVector_Intrinsics_vec256_insert64(r4,
-      Lib_IntVector_Intrinsics_vec256_extract64(acc4, (uint32_t)0U),
-      (uint32_t)0U);
+      Lib_IntVector_Intrinsics_vec256_extract64(acc4, 0U),
+      0U);
   Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_add64(r01, e0);
   Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_add64(r11, e1);
   Lib_IntVector_Intrinsics_vec256 f2 = Lib_IntVector_Intrinsics_vec256_add64(r21, e2);
@@ -128,14 +119,14 @@ Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc,
 }
 
 void
-Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
+Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256 *out,
   Lib_IntVector_Intrinsics_vec256 *p
 )
 {
   Lib_IntVector_Intrinsics_vec256 *r = p;
-  Lib_IntVector_Intrinsics_vec256 *r_5 = p + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec256 *r4 = p + (uint32_t)10U;
+  Lib_IntVector_Intrinsics_vec256 *r_5 = p + 5U;
+  Lib_IntVector_Intrinsics_vec256 *r4 = p + 10U;
   Lib_IntVector_Intrinsics_vec256 a0 = out[0U];
   Lib_IntVector_Intrinsics_vec256 a1 = out[1U];
   Lib_IntVector_Intrinsics_vec256 a2 = out[2U];
@@ -245,37 +236,30 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256 t20 = a250;
   Lib_IntVector_Intrinsics_vec256 t30 = a350;
   Lib_IntVector_Intrinsics_vec256 t40 = a450;
-  Lib_IntVector_Intrinsics_vec256
-  mask260 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z00 = Lib_IntVector_Intrinsics_vec256_shift_right64(t00, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask260 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z00 = Lib_IntVector_Intrinsics_vec256_shift_right64(t00, 26U);
+  Lib_IntVector_Intrinsics_vec256 z10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 26U);
   Lib_IntVector_Intrinsics_vec256 x00 = Lib_IntVector_Intrinsics_vec256_and(t00, mask260);
   Lib_IntVector_Intrinsics_vec256 x30 = Lib_IntVector_Intrinsics_vec256_and(t30, mask260);
   Lib_IntVector_Intrinsics_vec256 x10 = Lib_IntVector_Intrinsics_vec256_add64(t10, z00);
   Lib_IntVector_Intrinsics_vec256 x40 = Lib_IntVector_Intrinsics_vec256_add64(t40, z10);
-  Lib_IntVector_Intrinsics_vec256
-  z010 = Lib_IntVector_Intrinsics_vec256_shift_right64(x10, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z110 = Lib_IntVector_Intrinsics_vec256_shift_right64(x40, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t5 = Lib_IntVector_Intrinsics_vec256_shift_left64(z110, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z010 = Lib_IntVector_Intrinsics_vec256_shift_right64(x10, 26U);
+  Lib_IntVector_Intrinsics_vec256 z110 = Lib_IntVector_Intrinsics_vec256_shift_right64(x40, 26U);
+  Lib_IntVector_Intrinsics_vec256 t5 = Lib_IntVector_Intrinsics_vec256_shift_left64(z110, 2U);
   Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z110, t5);
   Lib_IntVector_Intrinsics_vec256 x110 = Lib_IntVector_Intrinsics_vec256_and(x10, mask260);
   Lib_IntVector_Intrinsics_vec256 x410 = Lib_IntVector_Intrinsics_vec256_and(x40, mask260);
   Lib_IntVector_Intrinsics_vec256 x20 = Lib_IntVector_Intrinsics_vec256_add64(t20, z010);
   Lib_IntVector_Intrinsics_vec256 x010 = Lib_IntVector_Intrinsics_vec256_add64(x00, z12);
+  Lib_IntVector_Intrinsics_vec256 z020 = Lib_IntVector_Intrinsics_vec256_shift_right64(x20, 26U);
   Lib_IntVector_Intrinsics_vec256
-  z020 = Lib_IntVector_Intrinsics_vec256_shift_right64(x20, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z130 = Lib_IntVector_Intrinsics_vec256_shift_right64(x010, (uint32_t)26U);
+  z130 = Lib_IntVector_Intrinsics_vec256_shift_right64(x010, 26U);
   Lib_IntVector_Intrinsics_vec256 x210 = Lib_IntVector_Intrinsics_vec256_and(x20, mask260);
   Lib_IntVector_Intrinsics_vec256 x020 = Lib_IntVector_Intrinsics_vec256_and(x010, mask260);
   Lib_IntVector_Intrinsics_vec256 x310 = Lib_IntVector_Intrinsics_vec256_add64(x30, z020);
   Lib_IntVector_Intrinsics_vec256 x120 = Lib_IntVector_Intrinsics_vec256_add64(x110, z130);
   Lib_IntVector_Intrinsics_vec256
-  z030 = Lib_IntVector_Intrinsics_vec256_shift_right64(x310, (uint32_t)26U);
+  z030 = Lib_IntVector_Intrinsics_vec256_shift_right64(x310, 26U);
   Lib_IntVector_Intrinsics_vec256 x320 = Lib_IntVector_Intrinsics_vec256_and(x310, mask260);
   Lib_IntVector_Intrinsics_vec256 x420 = Lib_IntVector_Intrinsics_vec256_add64(x410, z030);
   Lib_IntVector_Intrinsics_vec256 r20 = x020;
@@ -373,37 +357,30 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256 t21 = a251;
   Lib_IntVector_Intrinsics_vec256 t31 = a351;
   Lib_IntVector_Intrinsics_vec256 t41 = a451;
-  Lib_IntVector_Intrinsics_vec256
-  mask261 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z04 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z14 = Lib_IntVector_Intrinsics_vec256_shift_right64(t31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask261 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z04 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+  Lib_IntVector_Intrinsics_vec256 z14 = Lib_IntVector_Intrinsics_vec256_shift_right64(t31, 26U);
   Lib_IntVector_Intrinsics_vec256 x03 = Lib_IntVector_Intrinsics_vec256_and(t01, mask261);
   Lib_IntVector_Intrinsics_vec256 x33 = Lib_IntVector_Intrinsics_vec256_and(t31, mask261);
   Lib_IntVector_Intrinsics_vec256 x13 = Lib_IntVector_Intrinsics_vec256_add64(t11, z04);
   Lib_IntVector_Intrinsics_vec256 x43 = Lib_IntVector_Intrinsics_vec256_add64(t41, z14);
-  Lib_IntVector_Intrinsics_vec256
-  z011 = Lib_IntVector_Intrinsics_vec256_shift_right64(x13, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z111 = Lib_IntVector_Intrinsics_vec256_shift_right64(x43, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t6 = Lib_IntVector_Intrinsics_vec256_shift_left64(z111, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z011 = Lib_IntVector_Intrinsics_vec256_shift_right64(x13, 26U);
+  Lib_IntVector_Intrinsics_vec256 z111 = Lib_IntVector_Intrinsics_vec256_shift_right64(x43, 26U);
+  Lib_IntVector_Intrinsics_vec256 t6 = Lib_IntVector_Intrinsics_vec256_shift_left64(z111, 2U);
   Lib_IntVector_Intrinsics_vec256 z120 = Lib_IntVector_Intrinsics_vec256_add64(z111, t6);
   Lib_IntVector_Intrinsics_vec256 x111 = Lib_IntVector_Intrinsics_vec256_and(x13, mask261);
   Lib_IntVector_Intrinsics_vec256 x411 = Lib_IntVector_Intrinsics_vec256_and(x43, mask261);
   Lib_IntVector_Intrinsics_vec256 x22 = Lib_IntVector_Intrinsics_vec256_add64(t21, z011);
   Lib_IntVector_Intrinsics_vec256 x011 = Lib_IntVector_Intrinsics_vec256_add64(x03, z120);
+  Lib_IntVector_Intrinsics_vec256 z021 = Lib_IntVector_Intrinsics_vec256_shift_right64(x22, 26U);
   Lib_IntVector_Intrinsics_vec256
-  z021 = Lib_IntVector_Intrinsics_vec256_shift_right64(x22, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z131 = Lib_IntVector_Intrinsics_vec256_shift_right64(x011, (uint32_t)26U);
+  z131 = Lib_IntVector_Intrinsics_vec256_shift_right64(x011, 26U);
   Lib_IntVector_Intrinsics_vec256 x211 = Lib_IntVector_Intrinsics_vec256_and(x22, mask261);
   Lib_IntVector_Intrinsics_vec256 x021 = Lib_IntVector_Intrinsics_vec256_and(x011, mask261);
   Lib_IntVector_Intrinsics_vec256 x311 = Lib_IntVector_Intrinsics_vec256_add64(x33, z021);
   Lib_IntVector_Intrinsics_vec256 x121 = Lib_IntVector_Intrinsics_vec256_add64(x111, z131);
   Lib_IntVector_Intrinsics_vec256
-  z031 = Lib_IntVector_Intrinsics_vec256_shift_right64(x311, (uint32_t)26U);
+  z031 = Lib_IntVector_Intrinsics_vec256_shift_right64(x311, 26U);
   Lib_IntVector_Intrinsics_vec256 x321 = Lib_IntVector_Intrinsics_vec256_and(x311, mask261);
   Lib_IntVector_Intrinsics_vec256 x421 = Lib_IntVector_Intrinsics_vec256_add64(x411, z031);
   Lib_IntVector_Intrinsics_vec256 r30 = x021;
@@ -441,14 +418,10 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   v34344 = Lib_IntVector_Intrinsics_vec256_interleave_low64(r44, r34);
   Lib_IntVector_Intrinsics_vec256
   r12344 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v34344, v12124);
-  Lib_IntVector_Intrinsics_vec256
-  r123451 = Lib_IntVector_Intrinsics_vec256_smul64(r12341, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec256
-  r123452 = Lib_IntVector_Intrinsics_vec256_smul64(r12342, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec256
-  r123453 = Lib_IntVector_Intrinsics_vec256_smul64(r12343, (uint64_t)5U);
-  Lib_IntVector_Intrinsics_vec256
-  r123454 = Lib_IntVector_Intrinsics_vec256_smul64(r12344, (uint64_t)5U);
+  Lib_IntVector_Intrinsics_vec256 r123451 = Lib_IntVector_Intrinsics_vec256_smul64(r12341, 5ULL);
+  Lib_IntVector_Intrinsics_vec256 r123452 = Lib_IntVector_Intrinsics_vec256_smul64(r12342, 5ULL);
+  Lib_IntVector_Intrinsics_vec256 r123453 = Lib_IntVector_Intrinsics_vec256_smul64(r12343, 5ULL);
+  Lib_IntVector_Intrinsics_vec256 r123454 = Lib_IntVector_Intrinsics_vec256_smul64(r12344, 5ULL);
   Lib_IntVector_Intrinsics_vec256 a01 = Lib_IntVector_Intrinsics_vec256_mul64(r12340, a0);
   Lib_IntVector_Intrinsics_vec256 a11 = Lib_IntVector_Intrinsics_vec256_mul64(r12341, a0);
   Lib_IntVector_Intrinsics_vec256 a21 = Lib_IntVector_Intrinsics_vec256_mul64(r12342, a0);
@@ -539,37 +512,28 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256 t2 = a25;
   Lib_IntVector_Intrinsics_vec256 t3 = a35;
   Lib_IntVector_Intrinsics_vec256 t4 = a45;
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec256
-  z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec256 z121 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
   Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z121);
-  Lib_IntVector_Intrinsics_vec256
-  z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec256
-  z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -612,41 +576,36 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   Lib_IntVector_Intrinsics_vec256
   tmp0 =
     Lib_IntVector_Intrinsics_vec256_and(l,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c0 = Lib_IntVector_Intrinsics_vec256_shift_right64(l, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c0 = Lib_IntVector_Intrinsics_vec256_shift_right64(l, 26U);
   Lib_IntVector_Intrinsics_vec256 l0 = Lib_IntVector_Intrinsics_vec256_add64(v21, c0);
   Lib_IntVector_Intrinsics_vec256
   tmp1 =
     Lib_IntVector_Intrinsics_vec256_and(l0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c1 = Lib_IntVector_Intrinsics_vec256_shift_right64(l0, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c1 = Lib_IntVector_Intrinsics_vec256_shift_right64(l0, 26U);
   Lib_IntVector_Intrinsics_vec256 l1 = Lib_IntVector_Intrinsics_vec256_add64(v22, c1);
   Lib_IntVector_Intrinsics_vec256
   tmp2 =
     Lib_IntVector_Intrinsics_vec256_and(l1,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c2 = Lib_IntVector_Intrinsics_vec256_shift_right64(l1, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c2 = Lib_IntVector_Intrinsics_vec256_shift_right64(l1, 26U);
   Lib_IntVector_Intrinsics_vec256 l2 = Lib_IntVector_Intrinsics_vec256_add64(v23, c2);
   Lib_IntVector_Intrinsics_vec256
   tmp3 =
     Lib_IntVector_Intrinsics_vec256_and(l2,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c3 = Lib_IntVector_Intrinsics_vec256_shift_right64(l2, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c3 = Lib_IntVector_Intrinsics_vec256_shift_right64(l2, 26U);
   Lib_IntVector_Intrinsics_vec256 l3 = Lib_IntVector_Intrinsics_vec256_add64(v24, c3);
   Lib_IntVector_Intrinsics_vec256
   tmp4 =
     Lib_IntVector_Intrinsics_vec256_and(l3,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c4 = Lib_IntVector_Intrinsics_vec256_shift_right64(l3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c4 = Lib_IntVector_Intrinsics_vec256_shift_right64(l3, 26U);
   Lib_IntVector_Intrinsics_vec256
   o00 =
     Lib_IntVector_Intrinsics_vec256_add64(tmp0,
-      Lib_IntVector_Intrinsics_vec256_smul64(c4, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec256_smul64(c4, 5ULL));
   Lib_IntVector_Intrinsics_vec256 o1 = tmp1;
   Lib_IntVector_Intrinsics_vec256 o2 = tmp2;
   Lib_IntVector_Intrinsics_vec256 o3 = tmp3;
@@ -658,10 +617,11 @@ Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(
   out[4U] = o4;
 }
 
-void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key)
+void
+Hacl_MAC_Poly1305_Simd256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key)
 {
   Lib_IntVector_Intrinsics_vec256 *acc = ctx;
-  Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec256 *pre = ctx + 5U;
   uint8_t *kr = key;
   acc[0U] = Lib_IntVector_Intrinsics_vec256_zero;
   acc[1U] = Lib_IntVector_Intrinsics_vec256_zero;
@@ -670,41 +630,38 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   acc[4U] = Lib_IntVector_Intrinsics_vec256_zero;
   uint64_t u0 = load64_le(kr);
   uint64_t lo = u0;
-  uint64_t u = load64_le(kr + (uint32_t)8U);
+  uint64_t u = load64_le(kr + 8U);
   uint64_t hi = u;
-  uint64_t mask0 = (uint64_t)0x0ffffffc0fffffffU;
-  uint64_t mask1 = (uint64_t)0x0ffffffc0ffffffcU;
+  uint64_t mask0 = 0x0ffffffc0fffffffULL;
+  uint64_t mask1 = 0x0ffffffc0ffffffcULL;
   uint64_t lo1 = lo & mask0;
   uint64_t hi1 = hi & mask1;
   Lib_IntVector_Intrinsics_vec256 *r = pre;
-  Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec256 *rn = pre + (uint32_t)10U;
-  Lib_IntVector_Intrinsics_vec256 *rn_5 = pre + (uint32_t)15U;
+  Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
+  Lib_IntVector_Intrinsics_vec256 *rn = pre + 10U;
+  Lib_IntVector_Intrinsics_vec256 *rn_5 = pre + 15U;
   Lib_IntVector_Intrinsics_vec256 r_vec0 = Lib_IntVector_Intrinsics_vec256_load64(lo1);
   Lib_IntVector_Intrinsics_vec256 r_vec1 = Lib_IntVector_Intrinsics_vec256_load64(hi1);
   Lib_IntVector_Intrinsics_vec256
   f00 =
     Lib_IntVector_Intrinsics_vec256_and(r_vec0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
   f15 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec0, 26U),
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
   f20 =
-    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec0,
-        (uint32_t)52U),
+    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec0, 52U),
       Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(r_vec1,
-          Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
+          Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+        12U));
   Lib_IntVector_Intrinsics_vec256
   f30 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec1, 14U),
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
   Lib_IntVector_Intrinsics_vec256
-  f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec1, (uint32_t)40U);
+  f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(r_vec1, 40U);
   Lib_IntVector_Intrinsics_vec256 f0 = f00;
   Lib_IntVector_Intrinsics_vec256 f1 = f15;
   Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -720,11 +677,11 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 f220 = r[2U];
   Lib_IntVector_Intrinsics_vec256 f230 = r[3U];
   Lib_IntVector_Intrinsics_vec256 f240 = r[4U];
-  r5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f200, (uint64_t)5U);
-  r5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f210, (uint64_t)5U);
-  r5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f220, (uint64_t)5U);
-  r5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f230, (uint64_t)5U);
-  r5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f240, (uint64_t)5U);
+  r5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f200, 5ULL);
+  r5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f210, 5ULL);
+  r5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f220, 5ULL);
+  r5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f230, 5ULL);
+  r5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f240, 5ULL);
   Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
   Lib_IntVector_Intrinsics_vec256 r10 = r[1U];
   Lib_IntVector_Intrinsics_vec256 r20 = r[2U];
@@ -829,37 +786,30 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 t20 = a240;
   Lib_IntVector_Intrinsics_vec256 t30 = a340;
   Lib_IntVector_Intrinsics_vec256 t40 = a440;
-  Lib_IntVector_Intrinsics_vec256
-  mask260 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z00 = Lib_IntVector_Intrinsics_vec256_shift_right64(t00, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask260 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z00 = Lib_IntVector_Intrinsics_vec256_shift_right64(t00, 26U);
+  Lib_IntVector_Intrinsics_vec256 z10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 26U);
   Lib_IntVector_Intrinsics_vec256 x00 = Lib_IntVector_Intrinsics_vec256_and(t00, mask260);
   Lib_IntVector_Intrinsics_vec256 x30 = Lib_IntVector_Intrinsics_vec256_and(t30, mask260);
   Lib_IntVector_Intrinsics_vec256 x10 = Lib_IntVector_Intrinsics_vec256_add64(t10, z00);
   Lib_IntVector_Intrinsics_vec256 x40 = Lib_IntVector_Intrinsics_vec256_add64(t40, z10);
-  Lib_IntVector_Intrinsics_vec256
-  z010 = Lib_IntVector_Intrinsics_vec256_shift_right64(x10, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z110 = Lib_IntVector_Intrinsics_vec256_shift_right64(x40, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t5 = Lib_IntVector_Intrinsics_vec256_shift_left64(z110, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z010 = Lib_IntVector_Intrinsics_vec256_shift_right64(x10, 26U);
+  Lib_IntVector_Intrinsics_vec256 z110 = Lib_IntVector_Intrinsics_vec256_shift_right64(x40, 26U);
+  Lib_IntVector_Intrinsics_vec256 t5 = Lib_IntVector_Intrinsics_vec256_shift_left64(z110, 2U);
   Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z110, t5);
   Lib_IntVector_Intrinsics_vec256 x110 = Lib_IntVector_Intrinsics_vec256_and(x10, mask260);
   Lib_IntVector_Intrinsics_vec256 x410 = Lib_IntVector_Intrinsics_vec256_and(x40, mask260);
   Lib_IntVector_Intrinsics_vec256 x20 = Lib_IntVector_Intrinsics_vec256_add64(t20, z010);
   Lib_IntVector_Intrinsics_vec256 x010 = Lib_IntVector_Intrinsics_vec256_add64(x00, z12);
+  Lib_IntVector_Intrinsics_vec256 z020 = Lib_IntVector_Intrinsics_vec256_shift_right64(x20, 26U);
   Lib_IntVector_Intrinsics_vec256
-  z020 = Lib_IntVector_Intrinsics_vec256_shift_right64(x20, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z130 = Lib_IntVector_Intrinsics_vec256_shift_right64(x010, (uint32_t)26U);
+  z130 = Lib_IntVector_Intrinsics_vec256_shift_right64(x010, 26U);
   Lib_IntVector_Intrinsics_vec256 x210 = Lib_IntVector_Intrinsics_vec256_and(x20, mask260);
   Lib_IntVector_Intrinsics_vec256 x020 = Lib_IntVector_Intrinsics_vec256_and(x010, mask260);
   Lib_IntVector_Intrinsics_vec256 x310 = Lib_IntVector_Intrinsics_vec256_add64(x30, z020);
   Lib_IntVector_Intrinsics_vec256 x120 = Lib_IntVector_Intrinsics_vec256_add64(x110, z130);
   Lib_IntVector_Intrinsics_vec256
-  z030 = Lib_IntVector_Intrinsics_vec256_shift_right64(x310, (uint32_t)26U);
+  z030 = Lib_IntVector_Intrinsics_vec256_shift_right64(x310, 26U);
   Lib_IntVector_Intrinsics_vec256 x320 = Lib_IntVector_Intrinsics_vec256_and(x310, mask260);
   Lib_IntVector_Intrinsics_vec256 x420 = Lib_IntVector_Intrinsics_vec256_add64(x410, z030);
   Lib_IntVector_Intrinsics_vec256 o00 = x020;
@@ -877,11 +827,11 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 f221 = rn[2U];
   Lib_IntVector_Intrinsics_vec256 f231 = rn[3U];
   Lib_IntVector_Intrinsics_vec256 f241 = rn[4U];
-  rn_5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f201, (uint64_t)5U);
-  rn_5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f211, (uint64_t)5U);
-  rn_5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f221, (uint64_t)5U);
-  rn_5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f231, (uint64_t)5U);
-  rn_5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f241, (uint64_t)5U);
+  rn_5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f201, 5ULL);
+  rn_5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f211, 5ULL);
+  rn_5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f221, 5ULL);
+  rn_5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f231, 5ULL);
+  rn_5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f241, 5ULL);
   Lib_IntVector_Intrinsics_vec256 r00 = rn[0U];
   Lib_IntVector_Intrinsics_vec256 r1 = rn[1U];
   Lib_IntVector_Intrinsics_vec256 r2 = rn[2U];
@@ -980,37 +930,28 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 t2 = a24;
   Lib_IntVector_Intrinsics_vec256 t3 = a34;
   Lib_IntVector_Intrinsics_vec256 t4 = a44;
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, 26U);
+  Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
   Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
   Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
   Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
   Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec256
-  z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+  Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+  Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+  Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
   Lib_IntVector_Intrinsics_vec256 z120 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
   Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
   Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
   Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
   Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z120);
-  Lib_IntVector_Intrinsics_vec256
-  z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+  Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
   Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
   Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
   Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
   Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec256
-  z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+  Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
   Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
   Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
   Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -1028,277 +969,57 @@ void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8
   Lib_IntVector_Intrinsics_vec256 f22 = rn[2U];
   Lib_IntVector_Intrinsics_vec256 f23 = rn[3U];
   Lib_IntVector_Intrinsics_vec256 f24 = rn[4U];
-  rn_5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f202, (uint64_t)5U);
-  rn_5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f21, (uint64_t)5U);
-  rn_5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f22, (uint64_t)5U);
-  rn_5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f23, (uint64_t)5U);
-  rn_5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f24, (uint64_t)5U);
-}
-
-void Hacl_Poly1305_256_poly1305_update1(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *text)
-{
-  Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec256 *acc = ctx;
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
-  uint64_t u0 = load64_le(text);
-  uint64_t lo = u0;
-  uint64_t u = load64_le(text + (uint32_t)8U);
-  uint64_t hi = u;
-  Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
-  Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
-  Lib_IntVector_Intrinsics_vec256
-  f010 =
-    Lib_IntVector_Intrinsics_vec256_and(f0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  f110 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-        (uint32_t)26U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  f20 =
-    Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-        (uint32_t)52U),
-      Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-          Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-        (uint32_t)12U));
-  Lib_IntVector_Intrinsics_vec256
-  f30 =
-    Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-        (uint32_t)14U),
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
-  Lib_IntVector_Intrinsics_vec256 f01 = f010;
-  Lib_IntVector_Intrinsics_vec256 f111 = f110;
-  Lib_IntVector_Intrinsics_vec256 f2 = f20;
-  Lib_IntVector_Intrinsics_vec256 f3 = f30;
-  Lib_IntVector_Intrinsics_vec256 f41 = f40;
-  e[0U] = f01;
-  e[1U] = f111;
-  e[2U] = f2;
-  e[3U] = f3;
-  e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
-  Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
-  Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
-  e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
-  Lib_IntVector_Intrinsics_vec256 *r = pre;
-  Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
-  Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
-  Lib_IntVector_Intrinsics_vec256 r1 = r[1U];
-  Lib_IntVector_Intrinsics_vec256 r2 = r[2U];
-  Lib_IntVector_Intrinsics_vec256 r3 = r[3U];
-  Lib_IntVector_Intrinsics_vec256 r4 = r[4U];
-  Lib_IntVector_Intrinsics_vec256 r51 = r5[1U];
-  Lib_IntVector_Intrinsics_vec256 r52 = r5[2U];
-  Lib_IntVector_Intrinsics_vec256 r53 = r5[3U];
-  Lib_IntVector_Intrinsics_vec256 r54 = r5[4U];
-  Lib_IntVector_Intrinsics_vec256 f10 = e[0U];
-  Lib_IntVector_Intrinsics_vec256 f11 = e[1U];
-  Lib_IntVector_Intrinsics_vec256 f12 = e[2U];
-  Lib_IntVector_Intrinsics_vec256 f13 = e[3U];
-  Lib_IntVector_Intrinsics_vec256 f14 = e[4U];
-  Lib_IntVector_Intrinsics_vec256 a0 = acc[0U];
-  Lib_IntVector_Intrinsics_vec256 a1 = acc[1U];
-  Lib_IntVector_Intrinsics_vec256 a2 = acc[2U];
-  Lib_IntVector_Intrinsics_vec256 a3 = acc[3U];
-  Lib_IntVector_Intrinsics_vec256 a4 = acc[4U];
-  Lib_IntVector_Intrinsics_vec256 a01 = Lib_IntVector_Intrinsics_vec256_add64(a0, f10);
-  Lib_IntVector_Intrinsics_vec256 a11 = Lib_IntVector_Intrinsics_vec256_add64(a1, f11);
-  Lib_IntVector_Intrinsics_vec256 a21 = Lib_IntVector_Intrinsics_vec256_add64(a2, f12);
-  Lib_IntVector_Intrinsics_vec256 a31 = Lib_IntVector_Intrinsics_vec256_add64(a3, f13);
-  Lib_IntVector_Intrinsics_vec256 a41 = Lib_IntVector_Intrinsics_vec256_add64(a4, f14);
-  Lib_IntVector_Intrinsics_vec256 a02 = Lib_IntVector_Intrinsics_vec256_mul64(r0, a01);
-  Lib_IntVector_Intrinsics_vec256 a12 = Lib_IntVector_Intrinsics_vec256_mul64(r1, a01);
-  Lib_IntVector_Intrinsics_vec256 a22 = Lib_IntVector_Intrinsics_vec256_mul64(r2, a01);
-  Lib_IntVector_Intrinsics_vec256 a32 = Lib_IntVector_Intrinsics_vec256_mul64(r3, a01);
-  Lib_IntVector_Intrinsics_vec256 a42 = Lib_IntVector_Intrinsics_vec256_mul64(r4, a01);
-  Lib_IntVector_Intrinsics_vec256
-  a03 =
-    Lib_IntVector_Intrinsics_vec256_add64(a02,
-      Lib_IntVector_Intrinsics_vec256_mul64(r54, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a13 =
-    Lib_IntVector_Intrinsics_vec256_add64(a12,
-      Lib_IntVector_Intrinsics_vec256_mul64(r0, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a23 =
-    Lib_IntVector_Intrinsics_vec256_add64(a22,
-      Lib_IntVector_Intrinsics_vec256_mul64(r1, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a33 =
-    Lib_IntVector_Intrinsics_vec256_add64(a32,
-      Lib_IntVector_Intrinsics_vec256_mul64(r2, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a43 =
-    Lib_IntVector_Intrinsics_vec256_add64(a42,
-      Lib_IntVector_Intrinsics_vec256_mul64(r3, a11));
-  Lib_IntVector_Intrinsics_vec256
-  a04 =
-    Lib_IntVector_Intrinsics_vec256_add64(a03,
-      Lib_IntVector_Intrinsics_vec256_mul64(r53, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a14 =
-    Lib_IntVector_Intrinsics_vec256_add64(a13,
-      Lib_IntVector_Intrinsics_vec256_mul64(r54, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a24 =
-    Lib_IntVector_Intrinsics_vec256_add64(a23,
-      Lib_IntVector_Intrinsics_vec256_mul64(r0, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a34 =
-    Lib_IntVector_Intrinsics_vec256_add64(a33,
-      Lib_IntVector_Intrinsics_vec256_mul64(r1, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a44 =
-    Lib_IntVector_Intrinsics_vec256_add64(a43,
-      Lib_IntVector_Intrinsics_vec256_mul64(r2, a21));
-  Lib_IntVector_Intrinsics_vec256
-  a05 =
-    Lib_IntVector_Intrinsics_vec256_add64(a04,
-      Lib_IntVector_Intrinsics_vec256_mul64(r52, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a15 =
-    Lib_IntVector_Intrinsics_vec256_add64(a14,
-      Lib_IntVector_Intrinsics_vec256_mul64(r53, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a25 =
-    Lib_IntVector_Intrinsics_vec256_add64(a24,
-      Lib_IntVector_Intrinsics_vec256_mul64(r54, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a35 =
-    Lib_IntVector_Intrinsics_vec256_add64(a34,
-      Lib_IntVector_Intrinsics_vec256_mul64(r0, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a45 =
-    Lib_IntVector_Intrinsics_vec256_add64(a44,
-      Lib_IntVector_Intrinsics_vec256_mul64(r1, a31));
-  Lib_IntVector_Intrinsics_vec256
-  a06 =
-    Lib_IntVector_Intrinsics_vec256_add64(a05,
-      Lib_IntVector_Intrinsics_vec256_mul64(r51, a41));
-  Lib_IntVector_Intrinsics_vec256
-  a16 =
-    Lib_IntVector_Intrinsics_vec256_add64(a15,
-      Lib_IntVector_Intrinsics_vec256_mul64(r52, a41));
-  Lib_IntVector_Intrinsics_vec256
-  a26 =
-    Lib_IntVector_Intrinsics_vec256_add64(a25,
-      Lib_IntVector_Intrinsics_vec256_mul64(r53, a41));
-  Lib_IntVector_Intrinsics_vec256
-  a36 =
-    Lib_IntVector_Intrinsics_vec256_add64(a35,
-      Lib_IntVector_Intrinsics_vec256_mul64(r54, a41));
-  Lib_IntVector_Intrinsics_vec256
-  a46 =
-    Lib_IntVector_Intrinsics_vec256_add64(a45,
-      Lib_IntVector_Intrinsics_vec256_mul64(r0, a41));
-  Lib_IntVector_Intrinsics_vec256 t0 = a06;
-  Lib_IntVector_Intrinsics_vec256 t1 = a16;
-  Lib_IntVector_Intrinsics_vec256 t2 = a26;
-  Lib_IntVector_Intrinsics_vec256 t3 = a36;
-  Lib_IntVector_Intrinsics_vec256 t4 = a46;
-  Lib_IntVector_Intrinsics_vec256
-  mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t0, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t0, mask26);
-  Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
-  Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
-  Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-  Lib_IntVector_Intrinsics_vec256
-  z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
-  Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
-  Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
-  Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
-  Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
-  Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-  Lib_IntVector_Intrinsics_vec256
-  z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256
-  z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
-  Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
-  Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
-  Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-  Lib_IntVector_Intrinsics_vec256
-  z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
-  Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
-  Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
-  Lib_IntVector_Intrinsics_vec256 o0 = x02;
-  Lib_IntVector_Intrinsics_vec256 o1 = x12;
-  Lib_IntVector_Intrinsics_vec256 o2 = x21;
-  Lib_IntVector_Intrinsics_vec256 o3 = x32;
-  Lib_IntVector_Intrinsics_vec256 o4 = x42;
-  acc[0U] = o0;
-  acc[1U] = o1;
-  acc[2U] = o2;
-  acc[3U] = o3;
-  acc[4U] = o4;
+  rn_5[0U] = Lib_IntVector_Intrinsics_vec256_smul64(f202, 5ULL);
+  rn_5[1U] = Lib_IntVector_Intrinsics_vec256_smul64(f21, 5ULL);
+  rn_5[2U] = Lib_IntVector_Intrinsics_vec256_smul64(f22, 5ULL);
+  rn_5[3U] = Lib_IntVector_Intrinsics_vec256_smul64(f23, 5ULL);
+  rn_5[4U] = Lib_IntVector_Intrinsics_vec256_smul64(f24, 5ULL);
 }
 
-void
-Hacl_Poly1305_256_poly1305_update(
-  Lib_IntVector_Intrinsics_vec256 *ctx,
-  uint32_t len,
-  uint8_t *text
-)
+static void poly1305_update(Lib_IntVector_Intrinsics_vec256 *ctx, uint32_t len, uint8_t *text)
 {
-  Lib_IntVector_Intrinsics_vec256 *pre = ctx + (uint32_t)5U;
+  Lib_IntVector_Intrinsics_vec256 *pre = ctx + 5U;
   Lib_IntVector_Intrinsics_vec256 *acc = ctx;
-  uint32_t sz_block = (uint32_t)64U;
+  uint32_t sz_block = 64U;
   uint32_t len0 = len / sz_block * sz_block;
   uint8_t *t0 = text;
-  if (len0 > (uint32_t)0U)
+  if (len0 > 0U)
   {
-    uint32_t bs = (uint32_t)64U;
+    uint32_t bs = 64U;
     uint8_t *text0 = t0;
-    Hacl_Impl_Poly1305_Field32xN_256_load_acc4(acc, text0);
+    Hacl_MAC_Poly1305_Simd256_load_acc4(acc, text0);
     uint32_t len1 = len0 - bs;
     uint8_t *text1 = t0 + bs;
     uint32_t nb = len1 / bs;
-    for (uint32_t i = (uint32_t)0U; i < nb; i++)
+    for (uint32_t i = 0U; i < nb; i++)
     {
       uint8_t *block = text1 + i * bs;
       KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
       Lib_IntVector_Intrinsics_vec256 lo = Lib_IntVector_Intrinsics_vec256_load64_le(block);
+      Lib_IntVector_Intrinsics_vec256 hi = Lib_IntVector_Intrinsics_vec256_load64_le(block + 32U);
       Lib_IntVector_Intrinsics_vec256
-      hi = Lib_IntVector_Intrinsics_vec256_load64_le(block + (uint32_t)32U);
-      Lib_IntVector_Intrinsics_vec256
-      mask260 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
+      mask260 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
       Lib_IntVector_Intrinsics_vec256
       m0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(lo, hi);
       Lib_IntVector_Intrinsics_vec256
       m1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(lo, hi);
-      Lib_IntVector_Intrinsics_vec256
-      m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, (uint32_t)48U);
-      Lib_IntVector_Intrinsics_vec256
-      m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, (uint32_t)48U);
+      Lib_IntVector_Intrinsics_vec256 m2 = Lib_IntVector_Intrinsics_vec256_shift_right(m0, 48U);
+      Lib_IntVector_Intrinsics_vec256 m3 = Lib_IntVector_Intrinsics_vec256_shift_right(m1, 48U);
       Lib_IntVector_Intrinsics_vec256
       m4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(m0, m1);
       Lib_IntVector_Intrinsics_vec256
       t010 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m0, m1);
       Lib_IntVector_Intrinsics_vec256
       t30 = Lib_IntVector_Intrinsics_vec256_interleave_low64(m2, m3);
-      Lib_IntVector_Intrinsics_vec256
-      t20 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)4U);
+      Lib_IntVector_Intrinsics_vec256 t20 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 4U);
       Lib_IntVector_Intrinsics_vec256 o20 = Lib_IntVector_Intrinsics_vec256_and(t20, mask260);
       Lib_IntVector_Intrinsics_vec256
-      t10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t010, (uint32_t)26U);
+      t10 = Lib_IntVector_Intrinsics_vec256_shift_right64(t010, 26U);
       Lib_IntVector_Intrinsics_vec256 o10 = Lib_IntVector_Intrinsics_vec256_and(t10, mask260);
       Lib_IntVector_Intrinsics_vec256 o5 = Lib_IntVector_Intrinsics_vec256_and(t010, mask260);
-      Lib_IntVector_Intrinsics_vec256
-      t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, (uint32_t)30U);
+      Lib_IntVector_Intrinsics_vec256 t31 = Lib_IntVector_Intrinsics_vec256_shift_right64(t30, 30U);
       Lib_IntVector_Intrinsics_vec256 o30 = Lib_IntVector_Intrinsics_vec256_and(t31, mask260);
-      Lib_IntVector_Intrinsics_vec256
-      o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256 o40 = Lib_IntVector_Intrinsics_vec256_shift_right64(m4, 40U);
       Lib_IntVector_Intrinsics_vec256 o00 = o5;
       Lib_IntVector_Intrinsics_vec256 o11 = o10;
       Lib_IntVector_Intrinsics_vec256 o21 = o20;
@@ -1309,12 +1030,12 @@ Hacl_Poly1305_256_poly1305_update(
       e[2U] = o21;
       e[3U] = o31;
       e[4U] = o41;
-      uint64_t b = (uint64_t)0x1000000U;
+      uint64_t b = 0x1000000ULL;
       Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
       Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
       e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
-      Lib_IntVector_Intrinsics_vec256 *rn = pre + (uint32_t)10U;
-      Lib_IntVector_Intrinsics_vec256 *rn5 = pre + (uint32_t)15U;
+      Lib_IntVector_Intrinsics_vec256 *rn = pre + 10U;
+      Lib_IntVector_Intrinsics_vec256 *rn5 = pre + 15U;
       Lib_IntVector_Intrinsics_vec256 r0 = rn[0U];
       Lib_IntVector_Intrinsics_vec256 r1 = rn[1U];
       Lib_IntVector_Intrinsics_vec256 r2 = rn[2U];
@@ -1419,37 +1140,28 @@ Hacl_Poly1305_256_poly1305_update(
       Lib_IntVector_Intrinsics_vec256 t2 = a24;
       Lib_IntVector_Intrinsics_vec256 t3 = a34;
       Lib_IntVector_Intrinsics_vec256 t4 = a44;
-      Lib_IntVector_Intrinsics_vec256
-      mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-      Lib_IntVector_Intrinsics_vec256
-      z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+      Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+      Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
       Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
       Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
       Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t1, z0);
       Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-      Lib_IntVector_Intrinsics_vec256
-      z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+      Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+      Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+      Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
       Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
       Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
       Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
       Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
       Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-      Lib_IntVector_Intrinsics_vec256
-      z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-      Lib_IntVector_Intrinsics_vec256
-      z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+      Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
       Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
       Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
       Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
       Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-      Lib_IntVector_Intrinsics_vec256
-      z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
       Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
       Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
       Lib_IntVector_Intrinsics_vec256 o01 = x02;
@@ -1483,45 +1195,41 @@ Hacl_Poly1305_256_poly1305_update(
       acc[3U] = o3;
       acc[4U] = o4;
     }
-    Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize(acc, pre);
+    Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize(acc, pre);
   }
   uint32_t len1 = len - len0;
   uint8_t *t1 = text + len0;
-  uint32_t nb = len1 / (uint32_t)16U;
-  uint32_t rem = len1 % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
+  uint32_t nb = len1 / 16U;
+  uint32_t rem = len1 % 16U;
+  for (uint32_t i = 0U; i < nb; i++)
   {
-    uint8_t *block = t1 + i * (uint32_t)16U;
+    uint8_t *block = t1 + i * 16U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint64_t u0 = load64_le(block);
     uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
+    uint64_t u = load64_le(block + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -1532,12 +1240,12 @@ Hacl_Poly1305_256_poly1305_update(
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
+    uint64_t b = 0x1000000ULL;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
     Lib_IntVector_Intrinsics_vec256 f4 = e[4U];
     e[4U] = Lib_IntVector_Intrinsics_vec256_or(f4, mask);
     Lib_IntVector_Intrinsics_vec256 *r = pre;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
     Lib_IntVector_Intrinsics_vec256 r1 = r[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r[2U];
@@ -1652,37 +1360,28 @@ Hacl_Poly1305_256_poly1305_update(
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -1696,41 +1395,37 @@ Hacl_Poly1305_256_poly1305_update(
     acc[3U] = o3;
     acc[4U] = o4;
   }
-  if (rem > (uint32_t)0U)
+  if (rem > 0U)
   {
-    uint8_t *last = t1 + nb * (uint32_t)16U;
+    uint8_t *last = t1 + nb * 16U;
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 e[5U] KRML_POST_ALIGN(32) = { 0U };
     uint8_t tmp[16U] = { 0U };
     memcpy(tmp, last, rem * sizeof (uint8_t));
     uint64_t u0 = load64_le(tmp);
     uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
+    uint64_t u = load64_le(tmp + 8U);
     uint64_t hi = u;
     Lib_IntVector_Intrinsics_vec256 f0 = Lib_IntVector_Intrinsics_vec256_load64(lo);
     Lib_IntVector_Intrinsics_vec256 f1 = Lib_IntVector_Intrinsics_vec256_load64(hi);
     Lib_IntVector_Intrinsics_vec256
     f010 =
       Lib_IntVector_Intrinsics_vec256_and(f0,
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f110 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)26U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 26U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
     Lib_IntVector_Intrinsics_vec256
     f20 =
-      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0,
-          (uint32_t)52U),
+      Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_right64(f0, 52U),
         Lib_IntVector_Intrinsics_vec256_shift_left64(Lib_IntVector_Intrinsics_vec256_and(f1,
-            Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffU)),
-          (uint32_t)12U));
+            Lib_IntVector_Intrinsics_vec256_load64(0x3fffULL)),
+          12U));
     Lib_IntVector_Intrinsics_vec256
     f30 =
-      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1,
-          (uint32_t)14U),
-        Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-    Lib_IntVector_Intrinsics_vec256
-    f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, (uint32_t)40U);
+      Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 14U),
+        Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+    Lib_IntVector_Intrinsics_vec256 f40 = Lib_IntVector_Intrinsics_vec256_shift_right64(f1, 40U);
     Lib_IntVector_Intrinsics_vec256 f01 = f010;
     Lib_IntVector_Intrinsics_vec256 f111 = f110;
     Lib_IntVector_Intrinsics_vec256 f2 = f20;
@@ -1741,12 +1436,12 @@ Hacl_Poly1305_256_poly1305_update(
     e[2U] = f2;
     e[3U] = f3;
     e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem * (uint32_t)8U % (uint32_t)26U;
+    uint64_t b = 1ULL << rem * 8U % 26U;
     Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_load64(b);
-    Lib_IntVector_Intrinsics_vec256 fi = e[rem * (uint32_t)8U / (uint32_t)26U];
-    e[rem * (uint32_t)8U / (uint32_t)26U] = Lib_IntVector_Intrinsics_vec256_or(fi, mask);
+    Lib_IntVector_Intrinsics_vec256 fi = e[rem * 8U / 26U];
+    e[rem * 8U / 26U] = Lib_IntVector_Intrinsics_vec256_or(fi, mask);
     Lib_IntVector_Intrinsics_vec256 *r = pre;
-    Lib_IntVector_Intrinsics_vec256 *r5 = pre + (uint32_t)5U;
+    Lib_IntVector_Intrinsics_vec256 *r5 = pre + 5U;
     Lib_IntVector_Intrinsics_vec256 r0 = r[0U];
     Lib_IntVector_Intrinsics_vec256 r1 = r[1U];
     Lib_IntVector_Intrinsics_vec256 r2 = r[2U];
@@ -1861,37 +1556,28 @@ Hacl_Poly1305_256_poly1305_update(
     Lib_IntVector_Intrinsics_vec256 t2 = a26;
     Lib_IntVector_Intrinsics_vec256 t3 = a36;
     Lib_IntVector_Intrinsics_vec256 t4 = a46;
-    Lib_IntVector_Intrinsics_vec256
-    mask26 = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-    Lib_IntVector_Intrinsics_vec256
-    z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 mask26 = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+    Lib_IntVector_Intrinsics_vec256 z0 = Lib_IntVector_Intrinsics_vec256_shift_right64(t01, 26U);
+    Lib_IntVector_Intrinsics_vec256 z1 = Lib_IntVector_Intrinsics_vec256_shift_right64(t3, 26U);
     Lib_IntVector_Intrinsics_vec256 x0 = Lib_IntVector_Intrinsics_vec256_and(t01, mask26);
     Lib_IntVector_Intrinsics_vec256 x3 = Lib_IntVector_Intrinsics_vec256_and(t3, mask26);
     Lib_IntVector_Intrinsics_vec256 x1 = Lib_IntVector_Intrinsics_vec256_add64(t11, z0);
     Lib_IntVector_Intrinsics_vec256 x4 = Lib_IntVector_Intrinsics_vec256_add64(t4, z1);
-    Lib_IntVector_Intrinsics_vec256
-    z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, (uint32_t)2U);
+    Lib_IntVector_Intrinsics_vec256 z01 = Lib_IntVector_Intrinsics_vec256_shift_right64(x1, 26U);
+    Lib_IntVector_Intrinsics_vec256 z11 = Lib_IntVector_Intrinsics_vec256_shift_right64(x4, 26U);
+    Lib_IntVector_Intrinsics_vec256 t = Lib_IntVector_Intrinsics_vec256_shift_left64(z11, 2U);
     Lib_IntVector_Intrinsics_vec256 z12 = Lib_IntVector_Intrinsics_vec256_add64(z11, t);
     Lib_IntVector_Intrinsics_vec256 x11 = Lib_IntVector_Intrinsics_vec256_and(x1, mask26);
     Lib_IntVector_Intrinsics_vec256 x41 = Lib_IntVector_Intrinsics_vec256_and(x4, mask26);
     Lib_IntVector_Intrinsics_vec256 x2 = Lib_IntVector_Intrinsics_vec256_add64(t2, z01);
     Lib_IntVector_Intrinsics_vec256 x01 = Lib_IntVector_Intrinsics_vec256_add64(x0, z12);
-    Lib_IntVector_Intrinsics_vec256
-    z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, (uint32_t)26U);
-    Lib_IntVector_Intrinsics_vec256
-    z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z02 = Lib_IntVector_Intrinsics_vec256_shift_right64(x2, 26U);
+    Lib_IntVector_Intrinsics_vec256 z13 = Lib_IntVector_Intrinsics_vec256_shift_right64(x01, 26U);
     Lib_IntVector_Intrinsics_vec256 x21 = Lib_IntVector_Intrinsics_vec256_and(x2, mask26);
     Lib_IntVector_Intrinsics_vec256 x02 = Lib_IntVector_Intrinsics_vec256_and(x01, mask26);
     Lib_IntVector_Intrinsics_vec256 x31 = Lib_IntVector_Intrinsics_vec256_add64(x3, z02);
     Lib_IntVector_Intrinsics_vec256 x12 = Lib_IntVector_Intrinsics_vec256_add64(x11, z13);
-    Lib_IntVector_Intrinsics_vec256
-    z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, (uint32_t)26U);
+    Lib_IntVector_Intrinsics_vec256 z03 = Lib_IntVector_Intrinsics_vec256_shift_right64(x31, 26U);
     Lib_IntVector_Intrinsics_vec256 x32 = Lib_IntVector_Intrinsics_vec256_and(x31, mask26);
     Lib_IntVector_Intrinsics_vec256 x42 = Lib_IntVector_Intrinsics_vec256_add64(x41, z03);
     Lib_IntVector_Intrinsics_vec256 o0 = x02;
@@ -1909,14 +1595,14 @@ Hacl_Poly1305_256_poly1305_update(
 }
 
 void
-Hacl_Poly1305_256_poly1305_finish(
+Hacl_MAC_Poly1305_Simd256_poly1305_finish(
   uint8_t *tag,
   uint8_t *key,
   Lib_IntVector_Intrinsics_vec256 *ctx
 )
 {
   Lib_IntVector_Intrinsics_vec256 *acc = ctx;
-  uint8_t *ks = key + (uint32_t)16U;
+  uint8_t *ks = key + 16U;
   Lib_IntVector_Intrinsics_vec256 f0 = acc[0U];
   Lib_IntVector_Intrinsics_vec256 f13 = acc[1U];
   Lib_IntVector_Intrinsics_vec256 f23 = acc[2U];
@@ -1927,41 +1613,36 @@ Hacl_Poly1305_256_poly1305_finish(
   Lib_IntVector_Intrinsics_vec256
   tmp00 =
     Lib_IntVector_Intrinsics_vec256_and(l0,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c00 = Lib_IntVector_Intrinsics_vec256_shift_right64(l0, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c00 = Lib_IntVector_Intrinsics_vec256_shift_right64(l0, 26U);
   Lib_IntVector_Intrinsics_vec256 l1 = Lib_IntVector_Intrinsics_vec256_add64(f13, c00);
   Lib_IntVector_Intrinsics_vec256
   tmp10 =
     Lib_IntVector_Intrinsics_vec256_and(l1,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c10 = Lib_IntVector_Intrinsics_vec256_shift_right64(l1, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c10 = Lib_IntVector_Intrinsics_vec256_shift_right64(l1, 26U);
   Lib_IntVector_Intrinsics_vec256 l2 = Lib_IntVector_Intrinsics_vec256_add64(f23, c10);
   Lib_IntVector_Intrinsics_vec256
   tmp20 =
     Lib_IntVector_Intrinsics_vec256_and(l2,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c20 = Lib_IntVector_Intrinsics_vec256_shift_right64(l2, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c20 = Lib_IntVector_Intrinsics_vec256_shift_right64(l2, 26U);
   Lib_IntVector_Intrinsics_vec256 l3 = Lib_IntVector_Intrinsics_vec256_add64(f33, c20);
   Lib_IntVector_Intrinsics_vec256
   tmp30 =
     Lib_IntVector_Intrinsics_vec256_and(l3,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c30 = Lib_IntVector_Intrinsics_vec256_shift_right64(l3, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c30 = Lib_IntVector_Intrinsics_vec256_shift_right64(l3, 26U);
   Lib_IntVector_Intrinsics_vec256 l4 = Lib_IntVector_Intrinsics_vec256_add64(f40, c30);
   Lib_IntVector_Intrinsics_vec256
   tmp40 =
     Lib_IntVector_Intrinsics_vec256_and(l4,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c40 = Lib_IntVector_Intrinsics_vec256_shift_right64(l4, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c40 = Lib_IntVector_Intrinsics_vec256_shift_right64(l4, 26U);
   Lib_IntVector_Intrinsics_vec256
   f010 =
     Lib_IntVector_Intrinsics_vec256_add64(tmp00,
-      Lib_IntVector_Intrinsics_vec256_smul64(c40, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec256_smul64(c40, 5ULL));
   Lib_IntVector_Intrinsics_vec256 f110 = tmp10;
   Lib_IntVector_Intrinsics_vec256 f210 = tmp20;
   Lib_IntVector_Intrinsics_vec256 f310 = tmp30;
@@ -1971,49 +1652,42 @@ Hacl_Poly1305_256_poly1305_finish(
   Lib_IntVector_Intrinsics_vec256
   tmp0 =
     Lib_IntVector_Intrinsics_vec256_and(l,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c0 = Lib_IntVector_Intrinsics_vec256_shift_right64(l, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c0 = Lib_IntVector_Intrinsics_vec256_shift_right64(l, 26U);
   Lib_IntVector_Intrinsics_vec256 l5 = Lib_IntVector_Intrinsics_vec256_add64(f110, c0);
   Lib_IntVector_Intrinsics_vec256
   tmp1 =
     Lib_IntVector_Intrinsics_vec256_and(l5,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c1 = Lib_IntVector_Intrinsics_vec256_shift_right64(l5, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c1 = Lib_IntVector_Intrinsics_vec256_shift_right64(l5, 26U);
   Lib_IntVector_Intrinsics_vec256 l6 = Lib_IntVector_Intrinsics_vec256_add64(f210, c1);
   Lib_IntVector_Intrinsics_vec256
   tmp2 =
     Lib_IntVector_Intrinsics_vec256_and(l6,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c2 = Lib_IntVector_Intrinsics_vec256_shift_right64(l6, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c2 = Lib_IntVector_Intrinsics_vec256_shift_right64(l6, 26U);
   Lib_IntVector_Intrinsics_vec256 l7 = Lib_IntVector_Intrinsics_vec256_add64(f310, c2);
   Lib_IntVector_Intrinsics_vec256
   tmp3 =
     Lib_IntVector_Intrinsics_vec256_and(l7,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c3 = Lib_IntVector_Intrinsics_vec256_shift_right64(l7, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c3 = Lib_IntVector_Intrinsics_vec256_shift_right64(l7, 26U);
   Lib_IntVector_Intrinsics_vec256 l8 = Lib_IntVector_Intrinsics_vec256_add64(f410, c3);
   Lib_IntVector_Intrinsics_vec256
   tmp4 =
     Lib_IntVector_Intrinsics_vec256_and(l8,
-      Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU));
-  Lib_IntVector_Intrinsics_vec256
-  c4 = Lib_IntVector_Intrinsics_vec256_shift_right64(l8, (uint32_t)26U);
+      Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL));
+  Lib_IntVector_Intrinsics_vec256 c4 = Lib_IntVector_Intrinsics_vec256_shift_right64(l8, 26U);
   Lib_IntVector_Intrinsics_vec256
   f02 =
     Lib_IntVector_Intrinsics_vec256_add64(tmp0,
-      Lib_IntVector_Intrinsics_vec256_smul64(c4, (uint64_t)5U));
+      Lib_IntVector_Intrinsics_vec256_smul64(c4, 5ULL));
   Lib_IntVector_Intrinsics_vec256 f12 = tmp1;
   Lib_IntVector_Intrinsics_vec256 f22 = tmp2;
   Lib_IntVector_Intrinsics_vec256 f32 = tmp3;
   Lib_IntVector_Intrinsics_vec256 f42 = tmp4;
-  Lib_IntVector_Intrinsics_vec256
-  mh = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3ffffffU);
-  Lib_IntVector_Intrinsics_vec256
-  ml = Lib_IntVector_Intrinsics_vec256_load64((uint64_t)0x3fffffbU);
+  Lib_IntVector_Intrinsics_vec256 mh = Lib_IntVector_Intrinsics_vec256_load64(0x3ffffffULL);
+  Lib_IntVector_Intrinsics_vec256 ml = Lib_IntVector_Intrinsics_vec256_load64(0x3fffffbULL);
   Lib_IntVector_Intrinsics_vec256 mask = Lib_IntVector_Intrinsics_vec256_eq64(f42, mh);
   Lib_IntVector_Intrinsics_vec256
   mask1 =
@@ -2053,36 +1727,334 @@ Hacl_Poly1305_256_poly1305_finish(
   Lib_IntVector_Intrinsics_vec256 f2 = acc[2U];
   Lib_IntVector_Intrinsics_vec256 f3 = acc[3U];
   Lib_IntVector_Intrinsics_vec256 f4 = acc[4U];
-  uint64_t f01 = Lib_IntVector_Intrinsics_vec256_extract64(f00, (uint32_t)0U);
-  uint64_t f112 = Lib_IntVector_Intrinsics_vec256_extract64(f1, (uint32_t)0U);
-  uint64_t f212 = Lib_IntVector_Intrinsics_vec256_extract64(f2, (uint32_t)0U);
-  uint64_t f312 = Lib_IntVector_Intrinsics_vec256_extract64(f3, (uint32_t)0U);
-  uint64_t f41 = Lib_IntVector_Intrinsics_vec256_extract64(f4, (uint32_t)0U);
-  uint64_t lo = (f01 | f112 << (uint32_t)26U) | f212 << (uint32_t)52U;
-  uint64_t hi = (f212 >> (uint32_t)12U | f312 << (uint32_t)14U) | f41 << (uint32_t)40U;
+  uint64_t f01 = Lib_IntVector_Intrinsics_vec256_extract64(f00, 0U);
+  uint64_t f112 = Lib_IntVector_Intrinsics_vec256_extract64(f1, 0U);
+  uint64_t f212 = Lib_IntVector_Intrinsics_vec256_extract64(f2, 0U);
+  uint64_t f312 = Lib_IntVector_Intrinsics_vec256_extract64(f3, 0U);
+  uint64_t f41 = Lib_IntVector_Intrinsics_vec256_extract64(f4, 0U);
+  uint64_t lo = (f01 | f112 << 26U) | f212 << 52U;
+  uint64_t hi = (f212 >> 12U | f312 << 14U) | f41 << 40U;
   uint64_t f10 = lo;
   uint64_t f11 = hi;
   uint64_t u0 = load64_le(ks);
   uint64_t lo0 = u0;
-  uint64_t u = load64_le(ks + (uint32_t)8U);
+  uint64_t u = load64_le(ks + 8U);
   uint64_t hi0 = u;
   uint64_t f20 = lo0;
   uint64_t f21 = hi0;
   uint64_t r0 = f10 + f20;
   uint64_t r1 = f11 + f21;
-  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> (uint32_t)63U;
+  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> 63U;
   uint64_t r11 = r1 + c;
   uint64_t f30 = r0;
   uint64_t f31 = r11;
   store64_le(tag, f30);
-  store64_le(tag + (uint32_t)8U, f31);
+  store64_le(tag + 8U, f31);
+}
+
+Hacl_MAC_Poly1305_Simd256_state_t *Hacl_MAC_Poly1305_Simd256_malloc(uint8_t *key)
+{
+  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
+  Lib_IntVector_Intrinsics_vec256
+  *r1 =
+    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
+      sizeof (Lib_IntVector_Intrinsics_vec256) * 25U);
+  memset(r1, 0U, 25U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Lib_IntVector_Intrinsics_vec256 *block_state = r1;
+  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC(32U, sizeof (uint8_t));
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_0 = k_;
+  Hacl_MAC_Poly1305_Simd256_state_t
+  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_0 };
+  Hacl_MAC_Poly1305_Simd256_state_t
+  *p =
+    (Hacl_MAC_Poly1305_Simd256_state_t *)KRML_HOST_MALLOC(sizeof (
+        Hacl_MAC_Poly1305_Simd256_state_t
+      ));
+  p[0U] = s;
+  Hacl_MAC_Poly1305_Simd256_poly1305_init(block_state, key);
+  return p;
+}
+
+void Hacl_MAC_Poly1305_Simd256_reset(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *key)
+{
+  Hacl_MAC_Poly1305_Simd256_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
+  Hacl_MAC_Poly1305_Simd256_poly1305_init(block_state, key);
+  memcpy(k_, key, 32U * sizeof (uint8_t));
+  uint8_t *k_1 = k_;
+  Hacl_MAC_Poly1305_Simd256_state_t
+  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U, .p_key = k_1 };
+  state[0U] = tmp;
 }
 
-void Hacl_Poly1305_256_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key)
+/**
+0 = success, 1 = max length exceeded
+*/
+Hacl_Streaming_Types_error_code
+Hacl_MAC_Poly1305_Simd256_update(
+  Hacl_MAC_Poly1305_Simd256_state_t *state,
+  uint8_t *chunk,
+  uint32_t chunk_len
+)
+{
+  Hacl_MAC_Poly1305_Simd256_state_t s = *state;
+  uint64_t total_len = s.total_len;
+  if ((uint64_t)chunk_len > 0xffffffffULL - total_len)
+  {
+    return Hacl_Streaming_Types_MaximumLengthExceeded;
+  }
+  uint32_t sz;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    sz = 64U;
+  }
+  else
+  {
+    sz = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  if (chunk_len <= 64U - sz)
+  {
+    Hacl_MAC_Poly1305_Simd256_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec256 *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf + sz1;
+    memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
+    uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+  }
+  else if (sz == 0U)
+  {
+    Hacl_MAC_Poly1305_Simd256_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec256 *block_state1 = s1.block_state;
+    uint8_t *buf = s1.buf;
+    uint64_t total_len1 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 64U, buf);
+    }
+    uint32_t ite;
+    if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - data1_len;
+    uint8_t *data1 = chunk;
+    uint8_t *data2 = chunk + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)chunk_len,
+          .p_key = k_1
+        }
+      );
+  }
+  else
+  {
+    uint32_t diff = 64U - sz;
+    uint8_t *chunk1 = chunk;
+    uint8_t *chunk2 = chunk + diff;
+    Hacl_MAC_Poly1305_Simd256_state_t s1 = *state;
+    Lib_IntVector_Intrinsics_vec256 *block_state10 = s1.block_state;
+    uint8_t *buf0 = s1.buf;
+    uint64_t total_len10 = s1.total_len;
+    uint8_t *k_1 = s1.p_key;
+    uint32_t sz10;
+    if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
+    {
+      sz10 = 64U;
+    }
+    else
+    {
+      sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
+    }
+    uint8_t *buf2 = buf0 + sz10;
+    memcpy(buf2, chunk1, diff * sizeof (uint8_t));
+    uint64_t total_len2 = total_len10 + (uint64_t)diff;
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd256_state_t){
+          .block_state = block_state10,
+          .buf = buf0,
+          .total_len = total_len2,
+          .p_key = k_1
+        }
+      );
+    Hacl_MAC_Poly1305_Simd256_state_t s10 = *state;
+    Lib_IntVector_Intrinsics_vec256 *block_state1 = s10.block_state;
+    uint8_t *buf = s10.buf;
+    uint64_t total_len1 = s10.total_len;
+    uint8_t *k_10 = s10.p_key;
+    uint32_t sz1;
+    if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
+    {
+      sz1 = 64U;
+    }
+    else
+    {
+      sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
+    }
+    if (!(sz1 == 0U))
+    {
+      poly1305_update(block_state1, 64U, buf);
+    }
+    uint32_t ite;
+    if
+    ((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
+    {
+      ite = 64U;
+    }
+    else
+    {
+      ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
+    }
+    uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
+    uint32_t data1_len = n_blocks * 64U;
+    uint32_t data2_len = chunk_len - diff - data1_len;
+    uint8_t *data1 = chunk2;
+    uint8_t *data2 = chunk2 + data1_len;
+    poly1305_update(block_state1, data1_len, data1);
+    uint8_t *dst = buf;
+    memcpy(dst, data2, data2_len * sizeof (uint8_t));
+    *state
+    =
+      (
+        (Hacl_MAC_Poly1305_Simd256_state_t){
+          .block_state = block_state1,
+          .buf = buf,
+          .total_len = total_len1 + (uint64_t)(chunk_len - diff),
+          .p_key = k_10
+        }
+      );
+  }
+  return Hacl_Streaming_Types_Success;
+}
+
+void
+Hacl_MAC_Poly1305_Simd256_digest(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *output)
+{
+  Hacl_MAC_Poly1305_Simd256_state_t scrut = *state;
+  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
+  uint8_t *buf_ = scrut.buf;
+  uint64_t total_len = scrut.total_len;
+  uint8_t *k_ = scrut.p_key;
+  uint32_t r;
+  if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
+  {
+    r = 64U;
+  }
+  else
+  {
+    r = (uint32_t)(total_len % (uint64_t)64U);
+  }
+  uint8_t *buf_1 = buf_;
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 r1[25U] KRML_POST_ALIGN(32) = { 0U };
+  Lib_IntVector_Intrinsics_vec256 *tmp_block_state = r1;
+  memcpy(tmp_block_state, block_state, 25U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  uint32_t ite0;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite0 = 16U;
+  }
+  else
+  {
+    ite0 = r % 16U;
+  }
+  uint8_t *buf_last = buf_1 + r - ite0;
+  uint8_t *buf_multi = buf_1;
+  uint32_t ite;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite = 16U;
+  }
+  else
+  {
+    ite = r % 16U;
+  }
+  poly1305_update(tmp_block_state, r - ite, buf_multi);
+  uint32_t ite1;
+  if (r % 16U == 0U && r > 0U)
+  {
+    ite1 = 16U;
+  }
+  else
+  {
+    ite1 = r % 16U;
+  }
+  poly1305_update(tmp_block_state, ite1, buf_last);
+  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 tmp[25U] KRML_POST_ALIGN(32) = { 0U };
+  memcpy(tmp, tmp_block_state, 25U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  Hacl_MAC_Poly1305_Simd256_poly1305_finish(output, k_, tmp);
+}
+
+void Hacl_MAC_Poly1305_Simd256_free(Hacl_MAC_Poly1305_Simd256_state_t *state)
+{
+  Hacl_MAC_Poly1305_Simd256_state_t scrut = *state;
+  uint8_t *k_ = scrut.p_key;
+  uint8_t *buf = scrut.buf;
+  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
+  KRML_HOST_FREE(k_);
+  KRML_ALIGNED_FREE(block_state);
+  KRML_HOST_FREE(buf);
+  KRML_HOST_FREE(state);
+}
+
+void
+Hacl_MAC_Poly1305_Simd256_mac(
+  uint8_t *output,
+  uint8_t *input,
+  uint32_t input_len,
+  uint8_t *key
+)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ctx[25U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Poly1305_256_poly1305_init(ctx, key);
-  Hacl_Poly1305_256_poly1305_update(ctx, len, text);
-  Hacl_Poly1305_256_poly1305_finish(tag, key, ctx);
+  Hacl_MAC_Poly1305_Simd256_poly1305_init(ctx, key);
+  poly1305_update(ctx, input_len, input);
+  Hacl_MAC_Poly1305_Simd256_poly1305_finish(output, key, ctx);
 }
 
diff --git a/src/msvc/Hacl_NaCl.c b/src/msvc/Hacl_NaCl.c
index 37104040..a1bbd25c 100644
--- a/src/msvc/Hacl_NaCl.c
+++ b/src/msvc/Hacl_NaCl.c
@@ -30,9 +30,9 @@
 static void secretbox_init(uint8_t *xkeys, uint8_t *k, uint8_t *n)
 {
   uint8_t *subkey = xkeys;
-  uint8_t *aekey = xkeys + (uint32_t)32U;
+  uint8_t *aekey = xkeys + 32U;
   uint8_t *n0 = n;
-  uint8_t *n1 = n + (uint32_t)16U;
+  uint8_t *n1 = n + 16U;
   Hacl_Salsa20_hsalsa20(subkey, k, n0);
   Hacl_Salsa20_salsa20_key_block0(aekey, subkey, n1);
 }
@@ -42,35 +42,35 @@ secretbox_detached(uint32_t mlen, uint8_t *c, uint8_t *tag, uint8_t *k, uint8_t
 {
   uint8_t xkeys[96U] = { 0U };
   secretbox_init(xkeys, k, n);
-  uint8_t *mkey = xkeys + (uint32_t)32U;
-  uint8_t *n1 = n + (uint32_t)16U;
+  uint8_t *mkey = xkeys + 32U;
+  uint8_t *n1 = n + 16U;
   uint8_t *subkey = xkeys;
-  uint8_t *ekey0 = xkeys + (uint32_t)64U;
+  uint8_t *ekey0 = xkeys + 64U;
   uint32_t mlen0;
-  if (mlen <= (uint32_t)32U)
+  if (mlen <= 32U)
   {
     mlen0 = mlen;
   }
   else
   {
-    mlen0 = (uint32_t)32U;
+    mlen0 = 32U;
   }
   uint32_t mlen1 = mlen - mlen0;
   uint8_t *m0 = m;
   uint8_t *m1 = m + mlen0;
   uint8_t block0[32U] = { 0U };
   memcpy(block0, m0, mlen0 * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     uint8_t *os = block0;
-    uint8_t x = block0[i] ^ ekey0[i];
+    uint8_t x = (uint32_t)block0[i] ^ (uint32_t)ekey0[i];
     os[i] = x;
   }
   uint8_t *c0 = c;
   uint8_t *c1 = c + mlen0;
   memcpy(c0, block0, mlen0 * sizeof (uint8_t));
-  Hacl_Salsa20_salsa20_encrypt(mlen1, c1, m1, subkey, n1, (uint32_t)1U);
-  Hacl_Poly1305_32_poly1305_mac(tag, mlen, c, mkey);
+  Hacl_Salsa20_salsa20_encrypt(mlen1, c1, m1, subkey, n1, 1U);
+  Hacl_MAC_Poly1305_mac(tag, c, mlen, mkey);
 }
 
 static uint32_t
@@ -85,55 +85,55 @@ secretbox_open_detached(
 {
   uint8_t xkeys[96U] = { 0U };
   secretbox_init(xkeys, k, n);
-  uint8_t *mkey = xkeys + (uint32_t)32U;
+  uint8_t *mkey = xkeys + 32U;
   uint8_t tag_[16U] = { 0U };
-  Hacl_Poly1305_32_poly1305_mac(tag_, mlen, c, mkey);
-  uint8_t res = (uint8_t)255U;
+  Hacl_MAC_Poly1305_mac(tag_, c, mlen, mkey);
+  uint8_t res = 255U;
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint8_t uu____0 = FStar_UInt8_eq_mask(tag[i], tag_[i]);
-    res = uu____0 & res;);
+    res = (uint32_t)uu____0 & (uint32_t)res;);
   uint8_t z = res;
-  if (z == (uint8_t)255U)
+  if (z == 255U)
   {
     uint8_t *subkey = xkeys;
-    uint8_t *ekey0 = xkeys + (uint32_t)64U;
-    uint8_t *n1 = n + (uint32_t)16U;
+    uint8_t *ekey0 = xkeys + 64U;
+    uint8_t *n1 = n + 16U;
     uint32_t mlen0;
-    if (mlen <= (uint32_t)32U)
+    if (mlen <= 32U)
     {
       mlen0 = mlen;
     }
     else
     {
-      mlen0 = (uint32_t)32U;
+      mlen0 = 32U;
     }
     uint32_t mlen1 = mlen - mlen0;
     uint8_t *c0 = c;
     uint8_t *c1 = c + mlen0;
     uint8_t block0[32U] = { 0U };
     memcpy(block0, c0, mlen0 * sizeof (uint8_t));
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+    for (uint32_t i = 0U; i < 32U; i++)
     {
       uint8_t *os = block0;
-      uint8_t x = block0[i] ^ ekey0[i];
+      uint8_t x = (uint32_t)block0[i] ^ (uint32_t)ekey0[i];
       os[i] = x;
     }
     uint8_t *m0 = m;
     uint8_t *m1 = m + mlen0;
     memcpy(m0, block0, mlen0 * sizeof (uint8_t));
-    Hacl_Salsa20_salsa20_decrypt(mlen1, m1, c1, subkey, n1, (uint32_t)1U);
-    return (uint32_t)0U;
+    Hacl_Salsa20_salsa20_decrypt(mlen1, m1, c1, subkey, n1, 1U);
+    return 0U;
   }
-  return (uint32_t)0xffffffffU;
+  return 0xffffffffU;
 }
 
 static void secretbox_easy(uint32_t mlen, uint8_t *c, uint8_t *k, uint8_t *n, uint8_t *m)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   secretbox_detached(mlen, cip, tag, k, n, m);
 }
 
@@ -141,7 +141,7 @@ static uint32_t
 secretbox_open_easy(uint32_t mlen, uint8_t *m, uint8_t *k, uint8_t *n, uint8_t *c)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   return secretbox_open_detached(mlen, m, k, n, cip, tag);
 }
 
@@ -152,9 +152,9 @@ static inline uint32_t box_beforenm(uint8_t *k, uint8_t *pk, uint8_t *sk)
   if (r)
   {
     Hacl_Salsa20_hsalsa20(k, k, n0);
-    return (uint32_t)0U;
+    return 0U;
   }
-  return (uint32_t)0xffffffffU;
+  return 0xffffffffU;
 }
 
 static inline uint32_t
@@ -168,7 +168,7 @@ box_detached_afternm(
 )
 {
   secretbox_detached(mlen, c, tag, k, n, m);
-  return (uint32_t)0U;
+  return 0U;
 }
 
 static inline uint32_t
@@ -184,11 +184,11 @@ box_detached(
 {
   uint8_t k[32U] = { 0U };
   uint32_t r = box_beforenm(k, pk, sk);
-  if (r == (uint32_t)0U)
+  if (r == 0U)
   {
     return box_detached_afternm(mlen, c, tag, k, n, m);
   }
-  return (uint32_t)0xffffffffU;
+  return 0xffffffffU;
 }
 
 static inline uint32_t
@@ -217,18 +217,18 @@ box_open_detached(
 {
   uint8_t k[32U] = { 0U };
   uint32_t r = box_beforenm(k, pk, sk);
-  if (r == (uint32_t)0U)
+  if (r == 0U)
   {
     return box_open_detached_afternm(mlen, m, k, n, c, tag);
   }
-  return (uint32_t)0xffffffffU;
+  return 0xffffffffU;
 }
 
 static inline uint32_t
 box_easy_afternm(uint32_t mlen, uint8_t *c, uint8_t *k, uint8_t *n, uint8_t *m)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   uint32_t res = box_detached_afternm(mlen, cip, tag, k, n, m);
   return res;
 }
@@ -237,7 +237,7 @@ static inline uint32_t
 box_easy(uint32_t mlen, uint8_t *c, uint8_t *sk, uint8_t *pk, uint8_t *n, uint8_t *m)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   uint32_t res = box_detached(mlen, cip, tag, sk, pk, n, m);
   return res;
 }
@@ -246,7 +246,7 @@ static inline uint32_t
 box_open_easy_afternm(uint32_t mlen, uint8_t *m, uint8_t *k, uint8_t *n, uint8_t *c)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   return box_open_detached_afternm(mlen, m, k, n, cip, tag);
 }
 
@@ -254,7 +254,7 @@ static inline uint32_t
 box_open_easy(uint32_t mlen, uint8_t *m, uint8_t *pk, uint8_t *sk, uint8_t *n, uint8_t *c)
 {
   uint8_t *tag = c;
-  uint8_t *cip = c + (uint32_t)16U;
+  uint8_t *cip = c + 16U;
   return box_open_detached(mlen, m, pk, sk, n, cip, tag);
 }
 
@@ -281,7 +281,7 @@ Hacl_NaCl_crypto_secretbox_detached(
 )
 {
   secretbox_detached(mlen, c, tag, k, n, m);
-  return (uint32_t)0U;
+  return 0U;
 }
 
 /**
@@ -322,7 +322,7 @@ uint32_t
 Hacl_NaCl_crypto_secretbox_easy(uint8_t *c, uint8_t *m, uint32_t mlen, uint8_t *n, uint8_t *k)
 {
   secretbox_easy(mlen, c, k, n, m);
-  return (uint32_t)0U;
+  return 0U;
 }
 
 /**
@@ -343,7 +343,7 @@ Hacl_NaCl_crypto_secretbox_open_easy(
   uint8_t *k
 )
 {
-  return secretbox_open_easy(clen - (uint32_t)16U, m, k, n, c);
+  return secretbox_open_easy(clen - 16U, m, k, n, c);
 }
 
 /**
@@ -490,7 +490,7 @@ Hacl_NaCl_crypto_box_open_easy_afternm(
   uint8_t *k
 )
 {
-  return box_open_easy_afternm(clen - (uint32_t)16U, m, k, n, c);
+  return box_open_easy_afternm(clen - 16U, m, k, n, c);
 }
 
 /**
@@ -513,6 +513,6 @@ Hacl_NaCl_crypto_box_open_easy(
   uint8_t *sk
 )
 {
-  return box_open_easy(clen - (uint32_t)16U, m, pk, sk, n, c);
+  return box_open_easy(clen - 16U, m, pk, sk, n, c);
 }
 
diff --git a/src/msvc/Hacl_P256.c b/src/msvc/Hacl_P256.c
index 7e586e54..609fed81 100644
--- a/src/msvc/Hacl_P256.c
+++ b/src/msvc/Hacl_P256.c
@@ -33,11 +33,11 @@
 static inline uint64_t bn_is_zero_mask4(uint64_t *f)
 {
   uint64_t bn_zero[4U] = { 0U };
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(f[i], bn_zero[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
@@ -48,16 +48,16 @@ static inline uint64_t bn_is_zero_mask4(uint64_t *f)
 static inline bool bn_is_zero_vartime4(uint64_t *f)
 {
   uint64_t m = bn_is_zero_mask4(f);
-  return m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static inline uint64_t bn_is_eq_mask4(uint64_t *a, uint64_t *b)
 {
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], b[i]);
     mask = uu____0 & mask;);
   uint64_t mask1 = mask;
@@ -67,16 +67,16 @@ static inline uint64_t bn_is_eq_mask4(uint64_t *a, uint64_t *b)
 static inline bool bn_is_eq_vartime4(uint64_t *a, uint64_t *b)
 {
   uint64_t m = bn_is_eq_mask4(a, b);
-  return m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static inline void bn_cmovznz4(uint64_t *res, uint64_t cin, uint64_t *x, uint64_t *y)
 {
-  uint64_t mask = ~FStar_UInt64_eq_mask(cin, (uint64_t)0U);
+  uint64_t mask = ~FStar_UInt64_eq_mask(cin, 0ULL);
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t uu____0 = x[i];
     uint64_t x1 = uu____0 ^ (mask & (y[i] ^ uu____0));
@@ -85,52 +85,52 @@ static inline void bn_cmovznz4(uint64_t *res, uint64_t cin, uint64_t *x, uint64_
 
 static inline void bn_add_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t *y)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = x[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = y[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = x[4U * 0U];
+    uint64_t t20 = y[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = x[4U * 0U + 1U];
+    uint64_t t21 = y[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = x[4U * 0U + 2U];
+    uint64_t t22 = y[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = x[4U * 0U + 3U];
+    uint64_t t2 = y[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x1;);
@@ -138,23 +138,23 @@ static inline void bn_add_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t
 
 static inline uint64_t bn_sub4(uint64_t *res, uint64_t *x, uint64_t *y)
 {
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = x[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = y[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = x[4U * 0U];
+    uint64_t t20 = y[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = x[4U * 0U + 1U];
+    uint64_t t21 = y[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = x[4U * 0U + 2U];
+    uint64_t t22 = y[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = x[4U * 0U + 3U];
+    uint64_t t2 = y[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c0 = c;
@@ -163,53 +163,53 @@ static inline uint64_t bn_sub4(uint64_t *res, uint64_t *x, uint64_t *y)
 
 static inline void bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t *y)
 {
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   {
-    uint64_t t1 = x[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = y[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = x[4U * 0U];
+    uint64_t t20 = y[4U * 0U];
+    uint64_t *res_i0 = res + 4U * 0U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0);
-    uint64_t t10 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = x[4U * 0U + 1U];
+    uint64_t t21 = y[4U * 0U + 1U];
+    uint64_t *res_i1 = res + 4U * 0U + 1U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1);
-    uint64_t t11 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = x[4U * 0U + 2U];
+    uint64_t t22 = y[4U * 0U + 2U];
+    uint64_t *res_i2 = res + 4U * 0U + 2U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2);
-    uint64_t t12 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = x[4U * 0U + 3U];
+    uint64_t t2 = y[4U * 0U + 3U];
+    uint64_t *res_i = res + 4U * 0U + 3U;
     c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i);
   }
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
-  KRML_HOST_IGNORE(c1);
-  uint64_t c2 = (uint64_t)0U - c00;
+  KRML_MAYBE_UNUSED_VAR(c1);
+  uint64_t c2 = 0ULL - c00;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x1 = (c2 & tmp[i]) | (~c2 & res[i]);
     os[i] = x1;);
@@ -217,59 +217,59 @@ static inline void bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t
 
 static inline void bn_mul4(uint64_t *res, uint64_t *x, uint64_t *y)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t bj = y[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = x[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = x[4U * 0U];
+      uint64_t *res_i0 = res_j + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
-      uint64_t a_i0 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = x[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
-      uint64_t a_i1 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = x[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
-      uint64_t a_i2 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = x[4U * 0U + 3U];
+      uint64_t *res_i = res_j + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
     }
     uint64_t r = c;
-    res[(uint32_t)4U + i0] = r;);
+    res[4U + i0] = r;);
 }
 
 static inline void bn_sqr4(uint64_t *res, uint64_t *x)
 {
-  memset(res, 0U, (uint32_t)8U * sizeof (uint64_t));
+  memset(res, 0U, 8U * sizeof (uint64_t));
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *ab = x;
     uint64_t a_j = x[i0];
     uint64_t *res_j = res + i0;
-    uint64_t c = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++)
+    uint64_t c = 0ULL;
+    for (uint32_t i = 0U; i < i0 / 4U; i++)
     {
-      uint64_t a_i = ab[(uint32_t)4U * i];
-      uint64_t *res_i0 = res_j + (uint32_t)4U * i;
+      uint64_t a_i = ab[4U * i];
+      uint64_t *res_i0 = res_j + 4U * i;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0);
-      uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
-      uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
+      uint64_t a_i0 = ab[4U * i + 1U];
+      uint64_t *res_i1 = res_j + 4U * i + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1);
-      uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
-      uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
+      uint64_t a_i1 = ab[4U * i + 2U];
+      uint64_t *res_i2 = res_j + 4U * i + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2);
-      uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
-      uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
+      uint64_t a_i2 = ab[4U * i + 3U];
+      uint64_t *res_i = res_j + 4U * i + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i);
     }
-    for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++)
+    for (uint32_t i = i0 / 4U * 4U; i < i0; i++)
     {
       uint64_t a_i = ab[i];
       uint64_t *res_i = res_j + i;
@@ -277,41 +277,37 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     }
     uint64_t r = c;
     res[i0 + i0] = r;);
-  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
-  KRML_HOST_IGNORE(c0);
+  uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, res, res);
+  KRML_MAYBE_UNUSED_VAR(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(x[i], x[i]);
-    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U));
+    uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U));
     uint64_t lo = FStar_UInt128_uint128_to_uint64(res1);
-    tmp[(uint32_t)2U * i] = lo;
-    tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
-  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
-  KRML_HOST_IGNORE(c1);
+    tmp[2U * i] = lo;
+    tmp[2U * i + 1U] = hi;);
+  uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(8U, res, tmp, res);
+  KRML_MAYBE_UNUSED_VAR(c1);
 }
 
 static inline void bn_to_bytes_be4(uint8_t *res, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
-  KRML_HOST_IGNORE(tmp);
-  KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    store64_be(res + i * (uint32_t)8U, f[(uint32_t)4U - i - (uint32_t)1U]););
+  KRML_MAYBE_UNUSED_VAR(tmp);
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(res + i * 8U, f[4U - i - 1U]););
 }
 
 static inline void bn_from_bytes_be4(uint64_t *res, uint8_t *b)
 {
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
-    uint64_t u = load64_be(b + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U);
+    uint64_t u = load64_be(b + (4U - i - 1U) * 8U);
     uint64_t x = u;
     os[i] = x;);
 }
@@ -319,79 +315,79 @@ static inline void bn_from_bytes_be4(uint64_t *res, uint8_t *b)
 static inline void bn2_to_bytes_be4(uint8_t *res, uint64_t *x, uint64_t *y)
 {
   bn_to_bytes_be4(res, x);
-  bn_to_bytes_be4(res + (uint32_t)32U, y);
+  bn_to_bytes_be4(res + 32U, y);
 }
 
 static inline void make_prime(uint64_t *n)
 {
-  n[0U] = (uint64_t)0xffffffffffffffffU;
-  n[1U] = (uint64_t)0xffffffffU;
-  n[2U] = (uint64_t)0x0U;
-  n[3U] = (uint64_t)0xffffffff00000001U;
+  n[0U] = 0xffffffffffffffffULL;
+  n[1U] = 0xffffffffULL;
+  n[2U] = 0x0ULL;
+  n[3U] = 0xffffffff00000001ULL;
 }
 
 static inline void make_order(uint64_t *n)
 {
-  n[0U] = (uint64_t)0xf3b9cac2fc632551U;
-  n[1U] = (uint64_t)0xbce6faada7179e84U;
-  n[2U] = (uint64_t)0xffffffffffffffffU;
-  n[3U] = (uint64_t)0xffffffff00000000U;
+  n[0U] = 0xf3b9cac2fc632551ULL;
+  n[1U] = 0xbce6faada7179e84ULL;
+  n[2U] = 0xffffffffffffffffULL;
+  n[3U] = 0xffffffff00000000ULL;
 }
 
 static inline void make_a_coeff(uint64_t *a)
 {
-  a[0U] = (uint64_t)0xfffffffffffffffcU;
-  a[1U] = (uint64_t)0x3ffffffffU;
-  a[2U] = (uint64_t)0x0U;
-  a[3U] = (uint64_t)0xfffffffc00000004U;
+  a[0U] = 0xfffffffffffffffcULL;
+  a[1U] = 0x3ffffffffULL;
+  a[2U] = 0x0ULL;
+  a[3U] = 0xfffffffc00000004ULL;
 }
 
 static inline void make_b_coeff(uint64_t *b)
 {
-  b[0U] = (uint64_t)0xd89cdf6229c4bddfU;
-  b[1U] = (uint64_t)0xacf005cd78843090U;
-  b[2U] = (uint64_t)0xe5a220abf7212ed6U;
-  b[3U] = (uint64_t)0xdc30061d04874834U;
+  b[0U] = 0xd89cdf6229c4bddfULL;
+  b[1U] = 0xacf005cd78843090ULL;
+  b[2U] = 0xe5a220abf7212ed6ULL;
+  b[3U] = 0xdc30061d04874834ULL;
 }
 
 static inline void make_g_x(uint64_t *n)
 {
-  n[0U] = (uint64_t)0x79e730d418a9143cU;
-  n[1U] = (uint64_t)0x75ba95fc5fedb601U;
-  n[2U] = (uint64_t)0x79fb732b77622510U;
-  n[3U] = (uint64_t)0x18905f76a53755c6U;
+  n[0U] = 0x79e730d418a9143cULL;
+  n[1U] = 0x75ba95fc5fedb601ULL;
+  n[2U] = 0x79fb732b77622510ULL;
+  n[3U] = 0x18905f76a53755c6ULL;
 }
 
 static inline void make_g_y(uint64_t *n)
 {
-  n[0U] = (uint64_t)0xddf25357ce95560aU;
-  n[1U] = (uint64_t)0x8b4ab8e4ba19e45cU;
-  n[2U] = (uint64_t)0xd2e88688dd21f325U;
-  n[3U] = (uint64_t)0x8571ff1825885d85U;
+  n[0U] = 0xddf25357ce95560aULL;
+  n[1U] = 0x8b4ab8e4ba19e45cULL;
+  n[2U] = 0xd2e88688dd21f325ULL;
+  n[3U] = 0x8571ff1825885d85ULL;
 }
 
 static inline void make_fmont_R2(uint64_t *n)
 {
-  n[0U] = (uint64_t)0x3U;
-  n[1U] = (uint64_t)0xfffffffbffffffffU;
-  n[2U] = (uint64_t)0xfffffffffffffffeU;
-  n[3U] = (uint64_t)0x4fffffffdU;
+  n[0U] = 0x3ULL;
+  n[1U] = 0xfffffffbffffffffULL;
+  n[2U] = 0xfffffffffffffffeULL;
+  n[3U] = 0x4fffffffdULL;
 }
 
 static inline void make_fzero(uint64_t *n)
 {
-  n[0U] = (uint64_t)0U;
-  n[1U] = (uint64_t)0U;
-  n[2U] = (uint64_t)0U;
-  n[3U] = (uint64_t)0U;
+  n[0U] = 0ULL;
+  n[1U] = 0ULL;
+  n[2U] = 0ULL;
+  n[3U] = 0ULL;
 }
 
 static inline void make_fone(uint64_t *n)
 {
-  n[0U] = (uint64_t)0x1U;
-  n[1U] = (uint64_t)0xffffffff00000000U;
-  n[2U] = (uint64_t)0xffffffffffffffffU;
-  n[3U] = (uint64_t)0xfffffffeU;
+  n[0U] = 0x1ULL;
+  n[1U] = 0xffffffff00000000ULL;
+  n[2U] = 0xffffffffffffffffULL;
+  n[3U] = 0xfffffffeULL;
 }
 
 static inline uint64_t bn_is_lt_prime_mask4(uint64_t *f)
@@ -399,7 +395,7 @@ static inline uint64_t bn_is_lt_prime_mask4(uint64_t *f)
   uint64_t tmp[4U] = { 0U };
   make_prime(tmp);
   uint64_t c = bn_sub4(tmp, f, tmp);
-  return (uint64_t)0U - c;
+  return 0ULL - c;
 }
 
 static inline uint64_t feq_mask(uint64_t *a, uint64_t *b)
@@ -435,61 +431,61 @@ static inline void mont_reduction(uint64_t *res, uint64_t *x)
 {
   uint64_t n[4U] = { 0U };
   make_prime(n);
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t qj = (uint64_t)1U * x[i0];
+    0U,
+    4U,
+    1U,
+    uint64_t qj = 1ULL * x[i0];
     uint64_t *res_j0 = x + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = n[4U * 0U];
+      uint64_t *res_i0 = res_j0 + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * 0U + 3U];
+      uint64_t *res_i = res_j0 + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i);
     }
     uint64_t r = c;
     uint64_t c1 = r;
-    uint64_t *resb = x + (uint32_t)4U + i0;
-    uint64_t res_j = x[(uint32_t)4U + i0];
+    uint64_t *resb = x + 4U + i0;
+    uint64_t res_j = x[4U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb););
-  memcpy(res, x + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, x + 4U, 4U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x1;);
@@ -512,7 +508,7 @@ static inline void fsqr0(uint64_t *res, uint64_t *x)
 static inline void from_mont(uint64_t *res, uint64_t *a)
 {
   uint64_t tmp[8U] = { 0U };
-  memcpy(tmp, a, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(tmp, a, 4U * sizeof (uint64_t));
   mont_reduction(res, tmp);
 }
 
@@ -540,105 +536,105 @@ static inline void finv(uint64_t *res, uint64_t *a)
 {
   uint64_t tmp[16U] = { 0U };
   uint64_t *x30 = tmp;
-  uint64_t *x2 = tmp + (uint32_t)4U;
-  uint64_t *tmp1 = tmp + (uint32_t)8U;
-  uint64_t *tmp2 = tmp + (uint32_t)12U;
-  memcpy(x2, a, (uint32_t)4U * sizeof (uint64_t));
+  uint64_t *x2 = tmp + 4U;
+  uint64_t *tmp1 = tmp + 8U;
+  uint64_t *tmp2 = tmp + 12U;
+  memcpy(x2, a, 4U * sizeof (uint64_t));
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, a);
-  memcpy(x30, x2, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(x30, x2, 4U * sizeof (uint64_t));
   {
     fsqr0(x30, x30);
   }
   fmul0(x30, x30, a);
-  memcpy(tmp1, x30, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, x30, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, x30);
-  memcpy(tmp2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, fsqr0(tmp2, tmp2););
+  memcpy(tmp2, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, fsqr0(tmp2, tmp2););
   fmul0(tmp2, tmp2, tmp1);
-  memcpy(tmp1, tmp2, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, tmp2, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, x30);
-  memcpy(x30, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR15(i, (uint32_t)0U, (uint32_t)15U, (uint32_t)1U, fsqr0(x30, x30););
+  memcpy(x30, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR15(i, 0U, 15U, 1U, fsqr0(x30, x30););
   fmul0(x30, x30, tmp1);
-  memcpy(tmp1, x30, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, x30, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, x2);
-  memcpy(x2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  memcpy(x2, tmp1, 4U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, a);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
+  for (uint32_t i = 0U; i < 128U; i++)
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, tmp1);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, tmp1);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)30U; i++)
+  for (uint32_t i = 0U; i < 30U; i++)
   {
     fsqr0(x2, x2);
   }
   fmul0(x2, x2, x30);
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, fsqr0(x2, x2););
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, fsqr0(x2, x2););
   fmul0(tmp1, x2, a);
-  memcpy(res, tmp1, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, tmp1, 4U * sizeof (uint64_t));
 }
 
 static inline void fsqrt(uint64_t *res, uint64_t *a)
 {
   uint64_t tmp[8U] = { 0U };
   uint64_t *tmp1 = tmp;
-  uint64_t *tmp2 = tmp + (uint32_t)4U;
-  memcpy(tmp1, a, (uint32_t)4U * sizeof (uint64_t));
+  uint64_t *tmp2 = tmp + 4U;
+  memcpy(tmp1, a, 4U * sizeof (uint64_t));
   {
     fsqr0(tmp1, tmp1);
   }
   fmul0(tmp1, tmp1, a);
-  memcpy(tmp2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, fsqr0(tmp2, tmp2););
+  memcpy(tmp2, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, fsqr0(tmp2, tmp2););
   fmul0(tmp2, tmp2, tmp1);
-  memcpy(tmp1, tmp2, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, tmp2, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, tmp2);
-  memcpy(tmp2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, fsqr0(tmp2, tmp2););
+  memcpy(tmp2, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, fsqr0(tmp2, tmp2););
   fmul0(tmp2, tmp2, tmp1);
-  memcpy(tmp1, tmp2, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR16(i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, fsqr0(tmp1, tmp1););
+  memcpy(tmp1, tmp2, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR16(i, 0U, 16U, 1U, fsqr0(tmp1, tmp1););
   fmul0(tmp1, tmp1, tmp2);
-  memcpy(tmp2, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  memcpy(tmp2, tmp1, 4U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     fsqr0(tmp2, tmp2);
   }
   fmul0(tmp2, tmp2, a);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)96U; i++)
+  for (uint32_t i = 0U; i < 96U; i++)
   {
     fsqr0(tmp2, tmp2);
   }
   fmul0(tmp2, tmp2, a);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)94U; i++)
+  for (uint32_t i = 0U; i < 94U; i++)
   {
     fsqr0(tmp2, tmp2);
   }
-  memcpy(res, tmp2, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, tmp2, 4U * sizeof (uint64_t));
 }
 
 static inline void make_base_point(uint64_t *p)
 {
   uint64_t *x = p;
-  uint64_t *y = p + (uint32_t)4U;
-  uint64_t *z = p + (uint32_t)8U;
+  uint64_t *y = p + 4U;
+  uint64_t *z = p + 8U;
   make_g_x(x);
   make_g_y(y);
   make_fone(z);
@@ -647,8 +643,8 @@ static inline void make_base_point(uint64_t *p)
 static inline void make_point_at_inf(uint64_t *p)
 {
   uint64_t *x = p;
-  uint64_t *y = p + (uint32_t)4U;
-  uint64_t *z = p + (uint32_t)8U;
+  uint64_t *y = p + 4U;
+  uint64_t *z = p + 8U;
   make_fzero(x);
   make_fone(y);
   make_fzero(z);
@@ -656,7 +652,7 @@ static inline void make_point_at_inf(uint64_t *p)
 
 static inline bool is_point_at_inf_vartime(uint64_t *p)
 {
-  uint64_t *pz = p + (uint32_t)8U;
+  uint64_t *pz = p + 8U;
   return bn_is_zero_vartime4(pz);
 }
 
@@ -664,10 +660,10 @@ static inline void to_aff_point(uint64_t *res, uint64_t *p)
 {
   uint64_t zinv[4U] = { 0U };
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
-  uint64_t *pz = p + (uint32_t)8U;
+  uint64_t *py = p + 4U;
+  uint64_t *pz = p + 8U;
   uint64_t *x = res;
-  uint64_t *y = res + (uint32_t)4U;
+  uint64_t *y = res + 4U;
   finv(zinv, pz);
   fmul0(x, px, zinv);
   fmul0(y, py, zinv);
@@ -679,7 +675,7 @@ static inline void to_aff_point_x(uint64_t *res, uint64_t *p)
 {
   uint64_t zinv[4U] = { 0U };
   uint64_t *px = p;
-  uint64_t *pz = p + (uint32_t)8U;
+  uint64_t *pz = p + 8U;
   finv(zinv, pz);
   fmul0(res, px, zinv);
   from_mont(res, res);
@@ -688,10 +684,10 @@ static inline void to_aff_point_x(uint64_t *res, uint64_t *p)
 static inline void to_proj_point(uint64_t *res, uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
+  uint64_t *py = p + 4U;
   uint64_t *rx = res;
-  uint64_t *ry = res + (uint32_t)4U;
-  uint64_t *rz = res + (uint32_t)8U;
+  uint64_t *ry = res + 4U;
+  uint64_t *rz = res + 8U;
   to_mont(rx, px);
   to_mont(ry, py);
   make_fone(rz);
@@ -703,7 +699,7 @@ static inline bool is_on_curve_vartime(uint64_t *p)
   uint64_t tx[4U] = { 0U };
   uint64_t ty[4U] = { 0U };
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
+  uint64_t *py = p + 4U;
   to_mont(tx, px);
   to_mont(ty, py);
   uint64_t tmp[4U] = { 0U };
@@ -715,14 +711,14 @@ static inline bool is_on_curve_vartime(uint64_t *p)
   fadd0(rp, tmp, rp);
   fsqr0(ty, ty);
   uint64_t r = feq_mask(ty, rp);
-  bool r0 = r == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool r0 = r == 0xFFFFFFFFFFFFFFFFULL;
   return r0;
 }
 
 static inline void aff_point_store(uint8_t *res, uint64_t *p)
 {
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
+  uint64_t *py = p + 4U;
   bn2_to_bytes_be4(res, px, py);
 }
 
@@ -736,17 +732,17 @@ static inline void point_store(uint8_t *res, uint64_t *p)
 static inline bool aff_point_load_vartime(uint64_t *p, uint8_t *b)
 {
   uint8_t *p_x = b;
-  uint8_t *p_y = b + (uint32_t)32U;
+  uint8_t *p_y = b + 32U;
   uint64_t *bn_p_x = p;
-  uint64_t *bn_p_y = p + (uint32_t)4U;
+  uint64_t *bn_p_y = p + 4U;
   bn_from_bytes_be4(bn_p_x, p_x);
   bn_from_bytes_be4(bn_p_y, p_y);
   uint64_t *px = p;
-  uint64_t *py = p + (uint32_t)4U;
+  uint64_t *py = p + 4U;
   uint64_t lessX = bn_is_lt_prime_mask4(px);
   uint64_t lessY = bn_is_lt_prime_mask4(py);
   uint64_t res = lessX & lessY;
-  bool is_xy_valid = res == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool is_xy_valid = res == 0xFFFFFFFFFFFFFFFFULL;
   if (!is_xy_valid)
   {
     return false;
@@ -769,15 +765,15 @@ static inline bool aff_point_decompress_vartime(uint64_t *x, uint64_t *y, uint8_
 {
   uint8_t s0 = s[0U];
   uint8_t s01 = s0;
-  if (!(s01 == (uint8_t)0x02U || s01 == (uint8_t)0x03U))
+  if (!(s01 == 0x02U || s01 == 0x03U))
   {
     return false;
   }
-  uint8_t *xb = s + (uint32_t)1U;
+  uint8_t *xb = s + 1U;
   bn_from_bytes_be4(x, xb);
   uint64_t is_x_valid = bn_is_lt_prime_mask4(x);
-  bool is_x_valid1 = is_x_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  bool is_y_odd = s01 == (uint8_t)0x03U;
+  bool is_x_valid1 = is_x_valid == 0xFFFFFFFFFFFFFFFFULL;
+  bool is_y_odd = s01 == 0x03U;
   if (!is_x_valid1)
   {
     return false;
@@ -797,14 +793,14 @@ static inline bool aff_point_decompress_vartime(uint64_t *x, uint64_t *y, uint8_
   from_mont(y, yM);
   fsqr0(yM, yM);
   uint64_t r = feq_mask(yM, y2M);
-  bool is_y_valid = r == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool is_y_valid = r == 0xFFFFFFFFFFFFFFFFULL;
   bool is_y_valid0 = is_y_valid;
   if (!is_y_valid0)
   {
     return false;
   }
-  uint64_t is_y_odd1 = y[0U] & (uint64_t)1U;
-  bool is_y_odd2 = is_y_odd1 == (uint64_t)1U;
+  uint64_t is_y_odd1 = y[0U] & 1ULL;
+  bool is_y_odd2 = is_y_odd1 == 1ULL;
   fnegate_conditional_vartime(y, is_y_odd2 != is_y_odd);
   return true;
 }
@@ -813,18 +809,18 @@ static inline void point_double(uint64_t *res, uint64_t *p)
 {
   uint64_t tmp[20U] = { 0U };
   uint64_t *x = p;
-  uint64_t *z = p + (uint32_t)8U;
+  uint64_t *z = p + 8U;
   uint64_t *x3 = res;
-  uint64_t *y3 = res + (uint32_t)4U;
-  uint64_t *z3 = res + (uint32_t)8U;
+  uint64_t *y3 = res + 4U;
+  uint64_t *z3 = res + 8U;
   uint64_t *t0 = tmp;
-  uint64_t *t1 = tmp + (uint32_t)4U;
-  uint64_t *t2 = tmp + (uint32_t)8U;
-  uint64_t *t3 = tmp + (uint32_t)12U;
-  uint64_t *t4 = tmp + (uint32_t)16U;
+  uint64_t *t1 = tmp + 4U;
+  uint64_t *t2 = tmp + 8U;
+  uint64_t *t3 = tmp + 12U;
+  uint64_t *t4 = tmp + 16U;
   uint64_t *x1 = p;
-  uint64_t *y = p + (uint32_t)4U;
-  uint64_t *z1 = p + (uint32_t)8U;
+  uint64_t *y = p + 4U;
+  uint64_t *z1 = p + 8U;
   fsqr0(t0, x1);
   fsqr0(t1, y);
   fsqr0(t2, z1);
@@ -865,22 +861,22 @@ static inline void point_add(uint64_t *res, uint64_t *p, uint64_t *q)
 {
   uint64_t tmp[36U] = { 0U };
   uint64_t *t0 = tmp;
-  uint64_t *t1 = tmp + (uint32_t)24U;
+  uint64_t *t1 = tmp + 24U;
   uint64_t *x3 = t1;
-  uint64_t *y3 = t1 + (uint32_t)4U;
-  uint64_t *z3 = t1 + (uint32_t)8U;
+  uint64_t *y3 = t1 + 4U;
+  uint64_t *z3 = t1 + 8U;
   uint64_t *t01 = t0;
-  uint64_t *t11 = t0 + (uint32_t)4U;
-  uint64_t *t2 = t0 + (uint32_t)8U;
-  uint64_t *t3 = t0 + (uint32_t)12U;
-  uint64_t *t4 = t0 + (uint32_t)16U;
-  uint64_t *t5 = t0 + (uint32_t)20U;
+  uint64_t *t11 = t0 + 4U;
+  uint64_t *t2 = t0 + 8U;
+  uint64_t *t3 = t0 + 12U;
+  uint64_t *t4 = t0 + 16U;
+  uint64_t *t5 = t0 + 20U;
   uint64_t *x1 = p;
-  uint64_t *y1 = p + (uint32_t)4U;
-  uint64_t *z10 = p + (uint32_t)8U;
+  uint64_t *y1 = p + 4U;
+  uint64_t *z10 = p + 8U;
   uint64_t *x20 = q;
-  uint64_t *y20 = q + (uint32_t)4U;
-  uint64_t *z20 = q + (uint32_t)8U;
+  uint64_t *y20 = q + 4U;
+  uint64_t *z20 = q + 8U;
   fmul0(t01, x1, x20);
   fmul0(t11, y1, y20);
   fmul0(t2, z10, z20);
@@ -888,10 +884,10 @@ static inline void point_add(uint64_t *res, uint64_t *p, uint64_t *q)
   fadd0(t4, x20, y20);
   fmul0(t3, t3, t4);
   fadd0(t4, t01, t11);
-  uint64_t *y10 = p + (uint32_t)4U;
-  uint64_t *z11 = p + (uint32_t)8U;
-  uint64_t *y2 = q + (uint32_t)4U;
-  uint64_t *z21 = q + (uint32_t)8U;
+  uint64_t *y10 = p + 4U;
+  uint64_t *z11 = p + 8U;
+  uint64_t *y2 = q + 4U;
+  uint64_t *z21 = q + 8U;
   fsub0(t3, t3, t4);
   fadd0(t4, y10, z11);
   fadd0(t5, y2, z21);
@@ -899,9 +895,9 @@ static inline void point_add(uint64_t *res, uint64_t *p, uint64_t *q)
   fadd0(t5, t11, t2);
   fsub0(t4, t4, t5);
   uint64_t *x10 = p;
-  uint64_t *z1 = p + (uint32_t)8U;
+  uint64_t *z1 = p + 8U;
   uint64_t *x2 = q;
-  uint64_t *z2 = q + (uint32_t)8U;
+  uint64_t *z2 = q + 8U;
   fadd0(x3, x10, z1);
   fadd0(y3, x2, z2);
   fmul0(x3, x3, y3);
@@ -932,7 +928,7 @@ static inline void point_add(uint64_t *res, uint64_t *p, uint64_t *q)
   fmul0(z3, t4, z3);
   fmul0(t11, t3, t01);
   fadd0(z3, z3, t11);
-  memcpy(res, t1, (uint32_t)12U * sizeof (uint64_t));
+  memcpy(res, t1, 12U * sizeof (uint64_t));
 }
 
 static inline void point_mul(uint64_t *res, uint64_t *scalar, uint64_t *p)
@@ -940,41 +936,37 @@ static inline void point_mul(uint64_t *res, uint64_t *scalar, uint64_t *p)
   uint64_t table[192U] = { 0U };
   uint64_t tmp[12U] = { 0U };
   uint64_t *t0 = table;
-  uint64_t *t1 = table + (uint32_t)12U;
+  uint64_t *t1 = table + 12U;
   make_point_at_inf(t0);
-  memcpy(t1, p, (uint32_t)12U * sizeof (uint64_t));
+  memcpy(t1, p, 12U * sizeof (uint64_t));
   KRML_MAYBE_FOR7(i,
-    (uint32_t)0U,
-    (uint32_t)7U,
-    (uint32_t)1U,
-    uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)12U;
+    0U,
+    7U,
+    1U,
+    uint64_t *t11 = table + (i + 1U) * 12U;
     point_double(tmp, t11);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U,
-      tmp,
-      (uint32_t)12U * sizeof (uint64_t));
-    uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U;
+    memcpy(table + (2U * i + 2U) * 12U, tmp, 12U * sizeof (uint64_t));
+    uint64_t *t2 = table + (2U * i + 2U) * 12U;
     point_add(tmp, p, t2);
-    memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)12U,
-      tmp,
-      (uint32_t)12U * sizeof (uint64_t)););
+    memcpy(table + (2U * i + 3U) * 12U, tmp, 12U * sizeof (uint64_t)););
   make_point_at_inf(res);
   uint64_t tmp0[12U] = { 0U };
-  for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++)
+  for (uint32_t i0 = 0U; i0 < 64U; i0++)
   {
-    KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, point_double(res, res););
-    uint32_t k = (uint32_t)256U - (uint32_t)4U * i0 - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar, k, (uint32_t)4U);
-    memcpy(tmp0, (uint64_t *)table, (uint32_t)12U * sizeof (uint64_t));
+    KRML_MAYBE_FOR4(i, 0U, 4U, 1U, point_double(res, res););
+    uint32_t k = 256U - 4U * i0 - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar, k, 4U);
+    memcpy(tmp0, (uint64_t *)table, 12U * sizeof (uint64_t));
     KRML_MAYBE_FOR15(i1,
-      (uint32_t)0U,
-      (uint32_t)15U,
-      (uint32_t)1U,
-      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U));
-      const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)12U;
+      0U,
+      15U,
+      1U,
+      uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U));
+      const uint64_t *res_j = table + (i1 + 1U) * 12U;
       KRML_MAYBE_FOR12(i,
-        (uint32_t)0U,
-        (uint32_t)12U,
-        (uint32_t)1U,
+        0U,
+        12U,
+        1U,
         uint64_t *os = tmp0;
         uint64_t x = (c & res_j[i]) | (~c & tmp0[i]);
         os[i] = x;););
@@ -984,17 +976,17 @@ static inline void point_mul(uint64_t *res, uint64_t *scalar, uint64_t *p)
 
 static inline void precomp_get_consttime(const uint64_t *table, uint64_t bits_l, uint64_t *tmp)
 {
-  memcpy(tmp, (uint64_t *)table, (uint32_t)12U * sizeof (uint64_t));
+  memcpy(tmp, (uint64_t *)table, 12U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i0,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + (uint32_t)1U));
-    const uint64_t *res_j = table + (i0 + (uint32_t)1U) * (uint32_t)12U;
+    0U,
+    15U,
+    1U,
+    uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + 1U));
+    const uint64_t *res_j = table + (i0 + 1U) * 12U;
     KRML_MAYBE_FOR12(i,
-      (uint32_t)0U,
-      (uint32_t)12U,
-      (uint32_t)1U,
+      0U,
+      12U,
+      1U,
       uint64_t *os = tmp;
       uint64_t x = (c & res_j[i]) | (~c & tmp[i]);
       os[i] = x;););
@@ -1007,64 +999,58 @@ static inline void point_mul_g(uint64_t *res, uint64_t *scalar)
   uint64_t
   q2[12U] =
     {
-      (uint64_t)1499621593102562565U, (uint64_t)16692369783039433128U,
-      (uint64_t)15337520135922861848U, (uint64_t)5455737214495366228U,
-      (uint64_t)17827017231032529600U, (uint64_t)12413621606240782649U,
-      (uint64_t)2290483008028286132U, (uint64_t)15752017553340844820U,
-      (uint64_t)4846430910634234874U, (uint64_t)10861682798464583253U,
-      (uint64_t)15404737222404363049U, (uint64_t)363586619281562022U
+      1499621593102562565ULL, 16692369783039433128ULL, 15337520135922861848ULL,
+      5455737214495366228ULL, 17827017231032529600ULL, 12413621606240782649ULL,
+      2290483008028286132ULL, 15752017553340844820ULL, 4846430910634234874ULL,
+      10861682798464583253ULL, 15404737222404363049ULL, 363586619281562022ULL
     };
   uint64_t
   q3[12U] =
     {
-      (uint64_t)14619254753077084366U, (uint64_t)13913835116514008593U,
-      (uint64_t)15060744674088488145U, (uint64_t)17668414598203068685U,
-      (uint64_t)10761169236902342334U, (uint64_t)15467027479157446221U,
-      (uint64_t)14989185522423469618U, (uint64_t)14354539272510107003U,
-      (uint64_t)14298211796392133693U, (uint64_t)13270323784253711450U,
-      (uint64_t)13380964971965046957U, (uint64_t)8686204248456909699U
+      14619254753077084366ULL, 13913835116514008593ULL, 15060744674088488145ULL,
+      17668414598203068685ULL, 10761169236902342334ULL, 15467027479157446221ULL,
+      14989185522423469618ULL, 14354539272510107003ULL, 14298211796392133693ULL,
+      13270323784253711450ULL, 13380964971965046957ULL, 8686204248456909699ULL
     };
   uint64_t
   q4[12U] =
     {
-      (uint64_t)7870395003430845958U, (uint64_t)18001862936410067720U,
-      (uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U,
-      (uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U,
-      (uint64_t)7139806720777708306U, (uint64_t)8253938546650739833U,
-      (uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U,
-      (uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U
+      7870395003430845958ULL, 18001862936410067720ULL, 8006461232116967215ULL,
+      5921313779532424762ULL, 10702113371959864307ULL, 8070517410642379879ULL,
+      7139806720777708306ULL, 8253938546650739833ULL, 17490482834545705718ULL,
+      1065249776797037500ULL, 5018258455937968775ULL, 14100621120178668337ULL
     };
   uint64_t *r1 = scalar;
-  uint64_t *r2 = scalar + (uint32_t)1U;
-  uint64_t *r3 = scalar + (uint32_t)2U;
-  uint64_t *r4 = scalar + (uint32_t)3U;
+  uint64_t *r2 = scalar + 1U;
+  uint64_t *r3 = scalar + 2U;
+  uint64_t *r4 = scalar + 3U;
   make_point_at_inf(res);
   uint64_t tmp[12U] = { 0U };
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    KRML_MAYBE_FOR4(i0, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, point_double(res, res););
-    uint32_t k = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r4, k, (uint32_t)4U);
+    0U,
+    16U,
+    1U,
+    KRML_MAYBE_FOR4(i0, 0U, 4U, 1U, point_double(res, res););
+    uint32_t k = 64U - 4U * i - 4U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r4, k, 4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_g_pow2_192_table_w4, bits_l, tmp);
     point_add(res, res, tmp);
-    uint32_t k0 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r3, k0, (uint32_t)4U);
+    uint32_t k0 = 64U - 4U * i - 4U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r3, k0, 4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_g_pow2_128_table_w4, bits_l0, tmp);
     point_add(res, res, tmp);
-    uint32_t k1 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r2, k1, (uint32_t)4U);
+    uint32_t k1 = 64U - 4U * i - 4U;
+    uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r2, k1, 4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_g_pow2_64_table_w4, bits_l1, tmp);
     point_add(res, res, tmp);
-    uint32_t k2 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U;
-    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
+    uint32_t k2 = 64U - 4U * i - 4U;
+    uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64(1U, r1, k2, 4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     point_add(res, res, tmp););
-  KRML_HOST_IGNORE(q1);
-  KRML_HOST_IGNORE(q2);
-  KRML_HOST_IGNORE(q3);
-  KRML_HOST_IGNORE(q4);
+  KRML_MAYBE_UNUSED_VAR(q1);
+  KRML_MAYBE_UNUSED_VAR(q2);
+  KRML_MAYBE_UNUSED_VAR(q3);
+  KRML_MAYBE_UNUSED_VAR(q4);
 }
 
 static inline void
@@ -1075,54 +1061,48 @@ point_mul_double_g(uint64_t *res, uint64_t *scalar1, uint64_t *scalar2, uint64_t
   uint64_t table2[384U] = { 0U };
   uint64_t tmp[12U] = { 0U };
   uint64_t *t0 = table2;
-  uint64_t *t1 = table2 + (uint32_t)12U;
+  uint64_t *t1 = table2 + 12U;
   make_point_at_inf(t0);
-  memcpy(t1, q2, (uint32_t)12U * sizeof (uint64_t));
+  memcpy(t1, q2, 12U * sizeof (uint64_t));
   KRML_MAYBE_FOR15(i,
-    (uint32_t)0U,
-    (uint32_t)15U,
-    (uint32_t)1U,
-    uint64_t *t11 = table2 + (i + (uint32_t)1U) * (uint32_t)12U;
+    0U,
+    15U,
+    1U,
+    uint64_t *t11 = table2 + (i + 1U) * 12U;
     point_double(tmp, t11);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U,
-      tmp,
-      (uint32_t)12U * sizeof (uint64_t));
-    uint64_t *t2 = table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U;
+    memcpy(table2 + (2U * i + 2U) * 12U, tmp, 12U * sizeof (uint64_t));
+    uint64_t *t2 = table2 + (2U * i + 2U) * 12U;
     point_add(tmp, q2, t2);
-    memcpy(table2 + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)12U,
-      tmp,
-      (uint32_t)12U * sizeof (uint64_t)););
+    memcpy(table2 + (2U * i + 3U) * 12U, tmp, 12U * sizeof (uint64_t)););
   uint64_t tmp0[12U] = { 0U };
-  uint32_t i0 = (uint32_t)255U;
-  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, i0, (uint32_t)5U);
+  uint32_t i0 = 255U;
+  uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar1, i0, 5U);
   uint32_t bits_l32 = (uint32_t)bits_c;
-  const
-  uint64_t
-  *a_bits_l = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * (uint32_t)12U;
-  memcpy(res, (uint64_t *)a_bits_l, (uint32_t)12U * sizeof (uint64_t));
-  uint32_t i1 = (uint32_t)255U;
-  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, i1, (uint32_t)5U);
+  const uint64_t *a_bits_l = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * 12U;
+  memcpy(res, (uint64_t *)a_bits_l, 12U * sizeof (uint64_t));
+  uint32_t i1 = 255U;
+  uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar2, i1, 5U);
   uint32_t bits_l320 = (uint32_t)bits_c0;
-  const uint64_t *a_bits_l0 = table2 + bits_l320 * (uint32_t)12U;
-  memcpy(tmp0, (uint64_t *)a_bits_l0, (uint32_t)12U * sizeof (uint64_t));
+  const uint64_t *a_bits_l0 = table2 + bits_l320 * 12U;
+  memcpy(tmp0, (uint64_t *)a_bits_l0, 12U * sizeof (uint64_t));
   point_add(res, res, tmp0);
   uint64_t tmp1[12U] = { 0U };
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)51U; i++)
+  for (uint32_t i = 0U; i < 51U; i++)
   {
-    KRML_MAYBE_FOR5(i2, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, point_double(res, res););
-    uint32_t k = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, k, (uint32_t)5U);
+    KRML_MAYBE_FOR5(i2, 0U, 5U, 1U, point_double(res, res););
+    uint32_t k = 255U - 5U * i - 5U;
+    uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar2, k, 5U);
     uint32_t bits_l321 = (uint32_t)bits_l;
-    const uint64_t *a_bits_l1 = table2 + bits_l321 * (uint32_t)12U;
-    memcpy(tmp1, (uint64_t *)a_bits_l1, (uint32_t)12U * sizeof (uint64_t));
+    const uint64_t *a_bits_l1 = table2 + bits_l321 * 12U;
+    memcpy(tmp1, (uint64_t *)a_bits_l1, 12U * sizeof (uint64_t));
     point_add(res, res, tmp1);
-    uint32_t k0 = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U;
-    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, k0, (uint32_t)5U);
+    uint32_t k0 = 255U - 5U * i - 5U;
+    uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64(4U, scalar1, k0, 5U);
     uint32_t bits_l322 = (uint32_t)bits_l0;
     const
     uint64_t
-    *a_bits_l2 = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * (uint32_t)12U;
-    memcpy(tmp1, (uint64_t *)a_bits_l2, (uint32_t)12U * sizeof (uint64_t));
+    *a_bits_l2 = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * 12U;
+    memcpy(tmp1, (uint64_t *)a_bits_l2, 12U * sizeof (uint64_t));
     point_add(res, res, tmp1);
   }
 }
@@ -1132,7 +1112,7 @@ static inline uint64_t bn_is_lt_order_mask4(uint64_t *f)
   uint64_t tmp[4U] = { 0U };
   make_order(tmp);
   uint64_t c = bn_sub4(tmp, f, tmp);
-  return (uint64_t)0U - c;
+  return 0ULL - c;
 }
 
 static inline uint64_t bn_is_lt_order_and_gt_zero_mask4(uint64_t *f)
@@ -1161,61 +1141,61 @@ static inline void qmont_reduction(uint64_t *res, uint64_t *x)
 {
   uint64_t n[4U] = { 0U };
   make_order(n);
-  uint64_t c0 = (uint64_t)0U;
+  uint64_t c0 = 0ULL;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
-    uint64_t qj = (uint64_t)0xccd1c8aaee00bc4fU * x[i0];
+    0U,
+    4U,
+    1U,
+    uint64_t qj = 0xccd1c8aaee00bc4fULL * x[i0];
     uint64_t *res_j0 = x + i0;
-    uint64_t c = (uint64_t)0U;
+    uint64_t c = 0ULL;
     {
-      uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U];
-      uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U;
+      uint64_t a_i = n[4U * 0U];
+      uint64_t *res_i0 = res_j0 + 4U * 0U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0);
-      uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-      uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+      uint64_t a_i0 = n[4U * 0U + 1U];
+      uint64_t *res_i1 = res_j0 + 4U * 0U + 1U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1);
-      uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-      uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+      uint64_t a_i1 = n[4U * 0U + 2U];
+      uint64_t *res_i2 = res_j0 + 4U * 0U + 2U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2);
-      uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-      uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+      uint64_t a_i2 = n[4U * 0U + 3U];
+      uint64_t *res_i = res_j0 + 4U * 0U + 3U;
       c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i);
     }
     uint64_t r = c;
     uint64_t c1 = r;
-    uint64_t *resb = x + (uint32_t)4U + i0;
-    uint64_t res_j = x[(uint32_t)4U + i0];
+    uint64_t *resb = x + 4U + i0;
+    uint64_t res_j = x[4U + i0];
     c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb););
-  memcpy(res, x + (uint32_t)4U, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(res, x + 4U, 4U * sizeof (uint64_t));
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
-  uint64_t c = (uint64_t)0U;
+  uint64_t c = 0ULL;
   {
-    uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U];
-    uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U];
-    uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U;
+    uint64_t t1 = res[4U * 0U];
+    uint64_t t20 = n[4U * 0U];
+    uint64_t *res_i0 = tmp + 4U * 0U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
-    uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U];
-    uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U;
+    uint64_t t10 = res[4U * 0U + 1U];
+    uint64_t t21 = n[4U * 0U + 1U];
+    uint64_t *res_i1 = tmp + 4U * 0U + 1U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
-    uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U];
-    uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U;
+    uint64_t t11 = res[4U * 0U + 2U];
+    uint64_t t22 = n[4U * 0U + 2U];
+    uint64_t *res_i2 = tmp + 4U * 0U + 2U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
-    uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U];
-    uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U;
+    uint64_t t12 = res[4U * 0U + 3U];
+    uint64_t t2 = n[4U * 0U + 3U];
+    uint64_t *res_i = tmp + 4U * 0U + 3U;
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
   uint64_t c2 = c00 - c1;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = res;
     uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]);
     os[i] = x1;);
@@ -1224,7 +1204,7 @@ static inline void qmont_reduction(uint64_t *res, uint64_t *x)
 static inline void from_qmont(uint64_t *res, uint64_t *x)
 {
   uint64_t tmp[8U] = { 0U };
-  memcpy(tmp, x, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(tmp, x, 4U * sizeof (uint64_t));
   qmont_reduction(res, tmp);
 }
 
@@ -1246,18 +1226,18 @@ bool Hacl_Impl_P256_DH_ecp256dh_i(uint8_t *public_key, uint8_t *private_key)
 {
   uint64_t tmp[16U] = { 0U };
   uint64_t *sk = tmp;
-  uint64_t *pk = tmp + (uint32_t)4U;
+  uint64_t *pk = tmp + 4U;
   bn_from_bytes_be4(sk, private_key);
   uint64_t is_b_valid = bn_is_lt_order_and_gt_zero_mask4(sk);
   uint64_t oneq[4U] = { 0U };
-  oneq[0U] = (uint64_t)1U;
-  oneq[1U] = (uint64_t)0U;
-  oneq[2U] = (uint64_t)0U;
-  oneq[3U] = (uint64_t)0U;
+  oneq[0U] = 1ULL;
+  oneq[1U] = 0ULL;
+  oneq[2U] = 0ULL;
+  oneq[3U] = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = sk;
     uint64_t uu____0 = oneq[i];
     uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0));
@@ -1265,7 +1245,7 @@ bool Hacl_Impl_P256_DH_ecp256dh_i(uint8_t *public_key, uint8_t *private_key)
   uint64_t is_sk_valid = is_b_valid;
   point_mul_g(pk, sk);
   point_store(public_key, pk);
-  return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return is_sk_valid == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 bool
@@ -1277,19 +1257,19 @@ Hacl_Impl_P256_DH_ecp256dh_r(
 {
   uint64_t tmp[16U] = { 0U };
   uint64_t *sk = tmp;
-  uint64_t *pk = tmp + (uint32_t)4U;
+  uint64_t *pk = tmp + 4U;
   bool is_pk_valid = load_point_vartime(pk, their_pubkey);
   bn_from_bytes_be4(sk, private_key);
   uint64_t is_b_valid = bn_is_lt_order_and_gt_zero_mask4(sk);
   uint64_t oneq[4U] = { 0U };
-  oneq[0U] = (uint64_t)1U;
-  oneq[1U] = (uint64_t)0U;
-  oneq[2U] = (uint64_t)0U;
-  oneq[3U] = (uint64_t)0U;
+  oneq[0U] = 1ULL;
+  oneq[1U] = 0ULL;
+  oneq[2U] = 0ULL;
+  oneq[3U] = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = sk;
     uint64_t uu____0 = oneq[i];
     uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0));
@@ -1301,27 +1281,27 @@ Hacl_Impl_P256_DH_ecp256dh_r(
     point_mul(ss_proj, sk, pk);
     point_store(shared_secret, ss_proj);
   }
-  return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU && is_pk_valid;
+  return is_sk_valid == 0xFFFFFFFFFFFFFFFFULL && is_pk_valid;
 }
 
 static inline void qinv(uint64_t *res, uint64_t *r)
 {
   uint64_t tmp[28U] = { 0U };
   uint64_t *x6 = tmp;
-  uint64_t *x_11 = tmp + (uint32_t)4U;
-  uint64_t *x_101 = tmp + (uint32_t)8U;
-  uint64_t *x_111 = tmp + (uint32_t)12U;
-  uint64_t *x_1111 = tmp + (uint32_t)16U;
-  uint64_t *x_10101 = tmp + (uint32_t)20U;
-  uint64_t *x_101111 = tmp + (uint32_t)24U;
-  memcpy(x6, r, (uint32_t)4U * sizeof (uint64_t));
+  uint64_t *x_11 = tmp + 4U;
+  uint64_t *x_101 = tmp + 8U;
+  uint64_t *x_111 = tmp + 12U;
+  uint64_t *x_1111 = tmp + 16U;
+  uint64_t *x_10101 = tmp + 20U;
+  uint64_t *x_101111 = tmp + 24U;
+  memcpy(x6, r, 4U * sizeof (uint64_t));
   {
     qsqr(x6, x6);
   }
   qmul(x_11, x6, r);
   qmul(x_101, x6, x_11);
   qmul(x_111, x6, x_101);
-  memcpy(x6, x_101, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(x6, x_101, 4U * sizeof (uint64_t));
   {
     qsqr(x6, x6);
   }
@@ -1330,86 +1310,86 @@ static inline void qinv(uint64_t *res, uint64_t *r)
     qsqr(x6, x6);
   }
   qmul(x_10101, x6, r);
-  memcpy(x6, x_10101, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(x6, x_10101, 4U * sizeof (uint64_t));
   {
     qsqr(x6, x6);
   }
   qmul(x_101111, x_101, x6);
   qmul(x6, x_10101, x6);
   uint64_t tmp1[4U] = { 0U };
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, qsqr(x6, x6););
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, qsqr(x6, x6););
   qmul(x6, x6, x_11);
-  memcpy(tmp1, x6, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  memcpy(tmp1, x6, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x6);
-  memcpy(x6, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  KRML_MAYBE_FOR16(i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, qsqr(x6, x6););
+  memcpy(x6, tmp1, 4U * sizeof (uint64_t));
+  KRML_MAYBE_FOR16(i, 0U, 16U, 1U, qsqr(x6, x6););
   qmul(x6, x6, tmp1);
-  memcpy(tmp1, x6, (uint32_t)4U * sizeof (uint64_t));
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
+  memcpy(tmp1, x6, 4U * sizeof (uint64_t));
+  for (uint32_t i = 0U; i < 64U; i++)
   {
     qsqr(tmp1, tmp1);
   }
   qmul(tmp1, tmp1, x6);
-  for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++)
+  for (uint32_t i = 0U; i < 32U; i++)
   {
     qsqr(tmp1, tmp1);
   }
   qmul(tmp1, tmp1, x6);
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_1111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_10101);
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101);
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101);
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR9(i, (uint32_t)0U, (uint32_t)9U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR9(i, 0U, 9U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101111);
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_1111);
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, r);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, r);
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_1111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR4(i, 0U, 4U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_111);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101);
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR10(i, (uint32_t)0U, (uint32_t)10U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR10(i, 0U, 10U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_101111);
-  KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR2(i, 0U, 2U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR5(i, 0U, 5U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_11);
-  KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR3(i, 0U, 3U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, r);
-  KRML_MAYBE_FOR7(i, (uint32_t)0U, (uint32_t)7U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR7(i, 0U, 7U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_10101);
-  KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1););
+  KRML_MAYBE_FOR6(i, 0U, 6U, 1U, qsqr(tmp1, tmp1););
   qmul(tmp1, tmp1, x_1111);
-  memcpy(x6, tmp1, (uint32_t)4U * sizeof (uint64_t));
-  memcpy(res, x6, (uint32_t)4U * sizeof (uint64_t));
+  memcpy(x6, tmp1, 4U * sizeof (uint64_t));
+  memcpy(res, x6, 4U * sizeof (uint64_t));
 }
 
 static inline void qmul_mont(uint64_t *sinv, uint64_t *b, uint64_t *res)
@@ -1429,20 +1409,16 @@ ecdsa_verify_msg_as_qelem(
 {
   uint64_t tmp[28U] = { 0U };
   uint64_t *pk = tmp;
-  uint64_t *r_q = tmp + (uint32_t)12U;
-  uint64_t *s_q = tmp + (uint32_t)16U;
-  uint64_t *u1 = tmp + (uint32_t)20U;
-  uint64_t *u2 = tmp + (uint32_t)24U;
+  uint64_t *r_q = tmp + 12U;
+  uint64_t *s_q = tmp + 16U;
+  uint64_t *u1 = tmp + 20U;
+  uint64_t *u2 = tmp + 24U;
   bool is_pk_valid = load_point_vartime(pk, public_key);
   bn_from_bytes_be4(r_q, signature_r);
   bn_from_bytes_be4(s_q, signature_s);
   uint64_t is_r_valid = bn_is_lt_order_and_gt_zero_mask4(r_q);
   uint64_t is_s_valid = bn_is_lt_order_and_gt_zero_mask4(s_q);
-  bool
-  is_rs_valid =
-    is_r_valid
-    == (uint64_t)0xFFFFFFFFFFFFFFFFU
-    && is_s_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool is_rs_valid = is_r_valid == 0xFFFFFFFFFFFFFFFFULL && is_s_valid == 0xFFFFFFFFFFFFFFFFULL;
   if (!(is_pk_valid && is_rs_valid))
   {
     return false;
@@ -1474,20 +1450,20 @@ ecdsa_sign_msg_as_qelem(
 {
   uint64_t rsdk_q[16U] = { 0U };
   uint64_t *r_q = rsdk_q;
-  uint64_t *s_q = rsdk_q + (uint32_t)4U;
-  uint64_t *d_a = rsdk_q + (uint32_t)8U;
-  uint64_t *k_q = rsdk_q + (uint32_t)12U;
+  uint64_t *s_q = rsdk_q + 4U;
+  uint64_t *d_a = rsdk_q + 8U;
+  uint64_t *k_q = rsdk_q + 12U;
   bn_from_bytes_be4(d_a, private_key);
   uint64_t is_b_valid0 = bn_is_lt_order_and_gt_zero_mask4(d_a);
   uint64_t oneq0[4U] = { 0U };
-  oneq0[0U] = (uint64_t)1U;
-  oneq0[1U] = (uint64_t)0U;
-  oneq0[2U] = (uint64_t)0U;
-  oneq0[3U] = (uint64_t)0U;
+  oneq0[0U] = 1ULL;
+  oneq0[1U] = 0ULL;
+  oneq0[2U] = 0ULL;
+  oneq0[3U] = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = d_a;
     uint64_t uu____0 = oneq0[i];
     uint64_t x = uu____0 ^ (is_b_valid0 & (d_a[i] ^ uu____0));
@@ -1496,14 +1472,14 @@ ecdsa_sign_msg_as_qelem(
   bn_from_bytes_be4(k_q, nonce);
   uint64_t is_b_valid = bn_is_lt_order_and_gt_zero_mask4(k_q);
   uint64_t oneq[4U] = { 0U };
-  oneq[0U] = (uint64_t)1U;
-  oneq[1U] = (uint64_t)0U;
-  oneq[2U] = (uint64_t)0U;
-  oneq[3U] = (uint64_t)0U;
+  oneq[0U] = 1ULL;
+  oneq[1U] = 0ULL;
+  oneq[2U] = 0ULL;
+  oneq[3U] = 0ULL;
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint64_t *os = k_q;
     uint64_t uu____1 = oneq[i];
     uint64_t x = uu____1 ^ (is_b_valid & (k_q[i] ^ uu____1));
@@ -1524,7 +1500,7 @@ ecdsa_sign_msg_as_qelem(
   uint64_t is_r_zero = bn_is_zero_mask4(r_q);
   uint64_t is_s_zero = bn_is_zero_mask4(s_q);
   uint64_t m = are_sk_nonce_valid & (~is_r_zero & ~is_s_zero);
-  bool res = m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool res = m == 0xFFFFFFFFFFFFFFFFULL;
   return res;
 }
 
@@ -1571,8 +1547,8 @@ Hacl_P256_ecdsa_sign_p256_sha2(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_256(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1604,8 +1580,8 @@ Hacl_P256_ecdsa_sign_p256_sha384(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
-  Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_384(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1637,8 +1613,8 @@ Hacl_P256_ecdsa_sign_p256_sha512(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
-  Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_512(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1680,8 +1656,8 @@ Hacl_P256_ecdsa_sign_p256_without_hash(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
-  memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(msg_len);
+  memcpy(mHash, msg, 32U * sizeof (uint8_t));
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1716,8 +1692,8 @@ Hacl_P256_ecdsa_verif_p256_sha2(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
-  Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_256(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1747,8 +1723,8 @@ Hacl_P256_ecdsa_verif_p256_sha384(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
-  Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_384(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1778,8 +1754,8 @@ Hacl_P256_ecdsa_verif_p256_sha512(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
-  Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
-  KRML_HOST_IGNORE(msg_len);
+  Hacl_Hash_SHA2_hash_512(mHash, msg, msg_len);
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1814,8 +1790,8 @@ Hacl_P256_ecdsa_verif_without_hash(
 {
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
-  memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
-  KRML_HOST_IGNORE(msg_len);
+  memcpy(mHash, msg, 32U * sizeof (uint8_t));
+  KRML_MAYBE_UNUSED_VAR(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1864,7 +1840,7 @@ bool Hacl_P256_validate_private_key(uint8_t *private_key)
   uint64_t bn_sk[4U] = { 0U };
   bn_from_bytes_be4(bn_sk, private_key);
   uint64_t res = bn_is_lt_order_and_gt_zero_mask4(bn_sk);
-  return res == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return res == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /*******************************************************************************
@@ -1893,11 +1869,11 @@ Convert a public key from uncompressed to its raw form.
 bool Hacl_P256_uncompressed_to_raw(uint8_t *pk, uint8_t *pk_raw)
 {
   uint8_t pk0 = pk[0U];
-  if (pk0 != (uint8_t)0x04U)
+  if (pk0 != 0x04U)
   {
     return false;
   }
-  memcpy(pk_raw, pk + (uint32_t)1U, (uint32_t)64U * sizeof (uint8_t));
+  memcpy(pk_raw, pk + 1U, 64U * sizeof (uint8_t));
   return true;
 }
 
@@ -1915,12 +1891,12 @@ bool Hacl_P256_compressed_to_raw(uint8_t *pk, uint8_t *pk_raw)
 {
   uint64_t xa[4U] = { 0U };
   uint64_t ya[4U] = { 0U };
-  uint8_t *pk_xb = pk + (uint32_t)1U;
+  uint8_t *pk_xb = pk + 1U;
   bool b = aff_point_decompress_vartime(xa, ya, pk);
   if (b)
   {
-    memcpy(pk_raw, pk_xb, (uint32_t)32U * sizeof (uint8_t));
-    bn_to_bytes_be4(pk_raw + (uint32_t)32U, ya);
+    memcpy(pk_raw, pk_xb, 32U * sizeof (uint8_t));
+    bn_to_bytes_be4(pk_raw + 32U, ya);
   }
   return b;
 }
@@ -1935,8 +1911,8 @@ Convert a public key from raw to its uncompressed form.
 */
 void Hacl_P256_raw_to_uncompressed(uint8_t *pk_raw, uint8_t *pk)
 {
-  pk[0U] = (uint8_t)0x04U;
-  memcpy(pk + (uint32_t)1U, pk_raw, (uint32_t)64U * sizeof (uint8_t));
+  pk[0U] = 0x04U;
+  memcpy(pk + 1U, pk_raw, 64U * sizeof (uint8_t));
 }
 
 /**
@@ -1950,12 +1926,12 @@ Convert a public key from raw to its compressed form.
 void Hacl_P256_raw_to_compressed(uint8_t *pk_raw, uint8_t *pk)
 {
   uint8_t *pk_x = pk_raw;
-  uint8_t *pk_y = pk_raw + (uint32_t)32U;
+  uint8_t *pk_y = pk_raw + 32U;
   uint64_t bn_f[4U] = { 0U };
   bn_from_bytes_be4(bn_f, pk_y);
-  uint64_t is_odd_f = bn_f[0U] & (uint64_t)1U;
-  pk[0U] = (uint8_t)is_odd_f + (uint8_t)0x02U;
-  memcpy(pk + (uint32_t)1U, pk_x, (uint32_t)32U * sizeof (uint8_t));
+  uint64_t is_odd_f = bn_f[0U] & 1ULL;
+  pk[0U] = (uint32_t)(uint8_t)is_odd_f + 0x02U;
+  memcpy(pk + 1U, pk_x, 32U * sizeof (uint8_t));
 }
 
 
diff --git a/src/msvc/Hacl_Poly1305_32.c b/src/msvc/Hacl_Poly1305_32.c
deleted file mode 100644
index 5192559b..00000000
--- a/src/msvc/Hacl_Poly1305_32.c
+++ /dev/null
@@ -1,572 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Poly1305_32.h"
-
-void Hacl_Poly1305_32_poly1305_init(uint64_t *ctx, uint8_t *key)
-{
-  uint64_t *acc = ctx;
-  uint64_t *pre = ctx + (uint32_t)5U;
-  uint8_t *kr = key;
-  acc[0U] = (uint64_t)0U;
-  acc[1U] = (uint64_t)0U;
-  acc[2U] = (uint64_t)0U;
-  acc[3U] = (uint64_t)0U;
-  acc[4U] = (uint64_t)0U;
-  uint64_t u0 = load64_le(kr);
-  uint64_t lo = u0;
-  uint64_t u = load64_le(kr + (uint32_t)8U);
-  uint64_t hi = u;
-  uint64_t mask0 = (uint64_t)0x0ffffffc0fffffffU;
-  uint64_t mask1 = (uint64_t)0x0ffffffc0ffffffcU;
-  uint64_t lo1 = lo & mask0;
-  uint64_t hi1 = hi & mask1;
-  uint64_t *r = pre;
-  uint64_t *r5 = pre + (uint32_t)5U;
-  uint64_t *rn = pre + (uint32_t)10U;
-  uint64_t *rn_5 = pre + (uint32_t)15U;
-  uint64_t r_vec0 = lo1;
-  uint64_t r_vec1 = hi1;
-  uint64_t f00 = r_vec0 & (uint64_t)0x3ffffffU;
-  uint64_t f10 = r_vec0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-  uint64_t f20 = r_vec0 >> (uint32_t)52U | (r_vec1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-  uint64_t f30 = r_vec1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-  uint64_t f40 = r_vec1 >> (uint32_t)40U;
-  uint64_t f0 = f00;
-  uint64_t f1 = f10;
-  uint64_t f2 = f20;
-  uint64_t f3 = f30;
-  uint64_t f4 = f40;
-  r[0U] = f0;
-  r[1U] = f1;
-  r[2U] = f2;
-  r[3U] = f3;
-  r[4U] = f4;
-  uint64_t f200 = r[0U];
-  uint64_t f21 = r[1U];
-  uint64_t f22 = r[2U];
-  uint64_t f23 = r[3U];
-  uint64_t f24 = r[4U];
-  r5[0U] = f200 * (uint64_t)5U;
-  r5[1U] = f21 * (uint64_t)5U;
-  r5[2U] = f22 * (uint64_t)5U;
-  r5[3U] = f23 * (uint64_t)5U;
-  r5[4U] = f24 * (uint64_t)5U;
-  rn[0U] = r[0U];
-  rn[1U] = r[1U];
-  rn[2U] = r[2U];
-  rn[3U] = r[3U];
-  rn[4U] = r[4U];
-  rn_5[0U] = r5[0U];
-  rn_5[1U] = r5[1U];
-  rn_5[2U] = r5[2U];
-  rn_5[3U] = r5[3U];
-  rn_5[4U] = r5[4U];
-}
-
-void Hacl_Poly1305_32_poly1305_update1(uint64_t *ctx, uint8_t *text)
-{
-  uint64_t *pre = ctx + (uint32_t)5U;
-  uint64_t *acc = ctx;
-  uint64_t e[5U] = { 0U };
-  uint64_t u0 = load64_le(text);
-  uint64_t lo = u0;
-  uint64_t u = load64_le(text + (uint32_t)8U);
-  uint64_t hi = u;
-  uint64_t f0 = lo;
-  uint64_t f1 = hi;
-  uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-  uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-  uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-  uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-  uint64_t f40 = f1 >> (uint32_t)40U;
-  uint64_t f01 = f010;
-  uint64_t f111 = f110;
-  uint64_t f2 = f20;
-  uint64_t f3 = f30;
-  uint64_t f41 = f40;
-  e[0U] = f01;
-  e[1U] = f111;
-  e[2U] = f2;
-  e[3U] = f3;
-  e[4U] = f41;
-  uint64_t b = (uint64_t)0x1000000U;
-  uint64_t mask = b;
-  uint64_t f4 = e[4U];
-  e[4U] = f4 | mask;
-  uint64_t *r = pre;
-  uint64_t *r5 = pre + (uint32_t)5U;
-  uint64_t r0 = r[0U];
-  uint64_t r1 = r[1U];
-  uint64_t r2 = r[2U];
-  uint64_t r3 = r[3U];
-  uint64_t r4 = r[4U];
-  uint64_t r51 = r5[1U];
-  uint64_t r52 = r5[2U];
-  uint64_t r53 = r5[3U];
-  uint64_t r54 = r5[4U];
-  uint64_t f10 = e[0U];
-  uint64_t f11 = e[1U];
-  uint64_t f12 = e[2U];
-  uint64_t f13 = e[3U];
-  uint64_t f14 = e[4U];
-  uint64_t a0 = acc[0U];
-  uint64_t a1 = acc[1U];
-  uint64_t a2 = acc[2U];
-  uint64_t a3 = acc[3U];
-  uint64_t a4 = acc[4U];
-  uint64_t a01 = a0 + f10;
-  uint64_t a11 = a1 + f11;
-  uint64_t a21 = a2 + f12;
-  uint64_t a31 = a3 + f13;
-  uint64_t a41 = a4 + f14;
-  uint64_t a02 = r0 * a01;
-  uint64_t a12 = r1 * a01;
-  uint64_t a22 = r2 * a01;
-  uint64_t a32 = r3 * a01;
-  uint64_t a42 = r4 * a01;
-  uint64_t a03 = a02 + r54 * a11;
-  uint64_t a13 = a12 + r0 * a11;
-  uint64_t a23 = a22 + r1 * a11;
-  uint64_t a33 = a32 + r2 * a11;
-  uint64_t a43 = a42 + r3 * a11;
-  uint64_t a04 = a03 + r53 * a21;
-  uint64_t a14 = a13 + r54 * a21;
-  uint64_t a24 = a23 + r0 * a21;
-  uint64_t a34 = a33 + r1 * a21;
-  uint64_t a44 = a43 + r2 * a21;
-  uint64_t a05 = a04 + r52 * a31;
-  uint64_t a15 = a14 + r53 * a31;
-  uint64_t a25 = a24 + r54 * a31;
-  uint64_t a35 = a34 + r0 * a31;
-  uint64_t a45 = a44 + r1 * a31;
-  uint64_t a06 = a05 + r51 * a41;
-  uint64_t a16 = a15 + r52 * a41;
-  uint64_t a26 = a25 + r53 * a41;
-  uint64_t a36 = a35 + r54 * a41;
-  uint64_t a46 = a45 + r0 * a41;
-  uint64_t t0 = a06;
-  uint64_t t1 = a16;
-  uint64_t t2 = a26;
-  uint64_t t3 = a36;
-  uint64_t t4 = a46;
-  uint64_t mask26 = (uint64_t)0x3ffffffU;
-  uint64_t z0 = t0 >> (uint32_t)26U;
-  uint64_t z1 = t3 >> (uint32_t)26U;
-  uint64_t x0 = t0 & mask26;
-  uint64_t x3 = t3 & mask26;
-  uint64_t x1 = t1 + z0;
-  uint64_t x4 = t4 + z1;
-  uint64_t z01 = x1 >> (uint32_t)26U;
-  uint64_t z11 = x4 >> (uint32_t)26U;
-  uint64_t t = z11 << (uint32_t)2U;
-  uint64_t z12 = z11 + t;
-  uint64_t x11 = x1 & mask26;
-  uint64_t x41 = x4 & mask26;
-  uint64_t x2 = t2 + z01;
-  uint64_t x01 = x0 + z12;
-  uint64_t z02 = x2 >> (uint32_t)26U;
-  uint64_t z13 = x01 >> (uint32_t)26U;
-  uint64_t x21 = x2 & mask26;
-  uint64_t x02 = x01 & mask26;
-  uint64_t x31 = x3 + z02;
-  uint64_t x12 = x11 + z13;
-  uint64_t z03 = x31 >> (uint32_t)26U;
-  uint64_t x32 = x31 & mask26;
-  uint64_t x42 = x41 + z03;
-  uint64_t o0 = x02;
-  uint64_t o1 = x12;
-  uint64_t o2 = x21;
-  uint64_t o3 = x32;
-  uint64_t o4 = x42;
-  acc[0U] = o0;
-  acc[1U] = o1;
-  acc[2U] = o2;
-  acc[3U] = o3;
-  acc[4U] = o4;
-}
-
-void Hacl_Poly1305_32_poly1305_update(uint64_t *ctx, uint32_t len, uint8_t *text)
-{
-  uint64_t *pre = ctx + (uint32_t)5U;
-  uint64_t *acc = ctx;
-  uint32_t nb = len / (uint32_t)16U;
-  uint32_t rem = len % (uint32_t)16U;
-  for (uint32_t i = (uint32_t)0U; i < nb; i++)
-  {
-    uint8_t *block = text + i * (uint32_t)16U;
-    uint64_t e[5U] = { 0U };
-    uint64_t u0 = load64_le(block);
-    uint64_t lo = u0;
-    uint64_t u = load64_le(block + (uint32_t)8U);
-    uint64_t hi = u;
-    uint64_t f0 = lo;
-    uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
-    uint64_t f01 = f010;
-    uint64_t f111 = f110;
-    uint64_t f2 = f20;
-    uint64_t f3 = f30;
-    uint64_t f41 = f40;
-    e[0U] = f01;
-    e[1U] = f111;
-    e[2U] = f2;
-    e[3U] = f3;
-    e[4U] = f41;
-    uint64_t b = (uint64_t)0x1000000U;
-    uint64_t mask = b;
-    uint64_t f4 = e[4U];
-    e[4U] = f4 | mask;
-    uint64_t *r = pre;
-    uint64_t *r5 = pre + (uint32_t)5U;
-    uint64_t r0 = r[0U];
-    uint64_t r1 = r[1U];
-    uint64_t r2 = r[2U];
-    uint64_t r3 = r[3U];
-    uint64_t r4 = r[4U];
-    uint64_t r51 = r5[1U];
-    uint64_t r52 = r5[2U];
-    uint64_t r53 = r5[3U];
-    uint64_t r54 = r5[4U];
-    uint64_t f10 = e[0U];
-    uint64_t f11 = e[1U];
-    uint64_t f12 = e[2U];
-    uint64_t f13 = e[3U];
-    uint64_t f14 = e[4U];
-    uint64_t a0 = acc[0U];
-    uint64_t a1 = acc[1U];
-    uint64_t a2 = acc[2U];
-    uint64_t a3 = acc[3U];
-    uint64_t a4 = acc[4U];
-    uint64_t a01 = a0 + f10;
-    uint64_t a11 = a1 + f11;
-    uint64_t a21 = a2 + f12;
-    uint64_t a31 = a3 + f13;
-    uint64_t a41 = a4 + f14;
-    uint64_t a02 = r0 * a01;
-    uint64_t a12 = r1 * a01;
-    uint64_t a22 = r2 * a01;
-    uint64_t a32 = r3 * a01;
-    uint64_t a42 = r4 * a01;
-    uint64_t a03 = a02 + r54 * a11;
-    uint64_t a13 = a12 + r0 * a11;
-    uint64_t a23 = a22 + r1 * a11;
-    uint64_t a33 = a32 + r2 * a11;
-    uint64_t a43 = a42 + r3 * a11;
-    uint64_t a04 = a03 + r53 * a21;
-    uint64_t a14 = a13 + r54 * a21;
-    uint64_t a24 = a23 + r0 * a21;
-    uint64_t a34 = a33 + r1 * a21;
-    uint64_t a44 = a43 + r2 * a21;
-    uint64_t a05 = a04 + r52 * a31;
-    uint64_t a15 = a14 + r53 * a31;
-    uint64_t a25 = a24 + r54 * a31;
-    uint64_t a35 = a34 + r0 * a31;
-    uint64_t a45 = a44 + r1 * a31;
-    uint64_t a06 = a05 + r51 * a41;
-    uint64_t a16 = a15 + r52 * a41;
-    uint64_t a26 = a25 + r53 * a41;
-    uint64_t a36 = a35 + r54 * a41;
-    uint64_t a46 = a45 + r0 * a41;
-    uint64_t t0 = a06;
-    uint64_t t1 = a16;
-    uint64_t t2 = a26;
-    uint64_t t3 = a36;
-    uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
-    uint64_t x0 = t0 & mask26;
-    uint64_t x3 = t3 & mask26;
-    uint64_t x1 = t1 + z0;
-    uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
-    uint64_t z12 = z11 + t;
-    uint64_t x11 = x1 & mask26;
-    uint64_t x41 = x4 & mask26;
-    uint64_t x2 = t2 + z01;
-    uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
-    uint64_t x21 = x2 & mask26;
-    uint64_t x02 = x01 & mask26;
-    uint64_t x31 = x3 + z02;
-    uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
-    uint64_t x32 = x31 & mask26;
-    uint64_t x42 = x41 + z03;
-    uint64_t o0 = x02;
-    uint64_t o1 = x12;
-    uint64_t o2 = x21;
-    uint64_t o3 = x32;
-    uint64_t o4 = x42;
-    acc[0U] = o0;
-    acc[1U] = o1;
-    acc[2U] = o2;
-    acc[3U] = o3;
-    acc[4U] = o4;
-  }
-  if (rem > (uint32_t)0U)
-  {
-    uint8_t *last = text + nb * (uint32_t)16U;
-    uint64_t e[5U] = { 0U };
-    uint8_t tmp[16U] = { 0U };
-    memcpy(tmp, last, rem * sizeof (uint8_t));
-    uint64_t u0 = load64_le(tmp);
-    uint64_t lo = u0;
-    uint64_t u = load64_le(tmp + (uint32_t)8U);
-    uint64_t hi = u;
-    uint64_t f0 = lo;
-    uint64_t f1 = hi;
-    uint64_t f010 = f0 & (uint64_t)0x3ffffffU;
-    uint64_t f110 = f0 >> (uint32_t)26U & (uint64_t)0x3ffffffU;
-    uint64_t f20 = f0 >> (uint32_t)52U | (f1 & (uint64_t)0x3fffU) << (uint32_t)12U;
-    uint64_t f30 = f1 >> (uint32_t)14U & (uint64_t)0x3ffffffU;
-    uint64_t f40 = f1 >> (uint32_t)40U;
-    uint64_t f01 = f010;
-    uint64_t f111 = f110;
-    uint64_t f2 = f20;
-    uint64_t f3 = f30;
-    uint64_t f4 = f40;
-    e[0U] = f01;
-    e[1U] = f111;
-    e[2U] = f2;
-    e[3U] = f3;
-    e[4U] = f4;
-    uint64_t b = (uint64_t)1U << rem * (uint32_t)8U % (uint32_t)26U;
-    uint64_t mask = b;
-    uint64_t fi = e[rem * (uint32_t)8U / (uint32_t)26U];
-    e[rem * (uint32_t)8U / (uint32_t)26U] = fi | mask;
-    uint64_t *r = pre;
-    uint64_t *r5 = pre + (uint32_t)5U;
-    uint64_t r0 = r[0U];
-    uint64_t r1 = r[1U];
-    uint64_t r2 = r[2U];
-    uint64_t r3 = r[3U];
-    uint64_t r4 = r[4U];
-    uint64_t r51 = r5[1U];
-    uint64_t r52 = r5[2U];
-    uint64_t r53 = r5[3U];
-    uint64_t r54 = r5[4U];
-    uint64_t f10 = e[0U];
-    uint64_t f11 = e[1U];
-    uint64_t f12 = e[2U];
-    uint64_t f13 = e[3U];
-    uint64_t f14 = e[4U];
-    uint64_t a0 = acc[0U];
-    uint64_t a1 = acc[1U];
-    uint64_t a2 = acc[2U];
-    uint64_t a3 = acc[3U];
-    uint64_t a4 = acc[4U];
-    uint64_t a01 = a0 + f10;
-    uint64_t a11 = a1 + f11;
-    uint64_t a21 = a2 + f12;
-    uint64_t a31 = a3 + f13;
-    uint64_t a41 = a4 + f14;
-    uint64_t a02 = r0 * a01;
-    uint64_t a12 = r1 * a01;
-    uint64_t a22 = r2 * a01;
-    uint64_t a32 = r3 * a01;
-    uint64_t a42 = r4 * a01;
-    uint64_t a03 = a02 + r54 * a11;
-    uint64_t a13 = a12 + r0 * a11;
-    uint64_t a23 = a22 + r1 * a11;
-    uint64_t a33 = a32 + r2 * a11;
-    uint64_t a43 = a42 + r3 * a11;
-    uint64_t a04 = a03 + r53 * a21;
-    uint64_t a14 = a13 + r54 * a21;
-    uint64_t a24 = a23 + r0 * a21;
-    uint64_t a34 = a33 + r1 * a21;
-    uint64_t a44 = a43 + r2 * a21;
-    uint64_t a05 = a04 + r52 * a31;
-    uint64_t a15 = a14 + r53 * a31;
-    uint64_t a25 = a24 + r54 * a31;
-    uint64_t a35 = a34 + r0 * a31;
-    uint64_t a45 = a44 + r1 * a31;
-    uint64_t a06 = a05 + r51 * a41;
-    uint64_t a16 = a15 + r52 * a41;
-    uint64_t a26 = a25 + r53 * a41;
-    uint64_t a36 = a35 + r54 * a41;
-    uint64_t a46 = a45 + r0 * a41;
-    uint64_t t0 = a06;
-    uint64_t t1 = a16;
-    uint64_t t2 = a26;
-    uint64_t t3 = a36;
-    uint64_t t4 = a46;
-    uint64_t mask26 = (uint64_t)0x3ffffffU;
-    uint64_t z0 = t0 >> (uint32_t)26U;
-    uint64_t z1 = t3 >> (uint32_t)26U;
-    uint64_t x0 = t0 & mask26;
-    uint64_t x3 = t3 & mask26;
-    uint64_t x1 = t1 + z0;
-    uint64_t x4 = t4 + z1;
-    uint64_t z01 = x1 >> (uint32_t)26U;
-    uint64_t z11 = x4 >> (uint32_t)26U;
-    uint64_t t = z11 << (uint32_t)2U;
-    uint64_t z12 = z11 + t;
-    uint64_t x11 = x1 & mask26;
-    uint64_t x41 = x4 & mask26;
-    uint64_t x2 = t2 + z01;
-    uint64_t x01 = x0 + z12;
-    uint64_t z02 = x2 >> (uint32_t)26U;
-    uint64_t z13 = x01 >> (uint32_t)26U;
-    uint64_t x21 = x2 & mask26;
-    uint64_t x02 = x01 & mask26;
-    uint64_t x31 = x3 + z02;
-    uint64_t x12 = x11 + z13;
-    uint64_t z03 = x31 >> (uint32_t)26U;
-    uint64_t x32 = x31 & mask26;
-    uint64_t x42 = x41 + z03;
-    uint64_t o0 = x02;
-    uint64_t o1 = x12;
-    uint64_t o2 = x21;
-    uint64_t o3 = x32;
-    uint64_t o4 = x42;
-    acc[0U] = o0;
-    acc[1U] = o1;
-    acc[2U] = o2;
-    acc[3U] = o3;
-    acc[4U] = o4;
-    return;
-  }
-}
-
-void Hacl_Poly1305_32_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx)
-{
-  uint64_t *acc = ctx;
-  uint8_t *ks = key + (uint32_t)16U;
-  uint64_t f0 = acc[0U];
-  uint64_t f13 = acc[1U];
-  uint64_t f23 = acc[2U];
-  uint64_t f33 = acc[3U];
-  uint64_t f40 = acc[4U];
-  uint64_t l0 = f0 + (uint64_t)0U;
-  uint64_t tmp00 = l0 & (uint64_t)0x3ffffffU;
-  uint64_t c00 = l0 >> (uint32_t)26U;
-  uint64_t l1 = f13 + c00;
-  uint64_t tmp10 = l1 & (uint64_t)0x3ffffffU;
-  uint64_t c10 = l1 >> (uint32_t)26U;
-  uint64_t l2 = f23 + c10;
-  uint64_t tmp20 = l2 & (uint64_t)0x3ffffffU;
-  uint64_t c20 = l2 >> (uint32_t)26U;
-  uint64_t l3 = f33 + c20;
-  uint64_t tmp30 = l3 & (uint64_t)0x3ffffffU;
-  uint64_t c30 = l3 >> (uint32_t)26U;
-  uint64_t l4 = f40 + c30;
-  uint64_t tmp40 = l4 & (uint64_t)0x3ffffffU;
-  uint64_t c40 = l4 >> (uint32_t)26U;
-  uint64_t f010 = tmp00 + c40 * (uint64_t)5U;
-  uint64_t f110 = tmp10;
-  uint64_t f210 = tmp20;
-  uint64_t f310 = tmp30;
-  uint64_t f410 = tmp40;
-  uint64_t l = f010 + (uint64_t)0U;
-  uint64_t tmp0 = l & (uint64_t)0x3ffffffU;
-  uint64_t c0 = l >> (uint32_t)26U;
-  uint64_t l5 = f110 + c0;
-  uint64_t tmp1 = l5 & (uint64_t)0x3ffffffU;
-  uint64_t c1 = l5 >> (uint32_t)26U;
-  uint64_t l6 = f210 + c1;
-  uint64_t tmp2 = l6 & (uint64_t)0x3ffffffU;
-  uint64_t c2 = l6 >> (uint32_t)26U;
-  uint64_t l7 = f310 + c2;
-  uint64_t tmp3 = l7 & (uint64_t)0x3ffffffU;
-  uint64_t c3 = l7 >> (uint32_t)26U;
-  uint64_t l8 = f410 + c3;
-  uint64_t tmp4 = l8 & (uint64_t)0x3ffffffU;
-  uint64_t c4 = l8 >> (uint32_t)26U;
-  uint64_t f02 = tmp0 + c4 * (uint64_t)5U;
-  uint64_t f12 = tmp1;
-  uint64_t f22 = tmp2;
-  uint64_t f32 = tmp3;
-  uint64_t f42 = tmp4;
-  uint64_t mh = (uint64_t)0x3ffffffU;
-  uint64_t ml = (uint64_t)0x3fffffbU;
-  uint64_t mask = FStar_UInt64_eq_mask(f42, mh);
-  uint64_t mask1 = mask & FStar_UInt64_eq_mask(f32, mh);
-  uint64_t mask2 = mask1 & FStar_UInt64_eq_mask(f22, mh);
-  uint64_t mask3 = mask2 & FStar_UInt64_eq_mask(f12, mh);
-  uint64_t mask4 = mask3 & ~~FStar_UInt64_gte_mask(f02, ml);
-  uint64_t ph = mask4 & mh;
-  uint64_t pl = mask4 & ml;
-  uint64_t o0 = f02 - pl;
-  uint64_t o1 = f12 - ph;
-  uint64_t o2 = f22 - ph;
-  uint64_t o3 = f32 - ph;
-  uint64_t o4 = f42 - ph;
-  uint64_t f011 = o0;
-  uint64_t f111 = o1;
-  uint64_t f211 = o2;
-  uint64_t f311 = o3;
-  uint64_t f411 = o4;
-  acc[0U] = f011;
-  acc[1U] = f111;
-  acc[2U] = f211;
-  acc[3U] = f311;
-  acc[4U] = f411;
-  uint64_t f00 = acc[0U];
-  uint64_t f1 = acc[1U];
-  uint64_t f2 = acc[2U];
-  uint64_t f3 = acc[3U];
-  uint64_t f4 = acc[4U];
-  uint64_t f01 = f00;
-  uint64_t f112 = f1;
-  uint64_t f212 = f2;
-  uint64_t f312 = f3;
-  uint64_t f41 = f4;
-  uint64_t lo = (f01 | f112 << (uint32_t)26U) | f212 << (uint32_t)52U;
-  uint64_t hi = (f212 >> (uint32_t)12U | f312 << (uint32_t)14U) | f41 << (uint32_t)40U;
-  uint64_t f10 = lo;
-  uint64_t f11 = hi;
-  uint64_t u0 = load64_le(ks);
-  uint64_t lo0 = u0;
-  uint64_t u = load64_le(ks + (uint32_t)8U);
-  uint64_t hi0 = u;
-  uint64_t f20 = lo0;
-  uint64_t f21 = hi0;
-  uint64_t r0 = f10 + f20;
-  uint64_t r1 = f11 + f21;
-  uint64_t c = (r0 ^ ((r0 ^ f20) | ((r0 - f20) ^ f20))) >> (uint32_t)63U;
-  uint64_t r11 = r1 + c;
-  uint64_t f30 = r0;
-  uint64_t f31 = r11;
-  store64_le(tag, f30);
-  store64_le(tag + (uint32_t)8U, f31);
-}
-
-void Hacl_Poly1305_32_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key)
-{
-  uint64_t ctx[25U] = { 0U };
-  Hacl_Poly1305_32_poly1305_init(ctx, key);
-  Hacl_Poly1305_32_poly1305_update(ctx, len, text);
-  Hacl_Poly1305_32_poly1305_finish(tag, key, ctx);
-}
-
diff --git a/src/msvc/Hacl_RSAPSS.c b/src/msvc/Hacl_RSAPSS.c
index 084f10b3..cd19195d 100644
--- a/src/msvc/Hacl_RSAPSS.c
+++ b/src/msvc/Hacl_RSAPSS.c
@@ -35,51 +35,51 @@ static inline uint32_t hash_len(Spec_Hash_Definitions_hash_alg a)
   {
     case Spec_Hash_Definitions_MD5:
       {
-        return (uint32_t)16U;
+        return 16U;
       }
     case Spec_Hash_Definitions_SHA1:
       {
-        return (uint32_t)20U;
+        return 20U;
       }
     case Spec_Hash_Definitions_SHA2_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA2_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     case Spec_Hash_Definitions_SHA3_224:
       {
-        return (uint32_t)28U;
+        return 28U;
       }
     case Spec_Hash_Definitions_SHA3_256:
       {
-        return (uint32_t)32U;
+        return 32U;
       }
     case Spec_Hash_Definitions_SHA3_384:
       {
-        return (uint32_t)48U;
+        return 48U;
       }
     case Spec_Hash_Definitions_SHA3_512:
       {
-        return (uint32_t)64U;
+        return 64U;
       }
     default:
       {
@@ -96,17 +96,17 @@ hash(Spec_Hash_Definitions_hash_alg a, uint8_t *mHash, uint32_t msgLen, uint8_t
   {
     case Spec_Hash_Definitions_SHA2_256:
       {
-        Hacl_Streaming_SHA2_hash_256(msg, msgLen, mHash);
+        Hacl_Hash_SHA2_hash_256(mHash, msg, msgLen);
         break;
       }
     case Spec_Hash_Definitions_SHA2_384:
       {
-        Hacl_Streaming_SHA2_hash_384(msg, msgLen, mHash);
+        Hacl_Hash_SHA2_hash_384(mHash, msg, msgLen);
         break;
       }
     case Spec_Hash_Definitions_SHA2_512:
       {
-        Hacl_Streaming_SHA2_hash_512(msg, msgLen, mHash);
+        Hacl_Hash_SHA2_hash_512(mHash, msg, msgLen);
         break;
       }
     default:
@@ -126,48 +126,48 @@ mgf_hash(
   uint8_t *res
 )
 {
-  KRML_CHECK_SIZE(sizeof (uint8_t), len + (uint32_t)4U);
-  uint8_t *mgfseed_counter = (uint8_t *)alloca((len + (uint32_t)4U) * sizeof (uint8_t));
-  memset(mgfseed_counter, 0U, (len + (uint32_t)4U) * sizeof (uint8_t));
+  KRML_CHECK_SIZE(sizeof (uint8_t), len + 4U);
+  uint8_t *mgfseed_counter = (uint8_t *)alloca((len + 4U) * sizeof (uint8_t));
+  memset(mgfseed_counter, 0U, (len + 4U) * sizeof (uint8_t));
   memcpy(mgfseed_counter, mgfseed, len * sizeof (uint8_t));
   uint32_t hLen = hash_len(a);
-  uint32_t n = (maskLen - (uint32_t)1U) / hLen + (uint32_t)1U;
+  uint32_t n = (maskLen - 1U) / hLen + 1U;
   uint32_t accLen = n * hLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), accLen);
   uint8_t *acc = (uint8_t *)alloca(accLen * sizeof (uint8_t));
   memset(acc, 0U, accLen * sizeof (uint8_t));
-  for (uint32_t i = (uint32_t)0U; i < n; i++)
+  for (uint32_t i = 0U; i < n; i++)
   {
     uint8_t *acc_i = acc + i * hLen;
     uint8_t *c = mgfseed_counter + len;
-    c[0U] = (uint8_t)(i >> (uint32_t)24U);
-    c[1U] = (uint8_t)(i >> (uint32_t)16U);
-    c[2U] = (uint8_t)(i >> (uint32_t)8U);
+    c[0U] = (uint8_t)(i >> 24U);
+    c[1U] = (uint8_t)(i >> 16U);
+    c[2U] = (uint8_t)(i >> 8U);
     c[3U] = (uint8_t)i;
-    hash(a, acc_i, len + (uint32_t)4U, mgfseed_counter);
+    hash(a, acc_i, len + 4U, mgfseed_counter);
   }
   memcpy(res, acc, maskLen * sizeof (uint8_t));
 }
 
 static inline uint64_t check_num_bits_u64(uint32_t bs, uint64_t *b)
 {
-  uint32_t bLen = (bs - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  if (bs == (uint32_t)64U * bLen)
+  uint32_t bLen = (bs - 1U) / 64U + 1U;
+  if (bs == 64U * bLen)
   {
-    return (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    return 0xFFFFFFFFFFFFFFFFULL;
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), bLen);
   uint64_t *b2 = (uint64_t *)alloca(bLen * sizeof (uint64_t));
   memset(b2, 0U, bLen * sizeof (uint64_t));
-  uint32_t i0 = bs / (uint32_t)64U;
-  uint32_t j = bs % (uint32_t)64U;
-  b2[i0] = b2[i0] | (uint64_t)1U << j;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < bLen; i++)
+  uint32_t i0 = bs / 64U;
+  uint32_t j = bs % 64U;
+  b2[i0] = b2[i0] | 1ULL << j;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < bLen; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t res = acc;
   return res;
@@ -175,21 +175,21 @@ static inline uint64_t check_num_bits_u64(uint32_t bs, uint64_t *b)
 
 static inline uint64_t check_modulus_u64(uint32_t modBits, uint64_t *n)
 {
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint64_t bits0 = n[0U] & (uint64_t)1U;
-  uint64_t m0 = (uint64_t)0U - bits0;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
+  uint64_t bits0 = n[0U] & 1ULL;
+  uint64_t m0 = 0ULL - bits0;
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t *b2 = (uint64_t *)alloca(nLen * sizeof (uint64_t));
   memset(b2, 0U, nLen * sizeof (uint64_t));
-  uint32_t i0 = (modBits - (uint32_t)1U) / (uint32_t)64U;
-  uint32_t j = (modBits - (uint32_t)1U) % (uint32_t)64U;
-  b2[i0] = b2[i0] | (uint64_t)1U << j;
-  uint64_t acc = (uint64_t)0U;
-  for (uint32_t i = (uint32_t)0U; i < nLen; i++)
+  uint32_t i0 = (modBits - 1U) / 64U;
+  uint32_t j = (modBits - 1U) % 64U;
+  b2[i0] = b2[i0] | 1ULL << j;
+  uint64_t acc = 0ULL;
+  for (uint32_t i = 0U; i < nLen; i++)
   {
     uint64_t beq = FStar_UInt64_eq_mask(b2[i], n[i]);
     uint64_t blt = ~FStar_UInt64_gte_mask(b2[i], n[i]);
-    acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+    acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
   }
   uint64_t res = acc;
   uint64_t m1 = res;
@@ -199,12 +199,12 @@ static inline uint64_t check_modulus_u64(uint32_t modBits, uint64_t *n)
 
 static inline uint64_t check_exponent_u64(uint32_t eBits, uint64_t *e)
 {
-  uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t eLen = (eBits - 1U) / 64U + 1U;
   KRML_CHECK_SIZE(sizeof (uint64_t), eLen);
   uint64_t *bn_zero = (uint64_t *)alloca(eLen * sizeof (uint64_t));
   memset(bn_zero, 0U, eLen * sizeof (uint64_t));
-  uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-  for (uint32_t i = (uint32_t)0U; i < eLen; i++)
+  uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+  for (uint32_t i = 0U; i < eLen; i++)
   {
     uint64_t uu____0 = FStar_UInt64_eq_mask(e[i], bn_zero[i]);
     mask = uu____0 & mask;
@@ -231,39 +231,39 @@ pss_encode(
   KRML_CHECK_SIZE(sizeof (uint8_t), hLen);
   uint8_t *m1Hash = (uint8_t *)alloca(hLen * sizeof (uint8_t));
   memset(m1Hash, 0U, hLen * sizeof (uint8_t));
-  uint32_t m1Len = (uint32_t)8U + hLen + saltLen;
+  uint32_t m1Len = 8U + hLen + saltLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), m1Len);
   uint8_t *m1 = (uint8_t *)alloca(m1Len * sizeof (uint8_t));
   memset(m1, 0U, m1Len * sizeof (uint8_t));
-  hash(a, m1 + (uint32_t)8U, msgLen, msg);
-  memcpy(m1 + (uint32_t)8U + hLen, salt, saltLen * sizeof (uint8_t));
+  hash(a, m1 + 8U, msgLen, msg);
+  memcpy(m1 + 8U + hLen, salt, saltLen * sizeof (uint8_t));
   hash(a, m1Hash, m1Len, m1);
-  uint32_t emLen = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t dbLen = emLen - hLen - (uint32_t)1U;
+  uint32_t emLen = (emBits - 1U) / 8U + 1U;
+  uint32_t dbLen = emLen - hLen - 1U;
   KRML_CHECK_SIZE(sizeof (uint8_t), dbLen);
   uint8_t *db = (uint8_t *)alloca(dbLen * sizeof (uint8_t));
   memset(db, 0U, dbLen * sizeof (uint8_t));
-  uint32_t last_before_salt = dbLen - saltLen - (uint32_t)1U;
-  db[last_before_salt] = (uint8_t)1U;
-  memcpy(db + last_before_salt + (uint32_t)1U, salt, saltLen * sizeof (uint8_t));
+  uint32_t last_before_salt = dbLen - saltLen - 1U;
+  db[last_before_salt] = 1U;
+  memcpy(db + last_before_salt + 1U, salt, saltLen * sizeof (uint8_t));
   KRML_CHECK_SIZE(sizeof (uint8_t), dbLen);
   uint8_t *dbMask = (uint8_t *)alloca(dbLen * sizeof (uint8_t));
   memset(dbMask, 0U, dbLen * sizeof (uint8_t));
   mgf_hash(a, hLen, m1Hash, dbLen, dbMask);
-  for (uint32_t i = (uint32_t)0U; i < dbLen; i++)
+  for (uint32_t i = 0U; i < dbLen; i++)
   {
     uint8_t *os = db;
-    uint8_t x = db[i] ^ dbMask[i];
+    uint8_t x = (uint32_t)db[i] ^ (uint32_t)dbMask[i];
     os[i] = x;
   }
-  uint32_t msBits = emBits % (uint32_t)8U;
-  if (msBits > (uint32_t)0U)
+  uint32_t msBits = emBits % 8U;
+  if (msBits > 0U)
   {
-    db[0U] = db[0U] & (uint8_t)0xffU >> ((uint32_t)8U - msBits);
+    db[0U] = (uint32_t)db[0U] & 0xffU >> (8U - msBits);
   }
   memcpy(em, db, dbLen * sizeof (uint8_t));
   memcpy(em + dbLen, m1Hash, hLen * sizeof (uint8_t));
-  em[emLen - (uint32_t)1U] = (uint8_t)0xbcU;
+  em[emLen - 1U] = 0xbcU;
 }
 
 static inline bool
@@ -276,105 +276,100 @@ pss_verify(
   uint8_t *em
 )
 {
-  uint32_t emLen = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t msBits = emBits % (uint32_t)8U;
+  uint32_t emLen = (emBits - 1U) / 8U + 1U;
+  uint32_t msBits = emBits % 8U;
   uint8_t em_0;
-  if (msBits > (uint32_t)0U)
+  if (msBits > 0U)
   {
-    em_0 = em[0U] & (uint8_t)0xffU << msBits;
+    em_0 = (uint32_t)em[0U] & 0xffU << msBits;
   }
   else
   {
-    em_0 = (uint8_t)0U;
+    em_0 = 0U;
   }
-  uint8_t em_last = em[emLen - (uint32_t)1U];
-  if (emLen < saltLen + hash_len(a) + (uint32_t)2U)
+  uint8_t em_last = em[emLen - 1U];
+  if (emLen < saltLen + hash_len(a) + 2U)
   {
     return false;
   }
-  if (!(em_last == (uint8_t)0xbcU && em_0 == (uint8_t)0U))
+  if (!(em_last == 0xbcU && em_0 == 0U))
   {
     return false;
   }
-  uint32_t emLen1 = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  uint32_t emLen1 = (emBits - 1U) / 8U + 1U;
   uint32_t hLen = hash_len(a);
   KRML_CHECK_SIZE(sizeof (uint8_t), hLen);
   uint8_t *m1Hash0 = (uint8_t *)alloca(hLen * sizeof (uint8_t));
   memset(m1Hash0, 0U, hLen * sizeof (uint8_t));
-  uint32_t dbLen = emLen1 - hLen - (uint32_t)1U;
+  uint32_t dbLen = emLen1 - hLen - 1U;
   uint8_t *maskedDB = em;
   uint8_t *m1Hash = em + dbLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), dbLen);
   uint8_t *dbMask = (uint8_t *)alloca(dbLen * sizeof (uint8_t));
   memset(dbMask, 0U, dbLen * sizeof (uint8_t));
   mgf_hash(a, hLen, m1Hash, dbLen, dbMask);
-  for (uint32_t i = (uint32_t)0U; i < dbLen; i++)
+  for (uint32_t i = 0U; i < dbLen; i++)
   {
     uint8_t *os = dbMask;
-    uint8_t x = dbMask[i] ^ maskedDB[i];
+    uint8_t x = (uint32_t)dbMask[i] ^ (uint32_t)maskedDB[i];
     os[i] = x;
   }
-  uint32_t msBits1 = emBits % (uint32_t)8U;
-  if (msBits1 > (uint32_t)0U)
+  uint32_t msBits1 = emBits % 8U;
+  if (msBits1 > 0U)
   {
-    dbMask[0U] = dbMask[0U] & (uint8_t)0xffU >> ((uint32_t)8U - msBits1);
+    dbMask[0U] = (uint32_t)dbMask[0U] & 0xffU >> (8U - msBits1);
   }
-  uint32_t padLen = emLen1 - saltLen - hLen - (uint32_t)1U;
+  uint32_t padLen = emLen1 - saltLen - hLen - 1U;
   KRML_CHECK_SIZE(sizeof (uint8_t), padLen);
   uint8_t *pad2 = (uint8_t *)alloca(padLen * sizeof (uint8_t));
   memset(pad2, 0U, padLen * sizeof (uint8_t));
-  pad2[padLen - (uint32_t)1U] = (uint8_t)0x01U;
+  pad2[padLen - 1U] = 0x01U;
   uint8_t *pad = dbMask;
   uint8_t *salt = dbMask + padLen;
-  uint8_t res = (uint8_t)255U;
-  for (uint32_t i = (uint32_t)0U; i < padLen; i++)
+  uint8_t res = 255U;
+  for (uint32_t i = 0U; i < padLen; i++)
   {
     uint8_t uu____0 = FStar_UInt8_eq_mask(pad[i], pad2[i]);
-    res = uu____0 & res;
+    res = (uint32_t)uu____0 & (uint32_t)res;
   }
   uint8_t z = res;
-  if (!(z == (uint8_t)255U))
+  if (!(z == 255U))
   {
     return false;
   }
-  uint32_t m1Len = (uint32_t)8U + hLen + saltLen;
+  uint32_t m1Len = 8U + hLen + saltLen;
   KRML_CHECK_SIZE(sizeof (uint8_t), m1Len);
   uint8_t *m1 = (uint8_t *)alloca(m1Len * sizeof (uint8_t));
   memset(m1, 0U, m1Len * sizeof (uint8_t));
-  hash(a, m1 + (uint32_t)8U, msgLen, msg);
-  memcpy(m1 + (uint32_t)8U + hLen, salt, saltLen * sizeof (uint8_t));
+  hash(a, m1 + 8U, msgLen, msg);
+  memcpy(m1 + 8U + hLen, salt, saltLen * sizeof (uint8_t));
   hash(a, m1Hash0, m1Len, m1);
-  uint8_t res0 = (uint8_t)255U;
-  for (uint32_t i = (uint32_t)0U; i < hLen; i++)
+  uint8_t res0 = 255U;
+  for (uint32_t i = 0U; i < hLen; i++)
   {
     uint8_t uu____1 = FStar_UInt8_eq_mask(m1Hash0[i], m1Hash[i]);
-    res0 = uu____1 & res0;
+    res0 = (uint32_t)uu____1 & (uint32_t)res0;
   }
   uint8_t z0 = res0;
-  return z0 == (uint8_t)255U;
+  return z0 == 255U;
 }
 
 static inline bool
 load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb, uint64_t *pkey)
 {
-  uint32_t nbLen = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t ebLen = (eBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nbLen = (modBits - 1U) / 8U + 1U;
+  uint32_t ebLen = (eBits - 1U) / 8U + 1U;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
   uint64_t *n = pkey;
   uint64_t *r2 = pkey + nLen;
   uint64_t *e = pkey + nLen + nLen;
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen, nb, n);
-  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - (uint32_t)1U)
-    / (uint32_t)64U
-    + (uint32_t)1U,
-    modBits - (uint32_t)1U,
-    n,
-    r2);
+  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen, eb, e);
   uint64_t m0 = check_modulus_u64(modBits, n);
   uint64_t m1 = check_exponent_u64(eBits, e);
   uint64_t m = m0 & m1;
-  return m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return m == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 static inline bool
@@ -388,16 +383,16 @@ load_skey(
   uint64_t *skey
 )
 {
-  uint32_t dbLen = (dBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t dbLen = (dBits - 1U) / 8U + 1U;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
+  uint32_t eLen = (eBits - 1U) / 64U + 1U;
   uint32_t pkeyLen = nLen + nLen + eLen;
   uint64_t *pkey = skey;
   uint64_t *d = skey + pkeyLen;
   bool b = load_pkey(modBits, eBits, nb, eb, pkey);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(dbLen, db, d);
   uint64_t m1 = check_exponent_u64(dBits, d);
-  return b && m1 == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  return b && m1 == 0xFFFFFFFFFFFFFFFFULL;
 }
 
 /**
@@ -435,45 +430,36 @@ Hacl_RSAPSS_rsapss_sign(
 {
   uint32_t hLen = hash_len(a);
   bool
-  b =
-    saltLen
-    <= (uint32_t)0xffffffffU - hLen - (uint32_t)8U
-    &&
-      saltLen
-      + hLen
-      + (uint32_t)2U
-      <= (modBits - (uint32_t)1U - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  b = saltLen <= 0xffffffffU - hLen - 8U && saltLen + hLen + 2U <= (modBits - 1U - 1U) / 8U + 1U;
   if (b)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
     uint64_t *m = (uint64_t *)alloca(nLen * sizeof (uint64_t));
     memset(m, 0U, nLen * sizeof (uint64_t));
-    uint32_t emBits = modBits - (uint32_t)1U;
-    uint32_t emLen = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+    uint32_t emBits = modBits - 1U;
+    uint32_t emLen = (emBits - 1U) / 8U + 1U;
     KRML_CHECK_SIZE(sizeof (uint8_t), emLen);
     uint8_t *em = (uint8_t *)alloca(emLen * sizeof (uint8_t));
     memset(em, 0U, emLen * sizeof (uint8_t));
     pss_encode(a, saltLen, salt, msgLen, msg, emBits, em);
     Hacl_Bignum_Convert_bn_from_bytes_be_uint64(emLen, em, m);
-    uint32_t nLen1 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t k = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+    uint32_t nLen1 = (modBits - 1U) / 64U + 1U;
+    uint32_t k = (modBits - 1U) / 8U + 1U;
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen1);
     uint64_t *s = (uint64_t *)alloca(nLen1 * sizeof (uint64_t));
     memset(s, 0U, nLen1 * sizeof (uint64_t));
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen1);
     uint64_t *m_ = (uint64_t *)alloca(nLen1 * sizeof (uint64_t));
     memset(m_, 0U, nLen1 * sizeof (uint64_t));
-    uint32_t nLen2 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    uint32_t nLen2 = (modBits - 1U) / 64U + 1U;
+    uint32_t eLen = (eBits - 1U) / 64U + 1U;
     uint64_t *n = skey;
     uint64_t *r2 = skey + nLen2;
     uint64_t *e = skey + nLen2 + nLen2;
     uint64_t *d = skey + nLen2 + nLen2 + eLen;
     uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-    Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((modBits - (uint32_t)1U)
-      / (uint32_t)64U
-      + (uint32_t)1U,
+    Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((modBits - 1U) / 64U + 1U,
       n,
       mu,
       r2,
@@ -482,9 +468,7 @@ Hacl_RSAPSS_rsapss_sign(
       d,
       s);
     uint64_t mu0 = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - (uint32_t)1U)
-      / (uint32_t)64U
-      + (uint32_t)1U,
+    Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U,
       n,
       mu0,
       r2,
@@ -492,22 +476,22 @@ Hacl_RSAPSS_rsapss_sign(
       eBits,
       e,
       m_);
-    uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU;
-    for (uint32_t i = (uint32_t)0U; i < nLen2; i++)
+    uint64_t mask = 0xFFFFFFFFFFFFFFFFULL;
+    for (uint32_t i = 0U; i < nLen2; i++)
     {
       uint64_t uu____0 = FStar_UInt64_eq_mask(m[i], m_[i]);
       mask = uu____0 & mask;
     }
     uint64_t mask1 = mask;
     uint64_t eq_m = mask1;
-    for (uint32_t i = (uint32_t)0U; i < nLen2; i++)
+    for (uint32_t i = 0U; i < nLen2; i++)
     {
       uint64_t *os = s;
       uint64_t x = s[i];
       uint64_t x0 = eq_m & x;
       os[i] = x0;
     }
-    bool eq_b = eq_m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+    bool eq_b = eq_m == 0xFFFFFFFFFFFFFFFFULL;
     Hacl_Bignum_Convert_bn_to_bytes_be_uint64(k, s, sgnt);
     bool eq_b0 = eq_b;
     return eq_b0;
@@ -547,42 +531,36 @@ Hacl_RSAPSS_rsapss_verify(
 )
 {
   uint32_t hLen = hash_len(a);
-  bool
-  b =
-    saltLen
-    <= (uint32_t)0xffffffffU - hLen - (uint32_t)8U
-    && sgntLen == (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+  bool b = saltLen <= 0xffffffffU - hLen - 8U && sgntLen == (modBits - 1U) / 8U + 1U;
   if (b)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
     uint64_t *m = (uint64_t *)alloca(nLen * sizeof (uint64_t));
     memset(m, 0U, nLen * sizeof (uint64_t));
-    uint32_t nLen1 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t k = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+    uint32_t nLen1 = (modBits - 1U) / 64U + 1U;
+    uint32_t k = (modBits - 1U) / 8U + 1U;
     KRML_CHECK_SIZE(sizeof (uint64_t), nLen1);
     uint64_t *s = (uint64_t *)alloca(nLen1 * sizeof (uint64_t));
     memset(s, 0U, nLen1 * sizeof (uint64_t));
     Hacl_Bignum_Convert_bn_from_bytes_be_uint64(k, sgnt, s);
-    uint32_t nLen2 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+    uint32_t nLen2 = (modBits - 1U) / 64U + 1U;
     uint64_t *n = pkey;
     uint64_t *r2 = pkey + nLen2;
     uint64_t *e = pkey + nLen2 + nLen2;
-    uint64_t acc = (uint64_t)0U;
-    for (uint32_t i = (uint32_t)0U; i < nLen2; i++)
+    uint64_t acc = 0ULL;
+    for (uint32_t i = 0U; i < nLen2; i++)
     {
       uint64_t beq = FStar_UInt64_eq_mask(s[i], n[i]);
       uint64_t blt = ~FStar_UInt64_gte_mask(s[i], n[i]);
-      acc = (beq & acc) | (~beq & ((blt & (uint64_t)0xFFFFFFFFFFFFFFFFU) | (~blt & (uint64_t)0U)));
+      acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL)));
     }
     uint64_t mask = acc;
     bool res;
-    if (mask == (uint64_t)0xFFFFFFFFFFFFFFFFU)
+    if (mask == 0xFFFFFFFFFFFFFFFFULL)
     {
       uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]);
-      Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - (uint32_t)1U)
-        / (uint32_t)64U
-        + (uint32_t)1U,
+      Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U,
         n,
         mu,
         r2,
@@ -591,17 +569,17 @@ Hacl_RSAPSS_rsapss_verify(
         e,
         m);
       bool ite;
-      if (!((modBits - (uint32_t)1U) % (uint32_t)8U == (uint32_t)0U))
+      if (!((modBits - 1U) % 8U == 0U))
       {
         ite = true;
       }
       else
       {
-        uint32_t i = (modBits - (uint32_t)1U) / (uint32_t)64U;
-        uint32_t j = (modBits - (uint32_t)1U) % (uint32_t)64U;
+        uint32_t i = (modBits - 1U) / 64U;
+        uint32_t j = (modBits - 1U) % 64U;
         uint64_t tmp = m[i];
-        uint64_t get_bit = tmp >> j & (uint64_t)1U;
-        ite = get_bit == (uint64_t)0U;
+        uint64_t get_bit = tmp >> j & 1ULL;
+        ite = get_bit == 0ULL;
       }
       if (ite)
       {
@@ -620,8 +598,8 @@ Hacl_RSAPSS_rsapss_verify(
     bool b10 = b1;
     if (b10)
     {
-      uint32_t emBits = modBits - (uint32_t)1U;
-      uint32_t emLen = (emBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
+      uint32_t emBits = modBits - 1U;
+      uint32_t emLen = (emBits - 1U) / 8U + 1U;
       KRML_CHECK_SIZE(sizeof (uint8_t), emLen);
       uint8_t *em = (uint8_t *)alloca(emLen * sizeof (uint8_t));
       memset(em, 0U, emLen * sizeof (uint8_t));
@@ -649,15 +627,11 @@ uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb)
 {
   bool ite;
-  if ((uint32_t)1U < modBits && (uint32_t)0U < eBits)
+  if (1U < modBits && 0U < eBits)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    ite =
-      nLen
-      <= (uint32_t)33554431U
-      && eLen <= (uint32_t)67108863U
-      && nLen + nLen <= (uint32_t)0xffffffffU - eLen;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
+    uint32_t eLen = (eBits - 1U) / 64U + 1U;
+    ite = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen;
   }
   else
   {
@@ -667,8 +641,8 @@ uint64_t
   {
     return NULL;
   }
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
+  uint32_t eLen = (eBits - 1U) / 64U + 1U;
   uint32_t pkeyLen = nLen + nLen + eLen;
   KRML_CHECK_SIZE(sizeof (uint64_t), pkeyLen);
   uint64_t *pkey = (uint64_t *)KRML_HOST_CALLOC(pkeyLen, sizeof (uint64_t));
@@ -678,24 +652,19 @@ uint64_t
   }
   uint64_t *pkey1 = pkey;
   uint64_t *pkey2 = pkey1;
-  uint32_t nbLen = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t ebLen = (eBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen1 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nbLen = (modBits - 1U) / 8U + 1U;
+  uint32_t ebLen = (eBits - 1U) / 8U + 1U;
+  uint32_t nLen1 = (modBits - 1U) / 64U + 1U;
   uint64_t *n = pkey2;
   uint64_t *r2 = pkey2 + nLen1;
   uint64_t *e = pkey2 + nLen1 + nLen1;
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen, nb, n);
-  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - (uint32_t)1U)
-    / (uint32_t)64U
-    + (uint32_t)1U,
-    modBits - (uint32_t)1U,
-    n,
-    r2);
+  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen, eb, e);
   uint64_t m0 = check_modulus_u64(modBits, n);
   uint64_t m1 = check_exponent_u64(eBits, e);
   uint64_t m = m0 & m1;
-  bool b = m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool b = m == 0xFFFFFFFFFFFFFFFFULL;
   if (b)
   {
     return pkey2;
@@ -727,27 +696,23 @@ uint64_t
 )
 {
   bool ite0;
-  if ((uint32_t)1U < modBits && (uint32_t)0U < eBits)
+  if (1U < modBits && 0U < eBits)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    ite0 =
-      nLen
-      <= (uint32_t)33554431U
-      && eLen <= (uint32_t)67108863U
-      && nLen + nLen <= (uint32_t)0xffffffffU - eLen;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
+    uint32_t eLen = (eBits - 1U) / 64U + 1U;
+    ite0 = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen;
   }
   else
   {
     ite0 = false;
   }
   bool ite;
-  if (ite0 && (uint32_t)0U < dBits)
+  if (ite0 && 0U < dBits)
   {
-    uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    uint32_t dLen = (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-    ite = dLen <= (uint32_t)67108863U && (uint32_t)2U * nLen <= (uint32_t)0xffffffffU - eLen - dLen;
+    uint32_t nLen = (modBits - 1U) / 64U + 1U;
+    uint32_t eLen = (eBits - 1U) / 64U + 1U;
+    uint32_t dLen = (dBits - 1U) / 64U + 1U;
+    ite = dLen <= 67108863U && 2U * nLen <= 0xffffffffU - eLen - dLen;
   }
   else
   {
@@ -757,9 +722,9 @@ uint64_t
   {
     return NULL;
   }
-  uint32_t nLen = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t eLen = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t dLen = (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nLen = (modBits - 1U) / 64U + 1U;
+  uint32_t eLen = (eBits - 1U) / 64U + 1U;
+  uint32_t dLen = (dBits - 1U) / 64U + 1U;
   uint32_t skeyLen = nLen + nLen + eLen + dLen;
   KRML_CHECK_SIZE(sizeof (uint64_t), skeyLen);
   uint64_t *skey = (uint64_t *)KRML_HOST_CALLOC(skeyLen, sizeof (uint64_t));
@@ -769,33 +734,28 @@ uint64_t
   }
   uint64_t *skey1 = skey;
   uint64_t *skey2 = skey1;
-  uint32_t dbLen = (dBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen1 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
-  uint32_t eLen1 = (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t dbLen = (dBits - 1U) / 8U + 1U;
+  uint32_t nLen1 = (modBits - 1U) / 64U + 1U;
+  uint32_t eLen1 = (eBits - 1U) / 64U + 1U;
   uint32_t pkeyLen = nLen1 + nLen1 + eLen1;
   uint64_t *pkey = skey2;
   uint64_t *d = skey2 + pkeyLen;
-  uint32_t nbLen1 = (modBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t ebLen1 = (eBits - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
-  uint32_t nLen2 = (modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U;
+  uint32_t nbLen1 = (modBits - 1U) / 8U + 1U;
+  uint32_t ebLen1 = (eBits - 1U) / 8U + 1U;
+  uint32_t nLen2 = (modBits - 1U) / 64U + 1U;
   uint64_t *n = pkey;
   uint64_t *r2 = pkey + nLen2;
   uint64_t *e = pkey + nLen2 + nLen2;
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen1, nb, n);
-  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - (uint32_t)1U)
-    / (uint32_t)64U
-    + (uint32_t)1U,
-    modBits - (uint32_t)1U,
-    n,
-    r2);
+  Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2);
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen1, eb, e);
   uint64_t m0 = check_modulus_u64(modBits, n);
   uint64_t m10 = check_exponent_u64(eBits, e);
   uint64_t m = m0 & m10;
-  bool b = m == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool b = m == 0xFFFFFFFFFFFFFFFFULL;
   Hacl_Bignum_Convert_bn_from_bytes_be_uint64(dbLen, db, d);
   uint64_t m1 = check_exponent_u64(dBits, d);
-  bool b0 = b && m1 == (uint64_t)0xFFFFFFFFFFFFFFFFU;
+  bool b0 = b && m1 == 0xFFFFFFFFFFFFFFFFULL;
   if (b0)
   {
     return skey2;
@@ -842,23 +802,17 @@ Hacl_RSAPSS_rsapss_skey_sign(
 )
 {
   KRML_CHECK_SIZE(sizeof (uint64_t),
-    (uint32_t)2U
-    * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U
-    + (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U);
+    2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U + (dBits - 1U) / 64U + 1U);
   uint64_t
   *skey =
-    (uint64_t *)alloca(((uint32_t)2U
-      * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-      + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U
-      + (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
+    (uint64_t *)alloca((2U
+      * ((modBits - 1U) / 64U + 1U)
+      + (eBits - 1U) / 64U + 1U
+      + (dBits - 1U) / 64U + 1U)
       * sizeof (uint64_t));
   memset(skey,
     0U,
-    ((uint32_t)2U
-    * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U
-    + (dBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
+    (2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U + (dBits - 1U) / 64U + 1U)
     * sizeof (uint64_t));
   bool b = load_skey(modBits, eBits, dBits, nb, eb, db, skey);
   if (b)
@@ -911,22 +865,14 @@ Hacl_RSAPSS_rsapss_pkey_verify(
   uint8_t *msg
 )
 {
-  KRML_CHECK_SIZE(sizeof (uint64_t),
-    (uint32_t)2U
-    * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U);
+  KRML_CHECK_SIZE(sizeof (uint64_t), 2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U);
   uint64_t
   *pkey =
-    (uint64_t *)alloca(((uint32_t)2U
-      * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-      + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
+    (uint64_t *)alloca((2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U)
       * sizeof (uint64_t));
   memset(pkey,
     0U,
-    ((uint32_t)2U
-    * ((modBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    + (eBits - (uint32_t)1U) / (uint32_t)64U + (uint32_t)1U)
-    * sizeof (uint64_t));
+    (2U * ((modBits - 1U) / 64U + 1U) + (eBits - 1U) / 64U + 1U) * sizeof (uint64_t));
   bool b = load_pkey(modBits, eBits, nb, eb, pkey);
   if (b)
   {
diff --git a/src/msvc/Hacl_SHA2_Vec128.c b/src/msvc/Hacl_SHA2_Vec128.c
index e1b6e304..02af75b1 100644
--- a/src/msvc/Hacl_SHA2_Vec128.c
+++ b/src/msvc/Hacl_SHA2_Vec128.c
@@ -32,21 +32,21 @@
 static inline void sha224_init4(Lib_IntVector_Intrinsics_vec128 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = hash;
-    uint32_t hi = Hacl_Impl_SHA2_Generic_h224[i];
+    uint32_t hi = Hacl_Hash_SHA2_h224[i];
     Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_load32(hi);
     os[i] = x;);
 }
 
 static inline void
-sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash)
+sha224_update4(Hacl_Hash_SHA2_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash)
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 hash_old[8U] KRML_POST_ALIGN(16) = { 0U };
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ws[16U] KRML_POST_ALIGN(16) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec128));
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b10 = b.snd.fst;
@@ -55,18 +55,18 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
   ws[1U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10);
   ws[2U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2);
   ws[3U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3);
-  ws[4U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)16U);
-  ws[5U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)16U);
-  ws[6U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)16U);
-  ws[7U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)16U);
-  ws[8U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)32U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)32U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)32U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)32U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)48U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)48U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)48U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)48U);
+  ws[4U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 16U);
+  ws[5U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 16U);
+  ws[6U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 16U);
+  ws[7U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 16U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 32U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 32U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 32U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 32U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 48U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 48U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 48U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 48U);
   Lib_IntVector_Intrinsics_vec128 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec128 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec128 v20 = ws[2U];
@@ -196,14 +196,14 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec128 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec128 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec128 b0 = hash[1U];
@@ -218,10 +218,10 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       t1 =
         Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(h02,
                 Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(e0,
-                    (uint32_t)6U),
+                    6U),
                   Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(e0,
-                      (uint32_t)11U),
-                    Lib_IntVector_Intrinsics_vec128_rotate_right32(e0, (uint32_t)25U)))),
+                      11U),
+                    Lib_IntVector_Intrinsics_vec128_rotate_right32(e0, 25U)))),
               Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_lognot(e0), g0))),
             k_e_t),
@@ -229,10 +229,10 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       Lib_IntVector_Intrinsics_vec128
       t2 =
         Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(a0,
-              (uint32_t)2U),
+              2U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(a0,
-                (uint32_t)13U),
-              Lib_IntVector_Intrinsics_vec128_rotate_right32(a0, (uint32_t)22U))),
+                13U),
+              Lib_IntVector_Intrinsics_vec128_rotate_right32(a0, 22U))),
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(a0, b0),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(a0, c0),
               Lib_IntVector_Intrinsics_vec128_and(b0, c0))));
@@ -252,30 +252,30 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec128 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec128 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec128 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec128 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec128 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec128 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec128 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec128
         s1 =
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t2,
-              (uint32_t)17U),
+              17U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t2,
-                (uint32_t)19U),
-              Lib_IntVector_Intrinsics_vec128_shift_right32(t2, (uint32_t)10U)));
+                19U),
+              Lib_IntVector_Intrinsics_vec128_shift_right32(t2, 10U)));
         Lib_IntVector_Intrinsics_vec128
         s0 =
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t15,
-              (uint32_t)7U),
+              7U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t15,
-                (uint32_t)18U),
-              Lib_IntVector_Intrinsics_vec128_shift_right32(t15, (uint32_t)3U)));
+                18U),
+              Lib_IntVector_Intrinsics_vec128_shift_right32(t15, 3U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(s1,
                 t7),
@@ -283,9 +283,9 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = hash;
     Lib_IntVector_Intrinsics_vec128
     x = Lib_IntVector_Intrinsics_vec128_add32(hash[i], hash_old[i]);
@@ -295,22 +295,22 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
 static inline void
 sha224_update_nblocks4(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec128 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b3 = b.snd.snd.snd;
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)64U;
-    uint8_t *bl1 = b1 + i * (uint32_t)64U;
-    uint8_t *bl2 = b2 + i * (uint32_t)64U;
-    uint8_t *bl3 = b3 + i * (uint32_t)64U;
-    Hacl_Impl_SHA2_Types_uint8_4p
+    uint8_t *bl0 = b0 + i * 64U;
+    uint8_t *bl1 = b1 + i * 64U;
+    uint8_t *bl2 = b2 + i * 64U;
+    uint8_t *bl3 = b3 + i * 64U;
+    Hacl_Hash_SHA2_uint8_4p
     mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
     sha224_update4(mb, st);
   }
@@ -320,69 +320,69 @@ static inline void
 sha224_update_last4(
   uint64_t totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec128 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[512U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
-  uint8_t *last2 = last + (uint32_t)256U;
-  uint8_t *last3 = last + (uint32_t)384U;
+  uint8_t *last10 = last + 128U;
+  uint8_t *last2 = last + 256U;
+  uint8_t *last3 = last + 384U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)64U;
+  uint8_t *last110 = last00 + 64U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)64U;
+  uint8_t *last111 = last10 + 64U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)64U;
+  uint8_t *last112 = last2 + 64U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last01 = last3;
-  uint8_t *last11 = last3 + (uint32_t)64U;
+  uint8_t *last11 = last3 + 64U;
   uint8_t *l30 = last01;
   uint8_t *l31 = last11;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb0 = { .fst = l00, .snd = { .fst = l10, .snd = { .fst = l20, .snd = l30 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb1 = { .fst = l01, .snd = { .fst = l11, .snd = { .fst = l21, .snd = l31 } } };
-  Hacl_Impl_SHA2_Types_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_4p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_4p last1 = scrut.snd;
   sha224_update4(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha224_update4(last1, hash);
     return;
@@ -390,7 +390,7 @@ sha224_update_last4(
 }
 
 static inline void
-sha224_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4p h)
+sha224_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Hash_SHA2_uint8_4p h)
 {
   uint8_t hbuf[128U] = { 0U };
   Lib_IntVector_Intrinsics_vec128 v00 = st[0U];
@@ -458,18 +458,18 @@ sha224_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4
   st[6U] = st3_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * (uint32_t)16U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * 16U, st[i]););
   uint8_t *b3 = h.snd.snd.snd;
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)28U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 28U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 32U, 28U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 64U, 28U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 96U, 28U * sizeof (uint8_t));
 }
 
 void
@@ -485,16 +485,16 @@ Hacl_SHA2_Vec128_sha224_4(
   uint8_t *input3
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } };
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 st[8U] KRML_POST_ALIGN(16) = { 0U };
   sha224_init4(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha224_update_nblocks4(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b3 = ib.snd.snd.snd;
   uint8_t *b2 = ib.snd.snd.fst;
   uint8_t *b1 = ib.snd.fst;
@@ -503,7 +503,7 @@ Hacl_SHA2_Vec128_sha224_4(
   uint8_t *bl1 = b1 + input_len - rem1;
   uint8_t *bl2 = b2 + input_len - rem1;
   uint8_t *bl3 = b3 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
   sha224_update_last4(len_, rem, lb, st);
   sha224_finish4(st, rb);
@@ -512,21 +512,21 @@ Hacl_SHA2_Vec128_sha224_4(
 static inline void sha256_init4(Lib_IntVector_Intrinsics_vec128 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = hash;
-    uint32_t hi = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t hi = Hacl_Hash_SHA2_h256[i];
     Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_load32(hi);
     os[i] = x;);
 }
 
 static inline void
-sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash)
+sha256_update4(Hacl_Hash_SHA2_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash)
 {
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 hash_old[8U] KRML_POST_ALIGN(16) = { 0U };
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ws[16U] KRML_POST_ALIGN(16) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec128));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec128));
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b10 = b.snd.fst;
@@ -535,18 +535,18 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
   ws[1U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10);
   ws[2U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2);
   ws[3U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3);
-  ws[4U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)16U);
-  ws[5U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)16U);
-  ws[6U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)16U);
-  ws[7U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)16U);
-  ws[8U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)32U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)32U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)32U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)32U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + (uint32_t)48U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + (uint32_t)48U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + (uint32_t)48U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + (uint32_t)48U);
+  ws[4U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 16U);
+  ws[5U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 16U);
+  ws[6U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 16U);
+  ws[7U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 16U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 32U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 32U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 32U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 32U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00 + 48U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10 + 48U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2 + 48U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec128_load32_be(b3 + 48U);
   Lib_IntVector_Intrinsics_vec128 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec128 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec128 v20 = ws[2U];
@@ -676,14 +676,14 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec128 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec128 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec128 b0 = hash[1U];
@@ -698,10 +698,10 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       t1 =
         Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(h02,
                 Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(e0,
-                    (uint32_t)6U),
+                    6U),
                   Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(e0,
-                      (uint32_t)11U),
-                    Lib_IntVector_Intrinsics_vec128_rotate_right32(e0, (uint32_t)25U)))),
+                      11U),
+                    Lib_IntVector_Intrinsics_vec128_rotate_right32(e0, 25U)))),
               Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec128_and(Lib_IntVector_Intrinsics_vec128_lognot(e0), g0))),
             k_e_t),
@@ -709,10 +709,10 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       Lib_IntVector_Intrinsics_vec128
       t2 =
         Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(a0,
-              (uint32_t)2U),
+              2U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(a0,
-                (uint32_t)13U),
-              Lib_IntVector_Intrinsics_vec128_rotate_right32(a0, (uint32_t)22U))),
+                13U),
+              Lib_IntVector_Intrinsics_vec128_rotate_right32(a0, 22U))),
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(a0, b0),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_and(a0, c0),
               Lib_IntVector_Intrinsics_vec128_and(b0, c0))));
@@ -732,30 +732,30 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec128 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec128 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec128 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec128 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec128 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec128 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec128 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec128
         s1 =
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t2,
-              (uint32_t)17U),
+              17U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t2,
-                (uint32_t)19U),
-              Lib_IntVector_Intrinsics_vec128_shift_right32(t2, (uint32_t)10U)));
+                19U),
+              Lib_IntVector_Intrinsics_vec128_shift_right32(t2, 10U)));
         Lib_IntVector_Intrinsics_vec128
         s0 =
           Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t15,
-              (uint32_t)7U),
+              7U),
             Lib_IntVector_Intrinsics_vec128_xor(Lib_IntVector_Intrinsics_vec128_rotate_right32(t15,
-                (uint32_t)18U),
-              Lib_IntVector_Intrinsics_vec128_shift_right32(t15, (uint32_t)3U)));
+                18U),
+              Lib_IntVector_Intrinsics_vec128_shift_right32(t15, 3U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(Lib_IntVector_Intrinsics_vec128_add32(s1,
                 t7),
@@ -763,9 +763,9 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec128 *os = hash;
     Lib_IntVector_Intrinsics_vec128
     x = Lib_IntVector_Intrinsics_vec128_add32(hash[i], hash_old[i]);
@@ -775,22 +775,22 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128
 static inline void
 sha256_update_nblocks4(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec128 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b3 = b.snd.snd.snd;
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)64U;
-    uint8_t *bl1 = b1 + i * (uint32_t)64U;
-    uint8_t *bl2 = b2 + i * (uint32_t)64U;
-    uint8_t *bl3 = b3 + i * (uint32_t)64U;
-    Hacl_Impl_SHA2_Types_uint8_4p
+    uint8_t *bl0 = b0 + i * 64U;
+    uint8_t *bl1 = b1 + i * 64U;
+    uint8_t *bl2 = b2 + i * 64U;
+    uint8_t *bl3 = b3 + i * 64U;
+    Hacl_Hash_SHA2_uint8_4p
     mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
     sha256_update4(mb, st);
   }
@@ -800,69 +800,69 @@ static inline void
 sha256_update_last4(
   uint64_t totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec128 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[512U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
-  uint8_t *last2 = last + (uint32_t)256U;
-  uint8_t *last3 = last + (uint32_t)384U;
+  uint8_t *last10 = last + 128U;
+  uint8_t *last2 = last + 256U;
+  uint8_t *last3 = last + 384U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)64U;
+  uint8_t *last110 = last00 + 64U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)64U;
+  uint8_t *last111 = last10 + 64U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)64U;
+  uint8_t *last112 = last2 + 64U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last01 = last3;
-  uint8_t *last11 = last3 + (uint32_t)64U;
+  uint8_t *last11 = last3 + 64U;
   uint8_t *l30 = last01;
   uint8_t *l31 = last11;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb0 = { .fst = l00, .snd = { .fst = l10, .snd = { .fst = l20, .snd = l30 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb1 = { .fst = l01, .snd = { .fst = l11, .snd = { .fst = l21, .snd = l31 } } };
-  Hacl_Impl_SHA2_Types_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_4p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_4p last1 = scrut.snd;
   sha256_update4(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha256_update4(last1, hash);
     return;
@@ -870,7 +870,7 @@ sha256_update_last4(
 }
 
 static inline void
-sha256_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4p h)
+sha256_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Hash_SHA2_uint8_4p h)
 {
   uint8_t hbuf[128U] = { 0U };
   Lib_IntVector_Intrinsics_vec128 v00 = st[0U];
@@ -938,18 +938,18 @@ sha256_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4
   st[6U] = st3_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * (uint32_t)16U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * 16U, st[i]););
   uint8_t *b3 = h.snd.snd.snd;
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 32U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 32U, 32U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 64U, 32U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 96U, 32U * sizeof (uint8_t));
 }
 
 void
@@ -965,16 +965,16 @@ Hacl_SHA2_Vec128_sha256_4(
   uint8_t *input3
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } };
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 st[8U] KRML_POST_ALIGN(16) = { 0U };
   sha256_init4(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha256_update_nblocks4(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b3 = ib.snd.snd.snd;
   uint8_t *b2 = ib.snd.snd.fst;
   uint8_t *b1 = ib.snd.fst;
@@ -983,7 +983,7 @@ Hacl_SHA2_Vec128_sha256_4(
   uint8_t *bl1 = b1 + input_len - rem1;
   uint8_t *bl2 = b2 + input_len - rem1;
   uint8_t *bl3 = b3 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
   sha256_update_last4(len_, rem, lb, st);
   sha256_finish4(st, rb);
diff --git a/src/msvc/Hacl_SHA2_Vec256.c b/src/msvc/Hacl_SHA2_Vec256.c
index b74ce621..c34767f5 100644
--- a/src/msvc/Hacl_SHA2_Vec256.c
+++ b/src/msvc/Hacl_SHA2_Vec256.c
@@ -33,21 +33,21 @@
 static inline void sha224_init8(Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
-    uint32_t hi = Hacl_Impl_SHA2_Generic_h224[i];
+    uint32_t hi = Hacl_Hash_SHA2_h224[i];
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load32(hi);
     os[i] = x;);
 }
 
 static inline void
-sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash)
+sha224_update8(Hacl_Hash_SHA2_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec256));
   uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = b.snd.snd.snd.snd.snd.fst;
@@ -64,14 +64,14 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
   ws[5U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5);
   ws[6U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6);
   ws[7U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7);
-  ws[8U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00 + (uint32_t)32U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10 + (uint32_t)32U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2 + (uint32_t)32U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec256_load32_be(b3 + (uint32_t)32U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec256_load32_be(b4 + (uint32_t)32U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5 + (uint32_t)32U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6 + (uint32_t)32U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7 + (uint32_t)32U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00 + 32U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10 + 32U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2 + 32U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec256_load32_be(b3 + 32U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec256_load32_be(b4 + 32U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5 + 32U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6 + 32U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7 + 32U);
   Lib_IntVector_Intrinsics_vec256 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec256 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec256 v20 = ws[2U];
@@ -281,14 +281,14 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec256 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec256 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec256 b0 = hash[1U];
@@ -303,10 +303,10 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       t1 =
         Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(h02,
                 Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(e0,
-                    (uint32_t)6U),
+                    6U),
                   Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(e0,
-                      (uint32_t)11U),
-                    Lib_IntVector_Intrinsics_vec256_rotate_right32(e0, (uint32_t)25U)))),
+                      11U),
+                    Lib_IntVector_Intrinsics_vec256_rotate_right32(e0, 25U)))),
               Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_lognot(e0), g0))),
             k_e_t),
@@ -314,10 +314,10 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       Lib_IntVector_Intrinsics_vec256
       t2 =
         Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(a0,
-              (uint32_t)2U),
+              2U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(a0,
-                (uint32_t)13U),
-              Lib_IntVector_Intrinsics_vec256_rotate_right32(a0, (uint32_t)22U))),
+                13U),
+              Lib_IntVector_Intrinsics_vec256_rotate_right32(a0, 22U))),
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, b0),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, c0),
               Lib_IntVector_Intrinsics_vec256_and(b0, c0))));
@@ -337,30 +337,30 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec256 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec256
         s1 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t2,
-              (uint32_t)17U),
+              17U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t2,
-                (uint32_t)19U),
-              Lib_IntVector_Intrinsics_vec256_shift_right32(t2, (uint32_t)10U)));
+                19U),
+              Lib_IntVector_Intrinsics_vec256_shift_right32(t2, 10U)));
         Lib_IntVector_Intrinsics_vec256
         s0 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t15,
-              (uint32_t)7U),
+              7U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t15,
-                (uint32_t)18U),
-              Lib_IntVector_Intrinsics_vec256_shift_right32(t15, (uint32_t)3U)));
+                18U),
+              Lib_IntVector_Intrinsics_vec256_shift_right32(t15, 3U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(s1,
                 t7),
@@ -368,9 +368,9 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
     Lib_IntVector_Intrinsics_vec256
     x = Lib_IntVector_Intrinsics_vec256_add32(hash[i], hash_old[i]);
@@ -380,12 +380,12 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
 static inline void
 sha224_update_nblocks8(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_8p b,
+  Hacl_Hash_SHA2_uint8_8p b,
   Lib_IntVector_Intrinsics_vec256 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
     uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
@@ -395,15 +395,15 @@ sha224_update_nblocks8(
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)64U;
-    uint8_t *bl1 = b1 + i * (uint32_t)64U;
-    uint8_t *bl2 = b2 + i * (uint32_t)64U;
-    uint8_t *bl3 = b3 + i * (uint32_t)64U;
-    uint8_t *bl4 = b4 + i * (uint32_t)64U;
-    uint8_t *bl5 = b5 + i * (uint32_t)64U;
-    uint8_t *bl6 = b6 + i * (uint32_t)64U;
-    uint8_t *bl7 = b7 + i * (uint32_t)64U;
-    Hacl_Impl_SHA2_Types_uint8_8p
+    uint8_t *bl0 = b0 + i * 64U;
+    uint8_t *bl1 = b1 + i * 64U;
+    uint8_t *bl2 = b2 + i * 64U;
+    uint8_t *bl3 = b3 + i * 64U;
+    uint8_t *bl4 = b4 + i * 64U;
+    uint8_t *bl5 = b5 + i * 64U;
+    uint8_t *bl6 = b6 + i * 64U;
+    uint8_t *bl7 = b7 + i * 64U;
+    Hacl_Hash_SHA2_uint8_8p
     mb =
       {
         .fst = bl0,
@@ -426,23 +426,23 @@ static inline void
 sha224_update_last8(
   uint64_t totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_8p b,
+  Hacl_Hash_SHA2_uint8_8p b,
   Lib_IntVector_Intrinsics_vec256 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[1024U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
@@ -453,70 +453,70 @@ sha224_update_last8(
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
-  uint8_t *last2 = last + (uint32_t)256U;
-  uint8_t *last3 = last + (uint32_t)384U;
-  uint8_t *last4 = last + (uint32_t)512U;
-  uint8_t *last5 = last + (uint32_t)640U;
-  uint8_t *last6 = last + (uint32_t)768U;
-  uint8_t *last7 = last + (uint32_t)896U;
+  uint8_t *last10 = last + 128U;
+  uint8_t *last2 = last + 256U;
+  uint8_t *last3 = last + 384U;
+  uint8_t *last4 = last + 512U;
+  uint8_t *last5 = last + 640U;
+  uint8_t *last6 = last + 768U;
+  uint8_t *last7 = last + 896U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)64U;
+  uint8_t *last110 = last00 + 64U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)64U;
+  uint8_t *last111 = last10 + 64U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)64U;
+  uint8_t *last112 = last2 + 64U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last013 = last3;
-  uint8_t *last113 = last3 + (uint32_t)64U;
+  uint8_t *last113 = last3 + 64U;
   uint8_t *l30 = last013;
   uint8_t *l31 = last113;
   memcpy(last4, b4, len * sizeof (uint8_t));
-  last4[len] = (uint8_t)0x80U;
-  memcpy(last4 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last4[len] = 0x80U;
+  memcpy(last4 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last014 = last4;
-  uint8_t *last114 = last4 + (uint32_t)64U;
+  uint8_t *last114 = last4 + 64U;
   uint8_t *l40 = last014;
   uint8_t *l41 = last114;
   memcpy(last5, b5, len * sizeof (uint8_t));
-  last5[len] = (uint8_t)0x80U;
-  memcpy(last5 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last5[len] = 0x80U;
+  memcpy(last5 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last015 = last5;
-  uint8_t *last115 = last5 + (uint32_t)64U;
+  uint8_t *last115 = last5 + 64U;
   uint8_t *l50 = last015;
   uint8_t *l51 = last115;
   memcpy(last6, b6, len * sizeof (uint8_t));
-  last6[len] = (uint8_t)0x80U;
-  memcpy(last6 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last6[len] = 0x80U;
+  memcpy(last6 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last016 = last6;
-  uint8_t *last116 = last6 + (uint32_t)64U;
+  uint8_t *last116 = last6 + 64U;
   uint8_t *l60 = last016;
   uint8_t *l61 = last116;
   memcpy(last7, b7, len * sizeof (uint8_t));
-  last7[len] = (uint8_t)0x80U;
-  memcpy(last7 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last7[len] = 0x80U;
+  memcpy(last7 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last01 = last7;
-  uint8_t *last11 = last7 + (uint32_t)64U;
+  uint8_t *last11 = last7 + 64U;
   uint8_t *l70 = last01;
   uint8_t *l71 = last11;
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   mb0 =
     {
       .fst = l00,
@@ -531,7 +531,7 @@ sha224_update_last8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   mb1 =
     {
       .fst = l01,
@@ -546,11 +546,11 @@ sha224_update_last8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_2x8p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_8p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_8p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x8p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_8p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_8p last1 = scrut.snd;
   sha224_update8(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha224_update8(last1, hash);
     return;
@@ -558,7 +558,7 @@ sha224_update_last8(
 }
 
 static inline void
-sha224_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8p h)
+sha224_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Hash_SHA2_uint8_8p h)
 {
   uint8_t hbuf[256U] = { 0U };
   Lib_IntVector_Intrinsics_vec256 v0 = st[0U];
@@ -662,10 +662,10 @@ sha224_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8
   st[6U] = st6_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * (uint32_t)32U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * 32U, st[i]););
   uint8_t *b7 = h.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = h.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = h.snd.snd.snd.snd.snd.fst;
@@ -674,14 +674,14 @@ sha224_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b4, hbuf + (uint32_t)128U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b5, hbuf + (uint32_t)160U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b6, hbuf + (uint32_t)192U, (uint32_t)28U * sizeof (uint8_t));
-  memcpy(b7, hbuf + (uint32_t)224U, (uint32_t)28U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 28U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 32U, 28U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 64U, 28U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 96U, 28U * sizeof (uint8_t));
+  memcpy(b4, hbuf + 128U, 28U * sizeof (uint8_t));
+  memcpy(b5, hbuf + 160U, 28U * sizeof (uint8_t));
+  memcpy(b6, hbuf + 192U, 28U * sizeof (uint8_t));
+  memcpy(b7, hbuf + 224U, 28U * sizeof (uint8_t));
 }
 
 void
@@ -705,7 +705,7 @@ Hacl_SHA2_Vec256_sha224_8(
   uint8_t *input7
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   ib =
     {
       .fst = input0,
@@ -723,7 +723,7 @@ Hacl_SHA2_Vec256_sha224_8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   rb =
     {
       .fst = dst0,
@@ -740,10 +740,10 @@ Hacl_SHA2_Vec256_sha224_8(
     };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U };
   sha224_init8(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha224_update_nblocks8(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = ib.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = ib.snd.snd.snd.snd.snd.fst;
@@ -760,7 +760,7 @@ Hacl_SHA2_Vec256_sha224_8(
   uint8_t *bl5 = b5 + input_len - rem1;
   uint8_t *bl6 = b6 + input_len - rem1;
   uint8_t *bl7 = b7 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   lb =
     {
       .fst = bl0,
@@ -782,21 +782,21 @@ Hacl_SHA2_Vec256_sha224_8(
 static inline void sha256_init8(Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
-    uint32_t hi = Hacl_Impl_SHA2_Generic_h256[i];
+    uint32_t hi = Hacl_Hash_SHA2_h256[i];
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load32(hi);
     os[i] = x;);
 }
 
 static inline void
-sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash)
+sha256_update8(Hacl_Hash_SHA2_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec256));
   uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = b.snd.snd.snd.snd.snd.fst;
@@ -813,14 +813,14 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
   ws[5U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5);
   ws[6U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6);
   ws[7U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7);
-  ws[8U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00 + (uint32_t)32U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10 + (uint32_t)32U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2 + (uint32_t)32U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec256_load32_be(b3 + (uint32_t)32U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec256_load32_be(b4 + (uint32_t)32U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5 + (uint32_t)32U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6 + (uint32_t)32U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7 + (uint32_t)32U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00 + 32U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10 + 32U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2 + 32U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec256_load32_be(b3 + 32U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec256_load32_be(b4 + 32U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec256_load32_be(b5 + 32U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec256_load32_be(b6 + 32U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec256_load32_be(b7 + 32U);
   Lib_IntVector_Intrinsics_vec256 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec256 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec256 v20 = ws[2U];
@@ -1030,14 +1030,14 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR4(i0,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint32_t k_t = Hacl_Hash_SHA2_k224_256[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec256 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec256 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec256 b0 = hash[1U];
@@ -1052,10 +1052,10 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       t1 =
         Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(h02,
                 Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(e0,
-                    (uint32_t)6U),
+                    6U),
                   Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(e0,
-                      (uint32_t)11U),
-                    Lib_IntVector_Intrinsics_vec256_rotate_right32(e0, (uint32_t)25U)))),
+                      11U),
+                    Lib_IntVector_Intrinsics_vec256_rotate_right32(e0, 25U)))),
               Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_lognot(e0), g0))),
             k_e_t),
@@ -1063,10 +1063,10 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       Lib_IntVector_Intrinsics_vec256
       t2 =
         Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(a0,
-              (uint32_t)2U),
+              2U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(a0,
-                (uint32_t)13U),
-              Lib_IntVector_Intrinsics_vec256_rotate_right32(a0, (uint32_t)22U))),
+                13U),
+              Lib_IntVector_Intrinsics_vec256_rotate_right32(a0, 22U))),
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, b0),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, c0),
               Lib_IntVector_Intrinsics_vec256_and(b0, c0))));
@@ -1086,30 +1086,30 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)3U)
+    if (i0 < 3U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec256 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec256
         s1 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t2,
-              (uint32_t)17U),
+              17U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t2,
-                (uint32_t)19U),
-              Lib_IntVector_Intrinsics_vec256_shift_right32(t2, (uint32_t)10U)));
+                19U),
+              Lib_IntVector_Intrinsics_vec256_shift_right32(t2, 10U)));
         Lib_IntVector_Intrinsics_vec256
         s0 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t15,
-              (uint32_t)7U),
+              7U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right32(t15,
-                (uint32_t)18U),
-              Lib_IntVector_Intrinsics_vec256_shift_right32(t15, (uint32_t)3U)));
+                18U),
+              Lib_IntVector_Intrinsics_vec256_shift_right32(t15, 3U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(Lib_IntVector_Intrinsics_vec256_add32(s1,
                 t7),
@@ -1117,9 +1117,9 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
     Lib_IntVector_Intrinsics_vec256
     x = Lib_IntVector_Intrinsics_vec256_add32(hash[i], hash_old[i]);
@@ -1129,12 +1129,12 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256
 static inline void
 sha256_update_nblocks8(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_8p b,
+  Hacl_Hash_SHA2_uint8_8p b,
   Lib_IntVector_Intrinsics_vec256 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)64U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 64U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
     uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
@@ -1144,15 +1144,15 @@ sha256_update_nblocks8(
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)64U;
-    uint8_t *bl1 = b1 + i * (uint32_t)64U;
-    uint8_t *bl2 = b2 + i * (uint32_t)64U;
-    uint8_t *bl3 = b3 + i * (uint32_t)64U;
-    uint8_t *bl4 = b4 + i * (uint32_t)64U;
-    uint8_t *bl5 = b5 + i * (uint32_t)64U;
-    uint8_t *bl6 = b6 + i * (uint32_t)64U;
-    uint8_t *bl7 = b7 + i * (uint32_t)64U;
-    Hacl_Impl_SHA2_Types_uint8_8p
+    uint8_t *bl0 = b0 + i * 64U;
+    uint8_t *bl1 = b1 + i * 64U;
+    uint8_t *bl2 = b2 + i * 64U;
+    uint8_t *bl3 = b3 + i * 64U;
+    uint8_t *bl4 = b4 + i * 64U;
+    uint8_t *bl5 = b5 + i * 64U;
+    uint8_t *bl6 = b6 + i * 64U;
+    uint8_t *bl7 = b7 + i * 64U;
+    Hacl_Hash_SHA2_uint8_8p
     mb =
       {
         .fst = bl0,
@@ -1175,23 +1175,23 @@ static inline void
 sha256_update_last8(
   uint64_t totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_8p b,
+  Hacl_Hash_SHA2_uint8_8p b,
   Lib_IntVector_Intrinsics_vec256 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U)
+  if (len + 8U + 1U <= 64U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)64U;
+  uint32_t fin = blocks * 64U;
   uint8_t last[1024U] = { 0U };
   uint8_t totlen_buf[8U] = { 0U };
-  uint64_t total_len_bits = totlen << (uint32_t)3U;
+  uint64_t total_len_bits = totlen << 3U;
   store64_be(totlen_buf, total_len_bits);
   uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst;
@@ -1202,70 +1202,70 @@ sha256_update_last8(
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)128U;
-  uint8_t *last2 = last + (uint32_t)256U;
-  uint8_t *last3 = last + (uint32_t)384U;
-  uint8_t *last4 = last + (uint32_t)512U;
-  uint8_t *last5 = last + (uint32_t)640U;
-  uint8_t *last6 = last + (uint32_t)768U;
-  uint8_t *last7 = last + (uint32_t)896U;
+  uint8_t *last10 = last + 128U;
+  uint8_t *last2 = last + 256U;
+  uint8_t *last3 = last + 384U;
+  uint8_t *last4 = last + 512U;
+  uint8_t *last5 = last + 640U;
+  uint8_t *last6 = last + 768U;
+  uint8_t *last7 = last + 896U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)64U;
+  uint8_t *last110 = last00 + 64U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)64U;
+  uint8_t *last111 = last10 + 64U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)64U;
+  uint8_t *last112 = last2 + 64U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last013 = last3;
-  uint8_t *last113 = last3 + (uint32_t)64U;
+  uint8_t *last113 = last3 + 64U;
   uint8_t *l30 = last013;
   uint8_t *l31 = last113;
   memcpy(last4, b4, len * sizeof (uint8_t));
-  last4[len] = (uint8_t)0x80U;
-  memcpy(last4 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last4[len] = 0x80U;
+  memcpy(last4 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last014 = last4;
-  uint8_t *last114 = last4 + (uint32_t)64U;
+  uint8_t *last114 = last4 + 64U;
   uint8_t *l40 = last014;
   uint8_t *l41 = last114;
   memcpy(last5, b5, len * sizeof (uint8_t));
-  last5[len] = (uint8_t)0x80U;
-  memcpy(last5 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last5[len] = 0x80U;
+  memcpy(last5 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last015 = last5;
-  uint8_t *last115 = last5 + (uint32_t)64U;
+  uint8_t *last115 = last5 + 64U;
   uint8_t *l50 = last015;
   uint8_t *l51 = last115;
   memcpy(last6, b6, len * sizeof (uint8_t));
-  last6[len] = (uint8_t)0x80U;
-  memcpy(last6 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last6[len] = 0x80U;
+  memcpy(last6 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last016 = last6;
-  uint8_t *last116 = last6 + (uint32_t)64U;
+  uint8_t *last116 = last6 + 64U;
   uint8_t *l60 = last016;
   uint8_t *l61 = last116;
   memcpy(last7, b7, len * sizeof (uint8_t));
-  last7[len] = (uint8_t)0x80U;
-  memcpy(last7 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t));
+  last7[len] = 0x80U;
+  memcpy(last7 + fin - 8U, totlen_buf, 8U * sizeof (uint8_t));
   uint8_t *last01 = last7;
-  uint8_t *last11 = last7 + (uint32_t)64U;
+  uint8_t *last11 = last7 + 64U;
   uint8_t *l70 = last01;
   uint8_t *l71 = last11;
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   mb0 =
     {
       .fst = l00,
@@ -1280,7 +1280,7 @@ sha256_update_last8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   mb1 =
     {
       .fst = l01,
@@ -1295,11 +1295,11 @@ sha256_update_last8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_2x8p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_8p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_8p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x8p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_8p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_8p last1 = scrut.snd;
   sha256_update8(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha256_update8(last1, hash);
     return;
@@ -1307,7 +1307,7 @@ sha256_update_last8(
 }
 
 static inline void
-sha256_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8p h)
+sha256_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Hash_SHA2_uint8_8p h)
 {
   uint8_t hbuf[256U] = { 0U };
   Lib_IntVector_Intrinsics_vec256 v0 = st[0U];
@@ -1411,10 +1411,10 @@ sha256_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8
   st[6U] = st6_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * (uint32_t)32U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * 32U, st[i]););
   uint8_t *b7 = h.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = h.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = h.snd.snd.snd.snd.snd.fst;
@@ -1423,14 +1423,14 @@ sha256_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b4, hbuf + (uint32_t)128U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b5, hbuf + (uint32_t)160U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b6, hbuf + (uint32_t)192U, (uint32_t)32U * sizeof (uint8_t));
-  memcpy(b7, hbuf + (uint32_t)224U, (uint32_t)32U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 32U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 32U, 32U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 64U, 32U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 96U, 32U * sizeof (uint8_t));
+  memcpy(b4, hbuf + 128U, 32U * sizeof (uint8_t));
+  memcpy(b5, hbuf + 160U, 32U * sizeof (uint8_t));
+  memcpy(b6, hbuf + 192U, 32U * sizeof (uint8_t));
+  memcpy(b7, hbuf + 224U, 32U * sizeof (uint8_t));
 }
 
 void
@@ -1454,7 +1454,7 @@ Hacl_SHA2_Vec256_sha256_8(
   uint8_t *input7
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   ib =
     {
       .fst = input0,
@@ -1472,7 +1472,7 @@ Hacl_SHA2_Vec256_sha256_8(
         }
       }
     };
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   rb =
     {
       .fst = dst0,
@@ -1489,10 +1489,10 @@ Hacl_SHA2_Vec256_sha256_8(
     };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U };
   sha256_init8(st);
-  uint32_t rem = input_len % (uint32_t)64U;
+  uint32_t rem = input_len % 64U;
   uint64_t len_ = (uint64_t)input_len;
   sha256_update_nblocks8(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)64U;
+  uint32_t rem1 = input_len % 64U;
   uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd;
   uint8_t *b6 = ib.snd.snd.snd.snd.snd.snd.fst;
   uint8_t *b5 = ib.snd.snd.snd.snd.snd.fst;
@@ -1509,7 +1509,7 @@ Hacl_SHA2_Vec256_sha256_8(
   uint8_t *bl5 = b5 + input_len - rem1;
   uint8_t *bl6 = b6 + input_len - rem1;
   uint8_t *bl7 = b7 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_8p
+  Hacl_Hash_SHA2_uint8_8p
   lb =
     {
       .fst = bl0,
@@ -1531,21 +1531,21 @@ Hacl_SHA2_Vec256_sha256_8(
 static inline void sha384_init4(Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
-    uint64_t hi = Hacl_Impl_SHA2_Generic_h384[i];
+    uint64_t hi = Hacl_Hash_SHA2_h384[i];
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load64(hi);
     os[i] = x;);
 }
 
 static inline void
-sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash)
+sha384_update4(Hacl_Hash_SHA2_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec256));
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b10 = b.snd.fst;
@@ -1554,18 +1554,18 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
   ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10);
   ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2);
   ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3);
-  ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)32U);
-  ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)32U);
-  ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)32U);
-  ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)32U);
-  ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)64U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)64U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)64U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)64U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)96U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)96U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)96U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)96U);
+  ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 32U);
+  ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 32U);
+  ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 32U);
+  ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 32U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 64U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 64U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 64U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 64U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 96U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 96U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 96U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 96U);
   Lib_IntVector_Intrinsics_vec256 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec256 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec256 v20 = ws[2U];
@@ -1679,14 +1679,14 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR5(i0,
-    (uint32_t)0U,
-    (uint32_t)5U,
-    (uint32_t)1U,
+    0U,
+    5U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t k_t = Hacl_Impl_SHA2_Generic_k384_512[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint64_t k_t = Hacl_Hash_SHA2_k384_512[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec256 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec256 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec256 b0 = hash[1U];
@@ -1701,10 +1701,10 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       t1 =
         Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(h02,
                 Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(e0,
-                    (uint32_t)14U),
+                    14U),
                   Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(e0,
-                      (uint32_t)18U),
-                    Lib_IntVector_Intrinsics_vec256_rotate_right64(e0, (uint32_t)41U)))),
+                      18U),
+                    Lib_IntVector_Intrinsics_vec256_rotate_right64(e0, 41U)))),
               Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_lognot(e0), g0))),
             k_e_t),
@@ -1712,10 +1712,10 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       Lib_IntVector_Intrinsics_vec256
       t2 =
         Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(a0,
-              (uint32_t)28U),
+              28U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(a0,
-                (uint32_t)34U),
-              Lib_IntVector_Intrinsics_vec256_rotate_right64(a0, (uint32_t)39U))),
+                34U),
+              Lib_IntVector_Intrinsics_vec256_rotate_right64(a0, 39U))),
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, b0),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, c0),
               Lib_IntVector_Intrinsics_vec256_and(b0, c0))));
@@ -1735,30 +1735,30 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)4U)
+    if (i0 < 4U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec256 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec256
         s1 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t2,
-              (uint32_t)19U),
+              19U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t2,
-                (uint32_t)61U),
-              Lib_IntVector_Intrinsics_vec256_shift_right64(t2, (uint32_t)6U)));
+                61U),
+              Lib_IntVector_Intrinsics_vec256_shift_right64(t2, 6U)));
         Lib_IntVector_Intrinsics_vec256
         s0 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t15,
-              (uint32_t)1U),
+              1U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t15,
-                (uint32_t)8U),
-              Lib_IntVector_Intrinsics_vec256_shift_right64(t15, (uint32_t)7U)));
+                8U),
+              Lib_IntVector_Intrinsics_vec256_shift_right64(t15, 7U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(s1,
                 t7),
@@ -1766,9 +1766,9 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
     Lib_IntVector_Intrinsics_vec256
     x = Lib_IntVector_Intrinsics_vec256_add64(hash[i], hash_old[i]);
@@ -1778,22 +1778,22 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
 static inline void
 sha384_update_nblocks4(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec256 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)128U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 128U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b3 = b.snd.snd.snd;
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)128U;
-    uint8_t *bl1 = b1 + i * (uint32_t)128U;
-    uint8_t *bl2 = b2 + i * (uint32_t)128U;
-    uint8_t *bl3 = b3 + i * (uint32_t)128U;
-    Hacl_Impl_SHA2_Types_uint8_4p
+    uint8_t *bl0 = b0 + i * 128U;
+    uint8_t *bl1 = b1 + i * 128U;
+    uint8_t *bl2 = b2 + i * 128U;
+    uint8_t *bl3 = b3 + i * 128U;
+    Hacl_Hash_SHA2_uint8_4p
     mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
     sha384_update4(mb, st);
   }
@@ -1803,69 +1803,69 @@ static inline void
 sha384_update_last4(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec256 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U)
+  if (len + 16U + 1U <= 128U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)128U;
+  uint32_t fin = blocks * 128U;
   uint8_t last[1024U] = { 0U };
   uint8_t totlen_buf[16U] = { 0U };
-  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U);
+  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, 3U);
   store128_be(totlen_buf, total_len_bits);
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)256U;
-  uint8_t *last2 = last + (uint32_t)512U;
-  uint8_t *last3 = last + (uint32_t)768U;
+  uint8_t *last10 = last + 256U;
+  uint8_t *last2 = last + 512U;
+  uint8_t *last3 = last + 768U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)128U;
+  uint8_t *last110 = last00 + 128U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)128U;
+  uint8_t *last111 = last10 + 128U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)128U;
+  uint8_t *last112 = last2 + 128U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last01 = last3;
-  uint8_t *last11 = last3 + (uint32_t)128U;
+  uint8_t *last11 = last3 + 128U;
   uint8_t *l30 = last01;
   uint8_t *l31 = last11;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb0 = { .fst = l00, .snd = { .fst = l10, .snd = { .fst = l20, .snd = l30 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb1 = { .fst = l01, .snd = { .fst = l11, .snd = { .fst = l21, .snd = l31 } } };
-  Hacl_Impl_SHA2_Types_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_4p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_4p last1 = scrut.snd;
   sha384_update4(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha384_update4(last1, hash);
     return;
@@ -1873,7 +1873,7 @@ sha384_update_last4(
 }
 
 static inline void
-sha384_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4p h)
+sha384_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Hash_SHA2_uint8_4p h)
 {
   uint8_t hbuf[256U] = { 0U };
   Lib_IntVector_Intrinsics_vec256 v00 = st[0U];
@@ -1933,18 +1933,18 @@ sha384_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4
   st[6U] = st3_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * (uint32_t)32U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * 32U, st[i]););
   uint8_t *b3 = h.snd.snd.snd;
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)48U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)64U, (uint32_t)48U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)128U, (uint32_t)48U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)192U, (uint32_t)48U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 48U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 64U, 48U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 128U, 48U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 192U, 48U * sizeof (uint8_t));
 }
 
 void
@@ -1960,16 +1960,16 @@ Hacl_SHA2_Vec256_sha384_4(
   uint8_t *input3
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U };
   sha384_init4(st);
-  uint32_t rem = input_len % (uint32_t)128U;
+  uint32_t rem = input_len % 128U;
   FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len);
   sha384_update_nblocks4(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)128U;
+  uint32_t rem1 = input_len % 128U;
   uint8_t *b3 = ib.snd.snd.snd;
   uint8_t *b2 = ib.snd.snd.fst;
   uint8_t *b1 = ib.snd.fst;
@@ -1978,7 +1978,7 @@ Hacl_SHA2_Vec256_sha384_4(
   uint8_t *bl1 = b1 + input_len - rem1;
   uint8_t *bl2 = b2 + input_len - rem1;
   uint8_t *bl3 = b3 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
   sha384_update_last4(len_, rem, lb, st);
   sha384_finish4(st, rb);
@@ -1987,21 +1987,21 @@ Hacl_SHA2_Vec256_sha384_4(
 static inline void sha512_init4(Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
-    uint64_t hi = Hacl_Impl_SHA2_Generic_h512[i];
+    uint64_t hi = Hacl_Hash_SHA2_h512[i];
     Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load64(hi);
     os[i] = x;);
 }
 
 static inline void
-sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash)
+sha512_update4(Hacl_Hash_SHA2_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash)
 {
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256));
+  memcpy(hash_old, hash, 8U * sizeof (Lib_IntVector_Intrinsics_vec256));
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b10 = b.snd.fst;
@@ -2010,18 +2010,18 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
   ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10);
   ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2);
   ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3);
-  ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)32U);
-  ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)32U);
-  ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)32U);
-  ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)32U);
-  ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)64U);
-  ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)64U);
-  ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)64U);
-  ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)64U);
-  ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + (uint32_t)96U);
-  ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + (uint32_t)96U);
-  ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + (uint32_t)96U);
-  ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + (uint32_t)96U);
+  ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 32U);
+  ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 32U);
+  ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 32U);
+  ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 32U);
+  ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 64U);
+  ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 64U);
+  ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 64U);
+  ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 64U);
+  ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00 + 96U);
+  ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10 + 96U);
+  ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2 + 96U);
+  ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_be(b3 + 96U);
   Lib_IntVector_Intrinsics_vec256 v00 = ws[0U];
   Lib_IntVector_Intrinsics_vec256 v10 = ws[1U];
   Lib_IntVector_Intrinsics_vec256 v20 = ws[2U];
@@ -2135,14 +2135,14 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
   ws[14U] = ws14;
   ws[15U] = ws15;
   KRML_MAYBE_FOR5(i0,
-    (uint32_t)0U,
-    (uint32_t)5U,
-    (uint32_t)1U,
+    0U,
+    5U,
+    1U,
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      uint64_t k_t = Hacl_Impl_SHA2_Generic_k384_512[(uint32_t)16U * i0 + i];
+      0U,
+      16U,
+      1U,
+      uint64_t k_t = Hacl_Hash_SHA2_k384_512[16U * i0 + i];
       Lib_IntVector_Intrinsics_vec256 ws_t = ws[i];
       Lib_IntVector_Intrinsics_vec256 a0 = hash[0U];
       Lib_IntVector_Intrinsics_vec256 b0 = hash[1U];
@@ -2157,10 +2157,10 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       t1 =
         Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(h02,
                 Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(e0,
-                    (uint32_t)14U),
+                    14U),
                   Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(e0,
-                      (uint32_t)18U),
-                    Lib_IntVector_Intrinsics_vec256_rotate_right64(e0, (uint32_t)41U)))),
+                      18U),
+                    Lib_IntVector_Intrinsics_vec256_rotate_right64(e0, 41U)))),
               Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(e0, f0),
                 Lib_IntVector_Intrinsics_vec256_and(Lib_IntVector_Intrinsics_vec256_lognot(e0), g0))),
             k_e_t),
@@ -2168,10 +2168,10 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       Lib_IntVector_Intrinsics_vec256
       t2 =
         Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(a0,
-              (uint32_t)28U),
+              28U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(a0,
-                (uint32_t)34U),
-              Lib_IntVector_Intrinsics_vec256_rotate_right64(a0, (uint32_t)39U))),
+                34U),
+              Lib_IntVector_Intrinsics_vec256_rotate_right64(a0, 39U))),
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, b0),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_and(a0, c0),
               Lib_IntVector_Intrinsics_vec256_and(b0, c0))));
@@ -2191,30 +2191,30 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
       hash[5U] = f1;
       hash[6U] = g1;
       hash[7U] = h12;);
-    if (i0 < (uint32_t)4U)
+    if (i0 < 4U)
     {
       KRML_MAYBE_FOR16(i,
-        (uint32_t)0U,
-        (uint32_t)16U,
-        (uint32_t)1U,
+        0U,
+        16U,
+        1U,
         Lib_IntVector_Intrinsics_vec256 t16 = ws[i];
-        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U];
-        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U];
+        Lib_IntVector_Intrinsics_vec256 t15 = ws[(i + 1U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t7 = ws[(i + 9U) % 16U];
+        Lib_IntVector_Intrinsics_vec256 t2 = ws[(i + 14U) % 16U];
         Lib_IntVector_Intrinsics_vec256
         s1 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t2,
-              (uint32_t)19U),
+              19U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t2,
-                (uint32_t)61U),
-              Lib_IntVector_Intrinsics_vec256_shift_right64(t2, (uint32_t)6U)));
+                61U),
+              Lib_IntVector_Intrinsics_vec256_shift_right64(t2, 6U)));
         Lib_IntVector_Intrinsics_vec256
         s0 =
           Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t15,
-              (uint32_t)1U),
+              1U),
             Lib_IntVector_Intrinsics_vec256_xor(Lib_IntVector_Intrinsics_vec256_rotate_right64(t15,
-                (uint32_t)8U),
-              Lib_IntVector_Intrinsics_vec256_shift_right64(t15, (uint32_t)7U)));
+                8U),
+              Lib_IntVector_Intrinsics_vec256_shift_right64(t15, 7U)));
         ws[i] =
           Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(Lib_IntVector_Intrinsics_vec256_add64(s1,
                 t7),
@@ -2222,9 +2222,9 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
             t16););
     });
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     Lib_IntVector_Intrinsics_vec256 *os = hash;
     Lib_IntVector_Intrinsics_vec256
     x = Lib_IntVector_Intrinsics_vec256_add64(hash[i], hash_old[i]);
@@ -2234,22 +2234,22 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256
 static inline void
 sha512_update_nblocks4(
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec256 *st
 )
 {
-  uint32_t blocks = len / (uint32_t)128U;
-  for (uint32_t i = (uint32_t)0U; i < blocks; i++)
+  uint32_t blocks = len / 128U;
+  for (uint32_t i = 0U; i < blocks; i++)
   {
     uint8_t *b3 = b.snd.snd.snd;
     uint8_t *b2 = b.snd.snd.fst;
     uint8_t *b1 = b.snd.fst;
     uint8_t *b0 = b.fst;
-    uint8_t *bl0 = b0 + i * (uint32_t)128U;
-    uint8_t *bl1 = b1 + i * (uint32_t)128U;
-    uint8_t *bl2 = b2 + i * (uint32_t)128U;
-    uint8_t *bl3 = b3 + i * (uint32_t)128U;
-    Hacl_Impl_SHA2_Types_uint8_4p
+    uint8_t *bl0 = b0 + i * 128U;
+    uint8_t *bl1 = b1 + i * 128U;
+    uint8_t *bl2 = b2 + i * 128U;
+    uint8_t *bl3 = b3 + i * 128U;
+    Hacl_Hash_SHA2_uint8_4p
     mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
     sha512_update4(mb, st);
   }
@@ -2259,69 +2259,69 @@ static inline void
 sha512_update_last4(
   FStar_UInt128_uint128 totlen,
   uint32_t len,
-  Hacl_Impl_SHA2_Types_uint8_4p b,
+  Hacl_Hash_SHA2_uint8_4p b,
   Lib_IntVector_Intrinsics_vec256 *hash
 )
 {
   uint32_t blocks;
-  if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U)
+  if (len + 16U + 1U <= 128U)
   {
-    blocks = (uint32_t)1U;
+    blocks = 1U;
   }
   else
   {
-    blocks = (uint32_t)2U;
+    blocks = 2U;
   }
-  uint32_t fin = blocks * (uint32_t)128U;
+  uint32_t fin = blocks * 128U;
   uint8_t last[1024U] = { 0U };
   uint8_t totlen_buf[16U] = { 0U };
-  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U);
+  FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, 3U);
   store128_be(totlen_buf, total_len_bits);
   uint8_t *b3 = b.snd.snd.snd;
   uint8_t *b2 = b.snd.snd.fst;
   uint8_t *b1 = b.snd.fst;
   uint8_t *b0 = b.fst;
   uint8_t *last00 = last;
-  uint8_t *last10 = last + (uint32_t)256U;
-  uint8_t *last2 = last + (uint32_t)512U;
-  uint8_t *last3 = last + (uint32_t)768U;
+  uint8_t *last10 = last + 256U;
+  uint8_t *last2 = last + 512U;
+  uint8_t *last3 = last + 768U;
   memcpy(last00, b0, len * sizeof (uint8_t));
-  last00[len] = (uint8_t)0x80U;
-  memcpy(last00 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last00[len] = 0x80U;
+  memcpy(last00 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last010 = last00;
-  uint8_t *last110 = last00 + (uint32_t)128U;
+  uint8_t *last110 = last00 + 128U;
   uint8_t *l00 = last010;
   uint8_t *l01 = last110;
   memcpy(last10, b1, len * sizeof (uint8_t));
-  last10[len] = (uint8_t)0x80U;
-  memcpy(last10 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last10[len] = 0x80U;
+  memcpy(last10 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last011 = last10;
-  uint8_t *last111 = last10 + (uint32_t)128U;
+  uint8_t *last111 = last10 + 128U;
   uint8_t *l10 = last011;
   uint8_t *l11 = last111;
   memcpy(last2, b2, len * sizeof (uint8_t));
-  last2[len] = (uint8_t)0x80U;
-  memcpy(last2 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last2[len] = 0x80U;
+  memcpy(last2 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last012 = last2;
-  uint8_t *last112 = last2 + (uint32_t)128U;
+  uint8_t *last112 = last2 + 128U;
   uint8_t *l20 = last012;
   uint8_t *l21 = last112;
   memcpy(last3, b3, len * sizeof (uint8_t));
-  last3[len] = (uint8_t)0x80U;
-  memcpy(last3 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t));
+  last3[len] = 0x80U;
+  memcpy(last3 + fin - 16U, totlen_buf, 16U * sizeof (uint8_t));
   uint8_t *last01 = last3;
-  uint8_t *last11 = last3 + (uint32_t)128U;
+  uint8_t *last11 = last3 + 128U;
   uint8_t *l30 = last01;
   uint8_t *l31 = last11;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb0 = { .fst = l00, .snd = { .fst = l10, .snd = { .fst = l20, .snd = l30 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   mb1 = { .fst = l01, .snd = { .fst = l11, .snd = { .fst = l21, .snd = l31 } } };
-  Hacl_Impl_SHA2_Types_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
-  Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut.fst;
-  Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut.snd;
+  Hacl_Hash_SHA2_uint8_2x4p scrut = { .fst = mb0, .snd = mb1 };
+  Hacl_Hash_SHA2_uint8_4p last0 = scrut.fst;
+  Hacl_Hash_SHA2_uint8_4p last1 = scrut.snd;
   sha512_update4(last0, hash);
-  if (blocks > (uint32_t)1U)
+  if (blocks > 1U)
   {
     sha512_update4(last1, hash);
     return;
@@ -2329,7 +2329,7 @@ sha512_update_last4(
 }
 
 static inline void
-sha512_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4p h)
+sha512_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Hash_SHA2_uint8_4p h)
 {
   uint8_t hbuf[256U] = { 0U };
   Lib_IntVector_Intrinsics_vec256 v00 = st[0U];
@@ -2389,18 +2389,18 @@ sha512_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4
   st[6U] = st3_;
   st[7U] = st7_;
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * (uint32_t)32U, st[i]););
+    0U,
+    8U,
+    1U,
+    Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * 32U, st[i]););
   uint8_t *b3 = h.snd.snd.snd;
   uint8_t *b2 = h.snd.snd.fst;
   uint8_t *b1 = h.snd.fst;
   uint8_t *b0 = h.fst;
-  memcpy(b0, hbuf, (uint32_t)64U * sizeof (uint8_t));
-  memcpy(b1, hbuf + (uint32_t)64U, (uint32_t)64U * sizeof (uint8_t));
-  memcpy(b2, hbuf + (uint32_t)128U, (uint32_t)64U * sizeof (uint8_t));
-  memcpy(b3, hbuf + (uint32_t)192U, (uint32_t)64U * sizeof (uint8_t));
+  memcpy(b0, hbuf, 64U * sizeof (uint8_t));
+  memcpy(b1, hbuf + 64U, 64U * sizeof (uint8_t));
+  memcpy(b2, hbuf + 128U, 64U * sizeof (uint8_t));
+  memcpy(b3, hbuf + 192U, 64U * sizeof (uint8_t));
 }
 
 void
@@ -2416,16 +2416,16 @@ Hacl_SHA2_Vec256_sha512_4(
   uint8_t *input3
 )
 {
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } };
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } };
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U };
   sha512_init4(st);
-  uint32_t rem = input_len % (uint32_t)128U;
+  uint32_t rem = input_len % 128U;
   FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len);
   sha512_update_nblocks4(input_len, ib, st);
-  uint32_t rem1 = input_len % (uint32_t)128U;
+  uint32_t rem1 = input_len % 128U;
   uint8_t *b3 = ib.snd.snd.snd;
   uint8_t *b2 = ib.snd.snd.fst;
   uint8_t *b1 = ib.snd.fst;
@@ -2434,7 +2434,7 @@ Hacl_SHA2_Vec256_sha512_4(
   uint8_t *bl1 = b1 + input_len - rem1;
   uint8_t *bl2 = b2 + input_len - rem1;
   uint8_t *bl3 = b3 + input_len - rem1;
-  Hacl_Impl_SHA2_Types_uint8_4p
+  Hacl_Hash_SHA2_uint8_4p
   lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } };
   sha512_update_last4(len_, rem, lb, st);
   sha512_finish4(st, rb);
diff --git a/src/msvc/Hacl_Salsa20.c b/src/msvc/Hacl_Salsa20.c
index 2758f8a4..151df07d 100644
--- a/src/msvc/Hacl_Salsa20.c
+++ b/src/msvc/Hacl_Salsa20.c
@@ -30,35 +30,35 @@ static inline void quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t
   uint32_t sta = st[b];
   uint32_t stb0 = st[a];
   uint32_t std0 = st[d];
-  uint32_t sta1 = sta ^ ((stb0 + std0) << (uint32_t)7U | (stb0 + std0) >> (uint32_t)25U);
+  uint32_t sta1 = sta ^ ((stb0 + std0) << 7U | (stb0 + std0) >> 25U);
   st[b] = sta1;
   uint32_t sta0 = st[c];
   uint32_t stb1 = st[b];
   uint32_t std1 = st[a];
-  uint32_t sta10 = sta0 ^ ((stb1 + std1) << (uint32_t)9U | (stb1 + std1) >> (uint32_t)23U);
+  uint32_t sta10 = sta0 ^ ((stb1 + std1) << 9U | (stb1 + std1) >> 23U);
   st[c] = sta10;
   uint32_t sta2 = st[d];
   uint32_t stb2 = st[c];
   uint32_t std2 = st[b];
-  uint32_t sta11 = sta2 ^ ((stb2 + std2) << (uint32_t)13U | (stb2 + std2) >> (uint32_t)19U);
+  uint32_t sta11 = sta2 ^ ((stb2 + std2) << 13U | (stb2 + std2) >> 19U);
   st[d] = sta11;
   uint32_t sta3 = st[a];
   uint32_t stb = st[d];
   uint32_t std = st[c];
-  uint32_t sta12 = sta3 ^ ((stb + std) << (uint32_t)18U | (stb + std) >> (uint32_t)14U);
+  uint32_t sta12 = sta3 ^ ((stb + std) << 18U | (stb + std) >> 14U);
   st[a] = sta12;
 }
 
 static inline void double_round(uint32_t *st)
 {
-  quarter_round(st, (uint32_t)0U, (uint32_t)4U, (uint32_t)8U, (uint32_t)12U);
-  quarter_round(st, (uint32_t)5U, (uint32_t)9U, (uint32_t)13U, (uint32_t)1U);
-  quarter_round(st, (uint32_t)10U, (uint32_t)14U, (uint32_t)2U, (uint32_t)6U);
-  quarter_round(st, (uint32_t)15U, (uint32_t)3U, (uint32_t)7U, (uint32_t)11U);
-  quarter_round(st, (uint32_t)0U, (uint32_t)1U, (uint32_t)2U, (uint32_t)3U);
-  quarter_round(st, (uint32_t)5U, (uint32_t)6U, (uint32_t)7U, (uint32_t)4U);
-  quarter_round(st, (uint32_t)10U, (uint32_t)11U, (uint32_t)8U, (uint32_t)9U);
-  quarter_round(st, (uint32_t)15U, (uint32_t)12U, (uint32_t)13U, (uint32_t)14U);
+  quarter_round(st, 0U, 4U, 8U, 12U);
+  quarter_round(st, 5U, 9U, 13U, 1U);
+  quarter_round(st, 10U, 14U, 2U, 6U);
+  quarter_round(st, 15U, 3U, 7U, 11U);
+  quarter_round(st, 0U, 1U, 2U, 3U);
+  quarter_round(st, 5U, 6U, 7U, 4U);
+  quarter_round(st, 10U, 11U, 8U, 9U);
+  quarter_round(st, 15U, 12U, 13U, 14U);
 }
 
 static inline void rounds(uint32_t *st)
@@ -77,14 +77,14 @@ static inline void rounds(uint32_t *st)
 
 static inline void salsa20_core(uint32_t *k, uint32_t *ctx, uint32_t ctr)
 {
-  memcpy(k, ctx, (uint32_t)16U * sizeof (uint32_t));
+  memcpy(k, ctx, 16U * sizeof (uint32_t));
   uint32_t ctr_u32 = ctr;
   k[8U] = k[8U] + ctr_u32;
   rounds(k);
   KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
+    0U,
+    16U,
+    1U,
     uint32_t *os = k;
     uint32_t x = k[i] + ctx[i];
     os[i] = x;);
@@ -98,42 +98,38 @@ static inline void salsa20_key_block0(uint8_t *out, uint8_t *key, uint8_t *n)
   uint32_t k32[8U] = { 0U };
   uint32_t n32[2U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = k32;
-    uint8_t *bj = key + i * (uint32_t)4U;
+    uint8_t *bj = key + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
+    0U,
+    2U,
+    1U,
     uint32_t *os = n32;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
-  ctx[0U] = (uint32_t)0x61707865U;
+  ctx[0U] = 0x61707865U;
   uint32_t *k0 = k32;
-  uint32_t *k1 = k32 + (uint32_t)4U;
-  memcpy(ctx + (uint32_t)1U, k0, (uint32_t)4U * sizeof (uint32_t));
-  ctx[5U] = (uint32_t)0x3320646eU;
-  memcpy(ctx + (uint32_t)6U, n32, (uint32_t)2U * sizeof (uint32_t));
-  ctx[8U] = (uint32_t)0U;
-  ctx[9U] = (uint32_t)0U;
-  ctx[10U] = (uint32_t)0x79622d32U;
-  memcpy(ctx + (uint32_t)11U, k1, (uint32_t)4U * sizeof (uint32_t));
-  ctx[15U] = (uint32_t)0x6b206574U;
-  salsa20_core(k, ctx, (uint32_t)0U);
-  KRML_MAYBE_FOR16(i,
-    (uint32_t)0U,
-    (uint32_t)16U,
-    (uint32_t)1U,
-    store32_le(out + i * (uint32_t)4U, k[i]););
+  uint32_t *k1 = k32 + 4U;
+  memcpy(ctx + 1U, k0, 4U * sizeof (uint32_t));
+  ctx[5U] = 0x3320646eU;
+  memcpy(ctx + 6U, n32, 2U * sizeof (uint32_t));
+  ctx[8U] = 0U;
+  ctx[9U] = 0U;
+  ctx[10U] = 0x79622d32U;
+  memcpy(ctx + 11U, k1, 4U * sizeof (uint32_t));
+  ctx[15U] = 0x6b206574U;
+  salsa20_core(k, ctx, 0U);
+  KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(out + i * 4U, k[i]););
 }
 
 static inline void
@@ -150,101 +146,93 @@ salsa20_encrypt(
   uint32_t k32[8U] = { 0U };
   uint32_t n32[2U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = k32;
-    uint8_t *bj = key + i * (uint32_t)4U;
+    uint8_t *bj = key + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
+    0U,
+    2U,
+    1U,
     uint32_t *os = n32;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
-  ctx[0U] = (uint32_t)0x61707865U;
+  ctx[0U] = 0x61707865U;
   uint32_t *k0 = k32;
-  uint32_t *k10 = k32 + (uint32_t)4U;
-  memcpy(ctx + (uint32_t)1U, k0, (uint32_t)4U * sizeof (uint32_t));
-  ctx[5U] = (uint32_t)0x3320646eU;
-  memcpy(ctx + (uint32_t)6U, n32, (uint32_t)2U * sizeof (uint32_t));
+  uint32_t *k10 = k32 + 4U;
+  memcpy(ctx + 1U, k0, 4U * sizeof (uint32_t));
+  ctx[5U] = 0x3320646eU;
+  memcpy(ctx + 6U, n32, 2U * sizeof (uint32_t));
   ctx[8U] = ctr;
-  ctx[9U] = (uint32_t)0U;
-  ctx[10U] = (uint32_t)0x79622d32U;
-  memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
-  ctx[15U] = (uint32_t)0x6b206574U;
+  ctx[9U] = 0U;
+  ctx[10U] = 0x79622d32U;
+  memcpy(ctx + 11U, k10, 4U * sizeof (uint32_t));
+  ctx[15U] = 0x6b206574U;
   uint32_t k[16U] = { 0U };
-  KRML_HOST_IGNORE(k);
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < nb; i0++)
+  KRML_MAYBE_UNUSED_VAR(k);
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i0 = 0U; i0 < nb; i0++)
   {
-    uint8_t *uu____0 = out + i0 * (uint32_t)64U;
-    uint8_t *uu____1 = text + i0 * (uint32_t)64U;
+    uint8_t *uu____0 = out + i0 * 64U;
+    uint8_t *uu____1 = text + i0 * 64U;
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, i0);
     uint32_t bl[16U] = { 0U };
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
-      uint8_t *bj = uu____1 + i * (uint32_t)4U;
+      uint8_t *bj = uu____1 + i * 4U;
       uint32_t u = load32_le(bj);
       uint32_t r = u;
       uint32_t x = r;
       os[i] = x;);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
       uint32_t x = bl[i] ^ k1[i];
       os[i] = x;);
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      store32_le(uu____0 + i * (uint32_t)4U, bl[i]););
+    KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(uu____0 + i * 4U, bl[i]););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)64U;
+    uint8_t *uu____2 = out + nb * 64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * 64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
-      uint8_t *bj = plain + i * (uint32_t)4U;
+      uint8_t *bj = plain + i * 4U;
       uint32_t u = load32_le(bj);
       uint32_t r = u;
       uint32_t x = r;
       os[i] = x;);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
       uint32_t x = bl[i] ^ k1[i];
       os[i] = x;);
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      store32_le(plain + i * (uint32_t)4U, bl[i]););
+    KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(plain + i * 4U, bl[i]););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -263,101 +251,93 @@ salsa20_decrypt(
   uint32_t k32[8U] = { 0U };
   uint32_t n32[2U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = k32;
-    uint8_t *bj = key + i * (uint32_t)4U;
+    uint8_t *bj = key + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR2(i,
-    (uint32_t)0U,
-    (uint32_t)2U,
-    (uint32_t)1U,
+    0U,
+    2U,
+    1U,
     uint32_t *os = n32;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
-  ctx[0U] = (uint32_t)0x61707865U;
+  ctx[0U] = 0x61707865U;
   uint32_t *k0 = k32;
-  uint32_t *k10 = k32 + (uint32_t)4U;
-  memcpy(ctx + (uint32_t)1U, k0, (uint32_t)4U * sizeof (uint32_t));
-  ctx[5U] = (uint32_t)0x3320646eU;
-  memcpy(ctx + (uint32_t)6U, n32, (uint32_t)2U * sizeof (uint32_t));
+  uint32_t *k10 = k32 + 4U;
+  memcpy(ctx + 1U, k0, 4U * sizeof (uint32_t));
+  ctx[5U] = 0x3320646eU;
+  memcpy(ctx + 6U, n32, 2U * sizeof (uint32_t));
   ctx[8U] = ctr;
-  ctx[9U] = (uint32_t)0U;
-  ctx[10U] = (uint32_t)0x79622d32U;
-  memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
-  ctx[15U] = (uint32_t)0x6b206574U;
+  ctx[9U] = 0U;
+  ctx[10U] = 0x79622d32U;
+  memcpy(ctx + 11U, k10, 4U * sizeof (uint32_t));
+  ctx[15U] = 0x6b206574U;
   uint32_t k[16U] = { 0U };
-  KRML_HOST_IGNORE(k);
-  uint32_t rem = len % (uint32_t)64U;
-  uint32_t nb = len / (uint32_t)64U;
-  uint32_t rem1 = len % (uint32_t)64U;
-  for (uint32_t i0 = (uint32_t)0U; i0 < nb; i0++)
+  KRML_MAYBE_UNUSED_VAR(k);
+  uint32_t rem = len % 64U;
+  uint32_t nb = len / 64U;
+  uint32_t rem1 = len % 64U;
+  for (uint32_t i0 = 0U; i0 < nb; i0++)
   {
-    uint8_t *uu____0 = out + i0 * (uint32_t)64U;
-    uint8_t *uu____1 = cipher + i0 * (uint32_t)64U;
+    uint8_t *uu____0 = out + i0 * 64U;
+    uint8_t *uu____1 = cipher + i0 * 64U;
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, i0);
     uint32_t bl[16U] = { 0U };
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
-      uint8_t *bj = uu____1 + i * (uint32_t)4U;
+      uint8_t *bj = uu____1 + i * 4U;
       uint32_t u = load32_le(bj);
       uint32_t r = u;
       uint32_t x = r;
       os[i] = x;);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
       uint32_t x = bl[i] ^ k1[i];
       os[i] = x;);
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      store32_le(uu____0 + i * (uint32_t)4U, bl[i]););
+    KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(uu____0 + i * 4U, bl[i]););
   }
-  if (rem1 > (uint32_t)0U)
+  if (rem1 > 0U)
   {
-    uint8_t *uu____2 = out + nb * (uint32_t)64U;
+    uint8_t *uu____2 = out + nb * 64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * 64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
-      uint8_t *bj = plain + i * (uint32_t)4U;
+      uint8_t *bj = plain + i * 4U;
       uint32_t u = load32_le(bj);
       uint32_t r = u;
       uint32_t x = r;
       os[i] = x;);
     KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
+      0U,
+      16U,
+      1U,
       uint32_t *os = bl;
       uint32_t x = bl[i] ^ k1[i];
       os[i] = x;);
-    KRML_MAYBE_FOR16(i,
-      (uint32_t)0U,
-      (uint32_t)16U,
-      (uint32_t)1U,
-      store32_le(plain + i * (uint32_t)4U, bl[i]););
+    KRML_MAYBE_FOR16(i, 0U, 16U, 1U, store32_le(plain + i * 4U, bl[i]););
     memcpy(uu____2, plain, rem * sizeof (uint8_t));
   }
 }
@@ -368,34 +348,34 @@ static inline void hsalsa20(uint8_t *out, uint8_t *key, uint8_t *n)
   uint32_t k32[8U] = { 0U };
   uint32_t n32[4U] = { 0U };
   KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
+    0U,
+    8U,
+    1U,
     uint32_t *os = k32;
-    uint8_t *bj = key + i * (uint32_t)4U;
+    uint8_t *bj = key + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   KRML_MAYBE_FOR4(i,
-    (uint32_t)0U,
-    (uint32_t)4U,
-    (uint32_t)1U,
+    0U,
+    4U,
+    1U,
     uint32_t *os = n32;
-    uint8_t *bj = n + i * (uint32_t)4U;
+    uint8_t *bj = n + i * 4U;
     uint32_t u = load32_le(bj);
     uint32_t r = u;
     uint32_t x = r;
     os[i] = x;);
   uint32_t *k0 = k32;
-  uint32_t *k1 = k32 + (uint32_t)4U;
-  ctx[0U] = (uint32_t)0x61707865U;
-  memcpy(ctx + (uint32_t)1U, k0, (uint32_t)4U * sizeof (uint32_t));
-  ctx[5U] = (uint32_t)0x3320646eU;
-  memcpy(ctx + (uint32_t)6U, n32, (uint32_t)4U * sizeof (uint32_t));
-  ctx[10U] = (uint32_t)0x79622d32U;
-  memcpy(ctx + (uint32_t)11U, k1, (uint32_t)4U * sizeof (uint32_t));
-  ctx[15U] = (uint32_t)0x6b206574U;
+  uint32_t *k1 = k32 + 4U;
+  ctx[0U] = 0x61707865U;
+  memcpy(ctx + 1U, k0, 4U * sizeof (uint32_t));
+  ctx[5U] = 0x3320646eU;
+  memcpy(ctx + 6U, n32, 4U * sizeof (uint32_t));
+  ctx[10U] = 0x79622d32U;
+  memcpy(ctx + 11U, k1, 4U * sizeof (uint32_t));
+  ctx[15U] = 0x6b206574U;
   rounds(ctx);
   uint32_t r0 = ctx[0U];
   uint32_t r1 = ctx[5U];
@@ -406,11 +386,7 @@ static inline void hsalsa20(uint8_t *out, uint8_t *key, uint8_t *n)
   uint32_t r6 = ctx[8U];
   uint32_t r7 = ctx[9U];
   uint32_t res[8U] = { r0, r1, r2, r3, r4, r5, r6, r7 };
-  KRML_MAYBE_FOR8(i,
-    (uint32_t)0U,
-    (uint32_t)8U,
-    (uint32_t)1U,
-    store32_le(out + i * (uint32_t)4U, res[i]););
+  KRML_MAYBE_FOR8(i, 0U, 8U, 1U, store32_le(out + i * 4U, res[i]););
 }
 
 void
diff --git a/src/msvc/Hacl_Streaming_Blake2.c b/src/msvc/Hacl_Streaming_Blake2.c
deleted file mode 100644
index 948d56c2..00000000
--- a/src/msvc/Hacl_Streaming_Blake2.c
+++ /dev/null
@@ -1,655 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Blake2.h"
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2_blake2s_32_state *Hacl_Streaming_Blake2_blake2s_32_no_key_create_in(void)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  uint32_t *wv = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
-  uint32_t *b = (uint32_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint32_t));
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state = { .fst = wv, .snd = b };
-  Hacl_Streaming_Blake2_blake2s_32_state
-  s1 = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Blake2_blake2s_32_state
-  *p =
-    (Hacl_Streaming_Blake2_blake2s_32_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Blake2_blake2s_32_state
-      ));
-  p[0U] = s1;
-  Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
-  return p;
-}
-
-/**
-  (Re-)initialization function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_32_state *s1)
-{
-  Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
-  Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
-  Hacl_Streaming_Blake2_blake2s_32_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s1[0U] = tmp;
-}
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2_blake2s_32_no_key_update(
-  Hacl_Streaming_Blake2_blake2s_32_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Blake2_blake2s_32_state s1 = *p;
-  uint64_t total_len = s1.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)64U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  if (len <= (uint32_t)64U - sz)
-  {
-    Hacl_Streaming_Blake2_blake2s_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2s_32_block_state block_state1 = s2.block_state;
-    uint8_t *buf = s2.buf;
-    uint64_t total_len1 = s2.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2s_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Blake2_blake2s_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2s_32_block_state block_state1 = s2.block_state;
-    uint8_t *buf = s2.buf;
-    uint64_t total_len1 = s2.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      uint32_t *wv = block_state1.fst;
-      uint32_t *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, hash, prevlen, buf, nb);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    uint32_t *wv = block_state1.fst;
-    uint32_t *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)64U;
-    Hacl_Blake2s_32_blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2s_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Blake2_blake2s_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2s_32_block_state block_state10 = s2.block_state;
-    uint8_t *buf0 = s2.buf;
-    uint64_t total_len10 = s2.total_len;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)64U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2s_32_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2
-        }
-      );
-    Hacl_Streaming_Blake2_blake2s_32_state s20 = *p;
-    Hacl_Streaming_Blake2_blake2s_32_block_state block_state1 = s20.block_state;
-    uint8_t *buf = s20.buf;
-    uint64_t total_len1 = s20.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      uint32_t *wv = block_state1.fst;
-      uint32_t *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2s_32_blake2s_update_multi((uint32_t)64U, wv, hash, prevlen, buf, nb);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    uint32_t *wv = block_state1.fst;
-    uint32_t *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)64U;
-    Hacl_Blake2s_32_blake2s_update_multi(data1_len, wv, hash, total_len1, data11, nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2s_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2_blake2s_32_no_key_finish(
-  Hacl_Streaming_Blake2_blake2s_32_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Blake2_blake2s_32_state scrut = *p;
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)64U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  uint8_t *buf_1 = buf_;
-  uint32_t wv0[16U] = { 0U };
-  uint32_t b[16U] = { 0U };
-  Hacl_Streaming_Blake2_blake2s_32_block_state tmp_block_state = { .fst = wv0, .snd = b };
-  uint32_t *src_b = block_state.snd;
-  uint32_t *dst_b = tmp_block_state.snd;
-  memcpy(dst_b, src_b, (uint32_t)16U * sizeof (uint32_t));
-  uint64_t prev_len = total_len - (uint64_t)r;
-  uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)64U;
-  }
-  else
-  {
-    ite = r % (uint32_t)64U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  uint32_t *wv1 = tmp_block_state.fst;
-  uint32_t *hash0 = tmp_block_state.snd;
-  uint32_t nb = (uint32_t)0U;
-  Hacl_Blake2s_32_blake2s_update_multi((uint32_t)0U, wv1, hash0, prev_len, buf_multi, nb);
-  uint64_t prev_len_last = total_len - (uint64_t)r;
-  uint32_t *wv = tmp_block_state.fst;
-  uint32_t *hash = tmp_block_state.snd;
-  Hacl_Blake2s_32_blake2s_update_last(r, wv, hash, prev_len_last, r, buf_last);
-  Hacl_Blake2s_32_blake2s_finish((uint32_t)32U, dst, tmp_block_state.snd);
-}
-
-/**
-  Free state function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2s_32_no_key_free(Hacl_Streaming_Blake2_blake2s_32_state *s1)
-{
-  Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state;
-  uint32_t *wv = block_state.fst;
-  uint32_t *b = block_state.snd;
-  KRML_HOST_FREE(wv);
-  KRML_HOST_FREE(b);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s1);
-}
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2_blake2b_32_state *Hacl_Streaming_Blake2_blake2b_32_no_key_create_in(void)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  uint64_t *wv = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
-  uint64_t *b = (uint64_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint64_t));
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state = { .fst = wv, .snd = b };
-  Hacl_Streaming_Blake2_blake2b_32_state
-  s1 = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Blake2_blake2b_32_state
-  *p =
-    (Hacl_Streaming_Blake2_blake2b_32_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Blake2_blake2b_32_state
-      ));
-  p[0U] = s1;
-  Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
-  return p;
-}
-
-/**
-  (Re)-initialization function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_32_state *s1)
-{
-  Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
-  Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
-  Hacl_Streaming_Blake2_blake2b_32_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s1[0U] = tmp;
-}
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2_blake2b_32_no_key_update(
-  Hacl_Streaming_Blake2_blake2b_32_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Blake2_blake2b_32_state s1 = *p;
-  uint64_t total_len = s1.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)128U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
-  }
-  if (len <= (uint32_t)128U - sz)
-  {
-    Hacl_Streaming_Blake2_blake2b_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2b_32_block_state block_state1 = s2.block_state;
-    uint8_t *buf = s2.buf;
-    uint64_t total_len1 = s2.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2b_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Blake2_blake2b_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2b_32_block_state block_state1 = s2.block_state;
-    uint8_t *buf = s2.buf;
-    uint64_t total_len1 = s2.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      uint64_t *wv = block_state1.fst;
-      uint64_t *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-        wv,
-        hash,
-        FStar_UInt128_uint64_to_uint128(prevlen),
-        buf,
-        nb);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)128U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)128U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)128U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    uint64_t *wv = block_state1.fst;
-    uint64_t *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)128U;
-    Hacl_Blake2b_32_blake2b_update_multi(data1_len,
-      wv,
-      hash,
-      FStar_UInt128_uint64_to_uint128(total_len1),
-      data1,
-      nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2b_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)128U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Blake2_blake2b_32_state s2 = *p;
-    Hacl_Streaming_Blake2_blake2b_32_block_state block_state10 = s2.block_state;
-    uint8_t *buf0 = s2.buf;
-    uint64_t total_len10 = s2.total_len;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)128U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)128U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2b_32_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2
-        }
-      );
-    Hacl_Streaming_Blake2_blake2b_32_state s20 = *p;
-    Hacl_Streaming_Blake2_blake2b_32_block_state block_state1 = s20.block_state;
-    uint8_t *buf = s20.buf;
-    uint64_t total_len1 = s20.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      uint64_t *wv = block_state1.fst;
-      uint64_t *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2b_32_blake2b_update_multi((uint32_t)128U,
-        wv,
-        hash,
-        FStar_UInt128_uint64_to_uint128(prevlen),
-        buf,
-        nb);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)128U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)128U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)128U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    uint64_t *wv = block_state1.fst;
-    uint64_t *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)128U;
-    Hacl_Blake2b_32_blake2b_update_multi(data1_len,
-      wv,
-      hash,
-      FStar_UInt128_uint64_to_uint128(total_len1),
-      data11,
-      nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2_blake2b_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2_blake2b_32_no_key_finish(
-  Hacl_Streaming_Blake2_blake2b_32_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Blake2_blake2b_32_state scrut = *p;
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)128U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
-  }
-  uint8_t *buf_1 = buf_;
-  uint64_t wv0[16U] = { 0U };
-  uint64_t b[16U] = { 0U };
-  Hacl_Streaming_Blake2_blake2b_32_block_state tmp_block_state = { .fst = wv0, .snd = b };
-  uint64_t *src_b = block_state.snd;
-  uint64_t *dst_b = tmp_block_state.snd;
-  memcpy(dst_b, src_b, (uint32_t)16U * sizeof (uint64_t));
-  uint64_t prev_len = total_len - (uint64_t)r;
-  uint32_t ite;
-  if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)128U;
-  }
-  else
-  {
-    ite = r % (uint32_t)128U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  uint64_t *wv1 = tmp_block_state.fst;
-  uint64_t *hash0 = tmp_block_state.snd;
-  uint32_t nb = (uint32_t)0U;
-  Hacl_Blake2b_32_blake2b_update_multi((uint32_t)0U,
-    wv1,
-    hash0,
-    FStar_UInt128_uint64_to_uint128(prev_len),
-    buf_multi,
-    nb);
-  uint64_t prev_len_last = total_len - (uint64_t)r;
-  uint64_t *wv = tmp_block_state.fst;
-  uint64_t *hash = tmp_block_state.snd;
-  Hacl_Blake2b_32_blake2b_update_last(r,
-    wv,
-    hash,
-    FStar_UInt128_uint64_to_uint128(prev_len_last),
-    r,
-    buf_last);
-  Hacl_Blake2b_32_blake2b_finish((uint32_t)64U, dst, tmp_block_state.snd);
-}
-
-/**
-  Free state function when there is no key
-*/
-void Hacl_Streaming_Blake2_blake2b_32_no_key_free(Hacl_Streaming_Blake2_blake2b_32_state *s1)
-{
-  Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state;
-  uint64_t *wv = block_state.fst;
-  uint64_t *b = block_state.snd;
-  KRML_HOST_FREE(wv);
-  KRML_HOST_FREE(b);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s1);
-}
-
diff --git a/src/msvc/Hacl_Streaming_Blake2b_256.c b/src/msvc/Hacl_Streaming_Blake2b_256.c
deleted file mode 100644
index bdb5433f..00000000
--- a/src/msvc/Hacl_Streaming_Blake2b_256.c
+++ /dev/null
@@ -1,371 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Blake2b_256.h"
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2b_256_blake2b_256_state
-*Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in(void)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
-  Lib_IntVector_Intrinsics_vec256
-  *wv =
-    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
-      sizeof (Lib_IntVector_Intrinsics_vec256) * (uint32_t)4U);
-  memset(wv, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Lib_IntVector_Intrinsics_vec256
-  *b =
-    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
-      sizeof (Lib_IntVector_Intrinsics_vec256) * (uint32_t)4U);
-  memset(b, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = { .fst = wv, .snd = b };
-  Hacl_Streaming_Blake2b_256_blake2b_256_state
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Blake2b_256_blake2b_256_state
-  *p =
-    (Hacl_Streaming_Blake2b_256_blake2b_256_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Blake2b_256_blake2b_256_state
-      ));
-  p[0U] = s;
-  Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
-  return p;
-}
-
-/**
-  (Re-)initialization function when there is no key
-*/
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *s
-)
-{
-  Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
-  Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U);
-  Hacl_Streaming_Blake2b_256_blake2b_256_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
-}
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Blake2b_256_blake2b_256_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)128U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
-  }
-  if (len <= (uint32_t)128U - sz)
-  {
-    Hacl_Streaming_Blake2b_256_blake2b_256_state s1 = *p;
-    Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2b_256_blake2b_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Blake2b_256_blake2b_256_state s1 = *p;
-    Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
-      Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2b_256_blake2b_update_multi((uint32_t)128U,
-        wv,
-        hash,
-        FStar_UInt128_uint64_to_uint128(prevlen),
-        buf,
-        nb);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)128U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)128U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)128U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
-    Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)128U;
-    Hacl_Blake2b_256_blake2b_update_multi(data1_len,
-      wv,
-      hash,
-      FStar_UInt128_uint64_to_uint128(total_len1),
-      data1,
-      nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2b_256_blake2b_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)128U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Blake2b_256_blake2b_256_state s1 = *p;
-    Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)128U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)128U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2b_256_blake2b_256_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2
-        }
-      );
-    Hacl_Streaming_Blake2b_256_blake2b_256_state s10 = *p;
-    Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)128U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
-      Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2b_256_blake2b_update_multi((uint32_t)128U,
-        wv,
-        hash,
-        FStar_UInt128_uint64_to_uint128(prevlen),
-        buf,
-        nb);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)128U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)128U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)128U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)128U;
-    uint32_t data1_len = n_blocks * (uint32_t)128U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Lib_IntVector_Intrinsics_vec256 *wv = block_state1.fst;
-    Lib_IntVector_Intrinsics_vec256 *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)128U;
-    Hacl_Blake2b_256_blake2b_update_multi(data1_len,
-      wv,
-      hash,
-      FStar_UInt128_uint64_to_uint128(total_len1),
-      data11,
-      nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2b_256_blake2b_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *p;
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)128U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U);
-  }
-  uint8_t *buf_1 = buf_;
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 wv0[4U] KRML_POST_ALIGN(32) = { 0U };
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 b[4U] KRML_POST_ALIGN(32) = { 0U };
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state tmp_block_state = { .fst = wv0, .snd = b };
-  Lib_IntVector_Intrinsics_vec256 *src_b = block_state.snd;
-  Lib_IntVector_Intrinsics_vec256 *dst_b = tmp_block_state.snd;
-  memcpy(dst_b, src_b, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  uint64_t prev_len = total_len - (uint64_t)r;
-  uint32_t ite;
-  if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)128U;
-  }
-  else
-  {
-    ite = r % (uint32_t)128U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  Lib_IntVector_Intrinsics_vec256 *wv1 = tmp_block_state.fst;
-  Lib_IntVector_Intrinsics_vec256 *hash0 = tmp_block_state.snd;
-  uint32_t nb = (uint32_t)0U;
-  Hacl_Blake2b_256_blake2b_update_multi((uint32_t)0U,
-    wv1,
-    hash0,
-    FStar_UInt128_uint64_to_uint128(prev_len),
-    buf_multi,
-    nb);
-  uint64_t prev_len_last = total_len - (uint64_t)r;
-  Lib_IntVector_Intrinsics_vec256 *wv = tmp_block_state.fst;
-  Lib_IntVector_Intrinsics_vec256 *hash = tmp_block_state.snd;
-  Hacl_Blake2b_256_blake2b_update_last(r,
-    wv,
-    hash,
-    FStar_UInt128_uint64_to_uint128(prev_len_last),
-    r,
-    buf_last);
-  Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, tmp_block_state.snd);
-}
-
-/**
-  Free state function when there is no key
-*/
-void
-Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free(
-  Hacl_Streaming_Blake2b_256_blake2b_256_state *s
-)
-{
-  Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state;
-  Lib_IntVector_Intrinsics_vec256 *wv = block_state.fst;
-  Lib_IntVector_Intrinsics_vec256 *b = block_state.snd;
-  KRML_ALIGNED_FREE(wv);
-  KRML_ALIGNED_FREE(b);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/msvc/Hacl_Streaming_Blake2s_128.c b/src/msvc/Hacl_Streaming_Blake2s_128.c
deleted file mode 100644
index f97bf5d0..00000000
--- a/src/msvc/Hacl_Streaming_Blake2s_128.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Blake2s_128.h"
-
-/**
-  State allocation function when there is no key
-*/
-Hacl_Streaming_Blake2s_128_blake2s_128_state
-*Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in(void)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  Lib_IntVector_Intrinsics_vec128
-  *wv =
-    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
-      sizeof (Lib_IntVector_Intrinsics_vec128) * (uint32_t)4U);
-  memset(wv, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Lib_IntVector_Intrinsics_vec128
-  *b =
-    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
-      sizeof (Lib_IntVector_Intrinsics_vec128) * (uint32_t)4U);
-  memset(b, 0U, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = { .fst = wv, .snd = b };
-  Hacl_Streaming_Blake2s_128_blake2s_128_state
-  s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  Hacl_Streaming_Blake2s_128_blake2s_128_state
-  *p =
-    (Hacl_Streaming_Blake2s_128_blake2s_128_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Blake2s_128_blake2s_128_state
-      ));
-  p[0U] = s;
-  Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
-  return p;
-}
-
-/**
-  (Re-)initialization function when there is no key
-*/
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *s
-)
-{
-  Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
-  Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U);
-  Hacl_Streaming_Blake2s_128_blake2s_128_state
-  tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
-  s[0U] = tmp;
-}
-
-/**
-  Update function when there is no key; 0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Blake2s_128_blake2s_128_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)64U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  if (len <= (uint32_t)64U - sz)
-  {
-    Hacl_Streaming_Blake2s_128_blake2s_128_state s1 = *p;
-    Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2s_128_blake2s_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Blake2s_128_blake2s_128_state s1 = *p;
-    Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
-      Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2s_128_blake2s_update_multi((uint32_t)64U, wv, hash, prevlen, buf, nb);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
-    Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)64U;
-    Hacl_Blake2s_128_blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2s_128_blake2s_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Blake2s_128_blake2s_128_state s1 = *p;
-    Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)64U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2s_128_blake2s_128_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2
-        }
-      );
-    Hacl_Streaming_Blake2s_128_blake2s_128_state s10 = *p;
-    Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      uint64_t prevlen = total_len1 - (uint64_t)sz1;
-      Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
-      Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
-      uint32_t nb = (uint32_t)1U;
-      Hacl_Blake2s_128_blake2s_update_multi((uint32_t)64U, wv, hash, prevlen, buf, nb);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Lib_IntVector_Intrinsics_vec128 *wv = block_state1.fst;
-    Lib_IntVector_Intrinsics_vec128 *hash = block_state1.snd;
-    uint32_t nb = data1_len / (uint32_t)64U;
-    Hacl_Blake2s_128_blake2s_update_multi(data1_len, wv, hash, total_len1, data11, nb);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Blake2s_128_blake2s_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff)
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-/**
-  Finish function when there is no key
-*/
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *p;
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)64U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  uint8_t *buf_1 = buf_;
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 wv0[4U] KRML_POST_ALIGN(16) = { 0U };
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 b[4U] KRML_POST_ALIGN(16) = { 0U };
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state tmp_block_state = { .fst = wv0, .snd = b };
-  Lib_IntVector_Intrinsics_vec128 *src_b = block_state.snd;
-  Lib_IntVector_Intrinsics_vec128 *dst_b = tmp_block_state.snd;
-  memcpy(dst_b, src_b, (uint32_t)4U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  uint64_t prev_len = total_len - (uint64_t)r;
-  uint32_t ite;
-  if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)64U;
-  }
-  else
-  {
-    ite = r % (uint32_t)64U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  Lib_IntVector_Intrinsics_vec128 *wv1 = tmp_block_state.fst;
-  Lib_IntVector_Intrinsics_vec128 *hash0 = tmp_block_state.snd;
-  uint32_t nb = (uint32_t)0U;
-  Hacl_Blake2s_128_blake2s_update_multi((uint32_t)0U, wv1, hash0, prev_len, buf_multi, nb);
-  uint64_t prev_len_last = total_len - (uint64_t)r;
-  Lib_IntVector_Intrinsics_vec128 *wv = tmp_block_state.fst;
-  Lib_IntVector_Intrinsics_vec128 *hash = tmp_block_state.snd;
-  Hacl_Blake2s_128_blake2s_update_last(r, wv, hash, prev_len_last, r, buf_last);
-  Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, tmp_block_state.snd);
-}
-
-/**
-  Free state function when there is no key
-*/
-void
-Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free(
-  Hacl_Streaming_Blake2s_128_blake2s_128_state *s
-)
-{
-  Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s;
-  uint8_t *buf = scrut.buf;
-  Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state;
-  Lib_IntVector_Intrinsics_vec128 *wv = block_state.fst;
-  Lib_IntVector_Intrinsics_vec128 *b = block_state.snd;
-  KRML_ALIGNED_FREE(wv);
-  KRML_ALIGNED_FREE(b);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/msvc/Hacl_Streaming_Poly1305_128.c b/src/msvc/Hacl_Streaming_Poly1305_128.c
deleted file mode 100644
index c3f7c19a..00000000
--- a/src/msvc/Hacl_Streaming_Poly1305_128.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Poly1305_128.h"
-
-Hacl_Streaming_Poly1305_128_poly1305_128_state
-*Hacl_Streaming_Poly1305_128_create_in(uint8_t *k)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-  Lib_IntVector_Intrinsics_vec128
-  *r1 =
-    (Lib_IntVector_Intrinsics_vec128 *)KRML_ALIGNED_MALLOC(16,
-      sizeof (Lib_IntVector_Intrinsics_vec128) * (uint32_t)25U);
-  memset(r1, 0U, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Lib_IntVector_Intrinsics_vec128 *block_state = r1;
-  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_0 = k_;
-  Hacl_Streaming_Poly1305_128_poly1305_128_state
-  s =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_0 };
-  Hacl_Streaming_Poly1305_128_poly1305_128_state
-  *p =
-    (Hacl_Streaming_Poly1305_128_poly1305_128_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Poly1305_128_poly1305_128_state
-      ));
-  p[0U] = s;
-  Hacl_Poly1305_128_poly1305_init(block_state, k);
-  return p;
-}
-
-void
-Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly1305_128_state *s)
-{
-  Hacl_Streaming_Poly1305_128_poly1305_128_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
-  Hacl_Poly1305_128_poly1305_init(block_state, k);
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_1 = k_;
-  Hacl_Streaming_Poly1305_128_poly1305_128_state
-  tmp =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_1 };
-  s[0U] = tmp;
-}
-
-/**
-0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_128_update(
-  Hacl_Streaming_Poly1305_128_poly1305_128_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Poly1305_128_poly1305_128_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)32U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)32U);
-  }
-  if (len <= (uint32_t)32U - sz)
-  {
-    Hacl_Streaming_Poly1305_128_poly1305_128_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec128 *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)32U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)32U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_128_poly1305_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Poly1305_128_poly1305_128_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec128 *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)32U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)32U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_128_poly1305_update(block_state1, (uint32_t)32U, buf);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)32U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)32U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)32U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)32U;
-    uint32_t data1_len = n_blocks * (uint32_t)32U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Poly1305_128_poly1305_update(block_state1, data1_len, data1);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_128_poly1305_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len,
-          .p_key = k_1
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)32U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Poly1305_128_poly1305_128_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec128 *block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)32U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)32U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_128_poly1305_128_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-    Hacl_Streaming_Poly1305_128_poly1305_128_state s10 = *p;
-    Lib_IntVector_Intrinsics_vec128 *block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint8_t *k_10 = s10.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)32U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)32U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_128_poly1305_update(block_state1, (uint32_t)32U, buf);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)32U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)32U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)32U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)32U;
-    uint32_t data1_len = n_blocks * (uint32_t)32U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Poly1305_128_poly1305_update(block_state1, data1_len, data11);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_128_poly1305_128_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff),
-          .p_key = k_10
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-void
-Hacl_Streaming_Poly1305_128_finish(
-  Hacl_Streaming_Poly1305_128_poly1305_128_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Poly1305_128_poly1305_128_state scrut = *p;
-  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint8_t *k_ = scrut.p_key;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)32U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)32U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)32U);
-  }
-  uint8_t *buf_1 = buf_;
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 r1[25U] KRML_POST_ALIGN(16) = { 0U };
-  Lib_IntVector_Intrinsics_vec128 *tmp_block_state = r1;
-  memcpy(tmp_block_state, block_state, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  uint32_t ite0;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite0 = (uint32_t)16U;
-  }
-  else
-  {
-    ite0 = r % (uint32_t)16U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite0;
-  uint8_t *buf_multi = buf_1;
-  uint32_t ite;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)16U;
-  }
-  else
-  {
-    ite = r % (uint32_t)16U;
-  }
-  Hacl_Poly1305_128_poly1305_update(tmp_block_state, r - ite, buf_multi);
-  uint32_t ite1;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite1 = (uint32_t)16U;
-  }
-  else
-  {
-    ite1 = r % (uint32_t)16U;
-  }
-  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
-  uint32_t ite2;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite2 = (uint32_t)16U;
-  }
-  else
-  {
-    ite2 = r % (uint32_t)16U;
-  }
-  Hacl_Poly1305_128_poly1305_update(tmp_block_state, ite2, buf_last);
-  KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 tmp[25U] KRML_POST_ALIGN(16) = { 0U };
-  memcpy(tmp, tmp_block_state, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec128));
-  Hacl_Poly1305_128_poly1305_finish(dst, k_, tmp);
-}
-
-void Hacl_Streaming_Poly1305_128_free(Hacl_Streaming_Poly1305_128_poly1305_128_state *s)
-{
-  Hacl_Streaming_Poly1305_128_poly1305_128_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state;
-  KRML_HOST_FREE(k_);
-  KRML_ALIGNED_FREE(block_state);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/msvc/Hacl_Streaming_Poly1305_256.c b/src/msvc/Hacl_Streaming_Poly1305_256.c
deleted file mode 100644
index e56275a4..00000000
--- a/src/msvc/Hacl_Streaming_Poly1305_256.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Poly1305_256.h"
-
-Hacl_Streaming_Poly1305_256_poly1305_256_state
-*Hacl_Streaming_Poly1305_256_create_in(uint8_t *k)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
-  Lib_IntVector_Intrinsics_vec256
-  *r1 =
-    (Lib_IntVector_Intrinsics_vec256 *)KRML_ALIGNED_MALLOC(32,
-      sizeof (Lib_IntVector_Intrinsics_vec256) * (uint32_t)25U);
-  memset(r1, 0U, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Lib_IntVector_Intrinsics_vec256 *block_state = r1;
-  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_0 = k_;
-  Hacl_Streaming_Poly1305_256_poly1305_256_state
-  s =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_0 };
-  Hacl_Streaming_Poly1305_256_poly1305_256_state
-  *p =
-    (Hacl_Streaming_Poly1305_256_poly1305_256_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Poly1305_256_poly1305_256_state
-      ));
-  p[0U] = s;
-  Hacl_Poly1305_256_poly1305_init(block_state, k);
-  return p;
-}
-
-void
-Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly1305_256_state *s)
-{
-  Hacl_Streaming_Poly1305_256_poly1305_256_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
-  Hacl_Poly1305_256_poly1305_init(block_state, k);
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_1 = k_;
-  Hacl_Streaming_Poly1305_256_poly1305_256_state
-  tmp =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_1 };
-  s[0U] = tmp;
-}
-
-/**
-0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_256_update(
-  Hacl_Streaming_Poly1305_256_poly1305_256_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Poly1305_256_poly1305_256_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)64U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  if (len <= (uint32_t)64U - sz)
-  {
-    Hacl_Streaming_Poly1305_256_poly1305_256_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec256 *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_256_poly1305_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Poly1305_256_poly1305_256_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec256 *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_256_poly1305_update(block_state1, (uint32_t)64U, buf);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Poly1305_256_poly1305_update(block_state1, data1_len, data1);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_256_poly1305_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len,
-          .p_key = k_1
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)64U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Poly1305_256_poly1305_256_state s1 = *p;
-    Lib_IntVector_Intrinsics_vec256 *block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)64U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_256_poly1305_256_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-    Hacl_Streaming_Poly1305_256_poly1305_256_state s10 = *p;
-    Lib_IntVector_Intrinsics_vec256 *block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint8_t *k_10 = s10.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)64U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_256_poly1305_update(block_state1, (uint32_t)64U, buf);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)64U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)64U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
-    uint32_t data1_len = n_blocks * (uint32_t)64U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Poly1305_256_poly1305_update(block_state1, data1_len, data11);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_256_poly1305_256_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff),
-          .p_key = k_10
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-void
-Hacl_Streaming_Poly1305_256_finish(
-  Hacl_Streaming_Poly1305_256_poly1305_256_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Poly1305_256_poly1305_256_state scrut = *p;
-  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint8_t *k_ = scrut.p_key;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)64U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
-  }
-  uint8_t *buf_1 = buf_;
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 r1[25U] KRML_POST_ALIGN(32) = { 0U };
-  Lib_IntVector_Intrinsics_vec256 *tmp_block_state = r1;
-  memcpy(tmp_block_state, block_state, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  uint32_t ite0;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite0 = (uint32_t)16U;
-  }
-  else
-  {
-    ite0 = r % (uint32_t)16U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite0;
-  uint8_t *buf_multi = buf_1;
-  uint32_t ite;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)16U;
-  }
-  else
-  {
-    ite = r % (uint32_t)16U;
-  }
-  Hacl_Poly1305_256_poly1305_update(tmp_block_state, r - ite, buf_multi);
-  uint32_t ite1;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite1 = (uint32_t)16U;
-  }
-  else
-  {
-    ite1 = r % (uint32_t)16U;
-  }
-  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
-  uint32_t ite2;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite2 = (uint32_t)16U;
-  }
-  else
-  {
-    ite2 = r % (uint32_t)16U;
-  }
-  Hacl_Poly1305_256_poly1305_update(tmp_block_state, ite2, buf_last);
-  KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 tmp[25U] KRML_POST_ALIGN(32) = { 0U };
-  memcpy(tmp, tmp_block_state, (uint32_t)25U * sizeof (Lib_IntVector_Intrinsics_vec256));
-  Hacl_Poly1305_256_poly1305_finish(dst, k_, tmp);
-}
-
-void Hacl_Streaming_Poly1305_256_free(Hacl_Streaming_Poly1305_256_poly1305_256_state *s)
-{
-  Hacl_Streaming_Poly1305_256_poly1305_256_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state;
-  KRML_HOST_FREE(k_);
-  KRML_ALIGNED_FREE(block_state);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/msvc/Hacl_Streaming_Poly1305_32.c b/src/msvc/Hacl_Streaming_Poly1305_32.c
deleted file mode 100644
index 249a622f..00000000
--- a/src/msvc/Hacl_Streaming_Poly1305_32.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-
-#include "Hacl_Streaming_Poly1305_32.h"
-
-Hacl_Streaming_Poly1305_32_poly1305_32_state *Hacl_Streaming_Poly1305_32_create_in(uint8_t *k)
-{
-  uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)16U, sizeof (uint8_t));
-  uint64_t *r1 = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
-  uint64_t *block_state = r1;
-  uint8_t *k_ = (uint8_t *)KRML_HOST_CALLOC((uint32_t)32U, sizeof (uint8_t));
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_0 = k_;
-  Hacl_Streaming_Poly1305_32_poly1305_32_state
-  s =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_0 };
-  Hacl_Streaming_Poly1305_32_poly1305_32_state
-  *p =
-    (Hacl_Streaming_Poly1305_32_poly1305_32_state *)KRML_HOST_MALLOC(sizeof (
-        Hacl_Streaming_Poly1305_32_poly1305_32_state
-      ));
-  p[0U] = s;
-  Hacl_Poly1305_32_poly1305_init(block_state, k);
-  return p;
-}
-
-void
-Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_32_state *s)
-{
-  Hacl_Streaming_Poly1305_32_poly1305_32_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  uint64_t *block_state = scrut.block_state;
-  Hacl_Poly1305_32_poly1305_init(block_state, k);
-  memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t));
-  uint8_t *k_1 = k_;
-  Hacl_Streaming_Poly1305_32_poly1305_32_state
-  tmp =
-    { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U, .p_key = k_1 };
-  s[0U] = tmp;
-}
-
-/**
-0 = success, 1 = max length exceeded
-*/
-Hacl_Streaming_Types_error_code
-Hacl_Streaming_Poly1305_32_update(
-  Hacl_Streaming_Poly1305_32_poly1305_32_state *p,
-  uint8_t *data,
-  uint32_t len
-)
-{
-  Hacl_Streaming_Poly1305_32_poly1305_32_state s = *p;
-  uint64_t total_len = s.total_len;
-  if ((uint64_t)len > (uint64_t)0xffffffffU - total_len)
-  {
-    return Hacl_Streaming_Types_MaximumLengthExceeded;
-  }
-  uint32_t sz;
-  if (total_len % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    sz = (uint32_t)16U;
-  }
-  else
-  {
-    sz = (uint32_t)(total_len % (uint64_t)(uint32_t)16U);
-  }
-  if (len <= (uint32_t)16U - sz)
-  {
-    Hacl_Streaming_Poly1305_32_poly1305_32_state s1 = *p;
-    uint64_t *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)16U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)16U);
-    }
-    uint8_t *buf2 = buf + sz1;
-    memcpy(buf2, data, len * sizeof (uint8_t));
-    uint64_t total_len2 = total_len1 + (uint64_t)len;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_32_poly1305_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-  }
-  else if (sz == (uint32_t)0U)
-  {
-    Hacl_Streaming_Poly1305_32_poly1305_32_state s1 = *p;
-    uint64_t *block_state1 = s1.block_state;
-    uint8_t *buf = s1.buf;
-    uint64_t total_len1 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)16U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)16U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_32_poly1305_update(block_state1, (uint32_t)16U, buf);
-    }
-    uint32_t ite;
-    if ((uint64_t)len % (uint64_t)(uint32_t)16U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
-    {
-      ite = (uint32_t)16U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)16U);
-    }
-    uint32_t n_blocks = (len - ite) / (uint32_t)16U;
-    uint32_t data1_len = n_blocks * (uint32_t)16U;
-    uint32_t data2_len = len - data1_len;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + data1_len;
-    Hacl_Poly1305_32_poly1305_update(block_state1, data1_len, data1);
-    uint8_t *dst = buf;
-    memcpy(dst, data2, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_32_poly1305_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)len,
-          .p_key = k_1
-        }
-      );
-  }
-  else
-  {
-    uint32_t diff = (uint32_t)16U - sz;
-    uint8_t *data1 = data;
-    uint8_t *data2 = data + diff;
-    Hacl_Streaming_Poly1305_32_poly1305_32_state s1 = *p;
-    uint64_t *block_state10 = s1.block_state;
-    uint8_t *buf0 = s1.buf;
-    uint64_t total_len10 = s1.total_len;
-    uint8_t *k_1 = s1.p_key;
-    uint32_t sz10;
-    if (total_len10 % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len10 > (uint64_t)0U)
-    {
-      sz10 = (uint32_t)16U;
-    }
-    else
-    {
-      sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)16U);
-    }
-    uint8_t *buf2 = buf0 + sz10;
-    memcpy(buf2, data1, diff * sizeof (uint8_t));
-    uint64_t total_len2 = total_len10 + (uint64_t)diff;
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_32_poly1305_32_state){
-          .block_state = block_state10,
-          .buf = buf0,
-          .total_len = total_len2,
-          .p_key = k_1
-        }
-      );
-    Hacl_Streaming_Poly1305_32_poly1305_32_state s10 = *p;
-    uint64_t *block_state1 = s10.block_state;
-    uint8_t *buf = s10.buf;
-    uint64_t total_len1 = s10.total_len;
-    uint8_t *k_10 = s10.p_key;
-    uint32_t sz1;
-    if (total_len1 % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len1 > (uint64_t)0U)
-    {
-      sz1 = (uint32_t)16U;
-    }
-    else
-    {
-      sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)16U);
-    }
-    if (!(sz1 == (uint32_t)0U))
-    {
-      Hacl_Poly1305_32_poly1305_update(block_state1, (uint32_t)16U, buf);
-    }
-    uint32_t ite;
-    if
-    (
-      (uint64_t)(len - diff)
-      % (uint64_t)(uint32_t)16U
-      == (uint64_t)0U
-      && (uint64_t)(len - diff) > (uint64_t)0U
-    )
-    {
-      ite = (uint32_t)16U;
-    }
-    else
-    {
-      ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)16U);
-    }
-    uint32_t n_blocks = (len - diff - ite) / (uint32_t)16U;
-    uint32_t data1_len = n_blocks * (uint32_t)16U;
-    uint32_t data2_len = len - diff - data1_len;
-    uint8_t *data11 = data2;
-    uint8_t *data21 = data2 + data1_len;
-    Hacl_Poly1305_32_poly1305_update(block_state1, data1_len, data11);
-    uint8_t *dst = buf;
-    memcpy(dst, data21, data2_len * sizeof (uint8_t));
-    *p
-    =
-      (
-        (Hacl_Streaming_Poly1305_32_poly1305_32_state){
-          .block_state = block_state1,
-          .buf = buf,
-          .total_len = total_len1 + (uint64_t)(len - diff),
-          .p_key = k_10
-        }
-      );
-  }
-  return Hacl_Streaming_Types_Success;
-}
-
-void
-Hacl_Streaming_Poly1305_32_finish(
-  Hacl_Streaming_Poly1305_32_poly1305_32_state *p,
-  uint8_t *dst
-)
-{
-  Hacl_Streaming_Poly1305_32_poly1305_32_state scrut = *p;
-  uint64_t *block_state = scrut.block_state;
-  uint8_t *buf_ = scrut.buf;
-  uint64_t total_len = scrut.total_len;
-  uint8_t *k_ = scrut.p_key;
-  uint32_t r;
-  if (total_len % (uint64_t)(uint32_t)16U == (uint64_t)0U && total_len > (uint64_t)0U)
-  {
-    r = (uint32_t)16U;
-  }
-  else
-  {
-    r = (uint32_t)(total_len % (uint64_t)(uint32_t)16U);
-  }
-  uint8_t *buf_1 = buf_;
-  uint64_t r1[25U] = { 0U };
-  uint64_t *tmp_block_state = r1;
-  memcpy(tmp_block_state, block_state, (uint32_t)25U * sizeof (uint64_t));
-  uint32_t ite;
-  if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
-  {
-    ite = (uint32_t)16U;
-  }
-  else
-  {
-    ite = r % (uint32_t)16U;
-  }
-  uint8_t *buf_last = buf_1 + r - ite;
-  uint8_t *buf_multi = buf_1;
-  Hacl_Poly1305_32_poly1305_update(tmp_block_state, (uint32_t)0U, buf_multi);
-  Hacl_Poly1305_32_poly1305_update(tmp_block_state, r, buf_last);
-  uint64_t tmp[25U] = { 0U };
-  memcpy(tmp, tmp_block_state, (uint32_t)25U * sizeof (uint64_t));
-  Hacl_Poly1305_32_poly1305_finish(dst, k_, tmp);
-}
-
-void Hacl_Streaming_Poly1305_32_free(Hacl_Streaming_Poly1305_32_poly1305_32_state *s)
-{
-  Hacl_Streaming_Poly1305_32_poly1305_32_state scrut = *s;
-  uint8_t *k_ = scrut.p_key;
-  uint8_t *buf = scrut.buf;
-  uint64_t *block_state = scrut.block_state;
-  KRML_HOST_FREE(k_);
-  KRML_HOST_FREE(block_state);
-  KRML_HOST_FREE(buf);
-  KRML_HOST_FREE(s);
-}
-
diff --git a/src/wasm/EverCrypt_Hash.wasm b/src/wasm/EverCrypt_Hash.wasm
index 8fdc7b27e028cff8b53492b41b29a176bc2bb191..101c3f6834aed5d76bde19f1242639e8d080fc39 100644
GIT binary patch
delta 1808
zcmaJ>OHUI~6u!69P9HNZEl^R>c4{F!RG>30aiPYcHq=<EvBvF9TLxMwRB6%Rrm}S5
zD>uFt#>9oX1go-8Q5Gg9#zfs3;U};&ZhXuz)80-8*`4n@-#Op8_nw&_3)F)JYO&7*
z-&Olf6VTBSPiG4#o-XC^Bg*gCN#JLSlXlf1O2tJUAv7tKQI6-sfN|+_|C2_B0lU2v
zpEvJmX)4DL&ApxgaTqD2rz9S)n+LXFdn}J#T|_HSioaWWT)PQ1c07VRXkW8xl<sY&
z7U+{c4=GfAOTGpMZ_r+&B%_n`Sc9&H6Djt{x)&dHxSews#?xg971E_L*n>T0uT8mp
z<$Cd|wHtG0nh?L5i9uVFV!}3RoTaq4aojJqcB3StlUVJ+on#S|Sp-zNI44P0q#-QY
zzh(7TiE_%s#TluTE0#f@{&hp0#9VF^(u@1`VxG9-d56Do8=vaoCq3M7_$#DVn>d#i
zkZ>pr2K6SwmcmGg2SW{Sq`fps<)_C({GlFlil&Tupv(D6IftgCc@Q$Li{Dthd1aUL
zS`BY7&TJa<kzs>zJySE*dI*BSIAbu*=!@`gW~e<bMiVG1CQ<a%*y$6A7&;e=Vv+TY
zZk3QHqAFlV?2<Gaot?i>MrYHr@;@M2oSDc^dW{ugB8H!^bC#QJjP(xYocmz_C!C%3
z>2#q`%!0$5g3Pm0Ny4|C)AsTFq$Ga`3BN+)eXhQW{H>t4n2MuBEJ<0Mn=4euv`5A~
zlK($MW7W9GFyU+}Cocox>?$X}JK-D(Cp7lUCMiZE8ym7Jr)%g`IbB1Sdn6&AjPWVr
z(V|f!b*g%><(>dvS3is(1ix0hA1}~wqx$rj-3G7YrNy6illUIY1l*hnFD?aH7--{6
zT<cVzor8FN=??_ewdY6R_Nrlg?Zrn3@R^sN`#C80lUq<C5P@5;=y8}K1U~U9T#?gU
zT^&-A1oE5WM$9@G4k~i@5Nof6gRHF<4zSi*c#x%Q;Q`iC3-`0;T9{-hhU-+jonlQj
zx}Swwh&z^jtv5X9yUYx87hk;!AP55HW_5IV)k3Q)hCOd@k+6u-8!sMMVQF>K@UfNq
LT3B6M`3wI6l@S!1

delta 1801
zcmah}OKcNY6n*3I%-EhciDNJ+A&Dn-5Q$SDo{3Y`mW630jDUa?sf)6B8V^J4FgC$<
zkYE!cp;p~hx<#~UB|a-QRH4IX6C$!>LxtENgxI03DzPe?BH+z0GgeHxyZ794&)j$4
zdGqTc`*M+89*r>nS-Hq5rn|qS=_V;@%?kPYOv8XBHX{$TV`REi%o9Rpj20o4ag>0o
zLVEB}ZO*hS3OQ)hjYd`X7!^gCK%!0Q*+7ATXg~ZR@Et0pk5-z|5he$V(LT5p-R(vH
zM6ahtoGG0NrghEK8Y=w8?Me>?!yo;oKulvs)6c^bZm?6sTW+Kitni0VBm<oTrgqv;
zh8@6-n?zMe*@2s6e(t2!GDvOSY*o?rP5a7DAN<8<({i96n)5wBuq|`~XY<|>#)N^?
zPN%8u%-;$-JHbD8hF3bnuZ4r(Z5TZJKL<9oW($3~X`6T6?_=5CZH}6636(U@&Kt%B
z1J+_s`?q)61*uR|qEV29%$U0Z7s+)6Y<m-~gQr^!L#tKmGw>#!@mw8XnM8(5*=<l-
zkIt?~ONq>aQ?>m}C#z^GDdZJ2o({g`-+Nx!_lbjs0N)8HzhN1@ZQQ^#NNLwTLJd|X
zN?|fA?f{;68L69!yPI|#S%x)nytiV%Yh9}o{Y-7HY8vF6q0`~v3*49PScK2<V0vSh
zW*RVy=f%rgMB&P%ix*Kk3rT5*Xx|QfU3K*3u$^O_?w`JbY8`!*u>rnXueQ*B=$87S
zAx*_k(VX7r5vK^Rq|t@i$%1pEwhGHhbnW>d=X+?b5c)F-Fu}tLlK~cUF?C;v7k4pw
zg#j;NV`^AWud|{Dh6S;UwFyct)+X4M^xwa~3AWpV%IlxCUUywlnN{nD1B67LNich}
z4_@q&VELSA_1&1_nSZV7&3KFfXfD5rGsTCfK9rOh_}j{2G_*x#<kab*tulh^x8E@l
z>)N0Dnax>~aQMz6CIVaUKF(1!D!|H-A}XS!%C+YcVgP`6Z(^Y+huC?pEmbHvTvkM!
z5N&ChNsi;VAMV95Kiq=_KirLZkuq7z{S0${IEJHsIE7hJ-r+Ki;fN3CFyn>r{N7;d
z=bqW&s3`sp)PoGlBJr{nzrV)C*Nq2HR(=X)$M0W))fLRU#)G#He(^$UY4ttx0SJyL
Ay#N3J

diff --git a/src/wasm/Hacl_Chacha20Poly1305_32.wasm b/src/wasm/Hacl_AEAD_Chacha20Poly1305.wasm
similarity index 78%
rename from src/wasm/Hacl_Chacha20Poly1305_32.wasm
rename to src/wasm/Hacl_AEAD_Chacha20Poly1305.wasm
index eb45d058f670de2e077ee014b939dcfe4bf2427d..560e70a8ffd9bc1dc2e25c53a6dce148d4632877 100644
GIT binary patch
delta 535
zcmaE9{nUDbyewlqV|@Z+9aBA!1T*0TbAA0p8#~7H6RQKb5_2-s^Wx1+7#JtpGAb}K
zP3)IvF*aggo*c)h$;dLfgHeu=6(nY8#=tgtIiofs`@|oLsvLqIiOD(fzK+iE0r@$V
zhQ<b_iWnl3zcS{#U2kY;U|?1POFFtby2LwYBqnDh8X3U!#i!;a7gZLNF!170G<gHl
z7IAhdM+OZB21iy$#vDhE955$KfN^s*^BZPdl9TJ$lNs433yO#`GH(9Cp2-U1Os?R4
zj7!tzB0hCixTGYib(1#;C%_EZtS&N#39b;`UAM$ES;UzY7!;Tk*c8|u83nkc91k!k
z@+$BOuul$<5o2VWY$%;50g__?$|>+G3MdFDuqv=9fHW~qUL~yyvk0g#h7BYQ*O@Mp
pD8{P52GJ>`D6Ak1*2e_YcTYwVX!H-6J)BG+bATqYP2MZ30{{t{cc=gW

delta 590
zcmaEA{nC1ZJTr5B{X{Xji4InbXD3z%Oy+0gWMrJ!FVA9V#=tarBcmcC^TdA1iKjUk
zStedpU}T*v$*8Ho#vPtmoEuzPP>^3#B7nq>FDXhaU|^rz%BZc(A>fgioD(0ApHpdQ
zY+xF1Y@~oLF!?)UzR%r;h6V;^Rj{0MMq+YCqLBfTruf9v#FY5dyyT+Ff)WN^{OTsJ
zVcNpTF*%W0l#yj~IrAH47-w=7d$Kr(lp})%1B0W0BV!H-fjC(LEStZuXR_jwoLs{D
z7-q=kJU(@VLP?Mj9B@-6uMtkbWyoe_kvU9oQ?7|=vgolWuqm)AFeorOG74}>IUZn8
z<W=AmfVuDh1F91z>q;j|fD|(T6)W&73MdFDFexxAfJ|YZyi8gbm(4(pF|r`#xQ$Mh
qNi={PEu<){APhH}Uw{W1WI$&k2ifE=GJ7~#fF582d13NSSseiP;Dh1-

diff --git a/src/wasm/Hacl_AEAD_Chacha20Poly1305_Simd128.wasm b/src/wasm/Hacl_AEAD_Chacha20Poly1305_Simd128.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..a647522149a9d0384bb143e836cc6786352c2a7c
GIT binary patch
literal 1910
zcmc&!OK;pZ5FSeVl=h+ZE3q9n!{m|_s1ZAjQTP-hZO|Y+6bR5B6<VTWt@Vne4d5Is
z_x&4s?XCa9rxyJmMf)?_p|no5ja&HCLW|`L`Ell(k3)jYBL)EM*R!)T7(HjF?DRP+
zS=szMHOd8FFPmklhYk(3_0~kMUaDXX+c^J<G7Y*<WhNsPnvseOaO}^C$g^3RCRwr4
zu-yYyB%#`SAK)J$G7MhCE<somveb+c$uLYjFq(i%(%jz#vkBR3#<*bOrqVlBKD3%h
zr->{wnL@j{d`YgIJ?JzcTg?dGk@Ak+gW2Js%G^A7t)Sb)E;q3x;A@p7(7XGw^g{R1
zk@Sw_?mhQ2<?ZZ#;J!7v`(W>KByFpAs@Tg;(!!<f(7!k+%a?_8^Fn5YS%UeE?w6Kj
z4~CuZw8=^k=Z4+=T|4HxRaWtl`0x#%Pm}Ou=l;D1?z15BHL-aX7+eMHtBMi~`!x-c
z#AMcQ-)a&+>6C_X+ARg#0pML^!ijlL4=L}X!7VhfC!A0){hM<8HVBwHZNRPo-sT-_
zV`q<A?8kYi);yFY)+_K2tU_Ca?oq@Z_BHyKFBTII&_tkA9SX~w{)RXQKE$EZ-KdC>
zTN9|fslzCm#cj0Erf7VGBLVvWI27!d56y>Uz|+>l3XLN@9Zqrd9yCA;5eBTyY#T>>
zOqp;@pC$rC1jpP#hl*@f44GpSBOEO3w!i<nu4Zjs`#?Ag?4AFPyk>hv)h0NpRU>-G
z+#%JRhH4Y?v}%*NYBgw~?zw6czNA%KqK|r^R&9wd<8q~$fego$YSdtY{hJaixFY^w
z`W#pIDrH(DN^8P-a&eGj@`w@<;@7bImvbGj;q{!hzU1qo#PwXTY2|I;I&Nf@xrv*i
z`>HZ;;40prlC^`Y6z!$9bXp2O<!hJKs9}5yw+Q)Iqgy34D^O{=Vrp3aj)1mcHou8C
z|K1(;&tFn|Ft`o&xuI|O_M`c8@#bRFrQS|2Zh0zwU-|k8*+(yl(jb&Yki@96EXlB#
zWwG+HNHCklMGz@GltDPll=ZkC@7#)lJP+a*Se&E^gBU}3lFSN>WV(-^1P9ws;(}hd
cBFVIs1#upD`Sz>o&AW9MuE5Yw{x^1i0xT2S*8l(j

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_AEAD_Chacha20Poly1305_Simd256.wasm b/src/wasm/Hacl_AEAD_Chacha20Poly1305_Simd256.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..804858db6a6f1d2e5bcd87ce4d19d24b3ee151b1
GIT binary patch
literal 1910
zcmc&!&2HO95S}F^Q6lw2`7f~@H?zqlDG(!e5~J`bi?l(5^iUu`dt_*G9aH9CNGgDH
zFx@6?pCQ-W`W8O5=zA3HW3;oRoKm%0_|$@ec4qh6nQy+GU2yY=0Ra2;<m3c~&)G3M
ze$Gl(Hvf*ba?V%FdReNWLqlzyo9Na{6|7-vr*9}z-+1a~ZX`oJl92|s^)(TBHcitc
zE0!9zvnPurlsoqU{t@Da!Hd`-2x~$Xno%M*3=<EuCg6fJ_qIWALe`rx&X_o<>m5oT
zT1}+gL>8HwLc6(qL9VSG=rkc4%?RFs^bVc9>HfaVoIH3f!DwO^n^+R?wagOe-u~S6
zLg&$e>m9h;cb%`Kx3&F=b8d3`!OnRkO**u#-YH`*J4y?OCZTtBP^Rw|u9FvTR_G<@
z->H6SnO1+$`9Ybi1aYca#_!6}Kd!Qh&%~!6_<Wg!M_c#qK5(7|k+0ItvOxbbU|&|0
zV9={+kR&=YfBRmM_(`SIv}2<ba0`GN$b=p9t{PI_LyeoLVOQ9pVCpyF)=dyFvD<)#
z0N&;uY-4AKTI|PJsMai$DOM}+dsd-MLU$=*7kdi*%Qy3h`=}#Ost$!^c5h9b0w3VO
zHr6U)<kkc#Z(=iwW^xNnv?v-M;!waY01gB@<OBU78Su3AutMWdO@|X4-hl>aE<&HR
znPuUSk0=w4=u<?1h~S9ZXj74`iXpQtVuby<-PXIebu}xq+WW$uV{iX=<Q3aXsy4=P
zts2og<Tj~hH&h#wr&JryRI5RAb<b2A^97~a0)5mAwQ37|5f>}XG-NocRHFtH?BA4F
z!X@zsQ|GwEmnqW<QCbo9le2>ykw=t>5Wj-PU(Qv$f>(3e`jW4T5?6D<CY85_tGJd`
z<~ptm<5gu|!)3fiB`XJ)DcVbAsk9V+!dEV;QNj2IZV>XZLbpn4R-n>U#niC;BLQu}
zEPfrY|Ghh`pTDK{U~m(xQ%&9O%}2B6;={$JOTC$%-SX7+ed((wWEZ_8N`ufXf+R+n
zWl4s`G>fH=MS|HhE`mtnz8i$oOq!4D@z#wf$nzk6fyGfOF^DmAkCJJDk(=(~7s1}<
hlenN4u1GRvWkH+=UcUKCdX(|TZMXzOKl$I-{Rv$m+Uo!S

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_Bignum.wasm b/src/wasm/Hacl_Bignum.wasm
index b9c99c898a2c73ae248089b38ce824515f17262c..6e090b50b5acc4b01d3eaa14e9a14507c7cc0467 100644
GIT binary patch
delta 8652
zcmdU!T})iZ702)8E5@7D6oUhpg)<nI?@!~!*amag9~fgBNNi(+Z44M}^9_rg_-ogn
zQIx7rSJgf=FMX(zhq$eps*xf!P1IIVr9SkjQmee=p?PqtM6HyniQB6Gb7$_o!?F-k
z^(B(=&fGb3&Y3gk&YAt~pZ=Wj!w)ll@~e!r#CP8QO~#^WR@fhB71?*Q-t}79_IIDT
zTiJeObbMwca`p1uwb>DCW_CWhe0+Xx`SSei#L|tCvAK~^=b7D~mDgFeLE({EXc$?V
zxO8oN`Re@K$hB~*QPF63Z7O-YZc|ZO+RuLa_L0r?A7%gOdw1^|X=$-BJNC(IxhADi
zI%Uw7oPr`UL=NTH^!Jec`scmbWRNi>w$fJnm$ypnAAb_C3;%I!pDDIczIYz81?gQ>
zU>Us`U6xU081y`P=CqYDGez6HCI-S7;}KC{fAA#lP`W6jd@?L^hD8Ni-40FLHBCk6
zDNTi5Q)%K6v7I%=^F^_)DF}y)v78{~<`foLhA4sB63Xmx9W1eEPLvWp76efim9hg+
zD+Hl`-7*(N8I@VaVf@R8W0gCgaR)T!(iZ64k!gMQ@1K8uCs2f;ax!wM9AjG$y7D3@
zHK#-gyOnPc2Q`<TalFXH`YNb`quLsxkmZD<f)`N%_bRkihtT8Th15!=5UVT*iAuQQ
z?p3ASt17B;v{qBK)LO+_tDv<?(^`!lYpqsVr4VZ^uNF0w>8#Z<GtolGX%6cMh+0^~
z-q%r`yZ5d2R4=X6v6VVlsne{~qsLb2l@%$(R@&-C1DT?c8blL9(Ts`B+QcUG)K)io
zO;(by^334AbkRZ$ezNR@hE`~3)imrxPibiJnvRC|^339FD~F63v5R)u_dcy|4O3XI
zVi)F!T~M`4Qx!&!R}ogLkV3qQ?67Eq?cKDSLtfcV?NZHdR<j#wc57<d(PK63_M2ad
z`F62~+QeSMd^hL!As8L{x;hc>4kS${?M2d1rPxpVL>CNNP;F_dxu+Jp-)kywc|=%=
zzlF@axFI5#8L^)6lD`c-a|*F=oj3p|4#Mt1*gZgdIEnX&L)2!aQDnwS(?t)%lWyqi
z);u|kp7P|7*HoT#+kgDDFrG@&5g6@((H<DBq$4o9gUudw&8F*Sdtvq%%pTLs_M)fE
z9`%~aERP5Xi_IcHo9*8|c{YRBY=7{tZHbQx&D{8LI?hMH3I13ReK-P6@J3-e^<5YJ
z=pjP2Jr=q>i#P%L9SL(v30Xva)5}Yl)E^K7G+>!l#xhJUiWlew@gg?(MJ>E1>7+PC
zHR3cDF^EMBT1KsRRGvmxt>To|RIA_-G3ab#rICqvozXMpEP{6i!8=PeIfXch3^7DQ
z&M`1d!!jp_SiulX4q5);Jd7Ua<gl_Lg*de%!{Qubb{-SX;}FQ0b5jNnFW}(?E5m&P
zXGUOu1omrS9~pB25fc{@Kd3hI6aDFCcKrMdD!{b3NEbQMqx`WT#t_F*H_~I*#W;Fy
zq{o~{k2?~2q{o~{j|aphy5vWCf+oZyB0Z@^`Z8S>SLmF$ieR)%!Q&}y-B;05k-p+J
zRSbAUAU&Ss6*h=zENt3Y*f}f>S$Uq9cAiJ8<k4HBPV@jh>*g2*P}~CdzAr24?Qe2L
zbrQ}l{%2Xdn2Kd06^kG$U5Q>}OA)0KM5)xRv4nV&R%0`Xra9o)d_i7kL6l*Gg-QX`
z)g4sk)Z22@&>*%WDo_bU2+Bfd$Z+$`GN@u2l{Dn$&K9p3T|`M#Bkm{kP-T>_8%oao
zlmqtA7bVU4q6$l>!V*x@QM$3w`Jx(+s_`fnt3px-shpJ%CjfB*%(0821|HVJLlj5N
z!5Vh3)_2ft!ofOs#QkJH>Xd_y9Gr0F)j%zbCKk7v+frO3P=fhQx6=pO>|a0mc0q$^
zgyZh5pi$lmny86|YMZ&t@-mt@%bVbLljR==&FJxQ&<vNtiTAde!NO+IlKM7~7(pGi
ze}C&a=MMPsUwWHR&)X=BYG{adC`K*xPPX0XsrRkTYudF>Q6y0Z!+s6ii^=;id7n0U
zFM4Y79<OP?`IJ-@@1PE+ig!|{Tw4dkMF+HWXj(ea<F$42+7JLK#QT`tiNb22uy#2o
zrp2X|CAwHm7u4V;>#f8>kJVU8jTB-v^OlIvesO@H%&n#e5syRq`cO0J5OV4;9pIAQ
zD7xvOI0EZEu!9og**SuqT6DM9R5p1;^tdJcC}tkjO8S2ER+RK!IB^VikHKy)ML3ru
z;yCR`Nk5uY(oevXKIrSyJUM}$^5nSJRG#$NH~v!?Po=3JMh9SY07e^8G9&y>MNku!
z@QRX-3Mo#)>`Be+i|8q{FL+I5mPZ7H{gR%=YZgbj<b>j<=oFtcr}<++4C0JA?Y@bF
z*HJi6b9{DkK_7I=%o#^QFEfKqnK=^>XX&h8W`^KAZouAMX_#8XIk@f=N#FGybdJl!
zw38>pUQ_wbBjUWfd9svlaZe6eIY(%SMxx@P6{m|)Ue_pHq|qf5%rUE!>*P4=xP(OG
zLaRA6fsjlhj;Mp4#ujmzF3|){st_zf>!m2Q;6Vuz8D1?ep-^6y0(6Blf0B((a#Clh
zQqI>$zITLCPqo(-#_1|{c#2xoy<?iDowsO)X5?GM=f0SRQ`458-81O%TQsABB8Avs
zWJb(l6?2#{mwfM-$HRH;-VqiHu)hHNEwGQYo@c-3wR^{$ymu_pA}7QWe=LY7wtLA<
zi0E~(jGmhiQ70jm9SJ=lqE13A2gEhH<|oAUq=a~hX2r`$h#PS929{gne#d+nU6l|o
zc}=x;9uYU(gt&>RH!VLQZt{|D(RI2N6}Pc<x1EHzL$~S9l88}^6CzG=)^XQFMzFk=
z5%)|4^S%kC_f0J+X2k=OAb-!qb3ZZa@hnQS+Os9`&?Lx8DSBvfdY}WR?k7Z+nV;o2
zc$2qodssYz5yF4GBeU2Oyz~6kQOxmpKvty|zA(KL$uj@2DgSp&9X6%Ko{y)+>f`CL
z9Q<YBzEqz0END(@7@|aBh{VT1GnDvbi>ZN##Ajt@bz(fn+yI8ygrrj#0?lf}Xv2C^
zV+f3|hap&#!Vtcu)EI&_=@_CkHHLWKkR0ND!vzsiu@EGP9={qf9|(|$h%u0wM1*t_
zkq;E%k%-DQNCZ2gNQ4tuMiCJwBx|AwUUo>uZ5<Th>=#gkR0|d%)vn1RSZ%dZ>$8Y-
zu!zK8^UZ?IK6-F=o4JG3SjU;4iaW5zdZkecaSra>5O?6YiaVg0=*TnqqT(?JJQM3M
z2cE5%1J8ap&vb7p;0=lADoqDCNcYzS4y+`s+)o7@oWRzCI7mHf5(n1P&U);(z6>T)
z2Mmf8)PW!9)S+|()PXH1>VT$l`D;)IwwX*Fkg%z!1B<Rh9oQ2^9ehu^nP7=--uzYU
zf%UCs524iTfrZy$4{Thq2jBRH*aN@!3?KNtm-Im@puWeiuEGy7A3sPbOap&-{K`WY
zKtyn$KYk@*-g&?T;*Avu0#k&JAX*fI@UEQ-K|qcaf{<4Dm|Pn{uv#5Kl)4B)zW!hk
zGD{_1Kru>Y5NvN)rH&Nh{rcY-1oCG+2Eh>@1%%*;O9~-ZNn?okcoK$)k%u9q6i0ka
zMqGjjE#e>%Z>&HO92y5jv?~^|28!SaC=?;BaKzU^5lB+pBo&J2_fZ5N>8nu0FBnB^
zON$kvyqa+{mWDt6tVKT~o)t?+JD|1AZ+r=Mxy9zhw}e^1@Iq!_61?Eu(cy(tnF$G+
z3SMy5`1FEvN8$^)UlL!)D(&zKr1K-iFU|pA__wbJ_{AN3`43rgro$s-^U(vvFVNK`
zDj#t=Fu&jd^$7!n0ekq1;3|ND^jHZn@J0Y&uofL)Kt(Em0S{}~!&=`%w+Rm=z>prg
zkEu?1=sbXjNdu_>hI{)!EqBg|tOjbpF4@@w#ks7#K^+M7e1O;Ufv}2gIM)oY4QGBO
z;D+4gHQ@%UZBD$q)fDLf8_v}taWT(~wSG0b;HipTpvkV;jZgWf2#;UjF@XM>{DKuI
ze&H&3>#6%o1Q>?A831C)HAp^zR7{2#tfy0jMhbCge25{>Tu=<DXHAO1dMu@9ZHfUY
z{2riD41RE!e2Rf9!dFrZHl-*An#$(apcrg3nPMQJQ&9{SU58?@CyHYDp7bRqD$Ugx
zgH^4@7<jW%VGI^t2V<~Zg)w})8^9QR<}k<L(?)^}Ih_Vksgg-X48H*|>%bRRDaDm)
zP*y6*GPFvi!wg7^RWPF(*b84#U6=tGQZPd*=d(nE8A11V0sp%zm*B_vZ2&aG{_tvW
zVjP!}WNg8v*T)vp+JgwN#Ulq>s0R-fwLq7yurnK?7Hm(a7V@eBY9U`6U<>)$tcfky
z+>A=${|B}}9<PTjI02YjZ~{nhA(u~4BtSB`h>=Gwq!cGWR3?CA7g_@7@Peb_!;2<K
zFOuK|FI>S3shnf3!3!inDtPf&(hEC#C>W1(0suR#z!YqILzqHZ<wUq^K9ZC|J$mR<
p3OoU&VAt+TO2Gic`Q?uSiMlLv^ZLL7Z+A*yQTk42qxpLJe*rbL^2z`J

delta 11135
zcmeHNTX0lIdY;yei^NLiCLxgYHxd#;!Ujo3=z^q?1d<SU3ELP92n<FybVbHknh^nc
zefO@%*)bb$WjCqaeWErgwl-C%O~qBIRNk_?FR4l@spKUuDRNm?ZJeayRKD+YpEIq|
z43?99+$vzYPj`R+rT^~p%{P4iFS7pTAG7}8&$2SUc>B?xXH6+p8@rTKyk&gi=Io{E
zYcJorIy*dZ^U|&Qx=`URj>Jyq{BfE&2O2^pW=`drx70JS$#tc%3+wV9on4!ok#X-A
zkFKoW`?u@<{*%SUP)0`NPW*S*sEXLcFR$l>Ms$G`#D+erj&1m?e_c3BLSuT9Y>K_N
zP#XLB=ee=BKRZ?yk}S!TEwZuTYsC^0B^k0&@(T*l(OYF}Z0MJj4TVw|4jl-EWNTQB
z>aCd_XoUK+I>Mpdcvy&D*4T&?qLY{u(~mdj73v~j!jEmTjeax~OR+)PMx<>(+U6h?
zqerA-i)1DdsiRnL7o~T|c3lF;O0lriSy+Oe8uixh2$~jzBf69zhck7VY?n}2jd7|L
zAZZ|J2T9PgNM%9OB5_1(B1O0Boi0*2qTGqhl}k~<Hbkf^09zs1eSVHA!g5pZ5`0YR
zO39I3bO5lrN~)xCF07{XZrL3U9l@WhD59(eVl@zpBp;aN+2Mcv;wQga$Suau9tmxf
zJs8W!K2;P0RE_8gy0zBJb&b?`xvrI3lj|D#T?3D5oIq>QW3Fp$aAp!w8f*1lDbi2N
zUi}O*v=0mSISZdb&t~Z9ph=MU2ZgF6cIj6+`Fmvz3Md@P#`68LpEXodCw0b~{q$x(
zK=(VKb?DKXIuGb{o+?pwvAh2swME+~jX}|N&o#y>9zRunP&Xk*EZ!zLkSN{*Qg4d4
zS(?4#ZIKpZxS58VVYt~b+=3nrx7ak8NlZg#i*AiA{8QojLokC9Zj&}It?klo@Y;yi
z2D~;0uN^(&wOc$hDfYep+|sT)P{Cp8(49z27uIz->pIc1Sq%qGi@_1yMW0Z?-O`b$
z;KM*V0wk18a2yY#XOX&trbXh2J_4jo@qZ~&IU9PUr(g{>3d7-o*yZ`nycVi@rPoB*
z!|6T1?{V;Z(PM<Yu^;@iUe~Mp;KNZl>gBp$`pwFtTzM2Lk2)*+(c{W~>y4SjxF-7b
zG3nFC1z`T^JRu$Wq#Nuh?88Zv{V6$)Lnih5w4BgqV0{2~1{^zQ(6bph9W<>?j_3hq
zAc|u;h?RrkHNi3MLr;z1n)IDG3n!j~-REHUtQ_NUJEotPzHo*Nj)gPasV~5jbHF?2
zc=7^z)|2Ohru8I;L;4)UkEX(V5vI?>^m&-Bmlt8YoW?Ks#xq^xFTwal7{BNke+fNn
z{6f&Q#yO%fS+Cc*vOc!`-|})8xgLx^RjRhczq?&M6}=>vcxzqe$D|&@t#z5(2Lu_K
z(^t?#st)yq(e0bUrFF%dp+@Yau*lHp>~ywV$<<foYFLG{W?^+ozbr57YuM>)PM)vJ
zb^VI8>Klk-7;y}TLp4D~-$2&}@=DOOfpA0*b3bu=W+P=IZpn-ye<R4>sI(Sr!{r&$
zV>0Gd>bQ)XO2t->>M@uc3n$LdIC`wqacjj);#PHz>zhd11Qtw4b~x*%Upsg>iHDQn
zEdL3dnS%W(*l&e>l+GkmJjoQ7MkmJbz8cljGR-8<@MBWXB84-4l4s}iE%f{(&w5F|
z<;`%DJnJR-R<52Cyhr>bzbdcl+eq?lC&{nLYx)k1y^cK8&BNJwC*;@Bvq`=aG;R1C
z(en)dsSdq>m=?U4ZX&Ak*iZj^hk5TrB;s9=QNht75r}YE1a=~hohW)tZPa3$NyI)D
z)r$%>a97Eq(!ZtP<voSf_ms07kI}b|VrI~>a9$tl2*`I)1t87KC|C0QdY4?dm-`>T
zXBg8*>Nk|hX4EFJ6y0AlW!e<~)6FV3_V`B|_=<_{l%1wVcIt9anhKXp?LvW7pul$d
zWU3NHQ0b7VY^fZj!zkq{2|ANtP&ra%PY(!Gwe0qY)gF+gazr+x!GCluz-q5Z$Umjw
zkkpKVX4U$~E<b3_OpyqguKx)f**nAPw)6bY#6T@ic`XZY_ja(TkUWiGz~aExaD#6r
zsgh^#s0i`lQYe=_2jYLSMU_P9qz2V8>}Z*b`{<%ak!UABXu`!hf5iXfj5_P0VO5Fw
zb^sh~M1y~s>)$&Lc`CN=ake?h^-}Mh<OXRlyHwADs7L1N!--3>0X?4N1{h>Q%p}HL
z-=LobgFGP5>PDR6gIIXbS=fl4J;4WpX6&8E+9Qw8I^?lQns{4Rfy)_3n&?Oq@R}UF
zX7uPtb8O$|I<Hx`Ai*GPxO5ps)gd`#7PoS7D;Bppiw~j4#fM^VeJ&g1kOqI__ax9f
zpK>;INQXgaCqg?AKmmi-6MIDHuz4_(n1}KX@IAv(!_t=EsBO|>IBKVKGQPSl=`sd7
zX`mAZIvoRD=+QuzHNZ*np?tM9vrBh-6cs#>5g(Bw-oAm>892lD0Ou0K9`p#;W8nf)
zxVfW8_kyGLNiP^(NcUqQ_*@X^QS|J-^#x4}!V%riputg(NpFJ39S710Af0fKj-zLh
zjs;DN#1VZ0NS33Xl#?qtYRxG*WkNj3=_i4I(!oE49z#4u%=q6GtCDr6Ko>)xi)Xyo
z{{RUii}nncpTY7o&hi2DxO~96WF|4Vi2*$*r}bF@n9mWPlU`6lCt@%`c^(J+1vyKi
z+M>_NbNWSCKMy<S9Xl_gXVY*lXj+>b(dU^464eV>dBGv7r_ozRR9}J<7h(4z?7k#}
zyjTYHB{>bEdLfCZUWO+_z#DQrxs0Cm<WkVIp5$;y4>9~`D!eN&eHEs!!gLE*;2^KL
zLC`!qc^Od!>C@L?{JLZO8hY0F%R$o`=ZMB+OH`{L=jAYReZe8BugEKW7u?{-q#njw
z;0Cu32r@heLU@CzI!vNE>~W|OZ-&dEhCL27lB-7rZx)|JjUfV@tKiGPxOD5A@ZTeU
z3IEIGrcC$&j0a5{07vwMzmJ9@=KC)n!w9EjOr~b^bT}&0<a=a;GBXV}I2$e_3A{y&
zIn*2pq~p-5$jfac6C^J{?AEWzoV+TxZ3?D<IyWQTa=XlbG7T2^nwcPXcnEIO=xuIr
zj-jY@*W=T@Ad60A&tsck$2QMPx8>6dvcLnC1M-Ih6}vmSV<S&a#74hB&liY%G@@C^
ziwgdNlO<8-yL@~XnGfRV^%$Ul?`6RGZWc7g;pbgt2=t;d4Eml&0<r)1O=D6oDQxh4
zfSDRtQgiwZ#Rq;FEGe%J@X(v*R>G3<O5qKatG}+~>saGg!<%YZIUE_$Zz+lDx5-oA
zq5JQ+JQa`8w^faaLB}S>>tmf?81E9{T@_B020DoLJtZ*wo|@6`E9~U^$}5l$6k76u
zn%3V?@(sl*`KFR@(xCnjeiCU}rNrQy{)jd{g1<qMqx!d%eAuoerZC{w2kd;PW+du7
zn%3V^g1Kgrd`q!x(1C{^F^0`+jl1u9oswQ1hZ(^?+`K5Z4_CsXH+|8YvEF-MeXQhT
z#Wz;l10@gOB2ho~qWGA;qM3O6U<&#yt_R8{(Vt2Ojz3WP+X^T2ca(fv=})*V-yz6%
zTo61)-);+L1|5s&^|6kKWFt9%#Mg&MKmMP;TD#>7N~~)$A|=s`NK-U3Qh>jC{O<6!
zm0IJ!C{)$)6PuJPw*Ks4Y5dbo>Ul?L&Br%U@s-vRbf~n(r?x3iYV8a)A`NM!*0sn$
zVRguvL}!;tt)3s$S`CzuQIU#dt(8#47RpQ_)atZWuC-b#nieGW7YB@ML690QXlF+S
zJ!}P$%7Ugv;>b#^l}P2tov*c)LA%lwfL*S&ei|}j>!%@KZ8a_$we{hfo$4Ot*3J;_
z_f&Fgr7O2?*#m>V+**}VZZ-La-fHq)L*HxQ6~1o-<cWGKBdxUonn}!e{i^g<uC;nA
zn(=oEm7&YjT1$|IY$O<3t5-!;5L=BaX~kB;)y0qJDeVcZJ7OLGup$2QH7Ym$Uxh*W
zQg&te@_EidIS9<y(YYNPx%i-sqmjWjGL9rgHYjo`vR;vc#hW6BBx~GDE6LJAi?y&^
zl8yhUP!&0vtjRstx<PECJ8j5)o0EHrvP5jRh-T8NMOiMjqAZ#gql<=Ch_V>hhp`iB
zL|GzPQ8s~egh&ZdHWTbU{<Az)O&!(*l~#u(UT^#lzor}^)}$CptXZ2@iRIdU8%%m7
z7PIs+C6*6dCAMr8N-RxTB^FI<bAVy5PKl+>WF;0SF_jX_so>w~lvsLVmDq$QPf}uu
zw^E6%Os&Ln@)ML;8n;Sp!uUm|;UccFFHvH7r%{UKoo2LHgCRo?-&`TaMiOGInT2Ig
zV;{b8-<M-M@hW}zMyFc1r=iFGaG4;BCE68a>#QOh++|jf#XPZstg*uPR(e5}u&y9m
z<_of>Vxh>IicPD?(%!hOo?nL|ixNts$THcKWSMNE$(jIV7RgQ)Wg`-ZvSt>OJ!_I}
zWLYQK&}DzPOqgX>JYlv86qd^DJT9*k!YqTg!mP2vWY4pBQVX+{%Y<2TOG247DUNVm
zDrJ^dqBg~55^wgerpyxKuCL4{d`(tn`xi;A`084r%s%>k5Us5lkunf06;+W8{N-mO
z`dQJONG963PJ7L7NEqL5cHc_5xhsC~#<>1JlQ2)cEvIU0>L*FHCH5{!sJ0$0OQ+iM
zY$aq{o-m`^ngEP$Ybcs0+#;wYE8Jd#a+~<_(h1>q0h(v64c!xB4am|xE8L>%&e*%e
zLqp+~1NIXJ#0(^a+p1*Y78m|<;TCrXgxmN}x8SFoazLcgZQ<cQdbmH~q2GjuMz=K{
z`j4f~dgwjybY2sY9r$wH)*N&Qw`QY^CW{*-S-7R$23s&@5)XRgs)SpvwZg6Ot}*t(
zWAn>D#ao|^LcBF>6ui%PlUBVYVsrdfky<X_dcjb?HOpIB*sTaAS-<7-L-D^XQpp0Y
zPhP3u8jQ3GE-^Z6LeeU@0jH&c>v38rxL%NyaE*mddYMYXrG+kQfs+CW*HBu}MyuhP
zJp>IjfQBC;>|_y_fISv4Ad#ySak<utxM*6C)FLj%@ymQ#5tm3-#7!V2iMW{%aSf-1
zZfl}StJ@OqRQ#`t!D$1{)-VK!wq|Ww(UxlmY%u9XTg<|b`i^MJ2Oy1sXbVpJrJ^lO
zS<x0vYx66JwzQcn+Tv14CE9Z8Wo*C@YG5dw_)2-%D7Ey&ina+)o+R25Z>4C9D=w92
z%gNVZJdJ2e<5sjy7{AUVunN(ZuL7#Jd<huY)?mmmXjZar8^JI6RCb}(nOUS+!-i%V
z<<_BDu5^ppdWCdb-C_Ronw4%bN33*f!1<#1a_RP=_O#n2J>3cIcBxa%8}0VKr`@)D
zWbqbAcCvU&m!2%%8ZYhvc5Vrx79?8x<h~Ve(Um*&GNpLClY)RF-qN5e-hz9_PL68t
zn|<u{QSX0L{eKl&RPSAAYv~kPZuWhT7IM3Njn+gZOA5J4A<{;~5oyg_ZaY+3@4HMO
z(>hxZxzxz^$M^#c1Al8ZIxQv&CK{dASYmcpsnb3TgxVztwb-@yl~)bEP<!7BwJZrw
zsbx{DP-^My6O`I8WLc}!8V6Y(AF3sz)Y?b)6G|<fK&fREUqz|KJ&;DJ_1;THsx|kp
qufO76N+H$K`~zigMt>?<##fYTi4#b*CQ8PXTB<GiqjjP_$^2iNru-@Z

diff --git a/src/wasm/Hacl_Bignum256.wasm b/src/wasm/Hacl_Bignum256.wasm
index 24cf040619ff738d3363a3ea5d31270ff81a4ad1..b28b276b9798c53b558f6b13fb71d5309e76a94b 100644
GIT binary patch
delta 4451
zcmd5<Sx;Qa6~5JdyIEzxZWgokIjn}J!C)3+7W=lL0fWISo3Sy5whc6x&D&_)Z5wb#
zqeM~Cim#N1iIix@6KRN)j1r_sqa<?jm`Ee#Imttkr%0nniR37nBwyWo`}W0}9}vrM
z>r~aL@6>lr)mJ?KruU~GsyWKs=88}hMf~~s)2B-Fw{o^sPdpa?@i$((ydOVBS8Zb4
zT_cVs-gW=gRa~B^_msO7O6;f=F0M+%JXJ2GBJn%5TvX!sQSa@INJObhWP3_Qb)wF5
z%vEzNv8z(%?Ak_T{@%(OmV4r9OnmOCRBuI;y2K}*3N;#0>Jx7~ei29%dHux=1%q?*
z(b>@Aoz?p*Ep6?y(XH8)xy@xIn7HWmi^jydw@5T4-uL=_$1@h@w&rFx7vG7v-I;%R
zxr1;&{mlC>J@bdp5W341^Trb&|0Y&JZgNp}Zf-FtBq*EI+#|)BLK&LEX`D`Jl>X^Y
zKKORcTW(EoavyXnc+0I_QL<hou@b-d;8}pOa`Q}>EOO@>^V0$2<uvkAnw<X+$uwfi
z-Vfx7uqZTQ$^lM+>4!)Wpl`qPq}Wo$(fuEFi`Sm~?|%ng>8@B|+!YJP-LYK!c=Z<{
z@wFqy0y5M?xxQje<s8aMtm`HE@jj8Icb*l)UM-yu(_#JQ1yQ5_8XY~Pa6b9C0J96-
zXQ)t9hSf8ga!gUE0G3$R(xXe1Z#U}{r2}JfgbVfNu<#vnaS{16RTEJ;SO0pS7>@h6
z#L>s4R06t7DK9r4ym1+j%19kbB9&>sR93m1<adqz<e_r86tI}^&%gIxNNh6`hm?z&
z5?15n;|i+4l6iCpixzscFTVWQKc8e3W1x~MDMz6HP;OB%mJ~}|rmv5QqMSVP8u%V;
zwu-83YFewQI%I6CN^YwP(N#HksD>p;sJ8ZQPBQjhP|Y<q=`|+lwNz`btbf@rMsyk!
zg=zJmK0pD3`ql<&FaZM+FaW@S1F!*>1Z=PX%}EB}i3ScLWsMZ%ChX!kJdZm(n_yWf
zYqXpC+JNAbE^elvoh5F8_X&8PaCo=Cvb>w^rvC2%LHeI2gz9dkR(*Cz)Yi69n;Cv9
z=5s5SX>}~q21|zD_VTLWj5cluR0nmWNLd&ZBQx!MiZEhT4R>Kj-Od1es2ln1p;Jg1
z)o?F$@o6k{24JX9yGT#NvSRMFoBH06pg0Om!)#4UvkR>qmRQo%Xc9IA*t2vNNFnN!
z_0q|G2+KuURC75e_5(YN)xr+!epnWEpWU=_7S>cy6E>1|_p25h0P-LW0=b3;fL$oD
zhmzQCC-ymD4+DGHfqf2^g*{|9^-m@Rd*v2cGm!QF4vWL_5gIWL*m>i-#-li3=dA-q
zqkHf17)-H5^+TFMqeJUzjK+*9pvpXkaHrAby%#$k8q4AfbRi@(bq{yWlWo387hmxu
zYNtyMUN6&SzCv|;6`{9`BldAe>{nq~v0t&97H@Kd$7S$GYBa?Ik|vy0F-a3(Y?A77
z^Rwg)H$_u+UA0crv{{x@a*-*ZPB~DgVac+bwvfz822E$C`5LNa1|Bn{YU*mTV9<FT
zo!7P0T@~aTbOSNeAqLdTbxHPhlkCsVi_G{;bXilEd6s4k&TksuHJ$^ZH<O&tf%981
zlbp{PoZm909N>J;<os3^&(pkv^95RX#Sw5Gad3W{Zu6ZEy2f`w%p$^GbnN~vEQ|9y
zcGF@)j=Y=^`9)xRiI$AbUBmWJk~4C9GsgAlsgu{I{`su%HNW{TG^oH8I|}U)aS?Oj
zM}7ma)wnn2Mmx*V7XM%RbWVTwlBkTAP>ESDB@iedmpK&+Vgw$_lZxdBoqmU6spMal
zd`jISN?B{n$Rb&ZHbja|^^&qw3c`08+QQXXZ@xNJRw0F|o<Pm2lO=M<ZtiYFW2}+n
z7wb^Xt`uTxUh<n7sFs<lHVQN7V~7&A1FeKABCS3?M#s>Rhy9_5OQ}+><(Dpg!zC_5
z<vK)Kk4Wne1X?Epg`61zjWv@^1R6+=B)>AAfEB1Q&oSQ`sF$eqK+51u%AicVjIxFP
zbWCI%5Nt@MebQ@#6f`r}fFy7OLTu1dnh=B~PkK;)6c$_%<VKROJ^3(dG&Q=3n(W2&
z-786rZh=OhpcCfv==TF+q)Fj+YU2(ZsFMIW=>X|~WgVz?yQ#l{<n_C_liE_!b_(8I
z@a}SWpMqt1ciK&mCDR~BxJ#zth^f2X)NSf+5A~Sa?v_)!v1YepO(>?Z?H>J)gAm>x
z?gj8^I-T0--^L-ly&NKpBo**1_SfeOx1ahzRzHQL@HTRo&hh{j8U)&)18o47wS%zT
z)Y~Ra;T^*4A&2nx!a5+l=KwoQ!$3Mmnyf*MM-Y~ahTan1^S~a(YNHP9^RO)J5xZ%z
zH);s)s9D8dwcr?#p<qC6gv@F3IA{<tYw7{vg`)9gU|)7%UxH;}U$mPRwj5zhPL{IX
z6&9IZxpN*e0y6dZ3SBWSj;qFZjmL3iTuq**acIK?OlU)k)Z=kO8zzh?2ee__)P{*H
zo}@{KHcU}3Pg64#O*IwG5&SiIp_iF&`f1rVnpX7E#9c4zt{i(Xg)b*5g@)4YLHwrZ
zMk0gCBDbLakfmN@z#&5m@Qr{pNR#c`%(rQt7SLzj8rz{b&F@lks$+-m&~4MCJMt7n
zBx@0aHE&8}%|}5S-*r~(BHcwc7pd8L6hOo5nr~gEW%JA|$?Yv6uq6i}%dq5Cv21Z*
zPBKu>EOQiFS%JsO+mC`(bgnw~*T(ng9%5)l45;N*8T+c4apO_2Vm=DiXw69cy767(
z4P<panfMJPeiLRg@f$|sH;pL=62D<4elv@=Xv>lK`$+r)it<Aw{t*IvWbd;|p@%T7
zvVCATtxd}jeq<;9F?=6usl-1<NPGMa-KTdFj|$4-F`4){5-$fFiGM0U*E0d{XLudj
zxsUR5+zIql$nI47<GU1f^z87qAWSsp(6*2@00Ttgw|$}@4*Kk@NYj6NLmVx}N!}5J
z|C0GAxW`#ukuEFdi=|n<SoZN^`MJ>h=Y?<odvoF=A<Fddyy$S3aHhU~SXAzRu^?PR
z|8PN6*?l_tejxn%z=F83|M!UK%ogSQfeoSK?{NL~12L&@JrsF*!$UDB%J%O+6d!p-
b>3(TU{3=ZZ^*`*2|A;2}Dbe4&5bysF18$^%

delta 24023
zcmds92b@*K)qitY;K33BcVU;ModZabz7$#dTa=CniVBF-McTq5Nb~JJ+ESz_UKGXN
zf>DVYjK&&k>?X!o5;fLDV~vR=_V0hD+&6F8{eG4&{`7N4-kmvT&YW}Z%z5+9{O|qs
zRaxuLtkW<yb6Kg1#bWCD^=sG0dhBYrp;lI^V%POeZ@lTMpw7OvXlx%&uhl->RO|0S
zvsU4mS$XwV%sh4Z{L+$G>u_gQ8%5!bS?v{v&t<hzZNg8oTD5LlFmmSXMbnGtpR)M0
z(!xG{r<X37GrjE8lG#g2%VO=?i;Qqg?MA_29dSuvdF^_teYm-HH`O70p>~_BStYTK
zxHzm;r<PUZ%vwBs`I70gRxdAEHhot3b?w$I7nQ_1H?6|8X!-QgnadW&x`b2fv>w;B
zD!F8-A$O}P-4dpk&78fkWKOJmy*V?N&z!z&{+g0nwd&uob`v~t;K4ed?m4jdlAY~;
z_OA!wn(jeGJf$jBxaiVJVT+FO@DCTS>Yj-6&!_<(QXJ!kwT9Bq60tE^Lld!%u^1hK
znp&8MFIqqik3d~&;aUG|+BwFJz}hI0HOjHpLJfSKVli$^4Ny^wq|S$i>)y=|zkV<~
zl|wnjF_DtPxrrDzfq*6n6$uCuS=2=L5gASCP*b;J@+eoD^C?e0no-lXYX25$T>Lfu
zYq+6;n%b*$lQ1N?Afim8#?n+l1(r3*%_CyE8@HeqmVsM-<6&BbmmRLHENV@ysU<bX
zP@9rsY-=aO3|_O|;e@iB!_sCL_Et_;sX|_yS~Iz^3YnPlWe^s}#)-KNQ6iRTv<Tjp
zTS0C7T9VtkuBx58$~lY<GeQnCLJs5h5v>DtFtiSa)`2@ZTH{XC$<R6(TBq=`@da|D
zb2?LJL+NZNow<wamFh}e4Xvx8b>(i<u8Pv_Gn5wlGCAVZ(c_3GsV)8v_nKmrXz1cM
zlv6id4bPpBQ>z_!cls3epdQprhUj7R>A^jzyWf*~`n4n%x~{61yUOWJy^WCGMo4e&
z6VduoUqkC_XnpyJh}Mt#8CpL>>&HbAtv~fQwEl+Hp9eTvY9I|Xw1I{;kOxt(Dr)!1
zP+Kg_<cQM|9tWIQh`%DQ2~I4e0e(X{4boL{V%=UmnDS_FxO6qC!Qqn=n#rxtA3{TD
zu-_+fcMR)vaQI4Dvsxg9mzL($9ZEwuL5Yx;>iJT;n2JTv#QapTwg<ss7!~u8bYwOk
zMY(j8FHkJ8p+YTi5odT5Ef%=AGr|Onku*XA#wZ#tD=59pX?QgOW1&Qh(H_Yx!qILK
z@)(b18!LD$jkVW2?i&pwqa5vSX3=;WPvd9|hB5(Typv%DuUT&$Fw$li_M@GyQq=)t
zJRjr6Dx5$QXry>>f|)oIcp@F+dzU8qwIm<wx~k*cRn8=uWQ0sILMHL?5$yyz!O%`H
zv=jKmh&Guf8`@+;o6J)p+EkiqXj2VsDxc(NscAIL(54yMG(MS*tD^St8ET7#nH+IC
z(c{2uKNf#eye7={W9cNnp`1?ERUI;p<LOSH9y4eLjglc|7=32&Oq%ZZq?vv#8LsQ4
z=ee5gMC8n&IYz`BBVrDhM6|gy*U;t~+FU**qRpduhBnX8=JEW9wtyBG+5$sczzZEM
zwTKoO+9E?+#HBR5iqa(+N{fA&9C13u<A4ii;cvdz1Q*Vtg?>XhmFlVv7_)gXjiALk
zU@VRT#u8dWi~T+(U@X=F10)?V%4i8MrKM58IF(KnK?oS9YI_hcmeHxaoR(+vX$Tmn
z`2xif8!&<>V61Qf15I{^vC;&LRkTt9#%fw2E658NE9}ZjH?>tdV634u$t=P(ZV~e7
z9?dpZaFUYtn#;e@FcL5-+|4XXQHsjxbPQzzM#{-BgV(IL4j5H+t#G<ZZyhjFyf)<i
zI-Vb~P7%r~@!>jU=FU3B>lLk4zK>~rMl~7ohUW5ppf);5d6kM#w4_QasZ#N#h`w17
zil%S2^v#O5MD(qSP&9q3rEgVyMnvDH2u0JkS^74`+Z{c%LlKIm@38b8igzm7c#tuh
zGK~@At1`uDi_e7But7;V!*9icK+|^J)WB`Y%4w$xcTLF8+Nk(Ur`-`}DMDE-L!D){
zJ4^8{MQ3IRq+J=+WVmaZ@pI@T<?U94q9yINl6EUTC!(LL2u0J+we)ip?}_N=DMHco
z^DO;5#pg%#y^2sYeXphOReXV?r!G{4qUje}`h|)w!q2XQj5#OM7%{#oQ=InrOz`vB
zO3L|uEBuV63v`p`=ZmzT>xYUjR<x2XRyy=t941P2IBtH4B9x0WB$?=Qak#FuAWMkh
zC8hcGFBL|<OwncGJ*C>;@yivVh)4vX%Z;6gLRUyLU#aLymCaWvgrci5#EXeG7S)Pk
z(a)6&MrgCaXdn7Y7`j@~J|!2wQ1o*pOEevR(4g0Ds^Nxoqh7^)jd0tA?SA%L;~J8D
zZ3fx$Rq%C+u5(Phzvcm}jHkAQsjV$!xhJkygo3WuimoO+p}}b`%2h-)H?FU$gs6@O
zss2l+RZ^QLKXtBGe1n^F{clu+a<vlo-e@P?jf#Jz=!OjU)2}kBNj~62sGHnX{;w6G
z7-7G*!hWsz=7`}IMJR^h7Rzvp;@>!iCbud=F$}j_hFilK+q94JZ&!q3sJC0{?TYVk
z-BWieLNN??T829n-=*lLgABSk(;#s`Ri-%o#%ID3I-sQ7=C@)Aq3I53`dRerv7GKQ
zq3R~Zzjf;MzgrQ?FSN7ow(8xj_#Q>S&5%g<WK@%UuM?r}b65HID?%~C?zh73SNuT4
z@H<5)hT(UX;dhE3j2IqLgkl&TvJ4L?emG)yL=lQ%c*HV1qWDqAka|oJieY%nGCZdE
zaYgqXWYYtgHi^HhGR5gZp9%iHS4nx;Z-u|n^r$rX{(fBhJNrJxPsqZjCrr$GB8pkR
zSA_CJhA0!Wp3pH%h&pEdK^XZ-MNdXC>yL_1MC8Q$-hVWPB4#}$&HN`te?rW9T4L7I
z8REr8<Y^Xgld$I{IjKYzKckSkc}983pFpZM`|~WqnN)2gd(K9(KP!4pN3y>tdbVmL
zd)6)Rs)6izVfF*rGz5_6T}zT*$e_E3!Y?X%(J}E~zxjaSjc1ua_Oc=r^n4*5$k5;v
zH-XI6+_1i?I*?_m4$WV3N~HtY%ZgudQ?dW6ictQn*Ve0cD!!`tHASyv+!J~&qnhN`
zoe1?eca{HlMJPtt->tB}D}EzlcvBIIVR+Lrys7vfj-kn0ick#0TbALiaQX-n$lg(e
zVyN#}>N|?xb=_0%DMB#}?^%ZT6u+<NZwDFlMy5eB>8dit=^s857S`)Z%G-V`78aV`
zl_q~-y>9~9-xUATsn`DlMJRvK&i=rv_krSnDf(xIMEX}oHOc>WBGiZOD*q!zC`Q;v
zR@g_1KaLnaQG{X`KCuj+DE?2x@Tnpc!|<tP_*C&{5yR(-Pz=N8mf>^7UpR);mx@pf
z!<UxfOT}L)`tTr|KF+jB{9TnPPXF<l;O~DcDWCbR@Hd*ikS5>XUztGmq2jM)-P6}5
zkbNBmvb6!Be4Qc61hTJnAQPevWb1^H*9Wvdq@`x_wILuB5jiox?}otr1l%aiTp3Vh
zkj<L{1hP#5)QY~&#72or3lP8%%5q!l9oFW68X(i$NN>kzb0AzuUN7KA!qX{63fb(e
zMokJ5F{+1fS(oEfm*Rb6vFy*DSi3gX%cRr;q|{G{XQk>^)JxT>2v=QF5hUVaw<n5w
zppT^08~Wjr8&QCkC|{n9ij9{hU;gs4>ht9yW^t4<NB;f4molG$yt>;v{&!O5iDcU!
zBwdbi3YorjsvO;rCda?krpTqey7V~OYe<dbo>rS0M~@#(S{%B3my|fVAsvo?t4)PV
zdv$4WX|FB?F74H&ztR39O?~6me*4rnI(_@pw_Wl-?bJ7J<PVbe#yH<4<&ADgcjMn`
zQ{B>DU78#1jSot3hrciH)KF*Ky~H*+e>6#L=<?kX+L*maXp1wdOJ+-Zb%|_guP%u#
z?bRi)(f%V%UdxjI*2!yG^4~gnZI}E{J9&*8`GX{`@7dPwdnBzphWBo3TVtvkvhz0A
zkfs(I^3x~>r>H>-*KVxS_~7I;C_mD~G&K8ONoffWVJKeNT|+`zXf-9Hg;rA{T4*&T
zp+WnJB%tA+@0@@}-|v%vw(;cuSpvG#kRLSljG6X*($46Plr#RVIo&M8TWU%*gIHsl
zx$B|TB$v_Q$C_A%YTqZRjP6J%<KLQ-$wI6#ku1a-lgJ>3@9(H{Xf^3$kbW|$V~IB3
zHFYe}=KH6PXL4>zau<oLMJ|6#4bzE?A0mG|%VjhEtNCNZp&v4Hj9J+4yJn5U@w@bf
zr{+wttc@D8#324J8DdPE{2DXFvUYx?*<q;meKN!7j;t{LtvMqs#7}C<1`DyqOt27Z
z%mRb>lgR)}Jo>H~V2MZn7a3qgq$mT7{3|u|Gr&m4F5rgYOwMVNh*P%wHLAy3kkjR@
z0c{P!dw$n`@EHM}p|j61v;Y|m5)!?*OarLFf;#fN;KVV$B$pj4gy*Kt2zVR#dAs!7
z4ro9W5(BB)1o4gl>Ed*CXFxjwIf9~{L3H-C!(Dof`m~(S6n1xpwo`Ykpfh#LROEP*
zd{!od6Un;*+T}X(*}^0OJ^2}OT{q!Lau`T%VA$?}P|)`*>1zN1Xow^Ub49x9WcY%^
zW6E*|9c)18G)o_)?GE^y0EY-|gHc&2d?sSUvr=?UpuuJ`<<1QV1w7uVfH`zHCw#fA
zptdFo;;jB2;pFoII!~WE$ecSrAQVW$sl$@<qf>{y(##hGbOBBsE)3|x4C#DP)$#b^
zfN;y@erm8gU968Bq9&8sql<Ja?m6b+_CO|LZ#@yW1$ri45|ErsWK%73G7-lds>5}u
z4%L;Di5<Vk$wc3vq9INtPEoZEOn-2=3O{*CBh&{}i^ES(JcYG@Nw4wa6~N(3&7Mu<
zMOglP%9mr880B*_3|)ZPTi{{&V>p;7h_L+4DbLicm=@FwYXRu`7V^<bgXOnGQ2YvN
z?k1~4!&jI&)jFa~GobnkYHeAQOc60Hi5bXv^MnAm`NqSvjgWTjs2#N-ie_#*C&Nrz
z0r^+2x19dAN}FNW+d5sPnhck$Xf2qT!uHgjT8b;%8+=`R?m&n6Gn6{`wPYHCuK>9>
zPaWhOPKO&IhZ`Y>bLWWGg}NA87enj9T_ajI>Sk!&46R!l8lNN3c&%6(8t?k01T3y;
zg{EI2_rl`<nQC{=P+Kg_<cL#Oj|0bx9r2fey{|+=2K>I9dg(42liP`VJADfKP#<a~
zL-aBF^x?kL+mjxnzJ4v42H~rIPDoA>6&WE#Mo1C&k7xsEfT0aAv;jOYq79-!hBnC1
z2JzsCCV+UY*bqY-!b2S`1q{5QB@8XW#dshfQ|<m4YKw)L9B~@xalna3;4cG#Ux|jH
z9#5>Cigi_^a{KWxYC*#^G;Uag$_4bEhWUL=lpLl}xgcp&?oo6k52xV~Dt83ny%01p
zKW~J#2XO)DdqD3;Wdl^-j7Enu*W{)U7Se|oW1`3qA>YQD;4qHHN^m$@1LOTgHl~K)
zFrLyBv);zL^~T4fX+xu!!T`g&;4twU4-*06i;e@t9O!wBWxm#qb27~60_d+^Zyg+}
zDtoL`R=Op_7m_A898bs7IJxV`n<;WUpForR8$&1fwPYG@uO_>BmNSK>7$H-PkSRRX
z(HfsbCmGsFhIUf;L7{ny=VUtBP);_KlhY9RoEbF3(9#fiCov_kaINwz({C2f2Jk;q
z>8Tk?i+!0Kahm3FU{;@qzYL6hB^qXWJebw9bybIk$vnsDQ&>VJbhHdnV)QBDxirV`
zNpt;LG7Yy^^PG^J`83}MnQw&5=LHdMAuTktg@(3}7e%yEDmAoHLo4OQ5lv1Hv|>vP
zZ3&k-S_)`)LtAQSOZikl|1;HIkfF9%n8^{RMIHy7cnbb9u=bT`DD!yW#8Y)uhlY6o
z)sLlRIy5YcLIXhdw9M~gLc=m08bH#a;WS##D`-U&8dd^-3qc4CE44ic4Zzt0WWPF_
z*B~^kaiJl7$Z@(04QYga(u9U`N=j&`&=7ckiJe|UXh>0-Visr0tu|h(B4V+(aRBHY
zcz3&XSPz~mt2r&uGMO!k!@UpQsBz`!xHgR+Lz@+2l&D#zM2HUQAq@Klr%!sr3kZ3o
zL;n<QQiM`2^I($&|7=pcSz!16?E=c)uO`zFd$rZc$~!}l>_*lZR@NDcw?*{r0&6$)
z?Uue>@s5bTQvu~}=sPWarw4b>GjMmUs}FZ~{ZnUakhi9vZTp{%M|So3N)>aqWtt=A
zZ>?f;9LRsqW~_uQN=hcSzEYYDzTN|ohXy#dRq<}8UC}v;P%31obF6mfD8^aFZhx2<
zaQ5D)v1A%#ug-I_^3E45yODLim36-2y%GHa0k#|Z1(tq+;tM1CMT$_gE*Dw)MF6}<
zbOUnN^h+!qSoTXDJte4i+y634zfAGv`XPWS=IqThN6g0=O$JjO*niJvczTbLk_ob}
zl%`8Hqvz?%wWsUjVS_6aCFu%-7`q}uj9n?HdNh0TV<z@op%G(3)QB<Q?ypq*bHL6c
z=<7a>rWKJB^IPpRb|MB{EzJV0{{^70*C+&{Ym|#b>EjWg<?Zj6G(P`2FiQ{u)crb*
zYW=0fy!-L!TDM};fkl>blCKx$C|H^0eZ6Z)@(mL*=q|$WjRJFbLFrfDX21yNp14V)
z$kF+RbYMc8#_L0Oql>G#k$r6?Hu-ha<ABr41g8*Bc*>8P{x>T^*{?B{H{1Djv*KF>
zWAEQcAnN^UGL5EJx4OBSf17~Tt+3myu-g>h9x>b@5O&LOhh?}!@tqL^F!U%!ox3c<
zT^_hS|85O#Hw-?w-APE@tFhdM;a)4@Uc~@`-+GWuw`baP1QtwHrZ}Mfp5a(9zfn>$
zq4br~q~Y{F#_~QBnr>Bmzf-UO1By_7sr~(cRqp}CIQ+QZA14M-y*DgkQv|424>@7^
z4-07B3VYZJdsy)!5yPVbVYdvAT82jzKNc|nLyuzAdE7EQ4sd(KU=Ae=!|yEvaO;0?
z45=r9V0RLpv<y!w#(~5`2if#UrcL7Ss!VY}{XN6s?+2BXOhkR9H2pyseSiPaU|R8T
z!Bev8=_wPTo{A#Wp9DjXW^Vu+p`OwaN{Bi_JuQql2BBx72=%Oh%e6>=^MM;jaz%1F
z&q*`?Sy0s34CH(>z<Yi1Vj~hS3%J06^PgA9#XRqW^J7xAnMB~_^Q3AsF)!LM2B7<k
zI*h$!5$}E&d%>;ks$uM9VfMq=4CL}&b}dPMC4=sQ3BM{JcNfM0ZPyU{Z!}<pa!&vo
zj)Kmwq{A2*oG25NT+NN_YpcUpruI<&b*GmNV~@-?VeAb>D1X(<>J2*!-%$LfAng6y
z0X)55O{TH*>Mb{=^WPT8x)t`e7528`cN|00cLl(18Q!%F@2c>Fvo-uVANY9`qs;r3
z{JsZl&;LLJ+YN&cY<B~sfY?Sc4F9$g{;l{!4fn5N(L0$I$%Ml*0U1nj!2CV4v8eu`
zq-4VAE2T+8>HS6Zp$TGdDgMZ**Z*ThC@*Pme{9wJSn($UvG>M_0Z{K(lW8!$`qT-_
z|4abuR@i4&*k_7Aj~KoX__}5I!ZLiJ_{)d^_<0ng&R3S<E5%<shGym@!!WEhiDAL4
zuM47|a{^xvtcdlNV|~Cl#`yFgqdw0xN*rF5DGr>!XE_}HA0;IdPG2ca>jE(P4&M;S
z)2G>ZvH*B_tpANjXs@OKANCy%%{77^?cNABjBV6ea?rsoS#p5vD+30CeshG)-x3gt
z2n9BOOOz$Yp~;qj^?^w?PCO9Dknr}h@M5Ker3L)F#^$H=?rOVa$r+~~I60;!QHluX
zAGX0pHJos0EWbX;z)?dI#~Vp=d|}Qla2z3r5MfZs<~Sk@%5heJY`$(o-XG291{)c9
zfAH-I7F6owe~=ime+wh+kE4(s=)5;5PSM_=vREZ0<&WI|1?Xh5{=#{Y&~Y}P$}5q<
z#|M<zu(4QekgPw{-lenpxi;q?Jyn%E9`?AHjMRPuz7$76e3={yT?Riz@8h{Nkh*;%
z4;Z6LCv&!>>*yzsE;Q6Gxm*NY5zrMuxQ=!F7<^?wSLz!RL#rHHT_NM(GCdAhP=|NH
zX+=9$5uLg+;H#h}#ptS_Q3L)t#L?w&={^YIt3}+^{#jN7{zX9h0x(OvxoI2VseM5u
zgru7`@-+d0)wIwx+FPh#THxRGvlrpOOX6`H#a$cFwQ>|^?7A+X>#SYZYP+r#MR1w6
z3oNLMUDr9g9IMz>a9zOr#jb$%2aOsPz&`9213dnbbKs7LmS?H_13e$VuXdB`_O4wU
ziw6}2si2}S9`|U3{~Lsly|}p!l)_1(R_TV<v%~Fw9aBKHAg-~K)|d`ylv99vawr`d
zE`76oIP_0rq*oJa;(GONiZ5DyxPl3?(7q=rZ9`LYIzvtEjWJ9iKb>2zDd&-XM^d=|
zrO`)HfEOI$my4TNEih_Jc%-H0kQS)f>C`;Bw1R~a-t%<RR36S~JUOkY72MLAavSC1
zp%^BJBubwjQR42{VrG)hGHye)iQVo)-qX`&{}x#fI9e%=O)w{Pc`WZBk|z%jfzYP4
z6Yqa{^GD^`1(e5fIMPs|{g6g^1rUjuKrl5&T!yDFoXf)9&y4M!%ZF1Z?hGrtKqb8X
zCt5b0QL|Pa9$kigUgfaj#dtPuN31q_;nhTPM|$H-#JImJI&oLX!Z}4Gs~c)Efx1~Q
z87A$19G*Ze9Gf_`I`pKTMpO?G)dQmNI8Y?2Cu$<9XL!l8+_EPZ>Zwxbrb;1oH&dk-
z_0m(N&1+-Bm!HY2+ZUrC&F@AD?|g1-_Zau5A|3!U24WPP2}Gj|K+PK8Ke`MTzRpJl
zcx_NodVUN>=OO4k#Opj5HQRYmbZIRY3J;OHQ5UzGhtkln^>ZCM;8erdJXGjIA#kWC
zFoBxboCr()O!Wyz9vF3)oEyONICd~yhe_9A=sL{nDn}C1^+-FuVG_@m9*Oq^72_}h
z!rW{h0e6h_%^O7{F~{&CAWU28juVLyJO*Qr#VBLFQO2NVEgl_R+7X4qW5wbWCjL0|
z9G9pYo!A$nhNF!v9B`OdpB)Vq<n2C+j;5nz{vL&sh+-W5j$4#KRx`~w0eVb?G`xH#
zx@{9svw9p8U0OXRCbFQ&L@_;8oxEc)upCb)>W;VC9M!0)3_ZyWjVwlb=;JZ;2^bp3
z2+`2Tqh^Pm6kXb(g~DLwdR(9CQT?#<)Aj3!-8@dz34i;SLsLlB>liRuf0pqS#DK|i
z>mY-s;A?U!s%ioC9hE?R)Y7a9y!}U5qJtrHrzs2fZ`xR!re-tFD2nleX8$I9p>ANj
z4rm|V091_E^Q6s~PSbe?_2HQ?r*IbRndR9t6E$nkjOfzZBNUz`w-j$3s|~-+_UFtT
znhht;p+1drvn6QbEJ06HJlbF;YKe3&!FYIkPUOG2sL4c~YsWB5;+~;+nGbw74;|)F
zmiH(h8t0>Nz6Ss)VtF7!;b60m%$@n-<N4ah<uBAv&0DlEk+qO<_Mlz8NPm{$wLZ0x
z^|!7rg{v2%>Rer_UA<VdWVpK2xO#Cm<4nSHbs3fI!;5!{X{qOGJioxpis%$x4u_lu
zrSZ0%$n@o?SywNMF0C7c!l#J^c|~$Mplv$^)?s?i6YJ*5ZIH;0;{q4ldat5Y#?>pO
z`$~+r(i;z_2-?-F>==egyLuIl7y96IVKtu)MU&{5^g5o7npJd7bZLbMg_GeuujG$j
zO?4y&$AJGy&-uPUSlo3fwg63oiWd0lS9qmjAg@)#|GiPqO4X^Th3jnZy6*qi?LiaZ
zO4_DcQ7dzoT5)T9ZIi!WKn=H=-F~4B?nE1JzmP?37Rs%VT|-++*UGR*s7-C{WM<hS
zv@?4L*%Y+Ky{cp&Be)~v&F+|9IK?sQP>#JsN4E?Pi7qQQa3@D`pO8bHD&_Zw<#V5D
zLPwdL9c5B=&BGq!a9D$l3brJexOpsZJCwakuB_75)LuljksfWNM@kfBY)0%xBHAZG
z%`T#*-c86@heVf9vzw#1PvPih)ifKBG`}TaC$fOCRdJyi)3kvKdpw;bOR76{cS|Zf
z`&HR26;e;`g_Y48{sZP9TEe|hvn!)8x(rL7;~d!y_p}Q_HcW_2IvV2HPIL47$inFZ
zd3`*2eNmHW*cT><Zw!<8rXJpf2-WZis8g*2AQ(neKM~arqWXEFick|#Md3xSaZA86
z^oFUw+c5Q~Bg}>gU=2~M1KyKpqzw>h10W6WGmH!!h?+<n7=HX3<{e(57{2sOe%--P
z38)RL(g_1&KxHI&80<X~0*>?q3`5O&syMo|RtklW6f3dKI*JnMjmdCG8UaZoJW0b*
zvyzUAF0CY?@CZmU+pLi^Qnp#W0jn^!jTHJw2ps7N#AZj^Hp&VyOxo$Acr-K^Lu2&4
zlb09j+cHMPjDeUjo|v(yiHih_A@|NOiI~!{c-i4-;4>i1?RUn*PsjMCPM~8jWhT(k
zvgJAg?;0G>$71Z`Fv@Y>D955^t)CcO+7X4q$BFf_<(h<^le{h0Xw)*cT*pHNc{o!E
zZbBC1I6e_71~jS4mTNNfm;z~2JUu3(X7xBRy0m&s(Oa%5VtT4Nc~dd4U?~*PHd8S)
zLc=(0RV-`9mJ9n9o{piXdqba$njLytbZLhc3WM3LYrW+XyLpnRqqkf$Xoe1;GxcW~
z&qC;&DYp(XXcqPXvr)x9V6betX6b#vY|R4i87|p!%`*Fd+1ZR|I=y{B3GVb<8ic(|
zmf5>_nx7)y-7U>Kg6GP$zO<@K)qJhX-7`C!H0ocrH2bm3DIug=79t<8P$yQfm!U-)
zv6U&+*_Xw%82di#Oh)THkhc>7bb*(`k=UI?oA5yZN-Uu=v>CG`&9I~rx~E$<%F6;x
zm6pk@UMjxC+XbJ_trP9C%yuw=cM5t-7qAB0;L~W3-3|)GL4LPjzhV~A3bA(uR9fMA
zXeDa0h~&M3GMr(O;fAi{Rj^?-I;^g`9bALPHJ)J!yi4$Oj1I7w%<DCx^BR5sWjnaq
zYzOgXK|Kusk-%peFcP(?+)aZDOar_*Fq#GxdK#oOOU5*)Fw-EFE$E1~%9{x56lMZY
z4XbzqHsrifLCK9sMfQw>>IMNm*hzr50;Vh0cuhn{Xs%aurHH6hiS(>MMWzL?3>a;b
zssw}q_i(e)b7PBs{Bn!h$Xf*rpeKk1E65bt2JJ)^j7k48*beo0hl~OcKzg36;+-lX
zZwv&E0fh8q*`_LKmDjY9&(vTB!vxHL+(J~~{vBdPZd{MZl}Kd&rAa;;XoK9RRk%|K
z1FMB~wb&~ut6hRIa9?+WHO|3I9Uu=dcXo-Q0z!x!3KrC5{+ul*G%~tlmC?r;T*M&W
zEpOOkyizX<NCXHG@IfR5a0S$DfB|Pzu@ZG1{bbKu2QUk4dJkm1eVbCv5B&C>TUB`1
zJGtTZ_u8p~@W%HZQZ2(Z@2^({2X1_?gF4XegQ5ni<$;sG+=KMko{yC}Q8nK)K2Rs_
oIXX~{Z~0B2&aI=G-!i_Qx~Hz{vZrxl^_A)-AI<l4K2)9YKPmSj9RL6T

diff --git a/src/wasm/Hacl_Bignum256_32.wasm b/src/wasm/Hacl_Bignum256_32.wasm
index d949c8788df393d3026b6be17fa1b991bb1434cb..05db6caa2c6c0790aead3177e03e045f0525f046 100644
GIT binary patch
delta 4651
zcmd^D$xj^V74PbWtubpGaI^G#YzCU0ZWgna7tCT~ys!+$#(=TS(imtPgSW;W#xsXW
zBI{F<(Ik-)B}y*2L`XSAqb!P)LoTD-qs(zM8Ywv>(Htg`@_SX))n#k`gIHGAd-c8V
z_tx+GmHp-K-JgD~<+>K*G0o+2X}^7WaNufuoxA?}2br4p^@k<DQtVFq*#X{Gso%IO
zwXpiD`;S_&`mv|VU0$Vr;t8tHJX!9FlMsv47v6l2D-?npQ1#wyH<{u%L@qZh?t3%b
zmGuzWzp%BlvV1?b<*Eup531jJ3*6N$hSe9|plbBhdY4vQwW`Tir}lg#N}byGRciI>
zhrZIDh7%);%Nq-)SMP2<jI~EQ7dqM(R<;*ni}7_=IP>=6gT;mT>f;rUmi3pvzd-mO
zzlS8U-OsbsWq;w3CvCJwjduJ~bF2QyoaRv<MXuoY%g8K#&qn3<N6|z4e%>>s9(9i8
z<pp&YW$G?Y=L|}xjH8k8zQ4Tit+$;nm;V<p;K=QMo~A0g5>4bLe_l?IT%?hoJbA{B
z4B(`3I;By%?D&^d9Xqm*J{cO;iVfRb%7(2Wx+$BydHF}Z7bd-0(b0#KKlf!Ge%IWx
zq*~VAFSN`&l#`bq)H67ja#j9jtty(C)C!cYm#SNH{)R#-)LrmL1-iD*1)d=Yu5s^>
z?yAGfLTKKNH7bOnKA0)jsgMKY;^P$HB48H7zSv=31Wj8vwj8%b>=g&H!o`Z`0%zP@
zLIFKP*EYnIPXH+hB-G9Jd;*$<RAP%3lB_5_c054=E_DKxQ7I}~M)`RKz~XXXmXmih
znGM3<<O;%Li$mn23h@q1Cj1HQ>e@ClvF;kiU$1~yQYG;6DF=uFpZ<^k{`%j~{6Q>K
zQ56=B<)F65g8<alFv>g^JeFp7_93Bas+Mv`YN*C6aJA%LjgYDxY1TlK0@qlnnMP8i
zq8hFx84x#lsMc)ZNjhn?@T(8HRP|iGr;h8@w-$@j8}vL5Q#jewNFz0xKEvWO44+|#
z&qiqCv(fTt8i~)LMs7lPo2iLgkU}dqwmLSpK(l(%Y>O6%tZ=J<oO5#<HKn@S4x|ns
zbvTgPp;<_6wrC;A3U>ghFkL^;I6@JXyLU1YrKp)xMAjn!j5q+J&?Kj*1!5XWIGIuI
zL<C*bWwfK4x=olaf$0KFmjk97n!t2hFs6~f#JahMI{6d<EIGHms8gRa)qd(j!}{qI
zrhsaBfO>flzK7ri2g;u9L1<R?1GZ>+locM5>=T$^9XoYB-Jal1Xxf^dv5^enG(tE-
zXW;cT^~fyt@L7cDCVfM9I}Ohvj$xo-w(U61L9^mGYl~JK!@3uN3`^>XZ^And$0IZX
z$F+1Gt^?wFH0j#obUg;w<8VFha6Jaiay@E`mTOsI7;`3PQ6^=n&*rndlDGQ9^&)lb
zNkQTQU67-EQ65`7funp;+J^l!vCEgBX=~IlszV*!#!0?pSfFsGkxn$R{$R&Pm;5|Q
zle(sRAHe4}U#81^g*xeqqrz9|Dqo{|o<bJW$YNS|h3yJXLABDjW{XxDvcl8SNzz?D
zlxxO0Dzh|$+RajZUV%TTF7NF1xp*G%^W@dNo5_Zw2siNZhMu~_n)oK&#MXLjMZa&z
z-E%|Qr2h6SD>1);+jpH8Xh8~eOCDRii1cqI3$(b)OVE-9S~Lo@WLP*0v}hD)$<NEQ
zoGQ?5y3H#n(2Ao#cjyk^rR#hT1!`YKw5xh*#O^_}3Ut>NtpdpkuS)2}O}s{HMpD<2
z7G`N)(wfIwNo75mm#UxqshJRl{N!Vk?w<aC&|Q)G>HW$?DV3V{S1Ff)h{~Px2WmqN
zE0XjVLN7uN`twp~U7CTxAhMM$W;CCy@h~Wl4Js6lD?_W|48r0XfYs<3w^EZy)$5?f
zn&e#N*kXJe%w?@4pK>&7<MJ6`*(IN;g&Jvjjf_K6fWdS~1-uJ}#W)1Gj_U9tAGu-Z
z%cx4ALb4+yI}#Eo*CWmb#Mz){IKr%#FdI@~CPjo9POc=M5>40&)38GbNqcLdL7X<c
zF^SolYMt{txF7s$@U$<-;OU|!Zl)xaH=9)6LM;X#wF<*ZGA(i%S`dAUo;p6Q(1ed#
z5m?GdGWN7`o5B6<;QkKku(=<6X#$!&3P30EMxY5`!~(R*HZT<7D7e3qqTGd(+>MQ3
zO8chkf@U4$PFu7<WQDsWDsX=fc-m&jQ$XqkQm+H)6f_H|#}+LlS>awFncUw;eFpdU
zQ@@#0pRD%*u+ISq)-`hKw?IrI2`96k2N1y^4H~sJSXjz9C@_P78FaviCZ!p&U`!){
zi4Cz%1ALkQmL%RYsMA?zs^{n|2J{@A7VdB6VLHR-;d=yLMjT$wL$k6UwnfXMtni3r
zFWf(houdx!AAt4-_m3fjaT<r$G1BE&=zIYox@q(+?!SmQCV)2Kh~pwOD~=1cXvHyM
zaQ}p)e(#&`F2ON)6ONlft-2gg9o%V|zQO%qQoah;R~@deK(kz5wng>nHm6B~JSu(-
zn!iTZ<g%KQ#}-fHnwpXhAxfIw1)Wa8oZ5xvrwtaHF)W-cHf^xjjGt#|HpOD^pqX>j
z#@7*?!MTp$t_$^;|ANVyvt?BpC+Uev#<|Jc#bn=`^bXyO^ManBg}7t@+NE1Npxs41
zBy76`MDXZ<VeVkg+dy1FalocFVjJI~Wx9=bW~SRfU5-;5t%Q<qc0jjxOar<r<GdnH
zSEOud_UAxht$cJu`JQt|SLq&_wn}aC(ShVay2d^A`G|2(4XyJALW&`z*xR2Wn|QhD
z_za2ieYy{@Hh^LDHYJ2jqjT~Z5;H$TwrEQlxGj$@-a&h|lMUS2<v6rt19yxD#tjQ+
z19yxD#{K+&@QIfEPJ4(3?$QQ7LJoTfY|qiaN6;#)4(>uWMQgG}<voOHoUnat-Pcpy
z+?OOC(?fb3=O?K96Qi3?=?OjE;b-(ry7`=*3q}In6mv&64>Z*7g$B$Qnxml`{8FO?
z9cc18)zfeyP8*I_JN&Ljur!V6T}>Jb1rfbaulED#hCAMu5}%0jp+@*C<=;R9Z~$Xs
z8N+IcuT4Ifj{bD;OHEZA29936{7BP+Ds<T7Dd8-|r6uY+9Rc;^@O$dgs|B_7UhwVr
tTG`R$tNjeE^ytsuPT+qR)R>x8U#om|q(-#h(SOt<k9Okd!S}z)_#eP8sty1E

delta 12311
zcmeHNX>e7?m45xSAdrkCBsO80(>Mm3MVMV61G*q2up|%?0wF*`8$wUp)5<34vDpUW
z1#+=HPV9I~jAQ%R5Cw0E4c?PUY-h6_I}=xCe$1blswq#^RDMj&)O@GAZ{LgJ)Kqyg
z|6C>W?&;h8eW&}JUcSEm=s(53Tn(p(8u~g#C=?Qxj~_i6ns+X}{nCk5;pC@|!kXp2
z9iHX>bNKD>6zMvN+3uBuiQ(&SG>^$?P2F96{rzp7Euq{ws&IT_wz$D9OuRn1t*fm+
zG!u_9Ou76nt+_th+tSqC84bx>48nD(wrtis57qs7;-v763k_b@1Y6}>?!=^<-RqKO
zCw8=iX1jZnX1VoAv<1e^(>FFWb=0qGYwa57T)b>~{gTD?9sTv44SnsQTfX95OOJjx
zcYJe0e?xs=+u@c3G2zdn$I<1{FOyns8vUodfz;edIZlYiJ0UqvrqDP_Ssn_dKJ4<i
zgh#U7?wk_$-}4TJoecL?XWblBOHU}IbSGs~VxbedITWI>%%Ctz5<4O=WhSLky1R3}
zbkAm|x_8XaPUm-Bwt9w}mtQF|+++DQ_;>39{`c7h4et5Hlcu2_VB}md%%$`|lZAQJ
zZgX~KZZ<RA$_$hqVMe+Y?t(x>WV*X(-emXT+$l^PTSSYT5Wia_7sKf#fL!8a1RY6r
z5@|_?=k`*%)?Vh>LRFE=X)$xJprvtI5g(#u@gbQ{`3}WTU63njIptqqw#BrPe^O%_
zTqq~G;VO$~iwXiohUGTRvYJ-KX*F01z_NzcXqL5f8?7-cYZZ$o30uTM4>26GWsWV2
zIEH1NW?4^#aas=+2P{QYq**r5Iw~?O8v-l|7O~hv^ovRYMT%s3L~hh9o2WQWo4`^6
zmfPue%~DDm>2||X$}CGbgi8>@>=;Lh)1VA7D|0ez8l=K9Nmh;&u*PO(DB6hJqFF1b
zJWds0-3->Pv{kcK(iYlkSSy*ej9JT&AIWkYCDS;RrMcbN$!RLsRZfQ7M%&zD^JZ{P
zEv=?%om1N!(Jr^ay=_jY)SCy@us9>D5pKrTmE4Bx?ETepJ2-Zr!H(d>fu;Ks#{{y^
zBeI5Sw7)y4=7OxH?G9e6G^AQaHnvVK+Q~&bxFb8RnE|_Km-cp-+zs|UVBhnXGhmOx
z<qWL@ZX)@1y^1MpGqQVWH&<(*x;QmpWa}}qjnt?;ZKA!@s77`-HL*i#25@7WHq9Qs
zU({kLY;Nw;EUnZWr&h4EfMq}J*DP(ckM<juHpQYn_GduEBMHoac8>+sOkX-QOD9F*
z)Crb$uyj$EX6dF5>M|_d0Tw^qqaKT2)Z>w$NRiBs$X?CTN6|R-fu#p5{nW2n2B??%
z4a<Ogarq54?*|d7!E5q<(98P+v>mU^Bshq?AM|>3NOK*g193VGu7lt@LPs>$5FMf;
zhHHp>gk}*r_?LM<Uxj#>LL>m5kfHX5lxymxe)5ps8>YE`S~yQkaqH*hj^0wRTDTA8
zPIIpoq`DLHC(rh`2Z6PEvT?aXPEnSL!c_Om#v8XzqiH%%r^)GH%0cgQoUonsA%r-`
zCg}{Cs%-;tJx%AN%%$u3=LVV)rzvjw?8!ybX{PEs_trr8c}Et-W`xv0vq&<~jYJIe
z<st_9)>t4v-EQ)L{M4GQf#%R`2D+JUVxWIqFu8p?-7*%)PoKFSke5CYIZp%4r+Eyt
zfaU@yK0@;m+yw}39?hdX71QaIXMuA#usQCzl~bA)Vjvd=mYWbPlR3B2R2XIm7ipfw
zw1|0@(5;$hF?g1MXDKbBrG{sz<w5I+T<9Ll%dS!ZSVqgRMdDaMlkJeM@NC1HPip(d
zW*MiIK+gyIDq5v5WdW_ARf;B?3f%u*kXy{HJs)qQG`ZSIk!#SWHGwsEH7wE2-QvB`
zJfa&MbvET1xHx^>S~M-BLRaja!5NBfI6CDDxlSQKah9<QxdV$49Rs8*abFW0xsG!-
zww~5&fc3HnIlBP}8v;3-h8*2sbGBF|pl_GZI{n@RU?Uar$g7RABtDGIa@cN^j_8s8
zURgwHuT1091@QcYF7qh-qH@b(1F~5YZK1L_w#Q-G0-_44Pyt|~t+bgcR1At}D-WUR
zhoA42nkUxb_+?cdkv|8vX`*VXj8heeszJ0JYbGC-m}m!WqwR)hM}Wwm4>ewg{Gy#6
zPeNp^mlw5~XcyJQX(xzwfoM1FwnTfVmUbJWJxsKL^L7KzkB&M7tu8P>(qNfPt*4N0
z?8Sko&LeElgpJt!XfFsGLD)o1mav%`sL2pEGa*_=WF05ZP8H=ACq!%8<vwIhD;#JI
zI)IICAIMsb8$C{p_VrPkU(hStXumc|?SHL|-iq#ICuPV8MQ~J^?Y_Hfg?lnDb7{Nm
zzyYR{I%F5vy1~{N$nq{&X6mR-jxE{AQ1e1EiptS|YhhSsY<jReM!n(aRkNXw`t)q*
zll@>CK;wZivthu_hC%8@_QE#Ve}MWq`w!9q{y9X0aqN>LynoRlED+ex=&%~lembm%
z*~=G(P=|{cH#}ltZMqL><Y5}(3L|txBM$?41jsQOqL@LBjYam;`>61c{ro;AH1u&n
z$HdJspq~(QRA~I;0t6@Uk37k*>7+0uC&gG6Ke_L)EdB;?r(wBE(4B(2a7xe}hU6|L
zImINW#SM5(r#+U_KFa`S#{egL>~4Xe+${njO=Hu<^bFY9G$Fai5Z^249z}egpfiT}
zUM9YeiSOsPbic=Yzt77^5s81TrgYEbO_-_Td{$5gc8REp9Gw*$O{7yqMtP2m=YvNF
zC1zxd4&PRhC?=17Son0(qW3T0$T1~6G9@NP5(EDw;dx=e=676H>JAs*m5k(vOjM`$
zwOdl%)g=|PGG!K=%Enks3QUD8SY|3@yI+*#&PSces53b*Tw!~N!5JnKh8e4=?xL#y
z^$e4MjQ>BLVGM-7zJJ{_i~;f!{Og`!43MA0f8#SuPf6B3?Av3HF$w<<$C#dy>|Aq<
z$<#*}-v5_zZX(bTIoU-G_fHjx$(b}UBO}NC*E!PVoO)u(3b(%`bNmXKk8E2>E4^%6
z$_E>D3|YzR>PlqO%0R}gg2fc8Fs+$IS7MgJRX7TT<ZV>&bq_oM*$|d%slY!z6=ED6
zxPViSJ>{@vl76jyH16;l>99Mo0=X`Tv>yADp!JlWk%?;~Sp?7`O0<V{+#z(y4Sbal
zmBo~V?bfU?B~(JiP#rzE7TD;7it(2iLmxNMCgA1ML?C7*Isf)wFa5`GY7SoDrT{M{
zreVCZa{!1a6v3e^p4FvPYR9>ZAm4ciOWEgA_*3fmoh*aJ<6LGsrYos&E|cYyFE>-U
z+=9`mK*Nea!!5AP=-^Cb9t{YavVuW4CDO|&87bj}k^qC726f0pZY-^&O6}QJuD=xo
zTOHrCN?7b!r2*BI7<7E43|>4i)YrOr0Mt^xc*wwUYrCvLw06RW9RVL|_}W09p1n(i
zc3dK0lz9cLMeW*aR=`>>n!6xFYrPe4H?M%PJ-A#@ao8j4(6}Cr>jP&1UM%YE830!a
z+BS<Q?i4T#vXL72rwJ!3oa9DuxEi7+>@<9+YF3+Q9W~oM)IbK#04)~Qo&ol0<W}0p
z$op}fppf}yVLy=hLZQtdw~a;im&k|*>>mNzHE;*DGjL~&ZxYz&4j|)30k;Y5<`SXK
z+$(UB8lU|&v)e=VxBaL_?x83n_foe8#^nL^0vNXm)Ms4ovo0ss^9-ry*zuy-kKykR
z#4Z7rnTZ3m8-^M9LCtl52AS(14QQ?d;NlAeoW|&o;W}iw&^jXfIaPC2*bd`lpF*{I
zM?cKnL~cZ6E!W@~lD3_yc!s3#g@m0RLo}ol<_J%ZBXIagAT@_z@$}%M8zbsUjF>Pa
zhuw<Xr;ZyzX2&Sztpxc;`3R;VV+<JsWGn!Q_s~tiJj!Pp2G!LVwEU=$II4xDI?>@Y
z2WL+T0N~8#&)E}vm;<yzK}~BIJY}ODBUXeZ&UD8B<c;;640;!X-W3GJ*$uV<MH6cn
zP-UYXK(od>@bi?w!Oy+Fbk3U7eC*RbKE)7t1#~?6E~5%;?)7P}*Irfj^19Q4&uJ+V
zC%`kpi_IFG>+UhYXB6-m2F9Zgj4H4hSRE00IK8S29J@zI93Sr%5@$zd@J0cr#$!U_
z6c`+ua{?zpEcf`mPhe-ED*0_bT1uCFJJ00jgXFGY+l(1%TEmRld6CS+ab67?azH-7
z5Dy4voZYGJ7HnhjNU=)fLFL**g77B@*1dxFo_mG-JJp9US}5V`H+h)-`woMDC+Oe9
zf^Fm9479eEaZuT4sD=u|^A*tFRo*-z2!DdA2sZr5QvN&|@COTr@6Y$xpU2pr$AbQR
zPq1zLL1SyMJE;hrDnLW_Cq<15hKvn&;pR!P#|1r((|wnGLO(?1lLDLj6P|vcC&i$A
zN^pUQ(8wkygpy4?*x*s9>e*wfLwMER-<yP2sq*`RzK=FeB9@f)9{B@7KM?Y1?i@Xh
zo|wp#MdSrR7leF9(6Ia=ckx;7;<Ldn{!p-Ox`>L_Fe9#Pv_q$|@~~NR7Cv`v7CtWs
zC4%rfoROKz3sziE+@BUN2zmjWoa=Gs!fUvJM}JzN3T&PhFL?9KtIES!`ht)zqQ1Py
zEiVd641AG7@g*+41OS_-aPvok@CT>h7V;6VvASN;xs%8UQLIP+>%dRD92GRGg7stl
z5S5oX2tT&Lx{P4GB)Gr})@2<m6smf`U|rV1dI`aLS<uU9;|1##L9d8<`KpT6tA4a1
z@-;!P3HcL2FADinj@IkktJj0W^i#pMi56;F!$eEjXvbrgiy?SJ5dL@wUgY3l7F<-L
za8boG1v|kNL05#g7p%D|=&Fg-73RTfxPV7LQm6u(BX!k_lvkBm%dZOgCb;BVg5DJJ
zZSKcA4DwD8<ZZ#W=?7|B!}LShXvc`W6_x^0pB7W`y&xpV%Lz1|CLp6yKaKx&jl1G2
zH13{nH11!$r#I5nKfryXan(%vM&n|>o2lvWvfyA?vebtw$gJ2p+%T)veVtqn30f2s
zz7Vxoe>Ql+w-_ryaX|PcQgJ)41K1=>$Qn_o-6SgERR*j|>~2&dnAPoi6!l4{Rr8@c
zWv{pBJ0U7<hbS&H4WW*`$G#qxt=jZ{fkWkeyepY{-mm|njJJ$3&VdC5(7c<`6)0|K
zYpkRN_-4KZ1^B-iczan-w=+~Rw<zWoF?Li!92*U5KkdQI3U*ToS>~E(AK_-D_s09>
z8kNRPt$qFa<^@D>L_#G8*2Og89xX{^)n7$b-ugZVU*&bAsyK>O2u79TFYVi4@xs2%
zePyRC+$O6b^tV&B#K(78gSybd_8MddEVF)Zw~ug@$AI6+8Xf~)yT@01Lf^e%%R$_?
z<3odW$jaZ{+-5gO@Xg(l>|vD$hxWMl)zUIziJT$psZQ=iUmH-lK2UitEaOoFd%>1g
zcC5-9QM)mq?82~2dNolU3>;Bm%Vwp@TL|A97^Efe#lio!%IjpSRpt93u9a;dAdWfm
z5o+U~b_iyu@ev4J{k^<{+NeW`!+p5Y<xe|IWFP~oywk#3Ro<nMyQzzjqY%srxf{q)
z$j%<>q8@|XGZxuj)O$T(6d9NMG;lxlG4MbPidiA|19<?*gVaZZ26=ESvaiYyc*wpg
zKd6xp(LqL5pV@gZ@QH#yw?o+;G+)^FnUC%~7|G`Q3>KMo<lYcsHx!6n0xT1|VQPk9
zdNHE8Vl={BM{x?#y@-JfUm1p2s*d0QYdUfa$2~LpfQZN;&e)kMb`Yuf#6^u-n;%!V
z?TuWg(aY+Ib+k*1^Amzj_-9>wyEti1P*B6jz!L)A<I&G*RDsQTebPHYc~u!b>7;-J
zW~n{_(l-MV7TVUEFl$aJVXAV|Q@Fs#qmPd&uo?f9hwoKo{PI%*A3rDr0Sj>p1&a~B
zhn-~UYNsBAEo?KNP}3S1S`Lx2(T)+J*`Zk>sjXVQk3sKeP<-C-L7{138&EW{h5=PJ
z+5uE+cBtF4TC+pqo&yw9pH<^}meKL(qboJ6`hCvpw^x<DyzZQUI)-0R!LA>$^GXIQ
zV5nvU%w=Fa`oO3Hn+No~2kcd4;MjQq)kohJ@<IOB9|h=P3@~JDaA=@$Q6dPx4=T;R
z3wjpPS$>y&dxXg!36ev<!Zu@un$|F5_K4Q(kElUo&HgAuJQ~#OQ2Ma1(d<yRaP2Xc
zwD1Mi14^?$Amrn!4`H+zquHTSQy^dg{$$WUXj|CEzZqz4E#siF(NGN)hUY7wpHki^
zRSR!+vHXQU*kj=j#I0>~jb>-13xNxNE(HC742Es|L1SyMJFMAN0UEMDDQa9WWNawS
z{*0h!ur72-2xESTLi^$@0`;s{90=q=7QiTg47^jYXn$7gK$NPAK^^$4)`8DK2SOe{
zk4ByjghWQhK=<CEq-~0pw#zOC`vTDh+w=uhtzm{%*=PvwvpDpg4EFyQP%U~PgF*Kr
z(Fc`_kK?1FkJmCKbfIT^S?OLD&P=6mUt&TQt;ibH+TJHb<STFv$`wP-!qq!=aSvV-
z>!5O>Z265IDgF%qvgpIxKv^&ATL@iUi+-Y3Rv2*SRUMIlOwU@#7Y@i%$ll--dR-7o
zSp5Rr+&CzuYcJxIs@1E-8>&BVu+w<-CpD_T=1G0Uo77%aPKNR;Lb4Qwm_<v-&oMU+
zZ*lQk0I;I~Ki?LFKlX|p!=Vrr(6hHx&tm?a!<**L;T@%Xk!<hkhp2pybLd@f2<bf}
z+xvnGY_h$llMSV+Vldg>)5-QelI>@LeuhR~vi%(4ED`eWS>DTE@WlBg`~S<}fc!$R
zZITT&tznW)*=Xk_+XsyBfpGj}gMr?DC<t^PBH2FTWcx@b+ph$k=vPR#Ukm!RO19q!
z`VAAx->PI&tpmySJ0AUyndIYOvY`W?AlcC7cY@#e$@W_$+tpxMul!WdCteACs*(*&
z;N-_T*|f(WC}So9_<KS4Qvn1LVu&^9P1WE{)o;Er`ApDf{(k(qpwHnb?@OPl&V0rm
z<I&GFRDsQz_PLj7URBPt&7TYT2PTvMAm|T5{*lA;1*3csMERp&+k^)-tzp8WY_wxY
zK6WPq6IUjqbL*ZLV%q4Z_0I|SllpA;!G;_$)xFg4j>vHb8xM-9qn8?P6r+=xXQYUn
k(Y%fr{_g?zg=meK=8o&Bag%#8N25Kh34r*0|DRL-2mJTUC;$Ke

diff --git a/src/wasm/Hacl_Bignum32.wasm b/src/wasm/Hacl_Bignum32.wasm
index fa107b622cacbea76c88e7bad3eaafe849ef3f52..c2102b8189b2a5ab8d663a53be33e8f1e9a552e4 100644
GIT binary patch
delta 589
zcmZXRy>HWC5XRs0$Lj>-=A(6!_#<)Bq)AgewB1k<l!XFnB?d-#Ww%xo)lSsf5lW>>
zZCRiL5Z(X4zyL@dsbD~=5Ca1e5)<l#3V#7Z2MlGw9iQJlr@MRZ*@N$$46y?r2qExw
ze|MK$8fET{e&t7R(xaVY`u<Uj3eg%^9DWdFb;<MlLAcWIg`K|dZVj2!WA<N$FZe1n
zaKx)}*k^w1V1tEuGKTN?MabYOe+9C5S-1*0+!mG~kB7ny7)L?82@|*~8U<ytP%NpM
zZj>u#wKi36OgCFI?OEIxn~IWKw%0s%z1!&x{DpZI3>-3vZ^gphf^x1B4__z6M2A1{
zNGZXB%`KuP*q>e<+q41(-lA0~qemO~ik4`%*A0n@uc-l5{6saV;ZNG+rkZ%0R`8mb
z;z%7AB@3TOHNkPoG(MH;_*v4OShV#2*NkI}Q*wr(8!*o$Gl?s_kok77LD~uKZl3Yk
z^tv6|Ea+~#JY4wpC7MeqlC<|Qeip|?!^|DfOk#q`nORfL%IZJCo3bfp$D)_T6&^Ct
zsYU@b<c*#9HG9SpKCUo)Ue?bP<fDViNeXgN&|2nV`(b;Pi|rS!9-de^Jh1M=MD)Wt
M=3zYgICqr(4T=n{kpKVy

delta 2427
zcmZve%TH8S9LLX@H%@T|W!?;Y4=^wwD5By6K`ttSi1>cPI5;CPPXSHSMj2z$Xq%>~
zo|TI>>8h()&7$ir+N6uNCfzk{;->u*x@y|~&b@aYQWg{L@5ecx&+j~bbLY?H&)@g3
z<VKz|#`sUqo<3!JUV0W@-fnsM{H^2J3yS@fJRh`#2d0zva*4^+<-((UVy;+txLnMq
z*FQ)s738;8A^o-?zEhsDjd73s$aaEz<##rXx5&?|Aqo3lzDv&AXZUXU+8zzG`uu@l
zC>&{vws$~uc6G;kdgFcl@<)5`U~5Z*=fH4c<IxiH`QFVXQ>jG0m|}h@9D%;TmKpg+
zITqZK+gMv?A(?dSwnU<G(dn0;I$V~v4tngcu&DgT5##OhcSltI<_J0Nucy-tGUSX{
zL`)xj&gtcya>3chyX14{An%sHI)!a1&0_S>&3oj(&UX2av(1)Ev$z~{1>${MN=~mO
z^2v=X>u*XWA0`tUs~@JVe8(?;R35v0PVv_(+UKBUGg#uAwuX<Lp4G=A_q%sjUVAQZ
zd8;!hC%o>_R<vqtgfX-VpT>mWIsre}jBP?=amrfYg<rGfG8E)QK#zD%B}7opxphV<
zgpk1qi7+uD#E5`twn7cVH5(%OG~$Rh1dZ4vMG;o%c0|>m4z!gKC~u;@{1_eO#{!4~
zU#l9!fQIr5{n<qFj8-zr6QYLAXePPSAa|itk-H%bau<=ii5x>GVkSAZm2AnF>lQs#
zFr`dzuK|vuH_l2-^r6Qf$BEoW<bL#`-z4{MC0lFcJykNLO!9z19>jnuc`x=D;6VcK
zCGb8BV4n%zXMjtzGZBqvM1(fqC7R$u6YbV}+|J!@{Tyf^Vu(&<sNrNehN|n^k01r6
zf7tLJz_9Wk#D2qnfcyu^e+a`kWcm-){WLuzhPLzTM>~QMahNU-gTJ=WBh}bEzN7Fd
z<1rjA;~3eFl5G^Dx<eet5sd0uAC9Z5;8#MwE|h`b&YXf(moSEAF-|U)0n3ULwD1!e
zo2_2yaf*0WtsP^vM=~p_`j4Q&|KCQvwh1tyL6gaFL^aRsBqoiEuc>(&iL?gMBt^<H
zX~K;`+rcNr$yzg=!YPA!N}Q&#Qv{uQx0#x$d8TU3bOx#u>hUyA8nJnvGdQib^(@Ym
zF<pLwv*jmZ7PI=cYJ5$c!whEiojr|nBXpTz@~N}TlbNe3>Z$WJOYJ=84bcV6m2sX#
z7f5sw7i*$Rn8!s^bV+Tt>8bbGW%88twbXN0s-k-DT{T44aJh^tB)UeT>$qMM-N02`
zH$^uZMD@12SzS;)b<6aWw0bMvHbi%Dvy59Lx<jG`EYw7cxQzu<w5UW=>QYW^cf#u1
zkhW7K=r|J%UD%97b(imgQ&9afOX4I&<{2&-h1|p4GLlrtJt`!HRIQLSmXI<FNvlF=
zW=15oD@4Bx_cexztXQT2D^$=*LqSW;Vin6IUoq=i(@I$0Kyy8@E;3j(LS&R}McG!i
zv#A~wS!BH~dNI&7gi6S_zP2kl<cw>cRjreyDzXi&lcPwrPR?u{W6*YnoXFF4r*~5U
zg;$<-)t03qiUzx&*ac!28rVgO6uW4$jX~S7i{b$l+zcxoAn$dDDd6-*%){<&ruAUQ
zJCodBeoSv)i)FLY(K2l1J1du39h`^dP2Ur%N4TpEF2@63(XX1ffkpYZzisP(<QM)#
tWjy$ai+d|SVA?{MU0vrbgh|E<^yBAEtRR1mwN&PN-dOpr3i`iq`VW&Q0>l6S

diff --git a/src/wasm/Hacl_Bignum4096.wasm b/src/wasm/Hacl_Bignum4096.wasm
index c1ced14d7f5db133e6216d1f7adca5a9616d2979..6cc1bf4766d7a96e35ddd952b55a0d888b899622 100644
GIT binary patch
delta 4679
zcmdT|`)?K35#GHo<43U#wy)ow0l)3*7k**<+KX*42J<%925f^3e#c-E9tyrD#wd~c
z3pr}ls#H~^st{FHTDe8BL@L^(sZgRSv`LWqQ&JQuQPrYUs@kfm+HZFEUhk#+14Y<-
zX3xwwGvArBGw`dwx_|o}ccL~jKcj1!rvLes#YL^=R^m5r-H&y9LJPOvO8e>0p16E>
z7xBJGecxTESF3m3PhDAgYSEkL)|l~3SAX%uxwaHwnW8p&H|bjyd-L>sW#D&#8u8}n
zg(~DNaTS%=+Og^bZ>+00U|S@se|ck7nJ?dSdQ2--<-S5S@5>dTTwU~$E8tf@@%dd^
zg?h_JdZqfvm*J|)RgZlB?4h}lGgD)uT6OH`$i<PN`H8DzZg<@6*On0PYHm!<{?$)k
zj?q)x<f24MNQ%uQjdV&NPg08d`r78z9eqD9(*3JnUn|pd{F#PE8w`zo978^esn@jl
ze+nZm*FwVT8=)TEZ(0kG-vV-(P^l)=@SSmwp1Jz)#}B=!zxfu-Hn<l2A=g46<X%X^
zk5836crC?5aFLrfCZ%Q?4>V4sL}k2Fq&|DF&#Ut$+N93EU8MSd+0#lIr&0>1iI(5p
zPJTn{@w6LSv8GWPBz?-*Fg;1Bk!6XdHDFJ6*spjktuvicU~TBrqRAP8lnEpx8bQi{
zWFw_VmNt^?a3+vaLMfaTg_TWNATpbhlhT03IY7-JPj@)J9Jre0T$1M;=aH9kB?RCy
z;ZNSmt3iE<nK-B&G_)>Hh*Ee9Z2@F5Z3Jk#*LeExdw;tYpNWmFv^5Dk8^KvdCLr}m
z&XJ(h@FP!BGWpC9ypmi#q3Yf#sx6>`pvgtPWRQ>G@*OD`KoaH(>@+PULG%}JVdR7g
z?Gq}ZBJ+g2e`rwoYsv0nE>Q>HPTx>!Eb3fFWpZFO<y3BYEEA7q@L1;XSPn@%mfIdh
zNe#c3R$I;i(zt>GTq*Ha!LG_-R|&~JoQlX&y?Kv!xwx7FFbSV+jhJtP`8J1n4J6yV
zI<mAwkR9HJq&LSHiyOF>YSp*bifZeq&dQ@!_G<xH>j12SBze@?AeNFa7gxvi5<&wt
z2w6pq)M()}2u=fV8XP!{kOZeueer7!HS%_<=Oz+>a6UUgNpn<&E!2!6XrU$?Hx+U#
z?cg@?*bZ#mibz4XL9&x>jV$eWWrv~6u^dOS6o)IGpsT7iPYCY}02xM1q=xGu>636V
z9S$mppmx$ugb}3eQj6QU15vxkm^NHdnw=6^7XZ5)k#$0{BkPDPt;k|bnY)C_&~p)Y
z!S`<34c~>d3*OVkdw1BoJIebW@!kXPJr3`CAlcr#BTJhX*<mP~yr|-}Z}=p2HYA+a
zKim}BOM3x1%lpjd9QWcv?~@aRJ@u}<%KIVelT_MmK<+;8S)l!<3iz|MU{1YLD>rX=
zX@5K)paVhO@T}Yn>erU|ARWBJhp3(oK`TP`VLHr5sDzIi4{9~;LpFVmY>q;*vpEu3
z+S$ks_ep6N8=4oq9g8ZY<8%xx9;cF|w0QFq+)w@HS7U$%teWi?fPQ%FcX%9tBsDu=
zd$E*+q1FK&1a~K3aDqIBXEt0yczF^pPa5kV#sHt9Q*d7b_b8x~U`-|8PYZd(aBj-*
z(1~gMp5h@IGASQ6pL09{K8M4UkAU*i5W|#@n3SJ3RiY>#u_!+s&u8e2gYr=ty~AUm
ze9WS})9Mgs=`5e4K_16jo<Qgm4g$s@*_5A)ENwDmhbM##e}E@x(#&uWIigHYNGY9=
zJ^5hQl-M8ac#5|R&bo;4Z+s6;GtIS-fo7?P^aU4w<XNVYANY0s|G0f_R)g<u4P{Z5
zRbE+~jjomx)lbnX!C7v&pXP!4JV!tEP~Mb~FPD&LU7BOYp_5$~W(#Gjx1woMHcn@m
z(fYW+-9AVKFb|hzP^0{7Xto96lG+$qE-#@8+B@MVfT(a;rVCpy{IoXIci+nmq%b-q
zl0g4Pr^dmja4{9*MKZENt!L9#0mzeb$dhsiNqk&_@Jf+xX>@cY5?$$fbm1kUD+}+0
zpAtlw9i6F%7{dDYMyYr$jVibVRk`N--x&g(-255@C}15|xzu(!A}lx7yG#I*d<_Ed
zEm>Jg_64XQnKEU{tFUK?N~$#5Vii?cpp^nz3D8OhXcZ&@tx|>e*j>fdGH0j{?_I4X
zjq9n78{}R#!m80>)d0!9m-UgQ8h@XgTxhIyFbVgsCNbXu^BoTJCP=pV_Q+Cw{yv#=
zK{GX*b3qHWSb;Y~nVW&p?7%>8HUn?5*|3y^jkp$W6|Zg7X0nQ2ZQ-;DP8)FA95^Bg
z0qr)9rDWDhI~&x>K@zlZK0854M^uKL)B)x@DJVli1$WU--X-pL!_jVsqg{~fq`M+Z
z+o|j@l=*o>LN|cA9YaDZr05}G4}$8U9)z)n45@pA_abT+bw4{K?32iP0odz^Y#$^$
zvb~X|6<LfabFazAa}oE$H+n04SD*nKatRHzS6erFNRVdBhvEIO!}}pfw)caPrOk`%
zFqBPR%ppNi=WYo{hJ+(@1dy|Q)O^lyAHGaS<v3waedt)nAfjW{$dJ%ycC2HjN>s<{
zvpUwXcs@?Y9UZG5r$0c|=(GsiY_*QC2hn75?YIY|;h6t4vf~!f>_3}j%Cj1BV)#2~
zcHk8><$gM~%tOHt4J`-tml<uBhHs$jju>rbvptPb1x>WoG(ZfIIb{@}W1vwwX#};J
z&(awh#Y-#yB><mUW~yF)a|50BtR>Pp`Gkyt9QDx$X&!qhNHwRIIv$Uz@Ch2n@lH^6
zczQv%HE-4wO<6Z<Qu3WdM3WANrXb19nzBi;l;r3dr+6AE%)nsg+395#FJ~RoOC7&J
zFTi~@+-Imi{UR%bUKAc&W~{+wj^@lVIB!1Z_yW%Oe7FoQfXjJ^;WD^jmchKK5>*Bl
ztTLF7=ZkdFQ3fxf3|^vXz9eOE*<IC6mmOJNf@GJ$OOd6WvFz|=WV|^S>0Uu*SB&*C
zxPp*Y_$s|fSJmffIiUqP?huY!Hk`-3sKffY4)g1}^Ten56`ew~sLT8HLk}&}wByYU
zUeXDQmJTiHa_|svkMMi_lcUPlVtwM8ugDo?)bS0S@K>mx2Kl(yGqO7)yVAqF)iPGC
zPCmM?t3Q66vfA|fySkpMo_yTk&gM9E{mpcB;AXsP|Kx|N=JBxV_%#37_d2OBJ{ekl
z{c%Tvp11n=$q(?q8S2uP$5ruH$?CH&ck8*UC12h3={c*vd-^a&uTZ!D{vW+c-Tudq
F{tE%T4#5Bb

delta 12737
zcmeHNd3@EywZHSrN<tw>b_kq9fCynr2nh-64g0<+i-1YQ2xNg^P^u)kfg}is2>w(+
zK~N~5fZCVVF4~sb*Tq^}E$?-;RlB?{wzaf&v9H$mJu~zB-QNxE=i~c)-k+~by>sTA
z`JQEF&ONy^-#i-k;veGrhH9D{RVWlvKil2j9x6KA_rT$c$sfP?u9JAK9RtJNvvI@S
zSK{7ratFI_#%K4sv*z~gn;UCG<h~J~@9;49&4gi2Xoy>wFj(cg3lau9LkB=G-EB`u
zc7_$moa^kIs;1j(H*9Te3Jo8DVNUVs0{4xCvFduaZ{l#bPvX${hT70bw=FR*{+8NM
zAv&Z+xhE5IoY8~aQ;AvmRZTS;>T7Qejmer@v!S7?a`VP5cQlraD=)38-B#6D(_9}K
z>%N;v>En9cTC=^Ts(JI>wQ+GNkNmU)?sQ+Dl((e2dDSNiRA%>xNTJHh%ngSqIUM3d
zPNGCgDh-8FFT4uZOP#j9?)s5cz2YKHn-fuOiQU`U7bth$v26GLCsQZ)r~Z|pvQUWn
zb2_GH#7(D+@a53F`03%$^%z#v7X!%+bt6KdHqO+PYLEfWa<2~5Adzg!HXzxY1CU&R
z<c8CHj8Hh9a`ha5@Bqp(w1pW+IWn9_1Lb274airQ_EKi$2l!v#jy4)#d(j~gXyL&=
zXFX-gP#X=lqAg55Gdhi#*b4BF53MHO4UaNj4yB<qgb1qkv`EB;dKgCehqPN8AF$3$
z&i5?W?6OcY4dr2a1;Q%qNbJJyl2IwLWW~d2IOT}}!zJj+G@J_vvf;Fbu+r;91wpEX
zulHO~BfMV!ku=hPj5Hu4xzOYF8%3iGZ<OJUa*M|1it7GjXpG^EF`O|x)|=IT9E~%)
zafUaJi#%SWn2HUr*zk&ZJdNmKbYYCq;$N&pGK~&MB)8D@_%}8%6zal2QE;G@#%t33
zN@f4J5nSTgQ#^qt&>&GU!Pql_OQ|F{lS+eB3zvCQ)kLq?znsbqNVx$i=L(-Ui6$A|
zB*UA;lYQP4nqqiU3~vfg^?B21n&C||ylFh$<3++0HoUOmg}IU@_At95#%%F0Rw9`u
z2P6>0GW?qw7(x)s2xmXKn_8(-lM=+Fi9CY_(hT?QapcTM@JuV2Ni%6ia1v4o4smcO
zIp4uxy*)b+cV8>ZN}5G8c{a^<cU9>PmN19rfOEAuJ2FQ*iEJ{L=I}h4m&)@ghvo;B
zh<i4-s5+aYc!8f@>Tn!%qFQJ&%pzJS8D=ppkV6*D3$);$WSDwMF-rn0b556d=aiQQ
zcy_Rjm(eoY=j9(tjc8fng)wpi-9XD}DO8yZbAyLrlz$kz0Vu*P0qe}<6`tjqEqUVx
zzVTmVn3c4W7D;qhnw_?iR}o~RdxBO4sTN-CxuDi~z5X}RO$Ov919B6u^?B=Po#CxB
zymh?Z=iN*<8{W-^cQaS{ylSd8ylTU%<{FO|xrJ^qyju+K7T!Q>dYHX7#%%F0Rw9|!
z2PAMjR^wk)U<k)!HPr+MT4{qOb&grXw|e#z*HSGl78SL|o?5<*ZVk?)+k#XJZ}g_B
zO<u46X4-5(HXD%5T<7!ZsowDF4X>UXd|o3p8eXH}HS!jpx0SXU-d4lg%1s_GvW>PG
z-ZsPA#<$a^9%k3Ym@OX0N+eT5KmtMBh<{rGLkQwVY6=dt((RhmIc5_#(?V+2Ii@+9
zW46<FY7R~^IVLz1n`0oZbIcvIo$sVO{T#D{c7P)}W`}kXIp(9ZgYTldQu%J=n7e~Y
z#66p196!hG^l}V_Y>sI$Ii{6bB*(PTPB~_Q9JA9NzvxiD+A60%LQ$4EsS)p_a=QvJ
z?PweCQnX81ig!cgL#Pr>9WIA+<ZC?AsR#{I+ZE=TT!R4%WUTm*s3P1Fu+mKK@a!|m
zNU}|*;x1+Kjr&H$bz(>P9z|%a65~C}Y`8s&?@=U@foyY64B5haJx|m=ua~u75t_!@
zZ?X0(zSrYt98iR&`3EfjfO3l_4-iYT4k|*^+=G^TQ1SiV?5snI&@}&$<sVXf*yBeY
zP=u!W4_N*Kid{wfu5sqxSZBofo<hlVUr-1~Xs?oXe{dA12t$YUP^wq@wUX;zt<Q<y
zr}#n7xblY-p|y#ohpcfADSlYdgE4sYa17bPM?3^|)azv(Q-r3mj#;c@iXZX$k19gb
z{6{VSQN_o7{s~2Bnt#IbPbhxO=bu!Bruio=|D@tm9zXK9A~el^-0~k+{Dh*T*SPaY
ztUKa<PoZQw9uz{Lk0@!61xFER44u+Lfj~bYf$nuw@o7aZblT-+jytXVe3f)Y5!z|D
zrlJ4f(?Pu0ETv^0Z_ZBrn8@>4MQ4?ls*=trLObnVos|<gXWT`$IxnOAq@pKPDnF%=
zvYra!>p$mg&WiJM)&=DyEsWWubrEwVU0qUiQAy`%MHeI`1T)tKbCx50JA%1O63R0o
z?dLUf@}KbrTKL%*wx7N}uIS^Q5dYi1R@g&dJQQ~O+u#$5&@lViXa>W8XS}h+qde6?
zYrQd%v=!4ezI1zLMzh!_6n_%2cE1<Sl)O>#oFcSKN;cPXc0WF+_*05RERe!J6+^c0
zr#)BHXS`naXBD9tu+Lhs&nkZ27kEJtnh|)x3cR5BbH2dm6`>h{&s%}dEB=Bna9I(W
z5x8sxE-U_`ClGm25t<Qr(F(k%_)CgDbB#~W$ND5O=qZ#;p9>1%fPGp?`$BLO2Mj}B
zl%d}KAF-|UB{^USPrsQ1b*#Uv2<>Sd>n~f=zO48wivB$YjlL2?w(wUy@6^}4UiM3h
z&<xm17VIU(U-t!GR)l5*UbX@+EB=Nr@QNZdBk+n9ct!CyeSvQ&LNfy2vI5^y{HiAq
zc})?T5qQlCyr%fuioSM@PhXGqNn+hoD4D(y6hf@Os-%50IEq+f=v5gC#`@b5>y)o4
zz9OlBuIOxbC6LYjLlN2)oz1QU0b{e7mXU1spCZrSQS_Z?Hv6t3v@4R$O1^9SMK=4M
zjPmyteIMEE2a?Tx5X9HnEH|v`IM*#&)jtxx9O56Uxassmg>LjWCZWyGRQx(posc%m
z{m5pyA1nHi&T?-kdc9|sd)+(hJ(Jv<A{<R}w;*4%(VN~#3%?b^_tFagMA1(?A^z$A
zM&Zx={qb`}Xqfy~G|6GWv)v>)kMcAJt@XwNNiOJ%cI9WDmC+>kbH)FKC2)JsGfD0j
ziqL+n58f~AKK+H_Un&x@K$81q4B5iJ@?25B_IlZGD?&41Z(Fdp75~N;_^l!|Bk)@*
z@LR>d^99~fgk}WZu>$WX{=F}7RS}vIxM~HiD*l5f5c#7bG$ZgwEAU6f?<)HBH9q|&
z)+af5J%y6#cR?W>yk9A4zYmV$;9=+wG88;`@9J{x*NXq-Sy%CAMQCs6aR1p__h-d_
zQS_%6K>AAz*}{MIAk=$aFZ*wb&<xn$EZE-^|F<vjcSUGM;O|!8?~32|1^%H3%?SL%
z3j9Oy2cAGqyF+M3pxrTLe7nQD9RIJ%-43A{iQQIWx5FI{y?2dM{~ha;#Ji_ZGQA%Z
zLcIT~q<s(^MZ7Vz%R#(968KW-aNI9eW~aWVxYI#8piW2r&W!7H{KBoG%OSK*ndwhN
zszFf{GZvfp^bGlPGj)$l=X)Hw$MNd8<h>4|K^Ok&EZu7&fYi57hIzk3`<+z2*FoyL
zH%6;CFL|sE84t-XJ)*0%0}dT<_&$gF!Yaz}tGR>G5t|6_cPM=X%DO`iLHv-@Lial@
zeAuDG4nH7c>^g*w>vZvhw%5uJIfN!-4?Be6hn-G7qPcZPFnH9VqfU6*rM-MifPm7)
zk2sYPdc^6fR4x3dgC0GKNyi;JZX{0#|Cm#$TDu5+)e2)eIxAHNKjskZKJ19A>GYWX
z%z(#k(^DDCwTE6BKj~0!J|#aQ^5YKj|KkYN0`HpQlq0mNm#+YVq))(ofz~wUNfgs`
zOrFq4ryV-&xauKYVN5;a&>6irA&dfzPm3aSqlzE`TC|*TEVd`ASLlqxAA_M3qK`Rg
zAK|lrqbHnJJ_is!FL38YvH!i*o1b*(oC9fLn04zwu+BMMK#2}@@>32$)Qr$mI#3|6
zH}KyOCvh?*QL;N}Rj*#*cEuMQx&Utv8OJU<bkRC?K|6LqEI~Kw7(_seV;4QgJW+A1
z&qaqXIbodZryY9QaZk1tOnt_oXDsT|8ue*GMK_8H5zvDAjECxp3MxkVS&0XHb?8}#
zE;(tvaw$Y8K^=-uOYgq2YiGR5>0YwurG$*Pj<>gmlAX3ZTxFF<;@Z;i|K9HC1N)N1
z<G$1v{ua33Ke8yn;p^x+_nqqpy443#-Maf0km!hmj&$nhY3N6N($aHfKV?t`_CP^N
zCcgajcEJv;w|8MtUoy=_7-iaZH$v{!gXt-moFyjU9!yLq$)OyBlPx&e2ugM!COM!a
zB665zZyF)N3Fk1J#|>F74-~udFf%VOb08?Y#|QXbiy|D(bKg3YIcpGZ-!6x|b2C_w
z2uKt_8Vt%J4f4AdNjOYmPb8N)25Sg0mSzZLrDfp4k@JC?Px1a{&WEZkJe1_KiHA`F
z4YgaE<<e@{rM+_G3#gznv@9H&9Up<Ca*HGNS|5OBC4}F3|G7W4rsje%f<~l)(+8`R
zoeN0p^nADGL`H&QTwduo7gC{#^GGpyB&-=3@Uak-#JSM=WrTE`3wab}@n{;wV<b9b
zF%vgQel{5c%0_3j-?b>h!L8TTgV|}LC{Z?0C_ylA{iXL%5fvGm#);rKAdd?m7l9I+
ziY%HD5}Q<!yXg2%>|}>asnpxMCAgn4aHRrQ3OL+M`G%H(61Xx8XM_YUzl<lsEWPI^
z(gbhMPoQGE=W%<b?X92+qo7<AltV#zKtTm4QBYwO7$H#*SHY9qeuuJ?C(F*qot9pa
zsWjD~O%b#yK${Xkn+i(Mrdl*3BxvEOJdHv;ou+YEqFITVm4TUIP<BOxVY(JYNUqd7
ze+Es%Y;Wh!6r@=|niW8r3CbeP@VgdCI6MoREGtefrFNbuD8Pl3acH*iW&><?0BjB@
zacGWP;d06xo+}!0StXGzo=@}5)Oj*>9;VI<Oq~x(rp~vzMaWG%l^L0jE3CP^kOa%~
zWD(-BIL5anv>1nD2`$7)q+;AgE#hUOd^yxC52#rN%DTJM?^>0@VF+_CPN80uQW^^N
zR&LXYgh+^20B1!w$v@h2LE)0^a!7t@6vO!j*mNV^2rF<+B}a4tuY}PKt!N12ckzJa
zDlu#|09OYLTLsD*w$krf!xDvsOC@ZK$Uj9~1Ko1Jq;Rji2HLYk`&v&se&7mdUnknv
zLp!c^{DZR&l-0i0?^^A`VF>H6xPLwPkwkGF*K{z)9e(P%2yUo=xrM9rXA@T=(N#%I
z06^6!jA}rtI+~32rs{dy;@hZ3i}<&cm`>HW3++sxnpDQkRiz5YU)qDhr~|iF8_w~q
zG#9rn0WWZyg!`jOyfJ*aB*dHG&ZdAn8$nrjZu7g=9pUgMZ0huaPy*t%Ic6W#;ets~
z9ZgEhNY&qkxK+}5p@ACA?yZ;k^-x$JP}l%Uc5j1KVuU0@(;K)EvD<<PTPQvpzs1`^
z7~G1%t>NhR#WZfBCaA}4xon`V66URX)#GJqQ#~GvY-zxM>lqhQI_9_Q&n8?ECE(7;
z#=IFZ-wx7?d9#lBb}bSU^JWwC?WueR-4Td6u7}R?4#a$iiTNzE#Xm|P#kEi)-;Gh;
z3FCJLLU1=I8}qyTt__E9c&B)hHH};F^RW2X2rscww}_Wp>^E5}wd%atMr|hAtunI}
zs#*i8+CWLP+bp~h68QOTxImi3?TR9}7ZNjfD@@*vzl8j~zDurp0IMM&=@S-B)4bd5
zcP68kR9+GJT6150I6Y_AX%t+UPTOD<S_*H6<o%F*mbvdgoTZZfzw|N%T%N4i|7Gcg
zv+B-2HYCD$u%t^w<{_wv@?&Z-lv!A;p<XRE49h+&P>aRWFgcX^&<v+2)r9&hfri_o
zqsy-XQ<tIOq9NE5U5qM<3*)BOQX!^$=eIIMBU@3Z6?&(xkKgU;kb26H-Y0-)RF~AZ
zR?hp3G79A+6v{Rpor_{@G~7WIh<XpFB$wr_krakmk{X842!R?VGluC5A(k?VHd|uF
z*g010)P<HP>*IG}XOYM8K1HI)+G%RDsJvyMNULL1al!9Nck78HRHAs;q|fho8gEvr
zSoT6O)}lBZJ%Qsv$@v`*W#Wbr5;sc5a|tTZ2~@(Ra(c@!vn(*P6qG%=6a225_W-BM
zNi7K$pc84LB<=zfcE*&6V#-7SP7DB+gA!B9-S>`j3Z5)U^@jYby_igs&D2RUbrPmd
z3QV00N~TV>UKk<qB4sj9k-`<#pI^A*C6mFLDp*s2g=a>7PMQWvu%=loBP3Y)c=Ciu
z=)x7%qgS|2p$c2LhAFJSpem`-C<u#!FcgFX3MxT~f=a8v2#JEYN}iz$*O}t_ESjZV
zN4;mzObrOMV9_`ml%UPFXtq!UT6i|kA^S*47H~dh&JWlz50qWNxqjE82#4qE!gT@7
z!ECRzS|~`1fV3!pv=Ed<THtprl5lvDE?gJWVqLf{p(Vzl#ll+*u*Cr|l#kk>C2rM8
zPFccBMI&A>>Bugp<!0(KnYs*9@z<Kabjv|WES6i{Mo1zXS<WkHDGEbD^L)7x&$m{_
zc()3#ixjP*8>Dot;MH^^uMzb(LD5YCMQcD=hgbVut5i4);oy<<O4qf(SsN%_mx4kS
z5GbbB!KU@J9#*WQ6_Q?7@XavVp|w3r*D5ir8i3US!>T}8!*2Gw*04ljakUP|KSiv8
zZh5Mtr~*~t3dwaVQ1e;Y*wR%hK(2-M+JN?3L0Rn^{I1n59ENbTbQRa}@CvJ=OV``*
z=txS}jry~RH{rWrqbw%?XcNk)%^*=m&6Lu0lP;q+YY_y{NMSl{GG)}}RIa1C%4q3Y
zkJWFW87Kf@x2^yKb~mE(8DtG_kSa(QB-U^tby1X_=aq?ly)PbJ7hXcCSWiuEeOlhe
z?WmJcz%A7bsPg|Lxf7o6K)9re^JmY%>z+I4P7E3c<kz)3x@bmppc6$NUI6J`eV63t
z9TK!160}5HliKQe4ju>v59&_38w<IUW_Z;zYCSnZZq|@8_uYg2X0>t~Y>L39NY7%p
zU178x!SgMhW1jW^aRv~vEy0B$?NXUVq7`w(RK&Y=B`1s7VS7#7sjyfb-bEPR++an!
zl#F<5+Nt!SVo(dlENiDS>)M5jIK0cjlbq<%&bvoparffs1@F^!=6*4Mf3VKnCogd9
zvdYsGpRjAJY2FWS(jy4Uy#j#8Fwu1eq3SL%p6Ni@0oBF#DXi6fO8=~k=Q;PuBb`pZ
zUq6JAAE5QC9N7$qVVq#a9`gra9p2zTjT>`U*v6F)%F7vfvI9<ZTO3wh)D{@(WW1Y!
zs1d^B8QB~luqdu9N|IKIM@H!9%#jy0XtH{3SU()>h)71H)K5};L|&H2cg>We@><1Y
z*dr1!uwWy)(Ig8I(69`WHhfl8bS=WGlVi}skH~8repD~WaRHI%EPkfOLmbfd$U)R6
zETX3IHV23)QceKUR{q`l&zx6kVE6d5&nvh1Y`W{59~w7+Q|ycXXVf6~>iLe~i2M8V
z)!mOhHM6%G)cw=vPU1IPx8wQMYM}f2^Q+w-KHsl<)(b}yf%xMWUrJJ=-Sc1nK#g_J
IzkK$80Dud(djJ3c

diff --git a/src/wasm/Hacl_Bignum4096_32.wasm b/src/wasm/Hacl_Bignum4096_32.wasm
index a088be23f89c350f1125b831fb5ba639affb670f..35bcb03706b9f11eed29d33cf1edcf9559ee915b 100644
GIT binary patch
delta 4522
zcmdT|Nl#qa6|PrQF%@kF7Y0)d=P*Mt+QnpJ;F-ZLW3Vwcv%v)vHc()oFzvZ;yQNMx
zQLLLtNh^^or8kjUolcOl?I_D6Qqt>eI*aTgC0RsCXOQxpH}UB7ABcr`_uPB#cgB0a
zi$D9f_PsB(Tu&^yrFlFa?YHk89(r2d<UW7%ahB$L^TXnwe)N5B`bUSDtx|(&m0Gik
zr~OJhtJ-|k-im6~?hECtJlsz1@2_vgJyeg0BJ~|#ftLxxLiL3&BV&Dgecw}Q%Q@bv
za?#4(*^93{+}iO}H$tooEZK5R6XcMZ_7`|-+e8z1`Nzw3b(lM?e(x{vFULLgwp6G!
zsK5HFv_||Ue<JP)ml%3u>6zXpV^|j7UD}EzH$BZ+tFisqQgZ!iJWb2~=jX2w+YeNI
z*4v}HjJ%Sg!G;X2Dvi99OF4O2CFCKEa>$ogP@;P%OZRXFXHo`b9-ZgLEUoZpu`#TL
z3S}`9i|L#}>6Fpw@dUn<Tzb7nzYC9PMFxx@7Mh4&1M~FJpCZ#ft@voD=VO1?kH2ed
zc)6^;?E7ZW*x{u#I+b_2L_gFxmvYq~!lmldfq?q7f6VXY0xD3S4cDoLfzdwla3KZx
zjA$064N#Hp8TAe5o_ddm&Op*ObzfqG3Y{Sq;H4pQk%~owSG-(ILG0JHgy`~F!72e3
zf^)FWLb9-mouP##D_kO2sUU|=V3kq`c`T*;ydcoH45($~i`pKR>9oz|gwGCFke|xM
z0iZJBU&Vp0?J^VVo)P@`QWWG$ssvs>odV(+zy9a{{QPe(0wq|eqAD!Ba|&rIDgmIj
z!DVV<u{bZE(hb{wiK?2a?OaA`s75zZQ7!IQ!?S8vyfu&{aWz(qrjo>%SHrbVk!n#S
zb+}e#ROgemF0~rXPpjt!^>(-@vr#|va+tzWtVk0zndZV`E(~*Fm$@cLVy?+DXDW%g
zNE0`s$Su^&tr9{TcDA{8wnDNB)8Y)(KL+`Nm)oh?Ro8Q}{XDjxcWplh$=crT4At%s
zW$1@_9HEHXn5v6(P>1P!1j-x%M#P2D0ZE+iu$(uQ#QE$F?i8zC)Me+ruA90|tS-Uo
z0#=s`s~eJFb*q2f;#4>HP$yp?0kPZjA~Ml?BCt!;i`rkJ3n(<zavxpfez7_LY#arr
zhx;K}vGzGb%V$|(D03EPQx;|8jO1u)=Vp3}b-?I)hSRj2khBdLNZ2l2hD(Dq2q!L6
zkMv&;55Z?I=?UF?LUUOB8UY|W+VN``lI7QsGqn5~@rz?4#^L%}#4E6Um9D~eEnR{2
zGh#hzTTeS-{hC-Gh4oRF^=ptU>rrQDS(g=tvXK?_Ao@<agwDFsW@}T|>AD=>G5PH9
zIF9d_lnz^I{D5yj(l)3uszZ$K;`H7yG>|z{NhccL+~4!ljR4=Io4Tg^_F-<9Cuo9i
zQ77GUr+AVk`8GB19SLCyAxt&9Vz@(7b_}<jp%sIy@RW+(EUfh-SJNk2XNIPcxfyE6
z3kHnac9v%CPL0gboY|?f0x=7tvo4!+kfc-REIX!>6l!3O=aI7oY*-+l?%TFo2a|U(
zc~?Ka0h@V|7U4nzTtMU8mGs_4dJEOJ=d)4^30&WsyhKZq>3j0o;TZCG&(3u0fR`cJ
znT{EmUN$t`nT{EmUJmdItsG~1l~y^9Ovl}sUZXX>PxJghKa6O+4u98OQ9poWb<2Hc
zXk|cFcwI73)XW>SVT3i0z|fNm64-*=$dwJ&jU1qW)mi3w3;gjzlL(*xzZ2oj&Qyp(
zX77Z!6!cVff)&Ad$W6J;iWSIlg^Lw^RIw>ZM#+gBVTT!IC9CiT6SBdOLVcwuL6SjW
zTm!HgedbU*ZaS*o1ZCFPEpy5lCU-$)){6ZF5Y;B-iD2p3UvokIWTLz|$aPeQ2*ASN
zTU0m5^;D0Ee1wE9E~P2~sF0dh7+070#|?0=5$-jj-CW)^h<A<0-q}NV7q(aIuQ(C5
zyfgIRgRO5ZG>X;66P=Z#mKL+KoR@%ldCDa0&w~bGqgz`@-h1-wYO$VOt<-8?1a)n~
zxDrvTba*R5Xw{Fe?>0zs5wxjCgPhjJ?Lz)4H1xC`yxmD1+$DEbH+F&eoJ+q8l68<e
zouPU;DZJeSx;-Ym3$pzpwqJB@zW~YF-s23_-zQDp?xkLXw=dBp)A3#?b1yJ@T^Qg^
z!|_YVszhfhNxiZ!ai3W2r+zyL5ra!btzWSEfz|KA5=oLUU}2d`M(qb!r#`++f@m}5
zAks2)BFbSJLIsBDvXFQSkI*1r5f`q)&{dbAE0C<fN1UN$R8|<u{J$g~1x(aM;(d@#
zlK3^aG)kjz;u`7F#X4Vy&t8gtmBh!yuW<m5yZjo1WchX78Crggt6xl=O?@ra4Oj*H
z!D<T#QkTP|g8?nwlk_cw$dj-;>9TtZl4W<o8CrH_g`sTZ!=P^onxh7N-=^Dg!`zY2
z4o~53xnrNfsRPjD9jMYdq3<b!RHh9LH>pe+q%s}g8JamJm01*fj@m(i@Ydi!m$&mm
z1je5v#Wd%PEq7%J908_ISv;9*UlS%VF48P5CV5Fu(Na<(0VC4AJuqTSuMi?!7K9b*
zGt^<<d7-T$32|gjn9jj$=QUcPRZN;Ml3n1gB&nU^752;?sBq0xp!?GNaWNa0zD~Ee
z+I(1a@PiZWyiN~L({*aM9~R(4`zWcrh;i?9Z*l^DZNaatuf7wuF}dw}Cv@;bdI-dJ
zAQq|c^^p43d?2-Dz7KY2M@qRXpB>&qp?2+3?j3Lvl3mI@qm)TQ!(GZfqm;=2?-L$j
z_Dk#$N_jvDepgEQ7#=-#mGWJBj0@iU^YQ>I=Flpoi2T?r<r8dtq92#?iKOr;J));c
zeuk7kGfMfKp3(C?enBs!lrQO}Af!-AQFoUTmxza7X#jntxvQDr_cTh;p(gXk1r4W?
zlyFV$@oSBsX)4icO{xk3KD|;C3&9M-AU}~3pY7oHHNubNJ%P;QbZ&{}mONzq?edU0
zdbs$BrhXj@9=%@tP}54)Z(_}9C7iAF@?!OuhQN=ORy0+yQsSOd70Yk6@}I4Kkg1g&
heIxM!{wqM`?apW+wT|DVN59;CmZpV{`W|Un{{=7NunhnJ

delta 7443
zcmeHMNlabI75(-3%(U^q_-*5R!3HzhU~DrPcwi<o7>oxz0=BU+GkiDhwt-I%8G1_E
z{W`Hb?QD`oq$DJ1Aw}7BT8XmACdxXBlx;RiHW?HpQqHZa_x{7mGRsJoe%)79=iGbi
z*1L!2=YLS2|4U_uCS&s|6bh+dy}7v=s(zZi_Vh*CXD_}VPWkR89u&I+NyYAB(yzk>
z#qMOvK6faxJ6v?w4%6Hxk&N)6quTsdBu|n1S)|zgNu((C-pbTesJKYaWF}{YODgQ1
zY_~Z%J$$$-0Fj<KzO*uRXK{WhbmX|j%5}e;oUTgU-zJwvZcl~EFencnWj&jnk{vGh
zhFOuhsZfPGk&=@-_i%iEGB)cvDR~E`mi0JPm40{f;pBMi!Q-hUmGOf=y@8mvKTP>7
zy1iIjnyzxTzgbzS4(3Fi5T!XGPT^Eaq102MQ0DJHLi`2cjRJS6q;mWBRRhZX$9RGJ
z<BH6deYDRBVGZr$9Bj%>YNuRhQ}spKozPJ{R+Nngk+~TdbDXCwH75@^-&NTfWTb!!
z3`hYN0wfBMs6#$R$ca!??*Rz!r+i~um;+QOj}OuT`6;6PTa@Sid4F!akPbPt_0{i*
zcNRj;SXY>Qlo`hYu>mS37N8O$0Bvnh@zxrZY_0KOVmhqB3hD66z+oTwhzA_UGmBhm
zkjto4kdM+4gIosWqd+dFQYyE|<u4;A`N$O>G9FprN&{R)l>%H%6$ZEpz}1I<Ttk&q
zW07lo<fx-&IO={;y>A*v#mA8DW5F{E!89kv$0;9%Wvex8byO>CC+N6gs{`8!kkwNy
z)myT9pA5Ta_!!7?#`QU!q?3G#vcX5WejKO$2bQ;ia)hIiPHj;m@Ed^NL`@o%o9Q$)
zX`&ozmeb7@j$GmB5n#{X7Rur?5@9PMY;{8YUQwQbrDi2YYVn8Q6D*nGR>68jyU->8
z?bPma&jG1;MCO=cZI_kpfJUkN&<-rYbu64&BydR%cX$;a@1#xx(#dC0@m)aa3RHX+
zD!j|D_-<Xk3A=|n%)C99UOFqu>Z9&0>e*VSzO8jWN9T019JS2-)Jx}dzRps=#F!Pg
z`~BJ)@F)^DWYA~vk7>vdou`2<8U)dK5Dn9?Pc%Y9G;E1RG?C#++>Q%|CqCySo{f4$
zi3@Yl5M81RTQmxyOCY*TmwloubdfGwqALNS#AO-t0!lo(>hUDaw0R|R%@AFuu`Rj^
zqU#{KK{tG&n{<tCSfZOk)Fq|Xh4b7Om%_M(gS&-+|E|h{X=`|#LJ4DnI$+oXn>4Jq
zX?%+&z<L|3cj%7KdY2~Yj%B?otk^ljw@@gloJOgXhG$vsZ>m$S>4TqgLew_P_b`7S
z{@mZ;4^PuQaNoCHEjw|#7o)7igB5;2)5fF+LUv!s?n{WN&SscrXvY1bQrEuwhr!eC
zFRS-t%<`PG8R2=FcYjl0uEhc^n2Mg4YcUT$<^$Ja0hU~g1$!;bBDog(7kCj4!=o@Q
z(%kO!DAJ~Ajv~AFZnxK5iKzVT=XF0!PXEOVG@)>K<FPx~@Q(H@o3h<KXUp8rI|q{^
zyqETBXEqx$-FF-NNkEeTnnQa$&^@$k_ueQbIG1v9q08#?D9?C}SIDgGUWv<`XIdBK
zS+C6^_i1xZMjq!&a?rWNh5AB5<C5eR2u=Z_M@REt3WcyFdU*jR77311$cPs`Ey@SP
zuY=fmFtGCgEc>R~?+-1C%<w_?i?exMMd+7__ue5vA|O!!=@2Z7ROAmWlFTrPKk+E@
z4lHy-oJKL_@7@Ptz$HK}p@?7ZB@Qj1Gva57k5Doiqb>eY^t2<Z^7bjCGAGoHe~~z%
zJW5A_mruKZn49eU`QJbN>w0Ds6XjHniC1>vi1MNUL=Bd>pAF=sAj=h0p|e~`l_tv-
z;&26gsR%?^2}`mpy->1j7D-g~m0U&n=#N!gBe^jhFL6FK(&J1&sP>2MUwb%5O0kMk
zq-sLRvh_F}m%=HlrCQ_4adG81Tsa<ar52XBQtSSug;lM4toI2jHiE`?%B#_jicY&9
zH}5Gq%?-fSmD)fjy-Gbvb+%F)sZm#|bUz(dqYyTNurWZ`1WO2;Z0u%{#Gcf|&2CLg
zep-vv>lr$uGubNrP?B^;(9QtuOaQGFmY}s-G_y$8Yb&>*UfZdS9Z5$Ac6J1II<Rae
zWx@<CikN7DQm>sPZPj}no)sk10uyI)R$jH{OgjCcMUol3gmrc7=5FeCZ}ydy^-zzA
zsavMI;TfvVzk@xnB&HtsavNv#aIcW|QJ+q(bW5F%KH1ubt$l&5=U~a!bC%vL(%0pj
zG*=!VLG!{HL~@391b7~OQ4!iEE)mtCWe)O)&|d)2g#ghAEF1H%KeVJW!&uDeoI&Z7
zfy2vE?#~BO<D)<sbyEF1*$WG8d=t&a_M40F=n`Fm4;QIlu2(<0X|EHeQQe0FE3b%K
zV*nfrxOD}Vb?dS}v~G<#5%@Kxlkr~>uY&s;x~QT$x(fDOVZZLNqdN!KZwUKMu-^=@
z-+*P=ulqyGE;Ee9Iw|h+=2ucAbRHFV+=K0V<G0W{@rD|gpCz8a8){sR65DBFl_y~-
zXh0k`P4q3}1vRNx_#((5nwWjKl1!7Ce4B1N%85J#<+5~Zz6)7(H|YKpP4PWyW@*4Y
zjWDLG199A^X)lg@{?NuDGdzug&Mi$wz8>tTo*8<8?9EW~?tPiMdCk(SuG%@8GgUh)
z+h;*I8{nIRB~?3TIm{x-O#2+8H}e8EEKtOWEO@1Zhl_Z)=p<h7ZM;NFpl=2}3TIK$
zyQtH<Hk1)xm;=WwFVnJQc}0GfIEEaqcv+6E@<Ui&mSZ~05A}**mSZ~04>S2ydNq;d
zRa)go$nv9LmS3aS_;s4+$IfQG;wSL;Ng(RSuxz!w?hkDSWQL!J^Vw~@Mr%5(c?6d0
zP7LkWl470K_4{#yHcV>QWzRZD)&nFPuq3q`7T7Ej;QkGcqXIS+#rX{-b?~Ob<~LPf
z_Zv!V>m*kChDFmh_PJkl6qLkm^U0*l9d|$TSKl#m=wtPNJ!Ja*K{=}br5?g{bpJV?
z=R#4&nb;Hrb1~FP$qtbO0fbsQ?1`i!IPoI^krbgLa{1(nl#*{OK^Y}esl6y#7?o+k
zBuc0lwGd;d8?FRcrE@#+Cx!!MGYbV(>0Pm1{xG&II>(saFMy~jCavDC^L`T(m2#;o
zrF=`G5J}aD1@a6+4DaeF*H8@}<RduT|6(e4%e#x>;vXM_dq(-}@a~v+r}d9e?DB{3
zuGX9Jeq}|i_0CA9#Ckgcfi=SrSHZ^Tem;;Q!my6&^mRQ!C(P;8Ne$E?Wpz%X^`C$x
z*YyP0BoStj#9My?UoG<aB-QgNxvZzL^K@Y6DOmQRp7e)qW2+H{^+93SKn+?LLa!ND
z8pM?b05${w8)1nnjqdMyIir!AM3mv(Dp8cRP>b2xEL)qgwK=f01(s}WaZmM8Cbh_?
zjR-@?d5W^W4Q)dQXue@!fAFJ68!Xx1X0u>FbjYc<aXX^d8Wcj%)1YUl$!buC9Nlm_
zMC(Zg9dXbBffI1B1C|hUSOT+1(wx-6omzuJ>4mwAy7Zwzw;41e=YZA~K<kDjXx$dg
zYCfPj-P}VV?xh~?lS4a)ose(7((8j|4-MZv?9if!$>+2N?T1`Uh_(Si8U)f{0BHc0
zMe6s57D;A!(9@tpG^91?c{*=m8j|TD;0*=vpaXSG=Uu0tGtTp{kdDxZPVNPff|A@3
z**b!)BY~|KU`aYISbDQak{iFkqcqGH@f{`+&Lt%0@{Rzn&}Cd>d^iye+QegYiLVO%
zH4t435M703V;=K|mQ-dKi-T9uXwd6GxgOA<!?4ibgW3)r-K3lF;RcP$t7MdK!R0Vr
ze_4Z$i(3-_oCvrz4$HcA%O6^|CbR~f(8>6(h?C%kd;@nA6yB)3*G3`X?Ao0gR1_Ug
zfgN8}{F1s0%d+3`hn8Jt7>g4cR6^(L;*Qp!_voIy`tQrn5<bTy``=z@dKFqvzPHd>
z(V){>9X-%1kUg9?I2@vBt&SdK%D0$=I-13)&rv6|96Z)yF5vMzKF1i33-B$)8(Wvf
z<OS4jUfk%tY)=6ifwx4nv=n3cR<s<GV4&=1Wd+JE<{T11Cn6Y9ZCEc4p7JX4@CeBh
z#pYvn@@w=et>U4HNN`_`Q70Z0*(WQIbg!8O^txPvM?(8Za+qQ@rxC|J{CG!MKcUAs
z)+f~IiDT$GeVw4>%yn85U)SK%nv*!tby#wp)@?@2BBASEXGlMeV?+F9alEPU6qhU^
zk9(l<2>%qK>6EILD>%cON}s++<hYT@Z)%-~GI+}jmiTRjbAAh8=FgG0)hd5U$pfz%
z-d4IC@KCP{7R1|1SHzc8CVyGcm$AqD!{jRpRq<6t8~l!zpH1(I&+i8H=Q~PlTh3VO
z8#Wi(=698@kN0Hzd&)^v2n<B{z9LY)uVVax!f}3}be()nVMJe3EBtjuUsqBrA1eA#
z*!U?t6QrH5g^%DFyF%iMzkbbZ@W+ats#f|4|C8n=NebtwiqS^k(F%V<5!RYT^bIA|
z0|P#~`V`WP!|!RMu!p~?2>;~3HgIHk6~tw2T;Akqn_+&Y=$VrK)cRb}b9g6s&vXRO
z#7ztnWrQWLrI4O0n>}x-6u{7P#h-wQzoqCC#h>aEc_An-f+(LVvF(9isc%?FZSxEL
z2SEz(@HuL`clbw2MYsPxvZdU=jpVpL8;vFva)$j6h8$O2e5MY#pIm(XrKf-2Zn%6j
kO&!>ty!91)T6O<;drU>$jyq#&|MsVMo+JS?|GrB94~p;`00000

diff --git a/src/wasm/Hacl_Bignum64.wasm b/src/wasm/Hacl_Bignum64.wasm
index edc590b15151087ece0332fefb9eb32fc02f45b4..d7db1531bb5667e0ad1419e5fb8829c749a39d48 100644
GIT binary patch
delta 706
zcmZ9KO>YuW6o&7a8HO1wFtk8nrohmaQmv(}6125OYfP*f)R<_xkPd^4mB>JVAx0Mk
z<HC=PniFG8T&U57)o9Etj2rt0G;!n7#EmXYH2n$Qq9%pS$-U1#@A-IhH$K36%}ex#
z34{>1eZAc#yY6{S2j6O~w%%S20srn6Wnue1JYkZvi~9MpcBr&cX`0$X*{n9KY_(#o
zR86CPMJrS^y~FSn7avb-&F#*zs+vh<S~HU-5*pk*`0y#WANuhdcK`-Zbu54%3yvcY
zz%|FwXwZ3Fuj{5!b`^C?*BX{yx7Ze8AGPUd3ZCF)n8AyD5(e=uF9$-tEv++Yt<fxy
zFs}1*OAd6u=*1$Pq)3z=P8A(K)Kkf9mPw?CHEMMd?O~fW)kt?Q%J87zz?@TH;xU{O
zVhkC^o6ZD`;A>|DMrjQ37wU#V68O`pFk=at6vT)iK@wBKb{NMcVG`GbVXk119r#ih
zg$evDL}4e53RgDBBznX_CN+d!F@W=;5T5E;%&2Lm-nc}jF(*d-GvZ%AOIHmRTo1o?
z+}sdld?8LyFTaR+2-_LgClIe~ehh|L?X#`Elc1<X1(i`H)h&7De-~DDs}4!BGwBiw
zKKt<=4?qmx?7hME$G2hJGh)A*;{fw>WB&o3n|%&``}97y8wTwB;u1r3?~k2js7}gO
k@K@G{ce2Y6w0~z0J0W22KJ!3;6n<P*@JH@DOw-e|Kj*^HNB{r;

literal 24432
zcmeHPd3apKk$?RpStE@lk1bg?mX9jS#_}QGkx#%9=Dy5*7?5Rq43c#rOU8gkW1|_c
zF%a(i3YWRem5ZE&KoZDF60+pJlg+gWn@u*^WV7tAy89h78q1IU!XNu3_Os`8cU5&&
zz3Q&+>Uz&<-PWlb$5A_ncJ6c*ZBT=1aDz&#^oF8zT7LAs8g$d%ZBQw9#ehl!#rrLh
zvNR08F(A5SP=kaj43ScetlL7jv2+^n0+HSjzW2J+zrx?JiUadtg&So^`*Nf=pvHC;
z+<APW4?u>MGrR*!*npb<ZB_VZP-|Cs*0p}oeSQy~!lcp@T6<eNlO08!$xhcv#Lvb<
zI=#QAr@ObWI&|N%G1=GMk!)P*I0pe)ve;2!kg6~hbaHvJx7%^U5aV(nT01(rH#tRN
zfZ8yC$4E<0>!z*A%}#L`a!MF-)5Xb6TU$2vZ`qRUZQ0g#dD1Bf!xj*4QKK{JfFP|M
zZ5MU5Km(;=kVLr0zTVazCzd$2byG)6GobrBTbf(9B@Yc(G;QA8*4NhE)v~dxrFHY>
zmgFTZ9m%eieh@B;j=8OWV;HkM9_nIp=-%t4vwL%k=_Ec9sE`dnM~6Wh!c@g*`T*Q2
z^tbwj&i;;;{<f|@$Wrl6akpL4>)}?0ap#5mJ*m5^@1pL`Wbb9taVJVGy~)k}o3uhj
zg=4~~^AC*L)0^DX-PzO9yEr6oB8<EsjC|CNp6;$>S6^GJ_vnmqiLR16di2v98^&HV
zGPZ}ey|uTmtuv|d$A$5iM8n_I-L<XHr%)B9up$}-j{{F3qQvSjomJ831e}B^jrXRP
z^3AP%tu5R7Aa7CHDLMLd+*RxUTh2VLt8dZb<t_b77Pl-}JW^}pQnVJ`vlH`HZOw#<
zhfJ!SJZ0)M;^}oWW*$1Le)gQX^BU$aSUBoxflz6u>2FTF^t!7Ad~8UH#-%dwoSKQl
z>byB+LLN9Q-I<sNE<?pmL5GYVP6<!gnUq&=N7pcJFl?O3`CVSp>rBb36PnYe<o1<k
zNe)db-0nXghwFwzv~_K7>FE_qwD#akug!<TSliUMqou8@t<R}DQ0tc7WYU>&NIvdn
zP}c*_nK^TKn~b15J9G}6RT$2f!>2fF?r_Lq^7zp8({rJ_l9$R<vZc4Xvt{FDeaUU`
zbk6L90(B&vIpKL0HU%nu-2sicBQyhhUY>1q^tE)hZrkcK<e}Mm&(!AUp}~7-v;}!+
zw%$WqSZ2l_oM2H=`L~|fg(2~%j1t!!EJ`;y^^U_aa!8R&MTs(sH90(rOKB99Hp1gS
zcR<h@E~esrRNPFv_vK?9xP$V1&;xfcafA*Y%VVp|lYoj7aVmohrI4zWVj{yxz@vu&
z?=rd><>{uWn4AtSqq0QFB&{x8(WE+>Vja5No+!=H8JAOev$M=`Kw53(vZ6K8#|g!2
zG&Gf?6zgcG^4U%ZD2KvmRiff?D(AQrD~?A~f!_0#_h=rorH0uU#YSefghx>cje>GS
zFvDz2n2mv1Sb)#0*n==zW|=iWU^bv&nJt6ZVnyZTCMtzhQAz+6f9ZATwb30MgLQl{
z{;71S{;kA))jKR#4}*6>F9Ca2_~&99p$5I@2d<#TxTg<thCR6$bP%I5QO0N*ZIlrg
zWyGP3ct{zeQ4(d0w#qO-5Hp})l`)ztpbV#-E2%Q*85JXSK8D7a&MT$!N_1Ws>U<1J
z()k$MxdAHF`4~=6F^{DLk26eEfmBt9)HsyXR!wcJe{0D~3j=tVOxk#x)JOtUQ?(JG
zn#Y4e4Z5u%=Qz*sT}n`m^op(qd4ewKQPj>8BTzqt4l&dZVVD=!f_g2UW^tF_fr9nd
z%CM9kcrr~iW!uLTnk3azX^Q+zqset@|8APl{5JlK85*R?_AaOrfB~jZi_{DfS;ztA
zP@6}Hr_*$M&vlV|nc-=`&6`&O+v1rtlj?}U#8m?_z0CBe8@3_}q@@b+ZIEYpGU?`J
zPK;*qp%HkRMYCwCFf&UYPK;)8Jpr#N(E&@5=Ro!0(g4qnKy*$7n7K69bUfE|JeTK1
zz-pidgVkWL8hCyLtOc~dU@b6M3wU7!tVOiQU@bCOi+FJatR=L>U@b9NOL!^G$x|sL
z4HT?RAr~S>kjjUM4bW`-1<QVwlSKu%2`W;wG+fMPvQ0<8`sI<%;rB$~yOA1cnixW(
z;k%KS5%7W@Xj!;4z{?{LT@e9hC9O0auQVO6<W&){R?}*Owc22<=EEXj9ZrWEtiuh~
z;e12{tTnX8V68D&Yq%)_Rx>pltY(AN%tz9SJe5MyK*8D&av@>_seA|+!gBlt%YGFM
zVL5@Dpdv*_hKpfCSix&)3at${<AFDQ%BgdYD^BCL$vL_>O>0XcNOu$+l}icen2y85
zV|6Ynx7x`r7d)oHVV&><N7GS!3>_1X((SQyY;GT*Q|E5ozgsN#SgmMKJdTd#<LUS~
zpFor7ggkl4x*65(d72Y_Ph<UiJD+5n&B=6<IGa=GM446t&q62K={Bg+^DeIowU~){
zoi{P_si8JoImoBcY4)B^kKD@{5gyQ)bS9lnr-BLNY|iwk8@3_}q@@b+ZII9KWYWzt
z$DGM$Md0adI-5?GCv~<N5@+){1iZj_>6~zBfX|IU^t=c#>uJ5|c)jU(J)a)|>jJvK
zU|nFaF5n9zV6{+-!D=yBExaKDRx7m{tX6~7${QnKZK6#EYm>p+#GC27Je5MyK*4&B
z$%Tj!r1Bv!$DE75VA-$29CI##o1h{^o5RKM9CIEgBk;Y2w$LeJ2wM!_TlgXZUeE(w
z6fO<$#Sw_MMSy9icGGdY>A0P@M!@Qz4ujQUusXOi0#+Aw8LTdY)y3TruzIM+VD%WR
z9=;?3RxkA$tX_lF%iE|ePo<DFP_Q<HT!<J!Djx!da54UZWxooBa4~_Kpdv-v!o{#5
zv~eGuM1A4rLe8cy%B<f{{kfEkvk4Q=bvC)+VP~_Q`uS42G?KH~K|6A~6*|7N*`XB;
zXLA|t;LGXqI9~y0b48xKp0ja%XEWeA8&uhyP0Bc%K}w0UNz;H#tAS^s0Xy9WReIj#
zohsC1X6BvBo0@r7xYgDU@|B9N^k8@hAQAh@s0db=RfG#vcPWrHeg_q{55r-^4h48%
zn0OhFbxlRDZnKK7io)B~if|3eq;s`0gXC((yA=s`V9~TYr#QfSq7c6(3ea9fxHJcQ
zEeCrQUmFGWIz_lN>U9?NI>pyVL4B_xTpIPg7WKV~Z-|0=qas`y^+t<&qvD&Qpx&$q
zmqxwWqTa0d7Dd+#Q@AJ~(7&FS@_}L`qWVCXn)WEUL<+wavlFU>yPzsXx8#(=6Vx?|
zZ$%^Gr-+J-uxr0f5w5ft&TUqd+Z5lfNU(#h==PlA0N)XX_?=OJ?oxzHb8wgC;4Z~?
zM?t+u5iX5-k43#l@x4({?^A?Jquysx?^Aq#6x0V4;nJuNSkwm;zb^{vgNkrz)CVo<
zgNh$gbmuUIivj}uYs1M0ijj!w1Ho|aP;!YBek}|KRl;3Rm7<4o%3;H~Q}M%!QuJ^R
zL?P$)u!`c{9#MoVmzr^KId!=nE*~T8;~o`)yid_S70J&%rU+MVXJEj0b&r_`0blpH
zK=Koco=|aqQo-RpnXd%T;}!WH?<wWEJk(j2w;#B(;q0DPv|q{1Gm4%PrxEshPkFO_
zzT<mVfPJTE{K~Ul#Q;B-)9kyx=M_Eg0rC6aNq--JkO!S7KBx#6=sp)XKU8>987{q&
z$5dDjuTHx@{a?7%;D5jqAaH;mRQ#bR{C!vvuBR0Y6*tBMepvAfiUd6{eR?6MIKUr?
zLj9vrfIg-Omto;!mW7Wg{&*DJPbk7=a6e&jKcV=OQE*>Wgv;Q*XmMXu{HZ9oFDb%h
za9^^xFDd?X6x^2;;WD@{TillwzoO`)!?Z3+2p)o-&GLa_B+~jon9V+-<PtgjTFhps
z683_s6upvD4$o#ERs0z=9@M-)s|eRK+I&81W%;b)&nXi0pfCDdPH})=jY9pkC_tZA
zgv+q-dCS7*6@MWL?iUr|GPqx~xL;KKr6{;xR)ovoe%a!FS@Bn*;J&U1m%)AA;=Zo<
zt5I;jrU;k8{hG!7n&Pi3dTp52MG3(}(B_j56eE$=2ZH&$s^k(m{92d~s)W6uDn(z<
zDTmGHHN|hp98PcKfE4nEZ$$Ej-%x}rmzwd0Id!?-FdrlA4gW<5@|%j@jOGo$sR&nY
zXJK#nP4gt+4ZkIj{B1?whBy3<c*F1HD}id8R6ExKI5-EgXN+?6)l}TU-&HsX`>qNd
zv?&z5*yQ)%Jf&#;=J&1N{DGqHYrpwJMc>Q!o8R-CM84nrkpSoU%^!Ic1N`HhX3rh*
zPZa&c1LB{)lm31NbsThJ`MDxop!?&%Z=%AJ%J@C6<S`YN!>bGV&0$jh%o8B+n?G0l
zuTl8>g(6%(&=cP;>?r(&;$JEf^k9_GFLR0m{HrL`e;ozrH;Ql>7Jg${_>JO!i-P-G
zMYs&^Z!PX`75^>@?pum*8Qixl?puogJqqsc72z_tzqh!*SNtDQaQ~nPm%;sm#r=cg
zKPvk5Fs+Lcf`_0dzI>n<iL^ctCca-OxkL`X784(;guS3DMSsjGhbO*YEB;S39@M=5
zqzKm!wfX$X%JL`0e^w;uL0|OeoZ<lgR}|`hi30RjMYs$Lf3+<9Rq=mE!Tp;eTn6`V
z7WZ$8|0fFW+lp`*+_x?6+lqI(5!ANJC0qt~mupt5yIj693ht0gxD4))#T{}v<I-P-
zX<d{MJOph%`9LueX?-A=&wnYoL=L|e=7TC>FQ`gUCZ`-WpT8*1x|qW$n*&nFZ)V*n
zyU43t!j((S_|2TUT)&x*5%!x`3qjuP(r!1>E^?1cxN<uS`^`P(Nx&6eBapn;rM+&P
zuXW)!ugzD2c6sgajfFg?-Z@_9(seFhFG(p5)%Y9B_xcq!jpPQG#>)otMwbA5qdP!1
zxC4BXOE<ZEv()h|F5%`DH_Nx$yA<E%5-zE`-6d4t?q>K7-FgS=?sVx+SI*b@E};V=
zS-#tCPSf3Pwpk7EJudF(9^l;T(!B=qK54(pZC0r);a;V{%TT6S4e|Xhf$N)GJbM~X
z_v_ypSvJ%Z5+34ui-8ARs^Iszkl$%1XDdJGVkPk)ROzRGp%G=9D+F-A0F6j@x(vKR
z9cisS1nT^-OAot28kFf?k71KK7c6b~5tkm(&)ETrq#`{mJmEIr2_Ps-D%2ycWy1q4
z#Kt2oKPn<tkfKN3L^<yReR{}E@ngdF<3j&&0Qgx%75s!tkGTLwy<J8PLHCcjSr7@T
zGW?`V05vuAq}DqMP(1#33M|+pA?zuao(k#WASq${UD|Ke@sw7_Q^GE819bodWl_g|
zPaPg;Atv^_{IqMb1fOx~8J`thHPVxL)}?1HE6-?Fo)K1X8?XWpl!cXNJytx>LaaRN
z@^j|N6cKKoc9G&pCK2^%mr4?2B#W>-2Q&U@d2^-09gL-mkm*;Af1{8^STtCIU&;E@
zRwenY97@>qEIwp%L5Az!H(L`KgmJEDc69pQ=#XwIXmpbuN0l;iq{ILS<=WbHeY{!w
zdRd*z=tfQ;jY)ArGml8KUdR`gWGsypN9WL39tX-g?Js25apd~hNv#@#!7q%bY8s#A
z8rXP^o_;1!4Nb`KM1<XBj*`SXmEuVhB2XJ9Fqvw33Qd;OI+~j0Y4Vd|!XK2FkfxtO
zQrr}pp5;2K(==zGvl%j%A*pQ~Ch&2PRtDLmEX{0A%iYXuvon+#%7{EjN^I9jiNRyD
z$`U+26m$5YLp&>jit4G}sHk2N(RdC_cuq(~ispDKLVj7ZljV6}WuDeb1I?p`49`by
zm1qSyVWO3Vgv=_MZP{O#r8)Zz&vS%lB(e>A!0>4reqRSKLe^aRRHV!}yqFe`Fhd4%
zGxEcX1dGLj7DE8!arqPW5|m^BE&)TLIRjLH3zEDt2N`OLmL?LDNN)z;)4bFBljcTx
z4<lvEEKo<VI;0dChL*FRt~CNU(zOgY^0a7$vGrBD23)R&IIE!`e==Sn&-XA|B|pfy
zqQfvGQhWq0qa%iR4f3H5qczzk3H#z^NH4z{rKyQl(c!wjNms6xr?I+_9yIA@s6rv%
zYAHz){8UUlC3q%BQW3AkSUw6|9T`&cT9oWqK1!4<B?iFoNA1KX=|?O%)uGn-7p}xK
zRw@bjlCV5V|7um+Bx-PhME0?a?Bl}v54lV~XBkPy=%o_OR_2(r&Knj5>ICB~Ct%VE
zZPLgQrm-2M36IkzT}4%5($#Qt_y-Ibht*lCv?h&|V`Ma=kDzxm48^1c9wt4W;?|_G
z7SZn%P%-B6aiY%}D&Yyx=R~lGwTW-Em~T9NP85Agso>(JN%Sf7^WDNfoIb1GU47nq
z7wmIZ;ATgq%V49PyOreqs=-p&uKbGIE%a-W{HwHW|I;=9gS%#oez@Lf9uCRM#zWN0
zJW!9xqCPZP%tlE(oVZ+>EDTW2^lH}zv&H=uo<2kVRQ$X?F4hU;+<@*HLer;94c>}i
zK9&l8VFAsj1zBE*8FHbXOBZ1ouqY#bT+gLTuv%Dx*_7tVJSvPf$n4orh*1H7H(tu`
zfy-@-!1FR%W;C>nkwwib!1Ib6o>zE0uf!be7gixtdR3NJgXh(n=fjW$eOQK()vS3w
zf{u{+e+`_VkJA(;&`eEmip@v^K9bgE`6&5GA^-MhDIJ51-eWR+EGm!9B8B!iP4jqk
zc08zNkxRRr*3fcM2kO>j=>)UTJ0Y~tTOm5aDk9`7?ZXs2K2e-0HD-tC#34Q@f}&2Q
zlZ~QI=2Jj*9Tc@Lq$ow}JVl*Kr^<5gG|)dy>*jPijZV+-8FYr01L?4$o3rQ?!apm-
zSy@_Ved9Xed|d&~#WxB(eB;@4lDFJDht7#M7?4b9BsfO~!#NNDDXzZfJQpPy4CkT)
zu`vTwfD1a8&ogVh^>iMePwSiARI`&}q^R<Rw4Ph&LTbtK2Kh;GE44~#BW<9K8Qz4-
zO<81yZq}MeBCB<MmbXAtTePMwLNew>8Ai6BZf`T~?Pzb;?OTyExi!N`g4FGul!PYH
z+9qZ(M4eK?QeQSZU35NOAc9D)qmm~zNZ9gt0gE0wFDM|9kb5K8z&6@O-Jl8ZKHA3p
z_}vaQZkJu**6`~?J=g<p_g^2n6q$;;Y)?*hP`{YqWppX@Mwg`|XAdcRm+}BzK?7M%
z$xn(0X;4aO<aeYqyi=ier^-q)-7clYzf#fVbZM4{6jU&zw1zSYca%{XMz&klz+GkG
zkZhJl#+ioOt#i<J18$GxFKK$$=!872(5sZu=r!_7ml>7rRmeiT+{k~eLL%f|*<L~k
zNC>kM2bt{GD_`m$A_gRp{04<ADv|vLjDs5`wF{|SsA42);pS#YiTo^mmqKO~(wlT0
za-UFr8+g85x84r8J0yulbAP8!5xX9B$V@_f%gA}RPFT7dI6D7GL*DB{BAY0U)FQ2s
z`*o7h{eXNxa)vbI`y|;%j4F-n9ix%=X^q^Vj7pFogp{@$tsWi{r95a05Bo|9GA@xS
zV@)AQxqQ?rWuK(Vh*I`JDUa#wmdADW%oB=m^8^HY(%z-`Daq#0bvW-t^?tDZv~GPG
zaL8bJ#t87N&Zl_<b<c^Y&lyplm&_1kpkyTX<oyQn13u&j1@eOi@<Te4<U@e`u;grL
zrM#dB87^8W$N|v<?**-teO4(SL3m848RJ0eKtJ*TOyOg`Qi}YfoR9lTL7g2UpRh{#
zq@s^&rF;@fc~NpF_)}8FFG;Qe(jl_^X?vIAmvxSV)V(5U2lNWq{)}$@4C+2BSp!;t
z&*>bDkE8BY5%pCg>TCK0`ZeHuUJmy)<QIHM9Mq?AY_BclOZou+OMv{c9LH<OuP9_2
z7^Qr{D&;F$DW9}Td0i)sylD0CRZ+_8w(vDY+hxw*j-eDRC+vR6kwbPnzsMQw8wxYd
z8>Y(N+xEyIu?@(41L~Bb)g;cG^_Y88&Ys1*-h?K<sgH}lrH`X=XpEb0LmS_*cPRwB
z5%tz}-%~hA#t~<RaX<jL?*r}!av-Lq{-Hjg{s!uBcAKUj8U6fN;f{U`oS(>ft%m%m
z4~g^7H2us#{#@Y>XRaBXf65uAL_>Zd=QKu>Ked{~Stn+pH?1arsR%-S(<%=qW&Jqs
zH0JedeOeAx%9(i~UH-;sqlCKSII|?Y{z2GTieq&;@VY`#Vw~Nu<Djw#CzIG>z9kC(
zE$I2K@^^BMDKozK%eSO!Q)YoG&?|PD;;r*{?swt~6Hd$>9E)AMvVq4E`>OaT!fWSL
z3db(bUOY*n2(ieRap0xsoJ+wLUX1p+!aM4kq1bHWzzq->D&`W|I5#?uT>#0R+mT>p
zE_uA#Y{-`j`Erm)#MCE`cgQvQxFv6Z3XzW^a#@DAmPg~2WravVC0-(Scr56R4belm
z0NrSkWBgl7TUr>v!&pC%j}AnX2!xShoDTC<quc77by~IbiH;Co7%%Izg9j_C5LK)K
zhK(v#+jUyCjM?f!T*90L9_zGPn3x1OEBwIN<Zxh2hdLt&HI1ejp{6lK0B2$Y&Ip#0
z35-qGHQ=@m8mWWD`;!NWGG@?p`I*`5NH7(Fu|sL9j)W4?44P#EW4JMau_@A2Pt$3p
z4vf|7z*wE=qppBH3~B#u-J-nLl0y$~j)YKQsQ9UDbc*paTfa6+6^%{;Z;#H!noXl)
zG~mruv&Cwv_C-NmJ2kY^T%3JQ)UOSr)ZjQPLDJte1^wCaFi#?}G%APl_^SwC%7-ny
zm;Xx$LtB6>;d-Z7K5Y>yCpcDz)lhpP<`9laxrmD;_6Bj{KhGmp3St<|A!IpakTF>%
zgD&VIRGRI?LZy1>12b1*s>}i5k0bmluPZy$Lqz2x2J(G^I8F}2T?HlSDk#~mbR4l7
zU!2JKAjZ4f-T3_OUcMerrPduRw~?ZE5;@WX2hZ$)s?Yhj13tKsXQ#mzD4@Lm)5jeG
z3fA)E;|@8`TfXuj<8Ta)Qxo`zgV|c)GzRn97_PzrM^zS4Rs5u6{*qD+=C_&*K7ufg
zCS*e=En{g+mM6j2PST5(T1;ZK8GOoMvi7o5NViW#`&8XN4dZ=UhB4fAJL{7gv`#TA
zJQj~^w^q|7)+=6bI@dKRDwC~MjugSpY6evVg_$rNywG3oz@?3(UHK3|opI>(_zFO9
zx*{Jz32(DzU|TiE-)7ClY^2L}<ugwQcDO-KUsBYNl2MMcmbttT@8B=Y;>ZL)DG9Sk
zX$cN6mShk+SwKs(5<bytXvD-YH_OYQh-F$$%W+<?Ji{vx){w=@O4Ggy?W=VAYMd6V
z&fuKkFx`GQ-eK1(<&{Q_hvSDD%--P$#C7HyG1t&+I>OvGk(DagN;Ug}`Rn5&jcjYF
zS!6@x1TR4&deV&0$<cI77NHaTq$G4ArQ`9c^6?pjO^&7$vIu>gsChdHQI_T`pA6nl
z*1VrWC(|hzyg0m0x1Va-M~GvbWMn(l$R<$@T5DuG3!xi1(7+Qv8?v2cZqM;#3wA{3
zda?x@qVtSw>m^)~qV*}n7|!Pl5O%nbE}#pu2r%F$#Ty7AhAbnzK&=@B7%rfVSp*n1
zY2G(u_kV7dlaMW`W!pkY+LFP$ofql$i%okQ+S_z{JKj-j&+t~-s@pqgvyts$BU^{a
zw%*9riG||%MxZXp)@g3LJ=u!<jZKdy8>*~LUSeeHCA?CZqTUqVjogM<LJ#9LLF&))
zcKJ!kYk^YQfzZN^3<3pxbXiuS1e&)i5QXT;@&I@r(7dN;fKnNW7wGo1X~+9_X$cre
z7RWB72q}aOGJK`%@iiF21Xmat(?&*w5g=r*5i%pYh;2r+tb&*syTraq4mRQF=it%i
z&u6H*8uNh}rLtMst%}y*H8x%4JLwtnVw+uq?NRvj2#Quc*Pthv{`N{tLNv4&n-zo_
zu2m9a*rOOx1>DFcAKPwymy&3L4k%<Llz{3RAtqu6XuSz=2r1lb1V-!tr1qfhR#DBZ
zMm4wT@PZ90;KeB!)d(tBNbLU82mxp%-lgCCxeL_qR)jZx1QJ1oTSRSux<h^ugu=^B
zP~%>^SwXA;LS1W>cb{nTURyxGK_qX7mI~|g0i%r)s*B@|rFXV8kS$GF2aey|L^ZZF
z`KyFiGVr6t?%*_h;>i1S7xo<Z>H_|gWqB7EYm)ETC<I53?!`A5<Q&s)GMf|0j_|9@
zGsMEo`wSF>Do4MvRl#i>mJr^ql%XX1C;K@lK#UH6^OtC7t)Mb-j^?`%l_l6!;0#i7
z8Sr_cfC(Pg6r*t+@RU_>lhuh5`Fs!@j-30;dQcZks!-4eTqw>Eu|@>334~?+R=up3
zvqdcL{T&b-Ehw~8O@m%g0{D;sIH2b5+b2;C*8d7Fx0b4q6lFMQM}7l79R%7_L$s0R
zfNnMU$^Nb14}7yQ1%v`SA|_Nb=rN7+$5;Xj|5~gF7&K**W&6h1N?->-b+X<k)(>EY
z8RRojge`L6K9Cm?kFz-Dyk+uB){sbN(P;Hznfy;fdY268T{NCx5an5sn2Be*Fddnn
zXV47BC#0}R^sMMmV@0z@w4!=#Me+rqJS+N!Br#yKHQI(hut?W-E3**evvCyDpUuO3
zA~6dyqV)njXG90?NLKQCM3V_qV02)C>W^fJWyna5n-OM#VEF+ByFf=Q1JxD4ub`N(
zm(f_&`Z~cjEJhV}oJn9Iq0djS?rmquq8LUK(UH(>P)ROkGKUlB1GAaW;~13ej8N&{
zT7IQPPks5cn}$vFFa7`4tms*E3hR=c#DO#l&+x8l@deRhkpu(A*}OowvV-npV74X<
zgMb?hK}XbbLQy)RCgUlNb5g&ccjj57{-voxFFYz?e3cpTcY4i{pafPJaC`VdqE!!e
zham#kCc^nuVS{M0@#H6k32B1l=1rs;nwSySMTcO2NRu?pT69(`>lb*dGHeaSD@(X*
zY!;t)(@AubLuacPJ?)GEHQcrZPuzT{CH{<!NO<cE3~sRQCK|YiiuO^F{_1BQ&a3h@
zO0Dow?@;0T0RHc-@G`A(qZKj5zmEbIjG%z{kZ3?Tbxu4b-<q9oz69R5biV#xwR}TY
zzLL9=<O9@g9r}yXl<e*8?xnu|-mc_k>g%T7etc}Y6C0n_wvPVZWcktNw|@E=r>s3?
jCAD?-bR;|RL2Bx3?dossAbeQ8yZ16FwO*tf5EJ}gY_%0Y

diff --git a/src/wasm/Hacl_Chacha20_Vec128_Hacl_Chacha20_Vec256.wasm b/src/wasm/Hacl_Chacha20_Vec128_Hacl_Chacha20_Vec256.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..ee83c846c1548d2ab3c2e5bc9a49a3570bd64588
GIT binary patch
literal 1845
zcmd6mzmL-}6vv;FCTSBmDqurM&fRjiR9p`#bX$dlK(Hafm~&nCYA%T*$3f~1O~nF#
z17d`e7#JA%OPCp1koX^P`s3v40ul_+CH8y%y!XEH*8!3z2msL6*=z<^j?ffMk5Gw9
z^E0)|wYWOA%krFB?p>YwP1gGUQjZ9{M?{i@#dg9H3);amt>8(KWkRa!#y%P_C1TdQ
z4e(2Z#QZpoG=fazs@WwWaV#iUCQvixpbNH%+%S8rltdY!Cu|4}lWd!$k|YDiJg%9w
z-vie~ZkiqFn9-AHP>e=QMmaxa;F;_-lhqe^%A|ni>Pr0~Q6$P0k;*Q?epOlOw*27I
z<t=v}pc49LUf_MJPVBu0gvQamF`;A9y%jxWw0ox)>0lAFl*&n_BAtZbBD>$cdy&;i
z*lI0gXz@1k-&Ur(@2Y{8HMPq=>;i<&4)o!9+X3wKA+*B=wsE7Ut^TwG-6iN@6gDx0
zt$sW7b<rC%ukv)26S~;JZdLVRS=Crp`I-(i{n?t+zNVXD3pa7AqTknu`C|W#njein
zQS;iZQxkmD)&PPX2+q99k<QAI&ccz-P!xlhMN$;$uyW%NQ;}pmCW?y`Gbx3{s*oug
zVkNLFQpFR7M})_PWd8ldy1Sk5Jm={#R+Efjp5mBHM4@m(vP1ls4>}K1r3We@tDWR&
z&S~CxF@F@>dr+(F{H;(S*@j9pp7CZ}oc>4FE!ByCtV~a=v$RsSZs}%9TUq+Q)cpkR
Cjzv`f

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_Ed25519.wasm b/src/wasm/Hacl_Ed25519.wasm
index 57ca4d366a2d9d8f5a81677d96a5d09bdce14907..5fa25fad0894e986be94dc32c9424207c287ba74 100644
GIT binary patch
delta 3082
zcmaKue^gY*702H^c41*rHYx&wIB$_CCap$~=^r(f)fh;SNCX4x4;BI<!XhXnkQxE4
z#z;(}d5O<jNTTt_IU3vO)^3uTh_y)@D@tt8)}K_NA=+b=^fdJJB=&yq!Xs{vIcN8N
zXFhXh=FXjYZ(ieNOZO$qrZFKQ4Go(|CLTyl6T;A65LtSH8ZLxhsXB$Kf23+6L_Z>&
zPK!Oau(~4q>8h&A6*a@YQ}$F8dcBoJidDZ?O%b7bmYOKS^jFpUe3#X;YE)c$VUgF9
zURYh~$xe4o*4wNJ5ra(cvuaZZtL)+_Ub<v)b&Y501Cy2Lp?7wVF{{43&=z&-zfY`f
zRK|9%ZfsOkwLYxDrHoe;EzA|6*`&>38^v{3giH0hY+kOEIV}3buVeJ?$c=hi_#|P|
z9lg=QqRZh6^va0ZJL-9M)Z6WW_89%tkS2Y7B>DtcV4TBdT@HuO;h4M48)$Fx&5Y_$
zO(%;>+z}iCX&Tl*gNmCpu}=;cHq$vV$a&(|Zr|qk=R*g)X&LK$K4+pJ!0Yn$B!vsJ
zd({7T*9((ZhS;<b#&)Y1LDT&!`FJFCJ~BD5=yE-E%4oBHP^`Y1DZd<CNbuma5Z`ML
z)>>)M$Z1J}WYR+{IX_{ko6gdl%F^m$>6*b}dzj_^Su9zPj7Rrp(<VdSNoTqID9f-6
zmRYk|>M~jOJ<f7z4$D1Husl4Mr8b*oZw|}Fc`S}xh(0r~m8`|xM)tJ(6xki~KPOwe
z0OhoWXUHZl0{LnY$gzBoZ64U=1s!D53elSI6v$U>j~Ai5y%@G`@d>iCN>-6QR<efd
zBTGIZJERok#Zr)=OF=r8f@GJ0oGAloDF=!7g1q4cSzG~fwc<Il1<P*3R)UYK0^d~y
z?pzM;Tmk;&3h*V>;9b?=T{YnQo(4~O27LE3;Ja(VE9$_n*Ae%XKD%Ef8Ts5aY(e%a
zmQD36Z4E3Dt69?4u&n(V%h9zg->zf%@p_iJ7g!E$VCijQnYa<6dtW+0Ht}Ul-Td+{
zvNK*m>f$ybq|Qy?`I`~y`OV-5Uq!$Nb(A-}23zntJjZQ;=dLaAbQ<9QVcWhH{_Q^p
z*|QC{{ui+Gn$atv1--VlpjXTr;5XQQ{3goHZ=rAVc9g4kz&`dithSS^uWx6j)qHa3
z!PF1!y+-)0eSC(0{|-yfewN5zu}pfGCFcN3-9eUSA4}`6S-K9f*!(Q_zsHjGK1<C9
zEL(p&4x7??_yI`ohkT-wkFeymvb=bd<)h!R+&acG_G6aZPat~JA8__F{)n?5_vuNp
zJ)h!?zjqwv^?&+|tosB`_Yd1ZzG(wFbrK2KeF}VKJNz>~196_l)6jPsyzS2*J3q(S
zU*3TP|FZ)d`}!HAeBoJ;b7ztA+`k~fxqk&uJO|!<4m|EWc-#f>&I{oA7s1b81V4WX
ze8**Q*$Lj#3EuKI@Zu}rSFV72u7Z2I!0+t_-`NeW{T*EU0=(x7@RA<zt3BXXzXacV
z4Sf7{;=Wzi7g)aY$}RV;x%ra$%EeXUTit6|?)KWG`{%>hfjgpA4SFYA`U(by_O0y8
z3o$F#{<~-JWgGM+ra9fZxLssAue`mHHq~zvVmdTk6)tE~h=^7PoczDBiWOmIlnHkR
zV%$m)ZvWOH;u~QG+h`5)*&ij$X#HayV*B9W7lw)3$O+$K{@xLy*=*yXjc;QpCYzBO
zD@F>-mK5PO-i;MuL~f1}bom%3V?_nYv^en)$xq`bkO6Pwl~I^?z%w+SJ!|6O=|31R
z=(^~?!Z1~#8GoyS`00nw1o{&2myH%h2#c>fqif9f`7V-Ty14{wvN1GCOtLCcxTG;N
zNtE1unxjb~0wM90Y+M=3Nefim$)dpA0vQxud$Jg9_VZiDiLSxD=nPs5WpI_aVbrIH
zG12x0Ykh40$B@l6LJODSj{cnp<X)Q~V(8Y7>c91ktO;UmtWE3xUJ44s_{RjXj=Yog
zduSUi{tfqu8)CSH#<#i@?J<{C%a9okn>HKmb1cL{wJ;ef!ycq>u}qmcL-~=S5Pe)`
zxJ0>@LB%;CsZ>!iEUCN|GLvdHZ<)+YQTm;;`kjqiKM*4uo{*W^Tsc>2lF}_z#}qAF
z&Lv+h2V&FaK^)qXkXS7jBDFl3w?}hJsm+)3WlkW51yZ`g0$DE87RrTkUVtwmK6HTR
z%Y6A{fP08XyQcD~DbosMfy@mw6jB2}F@nN&(@JSoPtm`K(p@ZzDIJSBxxx7;ktGB9
zSR#v&k7DXoO8Fo)^HD-I<fFvQ$I^ah&c|$O(aL4HbV@1hj)|I=%F&JqT7|5zYs=&^
g+8Dc5DJxm4WR<khB!jzRw?E%VpUgr@QtZnA0IO79ng9R*

delta 3006
zcmZ{m3vg7`8OQhB>}K;M+mJMYfSemhYXX`;EG<(oyXj~ihJZ#w9>mR(Y&LH;n`mJ~
zqGIp`fq0Qyi%7S%!$5%%ud?C`S`kGOG(5!eFhE7H3~jMPX=N(?{@*4Wl9|rH_dDlz
zzw@}?y}4&Ed})4sz`Sl!r05i#)nbLx+0&N1%bq91PVE^nU$ZNbLTH7G6pFT2q>3=D
zNlBOH=!LHKmXe3P-X*>c+bwNphtK6TStxaqdHPIKxb}uJRaiBPq8bCr2_;v}chxjI
z3tGI*&XRn`3}>FZ)$MDjaXOtIcZak7C(~z`#*X2fd{=ut=iJ8Kk`ABS)zZ-F(Joum
zoKY?~S6xGE1C7BPiKFJ2FmevV5xz+g-)RF86O*jt9j4n&CP$P*X?8?3bEnZJG&Lnj
zI~=oG+Z~xjH}F|hB9)=%`*N)`YT1Z>PBi-d7+m+q`ZaG1@`L^09Pftu{@A1ccfH_P
zvym0ouY{7!4l!a=*g#wS6EvYn9ompLb(+yVcDXe)=(drA3^ipS{MHeMH?>fZ;CnLq
zCr66V(72I9wX0K(g;~`E{k3?JAcS!y?UNW9n7M6u?RYIcd$@?B_G?sS?;O6F(Ua57
z7>~|eW}%6%{d}?@jGM!lb2r14!|1XzwmKMnxs0p7U?kqdn04>%7``}f2Jm7&<KqIx
zjY7tqMGV(m#`<E$NAnop&1c;40HeBup*_eruz>NOQb3zlwvXbKvObFMlz&R``HEu{
zt1HpYTJ$+ZYZc7tDwypL!K`#5R#YFSnB~G%%VL<*9E}>ZpQ}Z5xqB(zS@#&l?R8I5
z%=8?f_%9DkM?K8-dYJbcU}iVM>}`Zu)dXX1hIzUfrnm*Bw`DoSg4UaeOW<u@_--$J
zbQ^rM5B`V`ettWAUpstX2mJbn;o~2HU;7CB+F!z#E`>j~l)Q2OvK<QH=A*Om2xdRV
zShj+(yOZ(H#~E2qGFnzLwmrqT*u|LgG{f}_<CSL_r=DXZuLiUQYj#nzc4O(T?%z|K
zx)!BV)?rHr*TLuYET_1?2Y%xV*ziUTZQpvtf)|l#+knjO4akhv;m>p2^DE@<c?o9S
zuMs^P5$}E(qb!>+YUL&x^};LACphlhjCR*=Ftp2$_M+b+X8#T`>Q#!yxmV{}LVrAJ
zN`<z0+c%`2{R6+kJGL|WcQCH)WQ==_F=rRU^*W==U~GMZ(f20f>TX8jTZ~zI7*%gG
zo_OcScqUuloerFOk6-99dl`;>jE+Atw)}~4@&iWfhYb4xKx_X9ul`*h<JDIV9;VoT
z5U;rZ6STdD`YGo2;^j{2gZa7-=B>jhz}ipYYd=H&UHvf8NASmR?g;$uqcCfZ;nlA=
zj{1Ia9M5&d=cxESCtyA}f#+oZ0tL4J8QyvlzUw5satdBK4S(=7eBK%O{b%6!e+mEm
z0DR<G_*G}&SDk~OdmjGKdHDRlz~_GjA9n$M%?0?Vui>LE!uMZ<pLYqq_Y!>XH}KkD
z;eT+MywQER(tPU|SM#RE8%_UM6Z-1nBr)p0eaRg9@|s6|dDRs9(qFGl9y*@(DWeju
zT(2Hl!l?asSy-rZ^v0IqZ|>-6d%nkM#D|Abdvi5C*f+0=9715aA{=0Qm`GHHasrzz
z!Z&=fOc=QbeOJ1u46KY5H|WOn&N%TyA@mJ#BDAqUtWEfbC;Kp7P`w7151dL6FNdyS
zstWy5lCaZEuJJsRJsC6U{$xSNjUGrAErhgjVh*8ZocQl>=F;)EX8wIVXI7;kGq5p5
z(BUw6XknT1NXI^t8Y5$DRy|W<r9jC<QG>1U!KU|35-ys1@Y=mn<b<|~=cZpv6*DZt
zA*D&5Hd)jSr*4}pqOcSntoorTT!>&NH;s3=Hv{()*pntEh7to;ek8sUp$C1|gd)>F
z{3@XzB080!T+dAxQ^dErCtXZRjOnzjNbcn8YJ?*}jg*nL!J^{+ymVs64W8KgtPJrK
zZSegJuITX$(M4C&wEn0B+J<kc_?t*l3uU31rn5Lq>U|E2S|p2XR&_3N<_U7)s#S(d
z>r9hLEtbW(rk~P}C6hW&7CA(dT13tHVRq`6?laqYPqLVL5zURVINdaueE(pw?oSY7
zX({yqS*(`G5~)g)6jHHes}IT&N>>*E5o#%5Qx^isY8fEaa#_Abt&mc!l$CNpa2t!H
zbXbE0YgDUbl`IYVhsci^@=ocL3xmE|%AYwBhc39JOO^#MET#ecdJEcl1>G#|vWEWG
zQi0vlO%<u*nvO1sM|y@zQZL;oiJL|>P)UfPl6a_xl6XQTX&g-El4R46Ch1X|WwT6`
lQbyY{)fQ?e+A`Eu*&3}bkxS_DM5|uuWwyySy&zLe_#aAeQs)2w

diff --git a/src/wasm/Hacl_HMAC.wasm b/src/wasm/Hacl_HMAC.wasm
index 033e7523a05ee2ad4575a4696b36b47f7cef8808..c2e51b851c0e3a3f21be3160b08d2c2ff85f9351 100644
GIT binary patch
delta 2779
zcmcgtZA?>V6u$4J&_cUfq<l*4y&?wVhG|8_4RE)73sfC~fXq^$&_W9c1y^TQ)Zpfn
z0edsEIW}XKW$}mEl5Pn~Hi68T&5yaov1Hkn{n!$=m>EMdVOg@Bb8D|9S9BlQlIF>I
zpYxv6^PF?<xu<?2=V!@C!kXt;zrT_A$paw5?;p+mk-c$@rV$H`WetSTDYA;N^asMx
zNs>ahktoFmGozsE*_9*`oXH|(%4VXdm0d@a^c3MURoYT}v)fi`?{(U$N(Ix3#YdYH
z9bKJ{UT2q=iKhEmBfY|=#w1DC=pB}eNxXMl6JcDIEFCeYnKneEYWYPReK8_kyLvG-
z6_F91X#PHlG8M8!4GLKzs#uihQ-!Remm_6)G9%M>FD}Sz>vh^Un#{Jo?iRb(Ve4#i
zcQtqPGKsPG>bAJ;9S(D^QN{!tx6kEu+BzIQCW#)4THz1t!QDWc&DQ4d+FboR?M-fn
zt%^yOCpXBG->t}P@AWb%@`#o9kH`fPo<6tN#jKFUG|411EtWu!Mj0M1z`_{hsbvD1
zLM;^qtdvK{1Oy{!j`DHc#KD09Mwt+lSSb|HqslMgVLsRx4-fy;o<^!QMAPq7o>(nM
zI93;}PT^vBJ*U@&?leAeUb=6}{eaHL#6hG+JqCD2Z2`Qgejjd})+B&Et~p8+0m~z&
zSczI#hSXu*FsoK%GYsbwNIUPNJJ#r_DeifQITu$B7^(k43K`9cqij5e9gklYA<==P
zF`%|5&$C29%Tlf22-nenSA*su8YU8zDFTzhFoH@TZb9J|5A8ZOU^S`;l(LIMStq#@
z@CPOy8&$#&62)6rdGuaeh2Ge-S0wL;X@fy&wJ5DtlxAOjGORooeKtMRV%^^>PbHN{
zUG_TKkY}J78TC-Xjl7M3G5Ixs_WU%!!F*&U@;3p_iT2tpXxl}6O~lW)yi3=w%LDeK
zCs79x+G)z87(FcD-Ah6>puvKSU_r)b$p(B+v}Z-zSb$88h(iVAU>6r+)L0=#O%|f}
zj)<8>Xgfq4D>|FDT%96JGJFr$qYKSolEERs4<`acpd+q2da<~QUNU_Pu?r;zI&IDb
z>$dqc;B09w;PnlA0M}=&20T-S%xD(kH4z)PqWy-5UyGPneg&A}Y>fIP8>5^Rc!%$d
zqvI88!5Z3xXJaK|L*>Wxa*ifxsS*RXavDh3bZ3@x!M8{MFGsr%{`{Yg^(MrIMmhxc
ze?QLgB^!h@3|uVUfUnC!Nd@3-^8q?tnhw_gGr;Rh*LEvsnnrCK2%8@+!Tv<8z~KrM
z7=h6xJ#dhFcT7O^_to(r$7-w#j6Jm-ABP|@uBoR_@3ev|G>vAZj<<4F*r>r9UDe&v
z?O&_Cl6|no2e!Cy0<pVV2~h=}sojq~oU1DW++2S^x_hPGFWF7Ik4W|(yI+uUyxDL9
za?p)?`hW^8%9&(N3$LK0H1#hi9rb|HfXjXsRf-4tShEKzdcC<DP}72oWLt|%@_yEW
z-aJQ+#2j}Z^P3}AVk%panP|loGuMjiqpS_rho=phx7%=Wd?VU=C)(vA9uo1K^TLwz
z4UD*)*t&)GPq1~3TlMrS_hztSJ=n5f`R{mq!0?@d#P~Xqnd>Z*n5r&hu6E%@i0Q`7
z;p)cC@lrQ3mqk?VMY~AELn2-f@%OzmOBeWa&#T0s;-UqHSMn-O$*JJ8s8$~tfG;&+
I(ik=KC*g<^Z~y=R

delta 2871
zcmcIleN0nV6o2=%mI|l^%7@UxtH3~O=4=H&0@_zZV2B9;iN(RA)I!T%0ZYZWY^%h$
z&17ThRks+2Glsb(eq?kehAhrF|IlU0$jr?Cn5fIPFlYAlk4xr~opakh3Z-!$F=>7|
z?{|Oa+;h*l_jG)Uocxg-%z7$Ff*k}w6$~miBgo5qFtSDtReaBny-o{>oo4bGywyU7
zNFKdQH0qV*98b6LCZeMI$P%Ka?-7B_qYko^Xy|>CPm<_z-b}Rg3}4VLyStsPJ(9;c
z;Nj*ktaZ9%sTORhsa9NRn)xY3w7dFuI0J4;b`Au%<XJApX_u-#znebbg+&I&H3j@`
zr_bBlO|w)5v_qxYQ0MEHaUY9R<L-6)y)H?Ty4?ZEV<{`=7R(H6DGmogb(6~}JN;JL
zt13<}ji*nkN(*Lf8QulYC|TF6;&il8m6;Z|Jtb;G`W*Y1)pPFCt}cx`+Ceot+8nVj
z&mDVe?$~+r7Mpd`rL@b==iQcUMuhDF$!d{089l(|P@5)?ETf_(HyEj*cd*&nDZ8a6
zZgE_k!US=o*v96@xfMOe&9_Sqc+Fg1oMUX>ozr=D()Ai+IBR)U)^^Sq7bQ09*eEly
z&X048%{uHxztB`?Ume=JmrIJ=)&{XEa<^$w(pT^>NPZ?f8=dx68WDJ5p>BRku8?ff
z3wm92%_)s5y2<(1L479q1mMOLJK(D+ALVFsMXr?N#0gF$vZ$8XSC39jN19scxzrVe
zgl?yv<P+<TEII(1eBGNoA@qFuD8y~fs0VyE<IBWeLv<PS9X)!MWG+%A)@{i-0h*t3
z{@_zdImZb%iAZ`(Hz~=^q76klnrSd92h?f3bj;w36eIO9#kfeHDbZv{kFT9|`pHHI
zeOO_nQo&(3%I^hOt}@}6q8CsPKdc>A>sw(zA*Vei0y^&!RG(dPG@*K1A*ktO;iZ_|
zJLrPq!AS19f1kT{I+u}(LHcP)E9B5uSq3;-*#h{evJg;Mk4($@)qumyzQ*iF3|DPH
zUfytlezvR<EQbwGa>CX_FPhPNnTYFY%eMkv5|R0aF?xGB*!6Z?-N)>4hQBc^t-1vK
zy(;uty%D{(Z$!Pg0`UgghpW+CU41S!JtbGX!kPSnA1?8))mcEBy$;&3sfl*3ybWJA
z3tp~!H7`=FwHU0YtrdV*YTE$|>WTn=Va!k+@|PL@$#BiH$OvVKZDpSW2J6vlvL3z8
zmm_c6jQA46afS~!Ut5sQavCGT7*Vpi({Pn;UVD5-2iw-|j&xA}KRY-9S^U@TJpkWm
z=iUJOiFXaJvC^tg$0jSj0-ME1Kde~+*1eijfKR?p6VWt6cN**@rZG4c<Q!2D7Q&b$
zA}4aXoX7PiNoNuS0lMATnn~25$;J;bBKv^R_&yvcT4EPSw+LIJQkuNAUr`>~8c=LQ
z%br97A#}E-ix5>PW7`W@x?x8(pv|JEQx1>f-`yHi?7v!HQS9T}UrQKw?Q_Q<E}dxG
z1@h?MMF(wLH@FyHSxh|)|F|A$Zm0(xsc?kaoXuF1Fmb)p2XwisAMlI|$Hsk^S6S`Z
zfvaEdSfel{Ze)(SD->pmF)dweG<D&y_^u0wg|-_RTQ^RK-ORqg>>n5!J;*nEK7lyw
z4u;HL57zQX&kd|)yW9YHR>s<eGqwBn0Q0d=R2Y3PGQ+)f3iC5#JbgF}M*DC`sQYn9
iEbT|8i{WX8cNrRYBHzmJt(~`&T=x6l#`@<641WVh^AW%R

diff --git a/src/wasm/Hacl_HMAC_Blake2b_256.wasm b/src/wasm/Hacl_HMAC_Blake2b_256.wasm
index d95e2b0f601c17e131827ee876844b4fb3d2cfe5..bbc821ef32b6d65835c88ca021b01effd2860dd8 100644
GIT binary patch
delta 257
zcmcc2{fv8pm|Y!HeSHFBJtH21xxOAG&jzF*ELJFkY2CyS=ZSx185t*bOL8RUWTxlE
zo0&{Jr$2GJ7$eK%UPd`a)`{KnlhYUlCaW{bGqO)yr|8Tf>5-V66Yr5&oDuJolbD@q
zloTJFnVVu{YNn1;CO!kCygaicBR)H|a`J7)35@KM3z<b3nI<<eU6WMcb3DMHz^K6F
j$l%Bzz{xG8z@;dnAR+)$)6TpLu0DcgA0z8zan?NmfD=tc

delta 215
zcmaFHeVKcLm`FWieFAfRJ&0li6Ln1W6XnE2*nnaXVOA)EY4*er=gIDj!Ysx{42+Yz
z7!@a8*PA$9mXT$09HaJRD@FsLB=5v?oQ&*~Wf<iQI7B@XlXK!d5{on9opKVhQ;m}1
zjZDoXz@kV3@ktQL$?q5^FtSdrXA%V(FqP?=q~iew1wI8P1x7~(M+N~-ZYc#WMG*xN
W0hpRu%)8*~vsv~ra!l4@-2(th13Y>F

diff --git a/src/wasm/Hacl_HMAC_Blake2s_128.wasm b/src/wasm/Hacl_HMAC_Blake2s_128.wasm
index 5b04e5663628bd8c6c5e734fe1c2651170be3455..dde8629ec17f3175fd1850f94720376d4aa216a2 100644
GIT binary patch
delta 260
zcmcb}{e*jhm|Y!HeSHFBJtH21xxOAG&jzF*ELJFkY2CyS=gH2DvJ=-zP3B?bWMrBw
z#;7pylN47{YDs=hs<9CR%j85xIY!or>y#MTCO0r@GqO*-sOZcg>5-V66Yr5&oDuJo
zlbD@qR2(0inVVv0WTB2zCO!kCygaicBR)H|a`J7)35@KM9auzxwl*<cl~CYwR8U}4
lU~*(|WDwxwmQvtS6j2ZnfGKHZ-UU}4#<Gu*b+Rby9su-yOJo25

delta 240
zcmaFDeUW>Dm|Z<%eF7thV6Lx+v%vz4bxie8IWV6Mr~smd70O_mJu$?2vOA+Ni?I;{
z<78__B}S&nU5tv1%s{r}#B-dCEE8`iFtSeU)?{RxEW;?r$UZraQQLq+)FUxDC*C8m
zI3wOECowzKs5sux$U*`viX;%91d*Klj&TAb$K-k@QAU=@Q<<(xI4UUcDKIH8Ix;vi
f2yk*sDR3!@D2NEal+0k>1y`QQvJYsh2J0RG(zZdS

diff --git a/src/wasm/Hacl_HMAC_DRBG.wasm b/src/wasm/Hacl_HMAC_DRBG.wasm
index 990b72e231ac84134f8464954de2ceab58ef4aea..c1cb2fd3971da9dc9404845d34abd70b20e02953 100644
GIT binary patch
delta 25
hcmdmejB(2`#tE|-n>Nl#Vq_GX9Ka;HS(-^95derW2)+OS

delta 37
tcmdmTjB)od#tE|-J2%crVic71NKDR&_waRej?YO=PfV`d%)z9S2ml-64W9r2

diff --git a/src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm b/src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm
index 7f40d696b3c8016523a7564df64dc38b9bb78558..37798d12fa6459f580f26a327b62e117016dfd1c 100644
GIT binary patch
delta 495
zcmdnBjPb-W#tCZ}4{uy+$W$-ok(itl@966267QUmn4FPlWDt;_Q)y^yV5)>$Dn2zY
zxu~+Bgn^Gt{VAys{gdOFUon2z?8V~h#(T1(p@D&osZP3{u}*mN9Iy4v^_+_43Y-dT
zj*K}#l%;5)V6I@Hz^=fiz^cHaAnnNDC;*nwU|>*C72s2}L=odqv{JCrWMELVR<L%e
z4`iu#WMl=h7;6-5(A3!~*eckVGcY(ZDB3wPa4Xs?*t0q^aw{r003jbxlt+<Qfk%PY
zjDdms4vH%u`K@KHXIC@>Im%HW8|F}R1r7x>un5?tQYbD}Q7{+a2l~ark-?3nUIAH>
v1Ly@ykduKfhdbE{<Ya3!bv6n%3f2%OOW1<kY^Pucb~DWFK&MZZ3zh)@*93C2

delta 479
zcmX@HjB(d8#tCZ}k8WIR$W$-kk(itl@0^jCoRMf`5Rji!X=rR<8gFc*ic2CsF*PwI
zJ~c17sIs7hfsb4RQc^(%Opa!L!}wsc2aBs4@4=3S1_m~!I_Y}GI>F7eyw)?<OFJ?+
z3gkF4=45FwFes=huqd!9uqm)BZ~`G4P#7d5z^7=gfUJ;1(L%vOlYv3eQo+)xK9Hr}
zk&zY1VyscLLQ`k0V69+f&cNWvplIXBz^!PjV9V;r$gOCnV5h(b6qMjm<W=BN;5B1l
z;J$+5x)*+Hnd_xcT&DtYoufdu0te8E>_7(!WW(IZuV|)V=E&g2Qm=rliv#F%bC6Sk
mE`~eR0_0RnG<8-ARtlC7r&@!YYNKEy0Cp>qn<wi8%K!kLBXC;)

diff --git a/src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm b/src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm
index 1abe96898d71c8c29bc422d6796b65e44679dbec..2b7c24967ae0945a078cddc58b2499b275d0e152 100644
GIT binary patch
delta 495
zcmdnBobkkR#tHiwCu}@W$5b!nk(itl@966267QUmn4FPlWDt;_Q)y^yV5)>$Dn2zY
zxu~+Bgh7Bz{VAys{gd}Izha!Qc@;~d8}I3kh6V;UraI|*#ya8665bn`>p2z86*v{x
z92s+fC`-{o!Cb*Yfn9-3fmMM;LE4eQQ2;EV!N8!PDj=X}i6X|KXr*AK$-tm!tzhj`
zAIMVg$jAz0G1e&BpsBM}uvM@zXJBw-P_%Po;8wI(uxE8-<W^L0075>XD32nq0*?Z(
z83P0NJrq|a_^)TKXIC@>Im%HW8|F}R1r7x>un5?tQYbD}Q7{(}1p39ok-?3nUIAH>
v1Ly@ykduKfhdbE{<Ya3!bv6n%3f2%OOW1<kY^Pucb~DWFK&MZh7c2t+6MJ&|

delta 479
zcmX@HoN?E3#tHiwCv7}X$5b!jk(itl@0^jCoRMf`5Rji!X=rR<8gFc*ic2CsF*PwI
zJ~c17sIs7hL4aHXQc^(%Oy14>hOuGu3YJ7S-oqUY4Ge5db<*{Wb%LA4yf-q}OFJ?+
z3gkF4=45FwFes=huqd!9uqm)BZ~`G4P#7d5AfRZjfUJ;1(L%vOlYv3eQo+)xK9Hr}
zk&zY1VyscLLQ`k0V69+f&cNWvplIXBz^!PjV9V;r$gOCnV5h(b6qMjm<W=BN;5B1l
z;J$|9x-|dw%=J<zu2X@y&QTy+fdlA7cAx_VvSDr%R5VjCb7XL1saHVO#Q}7>ImoF%
m7sH)u0dlG(nmQ{5D+No4Q>{TxwNbDU0J{~*&6C#z%K!k{QE;OG

diff --git a/src/wasm/Hacl_Hash_Blake2.wasm b/src/wasm/Hacl_Hash_Blake2.wasm
deleted file mode 100644
index 5064aa4a914bc984b94700310b5b79b482c220b4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 20644
zcmdU1cYIvMwZ5}jSu5?zT1&Dm%k7M-j0@NXn+|KLDG7v503q8lwj>w4vT3p;8_Sp)
z2))AtLYhekgqK1RhZM*oBq0UzNFap}Adixe5J+h6`)2OWo!z~%Aulh#_x|wgX>-n*
zKDzTk(3W4Jf*?>YZRqb0<aE`mdQl|$`c7AUYCA<mUtf&A5>g`%)s7!x6s!?ZG0L!7
zWMh(`VK3{(dF?gvSi@4zIC2u}HSwEGXmMTD;caW$R<w6jtY}}62(sxD&>_dHUA=nM
zn(juAZe7&gy{fBy-mXF5n~aV#X<gm6xU+pppnS_BXKh`}&sf<CX9?e=-gma5t*dL*
z;-JDeDDq(wnmZ>*`X*W5NB5ex)j_4Nj`1*iUNFQr8S8skysUk3XX~Q1OP98<Y0WP`
zw>_xxZ5w=Bbl|z|YgPrR=0n>SceO5DvAU~uL04O6`<&JTR;|o;x2^2XPaj;>+S+<X
zdpCldv7+tRwnbg-LG^YV?X*Kj%hwq%tqX#he~O=Df^=c7)GTT1Zfix0)^u0&1(gRM
z1FF%Kt;a1~**$yC?yYO*&cXOXTXA(irdeaAc4%F8Sbam|@DU@MMm3KfGj`ngA)BdE
zeL)VcpFf|oag1q}?X^X%@Uh5r;G)*$E0=c%wG#$YuU(Cl+FLu@&k2T3+JVuEwO!rI
zgSv@3Fzaf|cL&*VgIO&_M)_qy!^lAlg2q9shEsdE-`ITA*t~7*NWZZ~YOk?Peq-Z|
zY-30Hjg2!ijcxWbF0u+6JJxTkZxD<dv})Mc@zr+DU<p+uYHq$}1Lnlj_hQJ8OY~Ov
zRrFT$C3<W7RPVIDOm7Ci3H(dqALab@>A`i$Ue#y+rT&RN7?1yQK}!(m>ReXWNKLk?
z+3>k+PIcu{U54q%CUSwU(kZEu)I1ocCA}b+9|Tg9Q=Ph|Vt)|9;mQ4twWPtNx;i91
zE%1zrJY-a*O2doJKwOLZwYluVLj8;$DoIEX9XY734qYd8@TIeo)x%_%u9u-k-68c%
zqBf^GbZw0PTv9hkgKJW9drfMTM%$zYHmLzAHF!;G1ji;dhE1|YF(IW<50^x;cR^p}
zf*`F&EC}>S87>vMAeS|5u?}+Ef{AKjvJbzx;NWDRR8-n-SGmOC-QFZk#hy@o>y{!>
zYNCR$bL-|F_Dr#P%9zg&QpkIhH0fq(PQRb9qh)k)4EUL-I=60Nh|%mddK@F8^;j93
z*5lCLamDRTK{R51kj2l)`9YH?JzfGWm~t8&t-X#GaH`Yv^>{~yolcF0u{RULc@*R_
zc5FNJ1n4Ki>BL;pO{fWal1zXEBM4VWqCgJl$uh}uGMTNJ$f-0jR~`bQDeyWamvLUF
z<Z4!9Q1w(aqeWWWG~4dVnI_ZhG;3jFTHvz9YyC8EoMzL)7F(m3bYz;|Np{lHWv5&?
zt2^`zFsVW}%mm~5WLECgcOH0seYRTfEIZ58T+oqAc6D&o@8UGGWi~X*Y34Z1T$u|^
z!fAGOn%!hKXeyj$p3}^i`OqYtW_PFAL-v5C(rNZ|n!RK%Xofh=-cGZR>;p}e)9mXs
z`^kRLq?~4dr^!hUnrf$6;4}xw0npSq&4EsHkQ@X}+G!4UnnUCeXfjT7sM9Qzh0xSG
z&0$V+xEv16P^US<X^xa5p{aA44@pLL4QHqRFqqv7%u!(WE-**Sbg;XGET`*q`7jnA
zevabenl49kab;v)p~gqR>{(!r0kdy`IaX$Xo#XkMAs?Zy8FCDL&5&cQuLBD;j)VQ7
z1?G4#M--S7WG2}CJzq2BIQp6?$J5tLIl=lmxKQIn*dJD4P6G3x0&}v=0=vNTHA_yU
zuUT>uea(`S>1!wbQGe>6;!pik{i%N%7EfzV>C<xw-IlA+izJX%%>KeUSq%Pkk6!}&
zcC5;FZ~IuRm&#&D!tG;;BYX52vea^N2FIhF+edrMdWC2iye=#9x*T4Y6}*1bkv+OY
zmRn9b=ye&rE{pMs+!uMdcY^oZhQnL0K-3jp)K0xpIw1+$(&fkjy-HSEPF6AM3PxQK
z7qwHbhWJc)KGXBOTCb7SkXX+;FZrC{aALW6lkS!^RwvzbekPrt8RtBZHm^x*OPaV2
zRn9`-v%J7-_1Ur(lCVkZ9NDAKk+Ur)=P>G7jCxjlRDTkji>Q7U=b=guqV{-E&(-VY
zTu8#G=Q(mf_sV+9NiU=JFltX+)N^$o#Qh4c`<3UrPj67tM_JgJ8<lKSxh8Zcep=X{
z=PQAYwUF}_<A6aRl;x)v+T%}*O$q|P!2_(cnR#sX^Vp>H1xjEIY1qyIkLl4{l)%7h
zWsAuI46;C3o&`h~GRB1^F)lJOAPr-jLJLdx=!=y=Zv}F(2>}KnP?m>4yZjY#2^;FS
z{8CoBj7ePPCvl0=A5#KrNW&y9^_T&Dxe^#ytz2%h0D~-0#$*A1S5WbBM*6rP=?bN<
zRC0x))JD=*DY;7JvKU<a?83plS_zD-g<Nf-fk8BsG0}=A>osh%-wD^U(sj(_IzN+Z
zl)hdGtRW5Ce67dy=o^&4z-r|NlLZ)LfigA=e@5NNEZV%4d=o3(%q(v9v$#>|Ta>^W
z(lCpgJZ3=OsssjBE4P{~z#t2hF<HRhZB*RONVofuZd3Z-l-#B$4SW6$C3mRYe&~7p
zDE9oFN?>Fy<W3U}45Fcoi55h+ue;FT==${ua_;_hx01V*{-lyms%b$=f65YB{b@@y
z>Cadq(4QqCpE7|#d>TZGlFxw1lK3o$Ci#TYTa|2ux2(R$5>5JZmI(CcEs@gql8}3h
zHxQpQ-avfbcmr{-@piY;Ur_P|cx%%4St8K)TOy^uXo;+TfP~y<yn(picmwf8;|;_E
z^oDNwcl4P468@6WUsgDBzrv{iS#;=rl@b_4k_XwnU*nj4%^$O`D*bgOFo!gp9S?d;
zkN$=d7+9@*!=wfV<At((ydc`f7~4u>eAC2$G>ma7EiB!mA5sFn705#-1Q>)sSsnrn
z`-<PNZ<RIv+pP8-rtuv=jc+OaT_rGwG)&{$9y6dHRssX7m4{6pV2}sOm^|R`5h}jN
zNZ<1#J)-n~D0xItY9r}Kl{~6)Jg&_T7Q*+Hz{pz2_f0e~h=wvIS|AweXgD8ZtBd;K
z2dwr(=JG>7m&cU;krJ3g8n*fe9@C>AR{{g8mB&pUV2}sO*gT4+)sLA+QD#43wVyJN
zpZa<HSm~cBfjOjM9zXGz0sVv$7+9@5Ve$ZjJW$5u0e??Y@pDG{xgY6CrT<gOlZw)?
z_n%Vols(<?V@~&9D1ni+kYAW+U=R&uOtg~a^~<v5^)#zJ!(5*6bNQvxzfuBoNW)e?
z?J+(2*Ggbuweo9|2N>jmvOEune#02QDT(o069dvP#%Z*$bdP>k3G`MV&zcZm5CUa+
zh|+2GJ2tgwZ+VW@e$O<1@2BxQrJq*<b4bH9p7WRi{elu0SgpKZ@&JQ8P{!l|e=kz;
z2S)mXAL&J<|4Ye>ic%X%zog_Pd&1+#obWFzfswV4mrXP<h=wvITFE4Sg{>}HUazv+
zADPP^{ajvA`cFz=4r$oxS3RajzorBRRx7WWJis6il(Bhy3GUq=Pk&|}Ma%0itoAzd
zc-_zA&r1JQ3Ctl4^Z1L$4CptMz`$zd4U-2L<bg6K5BPhNioY?^-~32#D*bmQZz@W|
z-hWHUTlSR4k2&SvRsthyA#a;#U=R&uOf>J5e+Mm&PWgAqxl{f<CGRNRpOF3pPtpyR
z2=qovr1bfg$m&fbWJAK-+7q%7M2eF0L1am60?{PzDm{>p0eH*m&6a4=7g!?DTP%^%
z7m|?8#v6zWj5iQlj5iP$8gK6@eNjR#g13~u*b-TNi6xr!rIx_un1ozxyn(pHcmr{%
z@dn~D<82DNYf4;i;VPXF3`yZH?8_7Q)OQ7nNc3@X?o-v3<XkUam4MT$6ByU46W*Uh
zA4}+K5(3YVhBF909W$V>O$ZFEK(00EgF%ug%f}R=>lov@k{H*U7?6fBkeg!$^bHAt
zffdLNCI%S9Kp7k3M#i|&k8ycI-;@ya38Y~R^oC;w^vwx@ffdNjCI%S9Kp7k37RI=x
zB*v{K2Bcw(s}eM^%z(ZvAuzB4xy{4?gBU2|Vn}t7IQ_Sc{r$nPL@!?>@RB>ozl!i>
zp-KY09C*WD?T>zqKlthJ6IqSUNCw|P@m1e`xvasHz);TIIw!zm02jtEC#aWtuDb>&
zz$g7_f#~5*FhWL53tIF@C%^~wX~8afloQ~S__SbmJz8p{maDTy>bN#*WEfXwjWlpw
zre!#FX@1L2;b#<eX&FtO+L}vk-HeanwF~<DH>G5ZB(@F=4B*RnO2)EQ%6d#$k16Z1
z+Ip<E9;>a#YU42%NELd&QV)?z88Q#=)Q_<D6N%n5J|487k1#m+$!+)L053baezny!
z$$YSv8l8rO{p>zm_hSz<dprG=z4_GQoh8^4Ex=Ok)EP`Vyxq7rpIVCX<+^re;29N7
zoA6tGErzlJFFHf<oRiSQ;AfcUCkqbW|LLmEk)cm&Fy7@eRFd`)CBVL;FcL$vnMxtU
zK?0L*mZ4~DE}2c0PUSb)nM3Sj93R6f!cN6|mQEwLv{bqe{%I@`xar!e(en5%Pw8rm
za5aWWqrW7>4zINxZrbfXiy$ZOQK$z~d&f>O>7~N2R^o*5iY-z_7O5U|EBfAdF;FU4
zU!vbMz`v34pp+86za@n;$4nHy&DD#N1bTXy)Mqoz&|x1*qxYh&umcYhc4{O}--3to
zAek@^qZ!xln3Q-J+}@;&TyXl@Nr|wXcEG&JlwmfQNttj0S)-yP!bzFIaB<2cJM9wa
z;C_QiT8l}V{KqC~lx3m)JDf7u!6Yz?wBF8{dc0p24>ukqqld&E-S|G{%<%VNgPk#q
zj2BA|^a$*dJD!ewkhBRm*=kMLOLtriyKGpk*;Z@Tqu)ohG1yIQv@y2Y7(MoVR2wJb
z!fNAewQ+cTEP0X@wASlaE~8?Ll%QeG0?P=8iy&zy3I-rRI+0+#jQ80AZy62OVpfe3
zky@^r+QRl!vP9k`d<%Phwy@XZwCq<a@lwy<)m$mq`na$TKNGLW<~cqC4WGm9bi+a&
z>=hqVTr$|I_?kX1z#baz%31d)yq(H;hnE^w9wup9xgIa`cy3Q?bPXDAUhmB#<M1Lr
zsWH{qda1xxGCW&{xe&4=B$>^Y?$D2hT~OtAh#gNbc1w8N8K44AX>1h<ZVi1dS~5Gd
z*_<5q@JJd(Mk=$zD(!t>@W=6JZF8H?*-7c`^VZi;`XU%2@OQmCi3swBv?{j^dP%t*
zZyV0?l4CeJ{dG0_hsQAP&z(9|u|J6D7{=*icD(9v$FoLAAo39Ic-2IEVE)wPq_E|o
zhtM3{Bq_jMQRA4<b%;>sUBuJi954e%967$KbIH_k@5eD#77d~-{A4{p8E}!Gp@u8?
z!3%na&c^sb#uopfFw+9v2%ng0?h?`fF1$R{J2LDEYPemN<%S+WkMn9!a?iSa3kIq_
z(K~d|8!m6Y6~OnHwWe!;1Mp9-avXp+ZE$dLGr|Rhd6}Dr*AO0D=vH$Fj*O6e<RLn^
z5Ed)hO`q+C#o=$m4rSP(=s%3H>pxx$7?xlghP6g<Ve4=%)?zGbqsdYa#{Es#0EQPr
zx<juQF7d-<IB)eMoM5Dk<gLER2}a2%-s+p30N@ke>c=<%Febd!k8^_YGM=}3aRM!x
zxB3ZAFi|G*RzFD^h(ZbQ)5J5bL7I7UZ;&y(xi`u<>Ka9;Ym^DpHOeIFlJ-_VSw`4f
z{bU>{0|Ntk3U<FKtToJf9A-TZvmWcM$9n6r-g>OJ9?^Z+{VKT&X6u`|1x%HxZVY3#
zfN113z$SJJn94z%ia`XV!wq5!I9_^M!ijH<;s&ur1C640l4;QvFdd^h!yna|s5lD|
zW_e3@Cvefyong4b(w)VnJ1Zs{L_5RJ&Yqv?;37XW4Oj59GyUuw;|Ce<BD?6>qVybW
z0dwJVuGjiG;KD6nwj;xyphm;Ed=*U#w}57BL)fIUDW1rNDBZo^A+{5{_mFVWSLU+#
z%WMcoE?juo3SA{tc9jib#34v=h?im&IIgm)aFtmjq*bAlJQH!KhKrksyOiKG_EhOx
z?y(tMnJC-|kU|-94<G4xOqTr>XD$ppwg*M-0U0D|RE>-fKf?Znscj#*XFn10uLEp2
z@Ku7`V~BeC|3JvS!J1^Q8}v3Pa*y#E!zS$rx!0HLLx%&ohgKWp-raP~%OIXdK;z0H
zBj#a;0F-TBkij&>6&SZ(>{%FRfG6ET90d+jk-?iB8D>EZHo2IN4L^mU7VpG*44jVf
z)(kOrqbV`?EhJGO^T6GWwVaG&%44{K#>9kxXgs`*&(*lUY(X0+o1ht5wA+Wwlpd_#
zC&+}HnI)Qy(Qv7~)=vP(rcVf4Y>i^lkqH|6Gd5=+_IP5j<&(jfvxLkPFy<^FGd0}Q
ztGNq`cu=-!P6K2dG!c|-y3@>%8PFsg@M@;h%#vBqR5;DfPJ`VBnh44^+iB*=9B3ja
z+gzvFRd$7Di1W6a)6A23&_qzS`A)OD><&!?W!uAP_LM!LiJ)wIInCa(H#8BHZ6BxE
zSN4S_g0k)BH2cf`&_qzSoYO3j1<*uLwga5zKsgYa2+DSl(;O@ZLlZ&S4gq>=W;i?b
zp<regn1x_=D=>!vcA3G!gCPy)$0RwFi))fB<l>qnhjDRbcwShf;^AQC7MLTz%r7uU
z%4D$9JztaMaQd1oN6^<~Inw&tr%;1<yIg@G-tM3RbCgU0yNBm%ihPK^rpSlsYl<9Y
zeeGAMaWw1?C@{p^9a3P9k*Q$!@_bE|qv>m^e1yKH$}#jcQ6KA1{p0+pf4o2SPsj!O
z#GKM6<r4bjTm=wtft(2Mg++4;_>(;TRM?+}Re74XeVn3O<rGTn_Hn8sJM`(&YB@Qb
z+sA3#K8T(x-TEPFgV(kquZ!Rn66^I?M|SANvdD6>m|olHwJpXga{s88`x5Ye+uBiO
zDWWd*qAmgYZV4qeYP%!zdYJ&2M};h7)TNBNG%o5Ay&U2Wc*a_F+u?HE2?U;7y<O6k
z%dTV5y+*G9e9mZO1zmU0bw`}*Ku-1=w6dgut59V%!mjqhuGD7&f(MCh&?-lE09tpZ
z<zx+`u4Yt%@Ja^<QT!>82k&RmjVfyqb*&dQuh&VQ5*xMKk$HWVth1b)#i(l;b!}YK
zygnP^bKv<L&-2;(T;T5@F`o5#a$YX84n-rnu?OHeqmdrEK8LQ)iE~{%57w775Kj!c
z4`KVfu<Lcd0s;>r+oE1acIXXCpfoDkpcuK2k#UnM>q>|=D!2yXE}9wZ_4)KonRR|#
zM0e;-3Q)XI0N5Pe!xH{cmIpvn{3$=6An@n>W>&g@DO}*EFrf4nC9tN{Cb8LL@&LvG
ziWh1DoMRR+MHVPyvVgyfsJNJsF7_i`q%<ILK;Kbn$M8}mfY7DZv24OHUS?2pRu6a_
zV}U^|lrgc2XCn}G#a(bYD_y}nfS!vw{bLHiH{$OowJio7&oLcD)WN_CfSh9%V2}mM
z*ev`t0{C5VT355uHO%4~KZ~oBzLrQmBehuor$-aR<N=El7+3*dbIbw^vOpP=1^iu4
z#SM&fgCFU7rEfIYJ4$W8-=qWpx~g?7N1@+uHkdi92RM$gz#taNm{{TC8=Mhs7rwoc
zyOo@~T-`>joxWYk?W!e6YJ-Gp!Jp@MSV@NPII04D7YRV+7#PGIAd)2R1d$?f7l;h-
zdioOzXf-;y+Y%Y#;3x@*gCmh74i08_8*d;!X}p2>l<@}Q)5hCvia@!~ph|{7IT8VJ
za3qq%!I4N22M4py8gC%B8gC%(G2TFYj^5BspGS}Bdx=x~0&!~haUwt#ov8Oy0)t5M
zMRxB49I*%d5xZXj^aeznk=nTd*c?p^(*ZObP%5DS$TxNyv=}dx<>Lj>ml@;BB{9BY
zVo+*h9B;uFyh3&8uPQ)7LIEIi3;|1oKv^CF4ZDwi3YUim%NlPGbYEv0U-#2^P!V(o
zb4qO*U-OteU~vHAg<8Pom<LRe2g;Z{;P0DMJj6&3`H{Y<^tTN5j#3jze_ILQb2y7x
zVi|nLAm*$d&^X2dgIFkIVg&#&dTstL+g#KO53|}M%mmoEXaoAL0_=_GJ4$VvANH6I
z;^|;uwZP3W4=~6BWo#Zrlj>3CQIy&DS?w|A@tB{-qe}mPNIfI9c>t$J6T{>IiW3-E
z0YG!i0}S#&8IuS6{fLUk8R>C9(vOt>u|eKZYWw~tN&ue20gjR<_)iU9&gub-V=OR;
zg)$~q$<hLtu4HLF!D>%36CmfJzW<p5=#AJrN^P5;@R$yw>0n^BK+Q1^FvtUCc^(iw
z#TZYO#Q24YL8*;#g0V1khyJAk2rm=>F2@kCL<p4SA<(d*N%b_FTC}e`!)m``8o%<>
zcv=x~2Xjho8qau49*{VI@IoyhbIb##$OC0e9`N^DDxPJeXZ=XORr+@ZcSos-q@Pm)
z=p0UVlswsgZ_sj94_F*yfk7;kF|kS}@bheQQ7^o}YA-Sq;O3&?eO>|bM&uo(w#_ei
zOb4-aFtA!+=9mW<<bg6ak9+B;u&n`kSCZMwto91?c*W1-C8b{_O3z4b9xr=L9)LK3
z0qfweia(k>z#tElF?qn>pQw0^kzVs7{YmLR8`K@8w(tL<1i(3*?kIV>zizN{Ru51d
z+YAP=P{zdaPWQi}z0sGGH^{lu{Y_%*0C5BGjVI{eEfMIqERoc2TOy_3ApwXS1A}-A
zM3ThYAW|gW0g(YtPXht>t~qqyvqXmYH%bEH-$*2he}mb3#v6$K1igXS03t<VBZv$z
zdj!axpI{XL<Vd85e<P70{*44K#3TTaV{RY@j5iRQjW-Y%7;od*UE||=3)g3dPecC`
zJ{J%f=k+4sab7P1Bj@$vr3pB_jF_v-e9YCB1YvLROsSne1}hgbc@4-H46GLTFQyL$
zNun$tQ;4o$j4MiF04s(Vl-d}`%`tfmv>FVoK&~_~z#s<7*cewa1`v1Adb}_Jz#I^R
zMrvcAH)vv*JW+TsumT|N*bXp=figD6wTy9XNsQ}E3`%Vbzz-dh*9K%43V^s{3}_Jp
zWn7HXC*z-o2&qxw7xF5>H-CSCtNrn<@rSp7K;wIHhV!j}KuhzHjdQbrKuhzZHs@#o
zftCgork-=PfIu@Z;VpR0Dj?ACRar)~1dR@Xmd3~9rWQPJ6%c4?{zus@!5E7`W5a<!
z<9Y!CjjII+G_DmO(5M3fjXEIEr~?9xI&9+I#GmB~__KUIZ{cUG0{9uL0Di_Qcmrb<
zz|W`y{ERxl&!_|Z47ywy{OksHE>Jracor?Zf>h_W1zYg|y3PEr0o>=~ZRIc7(Fcov
z6uT37h@L>D0;5xl$A(1s&K!M(ufvm0_#nhbW=n<-LS)T5bD7T~KpC)r*%6fzpldlE
zU;rqqMPuUtWpD9;2;Gx3ug2yP1|3rlCaVy<{C2=e*VZ0%1wmDyd2aF9q*efsK(q{_
zeIQWP)f}FRL~jk^7ozWYSiILo%=`Z@kSe^E1?WACKvMuuna*+}Qv$q*!_sUEES6?l
zFc_8weOGJxF^3cQ|2mdtR5NF(fz}X9(_FeSKF7(4$-%W7O^&UAEnu=0V`G}iu`$3x
zW=A`045qAE5nCxOL%G~uhH{Z2kV^<UF-h1*$_SzIzkqSUO1BHE2;+joXHblby+iUL
zofsE;OmUO^pct3P54WGl4>J0fVq7E+;_`<JFdy)mJtI6QV<9YPLG+Ydx>1;8h}&o!
zgaxfNhiGJkjWF^M?caEIEQ7EN78Wnc_Stbz2n)mV)tO=6H-rV1u#toi7BUXPLZ$#=
zN#p<SGMv|f0)!=vN8*vZ78D>XY5cEMM)6uufUu--mXGGOpa5Y><1`-2Ye50Rk_H}e
zJg)@>2uoUP(YzKEAS`J<k@8w#AS`SbAS^tq0b$`;4G0U*aX?t81B8V-Kv<{)goU~!
zuLS_G*lWRL33x3q_!U+GeuY(lUttyCS6Bu373zRrp$_;J>VRLN&d0BeY0gOze5HJG
zM}w~a`REn5xQoy$9JayGE777PdIgr@Z26$*mB<g#E0LdnHG0J??*BP>CD~=cD|UTZ
iTnaAlrQj8`Q>wxqvqo6f74HkYlD7YEv|wV84*nY~1%*QZ

diff --git a/src/wasm/Hacl_Hash_Blake2b.wasm b/src/wasm/Hacl_Hash_Blake2b.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..8882f5e8e067fb9b2b6200202086898da5be147b
GIT binary patch
literal 15858
zcmb_j2Yi&rmH%e7l2*GbvFa<)-jfVSfCL5t7$=66F)_v^4%oytw!FX^w5k@89fOc$
zi~z@WVkd5Ki*xBk>B;3%F1}Rf(k|taT-qg<a!D@jQqIYx{@={^&Caeq2$$dee(>$Q
zGVi^a_vTHNmpwG7JkL{)+&(?+HQ%Tv)g(TVsi_;)lsdzwY-*~QUJist*+PZJ2v?yL
zLM-U<WkPwN*;b64JP!M6DtBZ@vxB*TvccS7#7iZ1!~C7&BO}A3V+~HZcW-WNcp$fa
zo#(kM^TSwrN3#3+bNfBzaux~84)h%u>V>d~%TnhG8_W(24Da*GT!tbU#-O!pyr|2P
za%GH-W=FhommDJD-1T0C%d*gwu<u}QUw`l3@tbbSjrJbuJDl?>UEX?^7ae#wH#+Ra
zS})G-8|d9WI5N=NGm!1it?9jRc<9hrc4+KSn<ibHJ#^3~9qR4vJ&+rN>;r?@UD>?@
zIj`yr_4#!5`)<*ddwaZi;L-U0>{zxJdPm2~ro8fPJ5g%T-`=aX4~?C>W@GR8+BNV3
zsAcy|BN&p2WOdEFRBc^-Lt|6LNkOS8FEgzYmA{r?u3A*8esAyi2-M_y2ge7-`n>9e
zr)3z(9vbs%(sSv)qidVzl16ifa${ayNF}4ys}CXV?>mr#s)nYy@@^W<<-Eqla|s8<
zA-DF89qjGT-R3n_nVy5Y%Odf6e<eNh&9~!wRb;Yis%)}sDl%C;r6xP4l9NgNM({t1
z|ALoaw|sh9bW%;3|FQo^8KO`AXS@#2<El)G;}lO-wrV(&%BX=%Y(N9~R3zhZCC8|e
zV(Y=2phS<i!Sg7dQT-e*+k%3(Bf3R%Qvy(IAWw--&tWQ(kW}R=0V$jWx*GMXGpX%C
z{Up~=6c}iS4Qe3I^JpGqaf(u0OSN1_HJY5KIx(U;qw-uGB0m%5daAcgik_)S4b)(o
zR4+}che`ELlNta?lN$Uc8Kw}G)WD4tiB9%RmG^iFZtC&4nHs4q<7HC1Ek;1*DX(2^
zk51t?<86yhQCYd^c9n^ozT4B3E|!Gqv!{wsv33Py|Llng>6v2om}cML#b9>}rMZ<_
z6KA7#KFu%I0XglefA*B9m@mC15*N^XUPucQya?@GRNUSeP)!@W6n>gFcxh6+m^>zg
z9HXPz>1YC^`gLC~wne|wg~DKVBGHc{FOxLB&2t;*?GW0YiQ0f_<8!DD7<dq(U_?-y
z;U#pAfoO@erd>j*Ju_DYP)i|oX(nl<F3rS8;8b3QW^_=84YM<joKEUAVb&py>43-%
zr}dqHB+NSf78|AzbEuP-({f%x%QJpd=XoW7SkMh!0BoOhXMX<2_x$E)s)|?9Dq5ED
z@|oyBUPk?DOF5U$1w~oP8cSJAYe9)v$~sGV7Cj4;GD}%+DH~`5C{at<XesB>d7zYA
z$|g%WpUwxR!cv}XDbJzjfKq8G7g)+>+6+p}Qnpx1hBBa3SxS$kTu2v!61SACmU0nY
z1WLkEwpq$^>A9dJE#+cM*-qO*skW3$EM*7n0HwxKF13`)=rT~|S<2;<q;-CD@)ZC!
z2Eg+GJUalcq!j>H`=EsD3c3P=4?oY7!L@>}l);sx^+Ap21K1P*I{{n}0J~@<z%`Dn
zmGpd(wUTy<td+FO$l4mzxC;Ci2f)<;E)9U))CF*hBdd$95?NhzwaDtC-A2~7pvDWp
ze@Osb1K{!ixR$yB_BgV-=>;OIo30UA-E^(UTF%$Gp})rs{p;P(zX5}%H>3E*OoX$U
zGTuub^&<L%ak3BajSjpY{5g!uoRdEG@lCW37(adNx5WuQKsOnP4v0T;l0I@F;}xib
zkb1C4Y9FK?45VIXixZruJ_Au+q#hKh2ScR7_Pvhn{ea!JVe;ldXdQI4_VW<+1LL=4
zz!qnCn1&2Q!=iOiv<`-8?dK7oZ-(TX9myj+N+ZA+$$W?oWeAg#d`}$bF&Z^A8WZ6+
zi}0JngnN{AnlxV0#9L71Rw%yJQ9RBsq;X*UCf#C-6MP%J&_HyXXuVam-Wsme4T8ha
z>RNFGRVJWy!qIw|kJ4dae62@pafT=9sDWrwv`&cDi7>5)c?#%h1<}*Wkv+w?E1D9V
z-<ii09aEV!x)VPg(w}!I0*~RKJCx`F07dxDoxRW=H!zMXAlwGeNTm~E#|hVt<BCrz
z0ynUJJ7*kVf=?*|gQ3zXZ3O^Wf$v-^fVxw3+*zXIMOp{2zK%V@VagMHmm<&&g6`5P
z06+!4b5)>S?ufWs8tS(E9;x(VG2+Fp5qB$oi6U?V>l<;81I+Nfiojr~bg#Ao0Ia|_
z#0to}PY5p+O)qsd-KY3vitbZ_HJbQ-Mfa;r3eLsPYH{uZioj$z=mD(_0JPy7qOCYs
zACxw`o$!!UdRQ!Z*tO(A#V=O`Zeaa3KjZ)t{D>kj7%DxYtpETk@C~)Xji^V(imWq|
zACpRtixrQ%Ry?Zs2}R%r*0<s@2bkekC<23_(krwT0AK~aAyz=%lR|i<XnLiq=}E<Z
zr|3x~Sik3ArRY^Evl%^)A0<8iYDHi&9Q10f4FI&^8=}oCtiE1@1{aoJuNBCyzh0;4
zHHu%a==G}8i}4#wA;oVrg*3m(6g+;j6zC0FF$!-)AtsnNp^%con^8#9YZcEbnuW9!
zzr_^N{8m%&_-&>T<F`wJ-lC<U@K!Aig|}&GD7;-ud!6EUD0&B^rTLwv;PJamA;#}E
zg%rO>3iM7b4TX1UX(+r~OGDv3A`RX2_vkTxFLpBg4+>N6`y>>AD@?lY7YrB*m=8$z
zeo%b&LDy&RSNxBPzz(b*9UpLj3I32GFc>O*NSg)#{=#>zzkqs5bUam}<Daw+V0|6e
z3x_FB@P`$FZV>cgtpWg4;5%0Z8umW7VIP^(_>W4pkBJ!{bItgO;*To=JFvbPA9a8k
z{)8eh7%F{2+W`P};2UBG<UK8fPl~2bx|*I={LhM>R)RH}_*05Lr7|*I>mLk+Pb&hG
z;h;}zZ2+JR-w<sc!PNzKenwhd)DNGPYM&EZKIhu<8O8si2<*W6t^TY7Oz`Iwfx%Ge
z^V$voumj&vJBq^U3t~r+WnYwPUlKdM<l6BC#s8`Z?7;eVe9-}B_{)mGV5szEZ3h6@
zfp3T%koOfKd{s1k)z$PB#s8-0D@w3_?|)6v*UapWA3eK&T@jcJ2Yp>@0|0IKhG;7p
zUf-BAyuK;bz9qJN%eCbjivL{^*n#z1{Y?j$;BPAegQ3#5wH*Lp2flOd0O~uU<2xlf
z{zK~k*4J@^aG3H0e^(Lc20`D|DgZzQzH?QShSm3^sYSWv`%>)(V#W_#Grp(zKNW!;
zSl^8AJHQP8P!Sjmm42x0002Ai4Y33Aek6n+i>4pDntr7CzZCsQ3D#)hpD6l?nc?xH
zXZW8g0+ZpOpK5IYpbg&;Z6!hcGii0v@cOw_`-Rx@3)hyPDgJLoU<cN3_0Jt(f`6$9
z42DX-)OG-X9r%XY@m`3xo2Ori9Yw?I*HY~_V#jY>JAS43e-wcoSl^CcJHQM-qX-O!
zO3!FJ0Kg7>L+pUO-wNS(qUm?8rr#?5Uq!!Fg7tg<_lkaRW_kSRS^f`-z+^b+4_X@l
zXu~%|n={M*5iKsv@_!P@&hmd&^hd?h5t@$3OnSR1cznzhVtj`wr1-cL==O+SwMXa}
z3NgXlfkH|O$5BYrpA^qTXa>?!e8Lpce9{y=K4l6qzEcWxLQ6y8q?U%lDJ>0!JGHbw
zD}GUgUIb||zRMI+e77m2`5sfi;#dlFmzIXY-C7z7_h@M-yjV+HD&4g-thca~ju2cD
z?6B{R;Hd9Dd<v+S3S^I}UM7(3#rq==`alGJeIVj&iCz-n2O|W@!1@scnHHGghav<9
zgP@1B`2b)fzH@yF)Wf3V;SwD$*E)dpb-*?Y%<v--0)s)&BU%Rl=)gBr$D^X-QCG*k
z5q>N}=o4Ul9q0`U%<$t80)s)&<5~v*=)gBr#}lICi4q;J&^mzib=)5j76Z)ilMw=g
zLC}+02LR~6H%tdr6`>PPADf=`B9X}iwyzzY+#SeI=8R|8xLe3ft62&8xIQwbI46MN
zBqi<9=`=>6&MqQv&aFc=PWrt~5P)Fm=Omhq+XH*+P%UVjomO{w4pWig{%LVF?ib2%
zr%;0ng$UO|POT#+1qdh5B5Iy3`Z9&WVCKSIh%Ym0j`2N2zQP4aO)61N0(b^Uv{DTk
zn~A1krJebVbY_LQ4wCDbGQU%CqrwT;mY{Nb<eY$$AZB2e(em&vk8u@2$9lL0{Y6RX
z@M_cHy4~)<JZy5VB_?>@SqQ})43)XnN`#2MVvbl5M{EM!ioSP6%#<RIme7yS$Sw_6
z8ZnX^peRY?=s=O%p*m6&K~L9GT?!p7orKWxxX=~GNnnvqEua%moIu}4Bl>DCY5N^P
ziL0qI1!X~mgs%xosO>inbAl-;)*zCSegGM!A|w0&O2S<dGSPlB1o8;d8U$%If;9TK
z1!=*`p#6U}Wa_AnJUvM3Ow82b2CdlLxE3p1WleCyS;S1^S@1Mbldl<fX5#23Za#}@
zawTRAPMd0JZaIr;xcc&|wVG<JJpU}JEuaN{wFRcy0$z9))fUkrzuF>GZ4vIjN-hNn
zt#$fUhEXv`jL<O4fnkIjOM=lB<;?&Aa|(!~wAck_oMF_+q(_Y+qG}m6)j@hH86wZf
z)jo24WsvJJSx>7W+!f33h>R4ZJ{ed$ZpJ;PTnLv_92dJqc(9gJB7qo3Qlto#VGJiz
z)o_9jR#P-pQ<@q-B`*ma-B9vZBUtS5=NWxR9g|CDNe??<U7#(RO16@uY?HO4nvkUO
z)Vy+YNpt#p(ZZmT{F*Vb=OkDot43tWJ-Fwln=hY4duk(-ElBftcypTnW&VwPIoiP$
zR3V87Q-{uXsWPslN|SIZ(A8W~wuLIBaa(lX;DR1#B%De=;TR^EQN~f}b<7KX!od`V
zi_0pi68Zj}CB$Q%mKgQm3y80Rc+Bord>jx~5ft|?C=FAXc$wW(!Q@^Lk3KWvPdkT;
z_-bFgVG0wExhx0<bWG7Zg+fc^-2f%fWSL*qdr_Llsi0Qb>1)XZUx$X*Wny;b1rDzb
z@`U=LO}e-)@Aq+?OgMF6R@TaMiI^-ekW;a+V7wd1XwB$pWKM2`n#N4pssS!fjd{E_
z@G@zmrZG^{C~A;O=en|in;gSByeQrr6buDiSbC>R2zC|TQbIu2OAqC_)xWlkGu{Ef
zFTB7aaNRGviA5H%m=?=sg)D-JWiQlb5$)98=@Fk}5ld)Er`Lh4gt?-Q^D<i2>8<7t
zi@=q6r?(OJ-7U000<(n{$^6hlBz@XKZL(KtrE`SVN=t>-N*zLLrRDlWayAp2J%P*e
z1wGT#$8lYndCHrenVI30)J!X-TC)+^Y(zF2k!d3`ZA7MxNL)RNx+cQI3C9tMhh{Le
z>tsoMx?wH&GCcUv0m$X#$=J4T?m$1v*!4_!<PisWZi9Cfezb{Gv9NRDf>Yxq1nbm9
z3BfuwX?qs~Qk+_25&Er73<D)_2wvQXQ|l}OZ)(J;4HnTzjpEcMi)f~1acbHkTBt>w
zS`tee@n{5VW${3QQsTITyy!{cr$Kr-DUU|5+^4kAlGG}+q(lLZnT=ByQjKxy!oaDE
zs7kzv1ZG558Ie^+WZa018<BA%GVY5slgk-01Ey0Z3|VqA18{kwywlTw{LDZyWT_}p
z{Or4!DkU?Zvd#>PnZeZt(QQsP@I-W5o<Iw-L0cfYO+>eah|YMWvH9kgAvPNd56&tP
zqg8&KF2k=2xBKx~iTE_}XVQ>FKov!1d#0%B=+%hgvT{rXm}rmncvn(Yk9Rd@f4~9u
zbqUNQ5g;huf0@j@W})Cjw_YIl&64P^#>5>oQ?z0EYvtEC@(mX9u{Nf8W?IZ+k*u&W
zK$KEs&f~2*lIL1FXV==I@euk?o_1lTL&oKD49Rk;uyZ6(jd*GnnVmpv`%90~=qS{Y
z^(v>~!n6||z~w284S*fFfc)r4iwot#q#(nOj%KQs=xElDrohlb%@{i#&xiE+r2#TO
zPoM<>GCz<$U!-GwI7d2AehSAz&EK}l%Pq*zjnlbjk%o=$#XE}~Sf_X*>m72uW3ccJ
zOVs-7D<Ymf%5C~pn3+5=(zv|{j$%$wyd>!6NXhhE=ptT9OC>>jv{Wyq(VS(plshEW
z+VPsJgBH`0R5f>+<P$9DFn>g5t;q=FLd5!b7`*~Z(-r;T8se3-62Al71yol*cO$-5
zVXfK~1l;N(>pecV2#)d^u!@|uXVIc{v`%IokJbe(dKRtY_0)woS!-xLt)jJP&<0w}
z8)-G4M;mz)b@TZMhVz}Z*(N}Kn4f2hHq4)`QH%;<0r8x`$}@!b1*p0iIyXDv4P2f!
z=bg3#^22+x1mNZneRKgWmhirSNX8bDI+(W51)RZe4>a_YhImh&Knp^=C(zI%8hS!B
z0Ci#Dew~7NEBtp6{I@mm-!`Nqyy_|n`inJO2>R^~EJ1$>9xVka?-D0~3>NXT1CPOW
z1R5@-i}*6SlrN{Pd<9x{h2yKs0r|eV%oeS$o~Kca3Sqvwk}jdGNJ-B>3!m+Th+WXV
z%kdd-dD@kyi_vy}DZ4A^(OuG`yF&ERPTDR$+bOTa#9vp@PQDtyyCHpdslRsT3ADgp
zy94RFMf&a#=|H^z{<wy&De}j)8ZP+bItLbi?4do@AA1~s7%cp8JzZ~;&>p%TN$3W;
z);3#`P;U_&#XB*DcVd37KSL7QOMB@C8M1qWA-j+E@_v{@y>uh(r|T$-F`EmbP%owu
zct{qZt^H0O63DT<K!x=OG&3DA3F#o-fk{H@GuXa<JQLf-{j`nxf`}U^Y78EK6~R$F
z{py2=As#-929Dq{*B)u$NYKEWNuGH1(IDQ5jp7m6Fxq#BuEW!=0UoC@zJ>6(3ej+@
z6X)_6%a3z;qGgIU&gF3yre0JCi}Tw8E6<RV4x{Q3=se=YH*k46l6Tq;$j?bfBm$3w
z=)+sC>m<Gp(;nj@KP^oV9(sX)5=tgZ!+bJNpao$*87P?)CD_D=HEPNP1dc+mrS}r@
z&<p>tqj#7SAHNd|wpe7c0*kYG_%E;iYyE{;1;&X!0&pg4yvw&{$YfpRz%ow!vv<8z
z!|vWL)%1z{F+^H|s&Jy5k`oPk>^b)ta}>LlD3#06G8ShN7W(adzyE;0a7qxo&ad&e
z@pzyQCbY32!C&a$gcE9UrhIm4u@y0DVO&3_;1i@GdpLphpX^v=yP|C~OkryACj>!o
zm7X3HOq9PJpm}n7P)~JodQgwGV$lu^t3zzqogG>eHDc@CghgG7TVP#_V_g~$;$IAG
zwng7kp~$)A+zyIU0$EEAwQ<;nTqcWTIcNij12sV=urJ42n&#Vs;{}w&dd{`X!=ro`
zjxshLvM~uiPILNziDi%E5$iNS%xxJD$C-<%jTREg5uP!zy-0z_=M=%w)359tWwNqs
z7iDH;hgID&H0&H&Lh`#HRnv-19=mVtpTez^9Fyplm<uCE9!?I-QCWxdZwDOGf!+&_
z%H*-Voa1!*xxp}nIic{_9veD+Dud-=aesCd!-c(hHw3PN=2gyR<_bW1=GFSUG$enS
zAWdH-$zxTB6+o?qoYjt;m4FIzx-}HYSuJu_hseR(X}tBv`cz?Uitbzoq3fJ(SqsQd
z*=uak?;@cvnCHgna){EmTR6gSsEHr?$Hy^0ef{6hJ#f8PGV0>(vN2AT&)MkSdkT3I
zhcGqBmuEU(t@e$HW0<-(J#$l@bJ~lG9+P_#(h2%z&gnJT&C1YD`ffB#=!=2`Kjq<~
z2WpW(&yey8mE;K1sI3vTHE<RVK5Y!kMVhFUKaY~=F-&1<ar8;m*dkXKLbDElJu0dP
zV2_7Nj&{7#qn%jk(N3!LXeS-)F;j8bTgvfJ$uVIE@=tKYge)V+LnX(A8<9ln&3R3|
zIj^ZV=QZ{Eyau-&`kbdh_D(TC*c7JlgM+{{m7C+CCDde&hnA4iM}A9jONb*vxh&L&
zO0`B}t&vz~B-R;;bw*;Hk%;cY;eZ^XM^Y)Bh;UMAeHfC6948`WnMAZqoVW~5T;@2j
z1CS)54u6yxrZ6XVFj5+JvYi>5h*rR>D_yU4p<*{QbUTS+IiNzKSgD~PQFKe9kStZO
z*F-8%e^cTrl>>`c(`qCg&m<k#hE1^z;WdE#d~>cX`aK~OWU0Bfp$AO9X~mqMlEfo7
zSh`Sp>5@1pw@Aus_Y%`e{+_dY=h$d2JJ>gLpu0!^&F$XawQIWN4?Z{1zTv@<zJcsm
z-|!ISMn{K7X>5FSD7T-+hG}$sXsmBAM>l2r2F6Eo@ona}qixp}Td&weefT5Z++c2K
aj0Uqq<5~P=MQ(6-^frOA2Q;Cr)B6j>N7XF=

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_Hash_Blake2b_256.wasm b/src/wasm/Hacl_Hash_Blake2b_256.wasm
deleted file mode 100644
index f4caa5b75b22f3b7f62de05859d988aad90694af..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4552
zcmd5<&2Jk;6rc6(+Uxyr*3JhZO_Mh*NUeZK6bMo;bbF|%$_)vQ?%LV3Yp*|8uaR1%
zaX<umflF^7ap<iQJt1-K5ee}x@CR^!6XHb0dpjF@yono&3sEBP&dl$<c^|)dZ<hIk
zj=~sI9({Ijz?N?-`^rB46h@=l%1C*^k2)IBx{i<ZB|k2v3j~?Gjlq+tOl&fNJEM&F
zB?}6_e~yM(rCWaNcY;Xm1f2qNt&h>}4~PAJFHV-E_j)5pdQq_bHe)j6+)0pn-*2{q
z9j3_0DP?{X-s#p+SwV)>WMv&cih50^%77^y!l1XVFinQIvW_J7`%IUYPtfq@HY>`I
z^RkBK-Jsd7H-@{rL0lh%_XAdvv5PVm19(4(d(1crsk!4PetnSmaiWfx`t<?E+b)}y
z?Nk=rYHe|;_!UhlBj!CetkQ3k5A*!{elx0HkNkFUrBT1~&UU?#y@%Z}Vdlk|>%%_o
z7u4IqJ!ZXn8mcpll91W2oQ8}1LBgEPnXp~7YH*jitFsWS`uee@sORrcT#^9&Yt(n+
zUPlZuo3+=D!3Rk%4kUci8>1IzTb2=MsVuU9xl<MM`6J4~cXT8Rh5h2lW0x4?WzXd%
zm~Lq;9eb{)M4l0)gO*$H7%y=HN?>dw*aGW1dzUdVJ*CY}^%}mgTiUf04Hk}!s0G$#
zCV{3j*ov-LsD;}Xna5hL&Y(O6u$~Yt&^|4*uLO)62>w<{(IrIdya+lJ(ID$*;tis$
zu{Y$Dr+9_gPN28mf$}tUgS;`o<QC3w8|-ly4it(5{*%6Aad5!#*j0>!O>wX>4z?5r
zho&(O&KpbuO}UxH!QmB9`2tk93k6<9Jyl7MizB6-s#+MoW;$twBUs8#rc?9S4Q&Jr
z&;v|K#VzaUfQf;%1{HMH(_AAT`oAfdMG8IDYGq%|f{Hoj7TRWkesi2_Pidi==qX3f
zPY$`k%Yb_jZ!lh9Q@|Y&@YHXQc`k*xg>*riq|qK<m_w-xE~v6tP6_QdjWDJV#vUx-
z-_*{B`H2U)^)C*+_nto7Bi6XQ3K|e|Qlg+EyaoysJO)*$x#cxnQ(8zZB=9&CB1s6L
zpiZW(@4v*@YlVFq<8F`Rj-<rH@*+}BR1kdyDRJAjNSH(>o2)@n+8KcaXv&C;KsKg}
zD5JGefMk%Q6(p&HB-Q>KNhekw`F|>9YET1~9@3iNOpPz*(!D4re~&NC!I|YbFe|W<
z?Yts(Ug0mzA+`#unb@ijTjej$A+`o<nb?{TTjS^E5L<`!Ol)0<t@HD9h;6_|Cbl8O
zHuxqi=i-XqPEICLo#hY)pkreM9-}4vL!-x2><}l=oXNxk*p!Ed(lJ`*ke(U^0313s
z&QW>F9g*i*=W>r~JupOev3t?8PbURSU)qsA!2+1JC>vKe)@ngFr1PxKh7<=IOBFtx
zZH6^8tIDoEhj0}Syh*}Uu!L|8sz}#Gi(_ceaoiQp5gNglr^Xsbs*(4gVkud6ZRA2W
zTmj8>@)i1*ECi)-g*d(TQdqKfmo{&Mx-V6!TcS&d&0XvZ)Hy`+&{8vO(A|pe{rS&N
ze?73qamaVp$=Rkd?};-j)p?<-Lb~XJz~rj;W9Cme^QYuJ!*wvm74I4L^0c~=pP~&<
zx<3|GygX1FHmKqm>NR|sTt~3`P}HHERXhPg111`>idUu^5c0?LKy25d2yq9m9X}LK
zx_0C*DW<1!3(?Qi6rJ-jk1hhXZAAa7rRXA>q;VYypwpG+I9f^3f9Ug|b+n|2y1yx<
zXv`W{xkmIN-PV(b*k%-Vky(!ox@&Gpm+h^i%XW5|Zs0da`zkbhoqibkN!aT`5XZe3
zl40Bpb|C3NJnSZ6CxBf)jD~Sw-Vo1A7dqi!5O(iCa<3mi*oDZy*Bd6#@%vZdgRrr6
zvzvSrH1TdrZ*kZigw4U$r$H0%#1}5JnU>LKz}d1$d;^>*o6d$YFZj+m8wSq)vN{{~
N9i2w;E%(3J^e^$X6K4Pb

diff --git a/src/wasm/Hacl_Hash_Blake2b_Simd256.wasm b/src/wasm/Hacl_Hash_Blake2b_Simd256.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..2724451529574975575f03f42e29974896d5d9f5
GIT binary patch
literal 6794
zcmd5=OLH7o6}~<1nVyka56g;VOXt|JEt6P@ACVIUEVob`KVuRJi^OuqEvYTddomi?
zSe9lK7Y-CvR8g>`D%(I6-cjt>Q^gWC`~=ugSx{j^72oaG+!@BQFdLU1)93WL=lR`p
z&s<?`lr$lP_Vdqocg2CbT0?8#U#Qu<t2MPf{)L-O`96w|_J^3mk?&ehfmDmt((Y-3
zN#9-|75e*Qc%{d$Sv9L<7sDmH6cUEM2&d;atJO-aKBzorm+g9`XiuFJLKPY9CX%gM
zD+PO1XsTqJGOL(dD`%lBq>A*b%1TzTSXmKaRiI6W>(JRVBBF{Is*ZZis*0%kx{HR>
zQzE8{99A`~tlKMv?DFQldv-0mk=wFGT$LSAWs$%wyH*hiKc%Tvt8QgC>Q=2DZi?{F
zc9HLNGNq?8J-tR>|G;4E$C9Nrh52<%kN-~ABYFI?wNlJpwl>zYvqh_5pIOe%=Sr(*
z-kQp8R-w?&mNtv^oY0RwSFmVp)J2+}E$8L9cl_BRHG9LZ3u6x@u2-UO50TZ}nhjU_
z$DVEHUd^_}z=>xItjml%$ko@g1^b~GOuD&6MZ#L@%dcc+e<gQWDAb5GO)((^CryJ>
zlrrKY4s9ByRx}euhsYZtQ*fLU6sN=#gmuzq#d#qpWoiXZg)ibkT#H<Eq)7*rDCS8&
zDHNeL4QVZ^>CnRIqrwz<BPuA_CZPXO)))Tifq&9XQ!_))b_@QSyV_I7G3j4|Qmli+
zX-Wry?P@YI{7QZQ6<LNdrkF-#X&G4>k)@T$GLntRGN*(h)aJMsS%!Nk%)QjZ28Fl}
zdioSS1}LrIsOk+KJ)QCmLs-eTr!!)TOOYlCLIg;1kCBWzgm4LcgnAIH88H%_$^1qp
zGZtz@nzEs4jj)$gRE>4`rc?AvP(4%2Lrw81Bl7MkPjHf8Lm~nBqO?qS#!a{rw<%0R
zrZ^7(z$b;;=H7iMHOQc_x~xNqwAU_?Xp=~6Q!jqnEI;XF>~y^U(Gzp#=})#LY7Fk9
z2ub8PKtUkfPa1_xL4DM3BuDU0%L7`1Td8o11QD6k7F+-F3*<f$YNV0(bdYy|67b&(
zlr0q!zAh+Xw%`^_0aIFf15l<t0J%bKPIv%Hqg)a)kpdRTH2`T3K$-zaBQFNhmY06~
z&xK4s^^<TmX}^n^ejey3_kddbZ64eQW)AE_W{8G7%R{c^AwIZ|Wy3V=EgN>14f8Ae
zST;f<-m(#Q*$9vBW7#1(<SjeoE<41B_pxk@#=K=??y@l+rvn{%MYOG*38;$>i3B0A
zKmyxn5I=A_V2LMSz?~LjhsIU%iL#9jFgd$MBchDlH5tD>b!?Gu<iU<!ANPAb2}qW4
z9?8$D+$m^%&KdI=8lXIMqLjkn(Z+{plyn^!M~9>kg|Uaz2D+k8W+-B$J6q$QymQdE
z4cDHFVCj!{&N$~_LLOwYJzR6!vuoT)jgV~FZr6@DZloz{WTNIj{{8!Z?&#5dm~ze|
zXR{~`*45P`b;+|<sO{#b9q~lrDaR-#TaAD88DWl7+-)f_*-~QRixg8@N*t7IDRHl*
zxI!=#=7`KII=|OaFcg>(PT~~*h2|XN2uhLC|JqSnv>)jWAT#WApb3$HFOm++b3Kn?
z0Aof1G-eODFd<y+zYcZN{@Y&yID_uFCeOAw{*w5^NZ&ZoK_B(N6^93|1=oX<!oYDB
zdOF*r<j$=~(+o#}5tR4wtoV?Uv*H#o2ioU;r305CFep{HA?xkJQ}N${r4nC8!qlUs
zH8kBoe~+Ty<w8F?GWGf`+8_<bk%1E^!~>`kdSftY^@H-}h`!*_tr^NN=&%?IIEti4
zDHhZXtOL}8sJD5@N1;;yhj6E&)*9I*c^I~b%|tLKfS0FX96Ld+KzVo>mdE387rS(j
zGE+EV57N+iVL;#&I>?wfc@)}5&EY`1oC;|)Pk85L4wR>TRBA_8>K4@@cW<FRc*7DO
zcKTHdU1JX2Lf^PT%jytOP#sdL<8o0QCJuHr5kKAGBQzEy0nLMtw$TxO)ztWypXSc_
zRY~)4I!;GqS3d5va71{5j`M`X+EIFyCTN_F89JZzV)WVwe+zXCTn3O^i1qkz`Ze^V
z*9wp-^Xv3FK8t(`tWyP^1is!t!#w2!?#(vu1)pxCBYXy;QqS3aM0AeM5y^<o`4PQE
z=Xi=v(P=tEQ}hO%ML_3ioZqH5`5k(jr)iSk1sL8{U_K4XgZVqbV*vASJ1oY6Zh-iX
z@8urwzJR4OusNf^8@xQt<dxV#c>tV|0G#P!k1o)-g!cu22z$$g_(i(FCWL2UVYU<E
zvw6ZhAL6sVg;{A~wu=R@zU!CYX+b=P`n`wx&H44agqHL^y$`J|&|h}w7U-`iv;_TC
zx{8{*E$^xVAeRgLT%#*=&9`u!-s2l|oj;&CzKN)ADz*9mlvk@8!DCRX?>Q{Sf^N0?
zkgn1kTGB`RsM$PJEWq}HQZw-Kw2-IE!EOZQ)oej#bfJq~nx`wWX7lusTd(iaJl}%g
zBD61d)@w0Oc<0w^(bv8xwJ&zj4%QD)kB{l&wt9Tx(5-shR%ls|C0YvVv82?)<)R*U
z=uXgtmgo+e(5LiC5VmYW*)}@DchQ6_Ke2l>p=Da8Pvw?f_P6W`E%Peep)B2{Rk}?U
z_N?ur(4A%Y9=gd~LFq%1Qao?Hh4*WYFs-=_X`R-gy~sJ2n=5dhE^&b_QO-wPu`L+E
zr8YXkWr)h2RM|&>RjSgG46y14_!(8XMmZ``nQBy^3gX+K+gzt2Z&ID_Q=T6H4G$EY
z-v{O4d^30qaQ;Jw#aPe{=MQ}^_vlGmSo#PyA1U|-FHev1O6;IKd_R&1eALArZP9Is
z?=4z#OXRhsZQ9};$Twi5(FyZLp773xdBZo-kVYC^jDXejjw78hW(u7@*9gCuGL;PI
zU&!ecUxs5C&iqS=81{!Vjw<~MH%)<gIU*(%TJ8_;rpFo4QVPnP`=7@^m`+LDUqm>A
z$@C9lXLiJp$q|m?TR{|akp4GsGEI1M;r~9F;?k^RQcc0ypCjES)!%s5FiOhr7o37`
zI;8&+b)-9nc>Q1U(m)eOh5mI+-ttZQx0|@xob+xsmvQ4;n5LCVshTTV^<1S)cCA*a
zQGK&kwpXcMq1tA-o-5gO&&m}yYj*0A`#Eu>l-t<ImDi~LuxeATOhxNqWwTBtt2#~B
zbIX%g%Jp0JO1)B(PqkcmBe$|KdEZ`v`6DNV<I#M*W?LmFY4gp!Bz@Vua_(hcHmBTs
z-j~fQdA0n4J}umwyE#p{QnhH8?6O2tdDAKqZu%>=hmx|^oELi|sO{?d1wHxy;Qb%}
C&7O7u

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_Hash_Blake2s.wasm b/src/wasm/Hacl_Hash_Blake2s.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..0dcaff92fc840a8a399b6410fb14041d83f27baf
GIT binary patch
literal 14005
zcmbVT37nM0mH(=zhw16=8JanmVL0Z!fq?;rLr@eXNP{AXpvdLP&_Dyz({tE8gJOh1
z#5-Q`b`x{QT$s(qxXI>N%;wr08?#BwCYxhpVxqZCG$t|E|5bfob#>3D%dS89y53R$
z_p08j<EyX6%M|;S=XvVk>y8}pT6U_#>M$OW(b1i1RK3QdYIL+*UJb@!VM#&D#%YeQ
zN+qi$Ec{ny!pDU1fNixR&tDJ!>T1?!3Yq?FzN$alAMsL&?Qnnd$k5PWVYtaD_w33J
z59YH=PW3!jWpbEG&roJ}Uv`hDT+K4DOul#DKo7tou1bRo)}P7e2X}i_u0k1xacJ=(
zFY2nKT#VsDX2`2{#UTi%Eb+#<DpOsA-TSk<`+9bb?A@C!^b~uq$$B-eZlkM<4!kB?
z81!OoYcsp^J?r|1@;$5anZE3zp4Ec`#o^4raIr&+)@F+PeNnNer)OVw7})#zGg~sd
z@>#F;HR|)L)$cu^EB9>n;z2~?doshB9@s4mSB-jAw;w^clZj+q{rJ>`hQ_AmiQ{e(
zmKycaM^vKbMM>A%X=4qH3;`(H(?60Q?)B=XzN$h#Qyli{TgS@%P)=wWD=K7**<r6C
zq>{1fHHL`x^zO^TRMW(<czX-ktk>K=R<K{X{HosJ{XKozgWkki(>Dlcm5RUcW9gYk
z9>X&dIebrKH0^bH9@nN*9H)4yrcKl7R9fZJ(Yz*dsYu%68jev7#g;%hL5Z}70>#s+
zkK<J<QSjDBS88oafQsgGlmKo?sSF{hs#O9goCLcL_3P59bwT|k*HaW6SceZPpX2c~
zUVKbZiYL$nZlHQC&QXKl*QHgC>q79;QEsG0+ob4gHK~c3Op_X=NsVx+(P>f>C}~oY
z-z1|HVv?G;nIh5A^k{Y3OYlUfv`{luJt~gkH%-THMmdV|#3fz~KP^kVBq?qsk0&7p
zZLo|G*v^~;O7&^ut+wcUArgkN6B@r`y>!wvHpi18p90V+>8S1D$vl-N3n!lg6r2c(
zMV>}e4Mo$$<tfs)Q$kFD)ehA5bljq%Jd{r5na~U-w*CH^snkIorr%i_!+>O`^&Oz3
z-#h#k8>J9;sDr1|be=)e(|(w9+zBEUbi+&#wohiIfBlyyUOJSj<u2+XN_#oKD|oh*
z%%M4uC@Yz3CEe5wNyJL#S;>5w4@s4kEU=P=v=EZ0m7HQFi)axf)mF0DN=~IyAsJ^S
zr&-AoS^`Opm7H!RXV4jt#H?hgl`NxWkkneqnO3r#mO~P^lGj<u3R(e4!b;Avl9jX)
zlBAWStz;Fgf~3w$R$Iy0bT%aQR&tJ&tf4iKjJJ|=DM|B!kgNr9N<gdwaaur}M>9aq
z_DM<C8MIag*9=-GgKGwzCxa_V3xXQ!K`ai4^Ff>*5F4ly<Xi`<lhzAXC!H@?owUJV
zy)LM+5&G$XxB$dC0dXPC1i93~nn@c4YbISFSTpHDgLPI=V-xgO2gF4n&JBpoGz;XJ
z4%RH%Bv`ZPBEgzPn+0n+Z*fz9tDE}U+|=Km_W0to;!DyIzBFCMmyt&o13efgmxI2<
zp|61c4vfkj&h&9P_t53SG1JEtwwU9c)MF^xDe>4L)5i`#lok&&LxGh6YNiZz7f``5
zs9S6?$Gd5lp=h_DW&|}8f(qX+b9~<e+HG4FRrbQ_UdQSl-bZ_cW2|OvvB>*rpP^{K
zSlugD_l8;B!@XeVfQ$^b(_t_7QLk_`GUq9uP92cPaDn@&&q%0WpmPG93xoFPQl~)!
z6%8Cjl_8iNa?B3!l{6q6)1X0H%yEIPG!zxY>X29+3b*Q}KoM45FNRTN1Xf2Jt3^IQ
zMd28$!?sxDtLT8C=qj-~B34JjtQPrdunz+Hpo4rhUqe?5$8_WC>GkR40X&+}jn~pO
zMncyL^g)3>7zSOQ2Zzugw}FRIWfW#d9kYk{h@wNnGA%l6i#fhd5rkSq*D0|)DweU6
z3d{4O3eZPY8TR#pEj$ChwN%dWF+~s?Asy53Ab^kOSOaK^oANg(Fx;HKQ7YXeF5Kk0
zaD(ET6+v6L#)%spqR6)>f`XCKE!qnZ@B+^eFMxNe2yPQgx4D*XRs04;w<^swF}z*T
z?J6BRAkS8W@eV~$ky=>l@6fhDz!sh%w#u{dPHC~*1$RlMyTy;YT|e$r{6<C47OrXW
zT@I1sdlW&zNa-H!1qgV7XQ&r$3f(JSxP#<AsdT@1alh-uy^0@D1a09OFYa@QB0s1I
z3Pwr~YA-;*3p_)-0Nz6)cvvhw>{@zA@jobfNNKL=_ctkelS<bdkmn@y`<oR(MQWkn
z->hwcfGs>jY<Z=v)gx$bX>auwq3q`Bt%@E|{5C~zQ(az^-);&qeupU}`JJZV@w=oz
zZ`X!Vcn1nm;k*-tm=xZHLXzI1_}z-$4YU|PY6?kyk12TkUQ>wj`=mgRYBUtyqtQ@!
zuSP@ReH!hpir=s3{Xk3d2TZ}^<E9Yh$4nu{ACv-pK%=2>T%)1zm_|e4gMx-``bYE_
ze@J0D{U?R>^uv+};FVU?$Atrh66Yh*y-!HQo^T`fxZ;0S1a;w>-1vw?<oKhCpkSo*
zQSBNC#0$@{@dE2(V&h{KHvUE15U#PYO>5|Kjz6vlawDXVYZD+~0?)A~(6A2+POy3S
z#F)l^QmTDQ-1wC1#wQg2t0Jfi*SPUXhbZz1MNlwOI-&gl0YC5z@dJ2Iir~{?>C>*I
zCl&vjq9>K+YD@eXMW0c!7RwXE;IoRLBDF9KKC5kkfGs>jY<Yx0m)iU}X>(aGd|s-3
zK|J|_>&fR7|GOfn3)i&y^A3^YFDin9k<u5nA0Xfdo}qq}CDoV2k224`EY-duetgCC
z<4cPFLlM-4Yy9}KLlpU|ilAVm^i}N#2>5|#h#$avN(5gMOJ8#>J*D_R6+NXi*Yy3@
z6@6XF0*<Gw;NMUL6{&^3|Aw{&0=DoBu~jj&zA0_~kW>yb@M)>`E%D@At|#AA{9lTo
zE?m>*ryU~4-&O<#Bc*R^KS00_JjeP0)_26lcPecBx3(c%V`ID4(B&L|R}th!NZ-{a
zK)?i^V@*^h)%T>SW%J7SrP>d~jUTvfd{6QJD1y3hjT_&0h$8<`5fqG+eyIHb0YC5z
z@dJ3zh~P(J=|`@mXB7Wf(KAYOwIzO5(X)DG$5U4JpD2Qg)IxZFqHTeIEj&YPRV46F
zrOjnS>p7|Rym<1w>&Z_Q|4b3og=^aUoI~XJ=Zc_Ur1W#`2MG9qXQ&@#N%afyqiksX
zQmXw*{P>mY$1fEBS`pNRYy9}7LlpTpilAVm^c(F52>5|#h#$avK?J`QOTTq3y`cDa
zie6BfYx@30MK9{r9Zy-^Us41WsfE6ON!tPeTX=@pa#r`>qrIio{bix->i!2szgPT6
zMSs*Q=$}l%<5x@}%6~S682?2I^e1f?g;!9B3g^!##H8>S6q59^;=d~Tt6tszW(r9@
z644xwuQP=xAC&_AO{1Z3BqC@iT!%tT3P({$(jOFGAEE0bvhz4*3NgOH6q0<SDPTh^
z1v-W*o)m7-XeivM(NMTaqqR$SwTJZ<w$Bkl*9P;>EfJjG-HJzvb(>K3{OJus*<QRo
z0?<1mi0T~?=f&XW2;UhYAPd*z4=^oJ<hvpS1;e1bwEH07B%Whq3fA3X<L(L@Z`3w~
zYiz(bOBDH@2tmOx=pJnY1Z?0LYU5t9aj$FRmI&V$A@qrGjScjMC5n81grHy;bicL%
z0ygjrwef)1c%Z_@gW860jg8wQT168@ekejvFj9I*+W-L@c!t@a+A?<H;iE^6c+tq=
zs!?@#oINE!;T`9A`h-3Mw<nw@Jjnz6FGuNPPRnrumG+i-9uCcM#F;=taC&YJc$31$
z2u;rO9HlZ>{6pO&*HIPD#_Mn%9^n*lQVz~|P&g<SsCrxUF-5{q9`kxi(X_WFI!YdL
zSy7zoQi*C!;AmfnL>o@m(Yk0VR@ptT$mbMvPZZsw{O-Y50MkCIw#Oh<(!Lx(^2e{`
zBt=1@Z2Akw_M`~mprlx9)2fW#;TYEvOk#Wn=SA{~!C@!vlkikU4##0%_xnkOrGyJ#
z{$F7!Avj@?PK!$COaCK8^$1ZNzE?zf0>U)G2~!G`AExoP=!Z!p3}vU8zKtsK(0dKK
zvlKO$&a#oI=$V%#GWfPr6C^EWo)g{xKJUoykokJEMt`!o60w(WIMo!#w-|K4XZcXA
zrbGe}LUK@qst~$ls;<qFbren2S7ybtVjEGBK~sv#ao9wZ*PBc;V5wxA&OVcXQ4O1*
z>eTpZb1aNR)XcPZT)6U4$?cfL<M^H@t(@bxvKkKaI2tE|5*e#Qk*eYvsxgCaoOJFu
zL}Q#dvQj&T?^$4D#MJl^FiJ2~#ZhUo%|F5cCO&J_Qmx?oUo-%ZPiE%xMXkWs0v@x7
zg^z>6+(dCq3$oN0r7-w7vOXm#Sq@)^;iqe2<>=!i;E}Tyz7CYY*ZJ^9DGa`j>ve<E
z80PtO%$=x8EtSt~ln_71Q@t#&<7LhOHfmM9dM!!V26)zxj@dyE9zM?HWP%cF(!~uq
zzmFSa4sHnZa)NwajLC30e!7Q&!uZT)ETgCKd5)W5ra9ee&48Dq=A3-0OSc*`&4HO_
zG1DAorimvyj>%4;rJOFU;jI+{yPQv|5TNVjb7>Br<IJa}I8Ua@=sSEo3m8*rsu-JQ
z8ST_AXBuP~Of1I|9hNbjrgwQMo?#iC)Y;`V@l4B@MYFoRR_?Nl*)+S$o5FKw5>1g<
zPLdCKQT&kf?Ih}uZBiS}5Lp||6j>W}iL8z0=p&7EY?$Zb%iobB$6_=$O~qo7yQzh`
zrAmu|YcX&w2Cmh>wHmlq1J|nIXd>ZDs571tzdL3IE)Gp4xwxA2xV0gaE|GERnb7AD
zV|;mzfi{^WeTc=urAq;eR|sst5)}d)u%zud3^wtn-ZJ!O=O_k25J7x=7VjD?1D}^A
zU`>|MOwAIoiI&kqEfTO+%a}xyBw!VJGKHt$yE#T3b_tY{pd{qub__pF60oFvF81)#
zDl!C6WJ!rICIkuCRH`=tn`#0!jcUyo+*$)yYv5`PT-?CL4P4y7#eKN{b;P$LpoF1F
z&WHyuN0f7V8I(WbNroboWr4r0wNs5W1eNuOZ)b*92cSEgQSJ$JM~)y1MtMg7-67B&
zA<${BGVh+e8+q4cHY~DfslmTm{KGw^!(2g6^>ecZxoL9GOfRz$+ggeoUo}d#hqmD}
ze^oUmb?ga`uJSff?J92@R#d%m8t$VBtPl|}DBib0RzI`&I+?8(UB6k9TXlp**r&xB
z_7WDq-oZCq;A5jf<7M`dokxlkZb+oCQ;3YY!_Yu-YeCP&6Kv5$2>mBF9I(V-Cgo}@
zqt!GH`4;TGaHpXjt-e<7GlXYHsSdXQq7@-*b+QAz9JOMTE6Hjm>ee8HtrEi45WARb
z>Lfc_Xd;#aC`_UjecfR)&?i?W$mE>dn+OtQa)3Tr(B%$9$wS*Je`?0&$KM5G6io$&
zUhMR|gWC`mQ=-%E&=MUYve6+YI);nruw?BT15d=q4{--g17t9jdAPRV(oxLyiaRA^
zrsMl{2engYsxFxCgRK$ILNu&lq+==Xd_GKfVV~922dx3dnt<Ot7KI4S>EpS`l5TA3
z<^*XougnLJ=a<n@UI10WSx9qm!(jnh-AxPO)+yA^i)bD%rbT=z&E?Y&nA4mM%Bi6I
zlv`|zHszLR7NbH~a85soR67Gzm%`>!C)L2q(bAmL0#N=$v{aH|X^1`CnrN3)!{rId
zbCYh%=nOs+%FAJ4d1bmS&*7uIO}FKNh2>&ld58tD{CgF$QN?t?D-eaV5QP;%6jow-
zNK+c9r3751X*2mq0<LywNkH7G0GyeA&UVtkaFGS)&}v*v@TZ40bQYgWYj`cK;B{!#
zIww|ZLHV&d*A{K8&eJSLg|Jwy$IXrvm>$kQiI{Bw#75ZO=)?@X9Bs_eDmyYj`7zrl
zJ-RW(E^VOI60;3-zKPcbw1F>#;wGSPs*KmB96=UL51Rt?O@h8D1Rbo45Rc8Yxhx)A
zG+m0vR)>~&Y@=;99^0IF7%t+mownNvVH<77gm5u!vCWqK$0cQS6t^@KUnV(o30+DT
z(^k3+BkyvvpRg0c6&Tqo`kXmID93(D3Lkc8W!hmThaTzydY*S0?#@2W&`RD#D`{tt
zH@nMR@_0`f9px-kWq#O8J8_vJOWSA{?S+^7Xe(|}?B-tD&pFC)A0pG|<XjGvpL4yo
zXmc*FS&Rx{IoE#@xi)~RgRnX1<QjN68q7H@0OjY}pk#wws;FEnaHC?Y<k|q5rn}Og
zB8CXpEude3kwRt46><bwkaC5<NI{GgLX3b_G-1VS_pn?a9H9|;eRbSPJbg2EF|i0v
zq}1W@_-B4~UtrnB36E58CJ@}&v_8lLQtQx?u<`;MOdxS5VGI|^lAu~n;@uRxV|(7^
zzyE5h=C~`0ZG4ofv1iab7X8kOdzpRy<<8POYjAV39;q%nTBC$EmJs~CA<j@>7I!{R
z&Mfxk=2h7ob|E0xGT2vTY>M=&GWPG<tUVDMV;0v-gUqUYRW9kuy;2%4{x{0LI!cY$
zK$X3cV9SKJQ@hSb@y^-I*vVk0lj2G6Zj$3&D=3Tud6#doMc-4A;AUt@2gNCY=|c|9
zaH@kz1qE+?u>aJ|1YSb1!KBIdXle>2vB_~g^Kj+UrK9@5o6;Ul!{(z6*Fi~6eT*?K
zQ^i)jjE-V6lfa&3Ix&8yr0Uz!#4~7y4Io|wWb+rEH+Z!*CpFjs_3;dJ(G0XFIH~Cb
zCC3Pz{!leaVcpWnGifGvNHfhbjckj%D%_l1PM2OE=KydnEaM)aJ!F_Aly+O}&(@S&
zo0aI#m9acG#0#*xfz$2abO~i~=4dLw=@y*s5FE5*9yVC>u~%4t&Rhu0g-)+50Oe1h
z^KH@ZA(1eY$BwL-*k#CxF5a;nVd6Re+%V?9{QTcv%yEspVid%u%iCM3dd%C{&-~-N
zZr@lO!vYt=ZK_~^%7KcLDy4&0b95{HpO7{t&?%DoL8{0rl?<h%A0(rMww4h5DF!F%
zFpF2LlQWC+05iqZi`jaZt#{1g&`g_^tLoyLQ3^AQb2X~Ndm65|n^xjH41_(aXatcA
zBo${1Ugg<BwDN2rR(ZCNtUQBCRh~gLRh~h$a>W_c6pZ6Wb7;_L4h<U3p+TcQG@vGP
z*w7@$LQzmSWs2bkr%Xw_hvR&rlO~$;iB3{-pfr;v$Z3&>AAO`T!N5&0a192o!N4^b
zxCR4<zQgOO9M48lDVbq#1ZLwmc7`bh9n(OUnPFy0{AMA3vz+*Kfszs4<&Phu6c)cO
zd7;9~)a=p>GZz8vb^|&O73agkd}jv0%abz$bZaV@0p`mLFh9f^SPOuIE6jFAnyW7~
zOM-~M^X&Cz>COd$vmgWq9^(=^UfDdnvMF8+%*9UY7lHC;l2dHa?+KAGl*bOB*=8nb
z!|IClH5HT3MY<rb)Q);0ag+SPjq;{@i6ct>U}gU1;X*dk-#f5xzWKAEV$b45^W`sE
zmeKCP{-NG{X1I57fU<?cV1b553Io|aG(1R!k%8gfeq7Vd^yWtj+4vgs+tsn<g0nAJ
jM!onuq-=k7V3_(d10$I{;qR0N3kQYD?9+md+1}p))j*G%

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_Hash_Blake2s_128.wasm b/src/wasm/Hacl_Hash_Blake2s_128.wasm
deleted file mode 100644
index d54b7190ac2edeefe192a03020bbbae18251150c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3629
zcmd5;&u`;Y5FY<Z9NS5qv|XX174x=>v<RrQ1y!i0HHV7Tazlb+)=k}AH%=UE2dOJa
z3Kuv47sO?`?QJD`;KI580RI9P#03d);)FoV*iQ12HoFxUT2=A;@p<0N_sxtS_-Ri8
z0OgxcPflR{zA{oq^rMc)_m#2oj2~@0=6!=6BOXZee4~<Y@Xl;B1@jX9&0d==(8;u1
z{IUn?Z=aE4cJ-d0_`M*~dO=SG*ZzR~es4G!#7VX$jobS{7DvI(n*cK8#fu>Af#2x{
z2cXEvIb(hlKIpf}m?}eBvay~YMR5l-88By~aOjO~&}E1#+sG1s0EWDMfrZ;UP>~_m
zWec5$L8sf^A08eCNjnW61yGf-t1^}dd=w-xm=j8^13&ZIY33)HHU{mh6XM&cS+-Me
zthmkA>RRP<UQ)*3Ju&U-&#Z@a{T;s(wcn2XZm^xUZ*RZV-Y>^tKg__|T)ICT(0M_-
z8ytiE^7Bx=VU&g7+<YD`^3x3JFD-=~l2_?Na9>!4faa^`w$dz40wyL4D8RIx#l?ig
zY`u049mW2E1U^jS-W0yN+_N%))@p?cq@AW%zkJCWe8(lJs-w!-gIfTi=DET`%dKwY
zbI<jZ$kU^Ia^$KWh^jELislZ1ZL~e00a~8Y6_$2~25?WmlcUk5nI0XXO?GFXISY<r
zC^lIU&L((p<QjmrIe`6?(}MidOaH0}!X)rxB}Z2YZHNjQSfL~A$DB91I?~396ww)+
z3d=jo{hbDO1{@jvbJ*u1bI|c%mm;${GMgf!NT-oGyiAcfuY&}dbG(eq5p~o=1M6Z1
zRpF8ySF*E0Go_oGYD|ZvP2Ld%miR7h>K^RrV+2$@1ud+*H6x#p3_P(nuuj2xx@#_y
z`4^K(^yoy7QW8pv74e~QccPre@g0$o==5XZpiWa77knL2L<*`Npu?wa<WNEE2vgLM
zjwBrlM+w5lXUq1tERUv+EIL2u{Zg{b43IDXNtT%fNfsteXY!eUlBhuv)rE_?Xp&4#
zNhX(OrA#Z+VJQ>u2m(uCmS<=P#9k{WOTkt_)>N4VX8tM5(4CYa0#V+lQsn2LsI<Mj
zygnrD^Lle=N7Qp3JxYbhGnXVY#fA=7Am!l>Q2J1$4T{t?F7a{`n`rUNO|*-bTi6t<
zxN3_vT=RfWB?7s3tk2DLag7+JR6&h0Xx()-rqgSvyY<E7{FRfFl7nk^mK>)Py2@JQ
z311j<DaE-6iaOA9vo;!T!|?w2`^P^&u?;$q%L7h%mHUvakNrbQc5TvAJfxmxPFn*O
zNs&8IbcR`rp&X|U#ht-q<xNTzlie$O9#sIdfweL{3J@JXvrwi-joT~*XB91$bI_p{
zQK#Pay?Rk^TkM3?T!l^OGc89i#JGsApdzY-{z=c#6>>=z%#*==^E{gR4xxWHE`v76
zlM11~uI6aUDxnFTWoO&=(=SL^1vbHcV)7SlOZuX3O}^;m7ki&BI^A9D#Jxcn`B@nE
zF-Vd)!EBiHg9FTBOosg|>;-t}htV(zti9rS>qak3)3E;lv*SU4VIL#^I38x$^9Q^5
zZn(d7x1YTqbm)7_qa^I7VJF@CDCp34_r@!*)HA+oTrH1^i^i4m>1sH${4#Yl{Cmdr
Q?P@qUsm9{M_`mq{F945~ApigX

diff --git a/src/wasm/Hacl_Hash_Blake2s_Simd128.wasm b/src/wasm/Hacl_Hash_Blake2s_Simd128.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..6d5cdb7834f987142bb56a6a2aec4f62a473dfd3
GIT binary patch
literal 5638
zcmd5=OK%(36~03bpF>KcM`G2gt#hq7k)2qHWk-=zRnf?bV%L^jRkoZ*8)`(2B$C5N
zhQk&PV$sPW1quX60(6rC-L_q5S9BM^`3>!+KcI_tQ)E%JKvAIIofj`z+I8KH1xdW;
z%$ak}J>Pc@?+i1WRfRF8eD=}(`|Oz=<w!ZgzgWAyqqLPr{EN5S;(7ufN8!TLBt4B#
zbyks;P~oS`ao`CdLv>^o`^(43N=scg9kXiL@v2pgF<rZZq_<j)M%{5orFCJ~a_hD=
zdzmrWWW1kAp<xy))*e%2%Pwc8T{@^0;4CJa49m`{rft`YEG`>#`S26EG{aQcM3;TI
zj@e)d`Enl*7iU>gHaR7GC>~nHN@2IPzi&B(X6XZqrDWR?*%k%-z;fy=9hNk^XS!yg
z>6(rkZ?pKP_fhX$CadN01B3d|@W^QLr$VK)nek0hOZ`^hk$L{AS+omR&E{cY#WpL}
zOtY|6s_tE!nJcs!aA*~(E!!<I?d*Rww9Tf=a`bS!pvHp}4>xhFrsXpI5l;N9*w7<P
z_DTm9QW-w|@HqR9WwDVL9&T_bD)N((dswJgciCvhuPqRXE7>o9DJuI5(PgpNQL=5Y
zDaLrl(0P`!dg`Pn8@i#`hH864S&tcvr+AuDl%9pLMw-E}psb-(cs9O_1-q^;d)A~u
zQtdKn@Y^x!@{m&!iUuz{H^~fE))R~}T?X2h0$(+D6mKh1jt|%|&l(TB45CyYFp(>M
z#YX-k*Bs>xwt!qUk*kJWk$aSDPN<P<?gEpHx>5;p&G9_N`2gklAjP;2Kf2^+5Ry{y
zTn$9az^AyvVJuZJ@TnSXO>Gk+#ZV|qc|DWx1Qb>X+DXb|vxcgtd&~1r(F-V#it;D{
zguuYxA0@7ZSj5Ht%5Y*If5>yBLd4pyR~b7}C}uFqiD)N1Q;zEJG|v!10z5xam<Z<`
zwf1uXPds*%MSQRBj|EG|0djdFSUMggSVYlOQG8K<Kr{e|@?0mC4*{kj2__v<0MlT!
z3}6yhIE<xj1~KBqP`zQVSPBjM#fp&Wsm$L6GH9$+*jU6+@*0{;d^Y^vS@Rm^ePAy-
zC_!0t0?N-KJxmj%X+Q|%pcusgT}}rfLNQOOp6g}BpG0h+BATXy$}wUB<?BAvd}n(0
zBnkHU1XMk@8YT36!uadIe)qR~S^@zDFWIrsik6lOqx~!xAK@+&NSG%nDVh?D^`Ow>
zJVhzL`I4fzNuZGwi3Ecp1xYktDnP(DLZCQT#f~HX5oV8}@(hN>7m7D65?xl>AA5=p
zMu=<-W{i2Hm||(<BILMjr0p_h4yIWeayq!~d;fK;pZBjnM_EVxW)lsU!e0h|IF}sp
z9{E%NdkPu&5&R6!F&#}6J6>s1=H9m2HsT4Ohk5q#3frX23fl%7Jk)*duQV_w1_fm+
z>jF8SI8y!|VWj=#1%U!tL_;4${s$!gz83z`Bs3UyjZO+5A{{J`@e$xOBH=U)Dd?J^
zXz61H7)Cu6#|=Dzq9-UB;Re++G=N=y$e;E2Xej;$Ji#B;oqPBR*pDIhn30YK7<6SC
z!+?&kf)wy&45N*Y^@&R-C_l^6_;~g;CMNH<=mf_X8y|=Fabqm<F1~zdyiB+jR1Q+$
zeO!1S@8cb+Z~I+>#tkMoKSihDqr<M#p4?&Igd_`eh$upbBy@Z&(BZ_R{v_hZ_xKq)
z9Th=*Wlwg=Du2#U_*uc2NqUaX&;*^;HU4~%Y0%dE1)vcH1|2)R3-ky*g&8qbfmMy4
zqjUJQ`FW_$SNMxy$x9eW=R?|D=*ofd=`LC2FT+&$d4<l?G`);nzeKMft&23lXXpaI
zL^J#{y~tk$Ft19Ky9_Cy+@)w4QEt{#aoo_4a<4rG)#h;PJYvpERD-Te^JQrVkODHy
z3o^|2iAQrZA*eQot%2u0-4<w$e+R~kh_Kj8x5YByT1dCWFv6mUu-GR8RNoCj^u_^S
z0t&AKg{2UMWsC=dj4lGMcyfn;S0q^waFtdg9;`|<@U>vU8+3)<2qUb~>-<ex<5y{k
zU&F4hNmyNl6kzpcw2ZL&o~Potp&wS)X_b~R9&S7aX6taVf!G@oX3&*sqf9GNXFv)t
z+YlAq=o6RL>59N?oo@Je-K2H?eHd=S`(`g*n`Oea5U<V9`=;=|*~dFnKL8$EwAF>j
zEl=*?aa)oF9^14X;jt~@;cJ1%9l8?@gl)Qmf$$dHinc8V!rNW4%HP32co$CTZF+~^
zqTBQ?I`4-em;CQ}{v&kuQbn2xLXzTlt|Eu`JY#y#9}Wd7z`M<NeC<w!o3zY#X_<CH
z-W0o1VtlVlR=EXJF(3A6hxW*#ZQ7-MWO+ch`5_f~i4J+0OkM#p6^V0YNCD?c(K6zk
z?Ws6!=*PM0V{om8TkD8fm$(L9nd)U}2ap1;)dd^sed1A#ZVRr}ur;rg!H8&3jlU0j
z2SJ=($~k4iwUBa77{n1loIXLIY6b&d<F3Ip-lCQ`dP&>YJ`qPYJTfG4Vu=T*lq87i
zozbLkE<EK$vBkM5BgulOcuE9h{<$S95yjVnBpPLS4#&0pBs0E>dj~3<ytvB6nKFUH
zf%fO%xRwsm_}`Cfcwp^0zGV^Z_iDf6+i!wsIA1Z*CU`pK8m#}2@T_}Iw%R{FL7fyf
z$+T~h;t6{?e6xVJ3e&+`g<ZUDsVq>jUTu_Y(=F9&WI0aVA-Cn!tUYq;<g{vTscO-_
zS+ZM>m0j~cr_NMM&1R`~K<?d!MWq_q=G}VBrK;Ijpc|##>1#E2+bX(sN35JutywBI
zr+;h}5&q0M=4G_yI+j_5ldjzS7ZguhR^B_2r!6V}9m~^}m3Xc5ggM>1xq5SfO4WvK
jRjry}Q>|s%gtu&U=dO^<1MkA48PxUK=m|6V|LFa1EL{VM

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_Hash_MD5.wasm b/src/wasm/Hacl_Hash_MD5.wasm
index c6c7b045a3db6d4a13da0847a3fc92289b2d17ca..0efb5420242247c42c88e32497204c5fdc092aad 100644
GIT binary patch
delta 530
zcmX?BdA(wSm}os?eF7tbsAH-J@+antPIQ<saV;-bVoqjyUc8wJ1LI^tMg>Nui3{af
zjExwWCmzw99Kv|MzMGkweR@+v0|SqgM`ChLyhmbjM!c_!X?$rxN@7WBd~Rt@NhSlA
zBv#3s#NrYLZZwS<AQSTQQj0V4OBi@WP&MWz=H%ojGw=#Sh3lcV6{QxZmN4+4sfM_L
zfgepcB{Mx0Xt970s@Z8psi_QtXoAW41(gg!Xo4UoG6;(UwX;Edyt$v*T#b=&^Ks3I
zjEszvBefkknH&!=<SB9~Fil>ht<1xy$g9Alz>}@Wr@%P*qP909!(>^VY(}QZojP$q
z@`X+UP@AW&5hK&)8eL1E8JoB1-2qXP4bFh51fwDlb=mkVh+1f>527xb{bvMfzG$%?
zNH$t-02*OrWe8-aSZ&q&$&jVOsLbHl#h9hS#LYda85l>549X1L-OM0w>jjq-r6%TP
Q=B4WaV@q$dpLGQz0L>zz$p8QV

delta 652
zcmca!ajbHJm}nhSeSHFBJtGP+F<*3|!-UD^jIxZ36BkNOyvxbRH1W9tBlE<C@=V4?
zlY<#A)K6mOX8+&R(7?c>=#iM56Yr5&oDuKqVj7>5nx2?k8DCnEl30=&pIe$!lF7iO
zfKN?MVsQxrw<K0289-whc$C3%!6ikhiMg41=|Fqx;T9zW1%Vc2<}vWfVJL&E%FN3w
zVc>%}1KAw70*HGV`0*%70~!K!jR44+`kZ*I#-tUcrZNcPaY%B0K_!C_9tB_@3(Fuv
z!#Tew6&$kh@#(20@$nf33?iJHEtu8R7@0Q5YffZjWSaa@%Yl>8@c=`fB9{W=WGiiD
z9tK5T1x5v)Y(+i=hRK=Q-atiLwX+$SCoAg20m%lP1fa-69V15O%_6#%Kr=S`>D>WQ
z+6HGp)DOcV5S49w7DQQ^>Vv3Ev;T~Y%#$-M)&ogN%MCyyPFWfP*?%mznl><IsW2)t
pI8Fr8Ox)Zvn}LagkwKY(dlECqGkWmw(gP+FJ!mr7eBY{q5de%J({ca+

diff --git a/src/wasm/Hacl_Hash_SHA1.wasm b/src/wasm/Hacl_Hash_SHA1.wasm
index b345c0a6f97ec37aa1ff1b4c5e11524688ef9084..35f56707f2f2bab82676b8986580904b32cf10de 100644
GIT binary patch
delta 350
zcmcbU_9b-#KT~}_BR6|XQ$qs-x0FX>a!$NQVsS=%u!o~zd}%>SVo7RzPGWHh1E(~a
zWCloCeqL&EMt%tcmnfQSZemVOeli2M2%30NYH?}_0}qn&dL*kDc#$N);whQwsX*KL
zgwf1ND@sje;71ot&M&BB5I`3Nxs*Xr0?mZ@`1I70`1p*)dCZ)gOpXT_@)Wrgm?oF=
zDDyBX@+vSX@MJ6UDKKtc#?#Eq$go*Upi@cx7ekf`BRBW7Mqp?$GAJ`}_cMY_)e9~u
TN=?ko%uCk;Ia+V>L!)W{q9|>T

delta 442
zcmey8dM9lIKU4iQMsD_}O$`kU+=?EF$vN>JiNzW5!5)r=@j0pKiOH4mr3ER8C8_Z_
ziNz%hoKo1;WB@fWaH)VLgG-816LT~3(osxF1_}aA$;@NmmPb}rkESj&FSCS!2jUd$
zCPCc8z>7~!8qgS^i}+BiLbEBYC^eOVKNz2q<otq41_693z#bQrMTClTeo^Y?|4e+G
zoQ#eK81fXk6c{Iq@hI~!DDo;WD)3}0@+mNEcI9biW@OrYlD|_)uaPlJg^`<kZX+-X
c7#WlqxTi6KOw)sVUJn!*deF$2TxnDd0Qdit7XSbN

diff --git a/src/wasm/Hacl_Hash_SHA2.wasm b/src/wasm/Hacl_Hash_SHA2.wasm
index a33351b7088b3fdd5819d6e338044feb84cfaf6c..09296bccb1535738a9002e66ee7d83a4b77c435f 100644
GIT binary patch
delta 1353
zcmaKs%Pz!F7{^a*L^BBHlDW8@x--V5Gnm-1>e@U&Q=?Q2COQ&qI+>lFq=}UmASRJm
zh@BVUVLXBJot{ziDck<e|8l;5ZSz%ne370uyWHk=qe14TbhA=5bknhovc9Dmj%{jd
z>&AI)&#YU<$!_(ua^#Sx`tPx->C{PY*cq+Zw&G{{gSZIfdGB2rEkw7rs&(iF109#q
zNX8A36-u3Pu?(txY*yKY40b~jPa#%0tzB}GNF#D)IaZycWMJs}^Advs$5a4)ws&}7
zIleHB)Ar9Si(6(evEf~SUl#kd+iOKKoOZ)YGB$#B?T(C%V%F}+*cfi&cVuK76V}mX
zB^jdFP?ThEkf>P3M+{^le8hkzv7u-WZ2AXt`MQew0B3L-uMcDv6Fy=fb3Y8ZpJ>k(
ziOh$01hl|pZpUXMN&?JbPtg(BB5uMv0?A{-I|5n4eui<t*3q?L{LA6chW%OjgMsPl
z9}I?~jiS}^1CLl9-^&8$(cq`?e5GtobW5s2iTAqjF)eSsk(xS0<(3+wGF52bU^Gkp
zr*W#N37Vkt^JA{k^DVmd9tx!}Vc&0IPw^rygzr1IUREzjvUgX`&&#b1LTGH8Y!HRU
j)VRnV0E>oHW4Vf&q)C>2ua8H+Ek6F25B-*ZmT#0VAVZPD

delta 1554
zcmai!Pfrs;7{+I;gbiY(|CC~d8AzoR0XqxQa4>;`#R~`f0Vd13r5nn!Y1c#!WE+nr
zCMKKk2|S81>A`p~@e^?I;&<>%I5Rsmz`iZVo#%Pp_x;VE{rUrc_=&%7rKbOW?DbH&
zyldHQ-q_t{ykT2yt7Arcslt9KvCMe4WwDJH{GI>S3LM_Hx&gX3%*WQR`R)U4ex(Y|
zkoZQGU5ig8<7ynUHfZDRw~y_^E=ng$Mr(H;hBO8WI*xVZdIvGFExrVb>u~{wvPIBy
z?4Kw(2g<JJ21?G)LTSBOEEM%0fsUrA&~2#_(_n{Y$8nTg0OgjY(=($GL&?b2(POYi
z3?bwqIN~LQFgyVbmkh!%3pQwm3PR{}pdLdAnT&!E4B}=W3YM_tIZ1gQl0$LG;-I9y
z03v8cX()jP%_t2|p$=S~lav<$Ib>WhO1*pwqqx;*38=wh1}Rs-5jBG}EZ;DM@rBnA
z((w%Jpdh5Y0?LX(%BwNM>my(PJnD|;bX=Qre&7VWCGXnW6;G)CFgH!&Q9Qq5f;_TW
z^%jrZR2IMcVFS@aF_C&j<`855%lOv(7@`Kb6TM_-(MhFN!rQ-*PtydS(+t7HAd^!Q
zGbCQk5`*SQj^L<j=KKFDd*g%f1r(f21p8I<eO8CQy}H0SI<2oP;qy&|NM;9ZB7<aT
nR`-1%<2~$)o(9d6Ji+}x^|^^b{4DzPrZ&1nI$5IF_-y<K*XQFR

diff --git a/src/wasm/Hacl_Hash_SHA3.wasm b/src/wasm/Hacl_Hash_SHA3.wasm
index 3243ec79e02b4b850f6427f46581ab175a85b6db..befbda8d6f38322d8ac33a016a4e513db41f558c 100644
GIT binary patch
delta 574
zcmX@z$vC%@al;HIrq3;tXEAx!i+Lm_=fry?7H7l<dpH`$r>B<0C+4IxaEqcz<R<3i
z<R>%m2&0Lo6{V&!@S=+*=ND8m@QI+QElMp;En(nCGJ5h#ChmF$0VENyD^fDkQ;SO&
zgwS1ATv(c#T9wKmEP-Zn63}hg@j0n^3?kxaQW+q>fn-F{WipH7i!&0lc~cq0WZ;@6
zJF<w@Be;-I0Vzv0GBu0O0EQNW1iC>$Y2$b!BNGNm>@uci3{qHSj4ezUq%mcLfX0~`
z8ZpQq+%fqai?j_Qni7+W^NW(=GxPFNix}iEOn?NF0fPb}U^lC<a_e(4DKI*+Im#$7
pOwKk@<>PQ{U{QbwDS(Bvpb89tym=;CToAbf3<?aJFPZ%02LQ==v5x=%

delta 659
zcmbQ+$#}Yxal;HIriHDOXEAx!%X%ax=fnq>6s0ESX6B{Gd#5HRCuYZ|r<TMg=A<)l
z%V3w!P0Y#3PiEke!Y-Xwl$y%Gi$gLwzo3$VPa3SV9>eCM)Z)|<27Vm&mKLNWmZUNW
z;E+zs%*!m!U=YILtK!1a)YPg}24Q)av+Gg4odon$c6?519)pM+ObM!rjKty$umVvW
z3Nnl1i!&0lQyIj>Atrb@8bd@3jV$6bfT7JGj*zK`NEw-$L8K&vP&66G8yT4}NMZ<@
znlVVB3mRLPFi4{dni?80$Up+iGq(U3(O}n<0K+i8AhjsBbn*rkE^CBLVp4H_QBr(n
zUS4VugPa)HEeKgy@F|GGB{qL!;nwG5P+)XqbCgkFnrv&LI$7U@6)K_t7SV$841l}>
T6D=-?>H`c4Oq-XO{Nx7!9pu^j

diff --git a/src/wasm/Hacl_Impl_Blake2_Constants.wasm b/src/wasm/Hacl_Impl_Blake2_Constants.wasm
index 2c0f1579533e41b25cc28dd843b2ea1d097c260e..8bf185786ff4f80282f9b5fab198c566c1389795 100644
GIT binary patch
delta 109
zcmeC+dCR@wC1b*`hK2?P7A23w<eYeq#Nv#2r<}y>RHNef`1thHlKA4x^xVXd#H5^5
Z22Mp>iZaW<D&m6~xG>agPGMTY3;@5YCv5-#

delta 120
zcmaFM-NCcrC8NUB#)bw47HyBj<eYfV+=85Vr<}y>RHJz3{Ji3l#JrM8Od{@DIAx3D
d<Kxp)OX4%jLK2g5QsaXexNs}p?8&r*831BOE35zj

diff --git a/src/wasm/Hacl_K256_ECDSA.wasm b/src/wasm/Hacl_K256_ECDSA.wasm
index d1f56f3a9f5d59e69b496ed0a8abcbafe74f34f6..c0e66ff8b7bcf3c7388a31c31c4dae96b1574d3f 100644
GIT binary patch
delta 84
zcmbREpS9;d>jq9H#%-IqnEY6{#61#|bK*S`i!++j*|w*%G4Aza<xyZ#VBD@5%9z8;
e%B{etz_5K*660bvsJK%mqZBh#JTZsSKo|fA1Qg={

delta 89
zcmeDA&pPox>jq9H#@(B_nEY7yWjqp-bK-+bic%AEGxO4$li0Q=u`%xTV`WlcRN&dJ
j63Upv%gU(0puoL-Y7*mOHmJC5CZiNHR6Hh!(LfjgwdfZ5

diff --git a/src/wasm/Hacl_MAC_Poly1305.wasm b/src/wasm/Hacl_MAC_Poly1305.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..e72930c86ee20895edb23cdd78e033307206b896
GIT binary patch
literal 9539
zcmbVScYIvOaejMfS5O`Z5;znR->?EKAOR8pNwGapVy_}aN|Z$K2plPN2n1!3JOGja
zQk0A2qS#Jx61O;s4LjAbQ=PcTPAuDrn-bfyWy?+f<gfgd<fnYI@7>)40mb_HCy_I=
zyED6QXLk0RJvyl?L&k9&^Xd~%JmFMcFq3BTf|)W?;lCy$Q*&hPE|{8{Ppl#b=lgxZ
zwii-^J(1U*;!KH>!>O^<P<pUnC_NN$+{9Tf<kZ#C(UGz7#UZ}?VtRaJFx|1mao%u9
zYOwF}a5smT@Q_7eD?_Ql!I2&(5+1O?G@IL;g7A>~u#N0Wx<^wz1L<C;Fg(%?j~pLM
zjXFi)?gi#*?Qn|2Lzadu^gNR88R))v_0pyESof8_>uIMXJhm!4mK%6IJvQP*vs)VP
zO^v6zuZ*Y0#tWvLf@jpT(O5iDT2@}+7C)_`nR2`*O`_z*C$&!wq<RLsk9vE%PmBy+
zYu&u5y?ZpvT<RO{yYh$=PtG3`Y-*xre%Dy~N_yNWT|nvTC|8$u$`<JA?Yo@5GVYXD
z&$oAJES+{Lmdx)MO7%Ey%>Q6+Q-O)U{CWMP7oO+evB+fUR28H5)MPxMp3~$wQUb>-
z^30$Y9qgAV9Erhr?y$s_j7q|Dq_kiUN)bO;xW}p>f>O^NR2@T|GOtL=QSO%1+1{)%
zEA+dD`bAQVA{2LUwhB~qIh~G!a?cD%ISrS4&f%=#3QAlCDw>_ppg9&wO_50?P$4eL
zI7%u}DT`3%MT6yNTNSEgF&4=ZES734>3aS3*Bhs$21~rU+1r7Xq_k!BHmWH*(_ZQ9
ztr@9BwO5`SQAeq1_O{fcMjDWmrKpu<sFOz23*e$bKf}e+PA5vTtkZEx8atgN2|68g
zF}R{45Lphl*@3KJ#|kW;VIQKh64C5d^~)-()P=8B5|uSdTxn90lx8K6wOFNn>y)^%
zUP)3mD1o%-1deP}5|vF#TxnI3lr|-h&4}rcElQ%&uEdoNB}wU20@;c!*qD)RXve0E
zY)1!LGjbO?(Uy@N*ow^=*@@NIHYvNXM#*k8DcOT&B_7r)>B26wVEbf7_F^}OD|a{c
zP(!(U;897redwZ|a{I9t8*mr71Gt;I${oZ#)K%^f_EA^4!`M$<<&NM0)?){`qc})i
z<&NPHb(K4g!_-yo1ddQwxsy1Gb=XPnUL2#Ya;I>dy2_o#3F<0$A5KzNxih#|&f=8Z
zkJIu1?vrykBM;i(k%w?rBS{{{IZMyuEFPMcZk$tc0r%tKjHK`&&S&HzQg%!aE?U})
zUN16xOVa2?IwO~mQk~1VsN@kmfS!!>p&OSn(vLo?GJt+d2hpd4hS0BM7#A>*kr7<R
zU`9qUV#hp+5$znqBX~3;S1>H&7?rCSlE*M6Z^0FL95IY*=*DnWLpO%UG<0Kli-v9t
zk860AdZu4Wz3|Zu4qif!>l9N!Jd^^iF$G-5^*5ISZs3NW0<LQcxXu)CJ(L1&P|_4|
zgVCz1^am}pk{gooT$#W`Zd%vR0SjlINlbdqc3Pa!X(u@CL}=PcZRWI-8=TOfg{Ga9
zDO{5$45s8sgM>U~XzD4Zxm*@wGi5Vi4RT;k2y9!KdJ9>f(nC6JFl}UpQ_M+gHw|tY
zxn(e8<Y|LjMs6ECZGwdMjPe=-f&5l0Yl^$AL$W#UZH96v%e~#on&;kO@QjgX4c=<x
zIfJ(ud8fhKjl9d?9Y)@5kioM?U6R3bq*2m$lDeetB2ALMn-pE#6}r%?8)cZk$KX9i
zo>yhRaag^pANd=1w1ExJ8zx5wQF*TkXUF#$yw|AC`+X)Vzv(ls{Fcuo<+ptX@;e6a
z<KU=#z-L_fU7tzH@A(Ym_c^!P`=F&!`H-cqeAv>Ye8f`7M~!AiNB+RlsC>*)SN_n_
zr2LVkkUuuykPn)SeB6M8K1A*l1|0Tba<c{;_z`lSG~m#WlKYeaKj!0RQvSq%U!&Zg
z8t`+J`!fT6k8*!*zz<UHFAO-8EB}OHcKS;L4yOq#ecFI3G-IW|GN2kwS?MzdRHZp9
zeb#`g+=yAV^4A7brA;gSjR93@(@KA9Kvmkb(%%_Sl{T&P_XbquzJ5}z{DT2iY12xd
zGoUJMTInARs7jkw`X>Xb(x#O@Z$MSL=~HUu3kFoBO)GuTfU2}<r7sy!l{T&Pf&o=&
z(@I}9_=1tI7<|#lKO20>$iEo8VC1U?UpDfhe>~)C24AtKL%weCRiFEYw&81LTK-kr
zEcb5)H1c(N=$i&F8hnG?w+z1NYkb?_TR!(4gYOud$iJ%`zRPhh={RfU-*uej{=<OF
z`8IpMXTWJ*BKLiR@A+1KVDNpPds*A8#t*g4az8TQa(+OKR}5(KWpY0@c*WQFiE?(_
zs|K9rC+z*H!H<mm%;3jHes1tXBfl_s)yOXmern`3Mk{{CBdWRo=cJnae?h9*|Cgki
z{$C@7=M;JW`M;n3uZaXo=47eFX9<~|g2-gi)ELug6VFBoB7}{^iU9y4evCG=J+34w
z2_>$SDoIM25=c4XT~5Y=K_8pBsIb>pB@(F25YR0OvRD-s*^b2opo=p^bXhb<TxUCK
zP==a}B#{g>YLT=Zbtp$&hUl$6=x9K_?N|zewyq+E+%n?CMpO%k>;w(OY0Gq3E3hI^
zS&0=^WfdB+Dnod-I_Ow~)wZJvKvPDV(HwNFMYHW#2f?}wVcPnjV*}RPjutFOONLNw
zW6-e)8*N7`R-)A|s|{-i*VYoNZ6HwFBpr67bawqWaV$|<2Rd)cwyr5`yV*sjZ^t%l
zpCM4Y%iGN~z5_eD%mk5IyAIpMVY}?G-Na?PX9(8z*kK-a!sEbc0=6wWaxX{jwIlB)
z9=m&nQ0*Q&Qi0k&J90lZ>&OEfdBBc5NE~)>h7j$L9jO5AupM~>ZG>i93CfP**i9lb
zk_p1G6Dpk~?m9U`Aa)e@-Xsb;WtC6kNY@lCpQeGEH>Zij?nCD^Vc31xI!z?jhO-j{
zW1Deif_Q9;l5_k<k_WjXBoE<!BC-eMJkAk{JxCn(kfadB!y52WoY#1dqFci~iVGU;
zQKT#u*Kob)hii`?uDyP^ru}fego{LIJ%ney#Aay%vr95S-1P_@cWZ_yZHrb9gl8-x
zZWFAPYwG}u2euAjkWg)iIL+Q9qeNqmA~xq<A0slmf=7wet`MmWV?0B!HiD}e;<d;4
z-}p`aYl3v<rroN?@fJLuk!yI2sOy^C0AZ4Tq?0p?8<aig&eQw;+dRERk;&Sr=w#tk
zWpILv2&0NotS~A##BPMgnkRodjTS3hDkjD$4ndp}Z6;hQ2_TI>h^eAL3Q>T<4#x@b
zVu?h(TIPh9ny=Ly5gnxYxMl!db4<<0Xg(G)AJ-kC`8Yk3AGDD9I1@~QNEJ*iWjY1?
zG{h-bllos!rc;!0in7oY<&^Xb%7ZWP2Q4&3IrEgma<f7zIn5&4SroEUNhyGOZjKFX
zYL9U6{9UP#Dw{n$;}z(Rgdl5v2U){1?Qttfq8&~l7JJUDM)6`)bufw-%aW`<Kew9m
z)NpY%-r`)L&bEHk^fOgDUeZ?Ul!C?8D8#Q>XmQodrll-~OY`+<9e1D}wZ6+NiTaZ3
zlcZ08dOb@G%%w}2ZNoMBGAxruO=Pcsj(;iyUH_Bg1xtZxrr$=$G}CXLtVCUY@>LY#
ze&qBs2iJKOSz!&9OA}Tw|275LbS;`Rn+DQ4N{WCrJ3B#<zn&R7U*vC~q~N!O`F11L
z$tJ94;k<!Wa|?6uN^I2dTZv7&?aa@bJXWGjlgCPI*5tw3T&rplt*S}1swUB@nnbJW
zRoKG3u7*~j-EvWK9hP&+by_Y-ZmZ?M3Y4lg^8FV9o!xS-F2Hh0U4!MI%UGii0an9u
zQPr@V)v%n^u$<LMqG*ou6Cb$6<WL;p^N^n$N~Zh^zL>tZ*&qm^CVpa6vqMfU<oOQE
zdim?YjOTq=3d0kc@B_$_s4uxbN%{o-qYjTQ58d2H9loweWhj6ag#xGw6<9RQ^HPbb
zX@Z1OsSZbP4TW3)F}CvoRLetDhb4^dx*%j47+?7ST1rU+NHIh<fR-_`^8v)yAR9nn
z%rlM^Lok9H8NuMIPBldRUXA7IkZP<@|5an9I<Fe5)N|DuK&zGL!w-o*{E+Cw4~ahf
z)DU<00aSxEmW#5j$#O2aX3HhXt+gCL>p?hJ&W3~KY&clXhJ)p7IMkvh(6F4<u$<Mf
zoYk<L)i8XEipqKqvVm!5LntS%rxfJGbvZUjJK7^0EQL~pLKNk1im0@_QBKT{Rp5lU
z=ERMNX-?c2<iw3=(VVzZHqmw~7t|WcgS-m+(b^C8W%FQbHV?LH9&BA;L7v`y;dLfH
z^DIw@8{ySy?4Ky9{%HuP^2y-Tl<?FLZ{#La_r?&JwGmu_*u<H_DX*Z27o9u%RF`uS
zu`cJ#qil17wvQ!viXxti_`p#<xHx*z<*X_2E}bJ6>ha3;>ulvAS<kFKt_E|J=jXC*
zoQuz?$U*o@p4LUE<U?vi7IQCo@#J1Nswf4{U6f;e=W@6B<f;y)Lg>}khXQP>CMJ)}
zX7t+O7i2FlE6jT-CZhK*za+}k(F|`rLrGN7&$LCHFMM&9dakejPG8se^Wf%uU7z)J
zz52R-;k7mR6;Bbfmb1@p_);v*+0YGNHb*X$#*nNVj*zSy&W7xUBfsIcjT^ok%Q=xh
z*D|`f(T&N9U=2a>#Uv7$&6;57<O0NRrIA&LVAX&=*RwX^gB&wR1ZxJEK@8J}!5SY8
z^)rbq<9*P~Io2^bt><mWf`qqTlWgSv@et+w+d?Vu?}i+k^RHGb^e+__@-L6kuk>ph
zk^C|}z-?$$zqSDy6YASGi0|9YEFZRTigvE8{Z8Mu_k(@ebKIWwZM*umec^R=WcO81
zlXP-(wsLbivzxPxr)xX5=Zvbe@0ueQvaHJYtFw28WOeo~?96&<XWmh^jegpV9oU_n
zZVwA14|`a6b;@3T;oi{hcToy<-^;PN-DhQ{yHACMcK;rhbe%k1460x0h5anm?ou!8
z#}4(ve(X~Z?8h$O0|&5Q4sx19T;HKPJ#eTW?8|!KP}T#7)B}eWUfW@A@ev%!Y3UXp
zog){rSj_k979S7Ey2U4OJiEom^IL4&xWy-NGIySi@;n`5tlyjUyZ@NMS~G&qf&7tD
zA#W+yM{B3;NSwB3i>0WZtuubxnE_U#+gOTj!<np0A7Cwe2KRHyb2!F=^Z{0*53(9P
zE9bd^=R*#Dm{Q>2hjMJr!QHk=sIZWOFT4rIrjWu>b!-a9)UhcR+xElk2}|LG?_d5b
zAw8U>m&@zD)4#p_U|-h1y;=YEs(*VIURpXxSqZu1ISIMU>X?Wy^bv_yW_WoPMkb4S
zNmjifv~>PoXsJ;Vp93{r3p0ajjU{FF3gxd8vro~FrHDzHSF6Qf?q`Ca3bmW*Uppau
z@oWA-nYR$sz4`+s0V|?nFH$by4K7lxbAyZ2e;HT6n7c&h+2t><ql|NcSm$s67qltC
zo41T_WJ~l{2masByS9u!c~*K3YTQ^Ik#Q-i$#5aOS>N1V)MhKbq-LEYLnRrCWPNDU
z#n)z$rX575&s%dXF?OY5Y-!;1OKFD}Ywp5npu`iQrs{KSU{ia9gXi1ij|`}D<99-|
zm-H9?NMtfwyc99-@NFX(&6-E_@gf`DO->;rE-dp0@D+*|-6H4C3hB9<G|uOf*qrB+
z(EEnXyYs`VSf@k@Pvx)s?vb|;gjewHfkeK<DnkLoywoqTEQ$J(>l4B$?E}iWxkQ5+
zq5Qc$h!<_Mzomyttg29nwHU5nTQOFrgW%#X|Ef*TF{aA$B~~qkT#fFRSJiwJ$UemC
z(?Gt&(sD{mtcFmD)rf{riN(^&mRR%4D<SNu(b|eZuC<kxMXar~CSq-+1<`8#V6AM3
zj7XwHMkFr55lK>OD=o3s5mx$zl|#-itQ2bcg_TRrFRT=kt_w;mTL^JK9a!#76ijtU
z24QVEt6@1?Vp-0XSeAn>Ji*j$^z=F?K*Eg^(`rc}`EW=iZtFi=G0qAn@ubmz6Vh^O
zd@P+B>Kne?lKU4do7-CSUyW=>&&bed-(YIIZ)6zhv9Xacj9(oaPWNJb1Y=i+$NPrT
zxRmM}ygHVS@AGNX^3%ufKE54&L!*P~q4e-LhEl^<Q-k2YwHX<^rc&y%?O5LI{2!US
B(JBA{

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_NaCl.wasm b/src/wasm/Hacl_NaCl.wasm
index 1762f27f45e6c41e8de668d97407726f73a6970e..82891f579a9b220688c6f7b27399f23ab4db087d 100644
GIT binary patch
delta 278
zcmZ3iK1Y3mJTr5B{X{XjiI#jD{Ztqk-%c)O44Axtk&VUJh=FnPJ4SgHLo)`Z$t#%@
z8JU4xNv_14%=El?GZO}u$!8fA7+EI^GHEihO}1u|V`QIP%cMQ|6jP(DphseIPQ0(9
zb9_L4PNku-fvG4$WOF_<KQkl8<a#zSMwZE1oH3I>u_XZc{d}T~ESodg%NUs%6&NNz
z;xIr`R0d=(<OC|1yqz;fmPLU<flq)(%8@~Xfx(f{kue8^K%6WAmdyrSJdDg7imH<*
h@QDCT4B_@;g6rPNdlhEY<fVMqk=QYt-}7%_1_0R8MF9W+

delta 402
zcmbQEzF2*NyewlqV|@Z+9aBA!1T*0TbAA0r8#6}6FO!QI114)TaWXPaHf2&^WSV@I
zQJ%%vh=F->7?UO=%j5<oIYw5Xpb{h7<oQh6jO>#?Fe*+y#nh-G;E|Y|6CaSDQ)y^y
zU>a|1B#SN(U$8lYnV(sLUCNO`gMq>E0fQrB4hVsGSptlc``Px0!z2|@<u)g=moYLk
zC@@aG&0&DggqX?ooKkR81W-+xyn!<YXb8(>elAHy#?6{sJd6_TimDLjpxfxn?Z<@E
ZpiR72;c{piC(q-%jz=zL^9%kh%mA43SF8X4

diff --git a/src/wasm/Hacl_P256.wasm b/src/wasm/Hacl_P256.wasm
index 83a71ab29e05334d2a59c1cdd3a5fc530097d357..017ee9e8d9833675c9f3f114e625ccccd67c2c35 100644
GIT binary patch
delta 193
zcmeC}V*S_2x`CI8=~Me=ekOBfE^&{<<eYeq#Nv#}p{(-82yT3^hoez^22dj2*usQC
zfDf(^EQ3(kypeVLMpi}-9d>>NCIv<T{^=8q8QZqE88NajvVw)S_Zu_zF+!yUA=0Z%
m8SgLwg%}kWfI2o>!*oD}1Rz4<CX8$#Lx8HbueWB5;{*UkFEY&l

delta 179
zcmey@$=ch+x`CI8sj*`-Ka)8#zl=v>a!!13Nl|KIZf0Kk<N#KA46#Z~vF1gr+ZVAi
zdg!n+DKIMVZ+~yd*uw~AHyAVaLD|z6STkmCuQO%*$;8U2z@WfC9jGvSI=2m@?Dlda
YMixe>C{PPjl*5FP4Jx`Fs5y=k0RI{=d;kCd

diff --git a/src/wasm/Hacl_Poly1305_128_Hacl_Poly1305_256_Hacl_Impl_Poly1305.wasm b/src/wasm/Hacl_Poly1305_128_Hacl_Poly1305_256_Hacl_Impl_Poly1305.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..bdfde53755a00c6d8c43b1ab7f7cea670bdde001
GIT binary patch
literal 1993
zcmc&!Pfyf99R0Q3w(J&kquz{h3KzUIvcSf0+Y6CsjERXJ%g~*|K-+1iQzIO<L=IlL
z`4QBMM?Z#F?;gGQ6`a{WW(oxjiI{BKPUg*fZ{P2=fQ!@s0OQ;7@iE-oHb%y1+o+66
zzl_YPwpQC#RjHfYIdiRTOcv&kx02j*pJ0wtl2|E8P3U^Br1pz4&lwkYwC8Y#2$qok
z8o-4RoY37Yln_IQ+|pT6oFps)QwKE2toFdtA$N6-nUgTb(E%AkOGkEfq~JIQTi<Tb
zTIqwML+<Ge(H@Bo!ksdX2@eZ;M8MUtw{@%x@Q82*bF)Z0Lo9Gu2+W05f%Q%e(`k3S
z`Gp(Kcwtm9ICVYuL`}l&J;qTIZl!q=K4;0{%Id@QaFdc`xY~R3EbOiK!#FLIkgtUq
z<1$F)rhWOLmENQ2p`LcAbAPP#TSQUkGew$F0iJ&eB9@S159ZIXD6Kln!WottV#;!(
zJqbzv8O!K=RzWx)RZylmYE=VR2JjtZ`0f%6V83evat7eHd>gfp-IrzjbOHE-@pot#
zQ-3v^&|jw9_SA@rOn(j;gYLjc<Zs_^OIP2m@ljXWvZYlUInA~vLO)wq7CLd7guM5%
zN?^bec&DzKTA&&f%!V7(8Wfys&<2WFn$rXe$}&VaXB>%=XJm*3L%hrcO$mxIO-fEW
zo0I$UVoHmGX1hon<^<6UCHRn)0;M?LKu_sTu$76IBod6PCr-11Mn&+NM6zm&58zUp
zvL#cST4%4>rt~ngISW#~fI+R_*X&7)uG!P%jk=;M^=%7T{Kx5`j0qI8G8>)?NDc0P
R2GlgPnx}sskd&(h^b15TaaRBU

literal 0
HcmV?d00001

diff --git a/src/wasm/Hacl_Poly1305_32.wasm b/src/wasm/Hacl_Poly1305_32.wasm
deleted file mode 100644
index 65a9b66e57f25f15424b49f8aabf3c24245e385e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6511
zcmbVQXINa<5q%c~yk#j*fW!*5GeQE?J4mu@X>pS*S5>Q`6+#k-CP20&J$4lXvg{P6
zICgsC#7?uZQyn|iNnFyK)9v)`KlznkNxtOFyag72a*{9BXU>_uGxxQ*=gwR&)!*ej
z&vP%FKY!jUJM7Xfeb{AOCihP|FEh#3;rvWSfg|I8vp;2F3LQ9>_wt>bI9{|Z)tBmO
z>&)+J>&o+j_#R$&$LZeQp1y&q9Nu!IZJ?*Kt#OU#y{b#9v;BB?3te2UOGWN1U8&B_
zo>ng}*WnVES-r~3&vluZJIC0awDhK0PqrQPrsR4Cxt;@ksa~%jclZ+5TG{9o=DN(z
zouTzaTkFY|Bd3oYYwK(2Z$I1S73KO?=KAslo^9*v@%*t@T6{D$kZS24Nc9cmXT1Ci
z`XLKq#qpBTLgOyuCHVoKd<}muoU<j>+Szh*Pv@DHt5>XTS-q;IcZ|1pw-0zRd3A@=
zy}VM}O0O9I&Bu%X2bW{KQ2z<9WcI7i(v@oUN@LM;@onV0;wMJ+sV)rb-@J5T#!pYl
zOid@f2G5g1cv1u}S&(#{Nx!p0d^m}rsM%}sya@aVf(Q~30I`J(FGjJ%5li|S?m9d4
zw-S^{Y4gAM-_!iRT*{jNG0w{oN7;}BC`I{@OocBM@Fy-_Nuzk|PO4~>j~UYt$aGAV
zYE0Lu=MG5%(~~u$7qiw3T5CoxqMEihlq?y&Ff28wPL_>(%%s&YdQoN}A+s?<=AcIA
zVx|DIL{Nd*`oI;K)8zStxlLX`K$DjsNRtOt=)=uZ@TFEEkogJ;S)c%^LnY=l7o>Hf
zO4J(j$>tji$QBq&kkuIjsx;KzwJ~3>ZY<CnFqY7JFvhz9rlB$$Vay_oS%fi*Fs2bn
z4~0ojrbq#%prDcJaM#5s75q#k<!Q%6DolI{=7jLWFco4!QH|xw*q|95ftxg^W<r!R
zv7|dGvHZ=<3UAw#&E}0_&5_Oy6lZTea+)+li7RmNxaE`6H*IMIHz~EsP$uOlW&V^i
zd4lY>uRxHK36-=o6Q<^5LKUXwWWqFBnhDcU!F;M@CRND{Ok=)Gmzhk^YW;w5@Gbg;
z8TujOsL`(w$4tJ^W~zkGJetKkitC4;!+|-NJ*=Onh)Gp6_NqFVU32weM8RkF5CUco
zA;Ih+fY}2bt5XQ1ULhe33Xp|*0Z$ew__A0bkR=KUS*ie8247v4EBLZPA&`{{30b88
zS&ijb6v`T`z~WHWVkMS@(uh@98cGvZV_7KcAXt-@^_Zuy0ksO3VZOpfEKs-{>#-1P
z)1h2}4Rlww370WK*=B5Hkg_B$XPmNTT!98Ol3j^Sj8%3OHZxY))krc{*)?cptg>ry
zCF;>cwgp!)R@qiu%~)mE;Tpy&+lFfytL%DgK^@kS-GHr(Rdyq;W2~~9u#K_GZpQVD
zRdx$*knOlpcHk!2iJN5?Zjs%VO0oyrHIw94>@wVo?btIU`>;!4KX%~OP!3=>_J(p0
z2h8UX4jQ(gC7CyRK@Ot@heJu>fW{obL4{WA#Gz1*VjohWwBe|Q97CJoaU4~r6KGRt
z$9^0Or2|KBJd~5@FrQ9z=wKIG(HTlN+NB34r57jU6uP7j-O>*qJ({{cdNp-@oYK_w
z(Wj~FqyLgx@cez$f>>U<B&!9*lQiKKTZ1PtuE?O9tDVp*@g&zNmwE|`w~j6KJd`8@
z-3)X;kWy+0SM7h$kOJ;O1t_F0acP%F8d9bjQpSnPax|ozmTE{j(_J4ka^f9K%#hWP
za@}BbQB38IQGwD)8dAv>Pc@ZkT=mm2Evq5bn5M5eYb9u@hUi{1wwve<GqIacD@;SU
zt6XA72{23VFwjlKCvZ~<2;5W>1Qq2-Lj*!i2y~6sa-bITOhbH1L(Z<a0Q2=>>J)qm
z1R;<Hg#-nH01Cu{NFWF*5Cjznf(isLpaMbgWrczY1VIIYpaNmL`5FbE0zn8U5QGE;
zf&dD{8Y~Yf5Noj_q(C%cWk`W&!m5x0u@0+43Pc^&r>PG03Y)kD37fh82uUnbP(@gV
z4P1q)2zAC(5$cVpA~YCNMObJ|6=5kZV}vTgGGnR;b;eW?>W!%)G#FDwSb~j=P(@g3
zOci07F;#>*W2y-C#;6EbjLR88U0|#-ssm${Q6m_uj7q^+WxKJRVzGllu~YV97ZqZ+
z?2j~r%ib33LF_X;ggrPgBrRO}gu}QM2UQ*Rs~#Ld%6wXJ#PBGEK{bQ|fwoYNfhsa2
z$EgH_6WEK^kn+$H$wRw^Oz1<qI(1Pd2;Df0lOZMIxT-}jdd&9}dUUW4CvYmHUUbU<
zdgV0r<2Llk?dX>~5W|3`ZVab2bz`_qQ#Xd&HFaaSL$|n+r0bB9<RunfT$gJGc__}2
zfHRbUvpD;|Nx(UrizMKzO2Ao4z}XxLI7dq*;9OP$BBx8;$vFv=fed1B{IWqLNjcTa
zgl<S0EP^)hxd-*KgS_lu&Slg3GcTK7>g70H>auCc;EbGi$jECP;&P|sRClse8n1--
zGi`U$CZyxIk)7LY#$9UmjIQG$hao4!yu>6~8*vzMa=~HP$z2W?oLqFc%Vh=aZsnQ-
zS^FNdRpKtH%b3Q!*3r&Ux!0MkwbJVy?soD9hkKmd>+o79Z*+K_lQ%iM-pQLCLcGCg
z;)J-D=o8;a42W+cCWvn)qM2`npD<a|%QSzB!&{u(r@_&W-THO)A>aCn-@qU4a}-DJ
zZgRiNRmTS$?sppVwut!h_J{=Xj))}Woe_b&%i#e!`||FH1oEDUB;>sjfxM5`*7+VZ
z^yU4AfqcL)ArBcs9(JmXo_x^Imk${R@?pb-e8dp)Q3tv_=t6nKflluyd(?q$A0Qib
zpyNYik2%owVY0^^_%M&Sw0z8gPowPP4tyMCpK##wDEp)XA4u7!9O%kBf7DT(KJ7qv
zPGQy)4h-QmW_`wiVVugWCmk5d>CAe{fuVd6qdLoH9T>_v&H9`JLpi5epLbv==QQgJ
z4h-d-W_{6tp?t58=`3GzU?}G_>uCpua!#|p?7&dYY1UU97|J=#`l<s%`I#QqS)OrV
zDCacmSqFx4PP3kKU?}G_>v;!;a!#|p=J1S@uRA>J<QoppIr*l;^G?3y@HHpjj+Tdf
z$KmU?I^??!--_7x^f!FR4axWQH)B6=;3VJW7ka_r+Ya9&`=P@NQN)iNei*SIJN($0
zkpDy(enP*Ws-MmBGxam}a|hnek2w0G126MavX>lQjAr?T!%GqSrT%6SztZ1~{n~-I
z^9x4&#(`7*lI*t*zlkD#r_B6*@4(Caj-!8Y__dQiI{enjpB#SW<j)Sjck&m9KR9`r
z*@{1MiK_PhiKycLXQHbAUx+IIFB6gU3X*^Q=M#S$jI+_n-2~!K-F5!Fm!Fp|$n<4<
z$|B?mPZW|_@$F#!$c{wM4G2Du4hR8TJwifC6(D8WNrqMoMx8#pJ=?yfvdx+rvY@NT
zs#ql|Y@mt-XjRCHZmgPPU1tN;JZGp5+2AFz5i^jmff|&dCS<oaGdnN~Gi_itShTS>
z582dJvXz@I;8}sN*PDkqdRw(@?4#S7k6H^^fVo%@vOKHH4%DO01{we~gt8C|vjdB;
z&;}Mmv=Li^CE0<cSYiXq*wnBYTaM+~ffZP811s54t+d-(g?g52i`dL9Wudl08qHIh
zn*YvI5msr9Xd03A%^9p8Y34`Yz@}}(FblQIlA9>w8?mw34YE>Ot8Q1&?Fw_-#JX(L
zFpIU#=B6!Nl8!?x*w(1$mGr#QJg;IscGWPOx2w%l3$<&^^IA5N^xQ(vE#|qEb=cNn
zHf`6Lrxs}2%=3DzVrjOHZQ2dEafCe@VUP{l&1&7ky6cu<7GgJG`v|MB9TvP3*EeT4
z^G;4MGBU(UY!{k_ScdJwx*=9#tFUK~#n@`>9%MbXMqwYHk+7d{gm3`2vSZsThp>;O
z*nZYw2P6d_2Q}e+9MXLE(W2?@<FIDCkCYZWOi7P*8o_55M+n%(5fUuY2w;(RgcVvV
z%d?}b&Dz+v9b?mW94GkUE)1icjReo4I!Q`KFS3~{(_c@rdEl>I=wzwZ#X8M)l3rG0
zr(SWI*2l`MAE#KU^|Mmz#z4qotp}$=)@!%%-@u6e86*ym*sHn&x8sgb&fqpyU1#JR
zJe<{s^v25toTHuO>E7hkd+!KWFAoS~lMV>|<P0v_i9?_nT1IgL_ZmDeIs__|A{3&i
z(U$f9bqF*uL(U;koU#y~I7lf)K9!*)Dh>_&$O<AzL;#fO2V*D69+3TFRP<R*Va=ef
zmh8D?WzM-|6_<VG5EY~XRYNizr92p7>l!_42L+^b;#_hDjq!8I8lD@?q)JdfvP*V$
zq$F8u4lOOSX3-w2vgTq|PL0L$N9!a7vsGjCa7gAukA;MqQjK}~@v2d)8Cs3`nxWNL
zpcz_?I?d2(ec*ZpUm6qwN)92xu8;s88zoS0=Zzj&gE60Mp|OB$kul0778|4HX{e`{
zHfE=c#_W{Qn4K~jgWg6B64?l27GcaHj9G*+i-^M^FNoJLL-P?2N_fo3!j5Os;|Udy
NU(geI=hb>~@82qQ;#mLy

diff --git a/src/wasm/Hacl_Streaming_Blake2.wasm b/src/wasm/Hacl_Streaming_Blake2.wasm
deleted file mode 100644
index ff2f0e69c58752afc3e308c5bba2882e315a67b9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12128
zcmeHNTXS1Savp#n2?7Tscn3*|>Lw`(yqdb0x~x_bC|TCUl2(>1+Lmkxq#y|gAV`Ct
zH<s2U_u^!?QkAN$<SqM_hrC3u`<PPxz*cSLB|jl~%F|Y!QkAdgoH-bfhce5~=2EpP
zv2eO)rhBHlr%(3>sKUl-L@5>d+n?_2sG%p3t;p7s$aZA=Nz3-OeCX%MR&?7uHkiRv
z8>VjQ*^MW?PDuQNn8uSQP<Xxuhz|4wPkY9q|MCqs*xi1sP%Eq!D=n+V)u>7*m$3i)
zo9pXqwR)fRoL?^1*DA$@(@K5Ilv5{F#GcY?OM#M?#oC&R+B15ZW)v!wwH4K3PZ+T$
zn2qGu3oGT~Qx&sk9=2z$yeO`e^UIsho)v5Pjnd1aYPIKv9Ph+}YTI{8p;CHY&BFri
z_LQ`(v0f{ztN8Hs!b&B7V|BffU#t|$#gq9fYt@Z<p<3UV+J7jY&p$8L^QA8z6qYN+
z{C(At)|0OnHeUF0CN#s7xsgA0GQX_FZ{#=EpBC!H{OV?<UQ&rY>&CxjU8S&5SIPgD
zZ7(Wkk9vFC%Z+U>H*Y(&XPv$6uyuOdohE=2FhL;?GuP@Z+p6U+cM#o)u5@=#Z(skw
zV5aRagb~?Rx!**S?SJ?=h~x=vm;3cvv9MaIJ~!SnR)vA9Yx#2VtNaRPz`mub>Y6#|
zno_k?SLwNfPWN1>x(~eI85C^1P(26U(6d^xsCwUeW^Ls?XYPBe3VV${bN^e9U{CkY
zJaFIz{+S04ydiz&Oota5$N(*o#IJuZf$=v82NjKOO>gH^Rw-`Hy;0moZRyrwJmn%4
z{7<)VJGJN3d8Mc=7b$aF%Vj*MTd~V}5w#1u;!^vpvL@vew{VPFD7K)K6KRbklhn@f
zT$($mL*%DLd`!eAD3Mc`MI9o(1L8X@@d;2dh)-aHjY(nR6P$#2hn!~dDN1?b9TD$9
zykm(^ffDg4U%WRdOnizv^?`E{*?GL82{#SXSSRH!>Y}9Vvx_<xRE)YfZC17Hzp5KT
zda$#eT>OTyD|jyTxP<khO-$V5`Zn&#MO^M_((K!~o8k*9PFVc<j7n2C_hP?VGc4VQ
z75z}tpUVVlz;mhJrCzAXcxw8MntoB!AEu^{2ds@{Rg4E|kTW!xi+O%^c?d+@5W^r~
zTJgBcBe{S7&)@#x>vRVnqC*mQhXckajf$`%0fUILD$X1*#%L_793BrC6Eu-kX+9b-
zj?uBK>f_@9BTLz=%J5{sn4+nyI>gg7Oozo+!*oP^HB2nF8>aCE<<JNnm9Y^zE@LA!
zDPtovjWO{^ooDE9ZfEBgahl1|#>NKEQif(_NyZbG@x*03aYLTCAy3?pCvHfKqXBAd
zGIH{tf8kwBHW!ohy$oC=CXsumJlDGLA;&2$`_e8H8{(efYT@!2vnN3W4sk#P4oL-;
z>7-6^NLRo}Q(A;|2aF!-5$(MJqmTN;A^ibkfCj`Ng8?H$8F9!^z!;`samcPXIK+p^
zp)RqYL)~I@hkC{64)u#eQZy)IDH@Wo6phGON<8R0WR$u*hm3j-IYJ5Xgu;gwm+-_T
zJaI`+T+$Pl^u#57aWI0pH{ti3;4sEjV(Z3&=MuY?A3*sxmgOpOlb8J)OVln0!D4-5
ziN`Q&9HPgqTdG9#xJwu_w{+Zy9v9K$A)<3?cU=9`uMt;$(XH5aME|wpvjcyqp0^l(
zHhtKSy>`T&7h7I>n1pXTDEfMFn>xOJ7~9UZv?7+?sMkMRRQIT3Q9b+u%s0w#|2~N@
zjDkUl^6l6*q$MfY6uFM3J?Ro#DT@|u2+BZyrzPLxLVg#*pi9CWNs`kP;ciNE4@J2b
zW<+8O-c>!IB4wFI-NB>hA=s}^vk=;N6XG@4N^J-p&r4wSQzuUS6CT(vpEuSZ_7!KK
zJ7Yx$crImJ(!r{?3d)a;jJPlpqL&6KCDAcR14!qXfUL^H_#A=sk=+3@;u6M8fQ%UF
zBO-kyL^@c9yi3_C@8E0NJBN|h?7T9n>4tZXShRSDhyw4B<sFX;?=UWjy5@-|;@4mE
z7>z=ONmYpUCOXCwxd`$(B4(T>XpD}~(R6~3`8)MKl6)NA2oxh68*%6Jp*l-Z%9b&!
z%9AvS&k9e0HC0CLkMImdXv&1mY||bT&o$98eg{)U&OA-g9KC~6&(J)!b%KuYNt)$T
zbdpcgG`|bSylaKrX;6O1oeCa<kXz6!#)7brJ9B_gJBy{~p!1v+YT&ta&b3Ye$`7@3
z5)9`;^wC*KmT`QL#JLx4=jkl}0Fy63!-d`9cEKf#nQ*&cG+Yo37eX|E^+V%CoeuaS
zyl@F#xM;j^8R;QMxuyVI)N~^NuUNDM;8nUB#KBc73_LEP;61uR?->o(=n}tA*Z4YJ
z<Qq8E4a-;8LHWLVKX?p$byKq#3&MPLi>}f|q=yd<;IrEhaR<8ZSUv;Kr8_Py1~&tg
z@3T8%(K{h}={8*vpWUVpJb&G#+x#O;ya(y`cKhp|OBgf$x@V-{6Y2Ltq=WS#{BfV|
zH~Hg%rW^kF$fCs`59wjxkB62&JTCmPL`y+Jct}e~2p`jf;Mh`se9}b6_){c=M-WP%
z(5Lh<eMFCN^B$X6($!>=Kf}$wShjM4P?rA2DE9EVo=l&6$std9NU!h{kNc#|1-i`3
zbeW!*xLIl1lH#XLbc~CbD*53VJ)x&mq=&Rj&#=qq^bx<H6)w>Wlm-PZ!!u<o=3G#I
z%$0)2Am%EX#aIv)bE^l4wJMgbLFbwkYv8%G=2|BJ<;U8ZM8jH$KC0435^Gf)O`FnB
z5$jatFEGCbCAHllS91wtCgf^HNlld0LX?2D;V1Yc*K;b#o3u&NV>RBc$>04FRZKj(
z)rN|t3xD#N_N$dP1g!2?n<`@n@b@6~MTZFVX$e?qKu!IUumZ;8B3Mv4vxD9et)%pp
zN~%M@f7OK71;)6QV$_P7L02rgTTQ{YoPuRimdiUqNzW;zwytRPB%HA!!LJQFQHiHf
z(WDQiwp;o>k%-NeISsWa8G_;mMUht9?W^@Bg{ke9-ck;^x7BTIk$b7vtJZs|M=J7O
z6j04ANI#*w4BqoG^o;%J69-V~q<ILt8?ttn0fl=Yb{PyF{hi7P+J_JWB`AsXF^q!o
zjao-ik;?IwsXsL{$s=eWP~J<~hyN~`P6wTay)(t5O|&$iicyi%D2fj>iA3qdFxm)F
z#!XWdk2TRT6f;TGEaSxZJd{oj?;4)S5g$cCW8#RsZH31XT3HWyIVu)73X>hh`3ypE
z43w0z$Na17O$sy9F;q*(Q4JmU!d9#>NfW4rCK~PGG#1W4!%Qv~fCE{f#A;g4l%`zY
zDKm11XF{}rH48bjmYhkU0y)!~GIC}`&TNPr?0AmmP<Tan9!5I>nJ28%&x7(4=R3ip
zZwVP;Ox}B=j-$GWrK8e2TZ74e6<icZSo}LT+zM%>Ir<ah(zT`Id%CdS3hdS$-5N&T
zlFlpquVqWe1VFi+hymqx^o9H*gK}{nlv`A1kV^Ii<>H9E#H6w&!K8aIzrCQG7LQEo
ziFd?P4qWS4t`$&D#HW1m-lQ<`e*)z!eDzyEIass-$_WvGazYp|#t~2sb`L-~2gz}C
z60c1I$~jC#^4>I{oP!)VHVHt-fN~B4l$%sYbl$r>?JzRgq{^}Z<s2lV?4+7!1Ijr_
zMpKjOEE+T9TM0aXa%WI(0F*;%i;wX$DkGqri~*FBF@SP122c)Tz)y1V*ME+#?(m`y
z%i*Q|%{Sk$2IgcLfH_$PU{00+m=loz=41@OoQwgOlQ95uGPVbp`ws!;dZJs-zSmZ+
za|^%~|MJrJ1n$H&0dOZo0Ne>-fICMj4sn_R?i?u^#Ayb&bAX5Rh|>&k=iqJKCr&fK
zorBl&fH=(ncMkB}j5y5zcMc+ESe&*iR?d3BomdgTomdgTomdgTomdgTos0pvlQ95y
zG6vwzavGpJ&uODliHXxRcqhvM-pMk6cd`uNornZ@Cu0EbWDIY283TByMS7J>%l>dX
z-t7Mm!MlI>YsB6@;N5Y=qYd7T`|)=$@NOs44BqWT1iTY2ieCZmb|T*kyfg9*cqj5Z
zjr>1>cO-QJ{jY&{#ybYQ6Yr4m4u41R&Tk*0yDnj)i<373jmafGCY1n6C)B9NI4iLx
zuwPcgekt>UX!W~7ye0tenJovfpX}M^BV?!1piY-DtBSY53_dG73)XBI1!Y7EN)(`e
zGca#~WXKzU^K57`CeWUibILSCZ#mIvI!z=eI&Dt$E}iBDnxzwTk`@3Oo=T_q3;@Hk
zG|%VgET2bx`vVj|fYE}g{yZqZu00n#dUY*qbV0K;CfBfKfKmU@>~eSVYs}?~ka7t+
zFIj*9crIOP0t_#iUj35P=a;akA;a%ZFM5FCMU(>pV0am@8sIx#goef4XuzUtL3gxh
zG%SjS#Sjf(T`?e!PC>x>B7pNEK>U3FT_XiJ?|rnH`pEj5u<M#`08}?DT3&%S=_Y*Y
zrM#Pdzb^sgaS=ba=my;~8a|-+82B3Bp{slsr@CwT>JBL1SGR-5z*j%gEXIO8wgc-P
z-K47k3_m=8&j7&j1L%HW`3yWDI4)feT5M2$|MNgB3P^2_Ub;^=1jM;dAL5OP2>|c-
zAwHKNeQCG9mRvx21}UK>BYjDv1H#)Q9juSxk5A~6CVzaY>4rZZS+w}$F+C3a@!0Z*
z$Av#Wqt61s@G*UcCj4{yG&r_g+k6upW59M?Fou20m0bo(_qklzWpia$Xqlg4JCxTz
z-XkjD&K6A+`cUIDWRt6a8ch^w%G!Bj6uW<}C)0B;A-$j%SXKcZD3hpE1}b=s%XE!O
zCgLhhhf%!RM8~*_sgm2)4sgJATBpZyz;$!LFKC@>RH9WNc{M828qT*tkGM`1fNgdD
zl3e~VqT$C@oPP<*kMqsoF^Ka&(=5h<u!#7|?D8!+=_QuFg3eb~e1qrGE7v+ZC_lbm
zNd&$M(MK=ok;L~)dhEH#2PuC-FZpZC--42@-C@4v62=Tjxn-1Wi4rv7VTaoGUq?ws
zORkdq(+J@|U`1<k@*jVNg3ZDy<0#U4{KBja_vE|alqTW~PAPdSq2mydwl7ZE^lKFh
z!b8^}VS(Bl?hVB$(Pik)qA>|)Y)E)JPPw02;FO-)eQ`=r+wFJ%|0i)u*`SY8;?dvf
zL2$~QNE1#e{!7At>)#8f^g5p1d9L9mX26ld;zQPHfSAW}9=bWE(an@WH^-acN`*$=
z21;Y-==Z7YEM-#Jp|v)Z9jdzH=*=eRD9PucbmwkNG>fKBzMu_2(KmpeHC!ml_Mq!P
z3OrPFQlfSeS9;RQRa2k@6`k^Pg*PcIYNt>rPNPDc1}5m26SI^>jhOXNQ8<?0!NPfH
zn77bOeDUjn+FH+?rc4OTOVXGR(FT@>U^dWI)P<HD0Wlk)1O(F!M=+;Rlb*!a%@IB=
zW_uT#JK*=tjqjQp&hjttG(?5rqW|_s!bSfo5(bPW|L$kVm=QIulD~<{Z${^WpQX+%
z>R<WJE&D(AZTu`%e%*MUR@PS6OO-;sv{t2Jt+rO9`ev<Kd`k5-s%=*5rPU%mE0ijm
zwPNC$_n94gaQEun^Hjobl#8pyYMoXK)y+bM@cZnw+E+pqp6daCTW{Nq{cFzunce&s
DKmk>_

diff --git a/src/wasm/Hacl_Streaming_Blake2b_256.wasm b/src/wasm/Hacl_Streaming_Blake2b_256.wasm
deleted file mode 100644
index 36e0d79281c79379c63478611d2c6c1dd9f0f0f0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4495
zcmdT|OII946t154OamE{Xi$v#Dws%A&=3Sg4e1dv<Y81Ws3A^zh6cK)=V4Dz6fiSH
zk9ypBjtdtqT<XGX{Ua`1`2$?Ja;N8bt6x;dIU023IWu(KTet3`zOU|7!}NAtVT>t1
z?e6Zf12>ee(!HVdl%D@5+3Q7PU)xRef;mslkip$H!6GsY+$6sHn4Aw}FY1n7H|%8H
zs3%xaU7^@ZomQ*qxQC^2xnj6Y+nAnW>>o_dOfuykOioX;gluw14n%ou8%~oYWs6uU
zx@~SW%9Kh<HaQq`qT6<}%F?pIh-?s+Q*P<inz6<*vSm@WbRE6Lvhws%dAho3RBPo*
zXMNpp%58JoV7dFx>s7maUT<%fOSWD!CM)I1XQoehT1io^1e2ZCn(i9qddGH6mJb0b
zkWw$VUEOh$J(m1bP$6AV2L^{SpNX;3W7-#KHT%s+BxGhh?@O*@=ykKPAqS4)P!i=v
zvs^Q_%2l$XkY<AwCil0}Y?v-nr}nqVuaFJwbJ;otYj3i_eWtkX7zP{4`};?TB$dL~
zUy0rO{5JhfB)Zw2#>N=qX>C{G8DxsNhiIfJHhqd|o<&w;vy365DK(x+o}&S~m^$Yz
zLRP443)yid8EK3sc?wCSrWqSh(u%4g%X3<a=SP{wtYVfS9WzpY7AR6SxiA|rk&MQ)
zVUdV6#&VR3kdwBSvn}$%bI6gL3+Bl=^1MI+zE}E1`2I_Za5&LT^%U=$rDvYL)Fir(
z(N~s7gDkR?g&)Pw;uI@Vl*FA<5BXbHQ#~!2MxJ)-&POHoI`SoU^*vJVDxvmUl^2j8
z1q!vxsUCS#p~h+$@Z`N32PIiV8^TcJe@OE0Ysvos4B~)~mc@%u_<bnygGlg01l1u4
zs)HmcH4m-(qM;8PL2=kqaazFBwDD<VBIrnUKZdC45BUQg>YCz%;0abS6<foPkT^`S
zhqc^dNE6ao7`8AF;YCtFnPE+__;AceK$#;LoMt&3!2>g_NCpq$2!Dv4BjkNV8;-mS
zN@2tT%>`^BDeyibypQzpPO68sU;p^ww_9lxG`8TOa}-Bo=se=dd*~dKWPuKV2pvf1
z_*z1TgOhLHJ;3kW;>Ynwv<c$ajmG2@e^gWWiEx_}g6sXa`6N!__za!PlO;C8=pgXN
zaFUM+u8rbRjNuqg6!ZL4P^14)`QwCRlrj-{kFkNCl70dSJW(U727eMy($nVSq#CdB
z3F6mNP%s`6?&(<ejGvClDLzT2!q1s|sAvjPfT(CHtmqj`@o9|XG$t{Pr*MV}n!z#t
zES~1i;aNV53I05h;dzPXvm^yHe=ZtEG=ITUaaz!i<}Zd>dOfE9zMrL~a};w<qBrR*
z%vn<HBn1SV69k;=6Ax!`Owju*k%-QgPw{g&%QZ4CQH0Xn6faqzxsc+eFhWU0DD{az
zs+U6ey%xmh3BQ*Kzxfcq1!_sJ;FTEZ&wKJ7=@%tgkp2QL5T<_1yC4zB*Ajm&Vi6a^
z2$%3Ozl=-#Rm}4%RMiy;t5-=1u(})#BdlKYRGb#{!|HWhz&y32H|_zmC33M$v6m&x
zNM~W$!ujYlk`!RJEOvCcPh2cvQDC-&H+;O_#1g+shAZTK<!-!IEYMtt*GlMpMR;H7
z<DFD*5gu>j?HC^Kc=8?|*Cbisv5M6Qk5vf|UrTsg$MvWQt>QX0p?C34RJLeB<(Qn}
zH>e5e;l}<=6RMzscg2ydgh#fD3SXmiP{s|c;Tm*0vqs25uivVCow~_<P3l8Jk}}_$
zrR+C6V{G^hX%m~|-R7pRHEZ0$0<U2KX2>`@Rt)3yn4IDbG8H|kc@G7)(88)HuoV{g
z9$MUii8>l^P(zdIYvUSsVe<}LeiIgdpV;ue#PgdZ1w8LW!-(e}cq&c{`tf`#%<^w~
z(l#yKp_n@oze#6d$C7F%Dd6{xVBk)lc-Y1@!S8LX`Va+e=|gPuTV&s*Al<uZ-nBq;
zA<esCkgf>Q?GuDlz2N6a<#f|zD!;9OK6KHPc0m19Tu@VqZiX&r$>2hkq4VM0NMqMP
zS{Q^E*TlSV6v*Oy6zKOo>{kVeWxkderqaD}fG($lba(tQ;oTkSqRCS{jTF*!4^n^m
z&$m-XX~l1=;->n0vfoWr{pu5{Tw$Y3{UR;iEheH@nTgWgJJdvFZ~T{6nORhu^_FSt
zuGwtBaGa(Cx8pR7HMmVUorY`H4Xo>?-EoY<g8v*lUN_rqdSimS)iPi<VC!4Wj*Gh9
zn#CovGO^fjuNqai>4=eIHri&jJ#o{h(%aPWQ*3{^ikGMVL7M)1*Z(0=dei%tX)a%x
gzcLH6-m;Cl(GYkyI=T(|??cns5|X~*O%TR^0*_)WQUCw|

diff --git a/src/wasm/Hacl_Streaming_Blake2s_128.wasm b/src/wasm/Hacl_Streaming_Blake2s_128.wasm
deleted file mode 100644
index 0fb085660a7f27b6681bffbc32e4e7cc0f688fd7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4260
zcmdT{OLG)e6uv$0nNGs+P@)kzmxu<0C;>wfV@!we5)zC+KzvL(lMd;gp6;Qi$0{hv
zpq5(hbYZ!4sSBxc<r;s33s?RCSFYS?mEY}GZc|ew(G^wc>3hyS_k8E}_w~(brnj34
zV@&z=-o1Nl$BMG4Y_2F>r5pZayWM0QdN(uOXfCh|2-timCR&8RC{5=3PmsK?ctQ8{
zreSBBMl-{z>NQ|r?zCF2=kJlmwN=A+ZDafdWB(Fze2gjo5^`*uW#o|EG7##xV|Xsh
z$`Pqjblbe?)KE%J4%wATqT9AxXL&hbNDhd%Q)}t<hOx#9a%5GG^gX@Bit_Y6dAhz~
z)El+c&icCH)!ODAgO#2*r`PS;IlaA6o3r(XG1jgf8=E*7cqK<|HJa?S)^y*fH9NL%
zvT{sF1x~%z_I1zCc3Ji_A%%QJ?du;Xd@jaHmuX+-)#A4w!zi2#vS0Q+LvNbSO&K`B
zK@l~_tu>6>wL0PeX*#Sjw!M|6WBN=zvAsp%4q4wem#qV=y}|moS>n297;K;%K0h#$
zRVqJzEuP*NAK^EX*(`Q7Ho_RsYY!MNP@!6S8Y4}y@mJ0BA{8|@#TXSdrNIl?Sq#{P
z+-$Ijio$JMR6NS0AdT@X&rz0g<Batwc|}#J$V*y|mxr0gtZI=_J{6??CRju@rMMaj
ziqV)hC<?JgSP7*7TFcs6$+nP%m#7506wM<!m3ajKKPbHre*Ovwdor83t`b~D+{?Id
zNNjRkvb`^=qKGO&l(33JtO}IO{kblc?=I)MS~gE*Jgxg5&#@&c&#~oOa6VwM_dAtW
zC<6yo8Vk8DvZ<t|_RtsDTYK!6Y=JgF14;e?DSzli{vFg$J3_WBUL}R^q$=M<8NM4-
z?Utz81xslJZ0$^jA#I>yPvGKM!1GW+o(c(da6Lf-*!73}$$)iD2}uYHtC~x#;d@~Y
z0((#^osVS#pGAWf^(B14iX=0rDHb10<%lG+m-@$9iT2WyCs`E%PtjifH10#lKBNsM
z*@dKN$Rf-|YJnAH9}?MzdSr*|8SRh1fBN%oo+=tU6R@+7_NCZ)Hn6wY*)Q3G9U@BD
zA&H&P3wAhh<POsl@%wlA0eUuh2;#LHPT4vBoTl)DLNUYi937zjbg)|H&qtMpH<iBt
zHWFaSaZ7iRAJ8L|p^*ln9Daxn;coN8a2;;&7on0Pq|o75Hb+x6Fg}{HbNnTQiaamV
zVH%~Eu<IlAGRite`}r6h<;Q7^pP(1{D<I|-NpdG(MUp$73=_$X2QH2Uy(D+?5u`SO
zrIWy%l%xiqMU$4a16Yw5CWRO#d*IOo?H5v;z}BGiP;OH+!Cyu2G!UjAmfN&Nn2Y5$
z9V1K&gy|j#aJ?3j7#s(D1}wY|7G`1=W^p`dq@@Hn7uZ_@JSEvefb%q;=wM!wLFk1F
zPSYtm9V48f*ZEmG!_UzSKaX9Vm$*6yE8^;GGEBI7BXDsn=*86qnx`2Y4;LSSvjwDB
z1oooD8GIHkS~Qou8L%SG7R3`??14)QbV_ixKo>*4F3|#i6M;*}zVt9(OBP`+=4&a=
zz9h0Q^~es_Tj1j|T~6_FC9t>nxGLF#k7Zg;_*j<s2)*Fr8eK~cgk`#h1K~PdNwzHx
zgtt?6j^Dt6@D7sF+jN7j(^Yy0Z{EAHmVy&Z<?rFmo@q#Dg0Lj~ty$FYeh^IWhlfLr
zYRGQ$mC(D=;5yCnRhp%hSU2@lNsO<h>>M``D$a*>TA?*EXqi@N9aY|>t9*m%+@uX|
zk<J@nrXgw0f)#1bOooZ(?7+pbpqJ*FkDxUNOI={PlGfm}$hD*$z>2iy3N^Sr@W`R7
zLTe7T7Cg%6h-i_+Zz0|Ti1)DMJc}?FOU{cyJOSeM0D-F=9q=mmHKy_obwu|iZD0LN
zbZxoJW&s^bHtJFe5Ngn-rFtVQjIc%TR2GRMTL`s+e|mA>QjvrbdLa@O%~T&cw*FzJ
z{gMe9Ds*2w$Mck<JemXb_y66pF_e{V;Y9oPSGHICrhfA&cCN5trhb_h4fkl$-;YY)
z5u@>UM6dpSit28&W!k!Lx(*qh=X&IKJjYlg-zBf(_-50fb=|Z(o>4gy-bW5J&2}4~
z5#--)8Du(S>$lyGPffiwMHkK0(esYKY}9?%6C=-b+Gf2y`hihL2?q|b?bRy2C?10{
t!;g{2p-_DO{Kqn{T$;Z$MP{>Q8%@Izd^;W8CVY~+-fdy&H-iaq{15${5SIV|

diff --git a/src/wasm/Hacl_Streaming_Poly1305_32.wasm b/src/wasm/Hacl_Streaming_Poly1305_32.wasm
deleted file mode 100644
index 0978260d791e79a69b6ccce923cd1f12aab68e84..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5365
zcmb7INmpFg5x%b{UeAxYn`WqD5FiN<AZSUJY(4A<8(Bh%WMs!fs|Afr(+p`f3;V>h
z6nt#0vd$)(Y_ejTlcjz`R#{||UyxOH$w|JtZ|DcYlEVRR)qQoV?yawe`<^O4+cA_<
z#^0Ymf3B>@#-VZe*k~F}=U=$l^l4}IFw}IPY2FnG%0U3j-5G}w(a>LyU?JUhyIe2t
zRBGX!%1%gG$w%10gM<D3y?Uc7K$o6W8hf?M;$@}YA~HXxjJJr)E~-#aq%&v;`}np}
z-&5hB#EGqxYg<ouOV~;zDAI94Nx4?rTUXJbKp`mL9jCNkUf-^4s8~?a3Q9KW<$cu_
zd^`|*y#94%eY^DJU~{ulFFo7(wxUey!}5BqbZ@Wr&FuW8h0^>Sot`M|dk+uxH_DBQ
zivK@rHn(=So_(zn9&`z)D3_i!%JoLLslq=<<V2IHbS4}7QD~#7>=#C|?bQn~u~EI5
z2aS5AytB3YG`P>wIwl*H($=m@4!uDP_8Th2Z;)`0m41_qdyLGREN#{+6_t%U2ZVFO
zM&i{U<#@k;DgQ%<`KEaoX|^BQYC<WF+7`zsW|@7qWg9j8T2XGJHd|d&iek30&9U%J
z5bAd1rd~pAGF_`u+ms3j*^0v)p)f@jl}Z^=BblT&HtjseDK6^sqTUqs2}&%fBGku4
zeH`lJ0rd%RCe$Y;RY2%0^$AW=l2bNun$lu|{1ap-<D4KZCekpG4w%S*lM`gz6F5R=
znaFUK6kC+#c9`jao{oT?c5ueFR%Q95t5cpZgkSecmOHg0ZNm<WM>JElA}3_Ii@GQU
zS7I<1RfM{1bzD>?*v>^|Q5Sc6>*3KJtnJ0-dhM={JeV+7rQRxa+se)fu)?{U>$Qz4
z_nt85Le|4MN^zc2c2t}RAh-`6C{W&kOb@2RS<aAi2BHEG<9_Pr0V>$0EQe8<8>B%V
zTKX@3Ug0mxwDfPEW*Q(m;$a#hKH?GT<5B8s86N|a@OE+zOx9z@X_zNygePf2R1Y2T
zd77~Mj$gXm1#p*-U(zIab!4ZGfB2p+(xjd7C8oel9KYmgI?pq7fiKZTo~0?CqiLR}
zQJRq$9i>a+_EDNG!tJ9pS5!F+^F>88Du=r)gUJgrSiC4hj*Bu7U!gI&yc9hYMPsy}
zDHGJ9rYulJP31sc(G<}+S*jynQ>IwglqDO`R8IDwDUxlB)0n$LQ+kD_^a@Ss6`Im3
zauhuQe)10}fhra{Ot{6Nt?8797#U7Aa6@PUM>M56_<RKU9psgyHxe_^!Z3vZN>kDa
zAU&84XE{U88Hm#2PoyrAE`1_^EV8&g5I`M)0P3VHbsQmI+Ntx1yAi!T!RYM;;|CC8
zyA?orBvBuABewh8km*N!wE}1WoCHuI5I}>7>{b8`fs+6t#602{K|F{E9zp~Yk5Lb?
z;NC;S0$~r02!1^@D&Y0dm>}092R<i*$>TCu2x$yCL^TFNNcYk?9T*DKxTZ`{6PmI>
zO=>C!>b$0ipxq4zP3dsZlnw_?>2T1L4u?GTx+^rLS7=JF(3D=GDZN7R1v2@fO+1CN
zGZm<b7s0tT@q$mfWk;ScggL@dicqxGDNLUJshZf5MUu`?LTcg+#ib_BxHWNxrlls%
z@FnP;#fD}Bb<mJHI9nw=^XlNNR|jXM4$hvjAzON1aG%M){0<pnh0r<;{byp7zkYWV
zI_G9h8v@=W(>Eya#wm2HBREU(@75wsI~+x$vyOker0!FENv-`FbCx^zrzEl{WLuQj
zz7uIe8ycOjP1<(q1Rs&~@}G;fOn{f1&7vQ=wlXbSdJeWMN|W3DtK5#1@1S<>q!4$(
zmuNhG>+b~Tg4^Mf4!H1Ex1M4w;3&r^N--Z`O!ZI(F8GbK9h|^xUYc>5Uuz9|5HeMO
z&QV%`MtDmO<tPiBp({^0?!#EX{t5xCm0(?{B5{4J3m(=5!Mbqv-umr-{^!sC`Ywv9
zrEY15572<GLmWPMf{*Y}fER~TfER~j!gDya9Iof!@L?K;A;;DrU>>sKJmT)b8ImX>
zp<_=4LdOpfXBJAvC`4o1wzZ22a?ZADs30L4-$n&7P(BPAcRMhO$RK*eBy3zjak_|Z
zH-%0&O%pr={~?Kde5b*=_)htxkMAWt#aM6_zDT3D;yOojG$^>v(U9OeM<g*J*v=6<
z*v``&UxtYV>}}yRwhL9lGcS)9JZu*P+l90Dwdna(vWbgu&J{SP=sD*qvg;aM^OXwN
z@0{Qxd_BMm*f#>afc-Ar@Q}LE0!q&Tr}yYOz2}*`NmtmWo4iCtejg`%Kj8f(aIW`l
zpY*-|fu3S4ILrILpc_;~b|I+Vio!B2(>sE~GF=xGmg$xtuuShd2z*G({1MEoV1Fy8
z5m>1bo_PqYcnGWr0xM_l?KWKeF@5Z>5*Ob&!AJORfEO3926%DtJzDi#yxMZHo`Z|;
z(|tdm?jWD;BG!ND;jU9V$q$en#qCx~3DeT#KZCZ1T9O{>-1>w*k=$By=GM0P5nbg^
z=_;*xkbXvYXpKIF$zRc3{+vGJFX(grk{<C_aNt(~fWHLi0{n$f`T&>o6l1|z06+d2
zz?P{@cLdln-4$TVwCWsMXIPo;Iru)IGOxqR2DZ0x8sCj7;hBf;hKKKl;Jb15)+%nv
zO7f<ylKhmO%8f8^h~z)MNArw?4r6GNo&MEQow{18H(o6zDiSBInwGw1x@`@wlwJ!>
zNTdMA6va7h=jBEzZ-+WD+_zB8IBh3zzsOS7xuj+Q6KCKayhZxOQF^Gnm}cF(k|TtJ
zwlugeQCW0UTv*9u-AJ*8pJ=3_&TXV1UA@v`brXF}Z_2jz5$CwXs@v{$L8g-EylF~N
zx4eqtw~Ahy=3Z*IacQ*TeYhE?s0Rc#g3kK$e3AFw_;RwH9DI=r_yP@B`y%h|*%3O+
z7kS*V+vSeU{V+cOJ!q`HPy4|kBg78{pLBJ~6Nd2X{xv8`eOBW1742{G=_V99^j=<~
zs5|(!;YYL75&3xGMfZe?AmW0&;`oT%A*?oa`VA@hQoaQlYD6Vp81fxw+W#Ol9r$oH
zE#F_R(fZ!b{#LEr*xK8rO1-{Ur^Z2jx3WQvJ*pq<Hnw&uv{~M&9n>p{Th2H!{BZSy
k)oZl1vtO(1RCXJ*Q{Fu&*9f2Y_UhjVSAMD=3{R^60k_g4HUIzs

diff --git a/src/wasm/INFO.txt b/src/wasm/INFO.txt
index 60cb7b00..d2f1192f 100644
--- a/src/wasm/INFO.txt
+++ b/src/wasm/INFO.txt
@@ -1,4 +1,4 @@
 This code was generated with the following toolchain.
-F* version: bc622701c668f6b4092760879372968265d4a4e1
-Karamel version: 7cffd27cfefbd220e986e561e8d350f043609f76
+F* version: 6e23042e74555544267731295b7d382c86edc574
+Karamel version: a7be2a7c43eca637ceb57fe8f3ffd16fc6627ebd
 Vale version: 0.3.19
diff --git a/src/wasm/layouts.json b/src/wasm/layouts.json
index d9d2a29a..81273a66 100644
--- a/src/wasm/layouts.json
+++ b/src/wasm/layouts.json
@@ -1 +1 @@
-{"Spec_Hash_Definitions_hash_alg":["LEnum"],"Prims_string":["LBuiltin",["I32"],["A32"]],"Prims_int":["LBuiltin",["I32"],["A32"]],"K___uint32_t_uint32_t":["LFlat",{"size":8,"fields":[["fst",[0,["Int",["A32"]]]],["snd",[4,["Int",["A32"]]]]]}],"__bool_bool_bool_bool":["LFlat",{"size":4,"fields":[["fst",[0,["Int",["A8"]]]],["snd",[1,["Int",["A8"]]]],["thd",[2,["Int",["A8"]]]],["f3",[3,["Int",["A8"]]]]]}],"__bool_bool":["LFlat",{"size":2,"fields":[["fst",[0,["Int",["A8"]]]],["snd",[1,["Int",["A8"]]]]]}],"Hacl_Streaming_Types_error_code":["LEnum"],"Hacl_Streaming_Poly1305_32_poly1305_32_state":["LFlat",{"size":20,"fields":[["block_state",[0,["Pointer",["Int",["A64"]]]]],["buf",[4,["Pointer",["Int",["A8"]]]]],["total_len",[8,["Int",["A64"]]]],["p_key",[16,["Pointer",["Int",["A8"]]]]]]}],"Hacl_Streaming_MD_state_64":["LFlat",{"size":16,"fields":[["block_state",[0,["Pointer",["Int",["A64"]]]]],["buf",[4,["Pointer",["Int",["A8"]]]]],["total_len",[8,["Int",["A64"]]]]]}],"Hacl_Streaming_MD_state_32":["LFlat",{"size":16,"fields":[["block_state",[0,["Pointer",["Int",["A32"]]]]],["buf",[4,["Pointer",["Int",["A8"]]]]],["total_len",[8,["Int",["A64"]]]]]}],"Hacl_Streaming_Keccak_state":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Streaming_Keccak_hash_buf"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"hash_buf2":["LFlat",{"size":16,"fields":[["fst",[0,["Layout","Hacl_Streaming_Keccak_hash_buf"]]],["snd",[8,["Layout","Hacl_Streaming_Keccak_hash_buf"]]]]}],"Hacl_Streaming_Keccak_hash_buf":["LFlat",{"size":8,"fields":[["fst",[0,["Int",["A32"]]]],["snd",[4,["Pointer",["Int",["A64"]]]]]]}],"Hacl_Streaming_Blake2s_128_blake2s_128_state":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Streaming_Blake2s_128_blake2s_128_block_state"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"Hacl_Streaming_Blake2s_128_blake2s_128_block_state":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Unknown"]]]],["snd",[4,["Pointer",["Unknown"]]]]]}],"Hacl_Streaming_Blake2b_256_blake2b_256_state":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Streaming_Blake2b_256_blake2b_256_block_state"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"Hacl_Streaming_Blake2b_256_blake2b_256_block_state":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Unknown"]]]],["snd",[4,["Pointer",["Unknown"]]]]]}],"Hacl_Streaming_Blake2_blake2s_32_state":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Streaming_Blake2_blake2s_32_block_state"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"Hacl_Streaming_Blake2_blake2s_32_block_state":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Int",["A32"]]]]],["snd",[4,["Pointer",["Int",["A32"]]]]]]}],"Hacl_Streaming_Blake2_blake2b_32_state":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Streaming_Blake2_blake2b_32_block_state"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"Hacl_Streaming_Blake2_blake2b_32_block_state":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Int",["A64"]]]]],["snd",[4,["Pointer",["Int",["A64"]]]]]]}],"Hacl_Impl_SHA2_Types_uint8_8p":["LFlat",{"size":56,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Impl_SHA2_Types_uint8_7p"]]]]}],"Hacl_Impl_SHA2_Types_uint8_7p":["LFlat",{"size":48,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Impl_SHA2_Types_uint8_6p"]]]]}],"Hacl_Impl_SHA2_Types_uint8_6p":["LFlat",{"size":40,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Impl_SHA2_Types_uint8_5p"]]]]}],"Hacl_Impl_SHA2_Types_uint8_5p":["LFlat",{"size":32,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Impl_SHA2_Types_uint8_4p"]]]]}],"Hacl_Impl_SHA2_Types_uint8_4p":["LFlat",{"size":24,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Impl_SHA2_Types_uint8_3p"]]]]}],"Hacl_Impl_SHA2_Types_uint8_3p":["LFlat",{"size":16,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Impl_SHA2_Types_uint8_2p"]]]]}],"Hacl_Impl_SHA2_Types_uint8_2x8p":["LFlat",{"size":112,"fields":[["fst",[0,["Layout","Hacl_Impl_SHA2_Types_uint8_8p"]]],["snd",[56,["Layout","Hacl_Impl_SHA2_Types_uint8_8p"]]]]}],"Hacl_Impl_SHA2_Types_uint8_2x4p":["LFlat",{"size":48,"fields":[["fst",[0,["Layout","Hacl_Impl_SHA2_Types_uint8_4p"]]],["snd",[24,["Layout","Hacl_Impl_SHA2_Types_uint8_4p"]]]]}],"Hacl_Impl_SHA2_Types_uint8_2p":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[4,["Pointer",["Int",["A8"]]]]]]}],"Hacl_Impl_HPKE_context_s":["LFlat",{"size":16,"fields":[["ctx_key",[0,["Pointer",["Int",["A8"]]]]],["ctx_nonce",[4,["Pointer",["Int",["A8"]]]]],["ctx_seq",[8,["Pointer",["Int",["A64"]]]]],["ctx_exporter",[12,["Pointer",["Int",["A8"]]]]]]}],"Hacl_HMAC_DRBG_state":["LFlat",{"size":12,"fields":[["k",[0,["Pointer",["Int",["A8"]]]]],["v",[4,["Pointer",["Int",["A8"]]]]],["reseed_counter",[8,["Pointer",["Int",["A32"]]]]]]}],"Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64":["LFlat",{"size":20,"fields":[["len",[0,["Int",["A32"]]]],["n",[4,["Pointer",["Int",["A64"]]]]],["mu",[8,["Int",["A64"]]]],["r2",[16,["Pointer",["Int",["A64"]]]]]]}],"Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32":["LFlat",{"size":16,"fields":[["len",[0,["Int",["A32"]]]],["n",[4,["Pointer",["Int",["A32"]]]]],["mu",[8,["Int",["A32"]]]],["r2",[12,["Pointer",["Int",["A32"]]]]]]}],"FStar_UInt128_uint128":["LFlat",{"size":16,"fields":[["low",[0,["Int",["A64"]]]],["high",[8,["Int",["A64"]]]]]}],"EverCrypt_Hash_Incremental_hash_state":["LFlat",{"size":16,"fields":[["block_state",[0,["Pointer",["Layout","EverCrypt_Hash_state_s"]]]],["buf",[4,["Pointer",["Int",["A8"]]]]],["total_len",[8,["Int",["A64"]]]]]}],"state_s_tags":["LEnum"],"EverCrypt_Hash_state_s":["LFlat",{"size":12,"fields":[["tag",[0,["Int",["A32"]]]],["val",[8,["Union",[["Pointer",["Int",["A32"]]],["Pointer",["Int",["A32"]]],["Pointer",["Int",["A32"]]],["Pointer",["Int",["A32"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A32"]]],["Pointer",["Unknown"]],["Pointer",["Int",["A64"]]],["Pointer",["Unknown"]]]]]]]}],"EverCrypt_Error_error_code":["LEnum"],"C_String_t_":["LBuiltin",["I32"],["A32"]],"C_String_t":["LBuiltin",["I32"],["A32"]],"C_Compat_String_t_":["LBuiltin",["I32"],["A32"]],"C_Compat_String_t":["LBuiltin",["I32"],["A32"]],"exit_code":["LBuiltin",["I32"],["A32"]],"clock_t":["LBuiltin",["I32"],["A32"]]}
\ No newline at end of file
+{"Spec_Hash_Definitions_hash_alg":["LEnum"],"Prims_string":["LBuiltin",["I32"],["A32"]],"Prims_int":["LBuiltin",["I32"],["A32"]],"K___uint32_t_uint32_t":["LFlat",{"size":8,"fields":[["fst",[0,["Int",["A32"]]]],["snd",[4,["Int",["A32"]]]]]}],"__bool_bool_bool_bool":["LFlat",{"size":4,"fields":[["fst",[0,["Int",["A8"]]]],["snd",[1,["Int",["A8"]]]],["thd",[2,["Int",["A8"]]]],["f3",[3,["Int",["A8"]]]]]}],"__bool_bool":["LFlat",{"size":2,"fields":[["fst",[0,["Int",["A8"]]]],["snd",[1,["Int",["A8"]]]]]}],"Hacl_Streaming_Types_error_code":["LEnum"],"Hacl_MAC_Poly1305_state_t":["LFlat",{"size":20,"fields":[["block_state",[0,["Pointer",["Int",["A64"]]]]],["buf",[4,["Pointer",["Int",["A8"]]]]],["total_len",[8,["Int",["A64"]]]],["p_key",[16,["Pointer",["Int",["A8"]]]]]]}],"Hacl_Streaming_MD_state_64":["LFlat",{"size":16,"fields":[["block_state",[0,["Pointer",["Int",["A64"]]]]],["buf",[4,["Pointer",["Int",["A8"]]]]],["total_len",[8,["Int",["A64"]]]]]}],"Hacl_Streaming_MD_state_32":["LFlat",{"size":16,"fields":[["block_state",[0,["Pointer",["Int",["A32"]]]]],["buf",[4,["Pointer",["Int",["A8"]]]]],["total_len",[8,["Int",["A64"]]]]]}],"Hacl_Hash_SHA3_state_t":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Hash_SHA3_hash_buf"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"hash_buf2":["LFlat",{"size":16,"fields":[["fst",[0,["Layout","Hacl_Hash_SHA3_hash_buf"]]],["snd",[8,["Layout","Hacl_Hash_SHA3_hash_buf"]]]]}],"Hacl_Hash_SHA3_hash_buf":["LFlat",{"size":8,"fields":[["fst",[0,["Int",["A32"]]]],["snd",[4,["Pointer",["Int",["A64"]]]]]]}],"Hacl_Hash_Blake2s_state_t":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Hash_Blake2s_block_state_t"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"Hacl_Hash_Blake2s_block_state_t":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Int",["A32"]]]]],["snd",[4,["Pointer",["Int",["A32"]]]]]]}],"Hacl_Hash_Blake2s_Simd128_state_t":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Hash_Blake2s_Simd128_block_state_t"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"Hacl_Hash_Blake2s_Simd128_block_state_t":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Unknown"]]]],["snd",[4,["Pointer",["Unknown"]]]]]}],"Hacl_Hash_Blake2b_state_t":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Hash_Blake2b_block_state_t"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"Hacl_Hash_Blake2b_block_state_t":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Int",["A64"]]]]],["snd",[4,["Pointer",["Int",["A64"]]]]]]}],"Hacl_Hash_Blake2b_Simd256_state_t":["LFlat",{"size":24,"fields":[["block_state",[0,["Layout","Hacl_Hash_Blake2b_Simd256_block_state_t"]]],["buf",[8,["Pointer",["Int",["A8"]]]]],["total_len",[16,["Int",["A64"]]]]]}],"Hacl_Hash_Blake2b_Simd256_block_state_t":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Unknown"]]]],["snd",[4,["Pointer",["Unknown"]]]]]}],"Hacl_Hash_SHA2_uint8_8p":["LFlat",{"size":56,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Hash_SHA2_uint8_7p"]]]]}],"Hacl_Hash_SHA2_uint8_7p":["LFlat",{"size":48,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Hash_SHA2_uint8_6p"]]]]}],"Hacl_Hash_SHA2_uint8_6p":["LFlat",{"size":40,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Hash_SHA2_uint8_5p"]]]]}],"Hacl_Hash_SHA2_uint8_5p":["LFlat",{"size":32,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Hash_SHA2_uint8_4p"]]]]}],"Hacl_Hash_SHA2_uint8_4p":["LFlat",{"size":24,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Hash_SHA2_uint8_3p"]]]]}],"Hacl_Hash_SHA2_uint8_3p":["LFlat",{"size":16,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[8,["Layout","Hacl_Hash_SHA2_uint8_2p"]]]]}],"Hacl_Hash_SHA2_uint8_2x8p":["LFlat",{"size":112,"fields":[["fst",[0,["Layout","Hacl_Hash_SHA2_uint8_8p"]]],["snd",[56,["Layout","Hacl_Hash_SHA2_uint8_8p"]]]]}],"Hacl_Hash_SHA2_uint8_2x4p":["LFlat",{"size":48,"fields":[["fst",[0,["Layout","Hacl_Hash_SHA2_uint8_4p"]]],["snd",[24,["Layout","Hacl_Hash_SHA2_uint8_4p"]]]]}],"Hacl_Hash_SHA2_uint8_2p":["LFlat",{"size":8,"fields":[["fst",[0,["Pointer",["Int",["A8"]]]]],["snd",[4,["Pointer",["Int",["A8"]]]]]]}],"Hacl_Impl_HPKE_context_s":["LFlat",{"size":16,"fields":[["ctx_key",[0,["Pointer",["Int",["A8"]]]]],["ctx_nonce",[4,["Pointer",["Int",["A8"]]]]],["ctx_seq",[8,["Pointer",["Int",["A64"]]]]],["ctx_exporter",[12,["Pointer",["Int",["A8"]]]]]]}],"Hacl_HMAC_DRBG_state":["LFlat",{"size":12,"fields":[["k",[0,["Pointer",["Int",["A8"]]]]],["v",[4,["Pointer",["Int",["A8"]]]]],["reseed_counter",[8,["Pointer",["Int",["A32"]]]]]]}],"Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64":["LFlat",{"size":20,"fields":[["len",[0,["Int",["A32"]]]],["n",[4,["Pointer",["Int",["A64"]]]]],["mu",[8,["Int",["A64"]]]],["r2",[16,["Pointer",["Int",["A64"]]]]]]}],"Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32":["LFlat",{"size":16,"fields":[["len",[0,["Int",["A32"]]]],["n",[4,["Pointer",["Int",["A32"]]]]],["mu",[8,["Int",["A32"]]]],["r2",[12,["Pointer",["Int",["A32"]]]]]]}],"FStar_UInt128_uint128":["LFlat",{"size":16,"fields":[["low",[0,["Int",["A64"]]]],["high",[8,["Int",["A64"]]]]]}],"EverCrypt_Hash_Incremental_state_t":["LFlat",{"size":16,"fields":[["block_state",[0,["Pointer",["Layout","EverCrypt_Hash_state_s"]]]],["buf",[4,["Pointer",["Int",["A8"]]]]],["total_len",[8,["Int",["A64"]]]]]}],"state_s_tags":["LEnum"],"EverCrypt_Hash_state_s":["LFlat",{"size":12,"fields":[["tag",[0,["Int",["A32"]]]],["val",[8,["Union",[["Pointer",["Int",["A32"]]],["Pointer",["Int",["A32"]]],["Pointer",["Int",["A32"]]],["Pointer",["Int",["A32"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A64"]]],["Pointer",["Int",["A32"]]],["Pointer",["Unknown"]],["Pointer",["Int",["A64"]]],["Pointer",["Unknown"]]]]]]]}],"EverCrypt_Error_error_code":["LEnum"],"C_String_t_":["LBuiltin",["I32"],["A32"]],"C_String_t":["LBuiltin",["I32"],["A32"]],"C_Compat_String_t_":["LBuiltin",["I32"],["A32"]],"C_Compat_String_t":["LBuiltin",["I32"],["A32"]],"exit_code":["LBuiltin",["I32"],["A32"]],"clock_t":["LBuiltin",["I32"],["A32"]]}
\ No newline at end of file
diff --git a/src/wasm/main.html b/src/wasm/main.html
index 76be617a..a4605811 100644
--- a/src/wasm/main.html
+++ b/src/wasm/main.html
@@ -8,7 +8,7 @@
     <script type="application/javascript" src="./test.js"></script>
 
     <script type="application/javascript">
-      var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Lib", "Hacl_Hash_Blake2", "Hacl_Hash_Blake2b_256", "Hacl_Hash_Blake2s_128", "Hacl_Hash_SHA3", "Hacl_Hash_Base", "Hacl_Hash_MD5", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_Poly1305_32", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HMAC", "Hacl_HKDF", "Hacl_Chacha20Poly1305_32", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_Streaming_Blake2b_256", "Hacl_Streaming_Blake2s_128", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HMAC_Blake2s_128", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_Streaming_Poly1305_32", "Hacl_HMAC_DRBG", "Hacl_Streaming_Blake2", "Hacl_Bignum64", "Hacl_HMAC_Blake2b_256", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"];
+      var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Lib", "Hacl_Hash_Blake2b", "Hacl_Hash_Blake2s", "Hacl_Hash_Blake2b_Simd256", "Hacl_Hash_Blake2s_Simd128", "Hacl_Hash_Base", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "Hacl_HMAC", "Hacl_HMAC_Blake2s_128", "Hacl_HMAC_Blake2b_256", "Hacl_Hash_SHA3", "Hacl_Hash_MD5", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Chacha20_Vec128_Hacl_Chacha20_Vec256", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_MAC_Poly1305", "Hacl_AEAD_Chacha20Poly1305", "Hacl_Poly1305_128_Hacl_Poly1305_256_Hacl_Impl_Poly1305", "Hacl_AEAD_Chacha20Poly1305_Simd128", "Hacl_AEAD_Chacha20Poly1305_Simd256", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HKDF", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_HMAC_DRBG", "Hacl_Bignum64", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"];
     </script>
     <script type="application/javascript" src="browser.js"></script>
     <script type="application/javascript" src="loader.js"></script>
diff --git a/src/wasm/shell.js b/src/wasm/shell.js
index 2b0217e7..cc877fd1 100644
--- a/src/wasm/shell.js
+++ b/src/wasm/shell.js
@@ -1,7 +1,7 @@
 
 // To be loaded by main.js
 var my_js_files = ["./test.js"];
-var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Lib", "Hacl_Hash_Blake2", "Hacl_Hash_Blake2b_256", "Hacl_Hash_Blake2s_128", "Hacl_Hash_SHA3", "Hacl_Hash_Base", "Hacl_Hash_MD5", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_Poly1305_32", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HMAC", "Hacl_HKDF", "Hacl_Chacha20Poly1305_32", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_Streaming_Blake2b_256", "Hacl_Streaming_Blake2s_128", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HMAC_Blake2s_128", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_Streaming_Poly1305_32", "Hacl_HMAC_DRBG", "Hacl_Streaming_Blake2", "Hacl_Bignum64", "Hacl_HMAC_Blake2b_256", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"];
+var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Lib", "Hacl_Hash_Blake2b", "Hacl_Hash_Blake2s", "Hacl_Hash_Blake2b_Simd256", "Hacl_Hash_Blake2s_Simd128", "Hacl_Hash_Base", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "Hacl_HMAC", "Hacl_HMAC_Blake2s_128", "Hacl_HMAC_Blake2b_256", "Hacl_Hash_SHA3", "Hacl_Hash_MD5", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Chacha20_Vec128_Hacl_Chacha20_Vec256", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_MAC_Poly1305", "Hacl_AEAD_Chacha20Poly1305", "Hacl_Poly1305_128_Hacl_Poly1305_256_Hacl_Impl_Poly1305", "Hacl_AEAD_Chacha20Poly1305_Simd128", "Hacl_AEAD_Chacha20Poly1305_Simd256", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HKDF", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_HMAC_DRBG", "Hacl_Bignum64", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"];
 var my_debug = false;
 
 if (typeof module !== "undefined")
diff --git a/tests/blake2b.cc b/tests/blake2b.cc
index 95559bb7..a58c5ba3 100644
--- a/tests/blake2b.cc
+++ b/tests/blake2b.cc
@@ -11,17 +11,15 @@
 
 #include "EverCrypt_Hash.h"
 // ANCHOR(example header)
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2b.h"
 // ANCHOR_END(example header)
-#include "Hacl_Streaming_Blake2.h"
 #include "config.h"
 #include "evercrypt.h"
 #include "hacl-cpu-features.h"
 #include "util.h"
 
 #ifdef HACL_CAN_COMPILE_VEC256
-#include "Hacl_Hash_Blake2b_256.h"
-#include "Hacl_Streaming_Blake2b_256.h"
+#include "Hacl_Hash_Blake2b_Simd256.h"
 #endif
 
 #define VALE                                                                   \
@@ -61,12 +59,10 @@ TEST(ApiTestSuite, ApiTest)
     uint32_t key_len = 0;
     uint8_t* key = 0;
 
-    Hacl_Blake2b_32_blake2b(HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX,
-                            output,
-                            message_len,
-                            (uint8_t*)message,
-                            key_len,
-                            key);
+    Hacl_Hash_Blake2b_hash_with_key(
+      output, HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX,
+      (uint8_t*)message, message_len,
+      key, key_len);
 
     print_hex_ln(HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX, output);
     // ANCHOR_END(example)
@@ -96,25 +92,22 @@ TEST(ApiTestSuite, ApiTest)
     uint8_t digest_2[HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX];
 
     // Init
-    Hacl_Streaming_Blake2_blake2b_32_state_s* state =
-      Hacl_Streaming_Blake2_blake2b_32_no_key_create_in();
-    Hacl_Streaming_Blake2_blake2b_32_no_key_init(state);
+    Hacl_Hash_Blake2b_state_t* state = Hacl_Hash_Blake2b_malloc();
+    Hacl_Hash_Blake2b_reset(state);
 
     // 1/2 Include `Hello, ` into the hash calculation and
     // obtain the intermediate hash of "Hello, ".
-    Hacl_Streaming_Blake2_blake2b_32_no_key_update(
-      state, (uint8_t*)chunk_1, chunk_1_size);
+    Hacl_Hash_Blake2b_update(state, (uint8_t*)chunk_1, chunk_1_size);
     // This is optional when no intermediate results are required.
-    Hacl_Streaming_Blake2_blake2b_32_no_key_finish(state, digest_1);
+    Hacl_Hash_Blake2b_digest(state, digest_1);
 
     // 2/2 Include `World!` into the hash calculation and
     // obtain the final hash of "Hello, World!".
-    Hacl_Streaming_Blake2_blake2b_32_no_key_update(
-      state, (uint8_t*)chunk_2, chunk_2_size);
-    Hacl_Streaming_Blake2_blake2b_32_no_key_finish(state, digest_2);
+    Hacl_Hash_Blake2b_update(state, (uint8_t*)chunk_2, chunk_2_size);
+    Hacl_Hash_Blake2b_digest(state, digest_2);
 
     // Cleanup
-    Hacl_Streaming_Blake2_blake2b_32_no_key_free(state);
+    Hacl_Hash_Blake2b_free(state);
 
     print_hex_ln(HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX, digest_1);
     print_hex_ln(HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX, digest_2);
@@ -233,12 +226,9 @@ TEST_P(Blake2b, KAT)
   {
     bytes got_digest(test.out_len);
 
-    Hacl_Blake2b_32_blake2b(test.out_len,
-                            got_digest.data(),
-                            test.input.size(),
-                            test.input.data(),
-                            test.key.size(),
-                            test.key.data());
+    Hacl_Hash_Blake2b_hash_with_key(
+      got_digest.data(), test.out_len, test.input.data(), test.input.size(),
+      test.key.data(), test.key.size());
 
     bool outcome =
       compare_and_print(test.out_len, got_digest.data(), test.digest.data());
@@ -266,19 +256,17 @@ TEST_P(Blake2bStreaming, KAT)
     bytes got_digest(64);
 
     // Init
-    Hacl_Streaming_Blake2_blake2b_32_state_s* state =
-      Hacl_Streaming_Blake2_blake2b_32_no_key_create_in();
-    Hacl_Streaming_Blake2_blake2b_32_no_key_init(state);
+    Hacl_Hash_Blake2b_state_t* state = Hacl_Hash_Blake2b_malloc();
+    Hacl_Hash_Blake2b_reset(state);
 
     // Update
     for (auto chunk : split_by_index_list(test_case.input, lengths)) {
-      Hacl_Streaming_Blake2_blake2b_32_no_key_update(
-        state, chunk.data(), chunk.size());
+      Hacl_Hash_Blake2b_update(state, chunk.data(), chunk.size());
     }
 
     // Finish
-    Hacl_Streaming_Blake2_blake2b_32_no_key_finish(state, got_digest.data());
-    Hacl_Streaming_Blake2_blake2b_32_no_key_free(state);
+    Hacl_Hash_Blake2b_digest(state, got_digest.data());
+    Hacl_Hash_Blake2b_free(state);
 
     EXPECT_EQ(test_case.digest, got_digest);
   }
@@ -291,18 +279,17 @@ TEST_P(Blake2bStreaming, KAT)
       bytes got_hash(64);
 
       // Init
-      Hacl_Streaming_Blake2b_256_blake2b_256_state* state =
-        Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in();
-      Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(state);
+      Hacl_Hash_Blake2b_Simd256_state_t* state =
+        Hacl_Hash_Blake2b_Simd256_malloc();
+      Hacl_Hash_Blake2b_Simd256_reset(state);
 
       // Update
-      Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update(
+      Hacl_Hash_Blake2b_Simd256_update(
         state, test_case.input.data(), test_case.input.size());
 
       // Finish
-      Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish(state,
-                                                           got_hash.data());
-      Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free(state);
+      Hacl_Hash_Blake2b_Simd256_digest(state, got_hash.data());
+      Hacl_Hash_Blake2b_Simd256_free(state);
 
       EXPECT_EQ(test_case.digest, got_hash);
     } else {
@@ -344,16 +331,16 @@ TEST_P(EverCryptSuiteTestCase, HashTest)
   {
     bytes got_digest(test.digest.size(), 0);
 
-    EverCrypt_Hash_Incremental_hash_state* state =
-      EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_Blake2B);
+    EverCrypt_Hash_Incremental_state_t* state =
+      EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_Blake2B);
 
-    EverCrypt_Hash_Incremental_init(state);
+    EverCrypt_Hash_Incremental_reset(state);
 
     for (auto chunk : split_by_index_list(test.input, lengths)) {
       EverCrypt_Hash_Incremental_update(state, chunk.data(), chunk.size());
     }
 
-    EverCrypt_Hash_Incremental_finish(state, got_digest.data());
+    EverCrypt_Hash_Incremental_digest(state, got_digest.data());
     EverCrypt_Hash_Incremental_free(state);
 
     EXPECT_EQ(test.digest, got_digest);
diff --git a/tests/blake2s.cc b/tests/blake2s.cc
index 2b8b142f..903d2378 100644
--- a/tests/blake2s.cc
+++ b/tests/blake2s.cc
@@ -12,16 +12,14 @@
 
 #include "EverCrypt_Hash.h"
 // ANCHOR(example header)
-#include "Hacl_Hash_Blake2.h"
+#include "Hacl_Hash_Blake2s.h"
 // ANCHOR_END(example header)
-#include "Hacl_Streaming_Blake2.h"
 #include "evercrypt.h"
 #include "hacl-cpu-features.h"
 #include "util.h"
 
 #ifdef HACL_CAN_COMPILE_VEC128
-#include "Hacl_Hash_Blake2s_128.h"
-#include "Hacl_Streaming_Blake2s_128.h"
+#include "Hacl_Hash_Blake2s_Simd128.h"
 #endif
 
 // ANCHOR(example define)
@@ -73,12 +71,10 @@ TEST(ApiTestSuite, ApiTest)
     uint32_t key_len = 0;
     uint8_t* key = 0;
 
-    Hacl_Blake2s_32_blake2s(HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX,
-                            output,
-                            message_len,
-                            (uint8_t*)message,
-                            key_len,
-                            key);
+    Hacl_Hash_Blake2s_hash_with_key(
+      output, HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX,
+      (uint8_t*)message, message_len,
+      key, key_len);
 
     print_hex_ln(HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX, output);
     // ANCHOR_END(example)
@@ -107,25 +103,22 @@ TEST(ApiTestSuite, ApiTest)
     uint8_t digest_2[HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX];
 
     // Init
-    Hacl_Streaming_Blake2_blake2s_32_state_s* state =
-      Hacl_Streaming_Blake2_blake2s_32_no_key_create_in();
-    Hacl_Streaming_Blake2_blake2s_32_no_key_init(state);
+    Hacl_Hash_Blake2s_state_t* state = Hacl_Hash_Blake2s_malloc();
+    Hacl_Hash_Blake2s_reset(state);
 
     // 1/2 Include `Hello, ` into the hash calculation and
     // obtain the intermediate hash of "Hello, ".
-    Hacl_Streaming_Blake2_blake2s_32_no_key_update(
-      state, (uint8_t*)chunk_1, chunk_1_size);
+    Hacl_Hash_Blake2s_update(state, (uint8_t*)chunk_1, chunk_1_size);
     // This is optional when no intermediate results are required.
-    Hacl_Streaming_Blake2_blake2s_32_no_key_finish(state, digest_1);
+    Hacl_Hash_Blake2s_digest(state, digest_1);
 
     // 2/2 Include `World!` into the hash calculation and
     // obtain the final hash of "Hello, World!".
-    Hacl_Streaming_Blake2_blake2s_32_no_key_update(
-      state, (uint8_t*)chunk_2, chunk_2_size);
-    Hacl_Streaming_Blake2_blake2s_32_no_key_finish(state, digest_2);
+    Hacl_Hash_Blake2s_update(state, (uint8_t*)chunk_2, chunk_2_size);
+    Hacl_Hash_Blake2s_digest(state, digest_2);
 
     // Cleanup
-    Hacl_Streaming_Blake2_blake2s_32_no_key_free(state);
+    Hacl_Hash_Blake2s_free(state);
 
     print_hex_ln(HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX, digest_1);
     print_hex_ln(HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX, digest_2);
@@ -161,12 +154,9 @@ TEST_P(Blake2s, TryKAT)
   {
     bytes got_digest(test.out_len);
 
-    Hacl_Blake2s_32_blake2s(test.out_len,
-                            got_digest.data(),
-                            test.input.size(),
-                            test.input.data(),
-                            test.key.size(),
-                            test.key.data());
+    Hacl_Hash_Blake2s_hash_with_key(
+      got_digest.data(), test.out_len, test.input.data(), test.input.size(),
+      test.key.data(), test.key.size());
 
     bool outcome = false;
     outcome =
@@ -181,19 +171,17 @@ TEST_P(Blake2s, TryKAT)
 
     if (test.key.size() == 0) {
       // Init
-      Hacl_Streaming_Blake2_blake2s_32_state* state =
-        Hacl_Streaming_Blake2_blake2s_32_no_key_create_in();
-      Hacl_Streaming_Blake2_blake2s_32_no_key_init(state);
+      Hacl_Hash_Blake2s_state_t* state = Hacl_Hash_Blake2s_malloc();
+      Hacl_Hash_Blake2s_reset(state);
 
       // Update
       for (auto chunk : split_by_index_list(test.input, lengths)) {
-        Hacl_Streaming_Blake2_blake2s_32_no_key_update(
-          state, chunk.data(), chunk.size());
+        Hacl_Hash_Blake2s_update(state, chunk.data(), chunk.size());
       }
 
       // Finish
-      Hacl_Streaming_Blake2_blake2s_32_no_key_finish(state, got_digest.data());
-      Hacl_Streaming_Blake2_blake2s_32_no_key_free(state);
+      Hacl_Hash_Blake2s_digest(state, got_digest.data());
+      Hacl_Hash_Blake2s_free(state);
 
       bool outcome = compare_and_print(
         test.digest.size(), got_digest.data(), test.digest.data());
@@ -210,23 +198,21 @@ TEST_P(Blake2s, TryKAT)
       // TODO: Enable this. See
       // https://github.com/project-everest/hacl-star/issues/586
       //
-      //    Hacl_Blake2s_128_blake2s(expected_len, got_digest.data(), input_len,
-      //    input, key_len, key); outcome = outcome &&
+      //    Hacl_Hash_Blake2s_Simd128_hash(got_digest.data(), expected_len, input,
+      //    input_len, key, key_len); outcome = outcome &&
       //    compare_and_print(expected_len, got_digest.data(), expected);
       //
       //    // Streaming variant.
       //    if (key_len == 0) {
       //      // Init
-      //      Hacl_Streaming_Blake2s_128_blake2s_128_state_s* state =
-      //        Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in();
+      //      Hacl_Hash_Blake2s_Simd128_state_t* state =
+      //        Hacl_Hash_Blake2s_Simd128_malloc();
       //
       //      // Update
-      //      Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update(state, input,
-      //      input_len);
+      //      Hacl_Hash_Blake2s_Simd128_update(state, input, input_len);
       //
       //      // Finish
-      //      Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish(state,
-      //      got_digest.data());
+      //      Hacl_Hash_Blake2s_Simd128_digest(state, got_digest.data());
       //
       //      outcome = outcome && compare_and_print(expected_len,
       //      got_digest.data(), expected);
@@ -326,14 +312,14 @@ TEST_P(EverCryptSuiteTestCase, HashTest)
   {
     bytes got_digest(test.digest.size(), 0);
 
-    EverCrypt_Hash_Incremental_hash_state* state =
-      EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_Blake2S);
+    EverCrypt_Hash_Incremental_state_t* state =
+      EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_Blake2S);
 
-    EverCrypt_Hash_Incremental_init(state);
+    EverCrypt_Hash_Incremental_reset(state);
     for (auto chunk : split_by_index_list(test.input, lengths)) {
       EverCrypt_Hash_Incremental_update(state, chunk.data(), chunk.size());
     }
-    EverCrypt_Hash_Incremental_finish(state, got_digest.data());
+    EverCrypt_Hash_Incremental_digest(state, got_digest.data());
     EverCrypt_Hash_Incremental_free(state);
 
     EXPECT_EQ(test.digest, got_digest);
diff --git a/tests/chacha20poly1305.cc b/tests/chacha20poly1305.cc
index fe2e6970..aa07c88e 100644
--- a/tests/chacha20poly1305.cc
+++ b/tests/chacha20poly1305.cc
@@ -8,7 +8,7 @@
 
 #include <gtest/gtest.h>
 
-#include "Hacl_Chacha20Poly1305_32.h"
+#include "Hacl_AEAD_Chacha20Poly1305.h"
 #include "Hacl_Chacha20_Vec32.h"
 #include "chacha20poly1305_vectors.h"
 #include "hacl-cpu-features.h"
@@ -16,11 +16,11 @@
 #include "wycheproof.h"
 
 #ifdef HACL_CAN_COMPILE_VEC128
-#include "Hacl_Chacha20Poly1305_128.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
 #endif
 
 #ifdef HACL_CAN_COMPILE_VEC256
-#include "Hacl_Chacha20Poly1305_256.h"
+#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
 #endif
 
 #define VALE                                                                   \
@@ -34,10 +34,10 @@
 // Function pointer to multiplex between the different implementations.
 typedef void (*test_encrypt)(uint8_t*,
                              uint8_t*,
-                             uint32_t,
                              uint8_t*,
                              uint32_t,
                              uint8_t*,
+                             uint32_t,
                              uint8_t*,
                              uint8_t*);
 
@@ -68,12 +68,12 @@ print_test(test_encrypt aead_encrypt,
   memset(ciphertext, 0, in_len * sizeof ciphertext[0]);
   uint8_t mac[16] = { 0 };
 
-  (*aead_encrypt)(key, nonce, aad_len, aad, in_len, in, ciphertext, mac);
+  (*aead_encrypt)(ciphertext, mac, in, in_len, aad, aad_len, key, nonce);
   bool ok = compare_and_print(in_len, ciphertext, exp_cipher);
   ok = ok && compare_and_print(16, mac, exp_mac);
 
   int res = (*aead_decrypt)(
-    key, nonce, aad_len, aad, in_len, plaintext, exp_cipher, exp_mac);
+    plaintext, exp_cipher, in_len, aad, aad_len, key, nonce, exp_mac);
   ok = ok && (res == 0);
   ok = ok && compare_and_print(in_len, plaintext, in);
 
@@ -125,22 +125,16 @@ TEST(ApiSuite, ApiTest)
     uint8_t mac[HACL_AEAD_CHACHA20_POLY1305_MAC_LEN];
 
     // Encryption.
-    Hacl_Chacha20Poly1305_32_aead_encrypt(
-      key, nonce, aad_len, (uint8_t*)aad, msg_len, (uint8_t*)msg, cipher, mac);
+    Hacl_AEAD_Chacha20Poly1305_encrypt(
+      cipher, mac, (uint8_t*)msg, msg_len, (uint8_t*)aad, aad_len, key, nonce);
 
     // Decryption.
     // Allocate the same amount of memory for the recovered message as for the
     // ciphertext.
     uint8_t* recovered = (uint8_t*)malloc(msg_len);
 
-    uint32_t res = Hacl_Chacha20Poly1305_32_aead_decrypt(key,
-                                                         nonce,
-                                                         aad_len,
-                                                         (uint8_t*)aad,
-                                                         msg_len,
-                                                         (uint8_t*)recovered,
-                                                         cipher,
-                                                         mac);
+    uint32_t res = Hacl_AEAD_Chacha20Poly1305_decrypt(
+      (uint8_t*)recovered, cipher, msg_len, (uint8_t*)aad, aad_len, key, nonce, mac);
 
     if (res == 0) {
       printf("Decryption successful.");
@@ -164,8 +158,8 @@ TEST_P(Chacha20Poly1305Testing, TryTestVectors)
   hacl_init_cpu_features();
 
   const chacha20poly1305_test_vector& vectors(GetParam());
-  bool test = print_test(&Hacl_Chacha20Poly1305_32_aead_encrypt,
-                         &Hacl_Chacha20Poly1305_32_aead_decrypt,
+  bool test = print_test(&Hacl_AEAD_Chacha20Poly1305_encrypt,
+                         &Hacl_AEAD_Chacha20Poly1305_decrypt,
                          vectors.input_len,
                          vectors.input,
                          &vectors.key[0],
@@ -180,8 +174,8 @@ TEST_P(Chacha20Poly1305Testing, TryTestVectors)
   // We might have compiled vec128 chachapoly but don't have it available on the
   // CPU when running now.
   if (hacl_vec128_support()) {
-    test = print_test(&Hacl_Chacha20Poly1305_128_aead_encrypt,
-                      &Hacl_Chacha20Poly1305_128_aead_decrypt,
+    test = print_test(&Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt,
+                      &Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt,
                       vectors.input_len,
                       vectors.input,
                       &vectors.key[0],
@@ -200,8 +194,8 @@ TEST_P(Chacha20Poly1305Testing, TryTestVectors)
   // We might have compiled vec256 chachapoly but don't have it available on the
   // CPU when running now.
   if (hacl_vec256_support()) {
-    test = print_test(&Hacl_Chacha20Poly1305_256_aead_encrypt,
-                      &Hacl_Chacha20Poly1305_256_aead_decrypt,
+    test = print_test(&Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt,
+                      &Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt,
                       vectors.input_len,
                       vectors.input,
                       &vectors.key[0],
@@ -247,15 +241,15 @@ TEST_P(Chacha20Poly1305Wycheproof, TryWycheproof)
   uint8_t* ct = const_cast<uint8_t*>(test_case.ct.data());
 
   // Check that encryption yields the expected cipher text.
-  Hacl_Chacha20Poly1305_32_aead_encrypt(
-    key, iv, test_case.aad.size(), aad, msg_size, msg, ciphertext.data(), mac);
+  Hacl_AEAD_Chacha20Poly1305_encrypt(
+    ciphertext.data(), mac, msg, msg_size, aad, test_case.aad.size(), key, iv);
   if (test_case.valid) {
     EXPECT_EQ(ciphertext, test_case.ct);
     EXPECT_EQ(std::vector<uint8_t>(mac, mac + 16), test_case.tag);
   }
 
-  int res = Hacl_Chacha20Poly1305_32_aead_decrypt(
-    key, iv, test_case.aad.size(), aad, msg_size, plaintext.data(), ct, tag);
+  int res = Hacl_AEAD_Chacha20Poly1305_decrypt(
+    plaintext.data(), ct, msg_size, aad, test_case.aad.size(), key, iv, tag); 
   EXPECT_EQ(res, test_case.valid ? 0 : 1);
 
   {
@@ -278,21 +272,15 @@ TEST_P(Chacha20Poly1305Wycheproof, TryWycheproof)
   // CPU when running now.
   if (hacl_vec128_support()) {
     // Check that encryption yields the expected cipher text.
-    Hacl_Chacha20Poly1305_128_aead_encrypt(key,
-                                           iv,
-                                           test_case.aad.size(),
-                                           aad,
-                                           msg_size,
-                                           msg,
-                                           ciphertext.data(),
-                                           mac);
+    Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(
+    ciphertext.data(), mac, msg, msg_size, aad, test_case.aad.size(), key, iv);
     if (test_case.valid) {
       EXPECT_EQ(ciphertext, test_case.ct);
       EXPECT_EQ(std::vector<uint8_t>(mac, mac + 16), test_case.tag);
     }
 
-    res = Hacl_Chacha20Poly1305_128_aead_decrypt(
-      key, iv, test_case.aad.size(), aad, msg_size, plaintext.data(), ct, tag);
+    res = Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(
+      plaintext.data(), ct, msg_size, aad, test_case.aad.size(), key, iv, tag); 
     EXPECT_EQ(res, test_case.valid ? 0 : 1);
   } else {
     printf(" ! Vec128 was compiled but it is not available on this CPU.\n");
@@ -305,21 +293,15 @@ TEST_P(Chacha20Poly1305Wycheproof, TryWycheproof)
   // CPU when running now.
   if (hacl_vec256_support()) {
     // Check that encryption yields the expected cipher text.
-    Hacl_Chacha20Poly1305_256_aead_encrypt(key,
-                                           iv,
-                                           test_case.aad.size(),
-                                           aad,
-                                           msg_size,
-                                           msg,
-                                           ciphertext.data(),
-                                           mac);
+    Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(
+      ciphertext.data(), mac, msg, msg_size, aad, test_case.aad.size(), key, iv);
     if (test_case.valid) {
       EXPECT_EQ(ciphertext, test_case.ct);
       EXPECT_EQ(std::vector<uint8_t>(mac, mac + 16), test_case.tag);
     }
 
-    res = Hacl_Chacha20Poly1305_256_aead_decrypt(
-      key, iv, test_case.aad.size(), aad, msg_size, plaintext.data(), ct, tag);
+    res = Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(
+      plaintext.data(), ct, msg_size, aad, test_case.aad.size(), key, iv, tag); 
     EXPECT_EQ(res, test_case.valid ? 0 : 1);
   } else {
     printf(" ! Vec256 was compiled but it is not available on this CPU.\n");
diff --git a/tests/hmac.cc b/tests/hmac.cc
index 942aa296..77c86ebd 100644
--- a/tests/hmac.cc
+++ b/tests/hmac.cc
@@ -155,7 +155,7 @@ TEST_P(HmacKAT, TryKAT)
 
   bytes tag(test_case.full_size, 0);
   if (test_case.full_size == 20) {
-    Hacl_HMAC_legacy_compute_sha1(
+    Hacl_HMAC_compute_sha1(
       tag.data(), key, test_case.key.size(), msg, test_case.msg.size());
   } else if (test_case.full_size == 28) {
     std::cout << "Skipping \"full_size=" << test_case.full_size << "\""
diff --git a/tests/k256_ecdsa.cc b/tests/k256_ecdsa.cc
index b3bf7aaf..d6643b2c 100644
--- a/tests/k256_ecdsa.cc
+++ b/tests/k256_ecdsa.cc
@@ -178,7 +178,7 @@ TEST_P(P256EcdsaWycheproof, TryWycheproof)
 
     // TODO: Only testing non low-S normalized here for now.
     uint8_t digest[32] = { 0 };
-    Hacl_Streaming_SHA2_hash_256(msg, test_case.msg.size(), &digest[0]);
+    Hacl_Hash_SHA2_hash_256(&digest[0], msg, test_case.msg.size());
     EXPECT_EQ(test_case.valid,
               Hacl_K256_ECDSA_ecdsa_verify_hashed_msg(
                 &digest[0], plain_public_key, rs.data()));
diff --git a/tests/md5.cc b/tests/md5.cc
index 827152e9..b212a4b7 100644
--- a/tests/md5.cc
+++ b/tests/md5.cc
@@ -33,8 +33,7 @@ TEST_P(Md5Suite, TestCase)
   auto test = GetParam();
 
   bytes got_hash = std::vector<uint8_t>(16);
-  Hacl_Streaming_MD5_legacy_hash(
-    test.message.data(), test.message.size(), got_hash.data());
+  Hacl_Hash_MD5_hash(got_hash.data(), test.message.data(), test.message.size());
 
   EXPECT_EQ(got_hash, test.hash);
 }
@@ -63,12 +62,12 @@ TEST_P(EverCryptSuiteTestCase, HashTest)
   {
     bytes got_digest(Hacl_Hash_Definitions_hash_len(Spec_Hash_Definitions_MD5));
 
-    EverCrypt_Hash_Incremental_hash_state* state =
-      EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_MD5);
-    EverCrypt_Hash_Incremental_init(state);
+    EverCrypt_Hash_Incremental_state_t* state =
+      EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_MD5);
+    EverCrypt_Hash_Incremental_reset(state);
     EverCrypt_Hash_Incremental_update(
       state, test.message.data(), test.message.size());
-    EverCrypt_Hash_Incremental_finish(state, got_digest.data());
+    EverCrypt_Hash_Incremental_digest(state, got_digest.data());
     EverCrypt_Hash_Incremental_free(state);
 
     ASSERT_EQ(test.hash, got_digest);
diff --git a/tests/poly1305.cc b/tests/poly1305.cc
index d12f0216..5b1f0bde 100644
--- a/tests/poly1305.cc
+++ b/tests/poly1305.cc
@@ -11,19 +11,16 @@
 #include <nlohmann/json.hpp>
 
 #include "EverCrypt_Poly1305.h"
-#include "Hacl_Poly1305_32.h"
-#include "Hacl_Streaming_Poly1305_32.h"
+#include "Hacl_MAC_Poly1305.h"
 #include "hacl-cpu-features.h"
 #include "util.h"
 
 #ifdef HACL_CAN_COMPILE_VEC128
-#include "Hacl_Poly1305_128.h"
-#include "Hacl_Streaming_Poly1305_128.h"
+#include "Hacl_MAC_Poly1305_Simd128.h"
 #endif
 
 #ifdef HACL_CAN_COMPILE_VEC256
-#include "Hacl_Poly1305_256.h"
-#include "Hacl_Streaming_Poly1305_256.h"
+#include "Hacl_MAC_Poly1305_Simd256.h"
 #endif
 
 using json = nlohmann::json;
@@ -62,16 +59,15 @@ poly1305_mac(bytes key, bytes text, bytes& tag)
 
   // This works everywhere. Let's use it as a base for comparisons.
   bytes base_tag = vector<uint8_t>(POLY1305_TAG_SIZE);
-  Hacl_Poly1305_32_poly1305_mac(
-    base_tag.data(), text.size(), text.data(), key.data());
+  Hacl_MAC_Poly1305_mac(base_tag.data(), text.data(), text.size(), key.data());
 
 #ifdef HACL_CAN_COMPILE_VEC128
   if (hacl_vec128_support()) {
     cout << "Poly1305.Mac (VEC128)" << endl;
 
     bytes tag = vector<uint8_t>(POLY1305_TAG_SIZE);
-    Hacl_Poly1305_128_poly1305_mac(
-      tag.data(), text.size(), text.data(), key.data());
+    Hacl_MAC_Poly1305_Simd128_mac(
+      tag.data(), text.data(), text.size(), key.data());
 
     EXPECT_EQ(base_tag, tag)
       << "Detected difference between base and _128 version";
@@ -85,8 +81,8 @@ poly1305_mac(bytes key, bytes text, bytes& tag)
     cout << "Poly1305.Mac (VEC256)" << endl;
 
     bytes tag = vector<uint8_t>(POLY1305_TAG_SIZE);
-    Hacl_Poly1305_256_poly1305_mac(
-      tag.data(), text.size(), text.data(), key.data());
+    Hacl_MAC_Poly1305_Simd256_mac(
+      tag.data(), text.data(), text.size(), key.data());
 
     EXPECT_EQ(base_tag, tag)
       << "Detected difference between base and _256 version";
@@ -103,7 +99,7 @@ poly1305_mac(bytes key, bytes text, bytes& tag)
 
     bytes tag = bytes(POLY1305_TAG_SIZE);
 
-    EverCrypt_Poly1305_poly1305(
+    EverCrypt_Poly1305_mac(
       tag.data(), text.data(), text.size(), key.data());
 
     EXPECT_EQ(base_tag, tag)
@@ -119,87 +115,46 @@ poly1305_mac_streaming(bytes key,
                        vector<size_t> lengths,
                        bytes expected_tag)
 {
-  cout << "Poly1305.Mac (Streaming, Variant 1)" << endl;
-  {
-    bytes got_tag = vector<uint8_t>(POLY1305_TAG_SIZE);
-
-    // Init
-    vector<uint64_t> ctx(32);
-    Hacl_Poly1305_32_poly1305_init(ctx.data(), key.data());
-
-    // Update
-    // Note: This doesn't work with arbitrary chunks.
-    for (auto chunk : chunk(text, 16)) {
-      Hacl_Poly1305_32_poly1305_update(ctx.data(), chunk.size(), chunk.data());
-    }
-
-    // Finish
-    Hacl_Poly1305_32_poly1305_finish(got_tag.data(), key.data(), ctx.data());
-
-    ASSERT_EQ(expected_tag, got_tag);
-  }
-
-  cout << "Poly1305.Mac (Streaming, Variant 2)" << endl;
+  cout << "Poly1305.Mac (Streaming)" << endl;
   {
     bytes got_tag = vector<uint8_t>(POLY1305_TAG_SIZE);
 
     // Init
     uint8_t raw_state[32];
-    Hacl_Streaming_Poly1305_32_poly1305_32_state_s* state =
-      Hacl_Streaming_Poly1305_32_create_in(raw_state);
-    Hacl_Streaming_Poly1305_32_init(key.data(), state);
+    Hacl_MAC_Poly1305_state_t* state = Hacl_MAC_Poly1305_malloc(raw_state);
+    Hacl_MAC_Poly1305_reset(state, key.data());
 
     // Update
     for (auto chunk : split_by_index_list(text, lengths)) {
-      Hacl_Streaming_Poly1305_32_update(state, chunk.data(), chunk.size());
+      Hacl_MAC_Poly1305_update(state, chunk.data(), chunk.size());
     }
 
     // Finish
-    Hacl_Streaming_Poly1305_32_finish(state, got_tag.data());
-    Hacl_Streaming_Poly1305_32_free(state);
+    Hacl_MAC_Poly1305_digest(state, got_tag.data());
+    Hacl_MAC_Poly1305_free(state);
 
     ASSERT_EQ(expected_tag, got_tag);
   }
 
 #ifdef HACL_CAN_COMPILE_VEC128
   if (hacl_vec128_support()) {
-    cout << "Poly1305.Mac (VEC128, Streaming, Variant 1)" << endl;
-    {
-      bytes got_tag = vector<uint8_t>(POLY1305_TAG_SIZE);
-
-      // Init
-      Lib_IntVector_Intrinsics_vec128 ctx[32];
-      Hacl_Poly1305_128_poly1305_init(ctx, key.data());
-
-      // Update
-      // Note: This doesn't work with arbitrary chunks.
-      for (auto chunk : chunk(text, 16)) {
-        Hacl_Poly1305_128_poly1305_update(ctx, chunk.size(), chunk.data());
-      }
-
-      // Finish
-      Hacl_Poly1305_128_poly1305_finish(got_tag.data(), key.data(), ctx);
-
-      ASSERT_EQ(expected_tag, got_tag);
-    }
-
-    cout << "Poly1305.Mac (VEC128, Streaming, Variant 2)" << endl;
+    cout << "Poly1305.Mac (VEC128, Streaming)" << endl;
     {
       bytes got_tag = vector<uint8_t>(POLY1305_TAG_SIZE);
 
       // Init
-      Hacl_Streaming_Poly1305_128_poly1305_128_state* state =
-        Hacl_Streaming_Poly1305_128_create_in(key.data());
-      Hacl_Streaming_Poly1305_128_init(key.data(), state);
+      Hacl_MAC_Poly1305_Simd128_state_t* state =
+        Hacl_MAC_Poly1305_Simd128_malloc(key.data());
+      Hacl_MAC_Poly1305_Simd128_reset(state, key.data());
 
       // Update
       for (auto chunk : split_by_index_list(text, lengths)) {
-        Hacl_Streaming_Poly1305_128_update(state, chunk.data(), chunk.size());
+        Hacl_MAC_Poly1305_Simd128_update(state, chunk.data(), chunk.size());
       }
 
       // Finish
-      Hacl_Streaming_Poly1305_128_finish(state, got_tag.data());
-      Hacl_Streaming_Poly1305_128_free(state);
+      Hacl_MAC_Poly1305_Simd128_digest(state, got_tag.data());
+      Hacl_MAC_Poly1305_Simd128_free(state);
 
       ASSERT_EQ(expected_tag, got_tag);
     }
@@ -210,49 +165,25 @@ poly1305_mac_streaming(bytes key,
 
 #ifdef HACL_CAN_COMPILE_VEC256
   if (hacl_vec256_support()) {
-    cout << "Poly1305.Mac (VEC256, Streaming, Variant 1)" << endl;
+    cout << "Poly1305.Mac (VEC256, Streaming)" << endl;
     {
-      bytes got_tag = vector<uint8_t>(POLY1305_TAG_SIZE);
-
+      bytes tag = vector<uint8_t>(POLY1305_TAG_SIZE);
+      
       // Init
-      Lib_IntVector_Intrinsics_vec256 ctx[32];
-      Hacl_Poly1305_256_poly1305_init(ctx, key.data());
-
+      Hacl_MAC_Poly1305_Simd256_state_t* state =
+        Hacl_MAC_Poly1305_Simd256_malloc(key.data());
+      
       // Update
-      // Note: This doesn't work with arbitrary chunks.
-      for (auto chunk : chunk(text, 16)) {
-        Hacl_Poly1305_256_poly1305_update(ctx, chunk.size(), chunk.data());
+      for (auto chunk : split_by_index_list(text, lengths)) {
+        Hacl_MAC_Poly1305_Simd256_update(state, chunk.data(), chunk.size());
       }
-
+      
       // Finish
-      Hacl_Poly1305_256_poly1305_finish(got_tag.data(), key.data(), ctx);
-
-      ASSERT_EQ(expected_tag, got_tag);
-    }
-
-    cout << "Poly1305.Mac (VEC256, Streaming, Variant 2)" << endl;
-    {
-      // TODO: This doesn't work currently.
-      //       See https://github.com/project-everest/hacl-star/issues/586
-
-      //      bytes tag = vector<uint8_t>(POLY1305_TAG_SIZE);
-      //
-      //      // Init
-      //      Hacl_Streaming_Poly1305_256_poly1305_256_state* state =
-      //        Hacl_Streaming_Poly1305_256_create_in(key.data());
-      //
-      //      // Update
-      //      for (auto chunk : chunks) {
-      //        Hacl_Streaming_Poly1305_256_update(state, chunk.data(),
-      //        chunk.size());
-      //      }
-      //
-      //      // Finish
-      //      Hacl_Streaming_Poly1305_256_finish(state, tag.data());
-      //      Hacl_Streaming_Poly1305_256_free(state);
-      //
-      //      EXPECT_EQ(base_tag, tag)
-      //        << "Detected difference between _32 and _128 version";
+      Hacl_MAC_Poly1305_Simd256_digest(state, tag.data());
+      Hacl_MAC_Poly1305_Simd256_free(state);
+      
+      EXPECT_EQ(expected_tag, tag)
+        << "Detected difference between _32 and _128 version";
     }
   } else {
     cout << "No support for VEC256 on this CPU." << endl;
diff --git a/tests/sha1.cc b/tests/sha1.cc
index b0c13a3e..b253d7e9 100644
--- a/tests/sha1.cc
+++ b/tests/sha1.cc
@@ -76,7 +76,7 @@ TEST(ApiSuite, ApiTest)
 
     uint8_t digest[HACL_HASH_SHA1_DIGEST_LENGTH];
 
-    Hacl_Streaming_SHA1_legacy_hash((uint8_t*)message, message_size, digest);
+    Hacl_Hash_SHA1_hash(digest, (uint8_t*)message, message_size);
     // END OneShot
 
     bytes expected_digest =
@@ -94,7 +94,7 @@ TEST(ApiSuite, ApiTest)
     // ANCHOR(streaming)
     // This example shows how to hash the byte sequence "Hello, World!" in two
     // chunks. As a bonus, it also shows how to obtain intermediate results by
-    // calling `finish` more than once.
+    // calling `digest` more than once.
 
     const char* chunk_1 = "Hello, ";
     const char* chunk_2 = "World!";
@@ -105,22 +105,22 @@ TEST(ApiSuite, ApiTest)
     uint8_t digest_2[HACL_HASH_SHA1_DIGEST_LENGTH];
 
     // Init
-    Hacl_Streaming_SHA1_state* state = Hacl_Streaming_SHA1_legacy_create_in();
-    Hacl_Streaming_SHA1_legacy_init(state);
+    Hacl_Hash_SHA1_state_t* state = Hacl_Hash_SHA1_malloc();
+    Hacl_Hash_SHA1_reset(state);
 
     // 1/2 Include `Hello, ` into the hash calculation and
     // obtain the intermediate hash of "Hello, ".
-    Hacl_Streaming_SHA1_legacy_update(state, (uint8_t*)chunk_1, chunk_1_size);
+    Hacl_Hash_SHA1_update(state, (uint8_t*)chunk_1, chunk_1_size);
     // This is optional when no intermediate results are required.
-    Hacl_Streaming_SHA1_legacy_finish(state, digest_1);
+    Hacl_Hash_SHA1_digest(state, digest_1);
 
     // 2/2 Include `World!` into the hash calculation and
     // obtain the final hash of "Hello, World!".
-    Hacl_Streaming_SHA1_legacy_update(state, (uint8_t*)chunk_2, chunk_2_size);
-    Hacl_Streaming_SHA1_legacy_finish(state, digest_2);
+    Hacl_Hash_SHA1_update(state, (uint8_t*)chunk_2, chunk_2_size);
+    Hacl_Hash_SHA1_digest(state, digest_2);
 
     // Cleanup
-    Hacl_Streaming_SHA1_legacy_free(state);
+    Hacl_Hash_SHA1_free(state);
 
     print_hex_ln(HACL_HASH_SHA1_DIGEST_LENGTH, digest_1);
     print_hex_ln(HACL_HASH_SHA1_DIGEST_LENGTH, digest_2);
@@ -154,17 +154,17 @@ TEST_P(Sha1, KAT)
   bytes digest(test.md.size());
 
   // Init
-  Hacl_Streaming_SHA1_state* state = Hacl_Streaming_SHA1_legacy_create_in();
-  Hacl_Streaming_SHA1_legacy_init(state);
+  Hacl_Hash_SHA1_state_t* state = Hacl_Hash_SHA1_malloc();
+  Hacl_Hash_SHA1_reset(state);
 
   // Update
   for (auto chunk : split_by_index_list(test.msg, lengths)) {
-    Hacl_Streaming_SHA1_legacy_update(state, chunk.data(), chunk.size());
+    Hacl_Hash_SHA1_update(state, chunk.data(), chunk.size());
   }
 
   // Finish
-  Hacl_Streaming_SHA1_legacy_finish(state, digest.data());
-  Hacl_Streaming_SHA1_legacy_free(state);
+  Hacl_Hash_SHA1_digest(state, digest.data());
+  Hacl_Hash_SHA1_free(state);
 
   EXPECT_EQ(test.md, digest) << bytes_to_hex(test.md) << endl
                              << bytes_to_hex(digest) << endl;
@@ -198,15 +198,15 @@ TEST_P(EverCryptSuiteTestCase, HashTest)
     bytes got_digest(
       Hacl_Hash_Definitions_hash_len(Spec_Hash_Definitions_SHA1));
 
-    EverCrypt_Hash_Incremental_hash_state* state =
-      EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA1);
-    EverCrypt_Hash_Incremental_init(state);
+    EverCrypt_Hash_Incremental_state_t* state =
+      EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA1);
+    EverCrypt_Hash_Incremental_reset(state);
 
     for (auto chunk : split_by_index_list(test.msg, lengths)) {
       EverCrypt_Hash_Incremental_update(state, chunk.data(), chunk.size());
     }
 
-    EverCrypt_Hash_Incremental_finish(state, got_digest.data());
+    EverCrypt_Hash_Incremental_digest(state, got_digest.data());
     EverCrypt_Hash_Incremental_free(state);
 
     ASSERT_EQ(test.md, got_digest);
diff --git a/tests/sha2.cc b/tests/sha2.cc
index 12cdbd21..9ccce2e6 100644
--- a/tests/sha2.cc
+++ b/tests/sha2.cc
@@ -80,7 +80,7 @@ TEST(ApiSuite, ApiTest)
 
     uint8_t digest[HACL_HASH_SHA2_256_DIGEST_LENGTH];
 
-    Hacl_Streaming_SHA2_hash_256((uint8_t*)message, message_size, digest);
+    Hacl_Hash_SHA2_hash_256(digest, (uint8_t*)message, message_size);
     // END OneShot
 
     bytes expected_digest = from_hex(
@@ -98,7 +98,7 @@ TEST(ApiSuite, ApiTest)
     // ANCHOR(example streaming)
     // This example shows how to hash the byte sequence "Hello, World!" in two
     // chunks. As a bonus, it also shows how to obtain intermediate results by
-    // calling `finish` more than once.
+    // calling `digest` more than once.
 
     const char* chunk_1 = "Hello, ";
     const char* chunk_2 = "World!";
@@ -109,23 +109,22 @@ TEST(ApiSuite, ApiTest)
     uint8_t digest_2[HACL_HASH_SHA2_256_DIGEST_LENGTH];
 
     // Init
-    Hacl_Streaming_SHA2_state_sha2_256* state =
-      Hacl_Streaming_SHA2_create_in_256();
-    Hacl_Streaming_SHA2_init_256(state);
+    Hacl_Hash_SHA2_state_t_256* state =
+      Hacl_Hash_SHA2_malloc_256();
 
     // 1/2 Include `Hello, ` into the hash calculation and
     // obtain the intermediate hash of "Hello, ".
-    Hacl_Streaming_SHA2_update_256(state, (uint8_t*)chunk_1, chunk_1_size);
+    Hacl_Hash_SHA2_update_256(state, (uint8_t*)chunk_1, chunk_1_size);
     // This is optional when no intermediate results are required.
-    Hacl_Streaming_SHA2_finish_256(state, digest_1);
+    Hacl_Hash_SHA2_digest_256(state, digest_1);
 
     // 2/2 Include `World!` into the hash calculation and
     // obtain the final hash of "Hello, World!".
-    Hacl_Streaming_SHA2_update_256(state, (uint8_t*)chunk_2, chunk_2_size);
-    Hacl_Streaming_SHA2_finish_256(state, digest_2);
+    Hacl_Hash_SHA2_update_256(state, (uint8_t*)chunk_2, chunk_2_size);
+    Hacl_Hash_SHA2_digest_256(state, digest_2);
 
     // Cleanup
-    Hacl_Streaming_SHA2_free_256(state);
+    Hacl_Hash_SHA2_free_256(state);
 
     print_hex_ln(HACL_HASH_SHA2_256_DIGEST_LENGTH, digest_1);
     print_hex_ln(HACL_HASH_SHA2_256_DIGEST_LENGTH, digest_2);
@@ -158,13 +157,13 @@ TEST_P(Sha2KAT, TryKAT)
 
   bytes digest(test.md.size(), 0);
   if (test.md.size() == 224 / 8) {
-    Hacl_Streaming_SHA2_hash_224(test.msg.data(), test.msg.size(), digest.data());
+    Hacl_Hash_SHA2_hash_224(digest.data(), test.msg.data(), test.msg.size());
   } else if (test.md.size() == 256 / 8) {
-    Hacl_Streaming_SHA2_hash_256(test.msg.data(), test.msg.size(), digest.data());
+    Hacl_Hash_SHA2_hash_256(digest.data(), test.msg.data(), test.msg.size());
   } else if (test.md.size() == 384 / 8) {
-    Hacl_Streaming_SHA2_hash_384(test.msg.data(), test.msg.size(), digest.data());
+    Hacl_Hash_SHA2_hash_384(digest.data(), test.msg.data(), test.msg.size());
   } else if (test.md.size() == 512 / 8) {
-    Hacl_Streaming_SHA2_hash_512(test.msg.data(), test.msg.size(), digest.data());
+    Hacl_Hash_SHA2_hash_512(digest.data(), test.msg.data(), test.msg.size());
   }
 
   EXPECT_EQ(test.md, digest) << bytes_to_hex(test.md) << endl
@@ -176,60 +175,60 @@ TEST_P(Sha2KAT, TryKAT)
 
     if (test.md.size() == 224 / 8) {
       // Init
-      Hacl_Streaming_SHA2_state_sha2_224* state =
-        Hacl_Streaming_SHA2_create_in_224();
-      Hacl_Streaming_SHA2_init_224(state);
+      Hacl_Hash_SHA2_state_t_224* state =
+        Hacl_Hash_SHA2_malloc_224();
+      Hacl_Hash_SHA2_reset_224(state);
 
       // Update
       for (auto chunk : split_by_index_list(test.msg, lengths)) {
-        Hacl_Streaming_SHA2_update_224(state, chunk.data(), chunk.size());
+        Hacl_Hash_SHA2_update_224(state, chunk.data(), chunk.size());
       }
 
       // Finish
-      Hacl_Streaming_SHA2_finish_224(state, digest.data());
-      Hacl_Streaming_SHA2_free_224(state);
+      Hacl_Hash_SHA2_digest_224(state, digest.data());
+      Hacl_Hash_SHA2_free_224(state);
     } else if (test.md.size() == 256 / 8) {
       // Init
-      Hacl_Streaming_SHA2_state_sha2_224* state =
-        Hacl_Streaming_SHA2_create_in_256();
-      Hacl_Streaming_SHA2_init_256(state);
+      Hacl_Hash_SHA2_state_t_224* state =
+        Hacl_Hash_SHA2_malloc_256();
+      Hacl_Hash_SHA2_reset_256(state);
 
       // Update
       for (auto chunk : split_by_index_list(test.msg, lengths)) {
-        Hacl_Streaming_SHA2_update_256(state, chunk.data(), chunk.size());
+        Hacl_Hash_SHA2_update_256(state, chunk.data(), chunk.size());
       }
 
       // Finish
-      Hacl_Streaming_SHA2_finish_256(state, digest.data());
-      Hacl_Streaming_SHA2_free_256(state);
+      Hacl_Hash_SHA2_digest_256(state, digest.data());
+      Hacl_Hash_SHA2_free_256(state);
     } else if (test.md.size() == 384 / 8) {
       // Init
-      Hacl_Streaming_SHA2_state_sha2_384* state =
-        Hacl_Streaming_SHA2_create_in_384();
-      Hacl_Streaming_SHA2_init_384(state);
+      Hacl_Hash_SHA2_state_t_384* state =
+        Hacl_Hash_SHA2_malloc_384();
+      Hacl_Hash_SHA2_reset_384(state);
 
       // Update
       for (auto chunk : split_by_index_list(test.msg, lengths)) {
-        Hacl_Streaming_SHA2_update_384(state, chunk.data(), chunk.size());
+        Hacl_Hash_SHA2_update_384(state, chunk.data(), chunk.size());
       }
 
       // Finish
-      Hacl_Streaming_SHA2_finish_384(state, digest.data());
-      Hacl_Streaming_SHA2_free_384(state);
+      Hacl_Hash_SHA2_digest_384(state, digest.data());
+      Hacl_Hash_SHA2_free_384(state);
     } else if (test.md.size() == 512 / 8) {
       // Init
-      Hacl_Streaming_SHA2_state_sha2_512* state =
-        Hacl_Streaming_SHA2_create_in_512();
-      Hacl_Streaming_SHA2_init_512(state);
+      Hacl_Hash_SHA2_state_t_512* state =
+        Hacl_Hash_SHA2_malloc_512();
+      Hacl_Hash_SHA2_reset_512(state);
 
       // Update
       for (auto chunk : split_by_index_list(test.msg, lengths)) {
-        Hacl_Streaming_SHA2_update_512(state, chunk.data(), chunk.size());
+        Hacl_Hash_SHA2_update_512(state, chunk.data(), chunk.size());
       }
 
       // Finish
-      Hacl_Streaming_SHA2_finish_512(state, digest.data());
-      Hacl_Streaming_SHA2_free_512(state);
+      Hacl_Hash_SHA2_digest_512(state, digest.data());
+      Hacl_Hash_SHA2_free_512(state);
     }
 
     EXPECT_EQ(test.md, digest) << bytes_to_hex(test.md) << endl
@@ -284,30 +283,30 @@ TEST_P(EverCryptSuiteTestCase, HashTest)
   {
     bytes got_digest(test.md.size(), 0);
 
-    EverCrypt_Hash_Incremental_hash_state* state;
+    EverCrypt_Hash_Incremental_state_t* state;
     if (test.md.size() == 224 / 8) {
       state =
-        EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA2_224);
+        EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA2_224);
     } else if (test.md.size() == 256 / 8) {
       state =
-        EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA2_256);
+        EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA2_256);
     } else if (test.md.size() == 384 / 8) {
       state =
-        EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA2_384);
+        EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA2_384);
     } else if (test.md.size() == 512 / 8) {
       state =
-        EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA2_512);
+        EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA2_512);
     } else {
       FAIL();
     }
 
-    EverCrypt_Hash_Incremental_init(state);
+    EverCrypt_Hash_Incremental_reset(state);
 
     for (auto chunk : split_by_index_list(test.msg, lengths)) {
       EverCrypt_Hash_Incremental_update(state, chunk.data(), chunk.size());
     }
 
-    EverCrypt_Hash_Incremental_finish(state, got_digest.data());
+    EverCrypt_Hash_Incremental_digest(state, got_digest.data());
     EverCrypt_Hash_Incremental_free(state);
 
     EXPECT_EQ(test.md, got_digest);
diff --git a/tests/sha3.cc b/tests/sha3.cc
index cc481970..7f9aeabe 100644
--- a/tests/sha3.cc
+++ b/tests/sha3.cc
@@ -65,7 +65,7 @@ TEST(ApiSuite, ApiTest)
 
     uint8_t digest[HACL_HASH_SHA3_256_DIGEST_LENGTH];
 
-    Hacl_SHA3_sha3_256(message_size, (uint8_t*)message, digest);
+    Hacl_Hash_SHA3_sha3_256(digest, (uint8_t*)message, message_size);
     // END OneShot
 
     bytes expected_digest = from_hex(
@@ -83,7 +83,7 @@ TEST(ApiSuite, ApiTest)
     // ANCHOR(streaming)
     // This example shows how to hash the byte sequence "Hello, World!" in two
     // chunks. As a bonus, it also shows how to obtain intermediate results by
-    // calling `finish` more than once.
+    // calling `digest` more than once.
 
     const char* chunk_1 = "Hello, ";
     const char* chunk_2 = "World!";
@@ -94,29 +94,28 @@ TEST(ApiSuite, ApiTest)
     uint8_t digest_2[HACL_HASH_SHA3_256_DIGEST_LENGTH];
 
     // Init
-    Hacl_Streaming_Keccak_state* state =
-      Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_SHA3_256);
-    Hacl_Streaming_Keccak_reset(state);
+    Hacl_Hash_SHA3_state_t* state =
+      Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_SHA3_256);
 
     // 1/2 Include `Hello, ` into the hash calculation and
     // obtain the intermediate hash of "Hello, ".
     uint32_t update_res =
-      Hacl_Streaming_Keccak_update(state, (uint8_t*)chunk_1, chunk_1_size);
+      Hacl_Hash_SHA3_update(state, (uint8_t*)chunk_1, chunk_1_size);
     ASSERT_EQ(0, update_res);
     // This is optional when no intermediate results are required.
-    auto finish_res = Hacl_Streaming_Keccak_finish(state, digest_1);
+    auto finish_res = Hacl_Hash_SHA3_digest(state, digest_1);
     ASSERT_EQ(Hacl_Streaming_Types_Success, finish_res);
 
     // 2/2 Include `World!` into the hash calculation and
     // obtain the final hash of "Hello, World!".
     uint32_t update_res_2 =
-      Hacl_Streaming_Keccak_update(state, (uint8_t*)chunk_2, chunk_2_size);
+      Hacl_Hash_SHA3_update(state, (uint8_t*)chunk_2, chunk_2_size);
     ASSERT_EQ(0, update_res_2);
-    auto finish_res_2 = Hacl_Streaming_Keccak_finish(state, digest_2);
+    auto finish_res_2 = Hacl_Hash_SHA3_digest(state, digest_2);
     ASSERT_EQ(Hacl_Streaming_Types_Success, finish_res_2);
 
     // Cleanup
-    Hacl_Streaming_Keccak_free(state);
+    Hacl_Hash_SHA3_free(state);
 
     print_hex_ln(HACL_HASH_SHA3_256_DIGEST_LENGTH, digest_1);
     print_hex_ln(HACL_HASH_SHA3_256_DIGEST_LENGTH, digest_2);
@@ -150,7 +149,7 @@ TEST(ApiSuite, ApiTest)
     uint32_t digest_size = 42;
     uint8_t digest[42];
 
-    Hacl_SHA3_shake128_hacl(
+    Hacl_Hash_SHA3_shake128_hacl(
       message_size, (uint8_t*)message, digest_size, digest);
     // ANCHOR_END(example shake128)
 
@@ -173,17 +172,17 @@ TEST_P(Sha3KAT, TryKAT)
   {
     bytes digest(test_case.md.size(), 0);
     if (test_case.md.size() == 224 / 8) {
-      Hacl_SHA3_sha3_224(
-        test_case.msg.size(), test_case.msg.data(), digest.data());
+      Hacl_Hash_SHA3_sha3_224(
+        digest.data(), test_case.msg.data(), test_case.msg.size());
     } else if (test_case.md.size() == 256 / 8) {
-      Hacl_SHA3_sha3_256(
-        test_case.msg.size(), test_case.msg.data(), digest.data());
+      Hacl_Hash_SHA3_sha3_256(
+        digest.data(), test_case.msg.data(), test_case.msg.size());
     } else if (test_case.md.size() == 384 / 8) {
-      Hacl_SHA3_sha3_384(
-        test_case.msg.size(), test_case.msg.data(), digest.data());
+      Hacl_Hash_SHA3_sha3_384(
+        digest.data(), test_case.msg.data(), test_case.msg.size());
     } else if (test_case.md.size() == 512 / 8) {
-      Hacl_SHA3_sha3_512(
-        test_case.msg.size(), test_case.msg.data(), digest.data());
+      Hacl_Hash_SHA3_sha3_512(
+        digest.data(), test_case.msg.data(), test_case.msg.size());
     }
 
     EXPECT_EQ(test_case.md, digest) << bytes_to_hex(test_case.md) << std::endl
@@ -202,20 +201,16 @@ TEST_P(ShakeKAT, TryKAT)
     if (test_case.md.size() == 128 / 8) {
       bytes digest(test_case.md.size(), 128 / 8);
 
-      Hacl_SHA3_shake128_hacl(test_case.msg.size(),
-                              test_case.msg.data(),
-                              digest.size(),
-                              digest.data());
+      Hacl_Hash_SHA3_shake128_hacl(
+        test_case.msg.size(), test_case.msg.data(), digest.size(), digest.data());
 
       EXPECT_EQ(test_case.md, digest) << bytes_to_hex(test_case.md) << std::endl
                                       << bytes_to_hex(digest) << std::endl;
     } else if (test_case.md.size() == 256 / 8) {
       bytes digest(test_case.md.size(), 256 / 8);
 
-      Hacl_SHA3_shake256_hacl(test_case.msg.size(),
-                              test_case.msg.data(),
-                              digest.size(),
-                              digest.data());
+      Hacl_Hash_SHA3_shake256_hacl(
+        test_case.msg.size(), test_case.msg.data(), digest.size(), digest.data());
 
       EXPECT_EQ(test_case.md, digest) << bytes_to_hex(test_case.md) << std::endl
                                       << bytes_to_hex(digest) << std::endl;